I thought you have a demo already, but it seems like the website just shows a pitch on what your platform can do. Not much I can comment on it, maybe if we can see the community hub in action we'll see more. For example, how does navigating the UI feels like, what's the invite-only room like, etc. I think it will be great if user can register as a guest or something, since I personally don't want to create a new account with emails and whatnot just to test a new service.
I showing my progress now take a look below this post with the updates I did I am just covering the basic html layout and demo of the site before converting it to php which is coming in the next update.
You already have a service thread
TalkBuildHost.com | Dynamic Websites | let's Talk, I build, and Host And this discussion is related to your service thread; it's better to update your service thread if you are going to post a topic about what you offer. A copper account is a good option if you want to post images related to your offerings.
This is what I can do yes but this is not part of the services I am offering or selling it's part of the TalkBuildHost network and It's Powered By TalkBuildHost company which will make it even more secure not another person seeing my client data by going through my system so it basically takes away many eyes from my user data.
https://SuperHubber.com
Update Log2026-05-03 (Comprehensive Update)Branding, Identity, and Contact Domain- Rebranded site-wide from Placeholders to SuperHubber.
- Updated domain and references from superhubber.io to superhubber.com email addresses.
- Updated all detected email addresses from @superhubber.io to @superhubber.com across HTML/text assets.
Navigation and Global Layout- Added Login and Sign Up links before Contact in main navigation across site pages.
- Standardized professional 4-column footer across pages.
- Updated footer legal links to point to real legal/security pages.
Homepage (index.html)- Removed old hero login/signup form panel.
- Added new Platform Snapshot hero panel with:
- stats grid
- live activity feed
- CTA buttons (Join Free / Log In)
- Added full CSS support for hub snapshot components.
- Enhanced top stat box visual theme (gradient card style + hover treatment).
- Expanded hero tag list with additional market/trading tags and then reduced by 3 tags per latest request.
Markets Page (markets.html)- Added Popular Now section above the live dashboard block.
Authentication Pages- Created login.html and signup.html with full custom styling and improved UX.
- Redesigned both pages into wider, more organized split layouts.
- Updated signup plan model to include:
- Free
- Starter ($19)
- Pro ($79)
- Elite ($199)
- Updated Free plan wording to: "Start topics and reply in all forums".
- Fixed functional placeholders:
- login form action now routes to dashboard.html (GET)
- signup form action now routes to dashboard.html (GET)
- forgot password link now routes to contact.html
Pricing and Add-ons Redesign- Fully redesigned pricing.html to a polished, single-column stacked comparison layout.
- Included Free, Starter, Pro, and Elite plan cards with clear feature lists and CTAs.
- Added structured billing/support notes and improved CTA section.
- Fully redesigned addons.html to match pricing style:
- single-column stacked add-on cards
- pricing-side CTA actions
- featured module highlight
- notes section and closing CTA
Legal and Policy Pages- Added/expanded dedicated legal and trust pages:
- privacy.html
- terms.html
- risk-disclaimer.html
- security-policy.html (will update this when converted to php)
Dashboard and Core UI Cleanup- Removed inline styles and inline mouse event handlers from dashboard.html.
- Added reusable CSS classes in assets/css/styles.css for dashboard quick actions, activity rows/dots, stacks/headings, and status tags.
- sync aria-expanded on open/close
- close other open dropdowns on new open
- reset aria-expanded on outside click close
Quality and Validation Checks (Latest)- VS Code diagnostics check: no errors found.
- HTML structure sanity check across pages:
- no head/body/main imbalance found
- no malformed core document structure found
- Placeholder scan:
- no remaining href="#" or action="#" in HTML files.
Status:
- Site is currently in a clean state based on editor diagnostics and inline structure checks.Now on to converting this into PHPCORE 8.4 and ANSI-99 SQL. _______________________________________________________________________________ _____
Update LOG - v1.0.0 the PHP conversion:
Update Log -2026-05-03
PHP Migration (All Pages)
- Converted all 16 HTML pages to PHP 8.4 with declare(strict_types=1).
- All pages include shared includes/auth.php, includes/nav.php, includes/footer.php.
- All internal .html links updated to .php site-wide.
- sitemap.xml updated — all URLs changed from .html to .php.
New Files — Core Includes
- includes/config.php: Central config — DB credentials, app constants, session settings,
- CSRF length, rate-limiting thresholds, plan-to-role map, remember-me constants.
- includes/db.php: PDO singleton with lazy connection, ERRMODE_EXCEPTION,
FETCH_ASSOC, EMULATE_PREPARES=false (real prepared statements).
- includes/functions.php: CSRF token generation/verification/rotation, flash messages,
h() XSS escaping, safe_redirect() with open-redirect protection, input validation
helpers, login rate-limiting, email/username uniqueness checks.
- includes/auth.php: Session bootstrap, idle timeout, auth helpers (auth_check,
auth_user, auth_login, auth_logout, auth_require, auth_require_level, auth_has_role,
auth_has_plan), full remember-me selector/validator token system.
- includes/nav.php: Dynamic nav with login state — shows username dropdown when
authenticated, Login/Sign Up when not. Renders flash message banners.
- includes/footer.php: Shared footer with dynamic copyright year.
New Files — Process Handlers
- process/register.php: Signup form handler — CSRF check, input validation, bcrypt
password hash (cost 12), free-role default, pending_plan_upgrades row for paid
plans, redirects to /payment-pending.php or /dashboard.php.
- process/login.php: Login form handler — CSRF check, rate limiting by email and IP,
credential verify, account status check, password rehash on cost change,
remember-me token issuance, intended-URL redirect.
- process/logout.php: Session destroy + remember token revocation + cookie clear.
- process/payment_callback.php: Webhook stub for payment gateway integration.
Matches pending upgrade by gateway_ref and upgrade_id, updates user plan/role
in a DB transaction.
New Files — Pages
- login.php: Auth-guarded login form with CSRF token, remember-me checkbox.
- signup.php: Auth-guarded registration form with plan picker and CSRF token.
- dashboard.php: Auth-required — shows live KPIs, profile panel (initials, role,
reputation), quick actions.
- payment-pending.php: Auth-required bridge page — displays pending upgrade
details (plan name, amount, upgrade ID, status).
- privacy.php, terms.php, risk-disclaimer.php: Legal pages converted to PHP.
New Files — Setup
- setup/install.sql: Full DB schema — tables: roles, plans, users,
pending_plan_upgrades, login_attempts, remember_tokens.
Seeded with 19 roles (Guest level 0 → Super Admin level 100) and 4 plans.
- setup/install.php: One-time web installer — runs install.sql, writes
setup/.installed.lock to prevent re-run.
.htaccess Files
- Root .htaccess: Security headers (CSP, HSTS, X-Frame-Options, etc.),
HTML→PHP 301 redirect rule (THE_REQUEST-based, handles files that still
exist as .html), PHP error display settings.
- includes/.htaccess: Require all denied (Apache 2.4 syntax).
- setup/.htaccess: Require all denied.
- process/.htaccess: Options -Indexes only (handlers must be web-accessible).
Security Fixes
- safe_redirect() hardened against protocol-relative URLs (//evil.com) — previously
matched the str_starts_with('/') check, allowing potential off-host redirects.
- payment_callback.php: removed auth.php include — webhook no longer triggers
DB connection or session on every non-payment event (prevented 503 on DB outage).
- auth_revoke_current_remember_token() wrapped in try/catch(Throwable) — DB
outage no longer blocks logout or idle-session expiry with a 503 response.
Bug Fixes
- payment_callback.php HY093 crash: duplicate named params (:ref and :uid appeared
twice each) in SQL with EMULATE_PREPARES=false. Renamed to :ref/:ref_check
and :uid/:uid_check.
- register.php: plan SELECT was missing `name` column; flash used ucfirst($planSlug)
so "Pro Trader" showed as "Pro". Fixed — plan name now comes from DB.
- register.php: silent fallthrough when selected plan not found in DB — user was
logged in as free with no feedback. Added explicit error flash + else branch.
- register.php: two redundant SELECT * FROM users after INSERT removed; auth_login()
called directly with ['id' => $newUserId].
- payment_callback.php: success response now includes Content-Type: application/json.
Test Suite
- setup/test_functions.php: 46 standalone unit tests covering validate_email,
validate_username, validate_password, h() XSS escaping, CSRF lifecycle, flash
messages, safe_redirect allow/block logic (8 scenarios), and remember-me token
format. All 46 pass. No database required.
Status:
- All 28 PHP files lint clean (zero syntax errors).
- 46/46 unit tests passing.
- Webhook ping endpoint verified: POST /process/payment_callback.php with
{"event":"ping"} returns HTTP 200 without touching the DB.
- Awaiting: real DB credentials in includes/config.php → run installer → end-to-end
registration, login, remember-me, and payment upgrade tests.[/b]
_________________________________________________________________
Update Log v1.1.0 - 2026-05-03 (Current Snapshot) (Massive Leap)
Platform Baseline
- Full site is running as PHP pages with shared auth/nav/footer includes.
- Auth stack is live: sessions, CSRF, remember-me tokens, role and plan gating.
- Core process handlers are in place: register, login, logout, payment callback.
- Setup installer and SQL schema are in place and include forum tables and seeds.
Forum System (Current State)
- Community page is now a real forum experience with:
- forum index view
- category filtered thread list
- thread detail view
- reply posting flow
- create thread flow
- Access control is role-level based per category.
- Categories are grouped by section labels for board-style layout.
- Added Premium Zone category: Starter Trade Forums (min_role_level = 20).
Forum Categories / Access
- Announcements and News (Site, level 10)
- General Market Chat (Trading Discussion, level 10)
- Technical Analysis (Trading Discussion, level 10)
- Trade Setups and Ideas (Trading Discussion, level 10)
- Starter Trade Forums (Premium Zone, level 20)
- Elite Trader Forums (Premium Zone, level 40)
- Elite Syndicate Forums (Premium Zone, level 45)
Forum UI Work Completed
- Forum page moved to full-width layout.
- Centering/alignment fixes applied from top forum header down through content.
- Search UI upgraded with themed search input and themed category dropdown.
- Statistics section converted to MyBB-style structured rows/table presentation.
- Border and visual hierarchy refinements applied to forum statistics block.
Live Presence / Users Online
- Added heartbeat endpoint: forum-heart-beat.php.
- Added forum_presence tracking table to schema and runtime bootstrap.
- Added site-wide JS heartbeat ping in assets/js/main.js.
- Added server-side request fallback tracking in includes/auth.php.
- Heartbeat endpoint now supports both POST and GET methods.
- Forum statistics now include online members, guests, bots, plus 24h activity.
Recent Navigation Updates
- Community dropdown now links to forum index and major forum categories,
including Starter Trade Forums.
Known Deployment Notes
- If production DB was created before latest schema updates, run migration SQL for:
- forum_categories.section_label
- forum_presence table
- new starter-trade-forums category row
- If style/script changes seem unchanged after upload, clear browser cache or hard refresh.
Validation
- Latest edited PHP files lint clean locally:
- community.php
- includes/forum.php
- includes/nav.php
- includes/auth.php
- forum-heart-beat.php
Next Recommended Actions
- Run SQL migrations on live DB if not already applied.
- Browse several site pages while logged in and as guest, then verify Users Online updates.
- Verify Starter Trade Forums visibility for level 20+ accounts and hidden state for level < 20.
________________________________________________________________________
Reputation (Rep) — How it works
Score
Each user has a reputation column (DECIMAL(6,2)) on their account.
The score is the net sum of all votes received: e.g. 5 ups + 2 downs = +3.0.
Displayed with colour: green for positive, red for negative, plain for zero.
Voting rules
Any logged-in member can vote up ▲ or down ▼ on any other member's posts in a thread.
You cannot vote on your own posts.
Each voter gets one vote per person — you can change direction (up → down) at any time.
Clicking the same direction twice toggles the vote off (removes it).
Where it shows
Location What you see
Forum postbit (thread view) Rep score + ▲ / ▼ buttons beside each post author
Dashboard profile panel Net score (coloured) + raw +N / −N vote count
Vote storage
user_reputation_votes voter_id → who voted target_id → who was voted on vote → +1 or -1 UNIQUE(voter_id, target_id)
Every vote upserts that row, then users.reputation is immediately recomputed as SUM(vote) for that target.
Permissions
All active members can vote and be voted on.
Guests and suspended/banned users cannot vote (auth is required by the handler).
