Client Project · Full-Stack
PCCI Membership Platform
Membership management system for a Philippine Chamber of Commerce
Problem
The Philippine Chamber of Commerce and Industry (PCCI) branch was managing memberships, dues, events, and communications entirely through manual processes — spreadsheets, paper records, and back-and-forth emails. Tracking who had paid, who was a new applicant pending approval, and what events were upcoming was fragmented across multiple people and tools. They needed a centralized system that different staff roles could use simultaneously without stepping on each other's data.
Solution
A full-stack membership management platform with two layers: a public-facing website for prospective members to learn about the chamber and apply, and a role-based admin dashboard for staff to manage everything from one place. The system handles the full membership lifecycle — application submission, approval/rejection workflow, dues tracking across multiple payment channels, and automated email notifications at key steps. A Website CMS module (Super Admin only) lets non-technical staff update the public site's content without touching code.
Tech Stack
| Backend | Laravel 12 · Laravel Sanctum (API auth) |
| Frontend | Next.js · Tailwind CSS |
| Database | PostgreSQL |
| File Storage | Backblaze B2 (images for events, trustees, activities) |
| Brevo SMTP (registration confirmations, OTP for sensitive operations) | |
| Auth | Role-based — Super Admin, Admin, Treasurer with scoped access |
| Deploy | Render (backend + frontend, free tier staging) |
| Containerization | Docker + Docker Compose for local development |
Key Features
| Module | What it does |
|---|---|
| Membership lifecycle | Public application form → pending → approve/reject → active member |
| Dues tracking | Multi-channel payments (GCash, bank transfer) logged per member |
| Events & Activities | CRUD with image uploads; shown on public pages |
| Board of Trustees | Manage profiles with photos; displayed on public About page |
| Website CMS | Super Admin controls all public page content without code changes |
| Email notifications | Automated emails on application, approval, and OTP for password changes |
| RBAC | Super Admin sees everything; Admin manages members; Treasurer manages dues |
Architecture
Decoupled frontend and backend. Next.js frontend communicates with the Laravel API via Sanctum token auth. Files (images, documents) are stored on Backblaze B2 and served directly from B2 CDN URLs — the Laravel backend never serves binary assets. Email is handled by Brevo SMTP, injected via Laravel's mail driver config. Both services are containerized with Docker for local dev parity and deployed independently on Render.
Selected Lessons
- ›RBAC scoping is harder than it looks at the API layer. Sanctum makes auth easy, but ensuring a Treasurer can't accidentally access member approval endpoints required explicit policy checks on every sensitive route — not just middleware groups.
- ›Backblaze B2 has stricter CORS rules than S3. Getting image uploads to work from a browser required careful bucket CORS configuration — the default settings silently reject cross-origin PUT requests.
- ›CMS features expand scope fast. Starting with a simple "edit the hero image" request grew into a full CMS with 4 page sections, reorderable content, and fallback rendering. Scoping CMS work explicitly upfront would have saved significant back-and-forth.
- ›Render's free tier is fine for staging but has real limitations. Both services spin down after inactivity, which means a cold start can take 30–60 seconds. For a client demo environment this needs an upfront expectation-setting conversation.