Web Development Thread, 'account creation/protection' & 'public areas' in Coding and Web Development; I'm a teacher (not IT) building a website for an independent school with 550 pupils. I'm using e107 CMS. I've ...
I'm a teacher (not IT) building a website for an independent school with 550 pupils. I'm using e107 CMS. I've got limited ICT skills compared to you guys; I can't write php scripts from scratch, but sometimes I can do small hacks to existing ones if I can figure out what they're doing. I don't know much at all about databases or queries though. So far I've muddled through without causing chaos, but I've got a few questions and would very much like to benefit from your expertise, bearing in mind that we do not have any LEA jurisdiction / guidance:
1/ Moderated website accounts -
How do you guys manage your website membership? I'm thinking of allowing moderated sign-ups, so that when I receive an application I will manually check it against a list of pupils/parents, and create the account if they are on the list.
However, I'm aware that it might be possible to export the necessary portions of our access database (we don't use SIMS) to .csv format and import the data into the SQL database. Would this be very difficult? The main problem that comes to mind is how would I set-up and share their passwords?
I'm leaning toward the first proposal, because it means I only need to create the accounts for pro-active pupils/parents, rather than create 1000 accounts and only have 100 people use them regularly.
2/ Account protection and logging out -
I don't like the idea of users logging-on from a shared computer, whether it be from a school network, internet cafe or at home. I can envisage that they'll leave themselves logged in, and the next user can maliciously post content under their identity.
I can shorten the session time-out, and remove the 'remember me' feature, but this means that users will have to log-in every single visit, which I think will put them off from using the member features.
What do you guys do? Are my worries unfounded?
Initially I was thinking of having only some content open to the public, and the more sensitive info accessible only to members. However, I've gone off this idea because in impedes ease-of-use so much. For instance if a parent is looking at the news or download section without being logged in, they might not realise that they are missing important information by not logging in. To be honest, I think most parents would be too lazy to login, or even bother remembering their nick and password.
Do you find serving different information to 'guests' and 'members' causes problems, such as parents missing information?
And if I go down that route, how much can I leave public? As only the forums and chatroom really need the user to identify themselves (by logging in), I was wondering whether it is ok to leave everything else open to the public? This would include a news section, monthly parent bulletins, calendar, galleries, downloads, etc.
We follow guidelines to try to ensure that pupils aren't identified in our content, but I worry a little about the general public having access to things like our calendar/events details, bus routes and extra-curricular club timetables, for instance.
What do you guys 'hide' from the public?
Do you force pupils/parents to login to get information?
Re: account creation & protection and public areas
Hmmm... 40 readers and no bites.
OK, here's the short version:
How do you guys manage your website membership?
Do you let anyone sign-up and then check their identity with your student database before creating their account, or do you use the database to create accounts for all students? What about parent accounts?
Do you find there are problems caused by users not signing out on shared computers?
Would you allow, for instance, calendar/events details, bus routes or extra-curricular club timetables, to be made available to guests (the general public), or would you force parents to log-on to get that kind of info?
If some content is protected, how do you ensure that parents don't miss information when they they don't log-in?
Here we give pupils usernames and passwords when they arrive in year 7. There is an inductory day where rules of the school is explained to them and codes of conduct expected. This year we are going to promote the use of our network and Internet rules. This has generally been done by the form tutor but can be overlooked as they do not always understand the importance. This year our IT teachers are going to have the induction day to give usernames and passwords to all new pupils. These are generated by me(IT Technician) and are set to never expire. The pupils can then keep them safely in their homework books.(The reason I do this was due to the large amount of pupils who "forgot" their passwords.)
Each pupil has their own email and e-learning account created from a batch file I created. This is then used to bulk create accounts. They are shown how to log on and use the systems and that they MUST inform me if they think someone has used their account so I can change the password.
Account protection – you need to log into virtually everything on the net these days, I wouldn’t worry about this feature putting people off. If the content is good, people will log in to use it. As for people using accounts left logged on, Educate people that they are responsible for their own account, logging off at the end of their session is a must for all online accounts.
Public areas - We have general information for the public such as contact details etc, but so far we have not developed our website beyond this. Any parent wishing to see what is on our website will need to log on with their child and their account to access what our pupils can. This may be developed in the future but at the moment no one is willing to take on this role.
Our main website will be/is open to everyone thats what its for , when we implement our vle, then we will have passwords and usernames for that. Until then the website is for everyone to know about us.
Scott, is your website general 'brochure' or prospectus information only? I don't have a problem sharing that publicly, but I envisage that much of the information we want to share with parents is slightly more sensitive - image galleries, children's work, governor reports, parent bulletins, events, clubs, bus routes, etc.
In your opinion, do you think it is wise/safe to make that information available to anyone (images/work have the proper permissions, and no full names of children are mentioned in the content)? For usability issues, I'd very much like to say 'yes', but I need other opinions.
Pallen, nice to see how a professional would do it. Unfortunately I do not have the skills to even conceive how I can batch-create website accounts. A user's entry in my SQL database table looks like this:
Three problems I foresee with a batch process are highlighted:
- the user number needs to be incremented with each entry.
- the password is md5 encoded. I wouldn't know how to create random, clear-text passwords anyway.
- We don't keep email addresses on file, so I'd have to create all accounts with a generic one. But if the user has to change their email address later, it means allowing them access to their profile. For security I'd rather that no-one can view or change profiles, which means I'd have to change all the email addresses individually myself.
I really don't have the skill to overcome these problems, so I'm really leaning toward having users sign up and moderating the process by checking them against a list before creating the account. Does this sound too amateur?
Something you need to consider is how sensitive the data you want to protect is and why you are putting it on the website? Just because you can put the stuff there doesn't mean you have to or indeed should.
Is the webserver your own or hosted externally? If it is an external server, where to you lie with data protection is 'private' information is put there? If the webserver is onsite you can always authenticate against you own network.
Our website is primarily for promotion of the school and to give key pieces of information. We have no need to hide any information so the only reason to log in to the site is to edit content.
Thanks for your thoughts ric. The information isn't private as such, and wouldn't come under the DPA. But I am worried about publishing information that might be used inappropriately. An extreme example: publishing our bus routes means that anyone in our locale can tell when and where a pupil may be waiting alone by the roadside everyday. A lesser example might be teachers keeping classroom 'journals', whereby they'd feel more comfortable knowing it was only our community reading it, rather than anyone who happens upon the website.
I don't know, maybe I'm just nervous that documents, images, work and information which are only relevant for (and have previously only been shared within) our school community are going to be available worldwide. The dilemma is that I want to make the information easy for our parents and pupils to obtain, but at the same time I don't want any weirdos poking about in it to see what kind of info they can misappropriate!
At the moment I want to throw caution to the wind (a little), making everything available to the public and only requiring accounts if pupils want to use the forum/chatroom. That would certainly make things easier for me, and the users, but I'm just still a bit nervous about it. Most of the school websites I've visited are very sparce, and I wonder is that because they are under-developed, or because most of 'their community' is kept out of reach of the public?
* If a 'clever' kiddy-fiddler was to want to find information about bus routes, school opening times, etc. they could easily ring the school and not be challenged. These are also things that prospective pupils' parents will want to know when choosing a school - it's no good if the bus doesn't pass their house after all
* Classroom journals, etc. are more appropriate for VLEs where you would give all the kids individual access. I would suggest that you could pick out exemplary work to display on your web site in an adhoc fashion.
* You need a policy about displaying information on the website... for instance, you need permission to use images of people and you should NEVER publish the full name of a student next to their picture.
* Chat rooms are a bad idea unless you are going to rigorously moderate it... you are opening up a whole new route for bullying. How could you possibly police this? Again, stick to the VLE for this.
You might also like to take a quick look at the EduGeek Joomla package... one of our members has created this template which can easily be adapted to provide a website suitable for most needs. Joomla modules are readily available too so you could add 'hidden' features if you so desire.
Hi, yes it is more of a brochure website, but thats all it needs to be, any images of pupils are authorised by parents, and any information on the site is freely available at any other source. I am struggling with SMT as they want other information on it, but I am keeping this off as it should should be on the VLE. (not understanding how it works and whats its for properly)
We are trying to keep away from having to login and maintain users on the website as this is just more work.
As for documents, all our downloads are PDF will all the rights removed, so they can not be edited, text or images taken off, hey can only be printed.
> but I am keeping this off as it should should be on the VLE.
The IT tech wants me to install moodle on our web server this coming year, but I'm personally against that; shouldn't he really install it on the local network?
The emphasis for the website is to create a repository of information, an exhibition work, a snapshot of our activities and services, and a safe, central place for teachers and pupils and parents to communicate. I'd rather do that with e107 than moodle because e107 is more suited to it (and from what I've heard, it is also more secure).
I've had a look around in the moodle demo and I didn't like it much. If we have to use moodle at all, I'd rather it was purely for students to do tests and revision exercises (the rest of its features looked clumsy by comparison to e107) thus leaving the website as the central place for information and communication.
The other reason for my emphasis on the website rather than the VLE is that I think moodle will be installed, set-up, but then never used by teachers. No-one is going to convert their books and photocopies into online tests in their own time. Plus, the only children who would use the VLE are the proactive ones who don't need an extra revision resource anyway.
Finally, I know e107 quite well now, but it's been a steep learning curve studying not only the software, but css, php, sql, graphics, etc. I do not relish spending my own evenings and weekends learning about moodle as well as simultaneously developing the website. Seriously, my wife would divorce me!
It sounds to me like you need a policy written up for your school where the type of content is agreed upon before uploading. If you are unsure about the content you are uploading then dont....you can always add it at a later date if it is required.
It may be worth sitting with the Head/SMT to decide exactly what you want your website to do. Bus routes etc are usefull for parents as is term dates, trips etc, but as people have said you dont need to post things just because you can.
As for how I would maintain it...If it is going to be you, then I would go with what you are confortable with. If this is manually checking accounts for each request then do that, be aware though that if your website takes off and everyone wants an account it could be very boring for you to check hundreds of accounts. You may also want to think about every September when you get another 100+ accounts to add.
You have stated that you are a teacher, how will this affect your teaching? How will you do the updating?
As for Moodle, if you set it up internaly you will only be able to use it on your network, by your network users. IF you wish to publish documents for use at home it will need to sit on your web server, or be externally hosted. We have ours externally hosted and this allows staff to upload worksheets and resources for pupils to use outside of school. Some of the English Dept documents would have run to over hundreds of pages but can easliy uploaded to our VLE and then students can pick out the relevant information.
Although not all teachers were convinced at the start, the fact that the alot of work was already on our network meant that teachers did not have to re-do any work. It was possible to create their department section (eg english) and upload all their work into the relevent sections and inform the pupils. Eg you can now find the poem under "School VLE>English>Poems". It is explained to all staff that when they are uploading work they need to check Copyright and appropriateness etc.
We are going to setup access for heas of departments to be able to edit there own content on there own specific subject area, once done it cannot be published until another person approves it, this can be done via joomla permissions.
We will be using Kalidos for our VLE and we can already see issues where Teachers will not update the pages and information. so best to keep the website managable with as less input from everybody as possible as you will be updating it will get to be a lot of work.