Wikimania Scholarships app/Cleanup sprint

Sprint 1: Cleanup existing code

 * Duration
 * 2013-10-23 through 2013-11-06


 * Team
 * Bryan Davis, Chad "^demon" Horohoe (consultant), Katie Filbert (consultant)


 * Sprint Goal
 * Have a functioning version of the existing application running in Labs with major code cleanliness and security concerns addressed.


 * Scope
 * Core functionality of the existing application, namely providing a data entry form with validation for requesting a scholarship and supporting a simple workflow for reviewers to triage and approve/decline requests.

Primary concerns to be addressed

 * Robust and secure data access layer
 * PDO or possibly Doctrine DBAL
 * Robust and secure template layer
 * Twig is a likely candidate
 * Minimize number of files exposed via document root
 * Strong separation of code from configuration
 * Secure password storage for reviewers
 * Current unsalted md5 is unacceptable

Tasks
FIXME complete task breakdown


 * ✅ Move index.php and static content into a directory
 * ✅ Cleanup database schema
 * ✅ Make everything use routes
 * ✅ Move session initialization to router script
 * ✅ Securely delete session on logout
 * Change passwords to use crypt with Blowfish
 * Convert database calls to PDO
 * Implement a real template engine
 * Change the way that Lang finds localization files
 * Make language choice sticky
 * Move PHPMAILER to vendor directory
 * Convert to use autoloading
 * Set include_path externally
 * Find out if it is the app's responsibility to ensure that php.ini is setting up sessions securely (good hash, http-only, etc)