A Secure Web-Based Learning Management System Using Open Source Platform K. M. Quamrul Ahsan, Q M Moinul Ahsan, M Abdus Sobhan School of Engineering and Computer Science (SECS) Independent University of Bangladesh, Dhaka, Bangladesh E-mail: ahsankmquamrul@yahoo.com, moinulahsan2000@hotmail.com, sobhan30@gmail.com Digital and demographic factors discriminate the users seeking health information online [2]. However, these distinctions could be blurred with the impending emergence of online healthcare solution through learning management system. This provides the ample scope for change. With users regularly turning on the web for health information and the possibility of online health learning management system, we are going to see a major transformation in how people manage their health [3]. Abstract— A Learning Management System is aimed at managing an e-learning environment, establishing the organization and delivery of content, administrating resources and tracking learning activities and results. LMS that are in use today are either commercial products (e.g. WebCT, Blackboard) or free open source products (e.g. moodle, claroline) or customized software systems that serve the instructional purposes of particular organizations. In this paper, it is focused on Education sector in the concept of Digital Bangladesh with a prototype course on Acupressure where one can learn, teach, use as virtual class, give quiz along with results and get certification after a specific course completion. Networked technology has and will continue to have a profound impact on education around the globe. It holds significant potential in advancing the interactivity between learners and Authors, in offering flexibility for the means of learning, and in providing easy, one-stop maintenance and reusability of resources However, the educational community has much to learn regarding how and in which ways technology can enhance the instructional process. While there is a large amount of related literature devoted to research on the impact of technology in education, there is much that we don’t know about its effectiveness. Keywords— Learning Management System, LMS, Content management System, CMS, Moodle, Acupressure, E-Learning, Distant learning, Open Source, Secure LMS. I. INTRODUCTION Learning Management Systems (LMS) are specialized Learning Technology Systems (LTS) based on the state-of-the-art Internet and WWW technologies in order to provide education and training following the open and distance learning paradigm. Moore and Carlson, argue that the design and implementation of such systems is not an easy task, since they are complex systems that incorporate a variety of organizational, administrative, instructional and technological components. The new and innovative technology infrastructure in the area of education are Learning Management Systems (LMSs), hypermedia environments that provide an integrated platform for online learning by enabling the management, delivery and tracking of mixed learning (i.e., online and traditional classroom). LMSs have been widely used for educational and training purposes not only because they have been advertised as the state of the art learning technology, but also because they: Medication information is an important component of the care process. It is not always available in the correct content and format when and where needed. Health information on the World Wide Web has surged ahead in recent years. Though the availability of this information and its use has affected certain aspects of healthcare delivery [1], this wealth of information has not been fully exploited. • Alleviate the constraints of time and place of learning, • Provide an excellent degree of flexibility concerning the way of learning, 92 National Conference on Communication and Information Security (NCCIS 2012) Daffodil International University, Dhaka, Bangladesh, 31 March 2012. • Support advanced interactivity between tutors and learners, and 4) Quiz Content: Quiz is needed in every class since it is a practical oriented learning. Quiz will help the learner to get the better picture and practice in the learning process. It is also needed to create a question bank so that in every quiz there will be different and randomized question for better learning. • Grant one-stop maintenance and reusability of resources. Some of the keywords related to our project are ‘web based LMS’, ‘E-learning management system’, ‘Learning management system’, ‘Acupressure learning’, ‘Acupressure Training’ and many more advanced search option to get the best possible profound relevance of the project. We searched these using Google search engine, toggle search engine, yahoo search engine and found online web based learning management system on acupressure host in some websites. These websites provide paid services to its users and limited services for registered (non-paid) users. 5) Certification: On completion of all quizzes, a final exam of multiple formatted question test is conducted with a duration of thirty minutes. Each student/learner can print/generate portable document file (pdf) certificate with their name and date on it. This has to provide for self-gratification and future reference. B. Users The focus of the LMS is placed in providing teachers and students with the necessary IT tools for accessing the educational material and communicating with each other. The LMS is considering more users rather than only teachers and students. In each role, use case model is shown to summarize the external interactions between use cases and actors. User of the system will be able to perform the following basic functions: II. PROTOTYPE MODELING PLAN From the project break down structure and schedule, it is decided to analyze the relevant learning management system for the Acupressure therapy. A. Course Content 1) Brief description of Acupressure: 1) Student To get the complete healthcare treatment we need to know these: It represents a role of a person who uses learning resources to gain knowledge or skills. The LMS is intended to provide students with learning materials and make them communicate with other users (student or teacher) by email, chat or internal email. Each student may participate in more than one course and can access the course materials. A student will perform the following specific functions in the system: • View and/or download learning materials • View and/or download assessment questions • Provide answers to self-test questions • View self-test performance report i. Physical ailment(Acupressure, Diet, Food Habit) ii. Mental ailment (Thought process and Perception ) iii. Spiritual ailment( Five Element theory and Opening the Chakras) 2) Lecture in Document Files: There are three types of courses offered, namely all of the text content are more or less with the same topic with different lengths. The course outline for the learners to assess how much will be the learning in detailed version. For each of the lecture, equal portion of total lecture content is provided word document, power point presentation and portable data file (pdf). Each of the lectures is evaluated by a 15 minute quiz. 2) Teacher Teachers are registered to use the LMS by the System administrator. Some competent teachers will provide learning materials as per their area of specialization. Then these learning materials will be uploaded into the learning material repository centrally by the content administrator. In this view, teachers will make use of the system just like students to access learning materials, though they will be having extra privileges like accessing reference answers if available to the given 3) Video Content: To teach people with practical implementation of the acupressure points to get better understanding in web based learning management system, video presentation are required for clear understanding of pressure point location, stress and after effects. 93 chapter and topic exercises. A teacher will perform the following specific functions in the system given below: View and/or download learning materials View and/or download assessment questions View and/or download reference answers for all exercises View student’s log-in history View student’s interaction with learning materials history View student’s interaction with assessment activities history 1) Use Moodle for learning management system. Tried to install in the system with complete package which is Moodle 1.9.8+. This package comes with xampplite-win32-1.7., Apache, MySQL and PHP. After testing at www.keytoschool.com, It is decided to choose the free hosting with 2.5 GB of space along with the domain as the link of that host. 2) For content, it is used the 3rd party file sharing system application like Google- docs, Mozy (www.mozy.com). 3) For video, it is used 3rd party API video sharing at most popular YouTube (www.youtube.com). 3) System Administrator System administrator is the overall in-charge of the LMS. System administrator has complete access to the LMS database, and monitors the use of it. He/she manages system resources like user accounts and assigns privileges. A system administrator adds new system functions and improves the existing ones. A system administrator will perform the following specific functions in the system. 4) Used cake PHP framework for server end. Object oriented approach could have been more predictable, reusable and less time consuming if we had sufficient expertise and we could have surely done better by using use case driven requirements specification and designing. Moreover, due to cutting cost and time optimization, it has been decided to go for free hosting which was discussed earlier. Since the main objective is to create a platform where one can have the learning environment and to convey the miraculous solution for humankind through acuhealthcare system. 4) Guest User The guest user represents any user who is not registered in the system. This category is essentially for motivation purposes. Guest user will not have the rights/privileges like registered user. The usage of the system will be limited. He/she will be allowed to view a list of courses available in the system, table of contents, syllabus, objectives of the courses if any is available and any other information relevant to the public. III. IMPLEMENTATION A. Introduction There are a lot of results in the field of software engineering concerning the question on how to represent systems and how to build a base for communication between the developer and the user of a software system . In order to manage the return investment in ICT for education, here referred to learning management system (LMS), it is essential that the benefits, risks and cost effectiveness of using new technology and new media are well understood in the context of application. An effective approach is to involve users in establishing the expected use of ICT and the benefit of it in education. C. Choice of Platform Through making a compare and analysis of the most popular seven open-source Learning Management system Platforms, the features of these systems are summarize from six different aspects which are logistic managements, educational resource managements, curriculum managements, cooperative managements, value managements and assistant tools. The idiographic project of choosing these systems is also evaluated, especially for the concrete goal and environment, such as more attention on course management and value managements. At the end of paper, there is a sum-up of these systems, which suggest the shortcomings of these systems, such as the lack of diagnostic assessment, the simplex of Knowledgeoriented, and the deletion of personalized functions. B. Description of Module The learning management system (LMS) is a client server; Web based system with three-tier architecture [4]. The system will consist of three major components: the MySQL database server that stores all the information and data needed including the means to link to the learning content repository, the apache application server that control the communication (basic system Following are the summary of approaches for underlying reasons: 94 National Conference on Communication and Information Security (NCCIS 2012) Daffodil International University, Dhaka, Bangladesh, 31 March 2012. database, querying and updating it where required. Database server will also maintain data constraints and integrity and the restriction of unauthorized access. Multiple data interfaces, views, reports and the provision of backup and recovery will also be implemented. functionalities) and the client that is used by users in order to access data from the server (Web interface accessible via standard Web browsers). These three components will be networked to facilitate communication among them. Three-tier architecture has the following specific advantages Application server, database server and learning material repository will be centrally placed at a Laptop. Distributed users will be able to browse learning materials using any standard Web browsers through application server. At Key-toSchool, they use their experience of Moodle hosting of large sites to build a rewarding E-learning experience for students. They keep the OS and application infrastructure layer fine-tuned for Moodle at all times to allow good performance and allowing you to use maximum features of Moodle. They ensure that their server runs the most stable and secure versions of Apache, PHP, MySQL and other backend software to keep our installation future-proof while offering maximum flexibility in case you need to upgrade our installation. Moodle 2.0 will require minimum PHP 5.2, which their servers already run. • It is easy to modify or replace any tier without affecting the other tiers • Separating application and functionality means better load balancing database • Adequate security policies can be enforced with the server tier without hindering the clients. The architecture will consist of the following: 1) The Client Tier: Also known as the user interface layer will run the end-user’s computer. The client provides the user interface for the Web-based application. It is a front-end layer. Using a computer, the user will access database through the Web server. The access to the computer will be possible by using created Web pages through any standard Web browser which support HTML,XHTML, JavaScript, and cascading style system (CSS) Web technologies. C. Course Integration Integrated 3 different lengths of courses on Acupressure, they are: 1) Long Course 2 ) The A pplication Tier: Will be responsible for interacting with the client in one side and the databases (database server and content repository) in another side. Application tier receives and processes data requests from the client, retrieves information (data) from database if any needed, generates a client response and store necessary data into the database. Application tier provide Web services and the data streaming services. Apache Web server to be used will be running in LINUX platform. A server side scripting language to be used is PHP and it will be used to connect to the back-end (database). 3) The Database Tier: This is the detailed describes course on acupressure as the physical ailment, perception and thought process as the mental ailment and 7 chakra opening, 12 meridian and meditation as the spiritual ailment. There is total of eight classes. Each class is followed by a 15 minutes quiz. Student can attempt only twice with each of the quizzes. First three classes are to give only the acupressure points and their common symptoms and remedy to earn their proper attention towards the other two more important phases. From fourth class, the acupressure points description along with interesting facts on perception and thought processes. It is the place where data will be stored. The database server maintains the data needed for the Web application. It is a back-end layer. It will store data (including links to learning content repository) and control the basic system functionality. This tier may run on a separate server called the database server. MySQL database running in Windows platform is used in this case. Database server is responsible for providing a number of functionalities to the application layer (server), like; creation of the Furthermore, it has included the ultimate remedy for both physical and mental ailment, 7 Chakra opening and Meditation technique from beginners to advance level. On the last class, a final quiz to be certified as acupressure therapist. Final quiz will have total of 60 questions with 30 minutes of timeline. Question format will be discussed on the quiz integration in the later section. 2) Short Course This course has a total of four lectures and four 95 quizzes. I have given emphasize on the Acupressure techniques. Brief content is given on mental and spiritual ailment. 3) Crash Course E. Server Setup System implementation has been completed after finishing the integrating phase. As part of the implementation the following are reported. Hosting the learning management system in an intranet server with domain named www.acuhealthbd.com. In the prototype, it has fashioned multiple administrator accounts, guest and respondent accounts, crafted quizzes, course outlines, different types of courses such as long, short and crash, built content for the best possible learning and training environment. This is the shortest course amongst all. There are only two lectures and two quizzes. Mainly, I have given the elaborate thirty-eight Acupressure points. D. Quiz Integration Since Moodle has the unique features of various types of question formats. This prototype has used almost all types of question format except the short answer formats. Here is the list of question formats: 1) Aiken format: This is the .txt format multiple choice question uploaded by the teacher. 2) Drag and Drop Question: This is a very interactive quiz format where you have to drag the right answer to the right question. 3) Text button multiple choice: to get the right answer from the multiple choice answer 4) True false: click the true or false button to choose the right answer. 5) Drag and Drop matching: To match the rights answer in ordered format. 6) Ordering: to order the given points in ascending order. The LMS was installed by installing apache, MySQL and phpMyAdmin by using open source web server installer “xampplite-win32-1.7.1”. A database named “server” was created and a user and administrator were created to provide access to this database, by using the SQL code running section of phpMyAdmin, the administration panel of MySQL database. These are all done by the hosting site at key-to-school. F. Interface Views The interface views are categorizes in 3 levels are given below: Module View Fig. 1 System login interface 1) Administrators View 96 National Conference on Communication and Information Security (NCCIS 2012) Daffodil International University, Dhaka, Bangladesh, 31 March 2012. Fig 2 Administrators activity module interface IV. SECURITY There are a few security issues have been detected and most of them are patched accordingly. Whatever is encrypted can be decrypted but which are hashed cannot be decrypted. Passwords are stored in Moodle in an encrypted form, called an ‘md5 hash’[5]. Password salting is a way of making passwords more secure by adding a random string of characters to passwords before their md5 hash is calculated, which makes them harder to reverse (the longer the random string, the harder you make it). There was another issue about hidden spam links but moodle 1.9.8 fixed that bug. Recommendation for Enhanced Security: • Update Moodle regularly on each release. 97 • Published security holes draw crackers attention after release. The older the version, the more vulnerabilities it is likely to contain. • Register globals MUST be disabled! This will help prevent against possible XSS problems in third-party scripts. • Use strong passwords teachers. • Choosing "difficult" passwords is a basic security practice to protect against "brute force" cracking of accounts. • Only give teacher accounts to trusted users. Avoid creating public sandboxes with free teacher accounts on production servers. for admin and • Teacher accounts have much freer permissions and it is easier to create situations where data can be abused or stolen. • Separate the systems as much as possible. • Another basic security technique is to use different passwords on different systems, use different machines for different services and so on. This will prevent damage being widespread even if one account or one server is compromised. • Security experts recommend a dual firewall differing hardware/software combination. • Disabling unused services is often as effective as a firewall. • Use netstat –a to review open network ports. • Allow ports Digital Bangladesh, we definitely need to improve our education sector with the international standard and this prototype can be a step to achieve the goal. VI. SCOPE FOR FUTURE WORK Learning Management System (LMS) technology is currently widely deployed across Countries. However, the full benefits of this technology are yet to be realized. This could have done more beautiful and effective if we could give more qualitative time in it. The following can be done for further work 80, 443(ssl), and 9111 (for chat), • Can be implemented at any school for online Exam, Quiz, Assignment submission, Parent counseling, teacher evaluation and many more. • The videos can made more attractive and clear if we can record it in professional studio or with professional touch. • Lighting and script can be written more specific. • Quiz question bank can be made by putting tons of effective and interactive questions. Remote admin: ssh 22, or rdp 3389 • Have backups ready. • Practice recovery procedures ahead of time. • • Make provision for short questions. Use a rootkit detectory on a regular basis • • Linux/MacOSX - http://www.chkrootkit.org/ Can make customized banner for header and footer • Windows for help http://www.sysinternals.com/Utilities/RootkitR evealer.html • Can make the system as a paid system through PayPal. • Send text automatically for any update and notifications. • More secured database and compatibility with web 2.0. V. SUMMERY Open source Learning Management System platforms have played a vital role in the teaching on the Internet, though there are still many insufficient. The development of open source Learning Management System platforms is a continually explore and improve process, and we trust that with the improvement of the theoretical and the development of technology, it will bring us more surprises. REFERENCES [1] [2] In the Project, the joining of acuhealth with LMS platform makes the miraculous health care treatment to the next step. It is highly applicable to all persons at all ages and it can be given to any School with Education content for better Teacher, Student, and parent interaction. In the paper, the prototype is made only to show how the system can reach to remote areas and people. The content management system adds a tremendous value to the site for better learning. If we really want to form a [3] [4] [5] 98 M. McMullan, “Patients using the Internet to obtain health information: How this affects the patienthealth professional relationship”, Patient Education and Counseling, vol. 63, nos. 1-2, pp. 24-28, Oct. 2006. R. E. Rice, “Influences, usage, and outcomes of Internet health information searching: Multivariate results from the Pew surveys”, Int. J. Med. Inform., vol. 75, no. 1, pp. 8-28, Jan. 2006. R. Nelson, “The personal health record”, Am. J. Nurs., vol. 107, no. 9, pp. 27-28, Sep. 2007. K. Chen and D. X. Teng, “The Exploration of Network Platform Based on Open Source LCMS,” XuZhou Institute of Technology, vol. 4, pp.18–20, April 2007. http://docs.moodle.org/22/en/Password_salting