Tried http://stackoverflow.com/questions/16679146/force-footer-on-bottom-on-pages-with-little-content

• https://github.com/FriendsOfSymfony/FOSCommentBundle/
• Seems to be very flexible

Setup: https://github.com/nelmio/NelmioApiDocBundle/blob/master/Resources/doc/index.rst
Annotation Documentation: https://github.com/swagger-api/swagger-core/wiki/Annotations

Using CamelCase convention for all variables, tables etc.

• Every word most have a capital first character even if its only 1 word
• Move all Entity classes into same folder and adopt ApiUsers, ApiXXX convention

Instead refer explicitly to the object/module

• security will be split into login/registration

• Going for custom. Too much limitations with FOSUserBundle (Plus Id instead of id :P)
• Using Site references in all other tables with -1 as the local site

see http://symfony.com/doc/current/validation.html

• Users will be privileged to perform certain Actions (foreign key)
• When an action is requests, system will check if User has these privileges or is in an appropriate UserGroup that does

• All controllers should be in one place Api/ directory is confusing
• Using bbcode rather than markdown now

• http://www.sceditor.com/ seems promising

• Add methods to AuthenticationManager
• Add another entity for LoginAttempts that store the Id of the user and the timestamp of the login request
• If more than 3 login attempts made within 1 minutes, block the account for 10 minutes

• Used in ErrorResponsesManager
• Needs to add to the database.

Traditional login form may be useful

• This will be used for all responses to ajax requests
• http://fabien-d.github.io/alertify.js/

https://github.com/FriendsOfSymfony/FOSOAuthServerBundle

• It will be more maintainable and secure for authenticating api requests
• Remove sessions table as would be redundant

It could prove annoying in the future considering the PHP is following a userId type convention and database is user_id

See: https://knpuniversity.com/screencast/guard/api-token

github.com has a cool 404 page - https://github.com/404

AJAX request should return a json error response
Web request will return the appropriate HTML error page

• Want to merge them all together

see: http://stackoverflow.com/questions/39321604/500-status-code-for-symfony-functional-test/39321624

http://phppot.com/php/php-mysql-inline-editing-using-jquery-ajax/ - Might be useful

This will include all the methods required to rank results based on a query

• XSS protection is important

Symfony built in validation with annotations seems very flexible

• http://symfony.com/doc/current/validation.html

Validation performed in service managers (eg UserManager add(array $Options) method)

• Use custom themes and bbcodes
• http://www.sceditor.com/

Test the following actions:

• Unauthenticated user attempting to access restricted page (and for authenticated user)
• Login system with valid/invalid credentials
• Registration system with valid/invalid details
• Logout system
• Reset password system

Don't spend too much time on it Cover the main requirements of the system.
... For example, a test suite to see if the login system works with a long username and a valid password with the CSRF token manipulated is too specific!

http://symfony.com/doc/current/event_dispatcher/before_after_filters.html

Use https://github.com/jenssegers/optimus to encode all ids from database

Why? Because would be difficult to completely customize the FOSUserbundle.
We don't want username and email field to be unique across all sites. Just across individual sites.
Logging in, registration is done with a different protocol for site users and external users.
etc..

• Links to the parent documentation up until it reaches the root (documentation with no parent)
• Root link (home) does not have a parent documentation page