# Hosting Guide for SHAHANA VEGETABLES

## 1) Create MySQL database
- Create a MySQL database, user, and password in cPanel.
- Import `sql/database.sql` into phpMyAdmin.
- Update `config/config.php` with the real database credentials.

## 2) Upload admin/staff portal
- Create subdomain: `adm.shahanaveg.in`
- Point document root to a folder containing:
  - `admin/`
  - `config/`
  - `includes/`
  - `assets/`
  - `create admin.php`
- Optional: rename `create admin.php` after first use.

## 3) Upload customer portal
- Create subdomain: `login.shahanaveg.in`
- Point document root to a folder containing:
  - `customer/`
  - `config/`
  - `includes/`
  - `assets/`

## 4) Important path suggestion
Because both portals use shared code, the simplest hosting layout is:
- `/home/USER/shahana-shared/config`
- `/home/USER/shahana-shared/includes`
- `/home/USER/public_html/adm/` for admin portal
- `/home/USER/public_html/login/` for customer portal

Then update include paths if needed.

## 5) Security checklist
- Force HTTPS on both subdomains.
- Remove or restrict `create admin.php` after initial setup.
- Use strong database password.
- Enable automatic backups.
- Add `.htaccess` rules to deny direct access to sensitive folders if placed inside public web root.
- Turn off PHP error display in production.
- Add CSRF tokens before production launch.
- Add audit log for invoice edits/deletes.

## 6) Suggested next improvements
- Stock deduction on invoice creation
- Purchase entry for supplier-side buying
- PDF invoice generation
- WhatsApp invoice sharing
- Daily closing sheet
- Profit report using original price vs sales price
- OTP or email-based password reset by admin action