my first ever release

https://github.com/dextel2/...

please, give your thoughts, and it would mean a lot if you run it locally :)

php ?

$password = md5($password);
😢

sha256 that thing atleast.
Look at blowfish if you can.

Md5/sha1 are useless for secure data now a days.

password_hash($password, PASSWORD_DEFAULT);

Use it. It is your friend.

@quijibo
As long as @dextel2 is using PHP7 😎

@C0D4 yes I am using PHP 7 .. but I highly doubt prod server isn't PHP 7

I can't use PC today but what keeps me from just loading admin/admin.php? I see no protection against it

@Dacexi see last few lines in admin/admin.php.. I'm not proud of myself

@dextel2 yeah but i can just load /admin.php ?

@Dacexi but it won't show the actual content admin is supposed to see? Bad practice?

@dextel2 just cheking if session is set is not good. What i would do is use a token based system. More info here: https://youtube.com/watch/...

Oh dear god... I'm sorry in advance, and I hate to be that guy, but this codebase is fucked up in so many ways I don't know where to start..

1) you should really look into starting over with MVC structure, if you have the time that is.. It would make your life easier.
2) if time is an issue, atleast start using classes for handling db connections, so you don't end up with too many open connections.
3) you should look into bootstrapping your urls

I'm currently in a hurry and don't have enough time to set this up locally, or even look at the code.. But will reply later.

@bas1948 thanks

@Dacexi @bas1948 I'll be waiting for your feedback and I'm open to positive criticisms

I'll look into it when I get a chance but I admire your willingness to learn and open to these kinds of comments.

Just from a brief scan. And looking at what your project requirements are I personally would recommend Laravel as a framework. It has a ton of supporting libraries, it is well documented and uses an MVC like style.

But in not going this way I'll be sure to provide some more feedback when I can look at the code

I can't seem to get it to work locally right now, as it looks like I messed up my server config.

anyway straight to the point:
1) your folders structure is all wrong, and I guess you're having a hard time knowing which file does what, hence your "known bugs" include too many open connections.
this SO link might give you a rough idea of a good structure/s: https://stackoverflow.com/questions...
2) your links are error prone and "dirty", you should refrain from using plain file names, and rather clean your urls (eg: /login instead of login.php):
https://binpress.com/tutorial/...
3) Like I said earlier, you should seriously look into MVC, it WILL make your life easier.. and while Laravel is a great framework, I'd suggest "building" your own framework first to understand how frameworks are built:
https://youtube.com/watch/...

4) your php code is pretty much all over the place, connections inside HTML files, your database credentials also all over the place.. Like I stated earlier, obviously this has already got you lost.

5) you're not checking for form inputs.. are you really going to rely on users? or frontend js checks?

6) Like you stated, you're not proud of echo-ing "not logged in" message, you should look into redirecting to the login page

7) you have a dbConfig.php file, yet you're using it to perform queries?

8) /admin/admin.php... please do not ever echo html.. its a recipe for disaster, you should only echo the data retrieved from the DB, I'd also look into fetching ASSOC_ARRAY and using foreach instead of while.

this is what I could find in addition to what others said while scanning your code.
you're brave enough to publicly show your code and learn from your mistakes.. keep it up.
Sorry for being harsh, but your code is everything that shouldn't be done :D
Good luck mate, and keeping asking

@bas1948
I had a quick look on my phone and I think you’ve summed it up well.

@dextel2
On top of @bas1984 look into DRY as well so you don’t end up with copy/paste hell.

@bas1948 I guess I learnt this from obsolete tutorials.. is there anything I've done right?

@dextel2
You used PDO 👍
instead of mysql_

That’s something most newbies get wrong.

@dextel2
I wouldn't necessarily call it obsolete, as I guess it was simply teaching you the basics from what I can tell...

Trust me, we've all been there.. I know I have, and my college end project code wasn't that great either.

I can upload my project later tonight if you want, as I think it's close to what you're doing..

May I ask how long you've been learning PHP?

@bas1948 a year and id like to have a look on your php project

@dextel2
If I may suggest jumping onto
https://sitepoint.com
and grabbing some of the PHP books they will help you out with structuring your code and getting into a good habit.

Although not specifically for PHP7 it will help:
https://sitepoint.com/premium/...

@dextel2
Also you can get a *free* year of premium which gives you access to all the ebooks and online courses.

https://sitepoint.com/premium/l/...

*free sitepoint for a $5 hosting + domain.

@dextel2

Here you go: https://bitbucket.org/bas1948/...

I believe this was an old version of the project, haven't tested it recently.. but you should get a rough idea about it.

It also isn't documented, but I believe the code is self-explanatory.

PS: Looking back at it, I like how much I improved from 2 years ago :-)

@bas1948 thank you very much... Appreciate your help :)

Remember to remove the "2" from folder name before running locally.

Or easier, change the url in config/paths.php to whatever you want to name the main folder.