Business People Inc.

Your Tailored Business Solution

System Design Document

Project: Cinemas

Business People Inc.

Inna Klishunova;

1 INTRODUCTION

1.1 PURPOSE

There is currently no information about the cinema and its screenings available online, bookings are
only possible over the phone or on site, and it still uses a paper recording system for seats and
payments. As a result, there are many errors in bookings, low customer satisfaction, a stagnant
customer base and decrease in company profits.

A successful solution would enable the cinema to reach a broader audience online and attract new
customers. It would allow customers to search for movie sessions and book seats independently,
whilst enabling real-time integration of the payment information into the accounting system. It will
also let management access the integrated financial and screening reports and improve staff
management and roster system.

1.2 DESCRIPTION

Our solution will make it possible for customers of ... cinema to check movie schedules and
information about movies on the web, book tickets online and participate in the cinema’s loyalty
program. It will also allow the cinema's management to post information about movies and
screenings, set movie prices, monitor bookings, and provide customer and financial sales reports. It
will integrate with current XERO accounting system, future SQL customers database, and will help to
store and process company information.

1|9
 Business People Inc.
Your Tailored Business Solution

1.3 SCOPE
Core User Story US1.

US 1. As a Cinema customer I want to view the movie schedule and book tickets online using a
seating plan to attend a movie session.

US 1. As a Cinema customer I want to be able to pay for tickets online.

US 2. As a manager I want to publish movie schedule online to provide movie information.
US 3. As a manager I want to create and publish movie information.
US 4. As a manager I want to create and publish information about special events in order inform
customers.
US 5. As a manager I want to set up pricing for movie sessions (25$ for adults (16+), 10$ for
children/seniors (16-)).
US 6. As a box office clerk, I want to create booking onsite and print tickets so that drop-in
customers can attend movie sessions.
US 7. As a System Administrator I want to give different access level permissions to the staff users
for security.
US 8. As a box office clerk, I want to cancel booking onsite.
US 9. As a customer I want to know what age restriction the movie has.
US 10. As a manager I want customers to validate their age for R-Rating movies to meet legal age
requirements.

1.4 TARGET USERS

User roles for release 1:

 Customer
 Box office clerk
 System administrator

2|9
 Business People Inc.
Your Tailored Business Solution

2 SOLUTION DESIGN

2.1 ARCHITECTURE OVERVIEW

Content management system Drupal provides flexibility and security options necessary for this
project, as well as high-performance and secure hosting.

The Technology stack for Dupal includes 1:

1. Programming language: PHP (open source, server-side scripting language) is used for
interaction with databases, sending emails, providing content to HTML pages and other
server-side functionality 2.
2. Web server: different web servers processing all user’s requests using HTTP(HTTPS) and
forming webpages back to user may be used with Drupal (Apache or Microsoft IIS).
3. Operating system. Drupal supports different operating systems. Windows is our choice.
4. Database. Drupal can be used with different DBMS. MySQL will be used for this project.
5. JavaScript API can be used for front-end development 3.

The diagram below shows the software architecture of the Booking system solution.

Fig.1 Software architecture of Cinemas Booking System 4

Cinemas Booking System is hosted on Dupal. Cinemas management directly access Dupal CMS to
upload/update the content and staff user information. Drupal CMS performs interaction of the
Booking System with Database, which stores the content and user information and the Webserver,
which generates webpages according to given modules, templates and styles and customer user’s
request. These webpages are displayed on the customer’s web-browser. The onsite booking process
is also performed via Webserver.
1
Android-Drupal Marriage. (2010, March 30). Retrieved from Skyred 16/06/2022: https://insready.com/en/blog/android-drupal-marriage

2
Drupal.org. (2022, March 22). JavaScript API overview. Retrieved from Drupal.org 16/06/2022:: https://www.drupal.org/docs/drupal-apis/javascript-api/javascript-api-overview

3
GeeksForGeeks. (2019, August 30). PHP vs HTML. Retrieved from GeeksForGeeks 16/06/2022:: https://www.geeksforgeeks.org/php-vs-html/

4
Kuoshic. (2020). What is the technology stack of Drupal? Retrieved from Quora 16/06/2022:: https://www.quora.com/What-is-the-technology-stack-of-Drupal

3|9
 Business People Inc.
Your Tailored Business Solution

2.2 MODEL DESIGN (DATA MODEL)

This is the “model” part of the Model-View-Controller (MVC) pattern.

We refined the high-level business domain model and created a detailed data model with all entities
that we will need to be stored in the database, with their attributes and relationships.

Fig.2 Data Base Model for Booking System

4|9
 Business People Inc.
Your Tailored Business Solution

2.3 FUNCTIONAL DECOMPOSITION

Fig.3 Functional Decomposition for Booking System

2.4 VIEW DESIGN (UI (USER INTERFACE) LIST)

Overall site map will need:

- Home page
- About us
- Contact us
- Now Showing
- Coming soon
- Events and festivals
- Promotions
- FAQ
- Booking [seating selection, online payment]
- Screening schedule
- User accounts: customer, staff
- Privacy policy
- Terms of service

5|9
 Business People Inc.
Your Tailored Business Solution

2.4.1 User Story 1 As a cinema customer...

I want to view movie screenings and promotional information, and book tickets online by reserving
seats within the movie showing.
The required views based on our user stories 2 and 9 are...

It will be based on our user story 2 and 10.

 Screening View
 Movie age restriction
 Booking Create/Update
 Choose the seat/Add Tickets
 View: View Booking (checkout)
 Payment page

2.4.1 User Story 2 As a box office clerk...

I want to manage bookings for on-site customers on their behalf in person.
The required views based on our user stories 9 are...

 View: Staff login

 View: Movie age restriction
 View: Customer payments
 View: Screening
 View: Booking (ticket, seating)
Create/ Update/ Delete
 View: Seating reservations
Create/ Update/ Delete

2.4.2 User Story 3 As manager...

I want to post information about events, promotions, screenings and set ticket prices.
The required views based on our user stories 3,4,5 & 6 are...

 Event Create/Update/Delete
 Screening Create/Update/Delete
 Ticket price Create/Update
 Create/update: policies

2.4.3 User Story 3 As a system administrator...

I want to give different access level permissions to the staff users for security.
The required views based on our user stories 8 are...

 Staff login Create

 Staff page Update
 Staff Details Delete

6|9
 Business People Inc.
Your Tailored Business Solution

2.5 DESIGN CONSIDERATIONS

This section includes technical aspects derived from the non-functional requirements.

2.5.1 User authentication

2.5.1.1 Authentication customers*
*Note: Out of Scope for first release
The customer authentication will be provided by the Content Management System. The
CMS (Content Management System) will be configured to allow customers to create an
account no-line, by choosing a username and creating a unique password. The system will
save customer username, password, contact detail (First name, Last Name, e-mail, phone,
and mail address). Customers will be able to update their information and delete their
account. Only managers or assigned staff members will have access to the customers'
details.
User IDs and passwords will be encrypted.
2.5.1.2 Authentication staff members
Staff members' authentication will be provided by the Content Management System. The
CMS will be configured to provide cinema staff with user logins, with the following user
groups:
 admin (read write on everything)
 box office staff (read write on bookings)
 general staff (read).
User IDs and passwords will be encrypted.

2.5.2 Security
Security requirements to be included:

2.5.2.1 Prevent the system from most common security threats and attacks
The CMS will provide website security against the main OWASP threats.
CMS proposed for this project is Drupal and has the following security features 5 6:

 User Access Control

 Database Encryption
 Information sharing via security reports
 Auto-update and core validation work in partnership with GitHub
 Prevention of malicious data entry
 Mitigation of Denial of Service (DoS) attacks
 Fixing issues before they are exploited

5
Drupal.org. (n.d.). Drupal | Security. Retrieved from Drupal.org 16/06/2022:
https://www.drupal.org/features/security
6
Drupal.org. (n.d.). Is Drupal secure. Retrieved from Drupal.org: https://www.drupal.org/documentation/is-
drupal-secure

7|9
 Business People Inc.
Your Tailored Business Solution

Recommended best practices will also improve the security of the system 7:
- Differentiation of user roles and permissions. All staff users must have different
access to files and resources (read/write/modify the content/database/modules,
etc.) according to their roles.
- SSL certificate. SLL encryption will secure sensitive data (login and password).
- Complex staff usernames and passwords and limiting the number of login attempts
(for both staff and customer users) to improve the protection against brute-force
attacks.
- Regular update of Drupal software must be done to minimize website vulnerability.
- Regular website backup will help to restore the system in case of unexpected
problems.
- Session limit and automated logout can also be provided via Drupal.

2.5.2.2 Protect customer information

Data transferred over the internet will be protected via SSL/HTTPS.

Any password will be encrypted in the database. All access to the database must be
authenticated and is limited by permissions.

2.5.2.3 Use a secure payment process

For secure payments cinema will partner with ASB bank and use their platform online
EFTPOS API by Paymark for processing cash and card payments. All payments will be
automatically integrated with XERO.

2.5.2.4 Provide non-forgeable electronic tickets

Tickets will be produced in PDF format and will include a unique QR code that can be
scanned on paper or directly from a mobile device.

2.5.3 Usability

Future Web platform design for cinema must be user friendly with an easy-to-use booking
system. It will have easy to read visual wording and graphical elements (font size, colour
contrast, universally understood iconography and typology, and line/paragraph spacing to
name a few examples), and a standardised layout for simple navigation.

7
Chinnasamy, V. (2021, March 25). 7 Quick and Easy Ways to Secure Drupal Website.
Retrieved from Security boulevard 16/06/2022: https://securityboulevard.com/2021/03/7-
quick-and-easy-ways-to-secure-drupal-website/

8|9
 Business People Inc.
Your Tailored Business Solution

2.5.4 Portability
2.5.5.1
Based on the average age of the current target audience the main device used by customers
for on-line booking will be desktops.
Detailed user interface designs for the core user story will need to show wireframes for
1. desktop
2. mobile
3. tablet
and the UI mock-ups will need to include the desktop interface for the Cinema Customer
user story.

2.5.5.2
For staff users, the priority device for use at work will be desktop.
Detailed user interface designs for staff users will include wireframes for:
1. Desktop
2. Tablet

3 DETAILED DESIGN
The detailed design of the user interfaces will be documented individually, in separate
documents.

9|9