🎪 Festival showcase & ticket purchasing platform. 🐘 Built with PHP, JavaScript & PostgreSQL ✨ Group school assigned made
by:
@ZalmoraDev,
@LoisPeggeman,
@adam-inf &
@Bas-Meskerk
- Docker CLI & Docker Compose installed on your system
- Node.js & npm (for building assets)
- Composer (for PHP dependencies)
- Clone the repository.
- Navigate to the project directory.
- Build assets with npm:
npm install npm run build
- Install PHP dependencies with composer:
composer install
- Start the project:
docker-compose up -d
- Website: http://localhost/
- pgAdmin: http://localhost:8080, use credentials found in
compose.yml -> pgadmin:- Site login:
- Email Address: admin@local.dev
- Password: admin123
- Server connection (Project->HaarlemFestival:
- Password: database123
- Site login:
Accessing Database Tables
To view table data in pgAdmin:
- Navigate down through the tree: Project → HaarlemFestival → Databases → HaarlemFestival → **Schemas ** → public → Tables
- Click to the table you want to view (e.g.,
users) - Click the "All Rows" button in the top toolbar to display all table data (middle section)
- Stop containers:
docker-compose stop
- Remove containers and named volume (festival_postgres_data):
docker-compose down -v
- Docker
- Nginx 1.26
- PHP 8.5
- php:8.4-fpm
- composer (latest)
- vlucas/phpdotenv 5.6
- nikic/fast-route 1.3
- ext-pdo (latest)
- psr-4
- npm
- tailwindcss 4.1.18
- tailwindcss/cli 4.1.18
- PostgreSQL 16
- pgadmin (latest)
- Router Authentication: All routes protected via Router's
AuthServ::requireAuthentication(...)checking session auth status - Router Authorization: All routes verify a user's
UserRoleagainst the routesAccessRolebefore allowing access throughAuthServ::requireAuthentication(...)(Router) - SQL Injection Prevention: All database queries use a base PDO statement
- XSS & CSP: Randomly generated CSP nonces for all JS scripts, with CSP setup to be as strict as possible
- CSRF Protection: Randomly generated CSRF token validation for all POST requests via
Csrfclass - Input Validation & Sanitation: Server-side validation of all user input & HTML sanitization via
Escaperclass - Password Security: Passwords hashed with bcrypt (
password_hash()) - Data Minimization: DTOs (
UserAuthDto,UserIdentityDto, etc.) limit data exposure - Error Handling: Sensitive errors logged only on server-side, whilst users receive easy to understand messages
- Service & Repository Layers: Business logic in services (
AuthServ...), data access in repositories (AuthRepo...) - Interface-Based Integration: All layers use interfaces (
*IAuthServ,*IUserRepo) - Dependency Injection: Constructor Dependency Injection for all backend layers (controllers, services, repositories)
- Routing: Route definitions in
Routes.phpwith controller method binding viaRouterclass - View Templating:
View::render()provides automatic view mapping and data passing to templates - DRY Principles: Shared helpers eliminate code duplication:
BaseServExc::handleRepoCall()- Repository error handling across all servicesView::render()- View rendering with automatic data extractionBaseApiCtrl- Common API response formattingRoutes::route()- Additional fields for route authentication/authorization
- OOP Concepts:
- Inheritance (exception hierarchy, base classes)
- Encapsulation (private/protected properties, DTOs)
- Polymorphism (interface implementations, enums)
- final & readonly: As many classes marked as
finaland/orreadonlyfor immutability and clarity
- Authentication & Authorization: All API requests verify project membership via
BaseApiCtrl::authenticateRequest()before allowing operations - Request Authorization: Checks preventing users from editing/deleting tasks if they've been removed from the project after page load
- Error Responses: JSON error messages with appropriate HTTP status codes (403, 400, 500)