Upload
khangminh22
View
1
Download
0
Embed Size (px)
Citation preview
Chapter 8Conclusion & Further work8.1 Introduction
E-Commerce can be defined as one of the rapidly development mechanisms in world. There are various kinds of electronic payment systems available for customers. However,
there are some issues which should be circumvented or avoid in the existing electronicpayment system methods.
In this project first it examined the currently available e-payment authentication systems
models and identify the security threads and problems associated with them. This
objective was achieved through the prevoius research background analysis. The next
objective is to introduce a secured e-payment authentication system to minimize the
existing security threads towards to electronic commerce transitions. The introduced
solution is name as Safer Pay. The payments are authenticating by secure token that
generated through secure token generating application. This solution can provide more
security because securer code is generated in combination of the two ends. Also it equip
with other additional security enhancements. The final step is to find out up to which
level proposed system can address the current security threads for e-payment systems.acceptance testing mainly used for achieved thisThe project evaluation and the
objective. The results showed that this system can provide good security against the manuser
in the middle attacks and the phishing attacks. Also most of the users believed this system
can provide good security against the security threads towards on line electronic payment
transfer compare to existing electronic payment systems.
44
8.2 Importance of Research
Because of ,be security problems in the existing elect™* p.ymen,
customers are reluctant to use electronic commerce. Therefore it is directly impact with
the sales of the e-commerce portal.
systems some of the
In this research project there is an
payment authentication model for E-comme
to increase the security level of the
attempt to fill the research gap and find
portals. As a result this model will helpsa secure e-
rce
e-commerce portals and increase the customer confidence about the security of their payments. Finally due to the proposed
portals can enhance the customer satisfaction by providing quality secure paymente-commerce
method to their customers and it helps to save resources in industry and their customers.
8.3 Limitations of the Research
The main limitation to this research is working with security which is not an easy task
because, security is a wide area and it requires very good understanding about different
related to the security. In that case expert knowledge in these areas may require.
Also it is really difficult to find a model for assurance of hundred present security for
electronic payment systems but the proposed model will be able to minimize the security
threats comparing to issues of the existing electronic payment models. Also it requires
some time to carefully analyze things. This research project is scheduled to be completed
in less than one year, the time constraints also will be another limitation.
areas
45
8.4 Research Further Works
• The secure generating application can be developed for different platform such as Android, Apple IOS and Windows mobile
. The system can be develop for directly communicate with
of the registered banks without any user involvement.
Currently the system designed to validate electronic payment in e-commerce
portals. This design can develop to validate any kind of electronic payment such
as electronic payments in POS or any other electronic fund transferring activities.
• It is essential to implement reverse engineering prevention methods for secured
token application.
core banking systems
46
Reference
[1 ]E- Turban, J. Lee, D. King and H.M Perspective, Prentice Hall, 1999.
[2] H. Bidgoli, Electronic commerce. San Diego: Academic Press
£3]M. Niranjanamurthy and D. Chahar, 'The study of E-Commerce Security Issues and
Solutions, International Journal of Advanced Research in Computer and Communication Engineering, vol. 2, no. 7, 2013.
Chung, Electronic Commerce: A Managerial
,2002
[4] Paypal.com, 'PayPal Security Key', 2015. [Online]. Available:https .//www .paypal.com/us/cgibin? cmd=xpt/Marketing_CommandDriven/securitycenter/ PayPalSecurityKey-outside&bn_r=o. [Accessed: 05- Feb- 2015].
[5] Gary Scjmedider. “Introduction to Electronic Commerce” in electronic commerce, 9th edition., Thomson, 2007, pp. 1-50.
[6]Rana Tassabehji,Understanding e-commerce for Business,vol. 1,2009
[7] Marketing Charts, '875MM Consumers Have Shopped Online #8211; Up 40% in Two
Years’.consumers-have-shopped-online-up-40-in-two-years-3225/. [Accessed: 05- Feb- 2015].
[8] G. Udo, 'Privacy and security concerns as major barriers for e-commerce: a survey study’, Information Management & Computer Security, vol. 9, no. 4, pp. 165-174, 2001.
2008. [Online]. Available:http://www.marketingcharts.com/online/875mm-
and A. Helme, 'SURVEY OF ELECTRONIC PAYMENT[9]P. Havinga, G. Smit METHODS AND SYSTEMS’, 2013.
ion to Electronic Commerce in electronic commerce, 9th[10]Gary Scjmedider. Introduction edition., Thomson, 2007, pp.1-50.
[11 ]RanaT assabehji, Applying E-Comerce
[ 12]RanaTassabehji .Understanding e-c
in Business, New Delhi, 2003
ommerce for Business,vol.l,2009
47
[13] Emarketer.com, 'Worldwide Ecommerce , T eMarketer', 2015. [Online], Available:Ecommerce-Sales-Increase-N
rease Nearly 20% in 2014 - „ i http://wWw.emarketer.com/Article/Worldwide-early-20-2014/1011039. [Accessed: 03-Nov-2015],
[14] Nielsen, 'E-COMMERCE: EVOLUTION OR REVOLUTION', nielsen, 2014.
[15] Inc.com,7 E-Commerce Trends to Watch in 2015', 2015. [Online], Available:httj) ://www •^C'-^m/rebecca-borison/top-trends-in-econunerce-for-new-year.html.[Accessed: 03- Nov- 2015].
[16] Amasty, 'E- COMMERCE TRENDS FOR 2014', 2015.
[17] LexisNexis, '2014 LexisNexisA® True Cost of FraudSM Study', 2014.
[18] Tesch, D.; Kloppenborg, T.J.; Frolick, M.N.; It Project Risk Factors: The Project ManagementProfessionals Perspective, The Journal of Computer Information Systems; Summer 2007; 47, 4;ABI/INFORM Global, pg. 61.
[19]A. Koponen, 'E-COMMERCE, ELECTRONIC PAYMENTS', Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory, 2015.
[20]G. Schneider, E-Commerce: Strategy, Technology, and Implementation, 9th ed. 2012.
[21]0. Sorokina, 'Everything You Need To Know About Social Payments, Hootsuite, 2015.
[22] G. Udo, 'Privacy and security concerns as major barriers for e-commerce: study', Information Management & Computer Security, vol. 9, no. 4, pp. 165-174,2001.
Cost of FraudSM Study', 2014.
user-centered perspective and
a survey
[23] LexisNexis, '2014 LexisNexis® True
[24]D. Abrazhevich, Electronic payment systems: interaction design. Eindhoven: TechnischeUmvers.te.t Eindhoven, •
, „ . r rrhe study of E-Commerce Security Issues and*--h in C0BP0” "d "“ion
Engineering, vol. 2, no. 7, 2013.
48
[26]P. Havinga, G. Smit and A. METHODS AND SYSTEMS', 2015
Helme, 'SURVEY OF ELECTRONIC PAYMENT
[27]D. Abrazhevich, Electronic payment systems:interaction design. Eindhoven: TechnischeUniv a user-centered perspective and
ersiteit Eindhoven, 2004.
[28]M. Niranjanamurthy and D. Chahar, The study of E-Commerce Security Issues and Solu-tions, International Journal of Advanced Communication Engineer-ing, vol. 2, no. 7, 2013.
Research in Computer and
[29]Aigbe, P., Akpojaro, J., 2014. Analysis of Security Issues in Electronic Payment Systems. Int. J. Comput. Appl. 108.
[30]Kaur, J., 2011. Empirical Study in the Security of Electronic Payment Systems Anit; Goyal.
[31]Schneier, B., 2005. Two-factor authentication: too little, too late. Commun ACM 48,136.
[32] S. J Murdoch and R. Anderson, 'Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication', Computer Laboratory, University of Cambridge, UK.
[33] ComputerWeekly, 'Understanding web technology', 2015. [Online], Available:http://www.computerweekly.com/feature/Understanding-web-technology.tAccessed: 06-
Nov- 2015],
C—2015 [Online].http://weblogs.foxite.com/andykramek/2008/09/29/introduction-to-client-server-
architecture/. [Accessed: 06- Nov- 2015].
of HTML | From the HTML 1.0 spec to XHTML 1.0..',ilable:http://www.yourhtmlsource.com/starthere/[35] R. Shannon,'The History
Yourhtmlsource.com,2015 .[Online] .Avai historyoflitml.html. [Accessed: 10-Nov 2
Css Meuse - CSS Information’, 2015. [Online]. [36] Cssneuse.net, 'The History o . f_css.php. [Accessed: 10-Nov- 2015].Available: http://www.cssneuse.net/ - ^
[37] W3techs.com, 'Usage Statistics and Market w f cUnguages for Websites, November 2015 2o]5 T'r , TT^8http://w3techs.com/technologies/overview/nrnm- ■ ’ °nm^' Available:Nov-2015]. ^ grammmgjanguage/all. [Accessed: 09-
[38] Php.net, 'PHP: What is PHP? -... t/ ,, Manual', 2015. [Online],http://php.net/manual/en/mtro-whatis.php. [Accessed: 09- Nov- 2015],
Available:
[39] Scholar.hb.vt.edu, ’A brief history of PHP’, 2015. [Online]. Available: http://scholar.lib.vt.edU/manuals/php3.0.6/intro-history.html. [Accessed: 09- Nov- 2015].
[40] Msdn.microsoft.com, ’.NET Framework Versions and Dependencies’, 2015. [Online]. Available: https://msdn.microsoft.com/en-us/library/bb822049(v=vs.l 10).aspx. [Accessed: 09- Nov- 2015].
[41] H. MySQL, 'Database Friends: History of MySQL', Databasefriends.co, 2014. [Online]. Available: http://www.databasefriends.co/2014/02/history-of-mysql.html. [Accessed: 10-Nov- 2015].
[42] S. Tahaghoghi and H. Williams, Learning MySQL. Sebastopol, Calif.: O'Reilly, 2007.
[43] Digicert.com, 'What Is SSL (Secure Sockets Layer)? | DigiCert.com’, 2015. [Online]. Available: https://www.digicert.com/ssl.htm. [Accessed: 12-Nov- 2015].
50
Appendix
Appendix A - The System Diagrants
System Context Diagram
■Request for Register----User
<■ ■Responce- —Respooc*
BankTransaction Requesl
i i
1 * 1 i
i i
Request for Payment Process-M—Response the status
l—-Send status- Payment Processing System
•Account approve requests
Update Master profile data- -----Responce----------------
>
Responce Reports
U Request reportsUser Mangemnet
L SystemAdmin
51
Level 1 Data Flow Diagram
Manageusers
Get Responce Vy
tRegisterPersonalDetails
\_L Request Response
iISend Personal Details User D8
SystemAdminSend Details-
tRequest Response
Request to download the appUser Register Bank
with Service Manage/monitor
transactions
Generate dynamic
secure token generating app
-►
-Token downtoai-1
TransactionUpdate token DetailsDBTransaction Codei
Token DB
Enter payment Details -Update details—*I
Enter Code Received___ Send payment details—►
-i*Process
TransactionInsert
paymentDetails Request for transaction
inter the Code-** Validate one■*
timeGenerate One time
code
—Syvi the Validation statuspassword
Bank'Approve customeraccounts J*#.-----Request
---------- -
User Registration Process - Sequence Diagram
Web browserSystem Database Bank
I I II IClick on Signup link ISend Request I* I
1Diplay the page Load the page<- *-r <— I
Fill Details I I
TP> 1Basic validate
Send Details ISend to Bank details to check
XvalidateI
isend the validity
Dispay ResponceStore the client detailsK— I
Send Responce Responce4<-
Click on Download token appSend the request
iDownload App
f
Kr- r
53
User Process a Transaction - Sequence Diagram
O Web browser Payment System system database Token generator Bank
AU^er
I IRequest for make a payment
Send the request*View the page Response
Enter Payment Details'_________________________________ V*
Send the details
TP> Validate
Ask for transaction PWe-Enter password
Send the Password 'I Ask For user pw*
Send user pw«-
Validate PW
Store Logs
Send One time CodeDispalyEnter One time code Redvedl<-
GenarateCode
Send the New Code1I
Type new CodeSend the Code I Request verification Details
Send verification Details<-
Check the details^4 Send the Responce to bank Perform the transaction
Bank Respooce transaction performed successM or not DnTSend Status Of the Transact!™” II
1ILh iiDisplay the status <---------------
I II1I
54
Appendix ,■> B — System User interftaces
The System Login Interfaces
Enter Details To Login
Enter Your Username:Your Username
Forget password 7
Not register ? click here
Enter Details To Login
Username : sahan
Your Phrase : hi sahan
vcur Passwora
login
55
The Buyer Registration From
Last Name:First Name: Type here r hr'5
Type hereNIC:
Phone:Type hereemail :
Type hereC Male C FemaleGender:Address:
51SelectSelect the Bank:
Type hereAccount Number:
Type hereWord Phrase:Type hereUsername:
Transaction Password:Type hereSystem Password:
Retype Password:Retype the Password:Type here
Submit
56
The User Home Page After Successfully Login
las; access 201643-14 04.2518 Logos
SaferPaylWelcomeWelcome sahan, Love to see you back.
.-.itHomeRecent Transactions
Profile Management
Transaction Status
MangaeBanKs
Token Management
______
Transaction ID Description Merchant Amount Status Date/Time
T20160314001 Payment for Goods Ml 2000 Success 20*6-03-14 06 35 34
Payment Transfer Interface
SaferPay
sahanUsername:
! 500000 XAmount:
Not register ? click here
57
Transaction Authenticate Page
SaferPay
Amount: 500000
Transaction Code: 11458
3502462185Token Code:
Transaction Password
Verify
Secure Code Generating ApplicationSHU: x'
0J SaferPayC'Al
SaferPay
61564Transaction Code
Random Code 18820116915)
Reset
Appendixes C - System Code Listing
User class.php
<?php class user{
var Susemame; var $user_id; var $login_count; var $user_level; var $email; var Sactive; var Swordjphrase; var $last_login_date;
functionuser_check($user)
$sql = sprintf("SELECT * FROM tbl_user WHERE username = '%s"\
$result = mysql_query($sql);if (mysql_num_rows($result) > 0)
while ($row = mysql_fetch_array($result))
$this->usemame = $row[ username ],$this->active = $row['activeJlage ],$this->wordphrase = $row[,wordjphrase];$this->last logins * 1;$this->user_id = $row['user_id ];
{
$user);
{
{
}return 0;
}else{
return 1;}
}59
function login($user,$pass)
Spass = shal($pass);
AND system= '%S' Sresult - mysql_query($sql); if (mysql_num_rows($result) > 0)
while (Srow = mysql_fetch_array(Sresult))
$this->set_Iogin_count($user);$this->email = Srow['email'];Sthis->first_name = $row['first_name']; $this->last_name = $row['last_name']; $this->last_login_date = $row['last_Iogin_date']; $this->login_count = $row['login_count']; $this->user_level = $row['usergroup'];
{
}return 0;
}else{
return 1;}
}functiontransaction_login($user, Spass){
Spass = shal (Spass);$Sql = sprintf("SELECT * FROM tbl_user WHERE username = '%s'
AND transactionjpassword = '%s' AND active_flage = V", Suser, Spass);Sresult = mysql_query($sql);if (mysql_num_rows($result) > 0)
{ while (Srow = mysql_fetch_array($result))
$this->user_id = $row['user_id],
}return 0;
}else
60
{return 1;
}}
functionget_emaiI($user){
AND active = V3! j^*,9:"SELECT * FROM .bl_user WHERE username = ’%s’
$result = mysql_query($sql); if (mysql_num_rows(Sresult) > 0){
while (Srow = mysql_fetch_array($result))
Semail = $row['email'];}return Semail;
}else{return 'Error';}
}
functionget_login_count($user)
Scount = 0;$sql = "SELECT * FROM tbl_user WHERE username = 'Suser'”; Sresult = mysql_query($sql); while (Srow = mysql_fetch_array(Sresult))
Scount = $row['login_count'];
{
{
}return Scount;
}
functionset_login_count($user)
Slcl = $this->get_login_count($user);$lcl=$lcl + l;Sdate = date('Y-m-d H:i:s’); .$sql - sp JfC'UPDATE SET »gm_
last_login_date = 'Sdate' WHERE username- /os , Suser) , Sresult = mysqLquery($sql),
{
count = 'Slcl',
}61
functiondeleteLaPP__user($user,$id){
requireCsecurity.class.php’);$sec = new securityO;Suser = $sec->filter($user);$id = $sec->filter($id);
- ■%<!■, $uSr$id)t,“:"SELECT * from ,bLus" where use™me - ■%s’ AND aid
Sresult = mysql_query($sql); if (mysql_num_rows($resu!t) > 0){
Squery = sprintf("DELETE FROM tbl user WHERE username ='%s' AND aid = ’%d"\ Suser,Sid);
Sres = mysql_query($query);$q = sprintf("SELECT * FROM tbl user WHERE username = '%s'
AND aid = '%d'", Suser,Sid);Sr = mysql_query($q); if (mysql_num_rows($r) > 0){
return 2;}else{
//require('log.class.php');//Slog = new log_file0;//$log->write_log($_SESSION['sta_sys_un'], "Delete
User", "Suser", "process");return 0;
}
}else{
return 1;}
}functiondisable_app_user($user, Sid)
requireCsecurity.class.php),$sec = new securityO;Suser = $sec->filter($user); Sid = $sec->filter($id);
{
62
$sql = sprintf("SELECT *,%d,H, Suser, $id);
Sresult = mysql__query($sql);
if (mysql_num_rows($result) > 0)
FROM tbl__user WHERE username = *%s'AND aid =
{,0/ , a xt $query = sprintfCUPDATEtbl user SET active
username = ’%s’ AND aid = '%d"\ $user, Sid);Sres = mysql_query($query);
a xrr, „ a m $q = sPrintf(nSELECT * FROM tbl user WHERE username = *%s’AND aid = %d AND active = fN,n, Suser, Sid);
Sr = mysql_query($q);if (mysql_num_rows($r) > 0)
= lN* WHERE
{//requireClog.class.php');//Slog = new log_fileO;//$log->write_log($_SESSION[,sta_sys_un'], "Disable
User", "Suser", "process");return 0;
}else{
return 2;}
}else{
return 1;}//return 0;
}
functionenable_app_user($user,$id)
require('security.class.php);Ssec = new security();Suser = $sec->filter($user);Sid = $ sec-> ft lter($ id);
{
* FROM tbl__user WHERE username %s$sql = sprintfC’SELECTAND aid = ,%d,H, Suser, Sid);
Sresult = mysql_query($sql),if (mysql_numjrows($result) > )
63
{
username = '%s' AND a^r^d^TuSrlsid^TE*“mysql_query($query);
AND aid = '%d' AND active^?-, SSd);^^ WHERE usemame = '%s'
Sr = mysql_query($q); if (mysql_num_rows(Sr) > 0)
//require('log.class.php');//Slog = new log_file0;//$log->write_log($_SESSION['sta_sys_un'], "Enable
return 0;
_user SET active = T WHERESres =
{
User", "Suser", "process");
}else{
return 2;}
}else{
return 1;}
}
functiongeneratePassword ($ length = 8)
Spassword
"0123456789abcdfghjkmnpqrstvwxyz!#&@%*ABCDEFGHIJKLMNOPQRSTUVWXY
Z!#&@%*0123456789";Si = 0;while ($i< $ length)
$char = substr($possible, mt_rand(0,strlen($possible)-l), 1), if (! strstr($password, $char))
Spassword ,= Schar;$i++;
{_ mi.
{
{
}}return Spassword;
}
64
functionchange_password($user, $old_pass, Snew_pass)
require('security.class.php'); include("database.php");Ssec = new securityQ;$user = $sec->fdter($user);$old_pass_enc = shal($sec->filter($oldjpass));$new_pass_enc = shal($sec->filter($new_pass));
$sql = sprintf("SELECT * FROM tbl_user WHERE username = '%s' AND password = ’%s' AND active= 'Y'", Suser, Sold_pass_enc);
Sresult = mysql_query($sql); echomysql_num_ro ws(Sresult);$act_date = date("Y-m-d"). " " . date("H:i:s"); if (mysql__num_rows($result) > 0)
SsqlOl = sprintf(nUPDATE tbl_user SET password = ^s'jflag^’^s’ WHERE username-%s,M, $new_pass_enc,,A', Suser);
SresultO 1 = mysql_query($sqlO 1);$sql02 = sprintf(" SELECT * FROM users WHERE tbl_user = ’%s'
AND password = '%sf AND active = *Y,W, Suser, $newjpass_enc);Sresult02 = mysql_query(Ssq!02);
{
if (mysql_num_rows($result02) > 0)
//requireClog.class.php’);//$log_fil = new log_file();//$log_fil->write_log($user, "Password Changed","",
{
"Asset Management System");return 0;
}else{
return 1;}
}else{
return 2;}
}
}?>
65
security.class.php<?phpclass security{
function filter(Scontent){
Scheckjist = array(";" "DELETE","update","Offset", "offset");
, DROP , Drop , drop", "UNION", "Union", "union", "OFFSET",
5 5
Scontent = str_ireplace('"", "", Scontent);^content = str_ireplace($check_list, "", Scontent, Scount); if (Scount > 0){
return";}else{
return Scontent;}
}
functionfilter_for_mssql($content){
"GRANT", "Grant", "grant", "INSERT", "Insert", "insert”,$check_list = array("; ,"DELETE", "Delete", "delete","REVOKE", "Revoke”, "revoke", "UPDATE", "Update",
"DROP", "Drop", "drop", "UNION", "Union", "union", "OFFSET",t»_ll"update","Offset", "offset");
, Scontent);Scontent = str_ireplace(""\ "" Scontent = strJreplace($checkJist, if (Scount > 0)
, Scontent, Scount);tin
{return 'Error';
}else{
return Scontent;}
}functionlitejFilter(Scontent)
Scheckjist = arrayrV--"); Scontent = str_replace($checkjist,
{, Scontent);Mil
66
return Scontent;
}}?>
log.class.php
<?phpclasslogjFile{
functionwrite_log($user, Sdesc, SrefNo, $type)
//$log_date = date("Y-m-d");$log_date = date("Y-m-d").$log_user = Suser;$log_desc = Sdesc;SrefNo = SrefNo;$log_type = Stype; //process,$q_log = "INSERT INTO tbl_log (log_user, log_date, description,
refNo,type) VALUES('$log_user','$log_date','$log_desc','SrefNo',1,$log_type')"; mysql_query($q_log); if (Sdesc = ’Login’)
ii ii . date("H:i:s");
{$this->write_to_user_log($user,2);
}}
}?>
The windows scrip file use to execute the Secure Token Generating Application
«SSSS5^”'==SSS--msbuild saferPay.sln echo build complete
call
67
PHPcode used run the scrip
exec("vc.batM);
paymentfinsh.php
<?phpsession_stai*t();require(Mdatabase.phpn);$match_code=0;$status="";$transaction_cid-"';if(isset($_POST[,Verify]) && $_POST[TVerify] = "Verify"){
$match_code=0;$token_id=0;$app_c°de = $_POST[’txt_token'];Spassword = $_POST['txtjpassword']; $usemame=$_SESSION[,usemame'];$tr_number=$_SES SION['tr_number'];$bank_code=n";$sql=MSELECT* FROM tbl_user whereusemame-Susemame’"; Sresult = mysql_query($sql);
while($roow = mysql_fetch_array($result)){
$token_id = $roow['token_id'];}
$match_code=($token_id-l)*($tr_number-l); requireCuser.class.php');$logJnum^n^useTcIls->transaction_login($usemame,$password);//pass UN and
$user id = $user_cls->user__id,PW
$resu,'°1TSS"$bank_code = $roow['br_id'];
$today = date("Y-m-d H:i:s");$usemame= $_SESSION['usemame ];
{
}
68
$m_code="Ml"; $amount=$__SESSION[,amount']; Sdescription-'Payment for Goods"; $status="Success";$temp_id= dateCYmd');Stempjd = "T".trim($temp_id);
SsqlOl - SELECT MAX(transaction_id) AS maxn From tbi_transaction_details WHERE transaction_id LIKE 'Stemp id%'";
//echo SsqlO 1;SresOl = mysql_query($sql01);while (SrowOl = mysql_fetch_array($res01))
if (is^nullCSrowOlt'maxn']) || SrowO 1 [’maxn'] = NULL ||{
SrowOl ['maxn'] == ""){
SmaxnumOl = "001";SmaxnumOl = Stemp_id.$maxnum01; $transaction_id = SmaxnumOl;
Ssql002="INSERT INTOtbl_transaction_details(transaction_id,user_id,amount,date_time,bank_id,m_id,descriptio njStatus^ALUESCStransaction^dVSuserJdVSamountVStodayVSbank-CodeVSn^codeV SdescriptionVSstatus')";
mysql_query(Ssql002,Sconn);if (mysql_affected_rows(Sconn) > 0){
Sstatus-'Success";}
}else{
StempmaxOl = SrowOl ['maxn'];StempmaxOl = substr($tempmax01, -3); StempmaxOl = StempmaxOl + 1;//echo "<br>".StempmaxO 1 ."<br>"; $transaction_id = StempmaxOl; if (StempmaxOl <= 999)
if (StempmaxOl < 10)
StempmaxOl = "00".Stempmax01;
else if (StempmaxOl < 100)
{
{
}
{
69
Stempmax01= "0".StempmaxOl;
else if (StempmaxOl < 1000)
StempmaxOl =$tempmax01;
StempmaxOl = $temp_id.$tempmax01; $transaction_id = StempmaxOl;
}
{
}
Ssql002="INSERT INTOtbl_transaction_details(transaction_id,user_id,amount,date_time,bank_id,m_id,descriptio n,status)VALUES(,$transaction_idV$user_idV$amountV$today,,'Sbank codeVSm code’/ $description','$status')";
mysql_query($sql002,$conn); if (mysql_affected_rows(Sconn) > 0){
Sstatus-’Success";Ssql03 = "SELECT MAX(transaction_id)
AS tmaxn From tbl_transaction_details";Sres03 = mysql_query(Ssql03);
while(Sroow3 = mysql_fetch_array($res03)){
Stransaction cid =Sroow3 ['tmaxn'];
}}
} }}
}else{
$status="Fialed";}
}?>
70
Appendix . D — The Questionnaires
User Acceptance Test Questionnaire
Objective
To find out that the system meets the user requirements.
Agreed Natural Not Agreed
This system has user friendly interfaceand can easily learn
The system has quick response timeThe procedures were simple and required minimum number of steps
The system can provide good security against the security threads towards on line electronic payment transferCompare with existing electronic payment systems, I feel secure and comfortable when I am using the system
71