- User Registration
- User Login / Logout
- Password Hashing (via Laravel's built-in bcrypt)
- CSRF Protection on all forms
- Basic route protection (auth middleware)
| Member |
Contribution |
| Lester |
Project setup, authentication, routing |
| Michael |
Database Injection, quality testing |
| Eduard |
README, documentation, testing |
| Feature |
Details |
| Password Hashing |
All passwords hashed using bcrypt via Laravel's Hash::make() |
| CSRF Protection |
All forms include @csrf token — blocks cross-site request forgery |
| Protected Routes |
/dashboard and other pages require login via auth middleware |
| SQL Injection Guard |
Laravel Eloquent ORM uses parameterized queries by default |
| Feature |
Status |
Notes |
| Role-Based Access Control |
In Progress |
Admin vs. regular user roles not yet set up |
| Email Verification |
Planned |
Will use Laravel's built-in verification |
| Rate Limiting on Login |
Planned |
Prevent brute-force login attempts |
| HTTPS / Secure Headers |
Planned |
Needed before deployment |
cd simple-secure-app
composer install
cp .env.example .env
php artisan key:generate
php artisan migrate
php artisan serve
Then visit: `http://127.0.0.1:8000`
---
## Tech Stack
- **Backend:** Laravel (PHP)
- **Frontend:** Blade Templates, Bootstrap
- **Database:** MySQL