This Repository on Laundry Management System is specifically designed for the community members of IIT Gandhinagar.
- Zeal Shah
zeal.shah@iitgn.ac.in - Simran
simran.saini@iitgn.ac.in - Argha Sardar
sardarargha@iitgn.ac.in - Denish Trivedi
denishtrivedi@iitgn.ac.in - Dishant Patel
patel.dishant@iitgn.ac.in - Tamma Sowmya Sri
tamma.s@iitgn.ac.in - Ayush Agarwal
ayush_agrawal@iitgn.ac.in - Abhigyan Martin Ninama
abhigyan.mn@iitgn.ac.in
1. Clone the repository from GitHub to your local machine : git clone https://github.com/[your_username]/[your_repository].git
2. Open a terminal window and navigate to the root folder of the project.
3. Create a virtual environment using the command python3 -m venv env_flask
4. Activate the virtual environment using the command source env_flask/bin/activate
5. Install the required packages using the command pip3 install -r requirements.txt
6. Set up your MySQL database and update the config.yml file with your database credentials.
You can create a MySQL database named laundry_db with the following credentials :
- Username :
root - Password :
password - Host :
localhost - Port :
3306
7. Import the laundry_db.sql file into the database to create the required tables and dummy data.
8. Navigate to the root directory of the project and run the app by running the following command: python app.py
9. Open a web browser and enter the following URL: http://127.0.0.1:5000/
[Might be different based on which port you are running the localhost]
Watch the installation video here : https://drive.google.com/file/d/17QOLflzjDd_zoCRmfvy6YPpxtyquLg8S/view?usp=share_link
There is an additional directory Lib which we can't add in the repo, but here is the link of it : https://drive.google.com/drive/folders/1UvqVq010p6MVA9xQRRCGjeJ7TCmVewXF?usp=share_link
-
Based on the teams formed, each team is supposed to create a web application of the proposed functionalities in the previous assignments. Each team can be divided into Group G1 and Group G2; G1 is supposed to work on the front-end and G2 on the back-end sections, respectively. You can use Flask + MySQL for developing your WebApp.
-
The web app should support the dynamic execution (The changes done by the user through the web app shall be reflected in the main database and web page also) of the following functions on your database :
- INSERT
- UPDATE
- DELETE
- RENAME
- WHERE
-
Push it to GitHub and share the link for submission
-
Login page with authentication of users and stakeholders.
- G1 is supposed to design the front end and beautify accordingly using HTML/CSS/JS, you may use any other libraries for the front end, such as Bootstrap or jQuery. But flask is mandatory.
- Sign-In Page : Users will use this page to Sign-In to their account, using their corresponding Email-Id and Password.
- Sign-Up Page : New users will be redirected to this page, to create a new account for Laundry Service.
- Homepage : Users will be greeted with this homepage. With 4 options on the top ribbon.
- Clothes-Status : Users can check the status of their clothes, by clicking on the option,
Clothes-Checkfrom the top ribbon. This page shows the status of the submitted clothes of respective users.
- Complaint : Users can register their complaint for the clothes they have submitted for washing. Users can access this page by clicking on the link
herefrom the Clothes-Status Page
- Complaint Status Check : Users can check their status of the complaint issued. Wheather Pending or Resolved
- Laundry-Schedule : Users can check their schedule for their laundry submission, of their respective hostels.
- Admin Page : Users with administrative priviledges will be greeted with this homepage, with access to certain actions.
- List of Clothes : Admins can access the list of clothes that have been submitted by the users, by clicking on the option
Clothesfrom the top ribbon. Furthermore the admins can change the statuses of the clothes gone for Washing or Washed or Arrived.
- Clothes Add : Admins can add clothes manually through this option, available from the top ribbon.
- Complaint Page : Admins can check the complaints and its statuses (With any remarks) registered by the users through this page.
- Students : Admins can check each users submission through the option
Studentsfrom the top ribbon.
- G2 has to work on integrating MySQL in WebApp. This group works on the proper working of the backend.
- Query for Login Authentication, for both User side and Admin side.
- Query for Sign-Up for the New users.
- Query to check the Status of the Clothes, i.e. Washed, Washing and Arrived
- Query for the Admin side, which will let some previledged users to add clothes for taking into account for washing.
- Query for the Admin side which will display all users who have submitted their clothes for washing.
- Query for the Admin side which will display all the currently raised complaints by the users.
- Query to delete the account of a perticular user.
- Query to update status of the clothes date wise, i.e. it changes the status of all clothes (Washing to Washed) which are from a slot which has been completely washed.
- Query to delete a particular selected cloth's entry.
- Query to register any complaint, raised by users.
- Query to check the Status of complaint from a perticular user
- This is a web app that integrates Flask and MySQL and allows for dynamic execution of database functions such as INSERT, UPDATE, DELETE, RENAME, and WHERE clause. The app also includes a login page with user authentication.
- Before Adding Clothes :
- After Adding clothes :
- Before Adding complaint :
After adding complaint:
- After inserting complaint, it got reflected in admin complaint page.
- Similarly there are several insertions that can happen in our system.
- Before Deleting the account of
alfred@comcast.netfrom admin side.
- After deleting
alfred@comcast.netit is not showed in list of students.
- Before deleting the record of clothes of student
24110077
- After deleting
24110077, it's record got deleted from list.
- Before updating status:
-
After Updating :
-
The status got changed for the record of date
2023-03-19
- Our system doesn't require any rename operation to do so we haven't implemented/shown it and there is no point to rename table, database or column.
- Before Rename
- After Rename
- Login Page looks like:
- In login page where clause is used to validate user and to signed in user and store the session of user
@app.route('/', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
# Fetch form data
userDetails = request.form
password = userDetails['password']
email = userDetails['email']
cur = mysql.connection.cursor()
cur.execute("select * from user where email_id = % s and password=% s ",(email,password))
account = cur.fetchone()
if account:
session['loggedin'] = True
session['id_number'] = account[3]
session['email_id'] = account[0]
session['hostel_no'] = account[4]
return redirect('/homepage_student')
else:
cur.execute("select * from college_management where email_id = % s and password=% s",(email,password))
account = cur.fetchone()
if account:
session['loggedin'] = True
session['email_id'] = account[0]
session['p_level'] = account[3]
return redirect('/homepage_admin')
else:
msg = 'Incorrect username / password !'
return render_template('index.html')
return render_template('index.html')
-In cloth status page of student , where clause is used to only show the status of cloth of that particular user.
@app.route('/add_clothes', methods=['GET', 'POST'])
def add_clothes():
if request.method == 'POST':
# Fetch form data
clotheDetails = request.form
today = date.today()
cur = mysql.connection.cursor()
cur.execute("INSERT INTO clothes (id_number, room_no, no_of_clothes, date, status) VALUES (%s, %s, %s, %s, %s)", (clotheDetails['id'], clotheDetails['room_no'], clotheDetails['no_of_clothes'], today, "Washing"))
mysql.connection.commit()
return redirect('/homepage_admin')
return render_template('add_clothes.html')
1. The G1 takes two feedbacks from the stakeholders, one initial feedback (before 30th March 11:59 PM), and then makes relevant changes as suggested per the first feedback, then final feedback (before 10th April 11:59 PM) post changes. The write-up/documentation should have screenshots before the first feedback, after the first feedback, and after the second feedback.
We have taken feedbacks from stakeholders to improve this system. All relevant changes recommended by the stakeholders are implemented in G2: 2.
1. Not all admins should be able to see information of students and thus delete the details of a student. For example, Laundry staff can not have this much of privilege of viewing and changing the student data but College Management should have.
2. While adding the clothes of a user, there is no need to add Room Number as it can be retrieved from the user information from users' roll-number.
3. Add an extra page at the student side (View) that covers other Laundry facilities provided in hostels. (eg. Smart laundry system at E Common room etc.)
1. While adding a student's clothes, a field should correspond to checking whether the provided piece of clothing is already torn. Sometimes, when students give their clothes for laundry, they include torn clothes. This can result in complaints from the student when the clothes are returned, stating that their clothes have been damaged. Therefore, it is necessary to address this issue.
2. Attach screenshots of different views [along with a write-up on their privileges] of the database as seen by different classes of users.
-
Students can see cloth-status and also add a complaint for laundry.
-
Students can see the Hostel schedule for picking-up clothes.
-
Students can see their complaint's status.
-
Can see clothes and can also delete entry for clothes.
-
Can insert the detail of student clothes.
-
Can see the complaints.
-
Can see clothes and can also delete entry for clothes.
-
Can insert the detail of student clothes.
-
Can see the complaints.
-
Can see the details of student and also admin (with High permission level) can delete the record of student.
- Concurrent multi-user access: Multiple users with different roles can access and update the database concurrently. In such a scenario, the same item can not be updated by two different users. For example, locks can be applied to tables in MySQL.
To acquire a lock in Flask in MySQL, we have two locks :
- Share lock for reading :
-
By adding “LOCK IN SHARE MODE” in select query we can acquire a shared lock and to release a lock we execute "Commit" statement that releases lock acquired by the current transaction.
-
Exclusive lock for reading and writing:
- By using “FOR UPDATE” in select query we can acquire the Exclusive lock and can read and write to that table and to release a lock we execute "Commit" statement that releases lock acquired by the current transaction.
In this way we have added this to all our queries.
- When a junior member of Laundry staff (not Management) used to log in :
- They could see the info of students and can also delete their info.
- We added a permission level where 1 means all permissions and 2 means minimum permissions , All permissions
(p_level=1)is given to Management and Minimum permissions(p_level = 2)are given to laundry staff.
- At the time of login we store the
p_levelto the session to use it later for different purpose(s).
- Above, we added a condition statement that if
p_levelis equal to '1' then and only thenStudentpage is implemented or not.
- We added same conditional statement in
app.pyfile too so that it can not be accessible by typing in URL.
-
Now
Student pagein Navigation bar is not displayed because I was logged in as a laundry staff member. -
Now, as We did log in with the Management ID, the
Studentpage is visible.
- Before : It is required to add the Room number by student, which already corresponds to student's id number.
- So, we are removing the
room_noinput field.
- Below, we have included extra query to get the hostel number from id number and using that result's hostel number and then adding the clothes record.
- It works; the room_no field is not there anymore.
- The room number in the clothes page is visible after updation.
- Before : No page informing about in-hostel laundry facility.
- We made
Other-Facilitypage.
- Now, one can see other laundry options.
- Before: Clothes Page
- Before: Below is the Table structure
- Flask code for adding clothes (Before):
- After adding an extra field in the table structure as torned_cloth.
- I also added a radio-button for torn clothes in add clothes page.
- Flask code for adding an extra field.
1. Documentation and screenshots of a total of four attacks [SQL Injection and XSS] performed and the defenses against those attacks
- In login page if we insert
' or 1=1 –in both email and password then we directly get access to system. Because oforstatement other conditions does not consider.
- After Hitting login button, here we can get access to system.
(giving the value of first user as email)
- Use parameterized query of Flask to solve this problem.
Before:
- After adding parameterized query:
-
Now the attack is not possible.
-
In register page, if we insert
'; DROP TABLE temp; --in any of field then it will delete the table temp from the database.
- It will give error if you click on register, but on Database, this click has deleted table
temp.
- Use parameterize query of flask to solve this problem
Before:
- After adding parameterized query:
- Now the attack is not possible.
- If we register using the Gmail id as
“<script>alert('XSS attack');</script>”and by adding other fields as random then at the time we logged in to the system, we get the alert message as we have displayed user’s email id on homepage so at that time the script will run.
- Sanitise the input properly that can only accept valid email ids only using the input field as
type=”email”will ensure this.
- You can also use triggers to validate a perfect email address.
- At the time of registering the complaint the user can input
“<script>alert('You are Hacked);</script>”this tag in describe field. And due to this the admin when opens the complaint page get a popup of alert saying “You are Hacked”.
- Sanitise the inputs , here we can use pattern attribute of input field to not accept the
< >brackets as:
- The
patternattribute is used to specify a regular expression that the input value must match. In this case, the regular expression[^<>]*means that any character is allowed except for < and >.
2. Show that all the relations and their constraints, finalized after the second feedback, are present and valid as per the ER diagram constructed in Assignment 1.
| Relation | Mapping cardinality | Where relationships are utilized |
|---|---|---|
| User and Clothes | One to one | On the student page, this relationship is utilized for displaying the status of clothes. Each student is able to view only their own clothes, and each clothes entry corresponds to only one student. |
| User and complaint | One to many | On the student page, this relationship is employed for registering laundry-related complaints. Each student is allowed to register only one complaint, and each complaint is associated with only one corresponding student. |
| College management and complaints | Partial participation with many to many relationship | On the complaint page , this relationship is utilized so that only the admin can view the complaints. |
| College management and clothes | Many to many | On both admin pages, this relationship is used for allowing admins to edit and add clothes. Multiple staff members from the college management can edit entries in the clothes, and several clothes entries may have been edited by various college management personnel. |
| LSP and Clothes | Many to many | In the context of the fourth relationship, on both admin pages, this association is utilized to grant administrators the ability to edit and add clothes. Several LSP members can edit entries in the clothes, and multiple clothes entries might have been edited by various personnel from the LSP. |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Email_id | PRIMARY KEY | To uniquely identify users. |
| Mobile_no , Password , Roll_no/Emp_id | UNIQUE, NOT NULL | This attributes cannot contain null values and must be unique. |
| Hostel_no/Flat_no | NOT NULL | This attribute cannot remain null. |
| Mobile_no | CHECK(Numeric, Length=10) | Mobile number must be of 10 digit numeric |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Email_id | PRIMARY KEY | To uniquely identify College Management. |
| Mobile_no , Password | UNIQUE, NOT NULL | This attributes cannot contain null values and must be unique |
| Mobile_no | CHECK(Numeric, Length=10) | Mobile number must be of 10 digit numeric |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Roll_no/Emp_id & Room_no | PRIMARY KEY | To uniquely identify which record of Clothes Relation belongs to which user. |
| No_of_clothes , Date | NOT NULL | These attributes cannot contain null values, there must be value in this attribute. |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Complain_id | PRIMARY KEY | To uniquely identify each complaint that user had raised and it will be auto generated. |
| Roll_no/Emp_id | FOREIGN KEY | This attribute is the Primary key of Clothes Relation. |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Hostel_name | PRIMARY KEY | To uniquely identify each hostel. |
| Schedule_1 , Schedule_2 | NOT NULL | Schedule cannot be null; it must contain week days. |
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Email_id | PRIMARY KEY | To uniquely identify members of Laundry service provider. |
| Mobile_no , Password | UNIQUE, NOT NULL | This attributes cannot contain null values and must be unique |
| Mobile_no | CHECK(Numeric, Length=10) | Mobile number must be of 10 digit numeric |
Feedback 1: Not all admins should be able to see information of students and thus delete the details of a student. For example, Laundry staff can not have this much of privilege of viewing and changing the student data but College Management should have.
Implementation: We had to create a new relationship between college_management and user, where college_management can edit user details. And also to ensure only selected admin/collage_management has access to doing so we used attribute p_level which shows permission level to which of the admin can and can not access user/student details.
- Since above feedback only affects user and collage_management entities, So other entities, their relation and constraint do not get affected.
- Since we have added the p_level attribute from the beginning (present in ER diagram), constraints do not change.
- We have to add a new relation between user and collage_management with partial participation from collage_management with many to many relationship.
| Relation | Mapping cardinality | Where relationships are utilized |
|---|---|---|
| College management and User | Partial participation with many to many relationship | On the admin page (admin page with p_level = 1) this relationship is utilized to allow admin to edit details of users. Only admins with high permission level can edit multiple student records and several records from user may have been edited by several high p_level admin. |
Feedback 2: While adding the clothes of a user, there is no need to add Room Number as it can be retrieved from the user information from users' roll-number.
Implementation: We removed the need of providing room no. of the student to add clothes of students instead now we are using user table to get details about students room no.
- Since we are getting a student's room_no. information from the user table and then adding that entry to the clothes entity/table, So constraints remain the same and also doing above does not affect any relations from ER diagram. So the relations remain the same after the above operation.
Feedback 3: Add an extra page at the student side (View) that covers other Laundry facilities provided in hostels. (eg. Smart laundry system at E Common room etc.)
Implementation: We have developed a webpage named "Other Facilities" that displays information about the laundry facilities available on the campus, including details on the locations of washing machines and dryers.
- Since the above operation can be done without creating a different entity in the database called ‘other_facilities’, we have just made the webpage without using anything from our database. So none of the relation or their constraint gets affected by the above operation and remains unchanged.
Final feedback: While adding a student's clothes, a field should correspond to checking whether the provided piece of clothing is already torn. Sometimes, when students give their clothes for laundry, they include torn clothes. This can result in complaints from the student when the clothes are returned, stating that their clothes have been damaged. Therefore, it is necessary to address this issue.
Implementation: We have added a new attribute called ‘torned_cloth’ in clothes entity and added an option to provide information about torn clothes with the help of radio buttons for response ‘yes’ and ‘no’ in ‘add clothes’ webpage.
- We had to add a new attribute ‘torned_clothes’ in the clothes entity with NOT NULL constraint.
- Apart from that no other relation or the constraints get affected by the above operation.
| Attribute | Constraint | Why it is needed |
|---|---|---|
| Roll_no/Emp_id & Room_no | PRIMARY KEY | To uniquely identify which record of Clothes Relation belongs to which user. |
| No_of_clothes , Date | NOT NULL | These attributes cannot contain null values, there must be value in this attribute. |
| Torned_clothes | NOT NULL | This attribute must have a value and can only be either "yes" or "no". |