I was asked to build a website where a company's employees (around 20) could login and fill in their working schedules for a present and past (if needed) month. Employees should ofcourse only be able to see their own schedules, but the manager should have the privilege to access every schedule. I have little experience in web development therefore an advice is needed. I have already created a PHP/MySql login page. Now what? How do I go about it? Just some architectural or implementational(if you will) guidance would be really appreciated.
I have built applications similar to this in PHP / Mysql and can say that it's a good platform for it, although something like Rails might be quicker to use and require less micromanaging. As Wisdom says, use a framework to cut out some of the grunt work and ensure you're adhering to good security practices.
A few things come to mind that you'll need.
ANY values that you insert into a query string, should be sanitized. So queries to search or select values should always have any PHP variables filtered through a "cleaning" structure:
$query = sprintf("SELECT * FROM table1 WHERE identifier = %s", mysql_real_escape_string($id));
Rather than:
$query = "SELECT * FROM table1 WHERE identifier = ".$id
because any text which a user types into a search or insert field online, if it ends up in your query, could be executed as part of the query. A hacker could then use this to make your other security features useless.
I would recommend to select a framework like cakephp or symfony this way you can avoid some mistakes. if you want to create by your own
first decide the database architecture that will fullfill your need.
than try to make crud functionality for each table as php object.
I think this can make you get going
I was heavily involved in the design of our company's internal dashboard, where employees can log-in and view pertinent company metrics. We used CodeIgniter as our framework and it worked really well! It's a PHP framework that uses MySQL, which we already had both PHP and MySQL installed on our servers. There were already a few people in our company who had experience with it, as it has been around a few more years and is more established than the latest and greatest fad frameworks. It has worked beautifully because of its MVC approach to development. We have attached it to our home-cooked database using Grocery CRUD. It has plug-ins that handle user authentication, sessions, and security. We have been extremely productive with it and I highly recommend. Keep in mind, this framework is designed for developers that want to create something very customizable. That being said, it provides basic things you need but lets you handle the higher-level stuff yourself.
You will need to design your database to meet your real-world constraints. With MySQL you can create a relational database that reflects users and their positions. We created an E-R Diagram first to help our company's executives visualize the constraints and how we could model our business via the database, so that they could be involved in the discussion during the design phase.