# Badge Server
## Overview
Badge Server is a PHP/MySQL application that allows organisations to display verified certification badges on their websites. Badges are served as images via an API and are centrally managed through an admin panel.
## How It Works
Organisations that hold certifications (e.g. CCA, LEAPCert, LEAPOS) are given an embed code — a simple `![]()
` tag — to place on their website. When a visitor loads the page, the badge image is fetched from this server in real time.
If the organisation's certification is current, the correct badge is displayed. If it has expired, an "Expired" badge is shown instead, and an email alert is sent to the administrator.
## Key Features
- **Real-time badge serving** — Badges are not static files on the organisation's site. They are served live, so status changes take effect immediately.
- **Automatic expiry** — Each badge assignment can have an expiry date. Once reached, the badge automatically switches to the expired state.
- **On-the-fly resizing** — Badges can be requested in three sizes (small, medium, large) to suit different layouts, with resizing handled server-side via GD.
- **Anti-fraud protection** — Embed URLs include an HMAC signature and the API verifies the requesting domain against an allowed domain per organisation. This prevents one organisation from using another's badge code.
- **Email alerts** — When an expired badge is accessed, the administrator is notified by email.
- **Admin panel** — A web-based interface for managing organisations, assigning badges, setting expiry dates, configuring allowed domains, and generating signed embed codes.
## Components
| File/Folder | Purpose |
|---|---|
| `api/config.php` | Database credentials, email settings, signing secret |
| `api/getBadge.php` | API endpoint that serves badge images |
| `admin/index.php` | Admin panel for managing organisations and badges |
| `images/` | Badge image files (PNG with transparency) |
| `schema.sql` | MySQL database schema |
## Embed Code Example
```html
```