The document describes the development of a secure online banking website for UNT Bank. It discusses researching other banking sites, designing information architecture and database schemas, and implementing user registration, login, account viewing, and profile updating functionality using HTML, CSS, PHP, and MySQL. Testing scenarios were developed and run to validate functionality and security. The conclusion states that a secure online banking site was created with HTTPS, password hashing, and SQL injection prevention.
3. Introduction
• Electronic Banking
o provides financial services for clients over the Internet
• UNT Banking website
o perform various functions on their accounts over the web
• HTML/CSS/PHP/MySQL
• HASH+SALT: Password Protection
• PHP Sessions
• SQL Injection
• HTTPS
4. Research
Web Page Hierarchy
• Banking web sites studied:
o Bank of America
o Corporate America
• Information Architecture diagram
Research on Database
• Entity-Relationship diagram
• Relational Schema diagram
8. End user requirements
In order to execute this application on the end user
system, the end user and local host computer must
meet the following requirements:
• Bank Membership
• Web Browser
• Internet Service Provider
• Modem or Network Interface Card
9. System requirements
The application will be installed on a remote web
server and must meet the following requirements:
• UNIX based web server
• PHP support available
• Common Gateway Interface (CGI) support
available
• MySQL support available
10. Web pages
Home students.cse.unt.edu/~ssk0083/untbank/index.cgi
Register students.cse.unt.edu/~ssk0083/untbank/register.cgi
About us students.cse.unt.edu/~ssk0083/untbank/about_us.cgi
Contact us students.cse.unt.edu/~ssk0083/untbank/contact_us.cgi
Accounts students.cse.unt.edu/~ssk0083/untbank/accounts.cgi
UNT Visa students.cse.unt.edu/~ssk0083/untbank/unt_visa.cgi
Loans students.cse.unt.edu/~ssk0083/untbank/loans.cgi
Profile students.cse.unt.edu/~ssk0083/untbank/profile.cgi
13. Testing scenario(cont..)
Input Restrictions
• Alphabetic characters
• converted to lower case
• Bounds and value checking
• MySQL_real_escape_string()
• SQL injection attempts safely escaped
• Preg_replace():
• Find and replace
• Used on the numeric values
14. Experimental observation
Log In page
• Member number
• Password
Registration
• Member number
• Phone number
• ZIP code
• State
• Email address
Log in and Registration
• About us
• Contact us
15. Experimental observation
Accounts
• Checking and Savings
• View statements
• UNT Visa and Loans
• View statements
• Pay bills
• View statements
• Date
• Pay bill
• Amount
• Account type
• Sign out
• Enter member number and password again
16. Experimental observation
UNT Visa and Loans
• Balance
• Payment due
• Due date
• Interest rate
• View statements
• Date
• Pay bill
• Amount
• Account
17. Experimental observation
Profile
• Updatable
• All the fields must be entered correctly
• Email addresses verification
• Fields cannot be left empty
• Error messages
• Profile updated message
