Secure E-commerce Website with Admin Panel

What is this?

A full-stack e-commerce website with a dedicated admin panel, built as my final project for the course Web Programming and Security at university. It features product browsing, a shopping cart, checkout with real PayPal payment integration, user membership system, and a complete backend for managing products and categories.

Check out the demo to get a quick overview of the project!

About my role

I handled everything end-to-end. This was a solo project built using what I learned from the course.

• Designed and built the responsive frontend user experience using React & TypeScript
• Developed the PHP backend and admin panel with full CRUD functionality
• Integrated PayPal payments and managed the SQLite database
• Implemented basic security measures against common web vulnerabilities

Technologies I used

• Frontend: React, TypeScript, Redux for global state management, Material UI (MUI) for clean UI components
• Backend: Pure PHP (no framework) with Composer dependencies
• Database: SQLite
• Payment: PayPal SDK and API integration
• Deployment: Apache web server on an AWS EC2 instance

Features

Client-side

• Responsive navigation and category-based product browsing
• Detailed product views with pagination
• Fully functional shopping cart (add/remove/update quantity)
• Cart persistence using localStorage
• Complete checkout flow with real PayPal payment processing
• Optional user membership system

Admin panel

• Secure login and full CRUD operations for products and categories
• Product management with pagination

Security (core focus)

• XSS protection (React's built-in + PHP htmlspecialchars() + input/output sanitization)
• CSRF defense with tokens
• SQL injection prevention via parameterized statements
• Comprehensive client and server-side validation

Challenges & how I approached them

1. Handling user input securely in a custom PHP backend

• Used parameterized queries to reduce the risk of SQL injection
• Added CSRF token validation for form submissions
• Applied XSS protection using htmlspecialchars() and React’s built-in escaping
• Performed both client- and server-side input validation

2. Integrating real PayPal payments while keeping the user flow smooth

• Configured and tested the PayPal Sandbox environment
• Handled payment callbacks and transaction verification
• Ensured payment status was validated before order fulfillment

So, what was the outcome?

• Earned an A grade for this final course project
• Delivered a complete and secure online store with PayPal payments and admin management
• Built my first end-to-end solo full-stack application from scratch

Things I learned

• Gained a solid foundation in web security fundamentals and common vulnerability prevention
• Learned PHP backend development and basic AWS deployment and security practices for the first time
• Gained hands-on experience building e-commerce features, strengthening my React and TypeScript skills
• Improved confidence in integrating third-party APIs and managing application state with Redux
• Proved to myself that I could independently design and deliver a functional e-commerce application end-to-end