Design and Develop Source Code (Web App Security)

You are progressing well as a junior web developer for a leading communications firm called BizTech Ltd. An opportunity has arisen for you to work for a small client company known as London Tours. The client is UK-based brick and mortar shop and sells tickets for famous London landmark attractions, sightseeing guided tour tickets, as well as gifts and souvenirs. To be competitive and remain at the cutting edge, London Tours intends to launch their business online. The aim of this new website is to offer their customers convenience, more control and speedy checkout services. Although the aim is to improve customer service, it is clear that it will also help the company save costs and remain ahead under tough market competition.
The client (London Tours) will use the website to project their presence and the services they offer. The client will also use the website as a contact tool with their customers. The website should be simple to use and must consider the customer experience when designing and developing this website. During the first phase of website design and development, you will design a front-end website using suitable design tools and technologies such as Adobe brackets or sublime text-2 and HTML, CSS, JavaScript on client side and PHP, MySQL on the server side. Merchant payment integration will be done during the second phase and will not be in the scope of the current work.
Deliverables
The new website should be secured, data driven and include following functionalities:
Customer Functionality:
• New user account registration
(customer name, phone #, email address, home address info (street, city and postcode), and password)
• User login
• Tour search (by place name and date)
• Add/update tours bookings from the database

Administrator Functionality:
• Admin login
• View customers’ booking requests
• Insert/update/delete bookings

Web Security functions:
• Form validation and sanitising data using PHP functions
• Prevent SQL injection using Prepared Statements
• Cross site scripting (XSS) or cross-site request forgery (CSRF) using PHP filters