# Hopenity Admin Panel Setup Guide

## Installation

### Prerequisites
- PHP 7.4+
- MySQL 5.7+
- Web Server (Apache/Nginx)
- cPanel Access

### Steps

1. **Upload Files**
   - Upload the entire `admin-panel` folder to `/public_html/admin` via cPanel File Manager or FTP
   
2. **Database Setup**
   - Run the migration file: `backend/database/migrations/0007_admin_setup.sql`
   - This creates admin tables, reports table, and settings table

3. **Configure Database Connection**
   - Edit `src/models/Database.php`
   - Update database credentials:
     ```php
     private $host = 'localhost';
     private $db_name = 'your_database_name';
     private $user = 'your_username';
     private $password = 'your_password';
     ```

4. **Set Permissions**
   - Ensure `public/` folder has write permissions (755)
   - Ensure `public/css/` and `public/js/` folders exist

5. **Access Admin Panel**
   - Navigate to: `https://yourdomain.com/admin/public/login.php`
   - Default Credentials:
     - Email: `admin@hopenity.com`
     - Password: `admin123` (Change this immediately!)

## Features

### Dashboard
- Real-time statistics (users, posts, comments, reports)
- User growth chart (last 30 days)
- Post activity chart
- Pending reports count

### User Management
- View all users with pagination
- Search users
- Ban/Unban users with reasons
- Verify user accounts
- Delete user accounts (cascades posts)
- View user details and stats

### Post Management
- View all posts
- Filter flagged posts
- Delete inappropriate posts
- Flag posts for review
- View post author information
- Comment count and engagement metrics

### Report Center
- View all user reports
- Filter pending reports
- Resolve reports with action taken
- Add resolution notes
- Track report status history

### Comments Moderation
- View all comments
- Delete inappropriate comments
- See comment context (post ID, author)
- Filter by date

### Settings
- Maintenance mode toggle
- Max post size configuration
- Max video duration settings
- Content moderation settings
- System settings management

## API Endpoints

All endpoints require admin authentication via session.

### Dashboard
```
GET /api/admin.php?action=dashboard-stats
```
Returns statistics and growth trends.

### Users
```
GET /api/admin.php?action=users&page=1
GET /api/admin.php?action=user-details&user_id=123
POST /api/admin.php?action=ban-user
POST /api/admin.php?action=unban-user
POST /api/admin.php?action=verify-user
POST /api/admin.php?action=delete-user
```

### Posts
```
GET /api/admin.php?action=posts&page=1
GET /api/admin.php?action=flagged-posts&page=1
GET /api/admin.php?action=post-details&post_id=123
POST /api/admin.php?action=delete-post
POST /api/admin.php?action=flag-post
POST /api/admin.php?action=unflag-post
```

### Reports
```
GET /api/admin.php?action=reports&page=1
GET /api/admin.php?action=pending-reports&page=1
POST /api/admin.php?action=resolve-report
```

### Comments
```
GET /api/admin.php?action=comments&page=1
POST /api/admin.php?action=delete-comment
```

### Analytics
```
GET /api/admin.php?action=user-growth&days=30
GET /api/admin.php?action=post-activity&days=30
```

### Settings
```
GET /api/admin.php?action=settings
POST /api/admin.php?action=update-setting
```

## Security Features

1. **Session-based Authentication**
   - Admin login with email and password
   - Session timeout after inactivity
   - Secure password hashing with bcrypt

2. **Database Security**
   - Prepared statements to prevent SQL injection
   - Row-level validation
   - Cascading deletes for data integrity

3. **Access Control**
   - Admin-only endpoints
   - Session verification on all API calls
   - CORS-friendly headers

4. **.htaccess Protection**
   - Prevents direct access to sensitive files
   - Enables mod_rewrite for clean URLs
   - Blocks unauthorized requests

## File Structure

```
admin-panel/
├── public/
│   ├── index.php           # Main dashboard page
│   ├── login.php           # Login page
│   ├── dashboard.php       # Full dashboard interface
│   ├── api/
│   │   ├── auth.php        # Authentication API
│   │   └── admin.php       # Admin management API
│   ├── css/
│   └── js/
├── src/
│   ├── controllers/
│   │   ├── AdminController.php  # Main admin logic
│   │   └── AdminAuth.php        # Authentication logic
│   └── models/
│       └── Database.php     # Database connection
├── config/
│   └── config.php          # Configuration file
└── SETUP.md                # This file
```

## Troubleshooting

### Login Issues
- Clear browser cookies and cache
- Verify database connection in `Database.php`
- Check if admin account exists in database

### API Errors
- Check session is active (not timed out)
- Verify JSON request headers: `Content-Type: application/json`
- Check error logs in MySQL

### Permission Issues
- Ensure folder permissions are 755
- Check file permissions are 644
- Verify PHP can write to session directory

## Maintenance

### Regular Tasks
1. Review pending reports weekly
2. Check for flagged content
3. Monitor user growth
4. Archive old logs monthly
5. Backup database regularly

### Creating Additional Admins
Run SQL command:
```sql
INSERT INTO admins (name, email, password) VALUES 
('Admin Name', 'admin@example.com', PASSWORD('secure_password'));
```

Note: Replace PASSWORD() with bcrypt hash for security.

## Support

For issues or questions, contact the development team or check logs at:
- PHP Error Log: `/var/log/php-errors.log`
- Apache Error Log: `/var/log/apache2/error.log`
- Database Errors: Check MySQL error log