This project represents an attempt at building the Backend/Frontend infrastructure for managing the Piedmontese Computer History Museum (MUPIN).
The focus of the project was the Backend, hence the very dry approach to UI/UX.
The project's core is SimpleMVC, a PHP framework that uses PHP-DI as its DI container and Plates as its template engine. It also adopts PSR-7 interfaces for HTTP request/response.
The web application is backed by a MariaDB SQL Database for storing the Museum's catalogue.
NOTE: A database SQL dump is available inside the db_scripts folder.
It is a simple search engine powered by FULLTEXT indices inside the DB.
The results are ordered by relevance thanks to a scoring system.
The user can either search in the whole catalogue or select one of the available categories from the dropdown menu.
Though still very simple in the implementation, this feature enables users to perform a more refined lookup by selecting not only the category but also the field/s to scan.
In order to access advanced features, admins have to authenticate with email and password.
Their log in data is safely stored in a SQL DB: passwords are saved as salted BCRYPT hashes.
In case of successful authentication, the email will be stored in the SESSION array/file so that the admin is not required to log-in again.
In order to guarantee a certain level of protection from CSRF and Session Hijacking:
- SessID Cookie is always generated by the Backend (use_strict_mode)
- SessID Cookie is HTTP only, Same-site: Lax and with Session Lifetime
- A Timestamp is saved in the SESSION file at login so that the Server can decide when the session is to be considered expired
Finally, before performing any admin operation, the Server verifies that the user is correctly authenticated in the current Session.
Admins are allowed to un/register other admins.
Admins can add items to the catalogue.
Admins can click on the edit button to edit any field of the selected item, excluding the item-id which is read-only.
Admins can delete/add pictures from/to a specific item as they see fit.
Not all file formats are supported, though, and a limit of 10 pics per item is enforced.
Contains all the utility classes which are basically static classes used for server-side validation, session management, log management, etc.
Contains classes that behave exactly as the classes they imitate but have a different name.
This is necessary to ensure the DI container is able to select the correct dependency in corner cases.
Contains the Object representations of the DB entities.
Many of the object's property feature a Documentation comment.
This Annotations are used through Reflective programming to:
- provide validation information to the Server and to the Client
- build a basic ORM system by annotating PKs/FKs
NOTE: Virtual models are Object representations of non-existing entities.
Contains the classes that manage the Data Access Layer for CRUD operations.
Contains the classes that manage the Transactions and provide a layer of abstraction between the Repositories and the Controllers.
Contains the classes that control the HTTP request/response exchange with the client. Also, they validate the requests and prevent unauthorized access to the data.
Finally, this folder contains the classes dedicated to the Unit-Testing of the source code.
The Unit-Testing is powered by phpunit.