17 weeks. 4 deliverables. One live platform.
We'll walk each phase in order, then open the live site at m2y.online for the demo.
Me2Youto C2C scams.
So I built this.
Me2YouTwo economies. Only one is online.
South Africa's online retail is a polished R130 billion. Its informal economy is seven times bigger and almost invisible online.
No central storefront, no escrow, no reviews, no record.
Me2You sits in that gap.
Me2YouFour reasons C2C marketplaces don't work here.
No verified C2C platforms
Gumtree, Facebook Marketplace and OLX don't verify identity. No escrow. No dispute resolution. The buyer carries all the risk.
No local payment rails
Cash and informal EFT dominate. No C2C platform we found integrates PayFast, SnapScan or Ozow for informal traders.
No central moderation
Scams and counterfeit listings operate without consequence. First-time buyers absorb the loss when checks fail.
Data-heavy interfaces
Global C2C platforms assume fibre. R30 to R50 a month prepaid bundles can't browse them. The rural digital gap deepens.
Trust is the binding constraint. Makhitha & Ngobeni (2023) identify payment security and seller verification as the single greatest barrier to C2C adoption among township consumers.
Me2YouThe seller is a person, not a brand.
Three connected audiences. Each is a real person with a real phone, a real budget, and a real reason existing marketplaces don't fit.
Sells from home or a street pitch. Reach beyond the block without abandoning cash-friendly transactions.
Resells clothes, electronics, and second-hand goods. WhatsApp groups and Marketplace are today's tools, but neither has escrow.
Browses on an entry-level Android with a prepaid bundle. Worries about "fake proof of payment" scams more than price.
Me2Yousells everything, holds the money,
and dispatches its own drivers.
Me2Youstay the main thing.”
The main thing on Me2You is simple: the buyer gets the thing, the seller gets the money. Everything you'll see in the next 25 slides: the feed, the auctions, the driver app, the admin panel: exists to keep that one promise.
27 categories
Items, property, vehicles, auctions: one schema.
4 sale modes
Buy-now, auctions, swaps, reserve-with-deposit.
3 delivery paths
Collect, Paxi pickup, or own-driver dispatch.
TikTok-style feed
Swipe up to cart. Tap to unmute. Data-light.
20-page admin
Disputes, escrow ledger, audit log, payouts.
Me2YouAcceptance criteria, scored.
m2y.online · 38 listings · 27 categories · ALB & ASG
/admin/ · 20 pages · 4 roles · audit_log 3 yr
Me2You4 problems.
1 plan.
Me2YouThe artefact, its sections, and how it scored.
Project Proposal
7 sections · the proposal at a glance
The commitments, audited
/admin/ · 4 roles · 20 pagesMe2YouSchema.
Architecture.
Me2YouWarm orange for trust. Plum for community. Mono for proof.
Three decisions carry the whole product. Defined once in prototype/colors_and_type.css and inherited by every page.
Me2YouHand-drawn at three breakpoints, three variations each.
Live preview embedded below, pulled straight from app/hub/wireframes/. Annotated, 3 breakpoints, hand-drawn aesthetic.
Me2YouA request travels four tiers. All inside South Africa.
From a township-Android browser to a PayFast callback. Same data centre, same rand, no exchange-control question.
browser → app/checkout/ → orders + order_items → PayFast → app/webhooks/payfast_itn.php → escrow_heldMe2You62 tables. 11 carry the transaction.
Buyer, seller, driver and community manager are capabilities on a single users row. Every other table joins back here.
kind · title · price_cents · status
slug · town · rules
total_cents · escrow_state · order_status
Me2YouThe platform holds the money. The buyer releases it.
At every state, exactly one party owns the money. Always. Auto-release fires 48 hours after the buyer confirms receipt.
orders.order_status · escrow ledger: app/admin/escrow.phpMe2YouFour roles. One users table.
Buyer and seller are capabilities, not separate signups. Driver is granted after KYC. Admin sits behind a gate at /admin/.
Same login, same trust score. A buyer becomes a seller the moment they post their first listing · no separate signup, no second password.
require_role('admin');
// app/admin/disputes.php
Community Manager is a row in community_managers · not a global role. Admin is invite-only and audit-logged.
Me2You3 sprints.
By the book.
Me2YouVanilla PHP wasn’t a constraint. It was a choice.
ITECA3-T12 specifies procedural PHP, no framework. We chose the brief literally and made it scale with discipline: shared helpers, file-per-route, schema migrations, PDO everywhere.
File-per-route
Every URL is one PHP file. app/orders/track.php is one route, one concern, one read.
Shared helpers
app/lib/ · Money, SaIdNumber, TrustScore, ShareLink. Pure functions, unit-tested.
PDO prepared, always
Emulation off. Every query is parameterised. Zero string concat. Zero mysqli_query.
Schema migrations
44 numbered SQL files in db/migrations/. Forward-only. Idempotent seeds.
require_once __DIR__.'/../lib/Money.php';
$csrf->assert();
$stmt = $pdo->prepare("INSERT INTO orders (buyer_id, total_cents, order_status, idempotency_key)
VALUES (?, ?, 'placed', ?)");
$stmt->execute([$buyerId, $totalCents, $idempotencyKey]);
$orderId = $pdo->lastInsertId();
// → POST to PayFast; the ITN response is HMAC-verified before flipping status to 'paid'
Me2YouBrowse. List. Cart. Check out.
All the standard C2C surfaces, sized for an entry-level Android on a prepaid bundle.
Four kinds in one table
Item · condition, brand · Property24-class: erf_number, levy, estate, amenities · AutoTrader-class: engine_cc, power_kw, VIN · Auction: closes_at, min_increment. One schema, vertical-specific JSON column for the rest.
Whitelisted sorts
Best match · trending · ending soon · recently reduced · closest to me · nearest community. One whitelist, never concatenated. Geo sorts use the cached lat/lng on users.
Price-watch built in
When you add at R 450 and the seller drops to R 400, we tell you. added_price_cents snapshot vs current price.
PayFast + idempotency
Idempotency token stops a back-button double-charge. ITN webhook is 4-step verified (signature, source IP, postback, amount match) before status flips to paid.
Me2YouDiscovery first, escrow second. The Yaga playbook, mobile-native.
Sellers post short clips. Buyers swipe, tap to unmute, swipe up to cart, never leaving the reel. Every video tile funnels straight into the escrow flow.
For You · Following · Near me
- Tap to unmute · silent by default, prepaid-friendly
- Swipe up · add the listing to cart
- Long-press · save to wishlist with price-drop alerts
- Only the visible card loads its video; others use 10×10 LQIP posters
Each upload is transcoded to a poster image and a 540p MP4 (≤ 8 MB). Likes, comments, shares are denormalised counters refreshed by a cron.
Towns. Suburbs. Interest groups.
Per-town and per-interest spaces with their own community managers. Local supply, local trust. Yaga doesn't have this. Bob Shop doesn't have this.
The third tab uses cached lat/lng on users to surface listings within 5 km. Buyers in Soweto see Soweto-listed items first.
Only the visible reel loads its video. The rest sit as 10×10 LQIP posters at < 1 KB each.
Me2YouFour ways to close a deal.
Reserve with deposit
50% deposit into escrow. Seller approves within 7, 14 or 30 days. On expiry, deposit splits 25/25. Both parties tick a timestamped risk-ack. No other SA C2C does this.
Auctions
Time-boxed bidding with price-scaled minimum increments. SELECT … FOR UPDATE guards two simultaneous bids inside one transaction.
Swap offers
Offer an item from your own listings in exchange instead of cash. Township barter, formalised. swap_listing_id FK on the offers table.
Watch & price drop
Save a listing, get alerted when the price falls. The prev_price_cents snapshot drives the cron sweep.
Pay-it-off-in-weekly-instalments lay-bye is scaffolded in laybye_plans (slide 16). Waiting on an NCA-registered banking partner before going live.
Me2YouA trust score on every profile. Earned, not bought.
Six signals roll up into one number from 0 to 100, surfaced wherever the user appears · on listings, in search, inside messages, beside the buy button.
Four levels, one badge.
Me2YouThree delivery paths. One race-safe driver app.
Direct collection
Buyer collects from the seller. Safe-meetup finder suggests public, populated locations.
Paxi pickup
Store-to-store via the existing SA pickup network. HMAC-signed API with retry & idempotency.
Live driver
OSRM road routing, Nominatim SA geocoding, real-time GPS ping.
Two drivers tap the same job. Only one wins.
A conditional UPDATE … WHERE driver_id IS NULL claims the assignment atomically · no locks, no race, the loser sees “already taken”.
$claimed = $pdo->prepare("UPDATE deliveries SET driver_id=?, status='assigned' WHERE id=? AND driver_id IS NULL");
$claimed->execute([$driverId, $deliveryId]);
if ($claimed->rowCount() === 0) return 'already_taken';
Every order is potentially a job for someone in the same suburb. Platform takes 18%, driver keeps 82%. Same Checkers Sixty60 split, applied to C2C.
Me2YouPayFast today. Provider-agnostic for tomorrow.
A single payment abstraction sits behind the checkout. PayFast is the active rail; the others are wired into the same interface and toggle on with a config flag once each provider's KYC clears.
One interface, six implementations.
interface Gateway { function redirect($o); function verify($p): bool; }
$gateway = Gateways::for($cfg['active_provider']); // payfast | ozow | mobicred | …
A UK Stripe entity settles GBP to a UK bank. SA buyers pay ZAR: every transaction would carry FX cost plus a SARB exchange-control question. PayFast lands rand-to-rand, supports 3DS & SA-local rails out of the box.
Me2You20 admin pages. Every action audited.
Separate URL space at /admin/, gated by require_role('admin'). Every write hits audit_log with actor, IP, before/after JSON.
Me2YouMoney sits on the line. Security gets the floor, not the ceiling.
not just show items.
Every control below is enforced in code or at the load balancer. Nothing relies on policy.
- PayFast ITN verified in 4 steps (signature, source IP, postback, amount) before escrow flip
- Bcrypt cost 12 with auto-rehash on every login
- CSP + HSTS set in PHP, enforced at the ALB · preload-ready
- CSRF + rate-limit on every state-changing route, no exceptions
Inside every request
- CSRF token on every POST
e()escape on every output- PDO prepared ·
emulate_prepares=false - Rate-limit on auth + password-reset
- Session regenerates on role change
- Uploads go through MIME-sniff + EXIF strip
Your data, on your terms
- Explicit consent timestamped on signup
- Privacy & Cookie policies linked sitewide
- Account › Export (full JSON dump)
- Account › Delete (cascading)
- Audit log retained 3 years, read-only
- S3 buckets server-side encrypted
Me2YouEngineered for a R30-a-week prepaid bundle.
The proposal goal was home page first paint under five seconds on a Slow-3G connection. We hit 2.1 seconds. Slide 6 said the local buyer browses on entry-level Android with prepaid data · this slide proves we built for them.
m2y.online home page
3 variants · 4 formats
Every upload produces a thumb, a display, and a 10×10 low-quality placeholder · served as both JPEG and WebP through a <picture> element.
Long-cache + filename hash
Static assets get a 1-year Cache-Control with hashes for cache-busting. mod_deflate gzip. HTTP/2 at the ALB.
Self-hosted · zero third-party
Quicksand and Nunito served from same origin, subset to Latin, with font-display: swap.
Me2YouMe2YouWhy these services. Why not the alternative.
Every component is a deliberate choice over a cheaper alternative. Money sits in the database. Outage equals frozen escrow. We chose for resilience first.
Multi-AZ
ElastiCache
SSE-S3
Money sits in orders.escrow_state. A database outage means the platform can't release funds. Multi-AZ adds 60 seconds of failover, not 24 hours of incident.
Auctions close at fixed times. Traffic spikes around endings. The ASG absorbs the burst from min 2 to max 6 t3.small instances, then scales back when idle.
Sessions survive rolling deploys. A buyer mid-checkout doesn't get logged out when we ship a fix. ElastiCache keeps the session token even when its EC2 host gets terminated.
VPC, ALB, ASG, RDS, ElastiCache, S3, IAM roles, Route 53 records: one terraform apply. Re-runnable. Disaster-recoverable.
Me2YouA platform, not a prototype.
Everything below is in the repo, in the live database, and walkable in the demo.
db/schema.sql
Me2YouOpen m2y.online · let's go.
- Sign in as buyer · browse home, search, filter
- Open a listing · add to cart · checkout
- Pay via PayFast sandbox · watch status flip live
- Switch to seller account · mark "Dispatched"
- Switch to buyer · confirm "Received"
- Sign in as admin · disputes · audit log · escrow ledger
- Drop into the discovery feed · swipe a video to cart
On Complete Payment, the ITN webhook flips the order from Placed to Paid.
Me2YouWhere Me2You goes from here.
The architecture is built for these. Lay-bye is already in the schema; the others are partner-led, not engineering-blocked.
laybye_plans, laybye_instalmentsEtsy 6.5%, eBay up to 13.25%. We chose 4% because we sell the trust, not the listing.
Built for local rails.
A foreign incumbent has to onboard PayFast, Paxi, Titan, SARB exchange-control clearance, SA-first geocoding, and POPIA compliance before they can launch a single transaction in our market.
Done as our final-year project.
Me2YouSources and academic anchors.
Around 50 Harvard-cited references in the D1 proposal. The eight most load-bearing are below; the full bibliography sits in the proposal PDF, submitted via Moodle on 25 February 2026.
Me2YouToday it's in its infancy. Work and a relocation to the UK make this a side project from now on. One day, when the time is right, I'll launch it as a fully-fledged platform for Africa's informal economy. Until then, I keep building.