╔══════════════════════════════════════════════════════════════╗
║  MOMENTUM · public_html drop-in bundle                       ║
║  For Namecheap Stellar + MariaDB                             ║
╚══════════════════════════════════════════════════════════════╝

WHAT'S IN THIS ZIP
────────────────────
.htaccess           → SPA routing, HTTPS redirect (commented), caching
index.html          → Setup status page (replaced by React build later)
install.sql         → MariaDB installer (run once in phpMyAdmin)
INSTALL.txt         → This file
api/                → PHP backend
  .htaccess         → Pretty URL routing for /api/*
  db.php            → ⚠ EDIT credentials here (DB name, user, pass, domain)
  auth.php          → register / login / logout / me / whitelist
  ping.php          → Health check endpoint (visit /api/ping)
  tasks.php         → Task CRUD + toggle
  habits.php        → Habit CRUD + per-day toggle
  settings.php      → User settings
  users.php         → ADMIN: user management
  whitelist.php     → ADMIN: domain whitelist


5-MINUTE INSTALL
────────────────────

1. UPLOAD
   Upload the contents of this zip into  public_html/
   (NOT a subfolder — the .htaccess and index.html go straight
   in public_html.)

   In cPanel File Manager: top-right gear → "Show hidden files"
   so .htaccess files are visible.

2. CREATE THE DATABASE
   cPanel → MySQL Databases
   • Create database:   momentum
     (cPanel will prefix your account name, e.g. mistbaker_momentum)
   • Create MySQL user: momentum
   • Add the user to the database, grant ALL PRIVILEGES
   • Note down the full name, username, and password

3. RUN THE INSTALLER
   cPanel → phpMyAdmin
   • Click your *_momentum database in the left sidebar
   • Top tabs: SQL
   • Either:
       (a) Open install.sql, copy all of it, paste into the box
       (b) Or use Import tab → upload install.sql
   • Click Go
   • You should see green check messages + a summary table

4. EDIT api/db.php
   Open public_html/api/db.php  (File Manager → Edit) and update:

       const DB_NAME = 'mistbaker_momentum';           // ← your DB
       const DB_USER = 'mistbaker_momentum';           // ← your user
       const DB_PASS = 'the-password-you-set';
       const ALLOWED_ORIGINS = 'https://yourdomain.com';

5. VERIFY
   Visit  https://yourdomain.com/  in a browser.
   You'll see a status page with green check marks if all is well.

6. FIRST LOGIN
   After the React build is uploaded (step 7), log in with:
       Email:    admin@misterbaker.com
       Password: admin123
   THEN CHANGE THE PASSWORD IMMEDIATELY.

7. UPLOAD THE REACT APP
   Build the Momentum frontend with Vite:
       npm run build
   Upload the contents of dist/ into public_html/, overwriting
   this placeholder index.html.


AFTER INSTALL
────────────────────
• Delete install.sql from public_html (it's no longer needed
  and ideally shouldn't be web-accessible).
• Remove api/ping.php — it leaks schema info.
• Enable AutoSSL in cPanel, then uncomment the HTTPS redirect
  blocks in both .htaccess files.


RE-RUNNING THE INSTALLER
────────────────────
install.sql is IDEMPOTENT — safe to run again. It will:
  • create anything missing
  • leave existing data and passwords untouched
  • record each version in the schema_migrations table


TROUBLESHOOTING
────────────────────
Symptom                              Likely cause
─────────────────────────            ────────────────────────────────
500 on /api/...                      api/db.php credentials wrong, OR
                                     api/.htaccess wasn't uploaded
"Could not reach api/ping"           api folder didn't get uploaded,
                                     OR .htaccess permissions wrong
"No tables found" on ping            install.sql wasn't run, OR was
                                     run against the wrong database
CORS / cookie errors                 ALLOWED_ORIGINS in db.php must
                                     EXACTLY match your site URL
                                     (https://, no trailing slash)
Login says wrong password            That's only true if the seed
                                     hash didn't import. Open
                                     phpMyAdmin → users → admin row
                                     and confirm password_hash starts
                                     with $2b$ or $2y$


Need anything else, ask. Enjoy the calm.
