- MyphpAdmin - w3school(https://www.w3schools.com/) - HTML
- CSS
- Javascript
- SQL
- php
This is what you will see when you enter the website:
The website include a search bar for filtering projects, head bar for login/sign up/back to home page and a table showing all projects that are uploaded to the server. YOu can simply view each project details by clicking on the title of the project in the list.
You won't be able to upload any projects if you haven't logged in or a guest only.
Here are the head bar comparions between registered user & Guest user:
Guest user can only able to view projects and project details in the web while users can upload, modify proejects they uploaded and view them.
#Register/login
For register, you can easily click on the option on in the head bar, you will be redirect to the register page.
Or you can login if you are an user in the login page
There will be a welcome message under the search box after you are logged in, which is "Welcome USERNAME"(my user is submission as this is a ac for submission)
After you become a user, you can upload/update projects by simply click on upload project/ custom project option in the head bar.
page of uploading project
Here is an exmaple, by using the ac Submissions. Here, the drop down manual displayed only the project "Arial gundam" as that is the only project uploaded by this account which is in the development pharse
Let's say we moved on and now we are in the testing pharse, so we update it. After that we will just click the "update project" button at the bottom.
Updated succesful! We will be redirect back to the project list.
As you can see in the list, the phase of the project changed to testing.
In the terms of server-side technologies, I used PHP, with MySQL database for data storage, and using Visual Studio Code as the working environment. It follows a basic MVC pattern, with PHP scripts serving as the controller, HTML and CSS files serving as the view, and the database serving as the model. In the terms of client-side technologies, I have use HTML, CSS and a little bit JavaScript. The system uses the jQuery library for AJAX requests and DOM manipulation.
Here are some security features I have implemented:
--Authentication--
Source file: login.php, register.php
User authentication is implemented in login.php using password hashing with PHP's built-in password_hash() function and password verification with password_verify(). session_start() is used in all relevant pages to enable sessions for user authentication.
--CSFR--
Source file: login.php CSFR done via login form which include a CSRF token as a hidden input field by using bin2hex() and hash_equals() functions.
--Handling injections--
Source file: register.php, login.php, connectdb.php customproject.php, searchbar.php, index.php
SQL injection prevention is implemented in both register.php and login.php using prepared statements with parameter binding to sanitize user input and prevent SQL injection attacks. HTML injection prevention is also implemented in registerform.php and loginform.php by escaping user input using PHP’s htmlspecialcahrs() function to prevent cross-site scripting (XSS) attack.
--Authorisation--
Source file: uploadproject.php, customproject.php
Only registered user who logged in can use upload project and edit project function
--Form validation--
Source file: uploadproject.php, register.php:
Basic form validation is implemented in register.php and login.php using PHP’s build-in isset() to check for form input and empty() function to check for empty input fields.
--Password hashing--
Source file: register.php
User’s password is hashed using the password_hash() function before being inserted into database.
To conclude, it is a basic web application system using traditional server-side rendering with some AJAX functionality for improved user experience.