Skip to content

harshmohan246/todo-php-mysql-secure

BranchesTags

Repository files navigation

📝 Secure Todo Application (PHP + SQLite/MySQL)

A secure, lightweight todo application built with PHP, featuring user authentication, CSRF protection, and ready for deployment on Azure App Service or any PHP hosting.

✨ Features

  • 🔐 Secure Authentication - Password hashing with bcrypt, session management
  • 🛡️ CSRF Protection - Token-based form protection
  • 📊 SQLite or MySQL - Flexible database options
  • 🎨 Bootstrap UI - Clean, responsive interface
  • Rate Limiting - Login attempt throttling
  • 🔒 Security Headers - CSP, X-Frame-Options, etc.
  • 📱 Mobile Responsive - Works on all devices

🚀 Quick Start

Prerequisites

  • PHP 7.4 or higher
  • SQLite extension (included in most PHP installations)
  • Web server (Apache, Nginx, or PHP built-in server)

Local Installation

  1. Clone the repository

    git clone https://github.com/yourusername/todo-php-mysql-secure.git
cd todo-php-mysql-secure

  2. Configure the application

    cp config.example.php config.php

    Edit config.php if needed (default uses SQLite in data/ folder)

  3. Create data directory

    mkdir -p data
chmod 777 data

  4. Start the development server

    php -S localhost:8000

  5. Open in browser

    http://localhost:8000

  6. Register a new account or use demo account:

    • Email: demo@example.com
    • Password: demopass

🌐 Deployment

Deploy to Azure App Service (FREE Tier)

  1. Create Azure resources

    az group create --name todo-app-rg --location canadacentral
az appservice plan create --name todo-app-plan --resource-group todo-app-rg --sku F1 --is-linux
az webapp create --name your-app-name --resource-group todo-app-rg --plan todo-app-plan --runtime "PHP:8.2"

  2. Upload files via Kudu Console

    • Navigate to: https://your-app-name.scm.azurewebsites.net/DebugConsole
    • Go to /home/site/wwwroot/
    • Upload all files

  3. Configure environment (optional)

    • Set DB_PATH environment variable if needed
    • Default: /home/data/todo_app.db

Deploy to Shared Hosting

  1. Upload all files via FTP/cPanel
  2. Copy config.example.php to config.php
  3. Edit config.php with your database credentials
  4. Create data/ directory with write permissions

📁 Project Structure

todo-php-mysql-secure/
├── index.php              # Main dashboard (requires login)
├── login.php              # User login page
├── register.php           # User registration page
├── logout.php             # Logout handler
├── config.php             # Database & session configuration (not in git)
├── config.example.php     # Example configuration file
├── csrf.php               # CSRF token generation/validation
├── init.sql              # MySQL database schema (if using MySQL)
├── actions/
│   ├── add_task.php      # Create new task
│   ├── delete_task.php   # Delete task
│   └── toggle_task.php   # Mark task complete/incomplete
├── partials/
│   ├── head.php          # HTML head, Bootstrap CSS
│   ├── nav.php           # Navigation bar
│   └── foot.php          # Footer, scripts
└── public/
    └── style.css         # Custom styles

🔧 Configuration

Using SQLite (Default)

No configuration needed! The app will automatically create a SQLite database in the data/ folder.

Using MySQL

  1. Create a MySQL database
  2. Import init.sql to create tables
  3. Edit config.php: 
    define('DB_HOST', 'localhost');
define('DB_NAME', 'your_database');
define('DB_USER', 'your_username');
define('DB_PASS', 'your_password');

$pdo = new PDO(
  "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
  DB_USER,
  DB_PASS,
  $options
);

🔒 Security Features

  • Password Hashing: Uses PHP's password_hash() with bcrypt
  • CSRF Protection: Token validation on all state-changing operations
  • SQL Injection Prevention: Prepared statements with PDO
  • XSS Prevention: Output escaping with htmlspecialchars()
  • Session Security: HttpOnly, Secure, SameSite cookies
  • Rate Limiting: Prevents brute-force login attempts
  • Security Headers: CSP, X-Frame-Options, X-Content-Type-Options

🛠️ Development

Requirements

  • PHP 7.4+
  • PDO extension
  • SQLite or MySQL

Running Tests

# Start development server
php -S localhost:8000

# Access in browser
http://localhost:8000

Database Schema

Users Table

  • id - Primary key
  • email - Unique, validated email
  • password_hash - Bcrypt hashed password
  • created_at - Timestamp

Tasks Table

  • id - Primary key
  • user_id - Foreign key to users
  • title - Task description
  • is_done - Completion status (0/1)
  • created_at - Timestamp

📝 License

This project is open source and available under the MIT License.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

📧 Support

For issues and questions, please open an issue on GitHub.

🙏 Acknowledgments

  • Bootstrap for the UI framework
  • PHP community for security best practices
  • Azure for free hosting tier

Note: Remember to never commit config.php or any files containing credentials to version control. Always use environment variables or configuration files that are in .gitignore

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages