A secure, modern web application for managing Senior Common Room (SCR) meal bookings, guest management, preferences, and administration within an Oxford college environment.
The system has been rewritten from the ground up to retain familiar functionality while significantly improving security, robustness, maintainability, and extensibility.
-
Book SCR meals by date
-
Optional guest bookings
-
Clear presentation of dietary preferences
-
Support for booking cut-offs and service-specific rules
-
Persistent dietary preferences (e.g. vegetarian, pescatarian)
-
Wine preferences and exclusions
-
Sensible defaults with user override
-
Wine lists with:
-
Personal (“My Lists”) and shared/public lists
-
Counts of wines per list
-
Favourite (heart) indicators
-
-
Integrated into meal bookings and administration
-
Explicit consent handling, including:
-
Terms & Conditions
-
Freedom of Speech obligations
-
-
Designed to support evolving regulatory and policy requirements
-
LDAP-backed authentication (via LdapRecord)
-
Strong input validation and sanitisation throughout
-
CSRF protection
-
Hardened against common web vulnerabilities
-
No direct access to sensitive endpoints (cron jobs, admin tools, etc.)
-
Manage:
-
Meals
-
Settings
-
Users
-
Wine lists
-
-
Granular logging of system actions
-
Designed to be usable by non-technical administrative staff
-
PHP (Object-Oriented) backend
-
Clear class structure with sensible separation of concerns
-
MySQL database with relational integrity
-
JavaScript-enhanced UI where appropriate
-
Bootstrap-based frontend with:
-
Consistent iconography
-
Accessible markup
-
Responsive layout
-
The system has been refactored to prioritise:
-
Readability
-
Testability
-
Long-term maintainability
-
Entire codebase reviewed using static analysis tooling
-
Numerous legacy issues resolved:
-
Input handling
-
Inconsistent naming
-
Silent failures
-
-
Improved error handling and logging
Plain textANTLR4BashCC#CSSCoffeeScriptCMakeDartDjangoDockerEJSErlangGitGoGraphQLGroovyHTMLJavaJavaScriptJSONJSXKotlinLaTeXLessLuaMakefileMarkdownMATLABMarkupObjective-CPerlPHPPowerShell.propertiesProtocol BuffersPythonRRubySass (Sass)Sass (Scss)SchemeSQLShellSwiftSVGTSXTypeScriptWebAssemblyYAMLXML / ├── assets/ # CSS, JS, icons, images ├── classes/ # Core application classes ├── includes/ # Bootstrap & shared includes ├── ldap/ # LDAP abstraction and helpers ├── pages/ # Application pages / views ├── cron/ # Scheduled tasks (restricted access) ├── logs/ # Application logs (non-public) └── index.php # Application entry point
⚠️ This application is designed for use within a trusted institutional environment.
-
PHP 8.x
-
MySQL / MariaDB
-
Apache (with .htaccess support)
-
LDAP directory (Active Directory compatible)
-
Clone the repository
-
Configure database credentials
-
Configure LDAP connection details
-
Ensure required directories are not web-accessible
-
Import the database schema
-
Configure Apache virtual host as required
-
Sensitive directories are protected via .htaccess
-
Direct folder listing is disabled
-
Cron endpoints are not publicly accessible
-
User input is validated and escaped at multiple layers
This system assumes defence in depth, not trust in the UI.
The system supports:
-
Manual QA testing
-
Stress testing of:
-
Dates
-
Edge-case input
-
Character sets (including emoji and non-Latin characters)
-
-
Consistency checks for UI language and behaviour
Recent work has focused on:
-
Security hardening
-
Codebase modernisation
-
Feature parity with legacy systems
-
Improving clarity for both users and administrators
Future improvements may include:
-
Automated tests
-
Enhanced reporting
-
Improved accessibility
-
Further admin tooling
Andrew BreakspearIT ManagerUniversity of Oxford College
This project is currently intended for internal institutional use.Licensing terms to be defined if the project is ever released more widely.