CODE-VERIFIED ADMIN OPERATIONS GUIDE — 2026

Admin & Seller Power Guide

Every admin panel tab, every component, every backend endpoint — analyzed from the real source code. This is not a conceptual overview; it's an engineering map.

1. Admin Dashboard — All 19 Tabs Explained

Source: src/app/admin/page.js — The sidebarItems array (lines 279–416) defines every tab. The renderContent() switch (lines 418–519) wires each tab to its component.

01
ID: dashboard

Dashboard Overview

src/components/admin/DashboardOverview.js (11.8KB)

Displays real-time system statistics. Receives props: pendingUsers, sellers, categories, cities, productsCount, pendingRequestsCount, sponsoredPendingCount, recentProducts. Has onNavigate callback for tab switching. Refetches on every tab visit via useEffect([activeTab]).

API Calls: ADMIN_PENDING_USERS, ADMIN_SELLERS, PRODUCTS?count=1, PRODUCTS?limit=6, CATEGORIES_PRODUCT, CITIES, ADMIN_SPONSORED_REQUESTS
02
ID: pending

Pending Approvals

src/components/admin/PendingApprovals.js (13.5KB)

Shows sellers awaiting account approval from the temp_user_account table. Provides Approve / Reject actions that call approveUser(userId) and rejectUser(userId, reason) in admin/page.js, which POST to ADMIN_APPROVE_USER and ADMIN_REJECT_USER respectively.

On Approve: Moves user from temp_user_accountuser_accounts + fires welcome SMTP email.
03
ID: sellers

Manage Sellers

src/components/admin/ManageSellers.js (45.9KB) ← LARGEST FILE

The most complex admin component. Manages all seller accounts. Features: view seller details, edit subscription, change payment status, view products, send payment reminder email. Receives sellers array from parent, plus onRemind and onChanged callbacks. Contains ApprovalModal and EditModal sub-components.

04
ID: products

Manage Products

src/components/admin/ManageProducts.js (20.2KB)

Admin product listing with full CRUD. Fetches all products via PRODUCTS endpoint. Supports filtering, editing, activation/deactivation, and deletion. Calls PRODUCTS with GET/POST/DELETE/PATCH methods.

05
ID: reviews

Manage Reviews

src/components/admin/ReviewsManager.js (17.8KB)

Moderates all product reviews. Can approve, reject, or delete reviews. Fetches from ADMIN_REVIEWS endpoint (api/admin/reviews.php). Displays reviewer info, product name, rating, and comment text.

06
ID: categories

Categories Manager

src/components/admin/CategoriesManager.js (10.6KB)

Full CRUD for product categories. Supports bilingual names (EN/ES). Categories are hierarchical with parent-child support via parent_id foreign key. Endpoint: CATEGORIES_PRODUCT.

07
ID: cities

Cities Manager

src/components/admin/CitiesManager.js (9.7KB)

Manages available cities/locations on the platform. Sellers and products are associated with cities. Bilingual support. Endpoint: CITIES.

08
ID: category-limits

Category Limits

src/components/admin/ManageCategoryLimits.js (14KB)

Controls how many products each seller can list per category. Configurable per seller. Endpoint: ADMIN_SELLER_CATEGORY_LIMITS.

09
ID: notifications

Send Notifications

src/components/admin/NotificationsPanel.js (20.7KB)

Sends email campaigns to selected sellers. Supports individual and bulk emails. Uses ADMIN_SEND_NOTIFICATIONS and ADMIN_SEND_EMAIL endpoints. Can compose rich-text emails with payment reminders.

10
ID: email-logs

Email Logs

src/components/admin/EmailLogsPanel.js (13.8KB)

Full audit log of all emails sent through the platform. Shows: sender, recipient, subject, date, status. Fetches from ADMIN_EMAIL_LOGS endpoint. Supports search and filtering.

11
ID: seller-emails

Seller Emails Inbox

src/components/admin/SellerEmails.js (16.4KB)

Views messages sent from sellers to admin via the Contact Admin panel. Messages arrive in the seller_emails table. Admin can read and respond. Endpoint: SELLER_EMAILS.

12
ID: category-removals

Category Removal Requests

src/components/admin/CategoryRemovalRequests.js (14KB)

When a seller wants to remove a product category from their profile, it requires admin approval. This panel lists those pending requests with approve/deny actions. On action, calls onActionCompleted() which refetches admin data.

13
ID: requests-manager

Requests Manager

src/components/admin/RequestsManager.js (12.4KB)

Handles seller requests for new categories and cities. Sellers submit requests from their dashboard; admin approves or rejects here. Endpoint: REQUESTS (api/requests/index.php).

14
ID: manage-account

Manage Admin Account

src/components/admin/ManageAccountPanel.js (8.9KB)

Admin profile settings. Update name, email, and password. Receives user prop from parent. Saves changes via the seller/profile endpoint.

15
ID: payment-settings

Payment Settings

src/components/admin/PaymentSettings.js (9.5KB)

Configure global payment terms: bank account details, Yape/Plin numbers, monthly fee amount. These settings are used in payment reminder emails. Endpoint: ADMIN_PAYMENT_SETTINGS (api/admin/payment_settings.php).

16
ID: upcoming-payments

Upcoming Payments

src/components/admin/UpcomingPayments.js (27.8KB)

Tracks subscription due dates for all sellers. Shows overdue, due-this-week, and upcoming payments. Can send individual or bulk payment reminders. Integrates with ReceiptsPanel for cross-navigation. Receives initialSearch and autoFocus props for deep linking from Receipts tab.

17
ID: receipts

Uploaded Receipts

src/components/admin/ReceiptsPanel.js (13.4KB)

View payment receipts uploaded by sellers. When admin clicks a seller's receipt, it cross-navigates to the Upcoming Payments tab for that seller via the onNavigate callback. Endpoint: ADMIN_PAYMENT_RECEIPTS.

18
ID: sponsored-products

Sponsored Products

src/components/admin/SponsoredProductsPanel.js (17.8KB)

Sellers can request their products to be featured/sponsored. This panel shows pending and active sponsored requests. Admin can approve, set dates, or reject. Endpoint: ADMIN_SPONSORED_REQUESTS.

19
ID: pages

Content Pages (CMS)

src/components/admin/ManagePages.js (13.3KB)

Full CMS for website pages (About, Terms, Info). Uses TinyMCE rich-text editor for content. Supports bilingual content (EN/ES). Pages are stored in the database and rendered dynamically in /information/ routes. Endpoint: ADMIN_PAGES.

2. Email System Architecture

The email system is complex with multiple layers: SMTP configuration, template engine, and a logging system. All routed through Hostinger SMTP.

Email Engine Hierarchy

api/utils/email.php (39KB)
Core email engine — all templates, payment reminder HTML, bilingual content
api/utils/smtp_mailer.php (4.6KB)
Low-level SMTP wrapper — connects to Hostinger mail servers
api/utils/hostinger_mailer.php (10.7KB)
Hostinger-specific mailer — handles shared hosting SMTP quirks
api/utils/template_email_service.php (19KB)
Template-based email service — renders dynamic email HTML
api/utils/payment_reminder_utils.php (10.7KB)
Reminder logic — calculates due dates, builds reminder payloads

Email Configuration

Config File: api/config/email.php — Do NOT expose this file publicly. Contains SMTP credentials.

Use email.example.php as a template to create your own email.php. The file defines constants like:

// api/config/email.php structure
define('SMTP_HOST', 'smtp.hostinger.com');
define('SMTP_PORT', 587);
define('SMTP_USERNAME', 'admin@lastiendas.pe');
define('SMTP_PASSWORD', '...');
define('FROM_EMAIL', 'admin@lastiendas.pe');
define('FROM_NAME', 'Las Tiendas');

Payment Reminder Endpoints

POST admin/send_manual_reminder.php
— Send to one seller

POST admin/send_bulk_reminders.php
— Send to all due within 7 days

GET cron/send_payment_reminders.php
— Automated CRON job

3. Seller Dashboard — All 10 Tabs

Source: src/app/seller/page.js — 493 lines. Same architecture as admin. Uses localStorage auth guard and fetches data on mount.

Seller Tab Registry

dashboard
Dashboard Summary
DashboardSummary.js (7KB) — Stats: product count, subscription status, next payment date, active categories
products
My Products
ProductsTable.js (14.6KB) — View, activate/deactivate, delete, request sponsorship
add-product
Add / Edit Product
AddProductForm.js (35.5KB) ← LARGEST — Full product creation with image upload, categories, cities, pricing
my-categories
My Categories
MyCategoriesPanel.js (20.5KB) — View active categories, request new ones, request removal
shop-info
Shop Information
ShopInfo.js (24.8KB) — Edit company name, description, logo, location, contact info
subscription
Subscription & Payments
SubscriptionPanel.js (19.4KB) — View plan, upload payment receipt, payment history
requests
Requests to Admin
RequestsPanel.js (11.2KB) — Submit requests for new categories/cities
manage-account
Manage Account
ManageAccountPanel.js (15.9KB) — Update password, username, profile picture
contact-admin
Contact Admin
ContactAdminPanel.js (17KB) — Message admin directly; messages appear in admin's Seller Emails tab

Seller Access Control

When a seller's account is deactivated (non-payment), the dashboard shows a warning banner and passes disabledActions={true} to sensitive components: 

// seller/page.js (line 459+)
{user?.user_type === 'seller' && 
 Number(user?.is_active) === 0 && (
  

    Your account is deactivated...
    
  

)}
Disabled State: When is_active === 0 in the DB, all product/category/shop actions are blocked at UI level AND the backend checks subscription status during login.

Seller Data Load on Mount 

// fetchSellerData() loads in parallel:
// ✓ Products (by seller_id)
// ✓ All categories
// ✓ Seller's own categories (auth required)
// ✓ All cities
// ✓ Price types
// ✓ Seller profile (seller_number, subscription_end)
// ✓ Subscription details

4. Complete Backend API Reference

Every endpoint in the PHP API with its HTTP methods, location, and purpose.

Authentication Layer

POST api/auth/login.php

Accepts {username, password}. Queries user_accounts. Returns {token, user} on success.

POST api/auth/register.php

Creates record in temp_user_account. Does NOT auto-create seller account; requires admin approval.

Products Endpoint

GET api/products/index.php

Params: id, slug, seller_id, limit, count=1. Returns product list or single product.

POST api/products/index.php

Creates a new product for a seller. Requires product data payload.

PUT api/products/index.php

Full product update.

PATCH api/products/index.php

Partial update — used for toggling is_active status.

DELETE api/products/index.php

Delete product by id query param.

Admin Endpoints (Protected)

GET admin/pending_users.php

Returns all records from temp_user_account with status = 'pending'

POST admin/approve_user.php

Body: {id}. Moves from temp → real accounts tables. Sends welcome email.

POST admin/reject_user.php

Body: {id, reason}. Sends rejection email. Removes from temp table.

GET admin/sellers.php

Returns all sellers with subscription info, categories, payment status. Complex JOIN query.

GET admin/payments_overview.php

Categorized sellers: overdue, due this week, upcoming. Used by Upcoming Payments tab.

POST admin/send_bulk_reminders.php

Sends payment reminder emails to all sellers due within 7 days. Logs results to email_logs table.

GET+POST+PUT+DELETE admin/pages.php

Full CMS CRUD. Multi-method controller. Handles website page content in EN & ES.

GET+POST+PUT+DELETE admin/sponsored_requests.php (14.6KB)

Most complex admin endpoint. Handles sponsored product request lifecycle.

5. File Upload System

Product Image Upload

POST api/upload/product_image.php
Accepts multipart form-data. Validates file type and size. Saves to /uploads/ directory on server. Returns image URL string for storage in DB.

Used in AddProductForm.js when seller uploads a product image. The returned path is stored as the product's image field.

Payment Receipt Upload

POST api/upload/receipt.php
Sellers upload payment proof images. Stored in DB and viewable by admin in the Receipts tab. Endpoint: UPLOAD_PAYMENT_RECEIPT.

Used in SubscriptionPanel.js. Admin sees all uploaded receipts in ReceiptsPanel.js. Cross-links to UpcomingPayments tab via onNavigate.

6. Shared/Global Components

These components are used across multiple pages, not specific to admin or seller:

Navigation.js (8.5KB)
Main site nav. Shows auth state from localStorage. Includes language toggle and mobile menu.
AuthModal.js (11.8KB)
Login + Register modal. Calls AUTH_LOGIN and AUTH_REGISTER. Saves token to localStorage on success.
ProductGrid.js (7.7KB)
Marketplace product listing grid. Accepts product array prop, renders cards with image/price/category.
StarRating.js (20KB)
Interactive star rating. Used on product pages. Submits reviews via REVIEWS endpoint.
ToastContainer.js (2KB)
Global toast notifications. Injected in layout.js. Shows success/error messages across the app.
LocationPickerLeaflet.js (2.8KB)
Open-source map for picking shop location. No API key needed. Used in ShopInfo.js.