RSVP API + DASHBOARD — SETUP
============================================================

WHAT GOES WHERE
  Everything in this folder  ->  root of i.vibrandstudio.com
  (so that these URLs work:)
      https://i.vibrandstudio.com/api.php
      https://i.vibrandstudio.com/dashboard/

REQUIREMENTS
  - PHP 7.4 or newer (any normal shared hosting has this)
  - HTTPS enabled on i.vibrandstudio.com (free Let's Encrypt /
    AutoSSL in cPanel). This is required — the invitation page is
    on https, so browsers will block calls to an http:// API.

SETUP — 3 STEPS
  1. Open config.php and set:
       ADMIN_PASSWORD  -> your dashboard password
       NOTIFY_EMAIL    -> where you want RSVP emails
       MAIL_FROM       -> e.g. rsvp@vibrandstudio.com
     (INVITE_URL and ALLOWED_ORIGIN are already set for your site.)

  2. Upload the whole folder to the root of i.vibrandstudio.com.
     Make sure the data/ folder is writable by PHP
     (permissions 755 usually works; use 775 if the host needs it).

  3. Open https://i.vibrandstudio.com/dashboard/ , log in,
     and add your guests. Each guest/family gets one invitation
     with a unique link — use "Copy link" or "Share" to send it.

HOW IT WORKS
  - Guests open their personal link (…/?g=xxxxxxxx). The RSVP form
    greets them by name; they just tap yes/no.
  - Guests who open the plain link (no ?g=) can still RSVP by
    typing their name — they appear in the dashboard marked
    "self-registered".
  - Guests can re-open their link and change their answer; the
    dashboard always shows the latest, and responses.csv keeps a
    full history of every submission.
  - Data lives in data/guests.json (current state) and
    data/responses.csv (append-only log). The data/ folder is
    blocked from web access by its .htaccess. Back it up by
    downloading those two files occasionally.

EMAIL NOTES
  - Notifications use PHP's built-in mail(). On most cPanel hosts
    this just works. If emails don't arrive or land in spam:
      * make sure MAIL_FROM is an address on your own domain,
      * check the host's spam/mail logs,
      * or ask me to switch it to SMTP (PHPMailer) — small change.

SECURITY NOTES
  - Change ADMIN_PASSWORD before uploading.
  - The dashboard has no lockout on wrong passwords — pick a
    reasonably strong one since the page is public-facing.
