The default configuration that ships with Sentidos Café is designed for local development using XAMPP or a similar stack. Before pointing a real domain at the application you must harden the database credentials, replace every placeholder value, and update the admin password. This page walks through each required change.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Jimmy13anhelo/paginaweb2.github.io/llms.txt
Use this file to discover all available pages before exploring further.
Database Credentials — conexion.php
All database interactions in the project flow through a single connection file at the project root. Its default contents are:
Production Checklist
Work through every item below before launching:- Change
$usernamefromrootto a dedicated MySQL user with limited privileges - Set a strong
$password(minimum 16 characters, mixed case + symbols) - Update the default admin password in the
usuariostable (replaceadmin123) - Replace placeholder social media URLs in
index.php(TU_PAGINA,TU_PERFIL,TU_USUARIO) - Update the phone number in
buscador.js(const numeroTelefono = "937604465") to the real business WhatsApp number (digits only, include country code — e.g.51937604465) - Replace the placeholder contact info in
index.php(informes@sentidoscafe.com,+51 984 XXXXXX) - Update the hardcoded business number in
pedidos/guardar_pedidos.php($numero_comercio = "51987654321") to the real WhatsApp number - Verify or update the
/movelo/menu/menu.phppath inindex.phpnavigation links if the menu lives at a different URL on your host - Create
guardar_usuario.php(AJAX endpoint called bybuscador.jsfor the visitor registration form) — this file is referenced in the front-end but is not included in the repository and must be created before the registration form works - Create or obtain
whatsapp_interactivo.js(floating WhatsApp button logic) — this script is loaded inindex.phpbut is not included in the repository and must be provided separately
Environment Variables (Recommended for Production)
Hard-coding credentials inconexion.php means they will be committed to version control and visible to anyone with file-system access. A safer pattern reads the values from server environment variables and falls back to the development defaults only when the variable is absent:
.env file processed by your server’s virtual-host configuration, or in Apache’s SetEnv directive:
Creating a Dedicated MySQL User
Running the application asroot grants it unlimited database access — a single SQL injection vulnerability would expose every table on the server. Create a least-privilege user instead:
sentidos_cafe_db and cannot drop tables, create new databases, or affect other applications on the same server.
Changing the Admin Password
The defaultadmin123 password is stored as plaintext in the usuarios table. Replace it with a SHA-256 hash using phpMyAdmin’s SQL tab or the mysql CLI:
Login/login.php will hash the submitted password before comparing it, so the new value must also use SHA2 to match. If the current login.php compares passwords in plaintext (as the shipped version does), update the comparison logic to use SHA2 on the input before the query — or migrate to PHP’s password_hash / password_verify functions for a more robust solution.
All product images in the current build point to external sources — Unsplash and a few other third-party CDNs. If those URLs become unavailable or are rate-limited, product cards and hover effects will break silently. For reliable production performance, download each image referenced in
buscador.js and menu/menu.php, upload them to your server, and update the src attributes to use local relative paths.