Alaa Emad Digital Marketing Portfolio
Responsive digital marketing portfolio showcasing media-buying expertise, campaign results, services, pricing, and lead channels.
Real digital transformation results from businesses across the Middle East.
Responsive digital marketing portfolio showcasing media-buying expertise, campaign results, services, pricing, and lead channels.
AI-assisted CRO audit workflow with secure submissions, asynchronous analysis, status tracking, and multi-format reports.
AI Vision tool specialized in parsing Arabic banking documents into structured JSON using Groq's Llama 4 Scout vision model.
Sophisticated Tarot PWA with a deterministic 78-card intent-scoring engine, multi-turn Groq AI interview pipeline, and post-reading card persona chat.
Real-time server SIEM with Apache/Nginx log scanning, fail2ban→UFW→iptables IP blocking chain, geographic attack mapping, and custom AI-assisted detection rules.
Advanced DNS-bypass utility for website migration previews using cURL CURLOPT_RESOLVE with dual-layer server-side + client-side URL rewriting.
Smart debt-management platform with automated credit checks, invoicing, reminders, and multi-channel payment collection.
Bilingual interview assessment platform with secure candidate links, timed exams, automatic scoring, and HR administration.
Advanced URL shortener with deep geographic, device, browser, OS, and time-based click analytics, plus CSV export and role-scoped multi-company access.
Nutrition-clinic management platform for patient profiles, treatment plans, follow-ups, progress analytics, and reports.
High-end dental portal with an AI-powered smile simulation engine using Google Gemini 2.5 Flash Image for photorealistic treatment previews.
Bilingual medical-network platform connecting patients with 1,300+ verified providers and healthcare discounts of up to 50%.
Professional legal learning platform with OTP access, live lecture states, expert profiles, and interactive discussions.
Modern flower e-commerce platform with live inventory, secure checkout, customer reviews, and an administration dashboard.
Luxury fragrance e-commerce platform with advanced discovery, live cart updates, order tracking, reviews, and inventory administration.
Let's discuss how we can help you achieve similar results for your business.
We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies.
Responsive digital marketing portfolio showcasing media-buying expertise, campaign results, services, pricing, and lead channels.
AI-assisted CRO audit workflow with secure submissions, asynchronous analysis, status tracking, and multi-format reports.
AI Vision tool specialized in parsing Arabic banking documents into structured JSON using Groq's Llama 4 Scout vision model.
Two-file architecture: index.php (frontend) and api.php (backend proxy). Frontend uses Bootstrap 5.3 + vanilla JavaScript with no build step. Image uploads base64-encoded via FileReader API and POSTed as JSON to api.php. Backend loads GROQ_API_KEY from .env via custom loadEnv() (lines 29-58), constructs Groq API payload with specialized system prompt and image as image_url content part, relays response to frontend as JSON.
1) User uploads image or enters URL. 2) FileReader converts uploaded file to base64 data URL in browser. 3) JS POSTs {text: null, image_url: 'data:image/jpeg;base64,...'} to api.php. 4) api.php calls loadEnv() → reads GROQ_API_KEY. 5) Constructs Groq payload: system prompt (Arabic banking rules) + user message with image_url content part. 6) cURL POSTs to Groq API. 7) Llama 4 Scout analyzes the Arabic bank screenshot. 8) api.php parses response.choices[0].message.content. 9) Returns {success: true, content: '{...json...}'} to frontend. 10) Frontend JSON.parse() and displays structured result.
Sophisticated Tarot PWA with a deterministic 78-card intent-scoring engine, multi-turn Groq AI interview pipeline, and post-reading card persona chat.
Custom PHP 8.1+ MVC framework with PSR-4 autoloading and no external framework dependencies. Core\Application bootstraps request lifecycle, loads routes from routes/web.php, and dispatches to controllers. Request/Response objects abstract HTTP; expectsJson() enables dual HTML/JSON responses from the same handler. Reading pipeline: ReadingPayloadBuilder normalizes inputs → TarotInterviewService orchestrates multi-turn interview → IntentAnalyzer tokenizes and classifies intent → ReadingEngine scores all 78 cards → ReadingLlmEnricher optionally enriches result via Groq. GroqClient wraps OpenAI-compatible API (Groq base URL, json_object response format enforced). CurlSsl::applyCainfo() loads system or bundled CA certificates (config/cacert.pem) for Windows HTTPS validation. Conversation state persisted in form hidden fields across interview turns.
1) User selects mode + submits seeker info → ReadingPayloadBuilder normalizes/truncates inputs. 2) ReadingController calls TarotInterviewService.process() → builds compiled_query → ReadingEngine.buildInterviewCardHints() returns top-6 card candidates with scores. 3) If LLM enabled: GroqClient calls Groq with tarot_interview_intake.txt prompt + card hints → receives {ready, next_question, search_query}. 4) If not ready → return status=clarify with next_question → user answers → appended to conversation_history → retry. 5) When ready → ReadingController calls ReadingEngine.generateReading() → IntentAnalyzer tokenizes+classifies intent → scoreCard() runs on all 78 cards (weighted token matching) → top tier randomized selection. 6) ReadingEngine builds full reading structure. 7) If ReadingLlmEnricher enabled → Groq enriches why_this_card, matched_meaning_side, practical_guidance, greeting (marked AI=true). 8) Controller renders home/index.php → frontend JS smooth-scrolls to result. 9) User initiates card chat → POST /api/card-chat → CardPersonaService builds card context → Groq responds as card persona → JS appends to chat UI.
Real-time server SIEM with Apache/Nginx log scanning, fail2ban→UFW→iptables IP blocking chain, geographic attack mapping, and custom AI-assisted detection rules.
Server-side PHP rendering from JSON file storage (no database). scan-logs.php runs as CLI via cron every minute, parses logs, scores IPs, merges fail2ban data, and atomically writes live-data.json. Dashboard pages load JSON via includes/data.php which buckets incidents by category. SSE endpoint streams scan progress as text/event-stream. AJAX endpoints (ajax/) handle IP actions with escapeshellarg() protection on all shell parameters, web action gating, and platform detection (Windows blocks shell commands). Geolocation batched client-side via ip-api.com POST /batch. All IP blocks persisted in dashboard-blocked.json. AbuseIPDB/VirusTotal reputation lookups available via configured API keys.
1) Cron runs scan-logs.php every minute → tails 6000 lines from Apache/Nginx + auth.log → parse_line() extracts IP/path/UA/date. 2) Real-IP extracted from Cloudflare headers if private IP detected. 3) Each path tested against 22 SENSITIVE patterns (→ sensitive_probes++, score+=5); each UA against 16 SCRAPING patterns (→ suspicious_uas++, score+=2); SSH failures scored by attempt count. 4) IPs aggregated by IP key; sorted by score; top 30 retained. 5) Custom rules.json patterns matched against sample_messages (hits++). 6) Fail2ban jails extracted; dashboard-blocked.json merged; alerts deduplicated. 7) live-data.json written atomically. 8) Dashboard loads JSON → renders KPIs + charts. 9) Browser batches mapIps to ip-api.com → Leaflet markers placed. 10) User clicks 'Block IP' → ip_action.php → fail2ban banip (verify) → UFW (fallback) → iptables DROP (fallback) → persisted in dashboard-blocked.json → audit logged. 11) 'Refresh' → SSE force_fetch.php → streams progress events → page reload on completion.
Advanced DNS-bypass utility for website migration previews using cURL CURLOPT_RESOLVE with dual-layer server-side + client-side URL rewriting.
Monolithic single-file PHP application containing all proxy logic, URL rewriting, JS injection, input validation, and database logging in index.php (42KB). Core flow: user submits domain + IP → sanitizeDomain() + sanitizeIp() validate inputs → performProxyRequest() builds cURL handle with CURLOPT_RESOLVE to bypass DNS → target server responds → rewriteUrls() regex-transforms all discovered URLs to route through the proxy → client-side JS injected for dynamic resources → response delivered to browser with Content-Type relayed. Database logs via logPreviewRequest() using PDO. Client IP detected via getClientIp() checking HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, and REMOTE_ADDR.
1) User submits domain + target IP. 2) sanitizeDomain() strips protocol/path, validates regex. 3) sanitizeIp() validates IP, extracts optional port. 4) performProxyRequest() builds cURL with CURLOPT_RESOLVE=[domain:port:ip], sets Host header, User-Agent, Accept. 5) cURL fetches page from target IP (bypassing DNS). 6) rewriteUrls() transforms all URLs (href, src, action, url()) to proxy format. 7) Client-side JS injected before </head> (with fallback injection points). 8) Injected JS: MutationObserver watches DOM, intercepts Fetch/XHR, overrides Image constructor, handles lazy-load attrs. 9) logPreviewRequest() records preview to MySQL. 10) Subsequent resource loads loop back through proxy.
Smart debt-management platform with automated credit checks, invoicing, reminders, and multi-channel payment collection.
Bilingual interview assessment platform with secure candidate links, timed exams, automatic scoring, and HR administration.
Advanced URL shortener with deep geographic, device, browser, OS, and time-based click analytics, plus CSV export and role-scoped multi-company access.
OOP three-tier architecture: Database singleton (classes/Database.php) for PDO connection pooling → business logic classes (Link, Analytics, User) → REST API endpoints (api/) returning JSON. URL shortening engine generates random short_code in Link class with existence checking. Click tracking triggered synchronously in redirect.php: IP extracted from proxy headers → User-Agent parsed via regex → GeoIP resolved → click INSERT → 301 redirect. Analytics pipeline uses SQL GROUP BY with DATE()/HOUR() binning, COUNT(DISTINCT ip_address) for unique visitors, zero-fill via PHP array merge. Pre-aggregated SQL VIEWs (link_stats, daily_clicks, hourly_clicks, country_clicks) for common queries. Frontend loads chart data asynchronously via jQuery AJAX, Chart.js renders with 30-second auto-refresh. .htaccess blocks direct access to /config/, /classes/, /includes/, /database/ directories.
1) POST /api/links.php (create) → URL validated → 6-char code generated (up to 50 retries) → stored in links table. 2) Browser requests /{short_code} → .htaccess rewrites to redirect.php?code=short_code. 3) redirect.php: resolve short_code → check expires_at → malicious URL check → extract client IP (proxy headers) → parse User-Agent (device/browser/OS regex) → GeoIP lookup → INSERT into clicks → 301 redirect to original_url. 4) Dashboard: jQuery AJAX polls /api/analytics.php every 30 seconds → GROUP BY queries return JSON → Chart.js renders visualizations. 5) CSV export: POST /api/analytics.php (action=export) → Analytics::exportData() joins links+clicks → fputcsv() streams file → temp file unlinked.
Nutrition-clinic management platform for patient profiles, treatment plans, follow-ups, progress analytics, and reports.
High-end dental portal with an AI-powered smile simulation engine using Google Gemini 2.5 Flash Image for photorealistic treatment previews.
Single-page PHP/HTML5 application with two backend PHP API endpoints. Frontend: vanilla JavaScript + jQuery AJAX, Bootstrap 5.3.2, Font Awesome 6.5.1. Backend proxy api/simulate.php receives base64 image + treatment type, constructs Gemini API payload with inlineData content, calls Google's API via cURL (120s timeout), extracts base64 result from candidates[0].content.parts, returns JSON response. Configuration from api/config.php reads .env with quote-stripping parser. No persistent database — stateless per-request architecture.
1) Patient uploads photo via drag-drop or file input. 2) FileReader API converts to base64 data URL in browser. 3) User selects treatment from #treatmentSelect. 4) callGeminiAPI() POSTs {image: 'data:image/jpeg;base64,...', treatment: 'Teeth Whitening'} to api/simulate.php. 5) PHP validates API key from .env. 6) cURL POSTs to Gemini API with inlineData (base64 + mimeType) and structured clinical prompt. 7) Gemini returns candidates[0].content.parts with generated image inlineData. 8) PHP extracts base64 result → returns {success: true, resultImage: 'data:image/png;base64,...'}. 9) Frontend displays result → enables download → CTA links to appointment booking.
Bilingual medical-network platform connecting patients with 1,300+ verified providers and healthcare discounts of up to 50%.
Professional legal learning platform with OTP access, live lecture states, expert profiles, and interactive discussions.
Modern flower e-commerce platform with live inventory, secure checkout, customer reviews, and an administration dashboard.
Luxury fragrance e-commerce platform with advanced discovery, live cart updates, order tracking, reviews, and inventory administration.