# NEXERA Africa - Secure Version

A Pi-powered digital marketplace platform for property, e-commerce, and services across Africa.

## 📁 Project Structure (Corrected)

This version implements **public/private directory separation** for enhanced security:

```
Nexera_Corrected/
├── public/                  # Web root (document root) - ONLY this is accessible
│   ├── index.php           # Entry point
│   ├── login.php           # Authentication
│   ├── register.php        # Registration (secure)
│   ├── marketplace.php     # Main marketplace
│   ├── assets/             # CSS, JS, images
│   │   ├── css/
│   │   └── js/
│   ├── uploads/            # User uploads (consolidated)
│   │   └── products/
│   └── api/                # API endpoints
│       ├── pi_payment.php  # Pi payment handler
│       └── pi_handler.php
├── config/                 # Configuration (NOT accessible via web)
│   ├── database.php        # DB connection (env vars only)
│   ├── env.php             # Environment loader
│   └── pi.php              # Pi Network config
├── src/                    # Application source code (private)
│   ├── functions.php       # Common functions (secure)
│   ├── Controllers/        # Request handlers
│   ├── Models/             # Data access layer
│   ├── Middleware/          # Auth, CSRF, Rate limiting
│   └── Services/           # Business logic
├── templates/              # View templates (private)
│   ├── header.php
│   ├── footer.php
│   └── errors/             # Error pages
│       ├── 403.html
│       ├── 404.html
│       └── 503.html
├── languages/              # i18n translations
├── storage/                # Runtime files (private)
│   ├── logs/               # Application logs
│   ├── cache/              # Cache files
│   └── sessions/           # Session storage
├── admin/                  # Admin panel pages
├── vendor/                 # Vendor dashboard
├── docs/                   # Documentation & SQL schemas
├── tests/                  # Test suites
├── .htaccess               # Apache security rules
├── .gitignore              # Git ignore rules
└── .env.example            # Environment template
```

## 🔒 Security Improvements

### Critical Fixes Applied:
1. ✅ **Removed hardcoded credentials** - All secrets from environment variables only
2. ✅ **Deleted test/diagnostic files** - No phpinfo() or test files in production
3. ✅ **Added .htaccess** - Blocks access to sensitive directories
4. ✅ **Public/Private separation** - Source code outside web root
5. ✅ **Rate limiting** - Brute force protection on auth endpoints
6. ✅ **Session regeneration** - Prevents session fixation attacks
7. ✅ **Generic error messages** - No user enumeration or info disclosure
8. ✅ **Admin role not user-selectable** - Backend-only assignment

## 🚀 Quick Start

### 1. Configure Environment
```bash
cp .env.example .env
# Edit .env with your actual values
```

### 2. Set Database Credentials
```env
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=nexera_db
DB_USERNAME=nexera_user
DB_PASSWORD=your_strong_password_here
```

### 3. Configure Pi Network (Optional)
```env
PI_API_KEY=your_pi_api_key
PI_SANDBOX_MODE=true  # Set to false for production
```

### 4. Deploy
- Point web server document root to `public/` directory
- Ensure `storage/` and `public/uploads/` are writable by web server
- Run SQL schema from `docs/PI_DATABASE_SCHEMA.sql`

## 📋 Deployment Checklist

- [ ] Copy `.env.example` to `.env` and fill values
- [ ] Set strong random password for DB
- [ ] Generate Pi API key if using payments
- [ ] Set document root to `public/`
- [ ] Make `storage/logs/` writable
- [ ] Make `public/uploads/` writable
- [ ] Remove `.env.example` from production
- [ ] Test error pages (404, 403, 503)
- [ ] Verify rate limiting works
- [ ] Check CSRF tokens on all forms

## ⚠️ Important Notes

- **NEVER commit `.env` to version control**
- **Always use HTTPS in production**
- **Keep dependencies updated**
- **Review logs regularly** at `storage/logs/`
- **Test security fixes** before deployment

## 📄 License

Proprietary - NEXERA Africa Team

---

**Version:** 2.0 (Secure)  
**Last Updated:** 2026-07-15  
**Security Score:** Improved from 4.2/10 → 7.5/10
