Appearance
Admin panel guide
Access: https://yourdomain.com/admin (requires role = admin).
Timezone
Exchange and admin timestamps use the PHP timezone from APP_TIMEZONE in backend/.env (default UTC). Verify under Extra → Application info. Examples: Europe/London, America/Chicago, Asia/Dubai.
Dashboard
Route: /admin
- Overview statistics (users, exchanges, volume)
- Trends charts
- Quick insight into platform health
Exchanges
Route: /admin/exchange
Manage customer exchange orders.
| Action | Description |
|---|---|
| View list | Filter by status, search exchange ID / user |
| View detail | Amounts, rates, proof fields, timeline |
| Approve | Confirm payment received |
| Cancel | Reject with reason |
| Refund | Mark refunded with reason |
Workflow tip: Configure currency form fields so users upload proof before approval.
Currencies
Routes: /admin/currencies, /admin/currencies/price
| Screen | Purpose |
|---|---|
| Currencies index | CRUD currencies, buy/sell rates, limits, fees, status |
| Currency prices | Reference rates + sync from API |
| Form fields | Dynamic proof fields per currency |
Users
Route: /admin/users
- Create users (optional credentials email)
- Edit profile, role, ban status
- View user reliability / exchange history summary
Blog
Routes: /admin/blog, /admin/blog/category
- Categories CRUD
- Posts with rich content, slug, SEO fields, featured image, status
Security
Blog HTML and optional head script are rendered on the public site. Trusted admins only — see Trusted admin content (XSS).
Legal pages
Route: /admin/settings/legal-pages
Create pages with custom slugs (e.g. privacy, terms). Public URLs: https://yourdomain.com/{slug}.
Security
Legal page bodies are stored as HTML and shown to all visitors. Only grant admin access to trusted staff — Trusted admin content (XSS).
Support tickets
Route: /admin/support
- View user tickets, change status
- Reply with message + attachments
Contact submissions
Route: /admin/contact-submissions
Inbox for public contact form messages.
Subscribers
Route: /admin/subscribers
- List newsletter emails
- Send broadcast HTML email
IP blocking
Route: /admin/ip-block
Block IPs permanently or until expiry; categories and reasons for audit.
Enforcement is applied by global API middleware (EnsureIpIsNotBlocked) on sensitive routes, including:
- Authentication (
/api/auth/*) - Customer dashboard (
/api/dashboard/*, except block status check) - Contact form, report/feature submissions, newsletter subscribe
- Creating exchanges and submitting proofs
Exempt (still reachable when blocked): public settings/legal pages, public GET content (rates, blog), GET /api/dashboard/ip-block/status (so the UI can show the block message), and all /api/admin/* routes so administrators can manage blocks.
Report & feature requests
Route: /admin/report-feature
User-submitted bugs and feature ideas from dashboard.
Settings
Route: /admin/settings
| Section | Slug / route | Purpose |
|---|---|---|
| General | general | Site title, currency display, decimals, bonuses |
| Logo | logo | Light/dark logo, favicon |
| System | system-configuration | Registration, email verification, secure passwords |
| SEO | seo | Meta, OG image, social titles |
| Home page | home-page | Full landing page builder |
| Social login | social-login | Google / Facebook |
| Custom CSS | custom-css | Global CSS injection (trusted admin only) |
| Sitemap | sitemap | XML sitemap config (served by Nuxt) |
| Robots | robots | robots.txt rules (served by Nuxt) |
| Currency rate API | (under settings / currencies) | External rate sync |
Home page preview
Route: /admin/settings/home-page-preview
Preview draft home page content before publishing.
Notifications
Route: /admin/notifications
In-app notification bell — exchange events, registrations, etc.
System tools
| Route | Purpose |
|---|---|
/admin/extra/cache | Clear Laravel caches |
/admin/extra/server | PHP/server info |
/admin/extra/application | App & Laravel version |
/admin/extra/update-log | Release notes UI |
Profile & security
| Route | Purpose |
|---|---|
/admin/profile | Admin profile & avatar |
/admin/password | Change password |
API reference (admin prefix)
All admin endpoints are under:
text
GET|POST|PUT|PATCH|DELETE {API_URL}/api/admin/...Authenticated with Sanctum session + admin authorization. See routes/api/admin.php in source for the full list.