Welcome back! In the first part of this series I covered my initial involvement in a client’s website development; it was strictly HTML and a little CSS. Then the “Contact Us” page was written in PHP, followed by a PHP product specification sheet that got it’s data from a PostgreSQL database. The final step in the evolution was a total migration to ASP.NET and SQL Server. I had just finished the main product pages, database tables and stored procedures when I ended Part I. You can refresh your memory (or read it for the first time) here – HTML to PHP to ASP.NET: Part I. In Part II I will cover the “Contact Us”, “Careers” and “Login” pages along with pages that handle site and data administration.
Let’s start with the all-important “Contact Us” page. As I mentioned earlier, this page was written in PHP and later had CAPTCHA added. When a potential customer submitted the request they received a confirmation email and an email was sent to the client’s sales department for follow-up. The system worked well but there was no record other than an email and there was nowhere for the sales department to keep notes about the request. I built a table in the database and added code to write the data to the table prior to sending the email. There was then a page created that queried this data and wrote it to the screen. When I moved to ASP.NET I also added the ability to send email to the requestor directly from the web page and for the person sending the email to add comments to the database. They now had somewhere they could go to and see what people are inquiring about and maintain records of follow-up correspondence. This data could ultimately be tied into a customer database or order database with relative ease.
At this point I have completely migrated the existing website over to ASP.NET and SQL Server and it is time to add the back-end administrative functionality. One of the prime reasons for the site migration was to give the client the ability to maintain the data and add products without having to come to me to update the HTML code. With that goal in mind I set out to create the “admin” pages. The first consideration was security; we didn’t want just anyone to be able to change the data. The easiest form of security, and also the least secure, is to put up a page that doesn’t have a link to it anywhere. The thought is that you can’t get there if you don’t know where “there” is or that it even exists. This isn’t a very good choice. The site already had a “Login” page that contained links to internal sites that required user authentication so I decided to use that page and add a couple textboxes for the user to input a loginID and password. These would be the same as their email id and password; you’ll learn why later. I wanted to give the client the ability to restrict functionality to users based upon “access levels” and started with four basic levels – “sales”, “hr”, “admin” and “executive”. Sales would have access restricted to the contact request functions and hr would be restricted to the “Careers” page. Admin level would give access to the product data tables and executive would grant access to everything. I had a table, tLogin, that stored the userID, password, access level, date created and date deleted. If date deleted is NULL, then the access rights were active, otherwise the user either had their access rights changed or they no longer had rights. The reason I wanted to use the email password for the user is that this then allowed me to use their email account for sending the correspondence to the custom in response to a contact request.
The “Careers” page is something that I am sure everyone reading this post has seen; it is a page for advertising job openings within the company. I decided to have this page work for both internal and external job postings. If the user had a login id and password, they were allowed to view the internal postings otherwise they got only the external posts. There was a link to send and email to the person posting the job. I created everything with the intent of having the ability to track applicants and store resumes but that is beyond the scope of this project. I do envision adding this functionality in the future.
That is the project, in a nutshell. I hope you enjoyed reading about it and maybe getting some ideas for your next website.
If you would like to know more about this project or have one you would like to discuss, please write to me at firstname.lastname@example.org.