Using library card number as Internet login

Tracy Babiasz tbabiasz at ncsl.dcr.state.nc.us
Wed Aug 27 16:17:48 EDT 1997 

I apologize for taking so long--I can only plead massive overload! 
However, several of you took the time to offer some advice on using
library card numbers (or other assigned numbers) to open a web browser,
and I'd like to pass along some of your comments.

Comment#1
I know that when I access Cleveland Public Library from off-site I can 
login as a "registered user" by enterining my library card number. 

Comment#2
Our public internet access requires that patrons login using 
their library card number and last name.  After they type in 
that information, our access policy comes up on the screen 
and patrons must either click on "I agree" or "I disagree". 
Clicking on "I agree" sends you into our web browser, which 
starts up at the library's homepage.(We feel we have covered 
our obligation in terms of posting our policy.. whether or 
not folks actually read the policy.. who can say?!)Clicking 
on "I disagree" sends you right back to the Login screen. My 
understanding of how this works: we have a visual basic 
programmer who wrote a (according to him) simple program that 
handles the login information.  We take the file from our HP 
3000 that has all patron records (and other circulation 
information) and load that onto our NT server. (we use the NT 
server to provide internet access) This file contains only 
patron names and id numbers. The login is checked against 
that database. Our catalog and other patron info are on a 
different computer (the HP 3000).  Now, since the database on 
the NT server is not updated the instant a patron receives a 
new card, we do use a dummy login which changes daily. (the 
change in passwords is accomplished thru VB programming as 
well.) He also customized Internet explorer for us; one of 
the things it does is "time-out" patrons after an hour. (that 
may be thru VB programming also) 

Comment#3
To use the Internet, people come to the desk and ask to use it.  If 
they've not used it before at our library, we have them  sign our 
AUP.  That is filed and their record on the computer is marked (if 
they're not a CPL patron we give them a patron number specifically 
for Internet use -- no fines, no borrowing privileges, etc.).  Then 
we pull out a 3 ring binder with each of the computer carrels on it 
(we have 6, they're all very private and not visible from the desk).  
We look to see which machines are open, when the next available time 
slot is, and sign this person in.  We also check out a little card to 
him/her.  The card tracks the "circulation" or popularity of the 
Internet computers, and we ask the patron to put it beside him/her at 
the computer.  Periodically we walk back there and ask people who 
don't have cards to get off and go sign in properly. We keep the sign-in
sheets for a couple of months and have actually tracked some users who
downloaded or tampered with our settings, or who sent harassing email
from our machines.  Those users get privileges revoked for 6 weeks.  The
checking in and checking out of the cards is a good way for me to make
the case to the budget committee that we may need to add computers
because use is rising.  The sign in sheets are useful 
because at a glance I can see what times of day people are most 
heavily packed in (patrons are bumped off after 30 minutes if someone 
else wants to get on and there are no empty machines. )  I'm setting 
up a volunteer help desk, where volunteers can surf the net and help 
patrons with basic Internet questions, and the sign-in sheets let me 
know when the need is greatest for some supervision/help.  

Comment#4
We use both the library card and a password to validate patrons for
library web functions. The password is just part of the patron record.
So, forgetting the password, we're doing what you want. You just need to
be able to read the patron database and return the results to the web.
Here's how we do it. We run both a web server and Perl on our library
catalog box. They run here solely for the purpose of accessing our SQL
database. Our primary web server is on another box. We use Perl to
create the CGI scripts to
access the database. Using pipes, you can run an SQL query using ISQL
and examine the results of the query from the CGI script. The following
is a sample script

$query="select name from patron where barcode=$barcode";
$command="echo '$query' | isql";
open FILE, "$command |";
while (<FILE>) {

---- check results here--------

}

If the script returns a record, I have a match.

If you don't have an SQL database you cant use this method. If you do
have an SQL database, but you cant run Perl and httpd on your database
box, you can use ODBC.

Comment#5
At our library, we do not require proof of a library card in order to
use our public terminals; however, in order to make some stab at usage
stats we have our patrons sign in at the reference desk to use one of
the terminals.  In the sign in book is a copy of our electronic access
policy.  At the top of the sign in sheet is a statement that the
patron's signature indicates that the patron has read and agreed to
follow our policy.  The ref staff then enters the patron's start time
(we do set time limits because we have a limited amount of terminals)
and which terminal they are assigned to.  It sounds labor intensive, but
in reality it is not.  Our regular patrons quickly learned the procedure
and sign in themselves. They even write down which terminal they are
going to.  As far as tracking usage however, it is a really crude
figure.  We can tell how many people have signed up in a given
month,(which increased tenfold in the last four months!), but we can't
tell much else i.e. what applications we utilized, how many URLs were
searched, etc.. I have written to Netscape to see if they have a
"counter" feature in their latest browser, but they don't at this time.
Our system consists on a main library (which has six public Internet
stations and seven staff Internet stations) and four branches which will
each have one public Internet workstation. We purchase two databases
through a library consortium and so far the vendors have left remote
patron authentication up to the indiviual library systems. 
Each of us has a different method for achieving this, one crazier than
the next. One thing I can tell you is you need a lot of tech support in
order to achieve a smooth working system.

Thanks to all of you who responded.  I'm not sure if we'll go this way
or not yet, but I now have some great info with which to get started. 
Once again, the members of this list have been a great help!

Tracy Babiasz, Technology Librarian
Durham County Library
300 N. Roxboro Street
Durham, NC 27701
919-560-0191 (voice)
919-560-0137 (fax)
tbabiasz at ncsl.dcr.state.nc.us
***My opinions are mine, all mine, and not those of my employer!***

More information about the Web4lib mailing list