
FINAL MASTER PROMPT FOR CHATGPT-5 / CODIUM

(Build Full B2B Travel Portal System in Core PHP + MySQL)

🧠 System Overview:

Build a complete, secure, modular, scalable B2B Travel Agency Management Portal in Core PHP + MySQL with full admin control, vendor/agent login, and secure wallet + API booking access.

System should be similar to Booking.com but focused on B2B with role-based access and a secure wallet-based booking ecosystem.

🧩 Key Modules to Build:
🔐 USER ROLES (with RBAC):

Admin

Employee

Channel Partner

B2B Agent

Vendor

🧷 REGISTRATION & LOGIN (with approval workflows):
B2B Agent Registration:

Fields: Name, Type (Freelancer / Business), Country, KYC docs

WhatsApp OTP via Twilio API

Email OTP via SMTP/PHPMailer

Account status = Pending until approved by Admin

Admin can enable API access or restrict to portal only

Login System:

Separate login portals for each role

Session-based auth

Role-based dashboard access

IP tracking on every login & action

🧾 WALLET SYSTEM:

Available for: B2B Agents, Channel Partners

Admin can:

Transfer funds manually

Approve deposit requests (with password confirmation)

Agents can:

Book using wallet

Send Stripe deposit requests

Wallet ledger:

Credit, Debit, Balance, Timestamp, IP

🌐 API BOOKING (Admin Controlled):

Admin can enable/disable API access per agent

Generate API key/token per agent (secured)

API calls secured with Bearer token

If API access = false → reject with 403

Token revocation/reset possible

Agent can:

Book via API using wallet

Access limited booking APIs:

/api/book/hotel

/api/book/activity

/api/book/taxi

/api/book/visa

/api/wallet/balance

/api/support/ticket

All API requests logged with: endpoint, IP, wallet used, status

🏷️ ADMIN PANEL FEATURES:

Add/Edit/Delete:

Categories (Hotel, Taxi, Visa, Activity, Package)

Locations, Currencies

Vendors (with prices, email, account details)

Set agent pricing markup:

% or flat over vendor price

Separate price for group bookings (e.g. >20 pax)

Assign Commission % to Channel Partner

From system profit

Approve manually (password protected)

Manage Wallet:

View all requests

Approve deposits

View all wallet logs

Assign Employees to handle tickets

IP Tracking & Action Logging (Add/Edit/Delete)

🧳 MODULES TO BUILD (CRUD + Booking Logic):
🏨 HOTEL MODULE:

Add hotels, assign to vendor

Room types with prices (normal & group)

Gallery, thumbnail, descriptions

Booking calendar logic

Group pricing auto-applies if > threshold

Vendor gets booking request

Booking logs + cancellation rules

🏞️ ACTIVITY MODULE:

Activity name, vendor, location

Time slots (e.g. 10:00, 12:00)

Price per Adult, Child, Infant

Flags for Child/Infant restrictions

Booking cutoff time (e.g. 12 PM same day)

Group pricing logic

🚕 TAXI MODULE:

Taxi types (Sedan, SUV, Van)

Pickup/Drop location

Time, vehicle info, photo

Pricing: normal & group

Assign vendor

Filters for location/type/company

🛂 VISA MODULE:

Add countries

Visa type

Required documents

Uploadable forms

Admin/vendor approval required

Track status: Pending, Approved, Rejected

📦 PACKAGE MODULE:

Combine activities, hotel, visa, taxi

Set package price (markup rules)

Assign vendors

📊 DASHBOARDS:
Admin Dashboard:

Booking stats (today/yesterday/upcoming)

Profit overview

Commission status

Wallet requests

Support ticket queue

Logs with IP & action type

Employee Dashboard:

Can only see what they added

Add/edit vendors, hotels, etc.

Assigned support tickets

Cannot view/modify other employees’ data

Logs every action with IP

Vendor Dashboard:

Sees bookings only in their assigned category

Filter by Today / Upcoming / All

Booking status: New / Confirmed / Cancelled

Cannot see unrelated modules (e.g. hotel vendor can't see visa)

Agent Dashboard:

Wallet balance

Bookings (with filters)

Download invoice

Raise support ticket

Cancellation allowed only before 48 hours

Stripe payment option for wallet top-up

Channel Partner Dashboard:

View agent-linked bookings

Track pending commissions

Commission approved only after booking completion

Admin/Employee must approve manually (with password)

🎫 SUPPORT TICKETS (Internal Helpdesk):

Agents, Vendors, Channel Partners can raise tickets

Admin/Employees can assign to themselves

Employees can respond

IP & timestamp logged

Only assigned person can resolve

📩 NOTIFICATIONS:

WhatsApp (via Twilio):

OTP

Booking Confirmations

Email (via SMTP):

OTP

Booking confirmation

Cancellations

Both Agent + Customer notified

🔐 SECURITY FEATURES:

CSRF protection

SQL injection prevention

Input sanitization

IP logging for every sensitive action

File upload validation (KYC, images, docs)

Session management

Password confirmation before critical actions

Full action logs (add/edit/delete/booking/etc.)

📦 DATABASE STRUCTURE (Use MySQL):

Users (roles, login)

Vendors (with location/category/pricing)

Wallets (credit, debit, balance)

Activities (with show times, restrictions)

Hotels & Rooms

Taxis & Types

Visa types & docs

Packages

Bookings (hotel, visa, activity, etc.)

Support Tickets

API Tokens & access logs

Commission Logs

IP Action Logs

🔁 FINAL OUTPUT REQUIREMENT:

Generate:

Full backend code in Core PHP

Responsive frontend with Bootstrap

Modular code for each module (CRUD + booking)

Admin, Vendor, Agent, Employee Dashboards

API layer (secure) with token validation

MySQL database schema

Secure login systems

Twilio + SMTP + Stripe integration

Role-based permission system

Complete action logging & IP tracking

🧠 Build this system just like Booking.com B2B — modular, secure, wallet-enabled, and API-ready.

💡Make sure every part of the system is scalable, secure, modular, and well-documented — ready for production deployment and future mobile app/API integrations.