GitHub - matjon/my_forum: A simple PHP university project

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 107 Commits
src		src
.gitignore		.gitignore
.gitmodules		.gitmodules
AUTHORS		AUTHORS
COPYING		COPYING
README		README
TODO		TODO
calculate_cost.php		calculate_cost.php
database_dump.sql		database_dump.sql
database_schema.sql		database_schema.sql
find_bad_code.sh		find_bad_code.sh

Repository files navigation

To clone this repository:
        git clone https://github.com/matjon/my_forum.git
        cd my_forum
        git submodule init
        git submodule update

The purpose of this project was to learn PHP. Therefore, I spent much time on 
refactoring and ensuring that this project is well designed.
The most important thing that is left to make the project well designed
is the unified handling of forms. There should be one class (with subclasses) 
that is responsible for creating them and processing the queries. Early work
on this can be found in the file form_support.php.

Properties of the code:

Security:
        - this code uses PDO (prepared statements) for all DB access, because
          they are almost completely immune to SQL Injection attacks.
        - all user-generated content that is written to HTML is escaped 
          using a custom function named escape_str_in_usual_html_pl.
          This is a thin wrapper over htmlspecialchars that sets some
          additional options. This should prevent XSS.
        - Most forms are protected against CSRF attacks. (except for login/new
          user forms, but there CSRF would be rather harmless).
        - Passwords are hashed using the BLOWFISH algorithm using a function that
          was introduced in PHP 5.5. A compatibility library is used on older
          systems.

UTF-8:
        - all texts in the program are handled in UTF-8. That includes input
          files, generated HTML and data stored in the database.
        - all strings in the database are stored in columns of type varbinary.
          This is the best way to enable storage of characters beyond the 
          Basic Multilingual Plane (for example: 😁  🐮  🐭  🐵  ) in MySQL.
        - non-latin UTF-8 letters are allowed in usernames.

Object-oriented programming:
        - This code uses classes for implementing domain objects.
        - The classes are real classes, they contain both fields and logic.
        - As specified in the PSR-0, classes are autoloaded. This is done
          by example code mentioned in http://www.php-fig.org/psr/psr-0/
        - PDO class loading mechanisms (PDOStatement::fetchObject) are 
          employed to load classes from the database.


Support for PSR interoperatibility standards:
        - PSR-0 Autoloading Standard(http://www.php-fig.org/psr/psr-0/). This
          program conforms to PSR-0, but does not use VendorName in the namespace 
          hierarchy, because it is not designed to be used as a module in an 
          external system.
        - PSR-1 Basic Coding Standard - full conformity except for method name 
          requirements. This code used under_score method names,
          PSR-1 requires camelCase. Changing this now would require too much
          work, but methods of future classes will be named correctly.
        - PSR-2 - mostly, especially for newer code. The most important
          practise not followed is correct indentation, but that should be
          corrected in the future.