# Community Blocklist — PHP + MySQL A simple PHP 5.4.13–compatible backend with a MySQL schema. Includes: - JSON API (`php/api.php`) for listing, scores, voting, and submissions. - reCAPTCHA v3 verification server‑side (keeps your secret off the client). - Minimal front‑end that talks to the PHP API. ## 1) Requirements - PHP 5.4.13+ with PDO MySQL enabled - MySQL 5.6+ (for STORED generated columns; if on 5.5, replace those with triggers or plain columns) - A web server (Apache/nginx) with `php/` accessible ## 2) Install 1. Create the DB and tables: - Import `data/schema.sql` into your MySQL database. 2. Configure PHP: - Copy `php/config.php` to `php/config.local.php` *(optional)* and adjust constants, or edit `php/config.php` directly with: - `DB_HOST`, `DB_NAME`, `DB_USER`, `DB_PASS` - `RECAPTCHA_SECRET` (from Google reCAPTCHA v3) 3. Set front‑end config in `config.js`: - `API_BASE` should point to `php/api.php` - `RECAPTCHA_SITE_KEY` should be your site key (pairs with the secret above). ## 3) Deploy - Upload all files to your server. - Ensure `php/` is web-readable and that `php/api.php` is reachable (same origin as the front end is easiest). ## 4) API Endpoints - `GET php/api.php?action=list` → `{ data: [ ...listings... ] }` - `POST php/api.php?action=scores` with `{ "keys": ["platform:handle", ...] }` → `{ data: { "platform:handle": score, ... } }` - `POST php/api.php?action=vote` with `{ "key": "platform:handle", "val": 1|-1 }` → `{ ok: true }` - `POST php/api.php?action=submit` with submission fields + `recaptcha_token` → `{ ok: true }` ## 5) Moderation - Review `submissions` and set `status='approved'` or `'rejected'`. - To publish approved items to `listings`, run the SQL snippet at the end of `data/schema.sql`. ## 6) Mastodon Blocklist Export - Create a SQL view or use a script to export active Mastodon handles into a CSV with a single column `Account address`. ## 7) Security Notes - Votes are keyed by an IP+UA fingerprint (sha1). It’s basic; for stricter control, add login or set per‑IP rate limits. - Always keep reCAPTCHA enabled on `submit` in production. - Consider CORS/CSRF if you later split API and front end across domains. ## 8) Migrating from the Static/Supabase version - This build replaces Supabase with PHP+MySQL. If you want to keep both, use separate branches.