QrGate – Event Ticketing

ABOUT

What is QrGate?

QrGate is a web-based event management and ticketing system built for real-world use. Combining a Python backend with a PHP frontend, it handles the entire lifecycle of an event — from selling tickets online and at the door, to validating entry via QR code scan, to tracking sales and statistics in an admin dashboard.

Originally developed for and actively deployed at Helenenbühne Sattledt, a local theater group in Austria, QrGate has proven itself in a real production environment. It's open source under the MIT license, fully self-hostable, and designed for any event organizer who needs a reliable ticketing solution without depending on third-party platforms.

FEATURES

What QrGate Offers

Ticket Sales & Payment

Sell tickets directly through the integrated shop — online via Stripe or cash at the door. Tickets are automatically generated as PDFs and sent to buyers via email.

QR Code Check-In

Scan-based entry validation directly in the mobile browser. Instant feedback — valid, invalid, or already used.

Admin Dashboard

Configure shows, manage dates and images, view sales metrics and graphical statistics — all in one place.

Multi-language & Responsive

Available in German and English out of the box. The full interface is responsive and works across desktop, tablet, and mobile — no app install required for any role.

USER ROLES

Role-based Access

Admin

Full access to all features — event configuration, user management, sales reports, ticket creation, and system settings.

Ticketflow

Handles ticket sales and management. Can create, issue, and view tickets — ideal for box office staff at the venue.

Handheld

Mobile-first role for door staff. Just open the browser, scan the QR code, and get instant entry validation — no app needed.

SECURITY

Built with Security in Mind

Defense in Depth

QrGate takes security seriously at every layer. All forms are protected against CSRF attacks, and user inputs are sanitized to prevent XSS. All backend communication requires API key authorization — the Python backend and PHP frontend are decoupled and independently secured. Sessions are managed server-side with proper authentication and automatic cleanup.

Role-based Access Control

Three hierarchical access tiers ensure each user only accesses what they need — Admin, Ticketflow, and Handheld roles are strictly enforced at the backend.

Decoupled Architecture

The Python backend exposes a REST API with API key headers. The PHP frontend acts as a client — backend and frontend are independently deployable and secured.

TECHNOLOGY

Tech Stack

Backend

Python 3.7+ Quart quart-cors ReportLab qrcode

Frontend

PHP 7.4+ Composer cURL

Infrastructure

Apache / Nginx SMTP Email Stripe API Self-hostable

API

Core API Endpoints

POST /api/ticket/create

POST /api/ticket/validate

GET /api/show/get

POST /api/show/edit

GET /api/stats

GET /codes/pdf

INSTALLATION

Get Started with QrGate

Backend Setup

Clone the repository and install Python dependencies:

git clone https://github.com/rwolf2467/qr_gate.git
cd qr_gate/backend
pip install quart quart-cors reportlab qrcode reds_simple_logger
python app.py

Frontend Setup

cd qr_gate/frontend
composer install

Configure frontend/config.php with your backend URL and credentials, then deploy to any PHP-capable web server (Apache, Nginx, XAMPP, LAMP).

Configuration

Both config files need to be set up with:

API endpoint & secret key
SMTP server for email delivery
Stripe API credentials
Event details & ticket pricing

LICENSE

Open Source License

MIT License

QrGate is licensed under the MIT License. Free to use, modify, and distribute — even in commercial projects.

LINKS

Quick Links

GitHub

Source code, issues, and contributions:

github.com/rwolf2467/qr_gate ↗

Status

Check uptime and service status:

status.avocloud.net ↗

Back to Avocloud.net