Skip to content
As an exercise of PHP and MAMP in general, this app allow users to create an account, make their own brackets, and compete against friends and family during any upcoming tournaments.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

The Bracket Referee

Client-side Languages: Javscript, jQuery (3.3.1.min), JSON, CSS, SASS (3.5.5), HTML

Server-side Languages: PHP (7.1.19)

DB Managment System: MySQL

Status: Complete


This is an exercise of my PHP skills and database design, and it's purpose is for any user to compete against friends and family during any common tournaments ("March Madness", FIFA World Cup, etc.). It is my first, independent venture into "server-side" coding from scratch... and I'm LOVING it! Once completed, this app will allow the user to:

  • Create, read, update, or delete their own account
  • Create, read, update, or delete their own group(s)
  • Search for an existing group
  • Join an existing group
  • Submit one bracket of teams within each group
  • View their score and the top 25 scores within each group


Several portions of this app's code are worth mentioning:

  1. Many-To-Many Relationships: This app collects a large amount of tables within the overall database, so it's predictable that at least one many-to-many became involved. For example, a single "Group" can include many "Players", and vice versa.
  2. JavaScript Object Notation (JSON): In order to easily identify and share the correct data with the user (w/o making unnecessary requests), JSON is used extensively as the user chooses their teams when filling out their bracket(s).
  3. Password Encryption: Upon doing research, I used PHP's more recent tool for encrypting the user's password: password_hash(). My previous training had only explained how to manually insert a "salt" before using the more basic hash() and a chosen algorithm, like MD5. The password_hash() seems to do it easier and more affectively.
  4. Hacker Prevention: Several measures have been taken in order to prevent hacking attacks. They include:
    • htmlentities() is used to block SQL injection. If not, SQL could be maliciously used to see or modify the database.
    • By using the token-based authentication method, tokens are created each a player logs in. It is then used to confirm that they are who they say they are, each and every request. Each token is randomly generated.
  5. Simple Mail Transfer Protocol (SMTP): Users can get access to their accounts in spite of forgetting their password by having a reset passwords emailed directly to their recorded email address. This is carried out by using a free, third-party email service (SendGrid) and a PHP package manager (Composer).
  6. Private vs. Public: Some users would undoubtedly want to draw in as many other users as possible, while others would want to limit their groups to only friends and family. The "Private/Public" setting that I added makes a group more or less selective of its members. It does this by:
    1. Showing or hiding the group on the public list of "Available Groups"
    2. Including or excluding the group on whether the group can appear on the 'search tool' on player.php
    3. Adding a unique "key" to the "invite links", making it very difficult for non-members to enter without an invite.
  7. Invitation Link: An "invitation link" is included in all groups and makes it easy for emailing/texting someone a URL that will take them directly to the desired group. Upon entering that URL, the user easily logs in or create an account (if they aren't logged in already), then they are sent to the desired group. If that group is in the 'PRIVATE setting, its link is only shown to the group's director, but the 'PUBLIC' setting show will show the link to all of its members.
  8. Varying Tournament Structure: Many single-elimination tournaments differ from the traditional structure. In particular "wildcard" and "third-place playoffs" games often occur. Bracket Referee is designed to accommodate for those.
  9. Time-Sensitive Bracket Submission: There is often a narrow time (between the announcement of the tournament's teams and the first game that takes place) in which a player can pick their predictions. Using things like PHP's date() and date_default_timezone_set(), this website will allow a player to submit their bracket at the last possible moment.
  10. Administrative Center: Manually adding new teams or updating each game's results is very inefficient and increases the chances that a mistake is made. To prevent this, the Administrative Center page (which is only accessible by the developer) can be used to easily add a new team, insert the correct teams on each game, and update each game's winner.
You can’t perform that action at this time.