Pillai's HOC College of Engineering & Technology, Rasayani Department of Computer Engineering
E-Commerce -: Lab Manual:-
Prepared by
HOD
(Subject–InCharge)
Computer Engg.
Subject : E-commerce
Class/Sem:
BE/VII
E-COMMERCE LAB MANUAL
LIST OF EXPERIMENTS 1. Case study of E-commerce 2. Homepage design of website 3. Validation using PHP 4. Catalog design 5. Access control 6. Session management 7. To study Handoop clusters on Ubuntu
8. Search Engine 9. Shopping Cart
10. Case study on business models of PayPal.com
DEPARTMENT OF COMPUTER ENGINEERING
4
E-COMMERCE LAB MANUAL
Subject-In charge
DEPARTMENT OF COMPUTER ENGINEERING
H.O.D.Computer Engineering
5
E-COMMERCE LAB MANUAL
EXPERIMENT NO. 1 Aim: Case study of E-commerce Theory: The purpose of small business Web site is to sell a product or service, E-marketing can lead to E-commerce. E-Commerce is the act of doing business electronically over the Internet. No matter the size, age or type of your business, E-commerce offers benefits that cannot be attained with a brick and mortar store. Benefits of E-commerce: 1) Potentially unlimited customer base 2) Provides the ultimate in convenience 3) Allows businesses to focus on selling a product or service while easily developing effective business relationships 4) Empowers consumers by letting them handle their own transactions. Types of E-Commerce Some of the most common forms of E-Commerce have been around for years. They include facsimiles (faxes), telephone banking, EFTPOS and video or telephone conferencing. Other major forms of E-Commerce include: Email Electronic Data Interchange (EDI) Smart cards Online directories and catalogues Electronic faxing Wireless technology, e.g. Wireless Application Protocol (WAP) Web portals Online marketplaces and exchanges DEPARTMENT OF COMPUTER ENGINEERING
6
E-COMMERCE LAB MANUAL
Conclusion: Thus we have studied E-commerce successfully.
EXPERIMENT NO. 2 Aim: Homepage design of a website Theory: Your home page needs to answer some very important questions, the most important being what is the purpose of your site. If you fail to answer this question expect very few repeat visits and very few visits that last beyond a few seconds. Consider who your visitors are and why they‘ve visited your site. Help them achieve their goals as quickly as possible and give them reasons to come back again. Stay out of their way on repeat visits and let them know what‘s changed since their last visit and what they have to look forward to in future visits. Home pages do not have to be hard to design or to choose what content should be on the page. Home pages are different (pdf) from the other pages on your site, though. You‘ll find it easier to first design your interior pages, starting from the most specific content and working back to the more general home page and using the home page to direct people to those more detailed pages. Above all understand the goal of your home page is to answer the basic questions a visitor will have when arriving at your site or visiting again.
DEPARTMENT OF COMPUTER ENGINEERING
7
E-COMMERCE LAB MANUAL
Fig-home page of yahoo Conclusion: Thus we have studied Home page design of a website successfully.
DEPARTMENT OF COMPUTER ENGINEERING
8
E-COMMERCE LAB MANUAL
EXPERIMENT NO. 3 Aim: To implement form Validation technique using PHP. Theory: It is very essential to have the input to your form validated before taking the form submission data for further processing. When there are many fields in the form, the PHP validation script becomes too complex. Moreover, since you are doing the same or similar validation for most of the forms that you make, just too much of duplicate effort is spent on form validations.
Using the PHP form validation script 1. Include formvalidator.php in your form processing script require_once "formvalidator.php" 2. Create a FormValidator object and add the form validation descriptors. $validator = new FormValidator(); $validator->addValidation("Name","req","Please fill in Name");
$validator->addValidation("Email","email", "The input for Email should be a valid email value");
$validator->addValidation("Email","req","Please fill in Email"); The first argument is the name of the input field in the form. The second argument is the validation descriptor that tells the type of the validation required. The third argument is the error message to be displayed if the validation fails.
DEPARTMENT OF COMPUTER ENGINEERING
9
E-COMMERCE LAB MANUAL
3. Validate the form by calling ValidateForm() function if(!$validator->ValidateForm()) {
echo
"
Validation Errors:";
$error_hash
= $validator->GetErrors();
foreach($error_hash
as $inpname => $inp_err)
{
echo
"
$inpname : $inp_err
\n";
}
}
Adding Custom Validation If you want to add a custom validation, which is not provided by the validation descriptors, you can do so. Here are the steps: 1. Create a class for the custom validation and override the DoValidate() function class MyValidator extends CustomValidator {
function
DoValidate(&$formars,&$error_hash)
{
DEPARTMENT OF COMPUTER ENGINEERING
10
E-COMMERCE LAB MANUAL
if(stristr($formars['Comments'],'http://')) {
$error_hash['Comments']="No URLs allowed in comments"; return
false;
} return
true;
} }
2. Add the custom validation object $validator = new FormValidator(); $validator->addValidation("Name","req","Please fill in Name");
$validator->addValidation("Email","email", "The input for Email should be a valid email value");
$validator->addValidation("Email","req","Please fill in Email"); $custom_validator
= new MyValidator();
$validator->AddCustomValidator($custom_validator); The custom validation function will be called automatically after other validations.
DEPARTMENT OF COMPUTER ENGINEERING
11
E-COMMERCE LAB MANUAL
Conclusion: Thus we have studied Validation using PHP successfully..
EXPERIMENT NO. 4 Aim: To implement Catalog design Theory: Nothing works better than a product catalog when you are wanting to expand your customer base. A catalog has the potential to reach those customers who will never set foot in your store. The only drawback is that designing a product catalog can be overwhelming, but a checklist of tasks to complete will make the design process much easier. Here are 5 steps that will help you transform your catalog from an idea to a tangible advertising tool.
DEPARTMENT OF COMPUTER ENGINEERING
12
E-COMMERCE LAB MANUAL
Fig-catalog for mobile phone Conclusion: Thus we have studied catalog design successfully.
EXPERIMENT NO. 5 Aim: To implement Access control mechanism Theory: Access control is more than simply requiring usernames and passwords DEPARTMENT OF COMPUTER ENGINEERING
13
E-COMMERCE LAB MANUAL
when users want to access resources. It can be much more. There are multiple methods, techniques, technologies, and models that can be implemented, there are different ways to administer controls, and there are a variety of attacks that are launched against many of these access control mechanisms.
Identification and Authentication Access controls exist to keep the bad guys out and to keep the good guys honest. Companies need to ensure that unauthorized access is not allowed and that authorized users‘ cannot make improper modifications. The controls exist in a variety of forms, from passwords and ID badges to remote access authentication protocols and security guards. The tricky part is that they must be incorporated in a layered approach and that each layer needs to be understood, along with its relationship to the other layers, to ensure that vulnerabilities are not overlooked or introduced and that different controls do not step on each other‘s toes.
Three Steps to Access Control
There are three important components of access control: identification, authentication, and authorization.
Identification is the activity of the subject supplying information to identify itself to an authentication service. Some examples of identification mechanisms are username, account number, and memory card.
Authentication is the second part of a credential set to verify the identity of the subject. These mechanisms could be passphrases, passwords, cryptographic keys, PIN numbers, or tokens. You may tell me your name, but I have no proof that you are who you say you are until you demonstrate the secret handshake. Only then will I be convinced of your identity. DEPARTMENT OF COMPUTER ENGINEERING
14
E-COMMERCE LAB MANUAL
Authorization is the process of determining what this identified subject can actually access and what operations it can carry out. Authorization is based on some type of predefined criteria, which is enforced through access control lists, security labels, capabilities tables, or user profiles. These three components of access control usually work together in a synergetic relationship and can be found in applications, operating systems, firewalls, routers, databases, domain controllers, and more.
Authentication
Identification is usually providing a public piece of information (username, account number) and authentication is providing a private piece of information (PIN number, passphrase, digital signature). Three important characteristics of the mechanisms that can be used for authentication are as follows • Subject must prove something he knows Example = password • Subject must prove something he has Example = smart card • Subject must prove something he is Example = fingerprint If one mechanism providing one of these characteristics is used, it is referred to as onefactor if two mechanisms are being used, it is two-factor; and you guessed it, an authentication process that requires all three is referred to as three-factor. For the authentication process to be considered strong authentication, it must be at least two-factor. User identification values should be unique to ensure accountability of individual activity. They should be non descriptive of job functions to make them not as easily guessed and so that attackers will not know what type of account the credentials are tied to. There should also be secure and documented processes DEPARTMENT OF COMPUTER ENGINEERING
15
E-COMMERCE LAB MANUAL
for issuing identification and authentication values and mechanisms to ensure standardization.
Passwords A password is a string of characters that should be different for each user and highly protected. It is something that a subject knows and is the most widely used authentication method in place today. The problem is that it is the most insecure mechanism when compared to other authentication technologies, because users and administrators do not usually practice the necessary disciplines required to provide a higher level of protection. Also, specialized utilities have been developed to uncover passwords and compromise this type of authentication method.
Conclusion: Thus we have studied Access control mechanism successfully.
DEPARTMENT OF COMPUTER ENGINEERING
16
E-COMMERCE LAB MANUAL
EXPERIMENT NO. 6 Aim: To implement Session management. Theory: PHP Session Management: With the release of PHP4, session management was introduced as an extension to the PHP language. PHP provides several session-related functions, and developing applications that use PHP sessions is straightforward. The three important features of session management are mostly taken care of by the PHP scripting engine. In this section, we present how to use PHP sessions, showing how sessions are started and ended and how session variables are used. We list the PHP functions for building session-based web applications. Because not all browsers support cookies, and some users actively disable them, we describe how to use PHP sessions without relying on cookies. Finally, we show how to configure PHP session management with a discussion on the garbage collection used to remove old sessions and other configuration parameters. Overview: An overview of PHP session management is shown in Figure 6-1. When a user first enters the session-based application by making a request to a page that starts a session, PHP generates a session ID and creates a file that stores the session-related variables. PHP sets a cookie to hold the session ID in the response the script generates. The browser then records the cookie and includes it in subsequent requests. In the example shown in Figure 8-1, the script welcome.php records session variables in the session store, and a request to next.php then has access to those variables because of the session ID. The out-of-the-box configuration of PHP session management uses disk-based files to store session variables. Using files as the session store is adequate for most applications in which the numbers of concurrent sessions are limited.
DEPARTMENT OF COMPUTER ENGINEERING
17
E-COMMERCE LAB MANUAL
Fig-. The interaction between the browser and the server when initial requests are made to a session-based application
Starting a Session : PHP provides a session_start( ) function that creates a new session and subsequently identifies and establishes an existing one. Either way, a call to the session_start( ) function initializes a session. The first time a PHP script calls session_start( ), a session identifier is generated, and, by default, a Set-Cookie header field is included in the response. The response sets up a session cookie in the browser with the name PHPSESSID and the value of the session identifier. The PHP session management automatically includes the cookie without the need to call to the setcookie( ) or header( ) functions. The session identifier (ID) is a random string of 32 hexadecimal digits, such as fcc17f071bca9bf7f85ca281094390b4. As with other cookies, the value of the session ID is made available to PHP scripts in the $HTTP_COOKIE_VARS associative array and in the $PHPSESSID variable. When a new session is started, PHP creates a session file. With the default configuration, session files are written in the /tmp directory using the session identifier, prefixed with DEPARTMENT OF COMPUTER ENGINEERING 18
E-COMMERCE LAB MANUAL
sess_, for the filename. The filename associated with our example session ID is /tmp/sess_fcc17f071bca9bf7f85ca281094390b4. If a call is made to session_start( ), and the request contains the PHPSESSID cookie, PHP attempts to find the session file and initialize the associated session variables as discussed in the next section. However, if the identified session file can't be found, session_start( ) creates an empty session file. Using Session Variables: Variables need to be registered with the session_register( ) function that's used in a session. If a session has not been initialized, the session_register( ) function calls session_start( ) to open the session file. Variables can be registered—added to the session file—with the session_register( ) call as follows: // Register the variable named "foo" session_register("foo"); $foo = "bar"; Note that it is the name of the variable that is passed to the session_register( ) function, not the variable itself. Once registered, session variables are made persistent and are available to scripts that initialize the session. PHP tracks the values of session variables and saves their values to the session file: there is no need to explicitly save a session variable before a script ends. In the previous example, the variable $foo is automatically saved in the session store with its value bar. Variables can be removed from a session with the session_unregister( ) function call; again, the name of the variable is passed as the argument, not the variable itself. A variable that is unregistered is no longer available to other scripts that initialize the session. However, the variable is still available to the rest of the script immediately after the session_unregister( ) function call. Scripts that initialize a session have access to the session variables through the associative array $HTTP_SESSION_VARS, and PHP automatically initializes the named session variables if register_globals is enabled. Ending a Session:
DEPARTMENT OF COMPUTER ENGINEERING
19
E-COMMERCE LAB MANUAL
At some point in an application, sessions may need to be destroyed. For example, when a user logs out of an application, a call to the session_destroy( ) function can be made. A call to session_destroy( ) removes the session file from the system but doesn't remove the PHPSESSID cookie from the browser.
Conclusion: Thus we have studied Access control mechanism successfully.
EXPERIMENT NO. 7 Aim: To study Handoop clusters on Ubuntu
Theory:
Hadoop is an open-source project administered by the Apache Software Foundation. Apache Hadoop is a Java software framework that supports data-intensive distributed applications under a free license. It enables applications to work with thousands of nodes and petabytes of data. Hadoop was inspired by Google‘s MapReduce and Google File System (GFS) papers. Technically, Hadoop consists of two key services: reliable data storage using the Hadoop Distributed File System (HDFS) and high-performance parallel data processing using a technique called MapReduce. Dealing with big data requires two things:
Inexpensive, reliable storage; and New tools for analyzing unstructured and structured data.
DEPARTMENT OF COMPUTER ENGINEERING
20
E-COMMERCE LAB MANUAL
Hadoop creates clusters of machines and coordinates work among them. Clusters can be built with inexpensive computers.If one fails, Hadoop continues to operate the cluster without losing data or interrupting work, by shifting work to the remaining machines in the cluster. HDFS manages storage on the cluster by breaking incoming files into pieces, called ―blocks,‖ and storing each of the blocks redundantly across the pool of servers. The main services running in a hadoop cluster will be 1)namenode 2)jobtracker 3)secondarynamenode These three will be running only on a single node(machine) ; that machine is the central machine which controls the cluster. 4)datanode 5)tasktracker These two services will be running on all other nodes in the cluster. HDFS has a master/slave architecture. An HDFS cluster consists of a single NameNode, a master server that manages the file system namespace and regulates access to files by clients. In addition, there are a number of DataNodes, usually one per node in the cluster, which manage storage attached to the nodes that they run on. Above the file systems comes the MapReduce engine, which consists of one Job Tracker, to which client applications submit MapReduce jobs. The Job Tracker pushes work out to available Task Tracker nodes in the cluster, striving to keep the work as close to the data as possible. The only purpose of the secondary name-node is to perform periodic checkpoints. The secondary name-node periodically downloads current name-node image and edits log files, joins them into new image and uploads the new image back to the (primary and the only) name-node.
DEPARTMENT OF COMPUTER ENGINEERING
21
E-COMMERCE LAB MANUAL
Conclusion: Thus we have studied Access control mechanism successfully.
EXPERIMENT NO. 8 Aim: Case study on business models of PayPal.com Theory: An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. Also known as financial electronic data interchange (FEDI), ecommerce payment systems have become increasingly popular due to the widespread DEPARTMENT OF COMPUTER ENGINEERING
22
E-COMMERCE LAB MANUAL
use of the internet based shopping and banking.
A payment gateway is an e-commerce application service provider service that authorizes payments fore-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical point of sale terminal located in most retail outlets. Payment gateway protects credit cards details encrypting sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant and also between merchant and payment processor. A payment gateway facilitates the transfer of information between payment portals. (such as a website, mobile phone). Payment Service Providers Businesses have been able to gain on-line card clearance or integrated merchant services from ‗payment service provider‘ businesses such as Cybercash, Datacash and Worldpay that act as retailers of merchant services.
PayPal
DEPARTMENT OF COMPUTER ENGINEERING
23
E-COMMERCE LAB MANUAL
PayPal is how individuals and businesses send and receive money online. The mission is to ‗create the new global standard for online payments‘. PayPal is an American-based global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. PayPal is an e-commerce business allowing payments and money transfers to be made through the Internet. PayPal serves as an electronic alternative to traditional paper methods such as checks and money orders. Located in San Jose, California, PayPal was founded in 1998 and was acquired by eBay in 2002. Currently PayPal operates in 190 markets, and it manages over 175 million accounts (70 million active accounts). PayPal allows customers to send, receive, and hold funds in 24 currencies worldwide. PayPal operates locally in 13 countries. Residents in 190 markets can use PayPal in their local markets to send money online
Conclusion: Thus we have studied business models of PayPal.com successfully.
DEPARTMENT OF COMPUTER ENGINEERING
24
E-COMMERCE LAB MANUAL
DEPARTMENT OF COMPUTER ENGINEERING
25