We need a SSL secure web based message portal script that will be hosted on our web server. Users will need to login using their already supplied ID and password to view a single message posted for them by the administrator. Users will not be able to post or reply to messages. Login IDs will be "single use" for a given message.
We need a SSL secure web site that allows a user to login using a login ID and password that will be provided to them by other means.
From the users perspective, they will interface with the website in the following way:
The user will type in a URL or link to this page from our regular website. This will take them to a SSL secure page that asks for a Login ID and password. This info will be entered by the user and submitted. If the ID and password do not match a stored ID/password pair in our "database", the resulting page will indicated that
"The ID and/or password you enter to not match our records, please try again."
If possible, if a login ID is in our database and there is more that 5 attempts to access that ID with an incorrect password, that login ID should be locked and that login ID should not be accessible after that even with the correct password.
If the user enters the correct login ID and password, the resulting web page will be a SSL secure page with simple a "mailbox" view. If there is no messages, a message such as “There are no messages for the entered ID?? should be displayed. If there is a message, there should be a subject of the message that should always read
"Message for your provider"
This subject should be a hyperlink that links to the actual message. There should also be a date that the message was posted by the administrator viewable by the user on this page.
The only options for the user at this point will be to "Logout" or view the message by clicking on the subject/hyperlink.
If the user clicks on the hyperlink, it takes them to a text message that was supplied by the administrator. This message view is also SSL secured and should be in a simple text format that can be printed if the user chooses. Once the message is viewed, if possible, the user should be automatically logged out but they can login again in the future is desired from the original user login page. If possible, messages posted by the administrator should only be available for 30 days from the date they are posted.
There will be a separate administrator page. These pages should all also be SSL secure. The initial page should be a login page.
There will only be one admin account. Once the admin logs in, there will be the following options for them:
1.)Generate login ID's
This option will allow the administrator to generate new login ID's and passwords for use in the future. This option will not delete any previously generated login ID’s. Each time the admin selects this option, 20 new login ID and password combinations will be displayed for the admin to copy and use in the future. The display of these ID’s should be a column format. Login ID format should be 8 characters - 4 numbers followed by 4 letters - one of the letters capitalized. These letters and numbers can be random. The passwords should be 10 characters - 4 letters (one of them in large caps) followed by 6 numbers. These can be random as well. So the output should look something like:
Login ID: 1322errR Password: aadF443204
Login ID: 4432rrTy Password: Rfft555479
and so on...
2.)Send a message
This option will allow the administrator to send a message to a specific login ID. The login ID is entered and then a text area will appear (approx 40 rows by 100 columns) where the admin can enter the message. Once the message is complete, the admin will "submit" the message to that login ID and the user that logs in under that ID will be able to see that message. "Invalid ID entry by the administrator" clause would need to be addressed here.
3.)Look up/edit a message
This option will allow the administrator to see the message waiting for a given login ID. "Invalid ID entry by the administrator" and "no message found for the entered login ID" clauses need to be addressed here. If the admin enters a valid login ID that has a previously posted message, that previously posted message will be displayed in a text area and the admin can edit it. There will be a "save changes" submission option to save any changes made. If no changes are made in the text area of if the admin does not click to "save changes", no changes will be made to the message for that login ID.
4.)Clear old messages.
Login ID's that have messages 30 days or older will deleted if this is selected. If a login ID does not have a message posted to it, it does not get deleted no matter how old it is. An "are you sure you want to do this" box here would be good to confirm this option in case it is selected accidentally. We want the login ID's erased as well at the messages. We will not be reusing ID’s.
5.)Delete all ID's and Messages
This will be a global wipe of sorts. This will allow the database to be wiped clean and start over. An "are you sure you want to do this" box here would be good to confirm this option in case it is selected accidentally. We want the login ID's erased as well at the messages.
Hope that is enough detail. Overall the webpage layout can be very simple. We can adapt it to our website.