================================================================================
PESTCURE - RESELLER SYSTEM SETUP GUIDE
================================================================================
Last Updated: December 2024
Part of MultiCure Network
Security: Math CAPTCHA, Honeypot, Rate Limiting, SQL Injection Protection

================================================================================
DATABASE INFORMATION
================================================================================

SHARED DATABASE: multicure_db
-----------------------------
All *Cure brand sites share the same reseller database.
This means resellers registered on one site can access all brands.

Database Credentials (get from hosting provider or multicure admin):
- Host: localhost
- Database: multicure_db
- Username: multicure_user
- Password: [Contact admin for password]

================================================================================
SECURITY FEATURES (ALREADY CONFIGURED)
================================================================================

The following security is ALREADY BUILT INTO the system:

1. SQL INJECTION PROTECTION
   - All database queries use PDO prepared statements
   - User input is never directly inserted into SQL
   - Example: $stmt = $db->prepare('SELECT * FROM users WHERE email = ?');

2. MATH CAPTCHA (No API keys needed!)
   - Registration and contact forms show: "What is 5 + 3?"
   - Bots cannot solve simple math
   - Regenerates on each page load

3. HONEYPOT FIELDS
   - Hidden fields that bots fill in, humans cannot see
   - Instant bot detection without annoying users

4. TIME-BASED PROTECTION
   - Forms submitted in under 3 seconds are rejected
   - Bots submit instantly, humans take time to fill forms

5. RATE LIMITING
   - Login: 5 attempts per 15 minutes (prevents brute force)
   - Forms: 5 submissions per 5 minutes (prevents spam)

6. INPUT SANITIZATION
   - All user input is cleaned before use
   - Prevents XSS (cross-site scripting) attacks
   - Functions: sanitizeString(), sanitizeEmail(), sanitizePhone()

7. PASSWORD SECURITY
   - Passwords hashed with bcrypt (password_hash)
   - Never stored in plain text
   - Verified with password_verify()

================================================================================
FILE STRUCTURE
================================================================================

/pestcure/
├── reseller/
│   ├── login.php           (644) - Reseller login
│   ├── index.php           (644) - Reseller dashboard
│   ├── logout.php          (644) - Logout handler
│   └── DATABASE_SETUP.txt  (644) - This file
│
├── contact.php             (644) - Contact page
├── send-contact.php        (644) - Contact form handler
│
├── includes/
│   └── config.php          (644) - Site configuration
│
└── ...

/multicure/
└── includes/
    ├── config.php          (644) - Shared database config
    ├── security.php        (644) - Shared security functions
    └── email_config.php    (644) - Email configuration

================================================================================
FILE PERMISSIONS
================================================================================

*** CRITICAL: Never use 666 or 777 permissions! ***

For FILES (PHP, HTML, CSS, JS, images):
   - Permission: 644
   - Owner: Read/Write
   - Group: Read
   - Public: Read

For FOLDERS (directories):
   - Permission: 755
   - Owner: Read/Write/Execute
   - Group: Read/Execute
   - Public: Read/Execute

================================================================================
TESTING YOUR SETUP
================================================================================

1. TEST LOGIN:
   - Visit: https://pestcure.co.za/reseller/login.php
   - Try wrong password 6 times
   - Should see "Too many attempts" after 5th try

2. TEST CONTACT FORM:
   - Visit: https://pestcure.co.za/contact.php
   - Fill out the form
   - Answer the math question
   - Submit and check for success message
   - Check that email arrives at cois@pestcure.co.za

================================================================================
TROUBLESHOOTING
================================================================================

ERROR: "Database connection failed"
-----------------------------------
- Contact MultiCure admin for database credentials
- Verify config.php settings match database

ERROR: "CAPTCHA expired" or "Invalid security check"
----------------------------------------------------
- Session may have timed out
- Refresh the page and try again

ERROR: "Too many login attempts"
--------------------------------
- Wait 15 minutes and try again
- This is a security feature to prevent brute force attacks

ERROR: Form submits but no email received
-----------------------------------------
- Check spam folder
- Verify server can send mail (ask hosting provider)
- Check error logs in cPanel > Errors

SECURITY LOGS:
--------------
- Failed logins and bot attempts are logged
- View in cPanel > Errors or error_log file
- Look for: SECURITY [honeypot], SECURITY [rate_limit]

================================================================================
SUPPORT
================================================================================

Site: PestCure - Pest Control
Email: cois@pestcure.co.za
MultiCure Network: multicure.co.za
Admin: cois@multicure.co.za

================================================================================
