A PHP/MySQL web application for tracking vintage and retro collectibles.
This project was developed as part of a WEB PROGRAMMING course assignment. It demonstrates practical implementation of:
- PHP backend development with MySQLi
- MySQL database design and management
- User authentication and authorization systems
- CRUD operations with prepared statements
- File upload handling and validation
- Security best practices (SQL injection prevention, XSS protection, password hashing)
- Responsive web design with Bootstrap
The project is shared publicly for educational purposes and portfolio demonstration.
graph TB
subgraph client [Client Layer]
Browser[Browser]
HTML[HTML/CSS/JS<br/>Bootstrap 4.5]
end
subgraph server [Server Layer - Apache/WAMP]
PHP[PHP Application]
Auth[Authentication<br/>& Sessions]
CRUD[CRUD Operations]
Upload[File Upload<br/>Handler]
Validation[Input Validation<br/>& Security]
MySQLi[MySQLi Driver<br/>Prepared Statements]
end
subgraph database [Database Layer]
MySQL[(MySQL Database)]
Users[users table]
Items[items table]
end
Browser --> HTML
HTML -->|HTTP Request| PHP
PHP --> Auth
PHP --> CRUD
PHP --> Upload
PHP --> Validation
Auth --> MySQLi
CRUD --> MySQLi
Upload --> MySQLi
Validation --> MySQLi
MySQLi -->|SQL Queries| MySQL
MySQL --> Users
MySQL --> Items
Users -.->|Foreign Key| Items
style client fill:#e1f5ff
style server fill:#fff4e1
style database fill:#e8f5e9
style PHP fill:#8892d6
style MySQL fill:#4479a1
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | HTML5, CSS3, Bootstrap 4.5, JavaScript, jQuery | User interface and responsive design |
| Backend | PHP 7.4+, MySQLi | Server-side logic and database operations |
| Database | MySQL 5.7+ / MariaDB | Data persistence and relationships |
| Server | Apache (WAMP/XAMPP) | Web server |
| Security | Prepared Statements, Password Hashing, Session Management | Protection against common vulnerabilities |
- Authentication System: User login and registration with password hashing
- Role-Based Access Control: Admin users can edit/delete all items, regular users can only manage their own items
- CRUD Operations: Create, Read, Update, Delete items
- Search Functionality: Search items by name
- Pagination: Browse items with pagination (10 items per page)
- Bootstrap UI: Modern, responsive design with Bootstrap 4.5
- Security: MySQLi prepared statements to prevent SQL injection
- PHP 7.4 or higher
- MySQL 5.7 or higher / MariaDB
- Web server (Apache/Nginx) or WAMP/XAMPP/MAMP
-
Clone or Download the Repository:
git clone https://github.com/YOUR_USERNAME/retro-collection-tracker.git cd retro-collection-tracker -
Configure Database Connection:
- Copy
config.example.phptopublic/config.php:cp config.example.php public/config.php
- Edit
public/config.phpwith your database credentials:define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', 'your_password'); define('DB_NAME', 'retro_koleksiyon');
- Copy
-
Setup Database:
Option A - Automatic (Recommended):
- Run
public/createDB.phpto create the database - Run
public/createTable.phpto create the tables - Run
public/insertRecords.phpto insert sample data - Run
public/database/add_user_id_column.phpto update schema - Run
public/database/add_admin_role.phpto add admin support
Option B - Manual:
- Import
public/database/schema.sqlinto your MySQL database - This creates all tables and adds sample data automatically
- Run
-
Set Upload Directory Permissions:
chmod 755 public/uploads
(On Windows, ensure the uploads folder has write permissions)
-
Access the Application:
- Local development:
http://localhost/retro-collection-tracker/public/index.php - Or configure your web server to point to the
public/directory
- Local development:
-
Default Login Credentials:
- Admin User:
- Username:
admin - Password:
admin123
- Username:
- Admin users can edit and delete ALL items in the system
- Important: Change the default admin password after first login!
- Admin User:
If you already have an existing database, run these migrations in order:
- Open:
http://localhost/YOUR_PATH/public/database/add_user_id_column.php - Open:
http://localhost/YOUR_PATH/public/database/add_admin_role.php
retro-collection-tracker/
├── .gitignore # Git ignore rules (protects config.php and uploads)
├── config.example.php # Database configuration template
├── README.md # This file
└── public/ # Main application directory
├── config.php # Database configuration (NOT in Git)
├── index.php # Main listing page with slider, pagination, search
├── login.php # User login page
├── register.php # User registration page
├── create.php # Add new collectible form
├── read.php # View single item details
├── update.php # Edit item form
├── delete.php # Delete item with confirmation
├── logout.php # Session destroy and redirect
├── my_items.php # User's own items listing
├── createDB.php # Database creation script
├── createTable.php # Table creation script
├── insertRecords.php # Sample data insertion script
├── assets/
│ ├── css/ # Custom styles
│ └── js/ # Custom JavaScript
├── includes/
│ ├── header.php # Common header with navigation
│ ├── footer.php # Common footer
│ └── auth_check.php # Session validation helper
├── database/
│ ├── schema.sql # Complete database schema
│ ├── add_user_id_column.php
│ └── add_admin_role.php
└── uploads/ # User uploaded images (NOT in Git)
└── .gitkeep # Keeps directory in Git
- PHP 7.4+
- MySQL/MariaDB
- MySQLi Extension
- Bootstrap 4.5
- FontAwesome 6.4.2
- jQuery 3.5.1
- MySQLi Prepared Statements: Prevents SQL injection attacks
- Password Hashing: Uses
password_hash()with bcrypt algorithm - Session-Based Authentication: Secure session management
- Input Validation: Server-side validation on all forms
- XSS Prevention: Output escaping with
htmlspecialchars() - Role-Based Access Control: Admin and regular user permissions
- Protected Configuration:
config.phpexcluded from Git repository - Secure File Uploads: File type and size validation for images
- IMPORTANT: The
config.phpfile containing database credentials is NOT included in the repository for security reasons - Always use
config.example.phpas a template and create your ownconfig.phplocally - The
uploads/directory is also excluded from Git - actual uploaded images stay local - Change default admin password (
admin123) immediately after installation - Use strong passwords for database and admin accounts in production
- Login: Use the login page to access the system
- View Items: Browse all items on the main page
- Search: Use the search bar to filter items by name
- Add Item: Click "Add New Item" to create a new collectible
- View Details: Click the eye icon to view item details
- Edit: Click the pencil icon to edit an item
- Delete: Click the trash icon to delete an item
- All database operations use MySQLi prepared statements
- The application follows secure coding practices
- All
mysql_*functions have been updated tomysqli_* - Proper error handling and validation implemented throughout
- Uploaded images are stored locally and not tracked by Git
Contributions are welcome! Please feel free to submit a Pull Request.
This project is open source and available for educational purposes.
See PROJECT_ISSUES.md for planned improvements and known issues.