// the find
tramyardg/hotel-mgmt-system
Hotel booking system for customers added with an admin feature to manage reservations.
A PHP/MySQL hotel booking system built as a student learning project. Customers can browse rooms, make reservations, and view bookings; admins manage reservations through a separate view. The author explicitly says it's not for production and they won't be maintaining it.
Has a real DAO/handler layered architecture for a student project — not just one giant PHP file. Includes PHPUnit tests for the handler and DAO layers, which most tutorial-grade projects skip entirely. ESLint and PHPCS configs with a custom ruleset show some attention to code consistency. The Facebook OAuth callback (fb-callback.php) is a nice extra that shows the project went slightly beyond a basic CRUD exercise.
The README itself warns about security vulnerabilities, and they're real — promoting a user to admin requires manually flipping a database column, which screams no proper role/permission system. Admin auth is almost certainly bolted on at the application layer with no server-side enforcement. The custom phpPasswordHashing lib bundled in /lib/ should have been replaced by PHP's native password_hash() years ago. Last meaningful activity was late 2024 but the screenshots are from 2019, suggesting it's been minimally touched for years.