| title | PHP to Python Flask/FastAPI | ||||
|---|---|---|---|---|---|
| description | Migrate legacy PHP apps to Python FastAPI with modern async patterns | ||||
| authors |
|
||||
| category | Code Modernization | ||||
| industry | Cross-Industry | ||||
| services |
|
||||
| languages |
|
||||
| frameworks |
|
||||
| modernizationTools | |||||
| agenticTools | |||||
| tags |
|
||||
| extensions |
|
||||
| thumbnail | https://raw.githubusercontent.com/EmeaAppGbb/appmodlab-php-legacy-to-python-flask-fastapi/main/assets/thumbnail-gpt-image.png | ||||
| video | |||||
| version | 1.0.0 |
CityPulse Events is a legacy PHP 5.6 event ticketing platform running on a classic LAMP stack (Apache + MySQL 5.7). The application uses procedural PHP with MD5 password hashing, unsanitized user inputs, and session-cookie-based authentication — all intentional legacy vulnerabilities targeted for remediation during migration to Python FastAPI.
The legacy application greets users with a hero search bar and category navigation grid covering Arts & Culture, Business, Education, Food & Drink, Health & Wellness, Music, Sports, and Technology.
Users browse a full event listing with cards displaying title, date, venue, city, price, and "Buy Tickets" buttons. The database is seeded with 20+ events across all categories.
The search feature uses a simple GET parameter with no input sanitization — a common legacy vulnerability that will be addressed in the Python migration.
The registration form collects Username, Email, Password, Full Name, and Phone fields. Passwords are stored as MD5 hashes, and the login page displays demo credentials with session-cookie-based auth and no CSRF protection.
The legacy CityPulse Events PHP application running via Docker (PHP 5.6 + Apache + MySQL 5.7).
The main landing page with a hero search bar, category grid (Arts & Culture, Business, Education, Food & Drink, Health & Wellness, Music, Sports, Technology), and an Upcoming Events section.
Full event listing with event cards showing title, date, venue, city, price, and "Buy Tickets" buttons. The database is seeded with ~20+ events across all categories.
Search results page showing events matching a query. Uses a simple GET parameter with no input sanitization (intentional legacy vulnerability).
Registration form with Username, Email, Password, Full Name, and Phone fields. Passwords are stored as MD5 hashes (intentional legacy vulnerability).
Login page with demo credentials displayed: Admin (admin/admin123), Organizer (organizer1/pass123), User (user1/pass123). Session-cookie-based auth with no CSRF protection.