PortalHub is built on a classic three-tier architecture: a static HTML/CSS/JavaScript frontend communicates with a PHP-FPM backend via JSON API calls, and all persistent data lives in a MySQL database. Each layer has a clearly defined responsibility, making the system easy to extend, debug, and containerise with Docker Compose.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Nieto2020/portalhub/llms.txt
Use this file to discover all available pages before exploring further.
Three-Tier Architecture
Frontend
Pure static files (HTML, CSS, Vanilla JS). No server-side rendering — every page fetches data from the backend API and updates the DOM through view controllers in
js/views/.Backend
PHP modules served by PHP-FPM. Each functional domain (auth, citas, documentos, …) lives in its own subdirectory under
backend/modules/, with shared config, middleware, and utilities.Database
MySQL with a single
consultoria schema. All tables use the utf8mb4 / utf8mb4_general_ci collation and InnoDB storage engine with enforced foreign-key constraints.Infrastructure
Docker Compose orchestrates three services:
nginx (reverse proxy), php (PHP-FPM application), and mysql (database). Configuration is injected through environment variables consumed by config.php.Project Directory Structure
The repository root contains a single application directory,consultoria-contable/, with four top-level folders:
Backend Modules
Each subdirectory ofbackend/modules/ owns a single business domain. Individual PHP scripts within a module handle discrete operations (create, list, update, delete) and are called directly by the Nginx routing rules.
| Module | Responsibility |
|---|---|
anuncios | Platform-wide announcements authored by admins |
asignaciones | Client–advisor assignment lifecycle |
auth | Login, logout, registration, session check, password update |
calificaciones | Anonymous 1–5 star ratings from clients to advisors |
citas | Appointment scheduling and status management |
documentos | Secure file upload, versioning, CFDI validation, download |
mensajes | Internal chat and support tickets between users |
notificaciones | Per-user event alerts and broadcast notifications |
pagos | Invoice and payment state tracking |
perfil | Profile data retrieval and update |
reportes | Accounting reports (Mensual / Trimestral / Anual / Especial) |
servicios | Accounting service status tracking per client |
usuarios | Full user CRUD and admin password reset, restricted to admins |
Request Flow
Every API call follows the same path through the stack:- Browser — A
js/api/*.jshelper builds the request and callsfetch(). - Nginx — Proxies
.phprequests to the PHP-FPM socket; serves static assets directly. - PHP-FPM — Loads
config.php, starts or resumes the PHP session, then invokes the middleware. - Auth middleware —
checkAuth()validates the session and timeout;checkRole()enforces role restrictions. Any failure short-circuits the request with a JSON error response. - PDO — Prepared statements execute against MySQL; results are returned as associative arrays.
sendResponse()— Formats every API response identically and callsexit().
Standard JSON Response Format
All endpoints usesendResponse() from backend/utils/response.php. Every response — success or error — follows this envelope:
sendResponse() always calls exit() after writing the response body. This ensures no accidental output follows the JSON payload, regardless of the execution path.Shared Utilities
response.php — sendResponse(status, message, data)
Sets the Content-Type: application/json header, writes the HTTP status code with http_response_code(), serialises the payload with json_encode(), and terminates execution. Required by every module and by the auth middleware itself.
validator.php — validateRequired and validateEmail
400 response early in the pipeline.
Explore Further
Database Schema
Full column-level documentation for all 15 tables, including types, nullability, constraints, and foreign keys.
Roles & Permissions
Role definitions, middleware code, the full permissions matrix, and session-security details.