QSmart — Smart Queue System

A comprehensive scheduling and queue management platform that digitizes the entire customer service lifecycle — from joining a queue to completing service — with real-time visibility for both customers and organizations.

Explore Features Back to App

Intelligent Queue Management

The core engine that handles the full lifecycle of customer queues — from joining to service completion — with priority-based ordering and real-time status tracking.

Priority-Based Queuing

Four priority levels — Urgent, High, Normal, and Low. Urgent entries are automatically placed at the front of the queue. The engine calculates optimal positioning so high-priority customers are served faster without starving lower-priority ones.

Real-Time Queue Updates

Queue data refreshes automatically using polling mechanisms. Customers see their live position and estimated wait time. Staff dashboards update instantly when entries are called, completed, or cancelled.

Complete Status Workflow

Queue entries move through a full lifecycle: Waiting → Called → In Progress → Completed. Staff can also mark entries as No-Show or Cancelled. Each transition is timestamped for audit and analytics.

Auto Queue Number Generation

Each entry receives a unique queue number automatically generated per organization and date. Customers see this number prominently in their dashboard and can track their position in real time.

Estimated Wait Time

The system calculates approximate wait times based on queue position, service duration estimates, and historical data. Customers are shown the estimated time until they will be served.

Guest & Registered User Support

Both registered users and anonymous guests can join queues. Guests provide a name, phone, and email. Registered users' data is linked to their account for history tracking and notifications.

Scheduling & Calendar

A full appointment scheduling module built on FullCalendar, allowing organizations to offer time-slot-based booking alongside walk-in queue management.

FullCalendar Integration

Professional-grade calendar interface with multiple views: Month, Week, Day, and Agenda. Color-coded events by priority and status provide instant visual context.

Drag & Drop Rescheduling

Move appointments by dragging events on the calendar. The system automatically checks for conflicts and updates related queue entries when an appointment is rescheduled.

Conflict Detection

The system prevents double-booking by checking existing appointments before confirming a new one. Time slots that are already taken are visually marked as unavailable.

Smart Time Slot Management

Available time slots are calculated based on organization business hours, existing bookings, and service duration. The system dynamically generates free slots for each date and service.

Business Hours Configuration

Organizations set operating hours per day of the week, define available days, and configure timezone. The scheduler respects these constraints when showing open slots.

Timezone Awareness

Each organization has its own timezone setting. When a customer's local timezone differs, the system shows both times and a warning so appointments aren't booked at the wrong hour.

Organization Management

Multi-tenant architecture where each organization operates in its own isolated context with services, staff, schedules, and subscription plans.

Multi-Tenant Architecture

A single deployment serves unlimited organizations. Each organization has its own services, queues, staff, and settings — fully isolated from one another.

Service Management

Admins define services with names, descriptions, estimated durations, prices, max queue sizes, and whether an appointment is required. Services can be toggled active/inactive or deleted.

Staff & Role Assignment

Users are assigned to organizations with specific roles (admin or staff) via a many-to-many relationship. A single user can belong to multiple organizations with different roles in each.

Availability & Business Hours

Configure which days of the week the organization is open, set per-day open/close times, and specify a timezone. Closed days block queue joins and slot booking automatically.

SEO-Friendly URLs

Organization pages use clean slug-based URLs (e.g., /organization/42-city-clinic) powered by Apache mod_rewrite, improving discoverability and shareability.

Categories & Types

Organizations are categorized by type (healthcare, government, retail, etc.) with configurable icons and colors. Categories help customers find relevant organizations quickly.

User & Authentication

Complete user lifecycle management with registration, email verification, password reset, and role-based access control.

Registration with Organization

Users can register as individual customers or as organization owners. When registering as a business, the organization is created in the same transaction with the user assigned as admin.

Email Verification

New accounts receive a verification email with a secure token. Users cannot log in until their email is verified. Resend verification is available if the original expires.

Password Reset Flow

Forgot-password flow sends a time-limited token via email. Users click the link, enter a new password, and the token is invalidated after use to prevent replay.

Role-Based Access Control

Four roles — Superadmin, Organization Admin, Moderator, and End User — each with specific permission sets. Superadmins have unrestricted access; other roles are scoped to their organizations.

Privacy & Consent Management

Users must accept the privacy policy at registration. Optional data analytics consent is tracked separately. Consent status is stored per user and can be updated later.

Personalized Dashboard

Each role sees a tailored dashboard. End users see their active queues and history with ETA. Admins see organization cards with queue stats, QR codes, and management tools.

Security

Multi-layered security protecting against common web attacks including CSRF, brute-force, session hijacking, and SQL injection.

CSRF Protection

Every form includes a cryptographically random CSRF token validated on submission. Tokens are rotated after each successful validation to prevent replay attacks. JSON API requests are exempt (they use separate auth).

Brute-Force Protection

Login attempts are tracked by IP address and email. After 5 failed attempts within 15 minutes, the account is temporarily locked out. Users see remaining attempts as a warning before lockout kicks in.

Secure Session Management

Sessions use HttpOnly, Secure, and SameSite=Lax cookies. Session IDs regenerate every 5 minutes and on login. A 30-minute inactivity timeout destroys idle sessions. Sessions are bound to IP and User-Agent to detect hijacking.

SQL Injection Prevention

All database queries use PDO prepared statements with parameterized queries. Emulated prepares are disabled, ensuring the database driver handles parameter binding natively.

XSS Prevention

All user-generated content is escaped with htmlspecialchars() before rendering. Form inputs are sanitized and trimmed on the server side before processing or storage.

Password Security

Passwords are hashed using password_hash() with the bcrypt algorithm (PASSWORD_DEFAULT). Raw passwords are never stored. Minimum length of 6 characters is enforced at registration and reset.

Notifications & Alerts

Multi-channel notification system ensuring customers never miss their turn — whether the app is open, in the background, or closed.

Firebase Cloud Messaging (FCM)

Push notifications delivered via FCM for users who have the app closed or in the background. Device tokens are registered per user and stored for targeted delivery.

Real-Time In-App Polling

For users actively browsing, the realtime_notifications table provides instant in-app alerts via polling. Unread notifications are marked and cleared after acknowledgement.

Email Notifications (SMTP)

Transactional emails for account verification, password resets, and appointment confirmations are sent via SMTP through PHPMailer with SSL encryption.

Queue Called Alert

When staff calls a customer, the system triggers a push notification, an in-app real-time notification, and logs the event — ensuring the customer is reached through at least one channel.

Device Token Management

The API registers and manages FCM device tokens per user. Tokens can be refreshed, and stale tokens are cleaned up to maintain delivery reliability.

Notification Streaming API

Dedicated API endpoints for checking, streaming, and managing notifications allow integration with external clients and the Android app.

QR Code Integration

Bridges physical and digital queue management — customers scan a QR code at a physical location and join the queue instantly from their phone.

QR Code Generation

Admins generate a unique QR code per organization that links directly to the queue join page. QR codes can be downloaded as PNG images or printed for display at service counters.

Built-In QR Scanner

A browser-based QR scanner page uses the device camera (with automatic back-camera preference) to scan organization QR codes. Works on both mobile and desktop.

Manual Entry Fallback

If camera scanning isn't available, users can manually enter a QR code URL or organization identifier to navigate to the correct queue page.

Analytics & Reporting

Data-driven insights for organization admins and moderators to optimize operations, identify bottlenecks, and improve service quality.

Real-Time Dashboard Metrics

Live statistics including total customers served, average wait time, customer satisfaction score, and operational efficiency percentage — updated continuously.

Queue Activity Charts

Interactive Chart.js visualizations showing queue activity over time, daily trends, and weekly patterns. Filterable by date range and organization.

Service Distribution

Pie charts and progress bars showing which services are most used, helping organizations allocate resources and staff to high-demand areas.

Peak Hours Analysis

Identifies the busiest time slots so organizations can optimize staffing. Peak hours are ranked by traffic level (High, Medium, Low).

Date Range Filtering

All analytics can be filtered by custom date ranges. Organization selector lets multi-org admins switch context between their organizations.

Export Reports

Analytics data can be exported for offline analysis and reporting, enabling organizations to share performance data with stakeholders.

Payments & Subscriptions

Full Stripe integration for subscription billing and marketplace-style payments with platform fees via Stripe Connect.

Stripe Checkout

Paid subscription plans redirect to Stripe Checkout for secure payment processing. Success and cancellation URLs bring users back to the pricing page with status feedback.

Stripe Connect

Marketplace-style payments where a configurable platform fee (default 5%) is applied to each transaction. Organizations connect their own Stripe accounts to receive direct payouts.

Subscription Tiers

Multiple plans: Pay-As-You-Go (per-queue pricing), Standard (monthly with higher limits), and Enterprise (custom). Each tier unlocks different queue limits, analytics depth, API access, and support levels.

Plan Switching

Admins can upgrade or downgrade subscription plans. Changes are logged in a subscription history table with timestamps and the user who made the change.

Usage Tracking & Limits

Monthly queue creation is tracked against the plan's limit. The system checks remaining capacity before allowing new queue entries, ensuring organizations stay within their plan.

Stripe Webhooks

A dedicated webhook endpoint processes Stripe events (payment success, subscription updates, etc.) to keep the local subscription state synchronized with Stripe.

Feedback System

Detailed post-service feedback with multi-dimensional ratings, comments, and recommendation tracking.

Multi-Dimensional Ratings

Five separate rating categories: Overall, Wait Time, Service Quality, Staff Friendliness, and Overall Experience. Each rated 1–5 stars for granular feedback.

Comments & Suggestions

Free-text fields for detailed comments and improvement suggestions. Organizations can review this qualitative feedback alongside quantitative ratings.

Anonymous Submission

Users can submit feedback anonymously. A "Would Recommend" checkbox captures Net Promoter-style data. Duplicate feedback prevention ensures one review per queue entry.

Multi-Language (i18n)

Full internationalization with dynamic language switching, RTL support, and browser-based language detection.

Four Supported Languages

English, Spanish (Español), French (Français), and Arabic (العربية) with full translations stored in JSON files. Adding a new language requires only a new JSON file.

RTL Support

Arabic and other RTL languages are fully supported. The layout automatically switches direction, and Bootstrap RTL CSS is loaded when an RTL locale is active.

Smart Language Detection

Priority chain: URL parameter → session → cookie → browser Accept-Language header → default English. Language choice persists across sessions via cookie.

Superadmin Panel

Full platform administration for superadmins — manage users, organizations, queues, categories, API keys, and system settings from one interface.

User Management

Create, edit, delete, and toggle user accounts. Assign roles, update passwords, link users to organizations, and view email verification status — all from one tabbed interface.

Organization Management

Create, edit, activate/deactivate, and permanently delete organizations. Manage services, assign users, change subscription plans, and generate QR codes.

Queue Administration

View all queue entries across the platform. Update queue statuses, delete entries, and monitor queue activity in real time with AJAX-powered updates.

Category Management

Create and manage organization categories with custom names, descriptions, icons (Font Awesome), and colors. Toggle categories active/inactive.

API Key Management

Generate, view, and revoke API keys. Keys support different types (live, webhook), optional expiry, per-organization scoping, and JSON-based permission sets. Usage stats are tracked.

System Statistics

At-a-glance counters for total users, organizations, queue entries, and categories. Provides a high-level health view of the entire platform.

REST API

A comprehensive API layer exposing queue management, scheduling, notifications, organization data, and payment flows for external integrations.

Scheduler API

Full CRUD for appointments, queue management (add, remove, move), calendar event retrieval, available slot calculation, service types, and statistics.

Queue API

Endpoints for joining queues, checking position, retrieving queue data by organization, and updating entry statuses — used by both the web frontend and Android app.

Notification API

Register device tokens, send push notifications, check for new notifications, and stream notification updates. Powers the real-time alert system.

Organization API

External API for organization data retrieval, enabling third-party integrations and custom frontends to access organization and service information.

Payment APIs

Stripe Checkout session creation, Stripe Connect OAuth flow for organization onboarding, and webhook processing for payment event handling.

API Authentication

API keys with configurable permissions, organization scoping, and expiry dates. Usage is tracked with last-used timestamps for security auditing.

Mobile Experience

Responsive web interface optimized for all devices, plus a dedicated mobile web app and a native Android application.

Responsive Design

Bootstrap-powered layout adapts to desktop, tablet, and mobile screens. Touch-friendly controls for drag-and-drop and calendar interactions on smaller devices.

Mobile Web App

A dedicated mobile-optimized web interface at /mobile/ with streamlined pages for login, registration, dashboard, QR scanning, and the scheduler.

Native Android App

A Kotlin-based Android application with native UI, push notification support via FCM, and API integration for queue management and scheduling on the go.

Technology Stack

Built with proven, production-ready technologies across backend, frontend, database, and infrastructure layers.

PHP 7.4+

Class-based backend architecture with dedicated domain classes (User, Queue, Organization, Service, Scheduler, etc.).

MySQL + PDO

Relational database with prepared statements, transactions, and indexed columns for fast query performance.

JavaScript + Chart.js

Dynamic frontend with FullCalendar for scheduling, Chart.js for analytics visualizations, and AJAX for real-time updates.

Bootstrap 5

Responsive layout with RTL support, form components, modals, tabs, and a consistent design system.

Firebase

Cloud Messaging (FCM) for push notifications and VAPID-based web push with service worker integration.

Stripe

Payment processing with Checkout, Connect for marketplace payments, and webhook handling for event sync.

Apache + mod_rewrite

Clean URL routing via .htaccess with support for SEO-friendly slugs and mobile sub-app routing.

Kotlin (Android)

Native Android app with Gradle build system, Material Design, and FCM push notification integration.