commit 10bc97e8b902082dbbddbb7b0edf156f1693fc18
Author: Gestoría LP <contacto@gestorialp.com>
Date:   Sun Mar 1 23:25:55 2026 +0000

    feat: project scaffolding, database schema, config
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..eacdca8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+# Uploaded files
+uploads/*
+!uploads/.htaccess
+
+# IDE
+.idea/
+.vscode/
+*.swp
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..0924da5
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,14 @@
+# Security headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options "nosniff"
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set X-XSS-Protection "1; mode=block"
+</IfModule>
+
+# Block access to sensitive directories
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteRule ^includes/ - [F,L]
+    RewriteRule ^sql/ - [F,L]
+    RewriteRule ^vendor/ - [F,L]
+</IfModule>
diff --git a/includes/config.php b/includes/config.php
new file mode 100644
index 0000000..1f5696d
--- /dev/null
+++ b/includes/config.php
@@ -0,0 +1,28 @@
+<?php
+// Database
+define('DB_HOST', 'localhost');
+define('DB_NAME', 'gestoria_lp');
+define('DB_USER', 'root');
+define('DB_PASS', '');
+
+// SMTP (Hostinger)
+define('SMTP_HOST', 'smtp.hostinger.com');
+define('SMTP_PORT', 465);
+define('SMTP_USER', 'contacto@gestorialp.com');
+define('SMTP_PASS', '');
+define('SMTP_FROM_NAME', 'Gestoría LP');
+
+// WhatsApp
+define('WHATSAPP_NUMBER', '521XXXXXXXXXX');
+
+// Encryption key for client credentials (32 bytes for AES-256)
+define('ENCRYPTION_KEY', 'CHANGE_THIS_TO_A_RANDOM_32_CHAR_KEY!');
+
+// Upload settings
+define('UPLOAD_DIR', __DIR__ . '/../uploads/');
+define('MAX_FILE_SIZE', 5 * 1024 * 1024); // 5MB
+define('ALLOWED_EXTENSIONS', ['pdf', 'jpg', 'jpeg', 'png', 'doc', 'docx']);
+
+// Site
+define('SITE_URL', 'https://gestorialp.com');
+define('SITE_NAME', 'Gestoría LP');
diff --git a/includes/db.php b/includes/db.php
new file mode 100644
index 0000000..6764c5f
--- /dev/null
+++ b/includes/db.php
@@ -0,0 +1,15 @@
+<?php
+require_once __DIR__ . '/config.php';
+
+function getDB(): PDO {
+    static $pdo = null;
+    if ($pdo === null) {
+        $dsn = 'mysql:host=' . DB_HOST . ';dbname=' . DB_NAME . ';charset=utf8mb4';
+        $pdo = new PDO($dsn, DB_USER, DB_PASS, [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+            PDO::ATTR_EMULATE_PREPARES => false,
+        ]);
+    }
+    return $pdo;
+}
diff --git a/sql/schema.sql b/sql/schema.sql
new file mode 100644
index 0000000..f3a2401
--- /dev/null
+++ b/sql/schema.sql
@@ -0,0 +1,94 @@
+CREATE DATABASE IF NOT EXISTS gestoria_lp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+USE gestoria_lp;
+
+CREATE TABLE usuarios (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    username VARCHAR(50) NOT NULL UNIQUE,
+    password_hash VARCHAR(255) NOT NULL,
+    email VARCHAR(100) NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB;
+
+CREATE TABLE clientes (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    nombre VARCHAR(150) NOT NULL,
+    telefono VARCHAR(20),
+    email VARCHAR(100),
+    direccion TEXT,
+    notas TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
+) ENGINE=InnoDB;
+
+CREATE TABLE credenciales (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    cliente_id INT NOT NULL,
+    portal VARCHAR(100) NOT NULL,
+    usuario VARCHAR(150) NOT NULL,
+    password_enc TEXT NOT NULL,
+    notas TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (cliente_id) REFERENCES clientes(id) ON DELETE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE tramites (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    cliente_id INT NOT NULL,
+    tipo ENUM('visa','sentri','pasaporte','adelanto_cita','doble_nacionalidad') NOT NULL,
+    estado ENUM('nuevo','en_proceso','en_revision','completado','cancelado') DEFAULT 'nuevo',
+    fecha_solicitud DATE,
+    fecha_cita DATE,
+    fecha_resolucion DATE,
+    precio DECIMAL(10,2),
+    notas TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (cliente_id) REFERENCES clientes(id) ON DELETE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE documentos (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    cliente_id INT NOT NULL,
+    tramite_id INT,
+    nombre VARCHAR(255) NOT NULL,
+    ruta_archivo VARCHAR(500) NOT NULL,
+    tipo VARCHAR(50),
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (cliente_id) REFERENCES clientes(id) ON DELETE CASCADE,
+    FOREIGN KEY (tramite_id) REFERENCES tramites(id) ON DELETE SET NULL
+) ENGINE=InnoDB;
+
+CREATE TABLE solicitudes (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    nombre VARCHAR(150) NOT NULL,
+    telefono VARCHAR(20),
+    email VARCHAR(100),
+    servicio VARCHAR(50) NOT NULL,
+    datos_formulario JSON,
+    estado ENUM('nueva','contactada','convertida','descartada') DEFAULT 'nueva',
+    cliente_id INT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (cliente_id) REFERENCES clientes(id) ON DELETE SET NULL
+) ENGINE=InnoDB;
+
+CREATE TABLE recordatorios (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    cliente_id INT,
+    tramite_id INT,
+    titulo VARCHAR(200) NOT NULL,
+    descripcion TEXT,
+    fecha DATE NOT NULL,
+    completado TINYINT(1) DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (cliente_id) REFERENCES clientes(id) ON DELETE CASCADE,
+    FOREIGN KEY (tramite_id) REFERENCES tramites(id) ON DELETE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE testimonios (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    nombre_cliente VARCHAR(150) NOT NULL,
+    texto TEXT NOT NULL,
+    calificacion TINYINT CHECK (calificacion BETWEEN 1 AND 5),
+    activo TINYINT(1) DEFAULT 1,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB;
diff --git a/uploads/.htaccess b/uploads/.htaccess
new file mode 100644
index 0000000..5181e50
--- /dev/null
+++ b/uploads/.htaccess
@@ -0,0 +1,7 @@
+# Deny all direct access to uploads
+Order deny,allow
+Deny from all
+
+<FilesMatch "\.(?:pdf|jpe?g|png|doc|docx)$">
+    Allow from all
+</FilesMatch>