It's been awhile since I have inspected the DCP-Portal code. It's dated, no doubt about that.
The code is well organized, but it is based entirely on functions with only two classes.
The re-write is going much slower than I originally expected. Before inspecting the original code, I expected a reasonably quick timeline to update to PHP version 8 standards. IE: Write new modules to replace deprecated code, update the database support from MySQL to MariaDB using the new PHP MySQLi extensions.
One of the features of the later versions of DCP-Portal was a database abstraction layer. At the time, I chose to use ezSQL authored by Justin Vincent. ezSQL has moved along too – but used much less these days. It is considered a lightweight database abstraction layer with many users preferring PDO.
The renew of DCP-Portal will feature a series of classes with all the methods necessary for that particular task. The only exception is the new user authentication system. Creating a new account, Signing in with that account, and Forgot Password functionality all require a two step authentication process that includes a One-Time Passcode (OTP) sent to the email used to create the account.
All other user functionality is class based. The class features persistence that eliminates reliance on session variables. Persistenace allows a validation of IP and Remote Host while signed in. Any detection of a change in IP or Remote Host results in automatic Sign Out. One of the new features is elimination of duplicate sign ins. Any attempt at a repeat Sign In will result in blocking the second (and subsequent) Sign In attempt and a Sign Out on the current Signed In user.