PDRS is a PHP 8.x and MySQL 8.0 framework for secure professional development registration, identity verification, and Moodle enrollment automation.

It is designed for education and enterprise environments where registration workflows must balance user experience, security, auditability, privacy, and operational maintainability.

• Dynamic event landing pages using event slugs such as /e/secure-ai-governance.
• Flexible program delivery metadata for synchronous, asynchronous, self-paced, instructor-led, hybrid, cohort-based, and custom formats.
• Event-specific metadata fields mapped to Moodle custom profile fields.
• Optional invite-code gates per event, with only HMAC hashes stored in the database.
• Mandatory email verification before registration records are created.
• OTP and signed-link verification workflows.
• Identity proofing exception workflow for duplicate accounts, name variants, email changes, sponsor corrections, Moodle conflicts, suspicious registration patterns, and certificate-impacting identity updates.
• Sponsor roster import validation workflow for employer or partner cohorts, covering sponsor authority, schema checks, eligibility, consent, duplicates, invite scope, and downstream reconciliation.
• Session-backed CSRF protection across public form submissions.
• Duplicate identity checks against Moodle before account creation.
• Duplicate registration handling by event and verified email.
• Moodle REST integration for user creation, cohort assignment, and course enrollment.
• Retryable Moodle provisioning utility for operational recovery.
• Moodle enrollment reconciliation workflow for identity, course, cohort, role, withdrawal, retry, and certificate-release drift.
• Certificate eligibility reconciliation workflow for registration, attendance, Moodle completion, payment, withdrawal, exceptions, and certificate release evidence.
• Attendance anomaly triage workflow for missing attendance, duplicate check-ins, late joins, platform drift, manual overrides, disputes, and certificate eligibility impact.
• Waitlist and capacity governance workflow for fair seat allocation, invite waves, reserved capacity, overbooking approvals, accessibility accommodations, and audit evidence.
• Waitlist fairness and capacity release workflow for priority rules, sponsor allocation, invite expiry, overbooking decisions, accessibility holds, Moodle provisioning, and complaint-ready evidence.
• Automatic approval based on domain allow-lists and payment status flags.
• AES-256-GCM encryption for sensitive registration data at rest.
• HMAC hashing for email, IP address, and user-agent lookups without exposing raw values.
• Data retention and privacy workflow for registration, verification, Moodle provisioning, attendance, certificate, support, and audit records.
• PDO prepared statements for all database operations.
• Rate limiting for verification endpoints.
• Audit logging for registration attempts, verification events, administrative changes, and integration failures.
• Liveness, readiness, and protected operations metrics endpoints.
• Maintenance commands for expired verification, rate-limit, and audit-log cleanup.
• SMTP transactional email transport with local mail logging for development.
• Trusted proxy configuration for accurate client IP handling behind load balancers.
• Rich field rendering and validation for text, email, number, date, textarea, and select inputs.
• Dockerized local development with PHP 8.3, Apache, MySQL 8.0, and Mailpit.

Registrant
  -> Event landing page
  -> Email OTP or signed-link verification
  -> Registration form
  -> Approval policy
  -> Moodle identity check
  -> User creation if needed
  -> Cohort assignment and course enrollment
  -> Confirmation email and calendar invite

cp .env.example .env
docker compose up --build

Then open:

• Application: http://localhost:8080
• Demo event: http://localhost:8080/e/secure-ai-governance
• Mailpit inbox: http://localhost:8025

Generate a strong local APP_KEY before testing encryption:

php -r "echo 'base64:' . base64_encode(random_bytes(32)) . PHP_EOL;"

If PHP is not installed locally, run that command inside a PHP container or replace the key with any secure 32-byte base64 value.

The example key in .env.example is only for local development and must be replaced before production use.

Run scheduled maintenance:

php bin/maintenance.php

Retry approved or failed Moodle provisioning records:

php bin/retry-provisioning.php

Generate an operations bearer token hash:

php -r "echo hash('sha256', 'replace-with-strong-token') . PHP_EOL;"

Set the result as OPERATIONS_TOKEN_HASH and call /ops/metrics with Authorization: Bearer <token>.

Generate an invite-code hash for an invite-only event:

php bin/hash-invite-code.php "program-invite-code"

Set the generated value in events.invite_code_hash after the production APP_KEY has been configured.

• Architecture
• Security and Data Protection
• Security Controls
• Secure Enrollment Threat Model
• Identity Proofing Exception Workflow
• Sponsor Roster Import Validation Workflow
• Moodle Integration
• Moodle Integration Security Checklist
• Moodle Enrollment Reconciliation Workflow
• Certificate Eligibility Reconciliation Workflow
• Attendance Anomaly Triage Workflow
• Waitlist and Capacity Governance Workflow
• Waitlist Fairness and Capacity Release Workflow
• Data Retention and Privacy Workflow
• Database Schema
• Development Guide
• Operations Guide
• API and Routes
• Extension Guide
• Production Checklist
• Testing Guide
• Future Roadmap

public/                 Web entry point and assets
src/                    Application code
src/Http                Request, response, and router
src/Repository          PDO database access layer
src/Service             Business services and integrations
database/migrations     MySQL schema and demo event seed
database/seeders        Optional standalone seed data
docs/                   Implementation and operations documentation
bin/                    Utility scripts

Deploy the application and database to approved infrastructure for the institution, enforce TLS at the load balancer or reverse proxy layer, keep Moodle tokens in a secret manager, and restrict outbound access to approved Moodle endpoints and SMTP infrastructure.

MIT License. See LICENSE.

This repository is part of the professional portfolio of Musaab Hasan, focused on cybersecurity, digital forensics, AI governance, EdTech, secure platforms, and research-driven digital transformation.

• Android Digital Forensics Lab - Advanced Android forensics workbench for acquisition planning, anti-forensics evaluation, memory triage, evidence integrity, and case reconstruction.
• Humanoid Robot Forensics Lab - PHP/MySQL forensic casework platform for humanoid robot, companion app, and IoT evidence triage.
• Smart Metering Security Lab - Research portal based on smart metering security analysis for cyber-physical and smart-grid environments.
• Drive-by Download ML Lab - Machine learning research portal for detecting drive-by download attacks and web-based malware delivery.
• SQL Injection ML Detection Lab - Research portal for SQL injection detection using machine learning and security telemetry.
• IoT Board SSH Hardening Lab - SSH exposure assessment and hardening portal for IoT development boards and embedded Linux systems.
• ZigBee WHAS Design Lab - Research portal for designing and evaluating ZigBee wireless home automation systems.
• Mammogram Fourier Analysis Lab - Medical image-processing research portal based on Fourier transform analysis for mammography.

• Human Factors Risk Profiler - Human-centered security risk profiling portal for targeted interventions and behavior-aware controls.
• Security Champion Network Portal - Platform for managing security champion networks, missions, recognition, and measurable impact.
• Crisis Simulation Command Portal - Cyber crisis simulation planning, scoring, and improvement platform for resilience exercises.
• Behavioral Security Metrics Portal - Evidence-based security awareness metrics portal focused on behavior, culture, and intervention outcomes.
• Security Culture Heatmap Portal - Security culture maturity heatmap for norms, leadership signals, and organizational readiness.
• Emerging Technology Security Culture Portal - Adoption-readiness portal for emerging technology, governance, and security culture alignment.
• AI Use Case Evaluation Portal - Evaluation platform for AI use cases across value, feasibility, data readiness, privacy, ethics, and governance.
• Transformation Roadmap Portal - Roadmap platform for moving security culture programs from compliance orientation to resilience and measurable change.

• Professional Development Registration System Framework - Secure registration and Moodle enrollment automation framework for professional development programs.
• Multilingual Certificate Issuer - Arabic/English certificate design, PDF generation, and throttled SMTP distribution platform.
• AI Security Governance Toolkit - Practical AI security governance controls, templates, evidence registers, playbooks, and policy-as-code examples.

Professional profile and research portfolio: https://musaab.info