Capstone Summary — Virginia Market Square

9

Phases

48

Tasks

51.5

Hours

100%

Complete

42

Products

Course CIS2987 — Capstone

Instructor Anup Parajuli

Semester Spring 2026

Start Date March 9, 2026

End Date April 22, 2026

Repository GitHub

Live Site View Site

PM Software GitHub Projects

Final Report View PDF

PROJECT SUMMARY

Virginia Market Square is a full-stack, multi-vendor e-commerce web application designed for a farmers market in Virginia, Minnesota. The platform supports three distinct user roles — customers, vendors, and administrators — each with dedicated dashboards and role-specific functionality.

Customers can browse 42 products across 9 local vendors, filter by category, search by keyword, manage a shopping cart, and complete purchases through Stripe payment processing. Vendors manage their product listings, view order history, and track sales metrics through a dedicated portal. Administrators oversee the entire marketplace with tools for user management, vendor approval, event scheduling, and contact submission review.

The application was built from scratch over 9 phases using PHP 8.x with MySQLi prepared statements, a 12-table normalized database (3NF), Bootstrap 5.3 for responsive design, and vanilla JavaScript for client-side interactivity. Security was a priority throughout: bcrypt password hashing, CSRF token protection on all forms, XSS output escaping, and Stripe's PCI-compliant Payment Element ensure card data never touches the server.

PHP 8.x MySQL / MariaDB Bootstrap 5.3 JavaScript ES6+ Stripe API HTML5 / CSS3 GitHub Actions CI/CD IONOS Hosting

PROJECT TIMELINE — PHASE SUMMARY

#	Phase	Tasks	Est Hrs	Act Hrs	Completed	Status
1	Planning, Design & Database Architecture	6	5.0	5.5	Mar 10–12	Done
2	Advanced Database & Environment Setup	4	6.0	6.5	Mar 19	Done
3	User Authentication Systems	5	5.5	5.5	Mar 21	Done
4	Backend Pages & API Logic	13	14.0	14.0	Mar 22–27	Done
5	E-Commerce Payment Integration (Stripe)	3	3.0	3.0	Apr 4	Done
6	Frontend & Responsive Design	11	7.5	7.5	Apr 7–12	Done
7	JavaScript & Interactivity	4	3.0	3.5	Apr 19	Done
8	Content, Images & Sample Data	2	2.0	1.5	Apr 21	Done
9	Testing, Optimization & Deployment	2	3.0	2.5	Apr 22	Done
TOTAL — 9 phases		48	48.5	51.5	Mar 10–Apr 22	COMPLETE

PROOF OF COMPLETED TASKS

Screenshots from the production site demonstrating all major features across all three user roles.

Click any screenshot to enlarge.

Homepage

Product Catalog

Product Detail

Shopping Cart

Checkout & Stripe

Order Confirmation

Login & Validation

Customer Dashboard

Vendor Dashboard

Admin Dashboard

Admin — Vendors

Admin — Users

Mobile Responsive

PROJECT MANAGEMENT

GitHub Projects was used as the project management tool throughout the capstone. All 48 tasks were tracked as GitHub Issues organized into 9 phases, with progress automatically updated via a GitHub Actions workflow that queries the project board through the GitHub GraphQL API.

GitHub Projects board — timeline view showing all 9 phases

GitHub Projects — Timeline View (All 9 Phases, 48 Tasks)

GitHub README showing auto-updated phase progress table

GitHub README — Auto-Updated Phase Progress (GitHub Actions)

TASKS NOT COMPLETED

All 48 planned tasks across 9 phases were completed. No tasks were left incomplete or deferred.

One infrastructure item remains outstanding: SSL/TLS certificate activation on the IONOS production domain. The hosting plan's free SSL certificates are fully allocated to other domains in the account, and the system-generated domain (s1085477016.onlinehome.us) does not support custom certificate assignment through IONOS. This is a hosting provider limitation, not an application deficiency — the application implements comprehensive security at every layer (prepared statements, bcrypt, CSRF, XSS escaping, Stripe PCI compliance).

FINAL DOCUMENTATION

The following deliverable documents were produced as part of the capstone project:

Capstone Final Report PDF · 1.2 MB · Spring 2026

View Report Download

Comprehensive Test Report

76 test cases across 10 feature areas. Authentication, product browsing, cart, Stripe checkout, three dashboards, public pages, form validation, responsive design. 100% pass rate.

Security Audit

45 security controls audited across 7 domains: SQL injection, XSS, CSRF, authentication, Stripe, configuration, input validation. OWASP Top 10 mapping included. All controls rated SECURE.

Deployment Documentation

Complete setup guide: tech stack, file structure, local development (XAMPP), CI/CD pipeline (GitHub Actions), database management, crash recovery, troubleshooting.

Weekly Progress Reports (7)

Seven weekly reports documenting activity logs, reflections, proof of completed tasks, and updated project timelines across the full development cycle.

Database Design Document

12-table schema in 3NF with ER diagram, foreign key relationships, indexes, and design rationale. All monetary values DECIMAL(10,2), InnoDB with utf8mb4.

Project Charter

Scope definition, user roles, feature requirements, technology stack, timeline, and success criteria established at project inception.

REFLECTION & CONCLUSION

This capstone project was the most technically demanding work I've undertaken. Building a full-stack e-commerce application from scratch — with three user roles, a normalized 12-table database, Stripe payment integration, and a CI/CD deployment pipeline — required me to apply and extend every skill from my coursework in a single integrated project.

The biggest technical growth came in backend development. Writing complex SQL JOINs that pull product data with vendor names and category labels, building database transactions with rollback for order creation, and implementing session-based authentication with role-specific access control were all areas where I went from textbook understanding to practical fluency. The Stripe integration was a highlight — understanding the PaymentIntent workflow (create server-side, confirm client-side, verify server-side before touching the database) gave me real insight into how production payment systems work.

Security was a consistent theme throughout every phase, not an afterthought. By the time I documented the security audit, I had already been applying prepared statements, CSRF protection, output escaping, and bcrypt hashing from Phase 3 onward. The OWASP Top 10 mapping in the audit wasn't aspirational — it reflected what was already built.

The three XAMPP MySQL crashes this semester were frustrating but educational. Each recovery got faster as I refined the process, and the final consolidation of all seed data into a single importable SQL file was a direct response to the pain of running four separate patch files after every crash. That kind of iterative improvement — building better tools in response to real problems — is something I'll carry into professional work.

The GitHub Actions CI/CD pipeline transformed my workflow. Knowing that every push to main automatically deploys to production through lftp, with Composer installing dependencies and sed injecting secrets from GitHub's encrypted store, gave me confidence to ship changes quickly. The automated project board status updates in the README were a nice touch that kept the repository self-documenting.

Looking back, the project scope was ambitious for 48 estimated hours — the actual 51.5 hours reflects the reality of infrastructure work (hosting setup, CI/CD, three crash recoveries) that isn't visible in the feature list but is essential to a production-deployed application. I'm proud that the project shipped four days ahead of schedule with all 48 tasks complete, all 76 test cases passing, and a live production site that demonstrates every feature.

Virginia Market Square is the strongest piece in my portfolio — not just because of its technical scope, but because it represents a complete development lifecycle from charter to deployment, with documentation, testing, and security built in at every step.

CAPSTONE PROJECT SUMMARY