PlexiTrust Consolidated — Online Banking
========================================

EASIEST SETUP: run the installer
--------------------------------
1. Upload the whole 'online-banking' folder to your server (cPanel File
   Manager or FTP), e.g. so it is reachable at
       https://plexitrustconsolidated.com/online-banking/
2. In cPanel > MySQL Databases, create a database and a user, and add the
   user to the database with ALL PRIVILEGES.
3. In your browser, open:
       https://plexitrustconsolidated.com/online-banking/install/
4. Follow the wizard:
       Requirements -> Database -> E-mail -> Branding & Admin -> Install
   It will:
       - write includes/db_credentials.php, includes/mail_config.php,
         includes/site_config.php from what you enter,
       - import the database (plexitrust_obank.sql),
       - place the logo / white-logo / favicon images you upload,
       - create your administrator account (password stored hashed),
       - then DELETE the install/ folder and the .sql file automatically.
   For e-mail you can pick Gmail (with an App Password) OR your own / cPanel
   mail server.
5. When it finishes it sends you to the login page. Done.

If the installer can't delete itself (host permissions), delete the
'install/' folder and 'plexitrust_obank.sql' manually afterwards.

--------------------------------------------------------------------------
The manual steps below are only needed if you prefer NOT to use the installer.
--------------------------------------------------------------------------

PlexiTrust Consolidated — Online Banking Backend
================================================
Cleaned & rebranded build. Read this before deploying.

------------------------------------------------------------------
EASIEST: USE THE SETUP WIZARD
------------------------------------------------------------------
1. Upload the whole "online-banking" folder to your server
   (e.g. into public_html/online-banking via cPanel File Manager).
2. In cPanel ▸ MySQL® Databases, create a database + user and add the
   user to the database with ALL PRIVILEGES.
3. In your browser go to:  https://yourdomain.com/online-banking/install/
4. Follow the steps: requirements ▸ database ▸ email ▸ branding & admin
   ▸ install. You can upload your logo/favicon and enter either a Gmail
   App Password or your own cPanel mailbox's SMTP details.
5. On the final screen click "Finish & remove installer". The wizard
   writes all configuration, imports the database, creates your admin
   account, then DELETES ITSELF (the install/ folder and the .sql file).

That's it — then log in at /online-banking/login.php.

------------------------------------------------------------------
MANUAL ALTERNATIVE (if you prefer)
------------------------------------------------------------------
a) In cPanel ▸ MySQL® Databases, create:
      - a database   (e.g. plexitru_obank)
      - a database user, and ADD the user to the database with ALL PRIVILEGES.

b) Open  includes/db_credentials.php  and fill in:
      'name' => 'your_db_name',
      'user' => 'your_db_user',
      'pass' => 'your_db_password',
   (host stays 'localhost' on cPanel.)

c) Import the schema:
      cPanel ▸ phpMyAdmin ▸ select your database ▸ Import ▸ choose:
         plexitrust_obank.sql
   This creates all tables + reference data (countries, products, settings)
   and ONE admin account. It contains NO customer/test data.

------------------------------------------------------------------
2. ADMIN LOGIN (change immediately)
------------------------------------------------------------------
   Username:  admin
   Password:  ChangeMe!2026#PTC
   The password is stored bcrypt-hashed. Log in, then change it right away
   from Settings. Passwords are now hashed everywhere (login/register/reset).

------------------------------------------------------------------
3. EMAIL (already configured)
------------------------------------------------------------------
   SMTP is set to the project Gmail in:
      - admin/email_handler.php
      - includes/functions.php
   Host smtp.gmail.com, port 587 (STARTTLS), sender "PlexiTrust Consolidated Bank".
   IMPORTANT: rotate the Gmail App Password (Google Account ▸ Security ▸
   App passwords) and paste the new one into those two files — the current
   one was shared in plain text and should be replaced.

------------------------------------------------------------------
4. WHAT WAS CLEANED
------------------------------------------------------------------
   - Rebranded from UnityOak / Sparkle Trust → PlexiTrust Consolidated everywhere.
   - Removed all dummy/real customer data, accounts, transactions, KYC,
     OTPs, logs and cache from the SQL (kept schema + reference data).
   - Centralised DB credentials into includes/db_credentials.php
     (removed hardcoded passwords from 5 files).
   - Switched password storage from PLAIN TEXT to bcrypt hashing.
   - Turned display_errors OFF (php.ini / .user.ini).
   - Removed error_log files, a debug script, and the old SQL dump.

------------------------------------------------------------------
5. STILL RECOMMENDED (not done automatically)
------------------------------------------------------------------
   - Statement/PDF footers still say "Member FDIC" (US) and "Established 2003".
     A UK bank should update these (search the codebase for those strings).
   - Force HTTPS on the domain (the app expects it for secure cookies).
   - Keep includes/db_credentials.php and the SMTP files out of any public
     repo / backups that others can read.
