The back-end was built on top of the CodeIgniter MVC framework, with MySQL as the database server.

I developed the public facing site as well as the administrative pages for campaign creation and management, for bloggers, brands and admins. That included the checkout process, which deals with products, VAT calculation, promo codes, payment gateway processing (Paymill), and asynchronous PDF invoice generation and transactional email delivery.

The site is multilingual, for which I developed a library that deals with language negotiation, loading, persistance and switching. I also developed a library for managing multilingual user notifications, which is used for transactional email template parsing (Twig templates) and delivery (via Mandrill).

The application makes use of many third-party REST APIs and services (Google Analytics, Topsy, Bitly, Twitter, Facebook, YouTube, Vimeo, Instagram, LinkedIn, Klout, Google PageRank, Alexa Rank and RSS feeds). All the heavy lifting with cURL, OAuth and APIs was done by @tubalmartin.

Performance wise, the site is served by Nginx and uses APC for opcode and user cache, as well as for session data storage. The most CPU-intensive processes, such as image processing, PDF generation or transactional email delivery are handled asynchronously to reduce the web server load and for a snappier user experience. Gearman was used during development for job queue management, but it was eventually discarded.

As for security, the application performs exhaustive input data validation, filtering (only where HTML data is accepted, with HTML Purifier), as well as proper database query and output (Zend Escaper) escaping. That, ideally, prevents the site from being vulnerable to XSS and SQL injection attacks. It is also protected against CSRF attacks by using tokens on destructive actions. User access and privileges are managed by a full-featured Auth and ACL solution. Additionally, SSL is forced on those pages that manage sensitive information.