Securing Socials Networks by Preventing Unauthorized Access

Prevention of unauthorized access of social accounts through web and mobile devices
CHAPTER 1
INTRODUCTION
1.1 Introduction to the technology:
The technology basically extracts the IP address of the machine from which a
breach is being made into a users social account and sends the IP address as a text
message to the user. It also refines internet searches by making alias identification
possible.
1.2 Statement of problem:

Prevention of unauthorized access of social accounts through web and mobile
devices and enabling the authorized users to find their friends by even giving the
alias/nick names in the query.
1.3 Objective of the project:

Preventing cyber crimes and theft, making social accounts safe and alias
identification.
1.4 Methodology:
We make prevention of unauthorized access possible by extracting the IP
address of the machine from which the breach is being made and then delivering this
IP address along with a warning message to the user.
1.5 Limitations of the project:
If the user himself enters a wrong password multiple number of times he/she
would get a warning message.

Location of the machine from which the breach is being made is hard to
extract only its IP address can be obtained.
CHAPTER 2
ISE DEPT, SDMCET, DHARWAD
Page 1
LITERATURE SURVEY
2.1 Methods and Theories:
In our application the user is supposed to register and then he/she can login by
giving the appropriate username and password. After this the user can edit his friend
list and other profile information. At the time of incorrect login the user will get a
message intimating about the suspicious activity going on in his account. User can
search his friends by giving their possible known popular nick names by which search
results are minimized and exact results are obtained.
2.2 Existing and Proposed Technology:

2.2.1 Existing System:
In the existing system of tracking the suspicious activity if intruder knows the
username and he/she starts guessing the password and these activities will not be
known by the legal user.
In the social networking sites if a person is searching a friend with a particular
known name and if that user is registered by some other say alias name then he/she
wont be traceable.
These are the some of the problems that are faced in present existing system.
2.2.2 Proposed System:

In our problem statement we are trying to solve the said above problem. At
first about the suspect tracking, we will be sending a text message to the authenticated
users mobile about the suspicious activity. Upon which he/she can take the protective
measures.
In the second problem said above, as the user will be registering to our social
networking site he/she must provide theres popular nick/alias names so that they can
be even found when searched by their nick names.
2.3 Ideas of Design and Implementation:

Page 2
Because of frequent reports of account breaches being made in social
networking accounts we came up with this idea to eradicate this problem to the
maximum extent possible. Our exhaustive work on this concept will surely help in
reducing the number of such security breaches.
Due to the suspicious activity and threats spread over WWW the continues
call for prevention of the security breaches. Here we have referred from many
previous inventions that have been done in order to prevent this insecurity.
CHAPTER 3
Page 3
TECHNOLOGY USED
3.2.1 Php:
PHP is a scripting language originally designed for producing dynamic web

pages. It has evolved to include a command line interface capability and can
be used in standalone graphical applications.

It is a widely-used general-purpose scripting language that is especially suited
for web development and can be embedded into HTML.

PHP generally runs on a web server, taking PHP code as its input and creating
web pages as output. It can also be used for command-line scripting and
client-side GUI applications.

From PHP 4, the PHP parser compiles input to produce byte code for
processing by the Zend Engine, giving improved performance over its
interpreter predecessor.
3.2.2 My Sql:
MySql is a multithreaded,multi-user SQL database management system

(DBMS). The basic program runs as a server providing multi-user access to a
number of databases.
The data in MySql is stored in database objects called tables. A table is a
collection of related data entries and it consists of columns and rows.
Databases are useful when storing information categorically.

With MySql, we can query a database for specific information and have a
record set returned.

Before you can access data in a database, you must create a connection to the
database. In PHP, this is done with the mysql_connect() function.
CHAPTER 4
Page 4
SOFTWARE REQUIREMENT
SPECIFICATION
4.1 Introduction:
The purpose of this document is to present detailed description of the project
titled preventing unauthorized access of social accounts through mobile devices. The
intended users can get the messages if any unauthorized access is made to their mail
or social accounts. SRS is intended for the users, developers and Project review
committee. This application is known as preventing unauthorized access for social
accounts or mail accounts. It is a web based application.
This application provides users to create account and if any suspicious
activities in their account will be intimated to them by a message using their mobile
numbers. The main point of the project is to search their friends with any nick name
known and still the user will be able to get the intended search.
4.2 The Overall Description:

4.2.1 Product perspective:
Fig 3.1 Product Perspective

Our product makes uses of normal mining and database concepts in order to
maintain the data. It makes use of pattern searching technology to give the intended
Page 5
result even when the nick names are given for searching. There are no such products
available that provides proper result even on giving nick names. If unauthorized
access is done to any other users account message are sent to the legal user. Here it
makes use of networking protocol in order to send the messages.
4.2.2 System Interface:

The application is going to be developed using wamp server and its packages.
The application will be developed in php language by making use of different
packages.
4.2.3 Interfaces:
There is a GUI and no command line interface. The GUI is required for
accepting the users username and password. When there are some exceptions raising
error like entering invalid username and password, then error messages will be
displayed prompting the users to re-enter the details.
4.2.4 Hardware Interfaces:

The application can be built on any machine which supports 32 bit or 64 bit
operating system. As the suspect users details are sent as messages, it can work on
any cell phones even on a recent technology android but we are not implementing on
android phones.
4.2.5 Software Interfaces:

The application makes use of wamp server 5.2. It is going to be built on
php(hypertext pre processor). In order to store the data, the application uses MySQL
13 database which is supported by wamp server.
4.2.6 Memory Constraints:

No such memory constraints involved. Any computers having a normal 250
mb of memory can be used to run the application. The mobiles having any operating
systems with minimum memory is sufficient to deploy the services.
4.2.7 Operations:
User: He/She is responsible for logging in.
Page 6
Administrator: He will be responsible for authentication of user. Also responsible for
extracting the proper intended search result given the query using nick names. Also
responsible for sending messages to the authorized user if any suspicious activities are
done in their account.
4.2.8 Site Adaptation Requirements:

The user must have social site account. We are not modifying any details of
the user in his account, but only extracting the required details from it.
4.2.9 Product Functions:
Register to the site.

Validate the user through his username and password.
Issue a query with known possible nick names.
The interface will interact with database and provide the appropriate result.
Send the result back to the user.
If unauthorized access made to any of the users account, detect the particular
system.
Send the message to the authorized user about the suspicious activity.
4.2.10 User Characteristics:

Intended users must have basic knowledge of getting registered to the
networking site. The user must have his account in the social site created.
4.2.11 Constraint:
User must have an account in the social networking site created.

In order to get the information of hacking his account, user must possess a
mobile device.
The user must provide his nick name during registration, so that given query
for searching a friend with nick name will be easy.

In case of unauthorized access, it is not possible to detect the person who is
doing such activity.
4.2.12 Assumptions and Dependencies:

In this application, it is assumed that a person in the social networking site
keeps his details updated such as his name and location etc.
4.2.13 Apportioning of Requirements:

Page 7
Quality Requirements:
Correctness: The system should work correctly until the intended results are
obtained. For example until the user gets the specified person it must work correctly.
Reliability: The database must be updated and must work all the time unless in case
of extreme circumstances.
Efficiency: This depends on internet speed. The higher the speed better is the
efficiency.
Integrity: The application uses the users username and password hence they need to
be secured.
Usability: The application must be usable by most of the users who are familiar with
social sites.
Flexibility: It is most important as the application must run on any browser provided.
The application has admin supervision and also users activities that can run on any
platform.
Portability: since the suspicious activities are informed through message on cell
phone, it will support any cell phones and the social networking site is also capable of
working in any platform.
Reusability: The system source code can be extended to provide many more features
that are specific to a particular situation.
Safety Requirements: Since the users getting registered to the social networking site
their username and passwords are stored with high security measures.
Reliability Requirements: Reliability is the ability of the system to deliver services
as specified. The application is 100% reliable if the users friends maintain updated
profiles.
Maintainability Requirements: The system source code should be updated as and
when there are changes made in the technology used.
4.3 Specific Requirements:

4.3.1 External Interfaces:
Page 8
The system will display login page. End user provides login name and
password to the system. Take the login details from the user to authenticate
the user
For invalid username and password appropriate error message will be

displayed.
The output of the system will be the friends list to the end user.
4.3.2 Functions:
Fig 3.2 Use Case diagram for user getting registered

The user has to get registered for our application.
Name of the use case- Register.
Description- User gets registered.
Normal Flow of Events:
Sign up for the site.

Login using username and password
Alternate Flow of Events: If user enters wrong user name or password, error
messages are displayed
Page 9
Fig 3.3 Flow Chart for login process
Page 10
Administrator:
Fig 3.4 Use Case diagram for administrator

Name of use case: Administrator
Description: It works in five stages.
Authentication: The user is authenticated.
Query with nick names: The user issues query to admin giving nick name.
Search possible details: The admin will analyze the data and search for
possible appropriate outcomes.
Send the final list: The final lists of suggested friend are sent to the user.
Unauthorized access: The suspicious activities are detected by the

administrator.
Detect the system: The suspicious activity center is detected.
Send the text message: The message is sent to the authenticated user about
his accounts suspicious activity.
Page 11
4.3.3 Performance Requirements:

Have hours of operation that are 24 x 7 this is a web based application. The
system will work as long as the installed server is up. So the availability is 24 X 7.
The application must provide the list of friends if they have same nick names
then all possible answers must be given. If unauthorized access is detected from two
or more places then all those must be detected. If same suspected intruder is
performing two suspicious things then even that are must be detected.
4.3.4 Logical Database requirements:

The login details and all the nick names are held in the database during the
time of registration by the user to the social networking site.
Fig 3.5 Logical database diagram
4.3.5 Design Constraints:

4.3.5.1 Standards Compliance:
Not applicable. There are no such constraints imposed by regulating bodies
that will develop constraints for our application.
4.3.6 Software System Attributes:

These are non-functional requirements that the system must have. These are
not directly concerned with the specific functions delivered by the system. These
relate to the emergent system properties. If the system fails to meet the non-functional
requirements then its the failure of the whole system. These can relate to three things
Page 12
Product requirements, Organizational requirements and External requirements.
Some of these related to our project are mentioned below4.3.6.1 Reliability:
Reliability is the ability of the system to deliver services as specified. The
application is 100% reliable if the users friends maintain updated profiles.
4.3.6.2 Availability:
Availability is the ability of the system to deliver services when requested.
Since the messages are sent to the cell phones about unauthorized access it must work
any time to the user.
4.3.6.3 Security:
Security is the ability of the system to protect itself against accidental or
deliberate intrusion. Since we are maintaining login details the information are kept
secured.
4.3.6.4 Maintainability:
Maintainability deals with the ability of the system which allows changes in
the system without affecting the existing components. World today has become
competitive in everything. As new requirements arrive from customer, we need to
make changes in the system and add functionalities. Since our system is built on
object-oriented technology it supports the maintainability to the great extent.
4.3.6.5 Portability:
Portability deals with the ability of the system being machine independent.
The application works on any computer that supports the installed servers. Hence it is
portable application.
Page 13
Table no: 4.1 Rating of software system attributes

ID
Characteristic
H/M/L
Correctness
Efficiency
Flexibility
Integrity/Security
Interoperability
Maintainability
Portability
Reliability
Reusability
10
Testability
11
Usability
12
Availability
4.3.7 Organizing the Specific Requirements:

4.3.7.1 System Mode:
Page 14
10
11
12
There is only one mode of operation. The user needs to get registered to our
social site.
4.3.7.2 User Class:
We have only one class. The user uses the application to fetch the friends list.
4.3.7.3 Objects:
The classes of objects in our system are User, Administrator, Application, our
social Website, Database, and Server. These Classes each have a single object and will
be represented along with their attributes and functions in a UML diagram in the
design document.
4.3.7.4 Features:
In order to obtain friends list the user need to input his username and
password that he has provided at the time of registration.
4.3.7.5 Stimulus:
If a user inputs proper username and password of his account his friends list
will be displayed else a proper error message will be displayed.
4.4 Change Management Process:

The change management process is as follows:
Customer forwards us a formal email specifying the change in the
requirement needed.
The email is received by the customer support cell and a developer

meeting is held.
The feasibility, financial effects, change in project schedule etc is taken

into account and a poll is taken by the developer team to decide
whether to make the change or not.
Depending on the decision taken by the poll, the schedule is reorganized or work is continued as per normal schedule.
CHAPTER 5
Page 15
DESIGN PHASE
5.1 Architectural Design:
5.1.1 E.R Diagram:
In software engineering, an entity-relationship model (ER model for short) is
an abstract and conceptual representation of data. Entity-relationship modeling is
a database
modeling method,
used
to
produce
type
of conceptual
schema or semantic data model of a system, often a relational database, and its
requirements in a top-down fashion. Diagrams created by this process are
called entity-relationship diagram.
Fig 5.1 E-R Diagram
5.2 System Design:

Page 16
Most components described in the System design section will require a more
detailed discussion. Other lower-level components and subcomponents may need to
be described as well. Each subsection of this section will refer to or contain a detailed
description of a system software component. The design process for identifying the
subsystems making up a system and the framework for sub-system control and
communication is architectural design. The output of this design process is a
description of the software architecture.
Admin or User
Wamp Server
Web Browser.
Internet
Database
Mysql
Fig 5.2 System design of the application
Page 17
5.2.1 Sub System Design:

Here the sub system of the main application has been designed and the
working of the application has been described.
Fig 5.3 Subsystem design for admin
Fig 5.4 Subsystem design for user
Page 18
5.3 Data Flow Diagram:

A data flow diagram (DFD) is a graphical representation of the "flow" of data
through an information system, modeling its process aspects. Often they are a
preliminary step used to create an overview of the system which can later be
elaborated. DFDs can also be used for the visualization of data processing (structured
design).
A DFD shows what kinds of data will be input to and output from the system,
where the data will come from and go to, and where the data will be stored. It does
not show information about the timing of processes, or information about whether
processes will operate in sequence or in parallel.
Fig 5.5 Data flow diagram for application
Page 19
5.4 Interface Diagram:

5.4.1 Client Server Model:
Fig 5.6 Client server model
5.5 UML Diagrams:

Unified
Modeling
Language (UML)
is
standardized
general-
purpose modeling language in the field of object-oriented software engineering. The

Unified Modeling Language (UML) is used to specify, visualize, modify, construct
and document the artifacts of an object-oriented software-intensive system under
development. UML combines techniques from data modeling (entity relationship
diagrams), business modeling (work flows), object modeling, and component
modeling. It can be used with all processes, throughout the software development life
cycle, and across different implementation technologies.
Page 20
5.5.1 Class model:

In software
engineering,
a class
diagram in
the Unified
Modeling
Language (UML) is a type of static structure diagram that describes the structure of a
system by showing the system's classes, their attributes, operations (or methods), and
the relationships among the classes. The class diagram is the main building block
of object oriented modeling. It is used both for general conceptual modeling of the
systematic of the application, and for detailed modeling translating the models
into programming code. Class diagrams can also be used for data modeling.
Application
+firstname
+lastname
+contact_number
DBconnect
+connection
+database
1
+open()
+close()
* +edit_profile()
+edit_group()
+edit_friends()
Connects database to application
Fig 5.7 Class diagram for overview of application
Maintains
+general_information()
profile
photos
+firstname
*
+lastname
+contact_number
+photo_id
+photo_description
+add_pic()
+edit_Album()
+edit_friendlist()
+edit_groups()
Fig 5.8 Class diagram for profile
Page 21
5.5.2 Advanced Class Diagram:

application
+profiles
+groups
DBconnect
+connection
+database
+dbconnect()
+open()
+close()
Alert message
+send_message()
+send_email()
Registered user
+firstname
+lastname
+address
+email_id
Admin
+username
+password
+add_friend()
+remove_Friend()
+edit_profile()
+edit_group()
+view_feedback()
+block_user()
+unblock_user()
Profile
+first name
+employment information
+general info
friend_ list
+find_friend()
+remove_friend()
photos
+photo_id
+album_name
+add_photo()
+add_album()
+remove_photo()
Fig 5.9 Advanced class modeling
Page 22
5.5.3 Use Case Models:

In software and systems engineering, a use case is a list of steps, typically
defining interactions between a role (known in UML as an actor) and a system, to
achieve a goal. The actor can be a human or an external system. In systems
engineering, use cases are used at a higher level than within software engineering,
often representing missions or stakeholder goals.
System
login
view/ edit profile
edit photos
edit groups
user
edit friend list
send/ recieve messages
Fig 5.10 Use case diagram for administration
Page 23
5.5.3.1 Advanced use case model:
<<include>>
login
<<include>>
edit photo
database confimation
view/edit profile
send message/email
user
edit groups
Admin
<<extend>>
edit friend
block/unblock user
recieve message/email
Fig 5.11 Advanced use case for entire application
Page 24
5.5.4 Sequence model:
user
register
login_verify
homepage
database
profile
message
address_book
groups
pics
friends
1 : site()
2 : store info()
3 : register()
4
5 : login()
6 : verify()
7 : goto homepage()
8 : edit()
9
10 : send/recieve msgs()
11
12 : edit and view contacts()
13
14 : create and edit groups()
15
16 : upload and view pics()
17
18 : add and search friends with nick name()
19
20
21
22
23
24
Fig 5.12 Sequence diagram for entire application
Page 25
user
register
login_verify
homepage
database
profile
message
address_book
groups
pics
friends
1 : site()
2 : store info()
3 : register()
4
5 : login()
6 : verify()
7 : goto homepage()
8 : edit()
9
10 : send/recieve msgs()
11
12 : edit and view contacts()
13
14 : create and edit groups()
15
16 : upload and view pics()
17
18 : add and search friends with nick name()
19
20
21
22
23
24
Fig 5.13 Sequence model for updating profile information
Page 26
5.5.5 State Model:

A state diagram is a type of diagram used in computer science and related
fields to describe the behavior of systems. State diagrams require that the system
described is composed of a finite number of states sometimes; this is indeed the case,
while at other times this is a reasonable abstraction. Many forms of state diagrams
exist, which differ slightly and have different semantics.
LOGIN
false
Verify
true
User Home Page
PROFILE
EDIT
PROFILE
PICS
ADDRESS
BOOK
FRIENDS
ADD and
VIEW PICS
ADD and View

Contacts
INVITE and
ACCEPT
MESSAGES
SEND
MSG
RECEIVE
MSG
LOGOUT
Fig 5.14 State diagram for
application
5.5.6 Concurrency Model:

Page 27
COMMUNITY
SEARCH and
JOIN
Create Topic
and post Reply
Concurrency is widely used in many new applications because of the
usefulness of parallel processing. Examples of concurrency can be found in
preemptive multitasking systems, multiple processor computers, and special networks
of computers that work together to run a single program.
Fig 5.15 Concurrency model
5.5.7 Activity Model:

Page 28
Activity diagrams are graphical representations of workflows of stepwise
activities and actions with support for choice, iteration and concurrency. In
the Unified Modeling Language, activity diagrams can be used to describe the
business and operational step-by-step workflows of components in a system. An
activity diagram shows the overall flow of control.
Login
Edit Profile
Pics
Messages
Profile
Send
Message
Receive
Message
Add Pics
View Pics
Add
Contact
Logout
Fig 5.16 Activity diagram for application
5.5.8 Swimlane Diagram:

Friends and
Community
Address
book
Page 29
View
Contact
Search and
add Friend
A swim lane (or swimlane) is a visual element used in process flow diagrams,
or flowcharts that visually distinguishes responsibilities for sub-processes of
a business process. Swim lanes may be arranged either horizontally or vertically. In
the accompanying example, the swimlanes are named Customer, Sales, Contracts,
Legal, and Fulfillment, and are arranged vertically.
Authentication
HOME PAGE
Activities
END SESSION
EDIT
PROFILE
PROFILE
SEND
MESSAGE
MESSAGES
RECIEVE
MESSAGE
ADD PICS
LOGIN
HOME PAGE
PICS
Logout
VIEW
PICS
CREATE
COMMUNITY
COMMIUNITY
JOIN
COMMUNITY
FRIENDS
SEARCH AND
ADD FRIENDS
Fig 5.17 Swimlane diagram for application
Chapter 6
Page 30
IMPLEMENTATION PHASE
6.1 Implementation Details:
The coding has been done in PHP language making use of WAMP server and
MySQL is used for back end i.e database design.
The modules used are:
Login/sign up
IP tracking
Sending sms
Changing of password
Editing Friends
Editing photos
The detailed description of above said modules are explained below.
6.2 Algorithm:
6.2.1 Algorithm for login and signup:
This module gives the description for users who need to sign up for our social
networking site. After registering he/she will login by the given nick name or
username. After logging in they can edit their profiles.
Algorithm:
Step 1: User will go to register form and fills in the personal, contact and educational
information.
Step 2: After getting registered by making use of the username and password he/she
will login
Step 3: Then the user can continue with the remaining work.
Code:
LOGIN:
<?php
Page 31
$nickname=$_POST["nickname"];
$pwd=$_POST["pwd"];
$sql="select * from login where uname='$nickname' and pwd='$pwd'";
$res=mysql_query($sql);
.
$sql="select * from profile where uname='$nickname'";
$row=mysql_fetch_array($res);
$_SESSION["uname"]=$nickname;
$_SESSION["profile_id"]=$row["profile_id"];
header('location: home.php');
}
else
{
$sql="select count(*) as cnt from logcheck where uname='".$nickname."' ";
$row =mysql_fetch_array($res);
}
?>
Output:
This code enables user to login.
Sign up:
<?php require('dbConnect.php'); ?>
<?php
include ("upload_class.php"); //classes is the map where the class file is stored (one above the
root)
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$gender=$_POST["gender"];
Page 32
$dob=$_POST["dob"];
$age=$_POST["age"];
$p_address=$_POST["p_address"];
$c_address=$_POST["c_address"];
$phone_no=$_POST["phone_no"];
$rstatus=$_POST["rstatus"];
$mobile_no=$_POST["mobile_no"];
..
$max_size = 8192*8192; // the max. size for uploading
?>
Output:
This code enables user to register themselves to application and also enables
uploading of the photo i.e profile picture
6.2.1 Algorithm for IP tracking:

Whenever the intruder tries to hacks the users account by guessing the
passwords the applications tracks the IP address from which the intruder is trying to
hack the account.
Algorithm:
Step 1: If the count of guessing passwords i.e count >=3 IP is tracked
Step 2: IP is tracked using $cip=$_SERVER['REMOTE_ADDR'];
Code:
if($count>=3)
{
$sql= "select * from profile p,general_profile gp where p.profile_id=gp.profile_id and p.uname=
'".$nickname."'";
$mobile_number=$row["mobile"];
$cip=$_SERVER['REMOTE_ADDR'];
Page 33
$data="Someone%20is%20using%20ur%20id.%20From%20the%20IP%20address:%20".
$cip."%20and%20with%20following%20pwds:";
$sql = "insert into logcheck values( '".$nickname."','".$pwd."')";
mysql_query($sql);
$sql="select * from logcheck where uname='".$nickname."'";
while($row=mysql_fetch_array($res))
{
$data.=$row["pwd"].",";
}
Output:
The particular Ip will be tracked
6.2.3 Algorithm for Sending SMS:

After tracking the IP address a message will be sent to users mobile
intimating them about the suspicious activity going on in their account.
Algorithm:
Step 1: IP is tracked using $cip=$_SERVER['REMOTE_ADDR'];
Step 2: An SMS is send to users mobile
Code:
<?php
$sms_user_name = 'smstechno';
$sms_pass_word = 'smsc';
$sms_url = 'http://sms.smstechno.in/WebServiceSMS.aspx';
$sms_sender_id = 'Demo';
function send_sms($mobile_number, $data)
{
global $sms_user_name, $sms_pass_word, $sms_url, $sms_sender_id;
$content = file_get_contents($sms_url ."?User=". $sms_user_name ."&passwd=".
$sms_pass_word ."&sid=". $sms_sender_id ."&mobilenumber=".
$mobile_number ."&message=". $data);
Page 34
}
?>
<?php include('sms.php'); ?>
<?php
$sql = "insert into logcheck values( '".$nickname."','".$pwd."')";
mysql_query($sql);
send_sms($mobile_number, $data);
?>
Output:
An message in formatSomeone is using your id from IP address 127.0.01 and with following passwords
77,@wer4,45545. Your password has changed to 9430.
6.2.4 Algorithm to change the password at time of sending SMS:

When the message is being sent for reporting the suspicious activity along
with that the changed new password will be sent.
Algorithm:
Step 1: SMS is sent using send_sms($mobile_number, $data);
Step 2: During this password is also changed using $newpwd=rand(1000,9999);
Code:
<?php
$newpwd=rand(1000,9999);
$sql="update login set pwd='$newpwd' where uname='".$nickname."'";
mysql_query($sql);
$data.="%20Your%20Password%20has%20been%20changed%20to:%20$newpwd";
send_sms($mobile_number, $data);
?>
Output:
Page 35
Someone is using your id from IP address 127.0.01 and with following passwords
77,@wer4,45545. Your password has changed to 9430.
6.2.5 Algorithm for editing friend list:

Here user can edit his friend list by adding or removing friends.
Code for searching friends:
<?php session_start(); ?>
<?php
$nickname=$_POST["nickname"];
$sql="select * from profile p,general_profile gp,educational_profile ep where
p.profile_id=gp.profile_id and p.profile_id=ep.profile_id and p.profile_id<>'".
$_SESSION["profile_id"]."' and( uname='".$nickname."' or fname='".$nickname."' or
lname='".$nickname."')";
?>
<?php include('header.php'); ?>
<?php include('top_menu.php'); ?>
</div>
<div id="site_content">
<div id="panel"><img src="style/panel.jpg" alt="tree tops" /></div>
<?php include('lsidelinks.php'); ?>
<div id="Layer2">
<table width="642" border="0" align="center">
<?php
while($row=mysql_fetch_array($res))
{?>
<tr>
<td width="261"><p>Name: <?php echo $row["fname"]." ".$row["lname"];; ?></p>
<p>Nick Name: <?php echo $row["uname"]; ?></p>
<p>Gender: <?php echo $row["gender"]; ?></p>
Page 36
<p>Age: <?php echo $row["age"]; ?></p></td>
<?php
$sql2="select * from friend_request where requester_id='".$_SESSION["profile_id"]."' and
profile_id='".$row["profile_id"]."'";
$res2=mysql_query($sql2);
if($row2=mysql_fetch_array($res2))
{
?>
<td width="166"><p>Friend Request Pending</p>
<?php
}
else
{
?>
<td width="166"><p><a href="add_request.php?request_to=<?php echo
$row["profile_id"]; ?>">Make Friend </a></p>
.
Output:
Particular person is searched and result is obtained.
Code for adding friend:
<?php session_start(); ?>
<?php
$request_to=$_REQUEST["request_to"];
?>
<?php
$rid=$_REQUEST["request_id"];
$res=mysql_query("select * from friend_request where friend_request_id='$rid'");
$friend_id=$row["requester_id"];
$group=$row["friend_type"];
Page 37
$profile_id=$_SESSION["profile_id"];
mysql_query("update friend_request set status='Approved' where friend_request_id='$rid'");
$sql="insert into my_friend values(null,'$profile_id','$friend_id','$group')";
mysql_query($sql);
$sql="insert into my_friend values(null,'$friend_id','$profile_id','$group')";
mysql_query($sql);
?>
<script>
alert("Friend Added");
history.back();
</script>
6.2.6 Algorithm/code for editing photos:

$max_size = 8192*8192; // the max. size for uploading
class muli_files extends file_upload {
var $number_of_files = 0;
var $names_array;
var $tmp_names_array;
var $error_array;
var $wrong_extensions = 0;
var $bad_filenames = 0;
function extra_text($msg_num) {
switch ($this->language) {
case "de":
// add you translations here
break;
default:
$extra_msg[1] = "Error for: <b>".$this->the_file."</b>";
$extra_msg[2] = "You have tried to upload ".$this->wrong_extensions." files with a bad
extension, the following extensions are allowed: <b>".$this->ext_string."</b>";
Page 38
$extra_msg[3] = "Select at least on file.";
$extra_msg[4] = "Select the file(s) for upload.";
$extra_msg[5] = "You have tried to upload <b>".$this->bad_filenames." files</b> with invalid
characters inside the filename.";
}
return $extra_msg[$msg_num];
}
// this method checkes the number of files for upload
// this example works with one or more files
function count_files() {
foreach ($this->names_array as $test) {
if ($test != "") {
$this->number_of_files++;
}
}
if ($this->number_of_files > 0) {
return true;
} else {
return false;
}
}
Output:
The picture will be uploaded to his profile.
6.3 Detailed Analysis of Main Phases in Algorithm:

Page 39
6.3.1 Analysis of sending SMS and Email:

The main phase is to send the message while any suspicious activity is going
on in any users profile. The message facility is provided by using a sms server which
receives the data i.e the particular IP address that has been tracked and the guessing
passwords along with these the new password that has been reset by the administrator
to the SMS server and that delivers the message contents to the intended users
mobile. The mobile number will be provided by the user during the time of
registration.
Apart from sending SMS an email will also be sent at the same time. For this
PHP Email function is used which helps to send emails and notifications about the
suspicious activity in the users account.
6.3.2 Analysis of editing Profile Information:

User after getting registered can login by giving his username and password.
After logging in the user can edit his/her profile information. User is also provided
with adding of friends facility. Here he can search friends by giving their most
popular nick names. This reduces the search result and he will get intended result
easily. User can upload the picture albums with the security. User is also provided
with removing friend option. He/she can block the unwanted people who are creating
unnecessary mess in their profile. The detail algorithm and code has benn mentioned
in above part.
Chapter 7
TESTING PHASE
Page 40
7.1 Test Plans:

This document explains testing methodology for Preventing unauthorized
access of social accounts using web and mobile devices.
It lists out all the testing items and the testing procedures to be conducted on
those items.
The document describes the testing approaches followed and all the test case
specifications for the application.
It is to be used as a guide for the testing activity. The intended audience for
this document is the developer and the tester.
7.2 Types of tests carried out:

7.2.1Unit Testing:
Unit testing focuses verification efforts on the smallest unit of software design,
the module .This is also known as module testing. The modules are tested separatel
y. This testing is carried out during programming stage itself. In these testing steps, ea
ch module is found to working satisfactorily as regard to the expected output from the
module.
1. Module Name: REGISTRATION

Use Case ID: UC1
1. 1 Module Overview:
In this module the user get registers to the system by providing his personnel,
professional and other details, and these details are stored in the database and assign
him a voter Id, password through which he can login into the system.
1.2 Inputs to Module:

1. Username
Page 41
2.
3.
4.
5.
6.
7.
8.
Password
First name, Last name and Middle name
Age
Date of Birth
Address
Contact details
Educational and Professional details
1.3 Outputs from Module:

A new voter for a particular constituency is created.
Table 7.1 Test cases and result for register user

Use Case
Test case name
UC1-2
UC1-3
Pre condition
Register user
Expected result
Register user
Register user
All fields are
Server should
All fields are
Error message
Filled
be running and
kept blank.
Fields cannot be
website is
empty is
opened.
displayed
All fields are
Server should
Only few fields Error message
Filled
be running and
are filled
Register user
empty is
opened.
displayed
Username is
Server should
Error message
username is
opened.
Server should
Enter username
which has
special
characters,
symbols.
Enter a
valid
be running and
unique
be running and
duplicate
username
website is
username.
already exists is
opened.
UC1-5
Register user
Fields cannot be
website is
website is
UC1-4
Input
tested
No.
UC1-1
Condition to be
Invalid entry for

username is
displayed
Error message
displayed
Length of
Server should
Enter password
Error message
password is
be running and
which has less
Password must
greater than or
website is
than 6
be at least 6
equal to 6.
opened.
characters.
characters in
Page 42
length
UC1-6
Register user
Age is greater
Server should
Enter age less
Error message
than or equal to
be running and
than 18
Invalid age
18
website is
Server should
Enter name
Error message
be running and
with digits or
Invalid name is
website is
some special
displayed
opened.
characters
Contact number
Server should
Enter name
Error message
is correct
be running and
with digits or
Invalid contact
website is
some special
number is
opened.
characters
displayed
Email ID is
Server should
Enter invalid
Error message
correct
be running and
email-id
Invalid email
opened.
UC1-7
UC1-8
UC1-9
Register user
Register user
Register user
Name is correct
website opened.
UC1-10
Register user
ID is displayed
Contact number
Server should
Enter name
Error message
is correct
be running and
with digits or
Invalid contact
website is
some special
number is
opened.
characters
displayed
2. Module Name: User Module

Use Case ID: UC2
2. 1 Module Overview:
In this module the user performs the following functions
1. Create / delete community
2. Join Community
3. Send Scraps/Messages
Page 43
4.
5.
6.
7.
Create/Delete Address Book

Send Invitation to Friend
Send/Accept/Reject Friend Request
Post Photos/Music

1. Create / delete group
Group Name for creation/deletion
Required details for updating
2. Join Group
Group Name for Joining
3. Add Friends
Friends name for creating/deleting
4. Send Scraps/Messages
Username for Sending scraps/messages
5. Send Invitation to Friend
Email ID required for inviting
6. Send/Accept/Reject Friend Request
Search/Selection of users
Insertion / Deletion / Updation of details in the database depending on the
admins selection.
Table 7.2 Test cases for user module

Use Case
Test case name
Pre condition
Input
Expected result
tested
No.
UC2-1
Condition to be
Create / delete
Specify
Server should be
Community
If it is creation
community
Community
running and
name
then a group is
name/Deleting
website is
created or if it is
community name opened.
deletion then the
must be present
group is deleted
Page 44
UC2-2
Add friends
Specify the
Server should be
Persons
Request is sent to
person whom
running and
name
that person
you want to add.
website is
opened.
UC2-3
UC2-4
UC2-5
Specify the
Server should be
Persons
Person is deleted
person whom
running and
name
from the list
you want to
website is
delete.
opened.
Send
Specify person
Server should be
Persons
Message is sent
Scraps/Messages
name to who
running and
name
successfully.
scrap has to be
website is
sent.
opened.
Add the photos
Server should be
Specify
Photos uploaded
that has to be
running and
Photo
successfully.
uploaded
website is
number
Delete friends
Upload photos
opened.
UC2-6
Edit profile
Basic
information to be
edited
Server should be
running and
website is
opened.
Specify
details
3. Module Name: Login

Use Case ID: UC3
3.1 Module Overview:
Here the user provides username and password.
1. User Name.
2. Password of the user.
If authentication (username, password) is successful, then he is presented with
admin page if he is admin and he is presented with user page if he is user.
Table 7.3 Test cases for login details

Page 45
Profile updated
Use Case
Test case name Condition to be
input
tested
No.
UC3-1
Pre condition
result
Login details
User should fill
Server should be
The fields are
Error message
validation
all the fields
running and
left empty
Fields cannot
website is opened.
UC3-2
Expected
Login details
Username exists
validation
be empty is
Server should be
Enter
running and
username
website is opened. which does
displayed
Error message
Username
does not exist
is displayed
not exist
UC3-3
UC3-4
UC3-5
Login details
If the user has
Server should be
Enter invalid
Error message
validation
entered valid
running and
user name
Invalid
username
website is opened. and then click

sign in.
displayed
Error message
Password
field empty is
displayed
Login details
If user has
Server should be
Enter only
validation
entered his
running and
username and
username.
website is opened. no password
Login details
User has entered
Server should be
User enters
Error message
validation
username and
running and
username and
User name
corresponding
website is opened. password
password
UC3-6
username is
and password
which does
does not
not match
match is
Login details
User has entered
Server should be
User name
displayed
Opens the
validation
username and
running and
and password
authentication
corresponding
website is opened. are valid and
password
matching.
4. Module name: Message validation

Use Case ID: UC4
4.1 Module Overview:
Page 46
page.
Here whether the same user will receive the text message simultaneously from
different IP address or not will be checked.
Login with wrong password
4.3 Output from module:

After increasing the count a text message will be sent to users mobile.
Table 7.4 Test Cases for Message validation
Use Case Test case name
Condition to be
No.
tested
UC4-1
UC4-2
Pre condition
Expected
result
Message
User must
Server should be
Incorrect
Error messag
validation
receive an
running and
password is
incorrect
message
website is
given more than
password an
opened.
3 times
message is
Message
User must
Server should be
Incorrect
sent.
Error messag
validation
receive an
running and
password is
incorrect
message from
website is
given at same
password an
different IP
opened.
time from
message is se
different terminal
address
UC4-3
Input
Message
Different user
Server should be
Incorrect
Error messag
validation
must receive
running and
password is
incorrect
message from
website is
given more than
password an
same IP address
opened.
3 times for
message is se
different users
account
Next we carried out an integrated white box test which involved the working
of the application as a whole. In this the user registered by giving his all basic
information. After that user logged in by giving specific nickname /username and
password. Next the edit friend list module was integrated in which add friend and
Page 47
delete friend modules worked appropriately and perfect result were obtained. After
this the next module edit photos were included which also gave perfect results. Then
the most important aspect i.e the tracking of IP address was done and successfully
messages were being sent to the intended users. Users were able to get messages from
different IP address and also different users getting messages from same location i.e
IP address regarding their accounts suspicious activity.
CHAPTER 8
RESULTS AND DISCUSSIONS

8.1 Screen snapshots:
Page 48
Fig 8.1 Front page of application
Input:- User runs the application.

Output:- The application takes users login information to get started.
Fig 8.2 Register/sign up form

Input: User will give his all basic information and particular unique nick name and
password.
Output: An account will be created by taking their basic information
Page 49
Fig 8.3 Home page after logged in
Fig 8.4 Viewing friend list
Page 50
Fig 8.5 Text message reception during a breach
CHAPTER 9
APPLICATIONS
Since our main concentration is to identify suspect tracking, the applied
technology can be used in various fields to track the suspicious activity.
It is used in defense mechanism, for tracking of suspicious activities and false

aliases in networking and authorized sites.
The same idea can even be extended in any type of suspect tracking which
involves huge network of people.
Page 51
It can be used in social networking sites to identify the suspect user profiles.
It ensures data security between the users.

By using the nickname searching method user will be able to get his friend
easily without lots of searching overhead.

If users profiles are hacked then the economic cost involved in recovering the
data is costly. By using this application where in tracking is implemented and
prevention measures are also undertaken.
CHAPTER 10
CONCLUSION
Independent developers are now capable of delivering applications that would
be impossible without large team of resources. For example, developers have
combined Google maps with numerous other sources of information to develop new
and useful applications. By making data available the idea of how to apply it is what
becomes important. The developer is no longer concerned with basic plumbing and is
freed up to think in broader terms in terms of overall application features.
Page 52
In this, we have proposed a light-weight web system to identify aliases of a
person on the Web. By using the presented technology, we will be able to detect
persons with alias names. Here we are presenting the methodology to prevent the
suspicious activities. By this application the user will get to know the information
about the IP address from which the suspicious activity is going on. Since the users
will receive the message containing the new password, they can later log in with this
new password and change their password accordingly.
This project gives the idea as how to use the advanced PHP functions and
integrate different parts of the application. Many social networking sites do give the
security aspects but here our application ensures that the users data are more secure
and safe.
CHAPTER 11
FUTURE SCOPE
The work described above and included in this special theme section
contributes to an on-going dialogue about the importance of social network sites, both
for practitioners and researchers. Vast, uncharted waters still remain to be explored.
Methodologically, SNS(Social Networking Websites) researchers' ability to make
causal claims is limited by a lack of experimental or longitudinal studies.
Page 53
The technologies used can be further extended to provide great levels of
security in other fields. From our iPhone, well be able to get movie recommendations
from those in our network. Well also be able to read reviews that our friends found
helpful and find show times for the theatres in our vicinity, and then well be able to
check the location of our friends to determine how quickly they can meet us. Hackers
accessing using iphones can also be tracked and suspicious activity can be stopped.
REFERENCE
BOOKS:
Beginning Php 5 Mysql 5 by Jason Gilmore.
Since we are using php as front end and Mysql as backend this books helps in
learning many concepts.
Some parts of data communications and networking by Behrouz Foruzan.
Page 54
Since we are dealing with the tracking of IP address, this helped us to know
the concepts of IP.
WEBSITES:
www.cse.msu.edu.com
www.processimpact.com
http://www.techwr-l.com
www.w3schools.com
www.wikipedia,org
http://www.plus2net.com/php_tutorial/php_ip.php
http://www.wallpaperama.com/forums/how-to-display-ip-address-php-scriptcode-function-from-visitor-user-t399.html
http://www.daniweb.com/web-development/php/threads/139854/php-scriptfor-upload-photos
http://www.reconn.us/content/view/30/51/
http://www.webdeveloper.com/forum/showthread.php?t=170285
http://download.cnet.com/SMS-Messaging-Server/3000-10440_410415638.html
IEEE PAPERS:
J. Artiles, J. Gonzalo, and F. Verdejo, "A testbed for people searching
stategies in the www," in Proceedings of SIGIR'05, 2005, pp. 569-570.

D. Bollegala, T. Honma, Y. Matsuo, and M. Ishizuka, "Identification of
personal name aliases on the web," in Proceedings of 17th International

Conference on World Wide Web WWW'08, Apr. 2008.
Page 55
C. Whitelaw, A. Kehlenbeck, N. Petrovic, and L. Ungar, "Web-scale
named entity recognition," in Proceedings of 17th ACM Conference on

Information and Knowledge Management (CIKM 2008), 2008.
G. D. M. Rennie and T. Jaakkola, "Using term informativeness for named
entity detection," in Proceedings of ACM SIGIR 2005, 2005.

A. Bagga and B. Baldwin, "Entity-based cross document coreferencing
using vector space model," in COLlNG'98, 1998, pp. 79-85.

T. Hokama and H. Kitagawa, "Extracting mnemonic names of people
Proceedings of 9th Intlernational Conference on Asian
Digital Libraries (ICADL'06), 2006, pp. 121-130
Page 56

Securing Socials Networks by Preventing Unauthorized Access

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Securing Socials Networks by Preventing Unauthorized Access

Diunggah oleh

Hak Cipta:

Format Tersedia

Prevention of unauthorized access of social accounts through web and mobile devices

1.2 Statement of problem:

1.3 Objective of the project:

1.5 Limitations of the project:

would get a warning message.

2.2 Existing and Proposed Technology:

2.2.2 Proposed System:

2.3 Ideas of Design and Implementation:

PHP is a scripting language originally designed for producing dynamic web

be used in standalone graphical applications.

for web development and can be embedded into HTML.

client-side GUI applications.

MySql is a multithreaded,multi-user SQL database management system

Databases are useful when storing information categorically.

record set returned.

ISE DEPT, SDMCET, DHARWAD

4.2 The Overall Description:

Fig 3.1 Product Perspective

ISE DEPT, SDMCET, DHARWAD

4.2.2 System Interface:

4.2.4 Hardware Interfaces:

4.2.5 Software Interfaces:

4.2.6 Memory Constraints:

4.2.8 Site Adaptation Requirements:

4.2.9 Product Functions:

Register to the site.

4.2.10 User Characteristics:

User must have an account in the social networking site created.

for searching a friend with nick name will be easy.

doing such activity.

4.2.12 Assumptions and Dependencies:

4.2.13 Apportioning of Requirements:

4.3 Specific Requirements:

ISE DEPT, SDMCET, DHARWAD

For invalid username and password appropriate error message will be

Fig 3.2 Use Case diagram for user getting registered

Sign up for the site.

ISE DEPT, SDMCET, DHARWAD

Fig 3.3 Flow Chart for login process

ISE DEPT, SDMCET, DHARWAD

Fig 3.4 Use Case diagram for administrator

Authentication: The user is authenticated.

Unauthorized access: The suspicious activities are detected by the

Detect the system: The suspicious activity center is detected.

ISE DEPT, SDMCET, DHARWAD

4.3.3 Performance Requirements:

4.3.4 Logical Database requirements:

Fig 3.5 Logical database diagram

4.3.5 Design Constraints:

4.3.6 Software System Attributes:

ISE DEPT, SDMCET, DHARWAD

ISE DEPT, SDMCET, DHARWAD

Table no: 4.1 Rating of software system attributes

4.3.7 Organizing the Specific Requirements:

ISE DEPT, SDMCET, DHARWAD

4.4 Change Management Process:

The email is received by the customer support cell and a developer

The feasibility, financial effects, change in project schedule etc is taken

ISE DEPT, SDMCET, DHARWAD

Fig 5.1 E-R Diagram

5.2 System Design:

Fig 5.2 System design of the application

ISE DEPT, SDMCET, DHARWAD