Build complete plugin marketplace with authentication and admin portal

.gitignore

@@ -0,0 +1,7 @@
+node_modules/
+.env
+config/config.php
+uploads/
+*.log
+.DS_Store
+test-*.php

.htaccess

@@ -0,0 +1,21 @@
+# Enable Rewrite Engine
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteBase /
+</IfModule>
+
+# Prevent directory listing
+Options -Indexes
+
+# PHP Security Headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options "nosniff"
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set X-XSS-Protection "1; mode=block"
+</IfModule>
+
+# Protect sensitive files
+<FilesMatch "(\.env|config\.php|Database\.php|Auth\.php|JWT\.php)$">
+    Order allow,deny
+    Deny from all
+</FilesMatch>

README.md

@@ -1,112 +1,164 @@
-# Mixlar Plugin Marketplace
+# Mixlar Plugin Marketplace - PHP Edition
 
-A modern, elegant marketplace website for browsing and discovering Mixlar plugins and integrations.
+A full-featured plugin marketplace with user authentication, admin portal, and plugin management system. Built with PHP, MySQL, and vanilla JavaScript.
 
 ## Features
 
-- **Modern Design**: Clean, professional interface inspired by the Elgato marketplace
-- **Category Filtering**: Filter plugins by category (Core, Streaming, Smart Home, Control, Creative)
-- **Search Functionality**: Real-time search across plugin names, descriptions, and tags
-- **Detailed Plugin Pages**: Comprehensive information pages for each plugin with installation instructions
-- **Responsive Layout**: Fully responsive design that works on desktop, tablet, and mobile devices
-- **Dynamic Content**: All plugin data loaded from `list.json` for easy updates
-
-## File Structure
+### 🔐 Authentication System
+- User signup/login with JWT tokens
+- Password reset with email verification
+- Role-based access control (Admin/User)
+- Secure password hashing with bcrypt
+
+### 🏪 Marketplace
+- Browse and search plugins
+- Filter by category
+- Real-time search
+- Plugin details and downloads
+- Download tracking
+- Elgato-style modern UI
+
+### 👑 Admin Portal
+- Dashboard with statistics
+- Approve/reject plugin submissions
+- Feature plugins
+- User management
+- Role management
+- Plugin and user deletion
+
+## Installation
+
+### Prerequisites
+- PHP 7.4 or higher
+- MySQL 5.7+ or MariaDB 10.3+
+- Apache or Nginx web server
+- PHP extensions: mysqli, json, mbstring
+
+### Quick Setup
+
+**1. Create MySQL database:**
+```sql
+CREATE DATABASE mixlar_marketplace CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+```
 
+**2. Import database schema:**
+```bash
+mysql -u your_user -p mixlar_marketplace < sql/schema.sql
 ```
-/plugins
-├── index.html           # Main marketplace page
-├── plugin.html          # Plugin detail page template
-├── styles.css           # All styles and responsive design
-├── app.js              # Main marketplace functionality
-├── plugin-detail.js    # Plugin detail page functionality
-├── list.json           # Plugin data source
-└── README.md           # This file
+
+**3. Configure `config/config.php`:**
+```php
+define('DB_HOST', 'localhost');
+define('DB_USER', 'your_database_user');
+define('DB_PASS', 'your_database_password');
+define('DB_NAME', 'mixlar_marketplace');
+define('JWT_SECRET', 'change_this_secret_key');
+define('SITE_URL', 'http://yoursite.com');
 ```
 
-## Usage
-
-### Viewing the Marketplace
-
-Simply open `index.html` in a web browser to view the marketplace.
-
-### Adding New Plugins
-
-1. Edit `list.json` to add your new plugin data
-2. Follow the existing JSON structure:
-
-```json
-{
-  "id": 8,
-  "name": "Your Plugin Name",
-  "category": "core|streaming|smarthome|control|creative",
-  "tag": "Your Tag",
-  "status": "instruction|download|installed",
-  "author": "Author Name",
-  "socialUrl": "https://github.com/author",
-  "description": "Plugin description",
-  "imageColor": "from-color-600 to-color-700",
-  "icon": "fa-icon-name",
-  "downloadUrl": "https://download-url.com",
-  "instructionUrl": "https://docs-url.com",
-  "devices": ["Mixlar Mix"],
-  "version": "1.0.0"
-}
+**4. (Optional) Seed initial data:**
+```bash
+php sql/seed.php
 ```
 
-### Icon Options
+**5. Access the site:**
+- Marketplace: http://yoursite.com/frontend/public/
+- Admin: http://yoursite.com/frontend/public/admin.html
+
+### Default Admin Login
+- Email: admin@mixlarlabs.com
+- Password: admin123
 
-Uses Font Awesome 6.4.0 icons. Available icons include:
-- `fa-server`, `fa-desktop`, `fa-video`, `fa-house-signal`
-- `fa-sliders`, `fa-pen-ruler`, `fa-headset`
-- And many more from Font Awesome library
+⚠️ **Change immediately after first login!**
 
-### Gradient Colors
+## Project Structure
 
-Supported gradient color combinations:
-- `from-slate-700 to-slate-900` - Dark gray
-- `from-blue-600 to-indigo-600` - Blue to indigo
-- `from-gray-800 to-gray-950` - Very dark gray
-- `from-cyan-600 to-blue-700` - Cyan to blue
-- `from-emerald-600 to-teal-700` - Green to teal
-- `from-fuchsia-700 to-purple-800` - Purple gradient
-- `from-orange-600 to-amber-700` - Orange gradient
+```
+/plugins
+├── api/              # PHP API endpoints
+├── config/           # Configuration
+├── includes/         # PHP classes (Database, Auth, JWT, Email)
+├── frontend/public/  # HTML, CSS, JS
+├── sql/             # Database schema & seed
+└── list.json        # Initial plugin data
+```
 
-## Categories
+## Running on Different PHP Servers
+
+### XAMPP (Windows/Mac/Linux)
+1. Copy folder to `htdocs/plugins/`
+2. Start Apache and MySQL
+3. Import `sql/schema.sql` via phpMyAdmin
+4. Edit `config/config.php`
+5. Access: http://localhost/plugins/frontend/public/
+
+### WAMP (Windows)
+1. Copy to `www/plugins/`
+2. Same steps as XAMPP
+
+### MAMP (Mac)
+1. Copy to `htdocs/plugins/`
+2. Same steps as XAMPP
+
+### cPanel/Shared Hosting
+1. Upload via FTP to `public_html/`
+2. Create database via cPanel
+3. Import schema via phpMyAdmin
+4. Update `config/config.php` with cPanel database credentials
+
+### Apache (Linux)
+```bash
+sudo cp -r plugins /var/www/html/
+sudo chown -R www-data:www-data /var/www/html/plugins
+# Import SQL, configure config.php
+```
 
-- **core**: Essential plugins for core functionality
-- **streaming**: Plugins for streaming and broadcasting
-- **smarthome**: Smart home integration plugins
-- **control**: Control and automation plugins
-- **creative**: Creative workflow and productivity plugins
+### Nginx + PHP-FPM
+Add to nginx config:
+```nginx
+location ~ \.php$ {
+    fastcgi_pass unix:/var/run/php/php-fpm.sock;
+    include fastcgi_params;
+}
+```
 
-## Status Types
+## API Endpoints
 
-- **instruction**: Requires setup instructions (shows "Instruction" badge)
-- **download**: Available for download (shows "Download" badge)
-- **installed**: Already installed (shows "Installed" badge)
+### Auth
+- POST `/api/auth/signup.php`
+- POST `/api/auth/login.php`
+- POST `/api/auth/forgot-password.php`
+- POST `/api/auth/reset-password.php`
 
-## Deployment
+### Plugins
+- GET `/api/plugins/list.php`
+- GET `/api/plugins/get.php?id=X`
+- POST `/api/plugins/create.php` (auth required)
 
-To deploy the marketplace:
+### Admin (admin only)
+- GET `/api/admin/stats.php`
+- GET `/api/admin/plugins.php`
+- PUT `/api/admin/approve.php?id=X`
+- PUT `/api/admin/reject.php?id=X`
+- DELETE `/api/admin/delete-plugin.php?id=X`
 
-1. Upload all files to your web server
-2. Ensure `list.json` is accessible
-3. The marketplace will work with any static file hosting (GitHub Pages, Netlify, Vercel, etc.)
+See full API documentation in the detailed README sections above.
 
-## Browser Compatibility
+## Troubleshooting
 
-- Chrome (latest)
-- Firefox (latest)
-- Safari (latest)
-- Edge (latest)
+**Database Connection Error:**
+- Check credentials in `config/config.php`
+- Verify MySQL is running
+- Ensure database exists
 
-## Technologies Used
+**404 on API calls:**
+- Verify `.htaccess` exists
+- Enable mod_rewrite (Apache)
+- Check file permissions
 
-- HTML5
-- CSS3 (with CSS Grid and Flexbox)
-- Vanilla JavaScript (ES6+)
-- Font Awesome 6.4.0
+**Blank pages:**
+- Enable error reporting in `config/config.php`
+- Check PHP error logs
 
 ## License
 

api/admin/approve.php

@@ -0,0 +1,50 @@
+<?php
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: PUT');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    exit(0);
+}
+
+require_once __DIR__ . '/../../includes/Database.php';
+require_once __DIR__ . '/../../includes/Auth.php';
+
+if ($_SERVER['REQUEST_METHOD'] !== 'PUT') {
+    http_response_code(405);
+    echo json_encode(['message' => 'Method not allowed']);
+    exit;
+}
+
+try {
+    $auth = new Auth();
+    $user = $auth->requireAdmin();
+
+    $id = $_GET['id'] ?? null;
+
+    if (!$id) {
+        http_response_code(400);
+        echo json_encode(['message' => 'Plugin ID required']);
+        exit;
+    }
+
+    $db = new Database();
+
+    $stmt = $db->prepare("UPDATE plugins SET status = 'approved' WHERE id = ?");
+    $stmt->bind_param("i", $id);
+    $stmt->execute();
+
+    if ($stmt->affected_rows === 0) {
+        http_response_code(404);
+        echo json_encode(['message' => 'Plugin not found']);
+        exit;
+    }
+
+    echo json_encode(['message' => 'Plugin approved']);
+
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['message' => 'Server error']);
+    error_log($e->getMessage());
+}

api/admin/change-role.php

@@ -0,0 +1,52 @@
+<?php
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: PUT');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    exit(0);
+}
+
+require_once __DIR__ . '/../../includes/Database.php';
+require_once __DIR__ . '/../../includes/Auth.php';
+
+if ($_SERVER['REQUEST_METHOD'] !== 'PUT') {
+    http_response_code(405);
+    echo json_encode(['message' => 'Method not allowed']);
+    exit;
+}
+
+try {
+    $auth = new Auth();
+    $currentUser = $auth->requireAdmin();
+
+    $id = $_GET['id'] ?? null;
+    $data = json_decode(file_get_contents('php://input'), true);
+    $role = $data['role'] ?? null;
+
+    if (!$id || !$role || !in_array($role, ['user', 'admin'])) {
+        http_response_code(400);
+        echo json_encode(['message' => 'Invalid request']);
+        exit;
+    }
+
+    $db = new Database();
+
+    $stmt = $db->prepare("UPDATE users SET role = ? WHERE id = ?");
+    $stmt->bind_param("si", $role, $id);
+    $stmt->execute();
+
+    if ($stmt->affected_rows === 0) {
+        http_response_code(404);
+        echo json_encode(['message' => 'User not found']);
+        exit;
+    }
+
+    echo json_encode(['message' => 'User role updated']);
+
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['message' => 'Server error']);
+    error_log($e->getMessage());
+}