# Support

Thank you for purchasing **WedFlow Atelier**. This document explains how to get help,
what's covered by the included six months of support, and the fastest way to a
working install.

## Before you write in

A surprising number of questions are answered by the README or a single command.
Please run through this list first — it saves both of us time.

1. **Are you on a supported environment?** PHP 8.3+, Node 20+, Composer 2.x. Older
   PHP or Node will produce confusing errors during `composer install` or `npm
   install`.
2. **Did `composer install && npm install && npm run build` succeed without
   errors?** Re-run them with `composer install --no-cache` if something looks
   stuck.
3. **Did you run `php artisan migrate --seed`?** A missing schema is the most
   common cause of *"Class 'X' not found"* and *"SQLSTATE\[HY000\]: General error:
   1 no such table"* messages.
4. **Did you set `APP_URL`, `APP_KEY`, and a writable `storage/`?** WedFlow refuses
   to boot without an `APP_KEY`. The web installer at `/install` generates one
   for you, or run `php artisan key:generate`.
5. **Did you run `php artisan storage:link`?** Required for guest-uploaded photos
   and admin-uploaded branding to render in the browser.

## How to get help

| Channel | Use for | Response time |
| --- | --- | --- |
| **Envato item page → Comments** | Public, non-account-specific questions ("Does WedFlow support X?") | 1–2 business days |
| **Envato item page → Support tab** | Account-specific issues (broken installs, billing logic bugs, debugging help) | 1 business day |
| **GitHub issues** *(if your purchase includes the private repo)* | Reproducible bugs with steps + screenshots | 1–2 business days |

Always include:

- **Item purchase code** (Envato → Downloads → Licence certificate & purchase code)
- **PHP version** (`php -v`)
- **Node version** (`node -v`)
- **Database engine** (SQLite / MySQL / PostgreSQL + version)
- **Browser** (Chrome 120, Safari 17.x, etc.) — for UI bugs
- **A copy of the error**, ideally from `storage/logs/laravel.log` (the last 30 lines, redacted of secrets)
- **What you tried**

## What's covered

Per the Envato Regulated Marketplace Support policy, included support covers:

| Covered | Not covered |
| --- | --- |
| Bugs in the as-shipped codebase | Customisation requests (new pages, new fields, integrations) |
| Help installing on a supported environment | Hosting setup, DNS, SSL certificates, server-level debugging |
| Questions about how a feature works | Third-party plugin / theme conflicts |
| Updates and security patches (six-month window from purchase) | Modifications you (or another developer) have made |

For customisation and integration work, please reach out separately — happy to
quote.

## Common fixes

The deployment guide ([`DEPLOYMENT.md`](DEPLOYMENT.md)) has a full
[troubleshooting matrix](DEPLOYMENT.md#troubleshooting-matrix) covering every
known install-time error and its fix. The summary below highlights the ones
that account for ~90% of post-launch support questions.

### "500 — Something went wrong" on first browser hit

Open `storage/logs/laravel.log` and read the last 30 lines. The actual cause
is always there. Common patterns:

| Log says | Fix |
| --- | --- |
| `No application encryption key has been specified` | Run `php artisan key:generate`, then `php artisan config:clear`. Or re-run `/install`. |
| `Class "Laravel\Pail\PailServiceProvider" not found` | Stale `bootstrap/cache/packages.php` from a previous `composer install` with dev deps. Delete `bootstrap/cache/packages.php` and `services.php` in File Manager. |
| `Database connection [...] not configured` | `DB_CONNECTION` in `.env` is case-sensitive — must be lowercase `mysql`, `pgsql`, or `sqlite`. |
| `Base table or view not found: sessions doesn't exist` | Migrations haven't run. Run `php artisan migrate --seed --force` (or use `/install`). |
| `Specified key was too long; max key length is 1000 bytes` | A custom indexed varchar column exceeds your MySQL's 767/1000-byte InnoDB key cap. Cap custom string columns at 191 chars, or upgrade to MySQL 8 / MariaDB 10.3+. |
| `Vite manifest not found at .../public/build/manifest.json` | Your `build/` folder is in the wrong place for your layout. See [`DEPLOYMENT.md` § 1C](DEPLOYMENT.md#1c-choose-your-layout--a-or-b). |

### Blank white page, no log entry

Open browser dev tools (F12) → **Network** tab → reload. Look for **red 404
rows**. If `/build/assets/*.js` returns 404, the asset files are missing
from the web root — see the manifest-location fix above.

### "419 PAGE EXPIRED" on every form

`SESSION_DOMAIN` wrong or `APP_URL` doesn't match what the browser sees.
Set `SESSION_DOMAIN=.yourdomain.com` and `APP_URL=https://yourdomain.com`
(no trailing slash). Clear config cache.

### Login does nothing inside a cross-origin iframe (CodeCanyon preview, etc.)

Symptom: visitor inside an iframe-wrapped install (CodeCanyon's
`preview.codecanyon.net` is the canonical case) submits the login form
and gets bounced straight back to the form with no error. Their session
cookie is being silently dropped by the browser.

Cause: Chrome 118+ and Safari 17+ block third-party cookies in cross-
origin iframes by default. `SameSite=None + Secure` alone is no longer
enough — modern browsers require explicit opt-in via the `Partitioned`
cookie attribute (CHIPS — Cookies Having Independent Partitioned State).

The `PartitionedCookies` middleware shipped from v1.0.4 onward handles
this automatically when `WEDFLOW_DEMO_MODE=true`. If you've enabled
demo mode and login still fails inside an iframe, verify the chain:

```bash
curl -ki -X POST https://yourdomain.com/login \
  -H "Cookie: $(curl -ks -c - https://yourdomain.com/login \
      | awk '/XSRF-TOKEN/{print "XSRF-TOKEN="$7}')" \
  -d "email=...&password=..." 2>&1 | grep -i 'set-cookie.*partitioned'
```

The Set-Cookie response should end in `; partitioned`. If missing, check
in order:

1. `WEDFLOW_DEMO_MODE=true` is in `.env` (and `bootstrap/cache/config.php`
   is deleted so the new env is read).
2. `PartitionedCookies::class` is **PREPENDED** to the web middleware
   group in `bootstrap/app.php` (not appended — order matters because
   Laravel's middleware "onion" inverts on the response side).
3. `bootstrap/cache/packages.php` is deleted (forces middleware re-discovery).
4. PHP / OPcache is bounced (cPanel → Select PHP Version → toggle → Apply
   → toggle back).

See [`DEPLOYMENT.md` § 1N](DEPLOYMENT.md#1n-running-a-public-demo-optional)
for the full iframe-compatibility breakdown.

### Photos uploaded but not displaying in the gallery

Run `php artisan storage:link`. If your shared host blocks symlinks, see
[`DEPLOYMENT.md` § 1G](DEPLOYMENT.md#1g-storage-symlink) for the
`.htaccess` fallback.

### Stripe webhook receiving 401 / 419

The webhook route at `/billing/webhook` is signature-verified and CSRF-
exempted (already configured in `VerifyCsrfToken.php`). If still failing,
your reverse proxy is stripping the `Stripe-Signature` header.

### Emails not sending

Visit `/admin/settings → Email Delivery` and click **Send test email**.
The error message tells you the exact failure (invalid API key, blocked
port, no SPF record, etc.). Resend is the simplest provider to set up;
SMTP works on any host.

### Demo data won't re-seed

The seeders are idempotent only on first run. To re-seed after editing,
wipe everything first:

```bash
php artisan migrate:fresh --seed --force
```

⚠️ **This destroys all data.** Never run on a production database.

### No SSH / Terminal access — how do I run `php artisan` commands?

Three options in cPanel:

1. **Use the `/install` wizard** — handles most setup commands automatically.
2. **Use `Cron Jobs`** — add a one-shot `* * * * *` schedule for `cd /home/cpaneluser/wedflow && php artisan COMMAND`, wait one minute, delete the cron entry. Works for any artisan command.
3. **Use File Manager** for cache clearing — see the [cPanel-only command reference](DEPLOYMENT.md#cpanel-only-command-reference) in `DEPLOYMENT.md`.

## Reporting security issues

Please **do not** open public Envato comments or GitHub issues for security
problems. Email the address in your purchase receipt with the subject
`WedFlow security report` and a description that's specific enough to
reproduce.

## Feature requests

Comment on the Envato item or open a GitHub discussion (if your purchase tier
includes repo access). Roadmap is updated quarterly; high-vote requests get
prioritised.

---

*Thank you for choosing WedFlow — and for caring about the details.*