Skip to content

Modernize phpblog: Migrate to PDO, OOP architecture, Docker, and session-based auth #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rlbisbe wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Modernize phpblog: Migrate to PDO, OOP architecture, Docker, and session-based auth #1

rlbisbe wants to merge 1 commit into from

Conversation

@rlbisbe
Copy link
Owner

@rlbisbe rlbisbe commented Dec 3, 2025

Overview

This PR modernizes the phpblog application by replacing deprecated MySQL functions with PDO, refactoring to object-oriented architecture, adding Docker support, and implementing secure session-based authentication.

Requirements Implemented

Security & Database Improvements

  • Replaced deprecated mysql_ functions with PDO*: All database interactions now use PDO with prepared statements to prevent SQL injection vulnerabilities
    • Replaced mysql_connect, mysql_select_db, mysql_query, mysql_fetch_assoc, mysql_error throughout the codebase
    • Implemented prepared statements for all database queries

Configuration Management

  • Externalized database configuration: Created separate configuration file that reads from environment variables
    • New config/config.php file for centralized configuration management
    • Supports environment variables for database host, username, password, and database name
    • Added .env.example file documenting all required environment variables

Authentication Enhancement

  • Migrated to session-based authentication: Replaced cookie-based authentication with secure PHP sessions
    • Updated login.php to use $_SESSION instead of cookies
    • Updated logout.php to properly destroy sessions
    • All authenticated pages now validate sessions

Code Architecture

  • Refactored to Object-Oriented PHP: Transformed procedural code into OOP design
    • Created src/Database.php class for connection management with singleton pattern
    • Created src/Posts.php class for post operations (CRUD operations)
    • Refactored backend.php to use new OOP structure
    • Updated all application files to use new classes

Dependency Management

  • Added Composer support: Created composer.json with PSR-4 autoloading configuration
    • Configured autoloading for the PhpBlog namespace
    • Ready for future dependency management

Containerization

  • Created Dockerfile: Sets up PHP 8.x environment with required extensions

    • Configured Apache with PHP 8.x
    • Installed pdo_mysql extension
    • Properly configured document root and permissions

  • Created docker-compose.yml: Defines complete application stack

    • PHP application service with proper volume mounts
    • MySQL database service with persistent storage
    • Environment variable configuration
    • Network configuration for service communication

Documentation

  • Added comprehensive documentation: Created README.md with setup and usage instructions
  • Added initialization script: Created init.sql for database schema setup

Files Changed

New Files

  • .env.example - Environment variable template
  • .gitignore - Git ignore patterns for PHP projects
  • Dockerfile - Container configuration for PHP application
  • docker-compose.yml - Multi-container orchestration
  • composer.json - Dependency and autoloading configuration
  • config/config.php - Centralized configuration management
  • src/Database.php - Database connection class
  • src/Posts.php - Posts management class
  • init.sql - Database initialization script
  • README.md - Comprehensive setup and usage documentation

Modified Files

  • backend.php - Refactored to use OOP and PDO
  • index.php - Updated to use new Database and Posts classes
  • login.php - Migrated to session-based authentication
  • logout.php - Updated to destroy sessions properly
  • admin/index.php - Updated to use new architecture
  • admin/add_new_post.php - Updated to use PDO and OOP
  • admin/new_post.php - Updated to use PDO and OOP

Testing

All existing functionality has been preserved:

  • ✅ Viewing posts on the homepage
  • ✅ User login/logout functionality
  • ✅ Adding new posts (admin functionality)
  • ✅ Post display and formatting

Deployment

To run the modernized application:

# Copy environment variables template
cp .env.example .env

# Edit .env with your configuration
# Then start the application
docker-compose up -d

The application will be available at http://localhost:8080

Breaking Changes

None - all existing functionality continues to work as before.

Dependencies

  • PHP 8.x
  • MySQL 5.7+
  • Docker & Docker Compose (for containerized deployment)

Security Improvements

  1. SQL injection protection through PDO prepared statements
  2. Session-based authentication (more secure than cookies)
  3. Environment-based configuration (credentials not in code)
  4. Updated to modern PHP 8.x features

@kiro-agent @rlbisbe
Modernize phpblog with PDO, OOP, Docker, and session auth
bb78836 
Co-authored-by: Roberto Luis Bisbe <825331+rlbisbe@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rlbisbe @kiro-agent