Vinelir

Build Notes

How this site works.

A technical overview of how the portfolio was planned, built from scratch, secured, and prepared for deployment on Combell.

Project goal

  • Create a personal portfolio for a school assignment that can keep growing after the course.
  • Keep the public site focused on projects, writing, contact details, and a downloadable CV.
  • Avoid a full CMS by building a small custom admin area for content that changes over time.

Application structure

  • The public document root is the www folder, with www/index.php acting as the front controller.
  • Shared PHP code lives in app, including bootstrap, rendering helpers, authentication, mail, database, and content logic.
  • Public files such as stylesheets, icons, uploaded images, and the CV PDF stay under www.

Routing and rendering

  • The router maps clean URLs such as /about, /projects, /blog, /cv, /contact, and /build-notes to PHP functions.
  • Reusable layout code in app/views.php renders the shared head, navigation, footer, metadata, and stylesheet includes.
  • Project and blog detail pages are resolved by slug, while unpublished or missing content returns a not found page.

Content management

  • The protected designer area lets an administrator create and edit projects and blog posts.
  • Content blocks are stored as structured data so entries can contain reusable sections.
  • The CV can be replaced from the admin area without changing code, while the public page exposes only open and download links.

Security choices

  • Admin routes require a logged-in session before protected actions can run.
  • Forms use CSRF tokens to prevent unwanted cross-site form submissions.
  • Uploaded cover images and the resume PDF are checked for expected type, size, and file handling constraints before being stored.
  • Dynamic output is escaped before rendering to reduce the risk of cross-site scripting.
  • The server configuration adds browser hardening headers for content sniffing and same-origin framing.

Hosting and deployment

  • The site is intended for Combell shared hosting with the web root pointed at the public www folder.
  • The current deployment can be uploaded directly, but a Git-based workflow would make future releases easier to audit and repeat.
  • Combell AutoGit is a possible next step once repository boundaries and shared runtime files are clearly defined.
  • Environment settings, local databases, and user-uploaded runtime files should stay out of normal source commits.

Next improvements

  • Initialize a Git repository and add CI checks for PHP syntax and accidentally committed secrets.
  • Separate deployable code from shared production files such as uploads, environment variables, and persistent database content.
  • Add automated checks around uploads, routing, and admin-only actions as the site grows.