# ProArt Accounting System — Deployment Guide ## Stack - **Frontend**: HTML5, CSS3 (custom dark/gold theme), Vanilla JS (ES2020+) - **Backend**: PHP 8.0+ with prepared statements (MySQLi) - **Auth**: Token-based — every request carries `token` via GET or POST - **DB**: MySQL / MariaDB (your existing `elegaysv_proart_accounting` schema) --- ## Quick Start ### 1. Run the migration ```sql -- In phpMyAdmin or mysql CLI: source /path/to/migrate.sql; ``` This adds the `tokens` table and a default admin user (`admin` / `admin123`). ### 2. Configure the database Edit `config.php`: ```php define('DB_HOST', 'localhost'); define('DB_USER', 'elegaysv_user'); define('DB_PASS', 'your_password'); define('DB_NAME', 'elegaysv_proart_accounting'); ``` ### 3. Upload to your server Upload the entire `proart/` folder to your web root (e.g. `/public_html/`) or a subdirectory. If in a subdirectory (e.g. `/accounting/`), update `BASE_URL` in `config.php`: ```php define('BASE_URL', '/accounting'); ``` And update these lines in `index.php` and `login.php`: ```js const BASE_URL = '/accounting'; ``` ### 4. Set permissions ```bash chmod 755 /public_html/proart/ chmod 644 /public_html/proart/config.php ``` ### 5. Login - URL: `https://yourdomain.com/proart/` - Default username: `admin` - Default password: `admin123` - **⚠ Change this immediately after first login!** --- ## File Structure ``` proart/ ├── .htaccess ← Security + caching rules ├── config.php ← Database & app config ├── migrate.sql ← Run once to add tokens table ├── index.php ← Main app shell (sidebar + tabs) ├── login.php ← Login page ├── core/ │ ├── db.php ← DB wrapper (prepared statements) │ ├── auth.php ← Token creation, validation, revocation │ └── response.php ← json_ok() / json_err() helpers ├── api/ │ ├── login.php ← POST → returns token │ ├── logout.php ← Revokes token │ ├── clients.php ← Full CRUD + statement │ ├── quotes.php ← Full CRUD + convert to invoice │ ├── invoices.php ← Full CRUD + mark paid │ └── data.php ← Unified: suppliers, expenses, income, │ accounts, account_type, reports, company, users ├── assets/ │ ├── css/main.css ← Dark gold theme │ └── js/ │ ├── app.js ← Parent shell: auth, tabs, sidebar, toasts │ └── page.js ← Page helpers: apiGet/Post, fmt, nav, modal └── pages/ ├── dashboard.php ├── clients.php ├── add_client.php ├── suppliers.php ├── invoices.php ├── add_invoice.php ├── edit_invoice.php ├── view_invoice.php ← Print-ready invoice ├── quotes.php ├── add_quote.php ├── edit_quote.php ├── view_quote.php ← Print-ready quote ├── client_statement.php← Print-ready client statement ├── expenses.php ├── income.php ├── accounts.php ├── account_types.php ├── users.php ├── company.php ├── profile.php └── reports/ ├── profit.php ← P&L with date range ├── invoices.php ├── quotes.php ├── clients.php ├── income.php ├── expenses.php └── logs.php ← Full audit trail ``` --- ## Token System ### How it works 1. User logs in via `POST /api/login.php` with `username` + `password` 2. Server validates credentials (SHA-256 hash), creates a token in the `tokens` table 3. Token is returned as JSON: `{ "data": { "token": "abc123...", "username": "..." } }` 4. Client stores token in `localStorage` 5. **Every subsequent request** passes `?token=abc123` (GET) or `token=abc123` in POST body 6. API validates via `Auth::requireToken()` — returns 401 JSON if invalid/expired 7. On logout, token is marked `active = 0` in DB ### Token table ```sql CREATE TABLE `tokens` ( `record_id` INT AUTO_INCREMENT PRIMARY KEY, `token` VARCHAR(128) NOT NULL UNIQUE, `user_id` INT NOT NULL, `created_at` DATETIME NOT NULL, `expires_at` DATETIME NOT NULL, `active` TINYINT(1) DEFAULT 1 ); ``` ### Token expiry Default: 24 hours. Change in `config.php`: ```php define('TOKEN_EXPIRY_HOURS', 48); // extend to 48 hours ``` --- ## Security Notes - All DB queries use **prepared statements** (no SQL injection) - Passwords stored as **SHA-256 hash** (not plain text) - Tokens are **64-byte cryptographically random hex** strings - `.htaccess` blocks direct access to `core/` and `config.php` - CORS headers set on all API endpoints - Old tokens deactivated on new login (one active session per user) --- ## Customisation ### Change company branding Go to **Admin → Company Details** in the app and update company name, address, banking details, T&Cs. ### Add a new navigation item Edit `index.php` and add a `
` inside the relevant nav group. ### Extend the API Each API endpoint follows the pattern: ```php $act = $_GET['action'] ?? $_POST['action'] ?? 'list'; switch ($act) { case 'list': ... case 'add': ... case 'update': ... } ``` --- ## Support System built for Pro Art Moldings. Database: `elegaysv_proart_accounting` Original system migrated from CGI/session-based PHP to token-authenticated REST API.