The Website.

I created the website together with a friend of mine.
I mostly focused on the back-end while my friend focused (mostly) on the front-end.
The website requires users to have an account (which is given to them by Hillplant) to use it.

The website is currently live, and we are still gradually expanding on it.

The API.

For this website there are a lot of things that should be saved in a database.

Because of that I decided to create an API which handles all of that.
This API is my first attempt at making a "big" API.

I learned a lot from making (and still adding onto) this API, namely:
- To, and how to structure the requests and responses that are sent and received from the API.
- How to handle SQL injection.
- How to handle XSS (js) Injection (checking the sent in values for any html tags).
- Making certain actions only possible for someone's own account.

Accounts.

almost everything on the website requires having an acount.


Which means we had to create an account system, I took this task upon me.
The accounts should obviously be completly secure, and we wanted to create a system where Hillplant can give accounts to their new employees, and not the employees creating their accounts themselves.
So when Hillplant wants to create a new account, they can "prepare" an account for the new employee.
The employee can then "activate" the account by adding their details to it.
After the employee has activated the account, Hillplant can then accept it, after which, the account can be used.

I added functions to the API which can handle all actions required for the accounts.

Planning.

The planning is a function which every employee can use.

Every empoyee can input their work planning into the table, their workdays and times are then saved in the database.

As dates shouldn't be changed last minute, Hillplant can select a date, and from that date on all employees can input their times and dates.

Hillplant can download the planning into a CSV file which they can then read in excel to get the planning up until a desired date.

For the planning, I created functions in the API which can be used to fetch / set their planning data from / into the database.
I also created the script that outputs the CSV file containg the planning.