A small CMS-style PHP site with a public-facing navigation (Subjects → Pages) and a password-protected staff area for managing content and admins.
- Preferred:
http://globebank.localhost/(document root points topublic/) - Older setups may still use a
http://localhost/.../public/index.phpstyle URL if the project root is being served instead ofpublic/
- PHP (uses
mysqli) - MySQL / MariaDB
- Server-side sessions for staff authentication
public/– Web root (public site + staff area)private/– App code, DB connection, shared templates (should not be web-accessible)setup_database.sql– Local/dev database schema + seed dataindex.php– Convenience redirect intopublic/
The app computes WWW_ROOT dynamically in private/initialize.php by finding the /public segment in the current request path. This allows the site to run either:
- with your web server’s document root pointed at
public/(recommended), or - with the project root served and relying on
index.phpto redirect intopublic/.
- PHP 8.x recommended (7.4+ likely works)
- MySQL 5.7+ or MariaDB 10.x
- A web server (Apache/Nginx), or PHP’s built-in server for quick testing
Configure your web server so the site’s document root points to the public/ directory.
This prevents direct web access to private/, which contains database credentials and internal code.
-
Create the schema and seed data by running:
setup_database.sql(creates databaseglobe_bankand inserts sample Subjects/Pages)
-
The script also includes optional statements to create a MySQL user and grant privileges.
If you prefer to run commands manually, the minimum you need is:
- A database named
globe_bank - Tables:
subjects,pages,admins - Seed rows for
subjectsandpages(optional)
Edit:
private/db_credentials.php
Defaults are:
DB_SERVER:localhostDB_USER:globe_userDB_PASS:globe_passwordDB_NAME:globe_bank
The database connection is created in private/database.php and initialized via private/initialize.php.
- Point the site’s document root to
public/ - Visit the site using whatever URL your server is configured to serve.
Local development convention (this repo):
http://globebank.localhost/
If you previously browsed to a /public/... URL (for example http://localhost/.../public/index.php), that usually means your document root was pointed at the project root instead of public/.
From the project root:
php -S localhost:8000 -t publicThen browse to:
http://localhost:8000/
- Staff login:
/staff/login.php - Staff menu:
/staff/index.php
The Admin management pages require login, so on a fresh database there is no “first admin” account you can create through the UI.
To bootstrap the first admin, insert a row into the admins table with a bcrypt hash.
- Generate a bcrypt hash with PHP:
php -r "echo password_hash('ChangeMe123!@#', PASSWORD_BCRYPT), PHP_EOL;"- Insert the admin (replace values as needed):
INSERT INTO admins (first_name, last_name, email, username, hashed_password)
VALUES ('First', 'Admin', 'admin@example.com', 'admin_user', '$2y$10$...');Password rules enforced by the UI/validators:
- 12+ characters
- at least one uppercase letter
- at least one lowercase letter
- at least one number
- at least one special character
After creating the first admin, you can log in and create additional admins via:
- Staff → Admins → “Create New Admin” (
/staff/admins/new.php)
- Subjects and Pages are managed in the staff area.
- Public navigation shows only records marked visible.
- The public page renderer allows a limited set of HTML tags (see
public/index.php).
- Blank page / redirect loops: Confirm your document root points to
public/, or that you’re entering through the projectindex.phpwhich redirects topublic/index.php. - Database connection failed: Verify
private/db_credentials.phpmatches your MySQL host/user/password/database. - Port issues (built-in server): Change
8000to any free port.
- Use
setup_database_production.sqlonly if you want to target a different database name. - Never deploy
private/db_credentials.phpwith development passwords. - Ensure
private/is not web accessible in production.