A full-featured forum application with user authentication, post management, and administrative controls. Built as part of IEFP Level 4 Programming Certification.
A complete forum system allowing users to create accounts, post messages, reply to discussions, and manage their content. Includes a full administrative interface for user and content moderation.
Project Type: Full-stack web application
Duration: 6-week module (IEFP Course 3933)
Status: Completed β
-
β User Registration & Authentication
- Secure password handling
- Session-based login system
- Profile editing capabilities
-
β Post Management
- Create new forum posts with categories
- View all posts by category
- Reply to existing posts
- Edit and soft-delete own posts
- Recover deleted posts
-
β Personal Dashboard
- View "My Posts"
- View "My Replies"
- Track posting activity
- Edit profile information
-
β User Management
- View all registered users
- Block/unblock user accounts
- Edit user information
- Search users by multiple parameters
-
β Content Moderation
- Manage all forum posts
- Manage all replies
- Soft-delete inappropriate content
- Recover deleted content
- Filter posts by category/theme
-
β System Security
- Session validation on all protected pages
- Access control (user vs admin permissions)
- Error handling for unauthorized access
t_user (Users table)
- id (INT, PRIMARY KEY, AUTO_INCREMENT)
- nick (VARCHAR(20), UNIQUE, NOT NULL)
- nome (VARCHAR(100), NOT NULL)
- email (VARCHAR(50), NOT NULL)
- data_nasc (VARCHAR(10), NOT NULL)
- pass (VARCHAR(20), NOT NULL)
- foto (VARCHAR(300), NOT NULL)
- apagado (INT, DEFAULT 0) -- Soft delete flagt_post (Posts table)
- id (INT, PRIMARY KEY, AUTO_INCREMENT)
- tema (VARCHAR(50), NOT NULL) -- Category/theme
- titulo (VARCHAR(100), NOT NULL)
- conteudo (TEXT, NOT NULL)
- data (DATETIME, NOT NULL)
- id_user (INT, FOREIGN KEY -> t_user)
- apagado (INT, DEFAULT 0)t_resp (Replies table)
- id (INT, PRIMARY KEY, AUTO_INCREMENT)
- resposta (TEXT, NOT NULL)
- data (DATETIME, NOT NULL)
- id_post (INT, FOREIGN KEY -> t_post)
- id_user (INT, FOREIGN KEY -> t_user)
- apagado (INT, DEFAULT 0)t_tema (Categories/Themes table)
- id (INT, PRIMARY KEY, AUTO_INCREMENT)
- nome (VARCHAR(50), NOT NULL)Soft Delete Pattern: Instead of permanently deleting records, the apagado flag marks content as deleted while preserving data integrity and allowing recovery.
Session Management: PHP sessions store user ID and admin status, validated on every protected page via valida.php include.
Modular Code Structure: Repeated functionality (DB connection, session validation, filters) extracted into separate PHP includes for maintainability.
Backend:
- PHP (native, no framework)
- MySQL for data persistence
Frontend:
- HTML5 for structure
- CSS3 for styling (estilo.css)
- Minimal JavaScript for form interactions
Development Environment:
- XAMPP (Apache + MySQL + PHP)
- phpMyAdmin for database management
Deployment:
- Can be hosted on InfinityFree or similar PHP hosting
forum/
βββ index.html # Landing page
βββ registar.html # Registration form
βββ registo.php # User registration handler
βββ login.php # Login form
βββ login2.php # Login authentication handler
βββ logout.php # Session termination
βββ erro.html # General error page
βββ erro_acesso.html # Unauthorized access error
β
βββ User Pages
βββ perfil.php # Edit user profile form
βββ perfil2.php # Profile update handler
βββ inserirP.php # Create new post form
βββ inserirP2.php # Post creation handler
βββ listar_P.php # List all posts (with filters)
βββ inserirR.php # Reply to post form
βββ inserirR2.php # Reply handler
βββ meusP.php # User's own posts
βββ minhasR.php # User's own replies
βββ eliminarP.php # Soft-delete user's post
βββ recuperarP.php # Recover user's deleted post
βββ eliminarR.php # Soft-delete user's reply
βββ recuperarR.php # Recover user's deleted reply
β
βββ Admin Pages
βββ gerir_U.php # Manage all users
βββ alterar_U.php # Edit user form (admin)
βββ alterar_U2.php # User update handler (admin)
βββ bloquear_U.php # Block user account
βββ desbloquear_U.php # Unblock user account
βββ pesquisar_U.php # Search users form
βββ pesquisar_U2.php # Search results handler
βββ gerir_P.php # Manage all posts (admin)
βββ gerir_R.php # Manage all replies (admin)
βββ eliminarPadm.php # Admin soft-delete post
β
βββ Utilities
βββ liga_bd.php # Database connection include
βββ valida.php # Session validation include
βββ filtra_P.php # Post filter/category select
βββ estilo.css # Stylesheet
Session Validation
// valida.php - included on all protected pages
session_start();
if((!isset($_SESSION['id']) == true) and (!isset($_SESSION['nick']) == true)) {
header('location:erro_acesso.html');
}Why this approach: Validates both user ID and nickname are set in session, ensuring complete authentication state before allowing access to protected pages.
SQL Injection Prevention
- Parameterized queries used throughout
- Input validation on all forms
- Prepared statements for database operations
Access Control
- User vs admin role separation
- Protected pages redirect unauthorized users
- Session-based authentication
- XAMPP (or similar PHP/MySQL environment)
- Web browser
- Text editor
- Clone or download the project
git clone https://github.com/yourusername/php-mysql-forum-platform.git-
Start XAMPP
- Start Apache server
- Start MySQL server
-
Create Database
- Open phpMyAdmin (http://localhost/phpmyadmin)
- Create database:
bd_forum - Import SQL schema (or run the CREATE TABLE commands from Part 1)
-
Configure Database Connection
- Edit
liga_bd.php - Update credentials if different from defaults:
- Edit
$servidor = "localhost";
$utilizador = "root";
$password = "";
$bd = "bd_forum";-
Place files in htdocs
- Copy project folder to
C:\xampp\htdocs\forum\
- Copy project folder to
-
Access the application
- Navigate to:
http://localhost/forum/
- Navigate to:
-
Create admin user
- Register a normal user
- In phpMyAdmin, manually set
nick='admin'for that user
Interface Language: Portuguese (pt-PT)
This project was developed as part of a Portuguese professional training program (IEFP), so the user interface, comments, and variable names are in Portuguese.
Key Terms Translation:
registar= registerutilizador= userlistar= listinserir= inserteliminar= deleteapagado= deletedgerir= managetema= theme/categoryresposta= reply/response
Why Portuguese? This demonstrates authentic work from a real certification program. Future projects will be developed in English for international audiences.
Code Quality: While the interface is in Portuguese, the application architecture, database design, and programming concepts are universal and demonstrate full-stack development proficiency regardless of natural language.
## π‘ What I Learned
### Technical Skills
- **Three-Tier Architecture**: Separation of presentation (HTML), logic (PHP), and data (MySQL) layers
- **Session Management**: Implementing stateful authentication in stateless HTTP
- **CRUD Operations**: Complete Create, Read, Update, Delete functionality
- **SQL Proficiency**: Complex queries with JOINs, filtering, and sorting
- **Soft Delete Pattern**: Data preservation while marking records inactive
- **Code Modularization**: Using PHP includes to avoid repetition (DRY principle)
### Problem-Solving
- **Challenge**: Preventing users from accessing protected pages without login
**Solution**: Created `valida.php` include with session validation, used across all protected pages
- **Challenge**: Distinguishing user vs admin functionality
**Solution**: Session variable for admin status, conditional rendering of admin-only features
- **Challenge**: Allowing content deletion without data loss
**Solution**: Implemented soft delete with `apagado` flag (0=active, 1=deleted)
- **Challenge**: Keeping codebase maintainable as it grew
**Solution**: Extracted repeated code into includes (`liga_bd.php`, `valida.php`, `filtra_P.php`)
- **Challenge**: Ensuring robust session validation
**Solution**: Implemented dual-check validation by verifying both `$_SESSION['id']` and `$_SESSION['nick']` are set, preventing edge cases where only partial session data exists
### Best Practices Learned
- Input validation and sanitization
- Preventing SQL injection with prepared statements
- Session security and timeout handling
- Separation of concerns
- Error handling and user feedback
- Code reusability through includes
## π Future Improvements
If I were to extend this project, I would add:
- [ ] **Enhanced Security**
- Password hashing (currently stored in plain text - educational project only!)
- CSRF token protection
- Rate limiting on login attempts
- [ ] **Rich Text Editor** for post formatting
- [ ] **File Upload** for user avatars and post attachments
- [ ] **Real-time Notifications** for new replies
- [ ] **Search Functionality** for posts and replies
- [ ] **Pagination** for large result sets
- [ ] **Email Verification** on registration
- [ ] **Password Reset** functionality
- [ ] **Thread Nested Replies** instead of flat replies
- [ ] **User Reputation System** (likes, badges)
- [ ] **Mobile Responsive Design**
## πΈ Screenshots
[Add screenshots here when you deploy or run locally]
**Main Interface:**
- User dashboard
- Post listing page
- Admin panel
## π Project Context
This project was developed as part of **Module 3933** (Database Administration for Programmers) within the **IEFP Level 4 Programmer/Informatics Certification** program in Porto, Portugal.
**Learning Objectives:**
- Implement a complete CRUD application
- Understand three-tier web architecture
- Practice SQL database design and queries
- Learn PHP session management
- Build user authentication systems
- Create role-based access control
**Instructor:** Rui Monteiro
**Institution:** IEFP - Centro de Formação de Vila Nova de Gaia
**Duration:** 6 weeks (Parts 1-6)
**Completion:** November 2024
## π License
MIT License - Feel free to use this project for learning purposes
## π€ Connect
Built by **Antonio Cardoso**
π§ tony101123cardoso@icloud.com
πΌ [LinkedIn](#) (Coming soon)
π [More Projects](https://github.com/alienmem)
---
**β οΈ Educational Note:** This project was built for learning purposes. The password storage (plain text) and some security practices are simplified for educational clarity and should NOT be used in production applications. In real-world applications, always use proper password hashing (bcrypt, Argon2) and follow OWASP security guidelines.
---
*Part of my journey from Mathematics to Software Engineering*