New licensed lake, picnic, dining, server, burger, and food photography. Rebuilt homepage gallery, logo, colors, copy, menu, specials, and exports. Added dashboard-configurable branding in [settings.php (line 18)](/Users/tyemeclifford/Documents/GH/fatbottomgrille/views/admin/settings.php:18). Added a public attribution page and full [image credits](/Users/tyemeclifford/Documents/GH/fatbottomgrille/public/assets/images/CREDITS.md). Migrated existing SQLite menu data and admin email to admin@lakesideorders.test. Verified 51 PHP files, JSON/JavaScript, storefront pages, database migration, admin settings, and menu PDF. All passed.
Lakeside Orders
Demo restaurant website. The location and menu are fictional.
A dependency-light online ordering and customer-management demo for Lakeside Orders, a fictional restaurant near the water.
Included
- Configurable menu categories, items, prices, availability, images, and tags
- Homepage specials that automatically adapt to the number currently active
- Persistent cart and abandoned-cart tracking
- Configurable state, city, and county tax rates
- Pickup checkout with Square Web Payments and Payments API support
- Customer and staff accounts with optional email 2FA, captcha, and honeypots
- Customer order history, saved pickup details, password changes, and newsletter preferences
- Staff order queue, status history, internal notes, and Square refunds
- Staff roster and role management
- Visitor, order, sales, popular-item, subscriber, and abandoned-cart statistics
- Styled menu PDF and order CSV exports
- Mailgun transactional email and newsletter delivery
- Automatic newsletter unsubscribe links
- SQLite by default with an optional MySQL/MariaDB copy-and-switch tool
- JSON-backed business, ordering, Square, Mailgun, and database settings
- Public-domain and Creative Commons storefront photography with attribution
Requirements
- PHP 8.1 or newer
- PHP extensions: PDO, PDO SQLite, cURL, JSON, and sessions
- Optional:
pdo_mysqlfor MySQL/MariaDB migration
No Composer, Node.js, MySQL server, Square account, or Mailgun account is required for local development.
Start Locally
php -S 127.0.0.1:8080 -t public public/router.php
Open http://127.0.0.1:8080.
The application creates its SQLite database, JSON settings, sessions, and mail
log inside storage/ on first request.
Before public use, enter the restaurant's verified phone number, email address, and hours in Dashboard > Settings. They are intentionally not invented in the default configuration.
Apache Routing
The repository includes two rewrite configurations:
public/.htaccesswhen the ApacheDocumentRootpoints topublic/.htaccesswhen shared hosting exposes the repository directory itself
Apache must have mod_rewrite enabled and must permit .htaccess overrides.
A typical virtual host uses:
DocumentRoot /path/to/fatbottomgrille/public
<Directory /path/to/fatbottomgrille>
AllowOverride All
Require all granted
</Directory>
The preferred setup is to point the web root at public/. If the application
is installed in a URL subdirectory, generated links, form actions, redirects,
and assets automatically include that subdirectory.
Initial Administrator
- Email:
admin@lakesideorders.test - Password:
ChangeMe123!
Email 2FA is disabled by default for every account. It can be enabled from
My Account or managed by an administrator in Users & Staff. When 2FA is
enabled while Mailgun is disabled, the six-digit sign-in code appears in the
browser and is also written to storage/logs/mail.log.
Change the initial password from My Account before deploying the site.
Dashboard
Sign in and open /admin. Accounts that opt into email 2FA complete the
six-digit email check after entering a valid password.
The dashboard controls:
- Menu categories and food items
- Homepage specials and schedules
- Orders, fulfillment status, notes, and refunds
- Customers and staff roles
- Business information and ordering availability
- Tax rates
- Square and Mailgun credentials
- Newsletters
- Menu PDF and order CSV exports
- MySQL/MariaDB connection and migration
Square
Checkout runs in clearly labeled demo mode until Square is enabled.
In Dashboard > Settings, enter matching Square environment credentials:
- Application ID
- Location ID
- Access token
- Environment (
sandboxorproduction) - Enable Square payments
The browser tokenizes card details with Square Web Payments. Card data is never
posted to or stored by this application. The server sends the token and
server-calculated amount to POST /v2/payments.
Mailgun
In Dashboard > Settings, enter the Mailgun domain, API key, sender name, and sender email, then enable Mailgun.
When Mailgun is disabled, messages are stored locally in
storage/logs/mail.log. This keeps optional 2FA, order confirmation, and
newsletter workflows testable without an email service.
SQLite and MySQL/MariaDB
SQLite is the default runtime database:
storage/database/store.sqlite
To migrate, save the MySQL/MariaDB connection in Dashboard > Settings, then run the migration tool. It creates the target database, copies every application table and row, and can optionally switch the application driver.
Keep SQLite selected unless the MySQL/MariaDB server is reliably available.
Production Checklist
- Set the public application URL and verified business contact details in the dashboard.
- Change the initial administrator password.
- Enable HTTPS and secure cookies at the web server.
- Configure Mailgun and verify its sending domain.
- Test Square in sandbox before enabling production credentials.
- Confirm tax rates with the business's tax professional.
- Back up
storage/database/store.sqliteandstorage/config/settings.json. - Point the web server document root to
public/.
Project Layout
app/Core/ HTTP, configuration, database, auth, security, and views
app/Controllers/ Storefront, account, and dashboard request handlers
app/Services/ Cart, orders, payment, email, stats, PDF, and migration
config/ Safe application defaults
public/ Web document root and frontend assets
views/ Storefront, account, and dashboard templates
storage/ Runtime database, JSON settings, sessions, and logs