1. Development Environment

• XAMPP setup: Install, start Apache & MySQL modules. Default root: htdocs.
• PHP versions: Ensure correct path in environment variables (7.x for legacy, 8.x for modern Laravel).
• Composer: Dependency manager. Requires PHP executable path during install.
• Node.js & npm: Required for frontend asset compilation (Vite/Mix).
• Git installation: Version control. Configure global user/email.
• Database (MySQL): Accessed via phpMyAdmin at http://localhost/phpmyadmin.

2. PHP Essentials

• Folder structure: Separate assets/, includes/, classes/, and root interface files.
• JSON handling: json_encode(), json_decode().
• Sessions & Cookies: session_start() at top of file. $_SESSION['key'], setcookie().
• File upload: Validate `$_FILES`, check MIME type, use `move_uploaded_file()`.
• Error reporting: error_reporting(E_ALL); ini_set('display_errors', 1); (Dev only).
• Form validation: Always sanitize with `htmlspecialchars()`.
• Security basics: Avoid direct user input in queries.
• PDO/MySQL: Always use Prepared Statements.
• PHP Mailer / Email Config: Use SMTP. Require autoload.
  phpmailer root setup (zip) sendemail reference + recaptcha thankyou page reference
• Password hashing: password_hash($pass, PASSWORD_BCRYPT), password_verify().

3. Laravel Essentials

• Installation: composer create-project laravel/laravel app-name
• MVC: Models (Data), Views (Blade), Controllers (Logic).
• Routes: Defined in routes/web.php or api.php.
• Migrations & Seeders: Database schema version control and dummy data injection.
• Middleware: Filter HTTP requests (e.g., auth, admin checks).
• Auth: Laravel Breeze or UI for scaffolding.
• Validation: $request->validate([...])
• File storage: Configure `config/filesystems.php`, use `Storage::disk('public')`.
• Queues: For background tasks (emails).
• Blade templates: Extend layouts using @extends and @section.
• .env & Cache: Environment variables. Never commit to Git.

4. Frontend Components

Lightbox

<!-- HTML -->
<div id="lightbox" class="modal">
  <span class="close" onclick="closeLightbox()">×</span>
  <img class="modal-content" id="lightbox-img">
</div>

<!-- CSS -->
.modal { display: none; position: fixed; z-index: 999; left: 0; top: 0; width: 100%; height: 100%; background-color: rgba(0,0,0,0.9); }
.modal-content { margin: auto; display: block; max-width: 80%; max-height: 80vh; margin-top: 5%; }
.close { position: absolute; top: 15px; right: 35px; color: #f1f1f1; font-size: 40px; cursor: pointer; }

<!-- JS -->
function openLightbox(src) { 
    document.getElementById("lightbox").style.display = "block";
    document.getElementById("lightbox-img").src = src;
}
function closeLightbox() { document.getElementById("lightbox").style.display = "none"; }

Scrollable Testimonials

<!-- HTML -->
<div class="testimonial-scroll">
  <div class="t-card">Client 1: Great work!</div>
  <div class="t-card">Client 2: Excellent UI/UX.</div>
  <div class="t-card">Client 3: Highly recommended.</div>
</div>

<!-- CSS -->
.testimonial-scroll { display: flex; overflow-x: auto; gap: 20px; padding: 20px; scroll-snap-type: x mandatory; }
.t-card { flex: 0 0 300px; padding: 20px; background: #1a0529; border: 1px solid #47f7e0; scroll-snap-align: start; }
.testimonial-scroll::-webkit-scrollbar { height: 8px; }
.testimonial-scroll::-webkit-scrollbar-thumb { background: #47f7e0; border-radius: 4px; }

Floating Call & WhatsApp Button

Reference local file:

Navigation & Forms (Responsive)

<!-- Nav HTML -->
<nav class="navbar">
  <div class="logo">Brand</div>
  <ul class="nav-links">
    <li><a href="#">Home</a></li>
    <li><a href="#">About</a></li>
  </ul>
</nav>

<!-- Form HTML -->
<form class="styled-form" action="submit.php" method="POST">
  <input type="text" name="name" placeholder="Name" required>
  <input type="email" name="email" placeholder="Email" required>
  <button type="submit">Send</button>
</form>

<!-- CSS -->
.navbar { display: flex; justify-content: space-between; padding: 1rem; background: var(--bg-color); }
.nav-links { display: flex; list-style: none; gap: 15px; }
.styled-form { display: flex; flex-direction: column; gap: 15px; max-width: 400px; }
.styled-form input { padding: 10px; border: 1px solid var(--accent-color); background: transparent; color: var(--text-color); }
.styled-form button { padding: 10px; background: var(--accent-color); color: var(--bg-color); border: none; cursor: pointer; }
@media (max-width: 768px) { .nav-links { flex-direction: column; } }

Icons: Include Font Awesome via CDN in head tag: <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">

5. Database

• Import/Export: Use CLI (mysqldump) or phpMyAdmin interface.
• Backup process: Automate via cron job or run manual exports before deployments.
• Foreign Keys: Enforce relational integrity (e.g., user_id references users(id) on delete cascade).
• Sample Query: SELECT users.name, posts.title FROM users JOIN posts ON users.id = posts.user_id;

6. Deployment (HestiaCP)

1. Create domain: Web -> Add Web Domain. Enter domain name.
2. Create subdomain: Same as above, check "Alias" or add distinct web domain.
3. Upload files: Use File Manager or SFTP (FileZilla). Put in public_html.
4. Set permissions: Directories 755, Files 644. Laravel storage/bootstrap cache: 775.
5. SSL: Edit Web Domain -> Enable Let's Encrypt SSL.
6. PHP version: Edit Web Domain -> Advanced Options -> Backend Template (select PHP-FPM version).
7. Database creation: DB -> Add Database. Note DB Name, User, Password for `.env`.
8. Cron Jobs: Cron -> Add Job. Example for Laravel: * * * * * php /home/user/web/domain.com/public_html/artisan schedule:run >> /dev/null 2>&1.
9. Restart PHP: Server settings (gear icon) -> Services -> Restart php-fpm.

cPanel Basics: Use File Manager for zips. Use MySQL Databases wizard for DB/User creation. MultiPHP Manager for PHP versions.

7. Website Features

Ensure components are modular:

• Pagination: Use Laravel's $model->paginate(10) & {{ $data->links() }}.
• Contact form: Secure with CSRF and validation.
• Google Maps: Embed iframe or use JS API for dynamic pins.
• Gallery: Implement Lightbox JS from Section 4. Apply lazy loading.
• Blog & Testimonials: Create dedicated tables/models.
• File uploads: Check MIME types. Store in secure directories.

8. Third-Party Integrations

Google reCAPTCHA (v2 Checkbox & v3 Invisible)

Complete integration architecture for spam prevention.

1. 1. Registration & Console Setup:

   Navigate to the official Google reCAPTCHA Admin Console. Register your target production domain or localhost for development. Choose your integration type:

   • reCAPTCHA v2 (Checkbox): Explicit user interaction required ("I'm not a robot").
   • reCAPTCHA v3: Adaptive, frictionless background score-based validation (0.0 to 1.0 threshold).

   Save both your public Site Key and your confidential Secret Key into your local configuration configuration context or .env file.

2. 2. Frontend Script & Widget Placement:

   Incorporate the standard asynchronous API script inside your layout head, and inject the wrapper container component directly into your submission forms:

   Copy

   <!-- 1. Include Script in <head> -->
   <script src="https://www.google.com/recaptcha/api.js" async defer></script>
   
   <!-- 2. Inject Form Widget component (v2 Example) -->
   <form action="process.php" method="POST">
       <input type="text" name="name" required placeholder="Name">
       
       <div class="g-recaptcha" data-sitekey="YOUR_ENV_SITE_KEY"></div>
       
       <button type="submit">Submit Data</button>
   </form>

3. 3. Backend Server-Side Verification:

   Validate the token payload returned by the client application via an external HTTP POST request over to Google verification servers:

   Copy

   <?php
   if ($_SERVER['REQUEST_METHOD'] === 'POST') {
       $recaptchaResponse = $_POST['g-recaptcha-response'] ?? '';
       $secretKey = "YOUR_CONFIDENTIAL_SECRET_KEY";
       
       if (empty($recaptchaResponse)) {
           die("Error: Please check the reCAPTCHA box.");
       }
   
       // Direct API verification request
       $verifyUrl = "https://www.google.com/recaptcha/api/siteverify";
       $requestData = [
           'secret'   => $secretKey,
           'response' => $recaptchaResponse,
           'remoteip' => $_SERVER['REMOTE_ADDR']
       ];
   
       $options = [
           'http' => [
               'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
               'method'  => 'POST',
               'content' => http_build_query($requestData)
           ]
       ];
       
       $context  = stream_context_create($options);
       $apiResult = file_get_contents($verifyUrl, false, $context);
       $responseKeys = json_decode($apiResult, true);
   
       if (!$responseKeys["success"]) {
           die("Spam protection block: Recaptcha verification failed.");
       }
       
       // Proceed safely with database entries/emails
   }
   ?>

Razorpay Integration & Webhook Verification

Target Project Node: http://ushanitafoundation.softnue.co.in

1. 1. Order Generation (Backend Controller):

   Initialize payment directly on Razorpay's infrastructure via the official PHP SDK before calling client checkout layouts.

   Copy

   <?php
   use Razorpay\Api\Api;
   
   $api = new Api($apiKey, $apiSecret);
   $orderData = [
       'receipt'         => 'rcpt_id_'.time(),
       'amount'          => 50000, // Amount in currency subunits (e.g., 50000 paise = ₹500)
       'currency'        => 'INR',
       'payment_capture' => 1 // Auto Capture
   ];
   
   $razorpayOrder = $api->order->create($orderData);
   $orderId = $razorpayOrder['id']; // Pass this valid token back to your frontend template
   ?>

2. 2. Secure Webhook Validation Interface:

   Webhooks handle connection drops or user drops mid-transaction. Razorpay communicates async payment updates back to this route. You MUST read the raw stream input payload directly and compute the SHA256 HMAC signature verification manually before modern processing:

   Copy

   <?php
   // 1. Fetch raw payload stream transmission 
   $webhookData = file_get_contents('php://input');
   $receivedSignature = $_SERVER['HTTP_X_RAZORPAY_SIGNATURE'] ?? '';
   $webhookSecret = "YOUR_CONFIGURED_WEBHOOK_SECRET_KEY";
   
   if (empty($receivedSignature) || empty($webhookData)) {
       http_response_code(400);
       die("Bad Request: Missing payload components");
   }
   
   // 2. Compute local signature verification hash
   $expectedSignature = hash_hmac('sha256', $webhookData, $webhookSecret);
   
   if ($expectedSignature === $receivedSignature) {
       // Signature verified successfully; process payment event type safely
       $payload = json_decode($webhookData, true);
       $eventType = $payload['event'];
       
       if ($eventType === 'payment.captured') {
           $paymentId = $payload['payload']['payment']['entity']['id'];
           $orderId = $payload['payload']['payment']['entity']['order_id'];
           
           // Update database records locally, flag invoice as PAID
       }
       
       // Always return an explicit HTTP status code back to Razorpay to prevent re-tries
       http_response_code(200);
       echo json_encode(["status" => "success"]);
   } else {
       // Signature parsing mismatch
       http_response_code(400);
       die("Invalid Signature Verification Protocol Rejected.");
   }
   ?>

SMTP Setup

Set variables in `.env` (Laravel) or PHPMailer config: Host, Port (465/587), Username, Password, Encryption (tls/ssl).

9. Security & OWASP Vulnerability Prevention

Enterprise applications must conform to core secure engineering standards. Review mitigation paths below:

1. 1. SQL Injection (SQLi):

   Occurs when unsanitized parameter inputs are concatenated strings evaluated as raw SQL. Mitigation: Enforce complete parameters normalization via PDO execution loops or Eloquent ORM layers.

   Copy

   // VULNERABLE: Direct string interpolation (DO NOT DO THIS)
   $db->query("SELECT * FROM users WHERE email = '" . $_POST['email'] . "'");
   
   // SECURE: Strict Prepared Bindings via PDO
   $stmt = $pdo->prepare('SELECT id, password_hash FROM users WHERE email = :email');
   $stmt->execute(['email' => $_POST['email']]);
   $user = $stmt->fetch();

2. 2. Cross-Site Scripting (XSS):

   Malicious client-side javascript payloads execution inside another user's contextual browser interface session. Mitigation: Strict parsing structures via native template escape logic.

   Copy

   <!-- Pure PHP Output Sanitization Context -->
   <p><?php echo htmlspecialchars($userInput, ENT_QUOTES, 'UTF-8'); ?></p>
   
   <!-- Laravel Automatic Engine Sanitization -->
   <p>{{ $userInput }}</p> 

3. 3. Cross-Site Request Forgery (CSRF):

   Forces an authenticated end-user client device browser to execute unauthorized state-changing operations across trusted targets. Mitigation: Cryptographic token verification unique per session context.

   Copy

   <!-- Laravel Blade Auto Token Scaffolding -->
   <form action="/profile" method="POST">
       @csrf
       <button type="submit">Update</button>
   </form>

10. Git Workflow (Specifically for odoself.com)

# 1. Clone project (Initial Setup)
git clone <repo_url> odoself-project
cd odoself-project

# 2. Pull latest changes before starting work
git pull origin main

# 3. Branching (Create new feature branch)
git checkout -b feature/new-dashboard

# 4. Push changes
git add .
git commit -m "Added tracking feature for odoself"
git push origin feature/new-dashboard

# 5. Resolving merge conflicts
# If git pull causes conflict:
# Open files, look for <<<<<<< HEAD. Edit to keep correct code.
git add .
git commit -m "Resolved merge conflicts in routes"

11. Common Commands

// Composer
composer install          // Installs dependencies from composer.lock
composer update           // Updates dependencies
composer dump-autoload    // Regenerates list of all classes

// NPM
npm install               // Install node modules
npm run dev               // Start Vite/Mix dev server
npm run build             // Compile assets for production

// Laravel Artisan
php artisan serve         // Run local server
php artisan migrate       // Run DB migrations
php artisan migrate:fresh // Drop all tables & re-migrate
php artisan db:seed       // Run seeders

php artisan optimize      // Cache config and routes
php artisan optimize:clear// Clear all cache types
php artisan cache:clear   // Clear app cache
php artisan config:clear  // Clear config cache
php artisan route:clear   // Clear route cache
php artisan view:clear    // Clear compiled views

php artisan storage:link  // Symlink storage to public folder

// Essential Linux/Terminal Commands
ls                        // List directory contents
ls -la                    // List all including hidden files
mkdir folder_name         // Create new directory
cd folder_name            // Change directory
cd ..                     // Go back one level
pwd                       // Print working directory
rm -rf folder_name        // Remove folder recursively (USE WITH CAUTION)

4. PHPMailer In-Depth Integration Architecture

Comprehensive layout implementation setup for handling production SMTP mail operations safely through explicit object class structure.

1. 1. Direct Library Structure Requirements:

   Extract your phpmailer root setup (zip) file components directly at the base of your project architecture. Ensure path declarations align flawlessly with your relative dependencies directory context tree map:

   Copy

   my-project-root/
   ├── assets/
   ├── includes/
   ├── PHPMailer/
   │   ├── src/PHPMailer.php
   │   ├── src/SMTP.php
   │   └── src/Exception.php
   └── contact-process.php (Your active script)

2. 2. Robust Form Engine Core Implementation (contact-process.php):

   Implement the complete robust execution architecture containing security checks, explicit port mapping options, authentication bindings, and exception tracking loops:

   Copy

   <?php
   // Explicitly declare target source files for raw implementations missing Composer autoloader
   use PHPMailer\PHPMailer\PHPMailer;
   use PHPMailer\PHPMailer\Exception;
   use PHPMailer\PHPMailer\SMTP;
   
   require 'PHPMailer/src/Exception.php';
   require 'PHPMailer/src/PHPMailer.php';
   require 'PHPMailer/src/SMTP.php';
   
   if ($_SERVER["REQUEST_METHOD"] === "POST") {
       // 1. Sanitize raw input inputs to prevent form field manipulations
       $senderName  = htmlspecialchars(trim($_POST['name'] ?? ''), ENT_QUOTES, 'UTF-8');
       $senderEmail = filter_var(trim($_POST['email'] ?? ''), FILTER_VALIDATE_EMAIL);
       $mailMessage = htmlspecialchars(trim($_POST['message'] ?? ''), ENT_QUOTES, 'UTF-8');
   
       if (!$senderEmail || empty($senderName) || empty($mailMessage)) {
           die("Validation Error: Invalid form entry data processing parameters.");
       }
   
       // 2. Instantiate core object instance context
       $mail = new PHPMailer(true);
   
       try {
           // --- Core Server Configuration Engine ---
           // $mail->SMTPDebug = SMTP::DEBUG_SERVER;         // Toggle on to inspect live communication logs during bugs
           $mail->isSMTP();                                  // Switch transfer channel type over to SMTP protocol
           $mail->Host       = 'smtp.gmail.com';             // Target SMTP Server Host Address
           $mail->SMTPAuth   = true;                         // Enable explicit credentials checking
           $mail->Username   = 'your_system_email@gmail.com'; // Target mailbox access user login account
           $mail->Password   = 'xxxx xxxx xxxx xxxx';        // App-Specific Password Token generated via Google security dashboard
           $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Standard TLS Encryption Layer protection protocol
           $mail->Port       = 587;                          // Port binding (Use 587 for STARTTLS, 465 for SSL configuration)
   
           // --- Routing Address Configuration ---
           $mail->setFrom('your_system_email@gmail.com', 'Application Notification Hub');
           $mail->addAddress('admin_destination@company.com', 'System Administrator'); 
           $mail->addReplyTo($senderEmail, $senderName);
   
           // --- Layout Compilation Structure ---
           $mail->isHTML(true);                              // Set mail formatting syntax option to parse tags
           $mail->Subject = 'New Lead Generated from Platform Portal: ' . $senderName;
           
           // Formulate presentation design content
           $mailBodyContent = "
           <h2 style='color: #130620; border-bottom: 2px solid #47f7e0; padding-bottom: 5px;'>Inbound Message Alert</h2>
           <p><strong>Client Name:</strong> {$senderName}</p>
           <p><strong>Reply Routing Address:</strong> {$senderEmail}</p>
           <div style='background: #fbfbfb; padding: 15px; border-left: 4px solid #47f7e0;'>
               <strong>Submitted Message Details:</strong><br>" . nl2br($mailMessage) . "
           </div>";
           
           $mail->Body    = $mailBodyContent;
           $mail->AltBody = strip_tags(str_replace('<br>', "\n", $mailBodyContent)); // Clear formatting fallback for plain clients
   
           // 3. Execute transmission request
           $mail->send();
           
           // Safe programmatic redirection routine
           header("Location: thankyou.php");
           exit;
   
       } catch (Exception $e) {
           // Output system execution failure messaging patterns securely
           error_log("System Notification Error Instance: " . $mail->ErrorInfo);
           die("Application Error: System was unable to dispatch notifications smoothly. Verify configurations.");
       }
   } else {
       http_response_code(405);
       die("Method Not Allowed.");
   }
   ?>

13. Troubleshooting

• 500 Internal Server Error: Check storage permissions (chmod 775), check `.env` syntax, check `storage/logs/laravel.log`.
• 403 Forbidden: Incorrect directory index or permissions (chmod 755 for folders).
• 404 Not Found: Route doesn't exist. Check `.htaccess` / Nginx config, run `php artisan route:clear`.
• Permission issues: Run chown -R www-data:www-data storage bootstrap/cache.
• .env not loading: Run `php artisan config:clear`.
• Composer autoload issues: Run `composer dump-autoload`.
• SMTP not sending: Check port firewall, verify app passwords (if Gmail).
• Migration errors: Check foreign key type matching (unsigned big int).
• Image upload issues: Check `upload_max_filesize` in `php.ini`. Storage symlink missing.

14. Company Workflow

Folder & File Naming Convention

• Frontend Project:
  • includes/ - Directory for header, footer, sidebar.
  • assets/ - Contains img/, css/, and js/.
• Files: All interface files must be .php, not .html.
• Coding Standards: Always use external CSS/JS. Avoid inline styling/scripts.

Root .htaccess File Demo

RewriteEngine On

RewriteRule ^home$ index.php [NC,L]
RewriteRule ^about-us$ about.php [NC,L]
RewriteRule ^contact$ contact.php [NC,L]
RewriteRule ^national$ national.php [NC,L]
RewriteRule ^international$ international.php [NC,L]
RewriteRule ^our-packages$ packages.php [NC,L]
RewriteRule ^car-rentals$ car-rental.php [NC,L]
RewriteRule ^our-events$ events.php [NC,L]
RewriteRule ^our-festivals$ festival.php [NC,L]
RewriteRule ^passport&visa$ passport-visa.php [NC,L]
RewriteRule ^plan-your-trip$ planyourtrip.php [NC,L]
RewriteRule ^terms-conditions$ termsandconditions.php [NC,L]
RewriteRule ^view-more$ viewmore.php [NC,L]

Deployment Checklist

1. Check if any internal/inline CSS or JS is used; move to assets/css/custom.css or assets/js/custom.js.
2. If uploading through git, ensure .env is added to .gitignore.
3. Before going live, ensure PHPMailer is integrated for forms and Google reCAPTCHA is active.

15. Frequently Used Resources

• Bootstrap Documentation
• Laravel Documentation
• PHP Documentation
• Composer Packages (Packagist)
• Font Awesome Icons
• Google Fonts

TinyMCE/CKEditor Setup

Include CDN script in head, then initialize on target textarea ID: tinymce.init({ selector: '#mytextarea' });

Images & Assets

Note: lazyload attribute should always be used in image tags: <img src="img.jpg" loading="lazy" alt="Description">

Downloadable Component Files

These local files have been configured for your references: