Overview

Snapshot of inbound interest, members, Stripe readiness, and environment. Data stays on your server (JSON files).

Contact routing

Values are stored in contact-backend.json beside your public pages—the same file contact-submit.php reads. With SMTP host and sender email set, outbound mail uses SMTP: enable Use TLS for STARTTLS (typical on port 587), or turn it off for implicit TLS on port 465. If SMTP is not configured, PHP mail() is used, subject to your server’s mail settings. A successful “test send” only means your server accepted the message; if nothing arrives in the inbox, align From email with SMTP username, check spam, SPF/DKIM, and your mail host’s logs.

Portfolio

Upload the latest grid export (CSV). Required columns: Period and Cum. net profit. Each upload replaces the prior file and regenerates portfolio-data.json next to the public index.php so the landing chart stays current.

—

Recent inquiries

Rows are appended when a visitor successfully submits the public contact form (after mail is accepted). Preview is truncated for the table.

Users

Everyone who requested access (sign-in page or SSO) stays in this list for audit: Pending rows can be approved or denied. Approve makes them an approved member (they use plans & subscription, not this console). Deny keeps the row with status Denied and blocks sign-in for that account. Revert to pending on an approved or denied row moves them back to pending, clears the last decision timestamp, and sends an email explaining the change (approved users are told access is under review again; previously denied users are told the request was reopened and can sign in while pending — use Forgot password if they need to set a password). Delete removes their row permanently after you confirm; they may request access again with the same email as a new account. Use Restrict / Unrestrict anytime (before or after approve or deny) to block or allow sign-in without changing their status row. Restricted users cannot use password or SSO until unrestricted. After approval or unrestrict, they should sign out and sign in again (or open the plans page) so their session updates. Billing summarizes Stripe-linked plan and subscription state (updated via webhooks). Only super administrators see this tab.

Note: last sign-in and first-seen IP are stored when the network exposes a reliable client address (e.g. Cloudflare, X-Forwarded-For, REMOTE_ADDR).

Stripe payments

Keys and price IDs are stored in admin/data/stripe_config.json on the server (not in the browser). Create products in Stripe Dashboard: Evaluation and Lifetime are one-time prices; Quarterly is a recurring subscription (e.g. every 3 months). Enable Stripe Tax in the Dashboard if you use automatic tax. Register the webhook URL below for checkout.session.completed, customer.subscription.updated, and customer.subscription.deleted.

Get keys from the Stripe Dashboard (Developers → API keys). Webhook endpoint: register the URL below under Developers → Webhooks, then paste the signing secret here.

Single Sign-On (SSO)

Turn on Google, Microsoft, and/or Apple below to show those sign-in options on the public admin page. Google and Microsoft use a client ID and client secret; Apple uses a Services ID, Team ID, Key ID, and the .p8 private key text (Sign in with Apple). New visitors can use SSO to request access (pending account), the same idea as the password form. The optional list below is only if you want to restrict who may create a new account via SSO. People already in users.json can always use SSO. With no users.json yet, first-time setup can still use SSO to create the super admin if a provider is enabled.

Account & security

Sign-in settings for your operator account. Password data is stored in admin/data/users.json on the server. To review other people’s access requests, use the Users tab (super administrators). Organization SSO is configured on the SSO tab.