Physiotherapy Clinic Management System

A complete API-first physiotherapy clinic management system built with Laravel 10, SQLite, AdminLTE (Bootstrap 5), and Sanctum authentication.

Features

• API-First Architecture: All business logic exposed via RESTful JSON APIs
• Multi-language Support: Arabic and English with RTL support
• Role-based Access Control: Admin, Manager, Therapist, Receptionist
• Two-Factor Authentication: Optional TOTP-based 2FA with recovery codes
• Patient Management: Full CRUD with demographics, medical history, referral tracking
• Appointment System: Conflict checking, calendar view, reminders
• Multi-currency: BHD, SAR, AED, QAR, KWD, OMR (Gulf currencies)
• Invoicing & Payments: Partial payments, outstanding balances
• Packages: Session packages with validity periods
• Ledger: Income/expense tracking with automatic entries
• Wage Management: Therapist productivity tracking and wage calculation
• Dashboards: Role-specific dashboards with key metrics

Tech Stack

• Backend: Laravel 10, PHP 8.1+
• Database: SQLite (auto-creates database file)
• Authentication: Laravel Sanctum (API tokens)
• 2FA: pragmarx/google2fa-laravel with Bacon QR Code
• Admin Panel: AdminLTE 3 (Bootstrap 4/5)
• Frontend: Blade views with JavaScript API consumption via Axios/Fetch

Installation

1. Clone and Install Dependencies

cd physiotherapy-clinic
composer install
npm install && npm run build

2. Environment Setup

cp .env.example .env
php artisan key:generate

The .env file is pre-configured for SQLite:

DB_CONNECTION=sqlite
DB_DATABASE=/full/path/to/physiotherapy-clinic/database/database.sqlite

3. Create SQLite Database

mkdir -p database
touch database/database.sqlite

4. Run Migrations and Seeders

php artisan migrate --force
php artisan db:seed --force

This creates:

• Default admin user (admin@clinic.com / password)
• Default therapist user (therapist@clinic.com / password)
• Gulf currencies (BHD base currency)
• Chart of accounts (income/expense)

5. Serve the Application

php artisan serve

Access at: http://localhost:8000

Default Login Credentials

Role	Email	Password
Admin	admin@clinic.com	password
Therapist	therapist@clinic.com	password

API Documentation

Authentication

Login

POST /api/login
Content-Type: application/json

{
  "email": "admin@clinic.com",
  "password": "password"
}

Response:

{
  "message": "Logged in successfully",
  "user": { ... },
  "token": "1|xxxxxxxxxxxxxxxx"
}

Register

POST /api/register
Content-Type: application/json

{
  "name": "New User",
  "email": "user@clinic.com",
  "password": "password",
  "password_confirmation": "password"
}

Logout

POST /api/logout
Authorization: Bearer {token}

2FA Endpoints

# Get 2FA status
GET /api/2fa/status

# Enable 2FA (returns QR code)
GET /api/2fa/enable

# Confirm 2FA with TOTP code
POST /api/2fa/confirm
{ "code": "123456" }

# Disable 2FA
POST /api/2fa/disable
{ "password": "password", "code": "123456" }

# Regenerate recovery codes
GET /api/2fa/recovery-codes

Patients

GET    /api/patients              # List (paginated)
POST   /api/patients              # Create
GET    /api/patients/{id}         # Show
PUT    /api/patients/{id}         # Update
DELETE /api/patients/{id}         # Delete
GET    /api/patients/{id}/profile # Full profile

Query parameters for list:

• search - Search by name, email, phone, code
• status - Filter by active/inactive
• page, per_page - Pagination

Appointments

GET    /api/appointments
POST   /api/appointments
GET    /api/appointments/{id}
PUT    /api/appointments/{id}
DELETE /api/appointments/{id}

# Calendar feed
GET /api/appointments/calendar/feed?start=2024-01-01&end=2024-01-31

# Available time slots
GET /api/appointments/available-slots?therapist_id=1&date=2024-01-15&duration=60

Invoices & Payments

# Invoices
GET    /api/invoices
POST   /api/invoices
GET    /api/invoices/{id}
PUT    /api/invoices/{id}
DELETE /api/invoices/{id}
GET    /api/invoices/summary/report

# Payments
GET    /api/payments
POST   /api/payments
GET    /api/payments/{id}
DELETE /api/payments/{id}
GET    /api/payments/summary/report

Ledger

GET /api/ledger
POST /api/ledger

# Reports
GET /api/ledger/summary/pl?date_from=2024-01-01&date_to=2024-01-31
GET /api/ledger/summary/income?date_from=2024-01-01&date_to=2024-01-31
GET /api/ledger/summary/expenses?date_from=2024-01-01&date_to=2024-01-31

Therapists & Wages

GET /api/therapists
GET /api/therapists/{id}
PUT /api/therapists/{id}

# Performance
GET /api/therapists/{id}/performance?period_start=2024-01-01&period_end=2024-01-31

# Wages
GET /api/therapists/{id}/wage-calculate?period_start=2024-01-01&period_end=2024-01-31
POST /api/therapists/{id}/wage

Dashboard

GET /api/dashboard

Response includes stats, recent appointments, charts data.

Role-Based Access

Feature	Admin	Manager	Therapist	Receptionist
Patients	All	All	Own only	All
Appointments	All	All	Own only	All
Invoices	All	All	View	All
Payments	All	All	-	Create
Ledger	All	View	-	-
Wages	All	Manage	View own	-
Settings	All	Limited	-	-

Two-Factor Authentication

1. After first login, go to Security settings
2. Click "Enable 2FA"
3. Scan QR code with Google Authenticator or similar app
4. Enter the 6-digit code to confirm
5. Save recovery codes in a secure location

To login with 2FA:

1. Enter email and password
2. When prompted, enter TOTP code from authenticator app
3. Or use a recovery code if you lost access to your device

Web UI (AdminLTE)

The web interface consumes the same API endpoints via JavaScript:

• Dashboard: /dashboard - Overview stats and recent appointments
• Patients: /patients - Patient list with search and filters
• Appointments: /appointments - Calendar and list views
• Security: /2fa - 2FA management

JavaScript API Helper

The included public/js/api.js provides a centralized API client:

// Get patients with search
const patients = await api.getPatients({ search: 'John', page: 1 });

// Create patient
const newPatient = await api.createPatient({
  first_name: 'John',
  last_name: 'Doe',
  phone: '12345678'
});

// Get dashboard data
const dashboard = await api.getDashboard();

Localization

The system supports English and Arabic:

• Translation files: resources/lang/en/, resources/lang/ar/
• Switch language: Click globe icon in navbar
• RTL support: Automatic for Arabic locale

Folder Structure

app/
  Http/
    Controllers/
      Api/           # API controllers (business logic)
      Auth/          # Web auth controllers
    Requests/        # Form validation classes
    Resources/       # API Resources (JSON formatting)
  Models/            # Eloquent models
  Policies/          # Authorization policies
  Services/          # Business logic services
      AppointmentService.php
      LedgerService.php
      WageService.php
      ReminderService.php

resources/
  views/
    layouts/         # AdminLTE layout
    auth/            # Login, register, 2FA pages
    patients/        # Patient list page
  lang/              # Translations (en, ar)

routes/
  api.php            # API routes
  web.php            # Web routes (views only)

Console Commands

# Send due reminders
php artisan reminders:send

# Calculate wages for period
php artisan wages:calculate --period-start=2024-01-01 --period-end=2024-01-31

Testing

Run PHPUnit tests:

php artisan test

License

MIT License