UC0008: Log In to the System
Initiating actor: Student / Teaching Staff / Faculty Administrator
Other actors: None
A user wants to access the system to perform their role-specific tasks. The user provides their institutional email address and password. The system verifies the credentials against the database and, if valid, grants access to the appropriate role-based menu. This use case is a precondition for all other use cases in the system.
Scenario
- The user opens the application and is presented with a login prompt. The user enters their email address.
- The system looks up the user account by email and retrieves the stored password hash and role information.
SELECT u.user_id, u.first_name, u.last_name, u.password, ut.type_name FROM project.users u JOIN project.user_types ut ON u.type_id = ut.type_id WHERE u.email = 'elena.stojanova@finki.ukim.mk';
- The user enters their password. The system verifies the entered password against the stored hash using bcrypt comparison. The verification is performed in application code.
- The credentials are valid. The system displays a welcome message with the user's name and role, and presents the role-based main menu.
Alternative Scenario: Invalid Email
2a. The system does not find any user with the entered email address (the query returns no rows). The system displays an error message Invalid email or password and returns to the login prompt.
Alternative Scenario: Wrong Password
3a. The bcrypt comparison fails (the entered password does not match the stored hash). The system displays an error message Invalid email or password and returns to the login prompt. The error message is intentionally the same as for an invalid email to prevent user enumeration.
