Deliverable 3
Step-by-step guide for buyers, sellers, drivers and admins. Covers every feature of Me2You as deployed at m2y.online.
Me2You is a consumer-to-consumer (C2C) marketplace built for South Africa. The platform connects individual buyers and sellers in one unified account model, with escrow payment protection, three delivery options, a community discovery layer and a unified driver capability. The brief is mobile-first, low-bandwidth and POPIA-compliant.
The stack is the permitted set only: HTML5, CSS3, JavaScript (vanilla, no jQuery in the deployed build), PHP 8.3 (procedural, file-per-route), MySQL 8.0 (62 InnoDB tables, utf8mb4), Bootstrap 5.3.2 from a CDN and Leaflet 1.9.4 for maps. Payments are taken through PayFast (the South African gateway, sandbox in submission and live after merchant KYC). Transactional email runs through Titan SMTP. The pickup-point delivery option calls the Paxi API with a graceful fallback when credentials are absent. Hosting is on AWS EC2 behind an Application Load Balancer with Auto Scaling, RDS MySQL Multi-AZ, ElastiCache Redis and S3 for uploads. The whole stack is defined as Terraform in deploy/terraform/. No CMS is used.
Me2You is built strictly on the permitted technologies for the module, with no framework code generators and no CMS. The whole application is hand-written and version-controlled. The layers are as follows.
The live platform that this manual describes is reachable below. Each operational section that follows links directly to the running page it explains.
Open any modern browser (Chrome, Firefox, Safari, Samsung Internet) on a phone, tablet or computer. Navigate to https://m2y.online. The site is fully responsive and works at 375 pixels, 768 pixels and 1280 pixels. No app download is needed.
Admins sign in via the same login form. After login, the navigation reveals an "Admin" entry that opens the admin dashboard. The admin area is RBAC-gated: every admin route calls require_role('admin') server-side, so the navigation hint alone is not a security gate; the server check is. Admins can view the dashboard, manage users, moderate listings, manage orders, resolve disputes, approve drivers, run driver payouts, view the escrow ledger and the audit log.
Me2You uses a unified account model. A single user record can buy and sell from the same profile. The driver capability is an applied-for, admin-approved extension of a regular account, stored in a separate couriers table joined by user_id. The four roles are:
Open the account menu (top right) and choose "Settings". Update display name, phone, password, avatar, cover image, notification preferences and bank details for payouts. The settings area also holds the POPIA data export and the account-deletion request.
Each listing renders photos (and optional short video), title, price in rands, condition, full description, seller card with rating, and the action panel. The action panel adapts to the listing kind: a Buy or Lay-bye or Bid tab switcher appears on eligible listings. Open any listing from the browse page above to see a live product detail page.
Open "My orders" from the account menu to see your order list. Each order shows a status timeline: placed, paid, dispatched, received, completed. The escrow badge sits prominently at the top, showing whether funds are held, released, frozen or refunded. For driver deliveries, the tracking page shows the courier's last known location on a Leaflet map.
When the parcel arrives, open the order and tap "Confirm receipt". This releases the escrow to the seller (or starts the 48-hour auto-release if you do nothing). You may then leave a review of the seller. Sellers can also leave a review of buyers; the two-sided review is rendered on each member's profile.
Every member can list. Click "Sell" in the navigation or open the seller onboarding page to verify a phone number, add bank details for payouts and accept the seller agreement.
From the seller dashboard open any of your listings and tap "Edit". Change the title, description, price, condition or photos. Saving sends the listing back through moderation if a sensitive field changed; otherwise the change is live immediately.
From the seller dashboard tap the actions menu on a listing and choose "Take down". The listing is hidden from public browse but the historical orders that referenced it stay intact. To re-list, choose "Republish".
Listings can carry a short MP4 (maximum 15 MB, maximum 30 seconds) alongside photos. Open the listing edit page and choose "Add video". The video appears in the listing gallery and in the discovery feed.
Sellers can paste a Facebook Marketplace URL into the import page. The Open Graph parser pre-fills title, description, price, photos and location, which the seller reviews and confirms.
The site has three menu surfaces:
Categories are stored in the categories table and rendered through the same include on every category surface; adding a new category is a single INSERT and it appears everywhere.
Three delivery methods, all with escrow protection, set up in the shipping_methods table:
An approved Me2You driver picks up from the seller and delivers to the buyer's address. The delivery fee is distance-based (typically R35 to R90) and is calculated server-side using haversine distance against the courier's last ping. The order is published to the driver job board the moment the buyer pays.
The seller drops the parcel at the nearest store. The parcel moves through the network in two to five business days. The buyer collects from their chosen pickup point using a 6-digit collection code. Network fees apply (typically R40 to R60).
The buyer and seller meet in person. A 6-digit OTP confirms the handover: the buyer shows the code only after inspecting the item, the seller enters it on their phone, and the escrow releases at that moment. Free.
The homepage hero image is served from app/shared/hero-logo.png (a 520 by 520, 39 KB optimised asset with explicit width and height and fetchpriority high, so the largest contentful paint stays under target). To change it, replace the file with a similarly-sized image and rebuild the cache. Featured listings under the hero are pulled from the listings table by recency and trust score; the homepage code does not hard-code any image, so adding listings to the demo seed automatically updates the homepage.
The Me2You peace-hand logo is in app/shared/ in three sizes (192, 512 and 1024 pixels) plus an Apple touch icon. Replace these four files with new artwork at the same dimensions; the includes pick them up automatically. The hub logo at /hub/shared/logo-peace.png is the same artwork, served by the hub independently so the hub can be rebranded without changing the marketplace.
A single database transaction wraps the whole checkout: the order row is created in "placed" status, the cart items are snapshotted into order_items (so subsequent price changes on the listing do not affect the order), and the cart is cleared. The buyer is then redirected to PayFast.
When PayFast settles, the ITN handler at /webhooks/payfast_itn.php runs four security checks (IP whitelist, signature, server-side validate, amount match against the database). On success it transitions the order to "paid", writes an escrow row in "held" status, and branches on the fulfilment type: for driver delivery it publishes a job to delivery_assignments; for self-collection it mints a 6-digit OTP into collection_otps; for pickup network it stubs a Paxi waybill into pickup_shipments.
Me2You is a file-per-route procedural PHP application. Each user-facing URL maps to a file under app/, for example /listings/browse.php is app/listings/browse.php. To update a page, edit that PHP file directly. Static legal pages live under app/legal/. Shared chrome (header, footer, navigation, security headers and the Content-Security-Policy) lives in app/includes/header.php and app/includes/footer.php; changes there affect every page. Per-page CSS lives under app/assets/css/pages/ and is loaded only on its matching page, which keeps the per-page CSS small.
To add a new page, create the PHP file in the right directory, require the auth helpers and the header at the top, write the page body with output escaped through e(), and require the footer at the bottom. Add a link to the new page in app/includes/header.php or app/includes/footer.php so it is reachable.
Me2You uses a provider-agnostic payment layer (app/config/payments.php). One provider is active today and others are registered as "coming soon" so the buyer sees the roadmap and the operator can activate a new rail by flipping its status, without rewriting checkout:
Money is always handled as an integer number of cents in the database (price_cents, total_cents). The rands() helper is the only place currency is formatted for display, so the rand sign is consistent across the whole site. Payments never bypass escrow: every paid order writes an escrow_transactions row in "held" status that only releases when the buyer confirms or the 48-hour auto-release fires.
Apply on the driver registration page with SA ID, driver's licence, vehicle type and service area. Submit and you are redirected to the onboarding page which tracks application status. An admin reviews and approves the application within 48 hours. Once approved the "Driver" navigation entry appears in the account menu.
The driver earnings page shows this week, pending payout, month total, average per job, recent payout batches and full job history. Drivers are paid every Friday via bank EFT in one batch. Tips are 100 percent to the driver (no platform cut) and ride alongside the same EFT.
The driver ratings page shows the star rating from buyers plus acceptance, on-time and cancellation KPIs. Drivers in the top 15 percent get "Gold driver" status, which gives priority visibility and a small per-delivery bonus.
The discovery feed is a vertical short-video feed with tabs For You, Following and Near me. Only the on-screen video plays, to keep prepaid data use low. Tap to unmute. Swipe up adds to cart, swipe in the opposite direction adds to the wishlist (Watch). Inline social bar lets the buyer like, comment, share, follow and shop without leaving the feed.
Community hubs group people by town, suburb, security estate or interest. Each hub has its own "what's happening" feed (updates, events, safety alerts) and a roster of members. A per-community manager (a different role from the site-wide admin) can approve members, pin posts and publish events without touching the global RBAC.
The following page shows the people and communities you follow. The saved-searches page stores named search queries and notifies you when a new listing matches. The check_saved_searches cron runs every 15 minutes.
On eligible listings the action panel offers a "Lay-bye" tab. The buyer pays a deposit into escrow, the seller reserves the item and approves within the chosen window, and the buyer pays the remainder in instalments. A timestamped risk acknowledgement is recorded for both parties.
Time-boxed listings show a countdown, current bid, minimum next bid (price-scaled increments: R1 for cheap items, R100 for expensive ones), and a bid form. The bid endpoint is transaction-guarded so two bids cannot both win.
The "Propose a swap" button on the product detail page opens a flow where the buyer picks one of their own listings to offer in trade, writes a message, and sends. The seller sees both items side by side and accepts, declines or counters. A message thread is opened automatically.
Tap the heart on any listing to "Watch" it. A row is written to wishlists. When the seller drops the price, the price_drop_alerts cron sends a notification: "Price dropped from R349 to R299 on Nike Air Max."
Sellers can pause their shopfront without delisting. The vacation page carries a toggle; when on, all of the seller's listings display a "back on" date and new orders are paused.
The account settings page holds POPIA-related controls:
Passwords are hashed with bcrypt and automatically rehashed on login if the cost factor increases. Every database query uses PDO prepared statements with EMULATE_PREPARES off, so prepared parameters are bound at the protocol layer. Output is escaped through e() everywhere. CSRF tokens are session-bound and validated with hash_equals.
Every page below is RBAC-gated and reachable only by a signed-in administrator. Each opens the live admin tool it describes.
The admin dashboard shows active users, live listings, 30-day GMV in rands, open disputes and an "attention queue" for items that need triage. Below the tiles: a recent orders table with buyer and seller names, a top-categories breakdown and a 30-day GMV chart.
The user management page is a searchable, filterable table. Clicking a row opens a side drawer with the user's profile, order history and KYC status. Admins can edit name, email, role and status (active, suspended, deleted). Only the super-admin can hard-delete.
The moderation page shows the queue of pending listings plus flagged live listings, with system risk signals (price anomaly, off-platform call-to-action, new-account flag). Three actions: approve, request edit, reject and warn. A rejection requires an audit note.
The order management page shows the full orders table with status filter pills. Click any order for the detail view: items, buyer and seller, delivery tracking, status workflow, escrow state and admin actions (force complete, issue refund, add note).
The disputes page opens disputes oldest first. The split panel shows the buyer's side and the seller's side with their evidence. Three resolution buttons: refund buyer (escrow refunded, order cancelled), partial split (admin enters the amounts), release to seller (escrow released, order completed). A resolution note is required. Both parties are emailed.
The escrow ledger is a read-only ledger of every escrow transaction. Use it to verify the auto-release cron is working, check frozen escrows tied to open disputes and reconcile against PayFast settlement reports.
The verifications page holds the queue of driver applications with their ID and licence uploads. The driver payouts page groups pending driver earnings by driver, exports a bank-ready CSV for the weekly EFT batch and marks the batch as paid once the bank confirms.
The audit log records every admin action: actor, action, target type, target id, timestamp and a note. Required for POPIA accountability and useful for support investigations.
Three signals are available out of the box:
A Lighthouse CI workflow runs on every push and asserts mobile performance, accessibility, best-practices and SEO budgets against the four most-visited pages. An external uptime monitor (UptimeRobot) pings the health endpoint every five minutes and emails on failure.
mysql -u root -p -e "CREATE DATABASE m2y CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" mysql -u root -p -e "CREATE USER 'm2y'@'localhost' IDENTIFIED BY 'm2y_dev'; GRANT ALL ON m2y.* TO 'm2y'@'localhost';" mysql -u m2y -pm2y_dev m2y < db/schema.sql for f in db/migrations/*.sql; do mysql -u m2y -pm2y_dev m2y < "$f"; done for f in db/seeds/*.sql; do mysql -u m2y -pm2y_dev m2y < "$f"; done php -S localhost:8080 -t app app/router.php
Open http://localhost:8080 in any browser. The router script makes the PHP built-in server serve the custom 404 page (Apache uses ErrorDocument; the router emulates that for local dev).
cd deploy/terraform terraform init terraform validate terraform plan terraform apply
The Terraform stack provisions a VPC, an Application Load Balancer with HTTP-to-HTTPS redirect, an Auto Scaling group of EC2 instances, RDS MySQL Multi-AZ with 7-day backups, ElastiCache Redis Multi-AZ, an S3 uploads bucket, Secrets Manager and a CloudWatch alarm set (with SNS email) plus an AWS Budgets cost alarm. Each instance bootstraps from deploy/user-data.sh: install PHP and Apache, pull secrets from Secrets Manager into Apache SetEnv, install the CloudWatch agent, run deploy/migrate.php behind a Redis lock. The complete runbook is in deploy/GO-LIVE-EC2.md and every external account (PayFast, Titan, Paxi, GoDaddy) is documented in deploy/EXTERNAL-ACCOUNTS.md.
PayFast sandbox card for the demo flow: 4000 0000 0000 0002, expiry 12/30, CVV 123.
| Error | Cause | Fix |
|---|---|---|
| Bad CSRF token | Session expired or form submitted twice | Refresh the page and try again |
| 403 Forbidden | Wrong role for this page | Sign in with the correct role |
| PayFast "Payment failed" | Card declined or bank timeout | Try again or use a different method |
| File too large | Photo exceeds 2 MB | Resize before upload |
| Listing rejected | Moderator flagged it | Check the rejection reason in the seller dashboard and edit |
| OTP expired | The 6-digit code is valid for 24 hours | Contact support to issue a new code |