fix: Address remaining CodeRabbit review comments

- Fix invalid jq string filter syntax (missing quotes around interpolation) - Add environment validation job in deploy.yml for workflow_call input - Add fork detection guard in deploy-pr.yml to prevent fork PR deployments Fixes: - deploy.yml:183-184 - jq filter syntax error - deploy.yml:31 - unvalidated environment input in reusable workflow - deploy-pr.yml:5 - fork PR deployments blocked by pull_request_review restrictions - deploy-pr.yml:168-200 - jq filter syntax errors
fix(docker): enable .htaccess and set proper file permissions
2026-05-25 16:54:58 -04:00 · 2026-05-15 09:57:03 +02:00 · 2026-05-12 19:48:23 +02:00 · 2026-05-12 17:49:56 +02:00 · 2026-05-12 17:47:36 +02:00 · 2026-05-12 17:47:36 +02:00
1447 changed files with 90403 additions and 78900 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,23 +1,56 @@
-node_modules
-tmp
+# Version control
+.git
+.gitignore
+
+# Sensitive config (user may mount their own)
 app/Config/Email.php
+
+# Build artifacts
+node_modules/
+dist/
+tmp/
 *.patch
 patches/
+
+# IDE and editor files
 .idea/
-git-svn-diff.py
-*.bash
+.vscode/
 .swp
+*.swp
 .buildpath
 .project
-.settings/*
-.git
-dist/
-node_modules/
-*.swp
+.settings/
+
+# Development tools and configs
+tests/
+phpunit.xml
+.php-cs-fixer.*
+phpstan.neon
+*.bash
+git-svn-diff.py
+
+# Documentation
+*.md
+!LICENSE
+branding/
+
+# Build configs (not needed at runtime)
+composer.json
+composer.lock
+package.json
+package-lock.json
+gulpfile.js
+.env.example
+.dockerignore
+
+# Temporary and backup files
 *.rej
 *.orig
 *~
 *.~
 *.log
-app/writable/session/*
-!app/writable/session/index.html
+
+# CI
+.github/
+.github/workflows/
+build/
--- a/.env-example
+++ b/.env-example
@@ -1,63 +0,0 @@
-#--------------------------------------------------------------------
-# ENVIRONMENT
-#--------------------------------------------------------------------
-
-CI_ENVIRONMENT = production
-
-#--------------------------------------------------------------------
-# DATABASE
-#--------------------------------------------------------------------
-
-database.default.hostname = 'localhost'
-database.default.database = 'ospos'
-database.default.username = 'admin'
-database.default.password = 'pointofsale'
-database.default.DBDriver = 'MySQLi'
-database.default.DBPrefix = 'ospos_'
-
-database.development.hostname = 'localhost'
-database.development.database = 'ospos'
-database.development.username = 'admin'
-database.development.password = 'pointofsale'
-database.development.DBDriver = 'MySQLi'
-database.development.DBPrefix = 'ospos_'
-
-database.tests.hostname = 'localhost'
-database.tests.database = 'ospos'
-database.tests.username = 'admin'
-database.tests.password = 'pointofsale'
-database.tests.DBDriver = 'MySQLi'
-database.tests.DBPrefix = 'ospos_'
-
-#--------------------------------------------------------------------
-# ENCRYPTION
-#--------------------------------------------------------------------
-
-encryption.key = ''
-
-#--------------------------------------------------------------------
-# LOGGER
-# - 0 = Disables logging, Error logging TURNED OFF
-# - 1 = Emergency Messages - System is unusable
-# - 2 = Alert Messages - Action Must Be Taken Immediately
-# - 3 = Critical Messages - Application component unavailable, unexpected exception.
-# - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
-# - 5 = Warnings - Exceptional occurrences that are not errors.
-# - 6 = Notices - Normal but significant events.
-# - 7 = Info - Interesting events, like user logging in, etc.
-# - 8 = Debug - Detailed debug information.
-# - 9 = All Messages
-#--------------------------------------------------------------------
-
-logger.threshold = 0
-app.db_log_enabled = false
-
-#--------------------------------------------------------------------
-# HONEYPOT
-#--------------------------------------------------------------------
-
-honeypot.hidden = true
-honeypot.label = 'Fill This Field'
-honeypot.name = 'honeypot'
-honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
-honeypot.container = '<div style="display:none">{template}</div>'
--- a/.env.example
+++ b/.env.example
@@ -3,13 +3,24 @@
 #--------------------------------------------------------------------

 CI_ENVIRONMENT = production
-CI_DEBUG = false

 #--------------------------------------------------------------------
-# APP
+# SECURITY: ALLOWED HOSTNAMES
 #--------------------------------------------------------------------
-
-app.appTimezone = 'UTC'
+# CRITICAL: Whitelist of allowed hostnames to prevent Host Header
+# Injection attacks (GHSA-jchf-7hr6-h4f3).
+#
+# REQUIRED IN PRODUCTION: Application will fail to start if not configured.
+# In development, falls back to 'localhost' with an error log.
+#
+# Configure with comma-separated list of domains/subdomains:
+#   app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
+#
+# For local development:
+#   app.allowedHostnames = 'localhost'
+#
+# Note: Do not include protocol (http/https) or port numbers.
+app.allowedHostnames = ''

 #--------------------------------------------------------------------
 # DATABASE
@@ -21,7 +32,6 @@ database.default.username = 'admin'
 database.default.password = 'pointofsale'
 database.default.DBDriver = 'MySQLi'
 database.default.DBPrefix = 'ospos_'
-database.default.port = 3306

 database.development.hostname = 'localhost'
 database.development.database = 'ospos'
@@ -29,7 +39,6 @@ database.development.username = 'admin'
 database.development.password = 'pointofsale'
 database.development.DBDriver = 'MySQLi'
 database.development.DBPrefix = 'ospos_'
-database.development.port = 3306

 database.tests.hostname = 'localhost'
 database.tests.database = 'ospos'
@@ -37,20 +46,6 @@ database.tests.username = 'admin'
 database.tests.password = 'pointofsale'
 database.tests.DBDriver = 'MySQLi'
 database.tests.DBPrefix = 'ospos_'
-database.tests.charset = utf8mb4
-database.tests.DBCollat = utf8mb4_general_ci
-database.tests.port = 3306
-
-#--------------------------------------------------------------------
-# EMAIL
-#--------------------------------------------------------------------
-
-email.SMTPHost = ''
-email.SMTPUser = ''
-email.SMTPPass = ''
-email.SMTPPort =
-email.SMTPTimeout = 5
-email.SMTPCrypto = 'tls'

 #--------------------------------------------------------------------
 # ENCRYPTION
@@ -58,16 +53,6 @@ email.SMTPCrypto = 'tls'

 encryption.key = ''

-#--------------------------------------------------------------------
-# HONEYPOT
-#--------------------------------------------------------------------
-
-honeypot.hidden = true
-honeypot.label = 'Fill This Field'
-honeypot.name = 'honeypot'
-honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
-honeypot.container = '<div style="display:none">{template}</div>'
-
 #--------------------------------------------------------------------
 # LOGGER
 # - 0 = Disables logging, Error logging TURNED OFF
@@ -84,4 +69,13 @@ honeypot.container = '<div style="display:none">{template}</div>'

 logger.threshold = 0
 app.db_log_enabled = false
-app.db_log_only_long = false
+
+#--------------------------------------------------------------------
+# HONEYPOT
+#--------------------------------------------------------------------
+
+honeypot.hidden = true
+honeypot.label = 'Fill This Field'
+honeypot.name = 'honeypot'
+honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
+honeypot.container = '<div style="display:none">{template}</div>'
--- a/.github/ISSUE_TEMPLATE/bug
+++ b/.github/ISSUE_TEMPLATE/bug
@@ -1,119 +1,187 @@
-name: Bug Report
-description: File a bug report
-title: "[Bug]: "
-labels: ["bug", "triage"]
-projects: ["ospos/3", "ospos/4"]
-assignees:
-  - none
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Bug reports indicate that something is not working as intended. 
-        Please include as much detail as possible and submit a separate bug report for each problem.
-        Do not include personal identifying information such as email addresses or encryption keys.           
-  - type: textarea
-    id: bug-description
-    attributes:
-      label: Bug Description?
-      description: Describe the problem that you are seeing
-      placeholder: "Describe the problem that you are seeing"
-    validations:
-      required: true 
-  - type: textarea
-    id: steps-reproduce
-    attributes:
-      label: Steps to Reproduce?
-      description: List the steps to reproduce this issue
-      placeholder: "Steps to Reproduce"
-    validations:
-      required: true
-  - type: textarea
-    id: expected-behavior
-    attributes:
-      label: Expected Behavior?
-      description: Tell us what did you expect to happen?
-      placeholder: "Expected Behavior"
-    validations:
-      required: true    
-  - type: dropdown
-    id: ospos-version
-    attributes:
-      label: OpensourcePOS Version
-      description: What version of our software are you running?
-      options:
-        - opensourcepos 3.3.9
-        - opensourcepos 3.3.8
-        - opensourcepos 3.3.7
-        - development (unreleased)
-      default: 0
-    validations:
-      required: true
-  - type: dropdown
-    id: php-version
-    attributes:
-      label: Php version
-      description: What version of Php?
-      options:
-        - Php 7.2
-        - Php 7.3
-        - Php 7.4
-        - Php 8.1 
-        - Php 8.2
-        - Php 8.3
-        - Php 8.4
-      default: 0
-    validations:
-      required: true 
-  - type: dropdown
-    id: browsers
-    attributes:
-      label: What browsers are you seeing the problem on?
-      multiple: true
-      options:
-        - Firefox
-        - Chrome
-        - Safari
-        - Microsoft Edge
-        - Other
-  - type: input
-    id: server
-    attributes:
-      label: Server Operating System and version
-      description: "Server Operating System "
-      placeholder: "Server Operating System "
-    validations:
-      required: true  
-  - type: input
-    id: database
-    attributes:
-      label: Database Management System and version
-      description: "Database Management System"
-      placeholder: "Database Management"
-    validations:
-      required: true   
-  - type: input
-    id: webserver
-    attributes:
-      label: Web Server and version
-      description: "Web Server and version "
-      placeholder: "Web Server and version "
-    validations:
-      required: true    
-  - type: textarea
-    id: servers
-    attributes:
-      label: System Information Report (optional)
-      description: Copy and paste from OSPOS > Configuration > Setup & Conf > Setup & Conf?
-      placeholder: System Information Report
-      value: "System Information Report"
-    validations:
-      required: true  
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Unmodified copy of OpensourcePOS
-      description: By submitting this issue you agree this copy has not been modified
-      options:
-        - label: I agree this copy has not been modified
-          required: true
+name: 🐛 Bug Report
+description: File a bug report to help us improve
+title: "[Bug]: "
+labels: ["bug", "triage"]
+projects: ["ospos/3", "ospos/4"]
+assignees: []
+body:
+  # ─────────────────────────────────────────────────────────────────────────────
+  # INTRODUCTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: markdown
+    attributes:
+      value: |
+        ## Thanks for taking the time to fill out this bug report! 🐜
+
+        Bug reports help us identify and fix issues. Please provide as much detail as possible.
+
+        > ⚠️ **Important:** Submit a separate bug report for each problem you encounter.
+        >
+        > 🚫 Do not include personal identifying information such as email addresses or encryption keys.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # PROBLEM DESCRIPTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: 🐛 Bug Description
+      description: A clear and concise description of what the bug is.
+      placeholder: |
+        Example: When I try to print a receipt, the application crashes
+        with an error message saying "Unable to connect to printer".
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-reproduce
+    attributes:
+      label: 📋 Steps to Reproduce
+      description: Detailed steps to reproduce the behavior.
+      placeholder: |
+        1. Go to '...'
+        2. Click on '...'
+        3. Scroll down to '...'
+        4. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: ✅ Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+      placeholder: |
+        Example: The receipt should print successfully without any errors.
+    validations:
+      required: true
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ENVIRONMENT DETAILS
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: 📦 OpenSourcePOS Version
+      description: What version of our software are you running?
+      options:
+        - development (unreleased)
+        - OpenSourcePOS 3.4.2
+        - OpenSourcePOS 3.4.1
+        - OpenSourcePOS 3.4.0
+        - OpenSourcePOS 3.3.9
+        - OpenSourcePOS 3.3.8
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: php-version
+    attributes:
+      label: 🔧 PHP Version
+      description: What version of PHP are you running?
+      options:
+        - PHP 8.4
+        - PHP 8.3
+        - PHP 8.2
+        - PHP 8.1
+        - PHP 7.4
+        - Other
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: 🌐 Browser(s)
+      description: What browser(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+        - Other
+
+  - type: input
+    id: server
+    attributes:
+      label: 🖥️ Server Operating System
+      description: What server OS and version are you running?
+      placeholder: "e.g., Ubuntu 22.04, CentOS 7, Windows Server 2022"
+    validations:
+      required: true
+
+  - type: input
+    id: database
+    attributes:
+      label: 🗄️ Database
+      description: What database management system and version are you using?
+      placeholder: "e.g., MySQL 8.0, MariaDB 10.11, Percona 8.0"
+    validations:
+      required: true
+
+  - type: input
+    id: webserver
+    attributes:
+      label: 🌍 Web Server
+      description: What web server and version are you using?
+      placeholder: "e.g., Apache 2.4, Nginx 1.24, Caddy 2.7"
+    validations:
+      required: true
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ADDITIONAL INFORMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: system-info
+    attributes:
+      label: 📊 System Information Report
+      description: |
+        Copy and paste the system information from OSPOS:
+
+        **Navigation:** Configuration → Setup & Conf → System Info
+      placeholder: |
+        Paste the System Information Report here...
+      render: text
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: 📜 Relevant Log Output
+      description: |
+        Please copy and paste any relevant log output.
+
+        **Log locations:**
+        - OSPOS logs: `writable/logs/`
+        - Web server logs: `/var/log/apache2/` or `/var/log/nginx/`
+        - PHP logs: Check your `php.ini` for `error_log` location
+      placeholder: |
+        Paste log output here...
+      render: shell
+
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: 📸 Screenshots
+      description: If applicable, add screenshots to help explain your problem.
+      placeholder: Drag and drop images here...
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # CONFIRMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: ✓ Confirmation
+      description: Please confirm the following before submitting
+      options:
+        - label: I certify that this is an unmodified copy of OpenSourcePOS
+          required: true
+        - label: I have searched existing issues to ensure this bug has not already been reported
+          required: true
+        - label: I have provided all the information requested above
+          required: true
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -1,63 +1,136 @@
-name: ✨ Feature Request
-description: Suggest an idea for this project
-title: "[Feature]: "
-labels: ["enhancement"]
-assignees: ["none"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this feature request! 🤗
-        Please make sure this feature request hasn't been already submitted by someone by looking through other open/closed issues. 😃
-
-  - type: dropdown
-    attributes:
-      multiple: false
-      label: Type of Feature
-      description: Select the type of feature request.
-      options:
-        - "✨ New Feature"
-        - "📝 Documentation"
-        - "🎨 Style and UI"
-        - "🔨 Code Refactor"
-        - "⚡ Performance Improvements"
-        - "✅ New Test"
-    validations:
-      required: true
-      
-  - type: dropdown
-    id: ospos-version
-    attributes:
-      label: OpensourcePOS Version
-      description: What version of our software are you running?
-      options:
-        - opensourcepos 3.3.9
-        - opensourcepos 3.3.8
-        - opensourcepos 3.3.7
-      default: 0
-    validations:
-      required: true  
-
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: Give us a brief description of the feature or enhancement you would like
-    validations:
-      required: true
-
-  - type: textarea
-    id: additional-information
-    attributes:
-      label: Additional Information
-      description: Give us some additional information on the feature request like proposed solutions, links, screenshots, etc.
-      
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Verify you searched open requests in OpensourcePOS
-      description: By submitting this request you agree that you have searched Open Requests in the Tracker
-      options:
-        - label: I agree I have searched Open Requests
-          required: true 
- 
+name: ✨ Feature Request
+description: Suggest an idea or enhancement for this project
+title: "[Feature]: "
+labels: ["enhancement"]
+assignees: []
+body:
+  # ─────────────────────────────────────────────────────────────────────────────
+  # INTRODUCTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: markdown
+    attributes:
+      value: |
+        ## Thanks for suggesting a new feature! 💡
+        
+        We appreciate you taking the time to help improve OpenSourcePOS.
+        
+        > 📋 **Before submitting:** Please search [existing feature requests](https://github.com/opensourcepos/opensourcepos/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) to ensure your idea hasn't already been suggested.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # FEATURE DETAILS
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: dropdown
+    id: feature-type
+    attributes:
+      label: 🏷️ Feature Type
+      description: What type of feature are you requesting?
+      options:
+        - "✨ New Feature"
+        - "📝 Documentation Improvement"
+        - "🎨 UI/UX Enhancement"
+        - "🔨 Code Refactoring"
+        - "⚡ Performance Improvement"
+        - "✅ New Test Coverage"
+        - "🔌 Plugin/Integration"
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: 📦 OpenSourcePOS Version
+      description: What version are you currently running?
+      options:
+        - development (unreleased)
+        - OpenSourcePOS 3.4.2
+        - OpenSourcePOS 3.4.1
+        - OpenSourcePOS 3.4.0
+        - OpenSourcePOS 3.3.9
+        - OpenSourcePOS 3.3.8
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem-statement
+    attributes:
+      label: 🎯 Problem Statement
+      description: |
+        Is your feature request related to a problem? Please describe.
+        
+        A clear description of what the problem is. Ex: I'm always frustrated when [...]
+      placeholder: |
+        Example: I always have to manually calculate taxes for different regions, 
+        which is time-consuming and error-prone.
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposed-solution
+    attributes:
+      label: 💡 Proposed Solution
+      description: A clear and concise description of what you want to happen.
+      placeholder: |
+        Example: Add an automatic tax calculation feature that:
+        - Detects the customer's region
+        - Applies the correct tax rate
+        - Generates a tax report automatically
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: 🔄 Alternatives Considered
+      description: A clear description of any alternative solutions or features you've considered.
+      placeholder: |
+        Example: I considered using an external tax service, but it would be 
+        better to have this integrated directly into OpenSourcePOS.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ADDITIONAL INFORMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: 📎 Additional Context
+      description: |
+        Add any other context, screenshots, mockups, or references about the feature request here.
+        
+        **Helpful additions:**
+        - Links to similar features in other software
+        - Mockups or diagrams
+        - Code examples
+        - Documentation references
+      placeholder: |
+        Any other relevant information, links, or screenshots...
+
+  - type: textarea
+    id: acceptance-criteria
+    attributes:
+      label: ✅ Acceptance Criteria
+      description: |
+        (Optional) Define what "done" looks like for this feature.
+        
+        Format: **Given** [context], **When** [action], **Then** [outcome]
+      placeholder: |
+        Given a customer is selected from region X
+        When the sale is completed
+        Then the tax rate for region X is automatically applied
+        And the tax amount is correctly calculated
+        And a tax entry is logged in the report
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # CONFIRMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: ✓ Confirmation
+      description: Please confirm before submitting
+      options:
+        - label: I have searched existing feature requests to ensure this is not a duplicate
+          required: true
+        - label: I have provided a clear problem statement and proposed solution
+          required: true
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -0,0 +1,61 @@
+# GitHub Actions
+
+This document describes the CI/CD workflows for OSPOS.
+
+## Build and Release Workflow (`.github/workflows/build-release.yml`)
+
+### Build Process
+- Setup PHP 8.2 with required extensions
+- Setup Node.js 20
+- Install composer dependencies
+- Install npm dependencies
+- Build frontend assets with Gulp
+
+### Docker Images
+- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
+- On master: tagged with version and `latest`
+- On other branches: tagged with version only
+- Pushed to Docker Hub
+
+### Releases
+- Create distribution archives (tar.gz, zip)
+- Create/update GitHub "unstable" release on master branch only
+
+## Required Secrets
+
+To use this workflow, you need to add the following secrets to your repository:
+
+1. **DOCKER_USERNAME** - Docker Hub username for pushing images
+2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
+
+### How to add secrets
+
+1. Go to your repository on GitHub
+2. Click **Settings** → **Secrets and variables** → **Actions**
+3. Click **New repository secret**
+4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
+
+The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
+
+## Workflow Triggers
+
+- **Push to master** - Runs build, Docker push (with `latest` tag), and release
+- **Push to other branches** - Runs build and Docker push (version tag only)
+- **Push tags** - Runs build and Docker push (version tag only)
+- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
+
+## Existing Workflows
+
+This repository also has these workflows:
+- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
+- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
+- `.github/workflows/php-linter.yml` - PHP linting
+
+## Testing
+
+PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
+
+To test the build workflow:
+1. Add the required secrets
+2. Push to master or create a PR
+3. Monitor the Actions tab in GitHub
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -0,0 +1,214 @@
+name: Build and Release
+
+on:
+  push:
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      version-tag: ${{ steps.version.outputs.version-tag }}
+      short-sha: ${{ steps.version.outputs.short-sha }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.2'
+          extensions: intl, mbstring, mysqli, gd, bcmath, zip
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install composer dependencies
+        run: composer install --no-dev --optimize-autoloader
+
+      - name: Install npm dependencies
+        run: npm ci
+
+      - name: Install gulp globally
+        run: npm install -g gulp-cli
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///' | tr '/' '_')
+          TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '_')
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TAG: ${{ github.ref_name }}
+
+      - name: Create .env file
+        run: |
+          cp .env.example .env
+          sed -i 's/production/development/g' .env
+
+      - name: Update commit hash
+        run: |
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
+
+      - name: Build frontend assets
+        run: npm run build
+
+      - name: Create distribution archives
+        run: |
+          set -euo pipefail
+          gulp compress
+          VERSION="${{ steps.version.outputs.version }}"
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
+          mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-${{ steps.version.outputs.short-sha }}
+          path: dist/
+          retention-days: 7
+
+      - name: Upload build context for Docker
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-context-${{ steps.version.outputs.short-sha }}
+          path: |
+            .
+            !.git
+            !node_modules
+          retention-days: 1
+
+  docker:
+    name: Build Docker Image
+    runs-on: ubuntu-22.04
+    needs: build
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Download build context
+        uses: actions/download-artifact@v4
+        with:
+          name: build-context-${{ needs.build.outputs.short-sha }}
+          path: .
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Determine Docker tags
+        id: tags
+        run: |
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '_')
+          if [ "$BRANCH" = "master" ]; then
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:master" >> $GITHUB_OUTPUT
+          else
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          target: ospos
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.tags.outputs.tags }}
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-22.04
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-${{ needs.build.outputs.short-sha }}
+          path: dist/
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION="${{ needs.build.outputs.version }}"
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+
+      - name: Create/Update unstable release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: unstable
+          name: Unstable OpenSourcePOS
+          body: |
+            This is a build of the latest master which might contain bugs. Use at your own risk.
+            
+            Check the releases section for the latest official release.
+          files: |
+            dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
+          prerelease: true
+          draft: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,71 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '21 12 * * 3'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -0,0 +1,204 @@
+name: PR Deploy
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: staging-deploy
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  deployments: write
+  pull-requests: write
+
+jobs:
+  deploy-staging:
+    name: Deploy to staging
+    runs-on: ubuntu-latest
+    if: >
+      github.event.review.state == 'approved' &&
+      github.event.pull_request.head.repo.full_name == github.repository
+    
+    environment:
+      name: staging
+      url: ${{ vars.DEPLOY_URL || 'https://dev.opensourcepos.org' }}
+      deployment: false
+    
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      
+      - name: Get image tag
+        id: image
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          IMAGE_TAG="pr-${PR_NUMBER}-${PR_SHA:0:7}"
+          echo "tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT"
+      
+      - name: Create GitHub Deployment
+        id: deployment
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REF_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          set -euo pipefail
+          
+          DEPLOYMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/deployments" \
+            -X POST \
+            -f ref="${REF_SHA}" \
+            -f environment="staging" \
+            -f description="Deploy PR #${PR_NUMBER} to staging" \
+            -F auto_merge=false \
+            -F required_contexts[] \
+            --jq '.id')
+          
+          if [ -z "$DEPLOYMENT_ID" ]; then
+            echo "::error::Failed to create deployment"
+            exit 1
+          fi
+          
+          echo "deployment_id=$DEPLOYMENT_ID" >> "$GITHUB_OUTPUT"
+          echo "Created deployment: $DEPLOYMENT_ID"
+      
+      - name: Set deployment status to in_progress
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          
+          gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+            -X POST \
+            -f state="in_progress" \
+            -f description="Deploying PR #${PR_NUMBER}..." \
+            -f log_url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+      
+      - name: Trigger deployment webhook
+        id: webhook
+        env:
+          DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
+          DEPLOY_WEBHOOK_SECRET: ${{ secrets.DEPLOY_WEBHOOK_SECRET }}
+          DOCKER_REPO_NAME: ${{ secrets.DOCKER_REPO_NAME }}
+          IMAGE_TAG: ${{ steps.image.outputs.tag }}
+          REF_SHA: ${{ github.event.pull_request.head.sha }}
+          DEPLOYMENT_ID: ${{ steps.deployment.outputs.deployment_id }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          
+          if [ -z "$DEPLOY_WEBHOOK_URL" ]; then
+            echo "::error::DEPLOY_WEBHOOK_URL secret is not configured"
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+            exit 1
+          fi
+          
+          REPO_NAME="${DOCKER_REPO_NAME:-opensourcepos/opensourcepos}"
+          REPO_NAMESPACE="${REPO_NAME%%/*}"
+          REPO_SHORT_NAME="${REPO_NAME#*/}"
+          PUSHED_AT=$(date +%s)
+          
+          PAYLOAD=$(jq -n \
+            --arg callback_url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
+            --argjson pushed_at "$PUSHED_AT" \
+            --arg pusher "$GITHUB_ACTOR" \
+            --arg tag "$IMAGE_TAG" \
+            --arg repo_name "$REPO_NAME" \
+            --arg name "$REPO_SHORT_NAME" \
+            --arg namespace "$REPO_NAMESPACE" \
+            --arg repo_url "https://hub.docker.com/r/${REPO_NAME}/" \
+            --arg deployment_id "$DEPLOYMENT_ID" \
+            --arg repository "$GITHUB_REPOSITORY" \
+            --arg sha "$REF_SHA" \
+            --arg run_id "$GITHUB_RUN_ID" \
+            --arg actor "$GITHUB_ACTOR" \
+            --argjson pr_number "$PR_NUMBER" \
+            '{
+              callback_url: $callback_url,
+              push_data: {pushed_at: $pushed_at, pusher: $pusher, tag: $tag},
+              repository: {repo_name: $repo_name, name: $name, namespace: $namespace, repo_url: $repo_url, status: "Active"},
+              github_deployment: {id: $deployment_id, environment: "staging", repository: $repository, sha: $sha, run_id: $run_id, actor: $actor, pull_request: $pr_number}
+            }')
+          
+          echo "Sending webhook..."
+          echo "Image: ${IMAGE_TAG}"
+          echo "PR: #${PR_NUMBER}"
+          
+          HEADERS=(-H "Content-Type: application/json")
+          
+          if [ -n "$DEPLOY_WEBHOOK_SECRET" ]; then
+            SIGNATURE=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$DEPLOY_WEBHOOK_SECRET" | sed 's/.*= //')
+            HEADERS+=(-H "X-Hub-Signature-256: sha256=$SIGNATURE")
+          fi
+          
+          HTTP_CODE=$(curl -sS --connect-timeout 10 --max-time 120 \
+            -o response.txt -w "%{http_code}" \
+            -X POST \
+            "${HEADERS[@]}" \
+            -d "$PAYLOAD" \
+            "$DEPLOY_WEBHOOK_URL") || HTTP_CODE="000"
+          
+          echo "Response code: $HTTP_CODE"
+          if [ -s response.txt ]; then
+            cat response.txt
+          fi
+          
+          if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
+            echo "status=success" >> "$GITHUB_OUTPUT"
+          else
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+          fi
+      
+      - name: Set deployment status
+        if: always()
+        env:
+          GH_TOKEN: ${{ github.token }}
+          IMAGE_TAG: ${{ steps.image.outputs.tag }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          
+          STATE="${{ steps.webhook.outputs.status }}"
+          
+          if [ "$STATE" = "success" ]; then
+            DESCRIPTION=$(jq -nr --arg tag "$IMAGE_TAG" --arg pr "$PR_NUMBER" \
+              '"Deployed PR #\($pr) (\($tag)) to staging"')
+            
+            gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+              -X POST \
+              -f state="success" \
+              -f description="$DESCRIPTION"
+          else
+            gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+              -X POST \
+              -f state="failure" \
+              -f description="Staging deployment failed"
+            exit 1
+          fi
+      
+      - name: Comment deployment status
+        if: always()
+        env:
+          GH_TOKEN: ${{ github.token }}
+          IMAGE_TAG: ${{ steps.image.outputs.tag }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REF_SHA: ${{ github.event.pull_request.head.sha }}
+          STATUS: ${{ steps.webhook.outputs.status }}
+        run: |
+          if [ "$STATUS" = "success" ]; then
+            BODY=$(jq -nr --arg tag "$IMAGE_TAG" --arg sha "$REF_SHA" --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
+              '"✅ **Staging deployment completed**\n\n🔗 **URL**: https://dev.opensourcepos.org\n📦 **Image Tag**: `\($tag)`\n🔨 **Commit**: \($sha)\n\nView logs: \($url)"')
+          else
+            BODY=$(jq -nr --arg url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
+              '"❌ **Staging deployment failed**\n\nCheck the [workflow logs](\($url)) for details."')
+          fi
+          
+          gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" \
+            -X POST \
+            -f body="$BODY"
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,214 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Docker image tag to deploy (e.g., v3.4.0, latest)'
+        required: true
+        default: 'latest'
+      environment:
+        description: 'Target environment'
+        required: true
+        type: choice
+        options:
+          - production
+          - staging
+        default: 'production'
+  workflow_call:
+    inputs:
+      image_tag:
+        description: 'Docker image tag to deploy'
+        type: string
+        default: 'latest'
+      environment:
+        description: 'Target environment'
+        type: string
+        default: 'staging'
+      sha:
+        description: 'Git commit SHA to deploy'
+        required: true
+        type: string
+
+concurrency:
+  group: deploy-${{ inputs.environment }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  deployments: write
+
+jobs:
+  validate-inputs:
+    name: Validate deployment inputs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate environment
+        env:
+          TARGET_ENV: ${{ inputs.environment }}
+        run: |
+          set -euo pipefail
+          case "$TARGET_ENV" in
+            production|staging) ;;
+            *)
+              echo "::error::Invalid environment '$TARGET_ENV'. Expected 'production' or 'staging'."
+              exit 1
+              ;;
+          esac
+
+  deploy:
+    name: Deploy to ${{ inputs.environment }}
+    needs: validate-inputs
+    runs-on: ubuntu-latest
+    
+    environment:
+      name: ${{ inputs.environment }}
+      url: ${{ vars.DEPLOY_URL || (inputs.environment == 'production' && 'https://demo.opensourcepos.org' || 'https://dev.opensourcepos.org') }}
+      deployment: false
+    
+    steps:
+      - name: Create GitHub Deployment
+        id: deployment
+        env:
+          GH_TOKEN: ${{ github.token }}
+          IMAGE_TAG: ${{ inputs.image_tag }}
+          TARGET_ENV: ${{ inputs.environment }}
+          REF_SHA: ${{ inputs.sha || github.sha }}
+        run: |
+          set -euo pipefail
+          
+          DEPLOYMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/deployments" \
+            -X POST \
+            -f ref="${REF_SHA}" \
+            -f environment="${TARGET_ENV}" \
+            -f description="Deploy image ${IMAGE_TAG}" \
+            -F auto_merge=false \
+            -F required_contexts[] \
+            --jq '.id')
+          
+          if [ -z "$DEPLOYMENT_ID" ]; then
+            echo "::error::Failed to create deployment"
+            exit 1
+          fi
+          
+          echo "deployment_id=$DEPLOYMENT_ID" >> "$GITHUB_OUTPUT"
+          echo "Created deployment: $DEPLOYMENT_ID"
+      
+      - name: Set deployment status to in_progress
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          set -euo pipefail
+          
+          gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+            -X POST \
+            -f state="in_progress" \
+            -f description="Deployment in progress..." \
+            -f log_url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+      
+      - name: Trigger deployment webhook
+        id: webhook
+        env:
+          DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
+          DEPLOY_WEBHOOK_SECRET: ${{ secrets.DEPLOY_WEBHOOK_SECRET }}
+          DOCKER_REPO_NAME: ${{ secrets.DOCKER_REPO_NAME }}
+          IMAGE_TAG: ${{ inputs.image_tag }}
+          TARGET_ENV: ${{ inputs.environment }}
+          REF_SHA: ${{ inputs.sha || github.sha }}
+          DEPLOYMENT_ID: ${{ steps.deployment.outputs.deployment_id }}
+        run: |
+          set -euo pipefail
+          
+          if [ -z "$DEPLOY_WEBHOOK_URL" ]; then
+            echo "::error::DEPLOY_WEBHOOK_URL secret is not configured"
+            echo "Please add the DEPLOY_WEBHOOK_URL secret in your repository settings"
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+            exit 1
+          fi
+          
+          REPO_NAME="${DOCKER_REPO_NAME:-opensourcepos/opensourcepos}"
+          REPO_NAMESPACE="${REPO_NAME%%/*}"
+          REPO_SHORT_NAME="${REPO_NAME#*/}"
+          PUSHED_AT=$(date +%s)
+          
+          PAYLOAD=$(jq -n \
+            --arg callback_url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \
+            --argjson pushed_at "$PUSHED_AT" \
+            --arg pusher "$GITHUB_ACTOR" \
+            --arg tag "$IMAGE_TAG" \
+            --arg repo_name "$REPO_NAME" \
+            --arg name "$REPO_SHORT_NAME" \
+            --arg namespace "$REPO_NAMESPACE" \
+            --arg repo_url "https://hub.docker.com/r/${REPO_NAME}/" \
+            --arg deployment_id "$DEPLOYMENT_ID" \
+            --arg environment "$TARGET_ENV" \
+            --arg repository "$GITHUB_REPOSITORY" \
+            --arg sha "$REF_SHA" \
+            --arg run_id "$GITHUB_RUN_ID" \
+            --arg actor "$GITHUB_ACTOR" \
+            '{
+              callback_url: $callback_url,
+              push_data: {pushed_at: $pushed_at, pusher: $pusher, tag: $tag},
+              repository: {repo_name: $repo_name, name: $name, namespace: $namespace, repo_url: $repo_url, status: "Active"},
+              github_deployment: {id: $deployment_id, environment: $environment, repository: $repository, sha: $sha, run_id: $run_id, actor: $actor}
+            }')
+          
+          echo "Sending webhook..."
+          echo "Image: ${IMAGE_TAG}"
+          echo "Environment: ${TARGET_ENV}"
+          
+          HEADERS=(-H "Content-Type: application/json")
+          
+          if [ -n "$DEPLOY_WEBHOOK_SECRET" ]; then
+            SIGNATURE=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$DEPLOY_WEBHOOK_SECRET" | sed 's/.*= //')
+            HEADERS+=(-H "X-Hub-Signature-256: sha256=$SIGNATURE")
+            echo "Using HMAC-SHA256 signature verification"
+          else
+            echo "::warning::DEPLOY_WEBHOOK_SECRET not set - webhook calls will not be signed"
+            echo "For security, configure DEPLOY_WEBHOOK_SECRET in your repository settings"
+          fi
+          
+          HTTP_CODE=$(curl -sS --connect-timeout 10 --max-time 120 \
+            -o response.txt -w "%{http_code}" \
+            -X POST \
+            "${HEADERS[@]}" \
+            -d "$PAYLOAD" \
+            "$DEPLOY_WEBHOOK_URL") || HTTP_CODE="000"
+          
+          echo "Response code: $HTTP_CODE"
+          if [ -s response.txt ]; then
+            cat response.txt
+          fi
+          
+          if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
+            echo "status=success" >> "$GITHUB_OUTPUT"
+          else
+            echo "status=failure" >> "$GITHUB_OUTPUT"
+          fi
+      
+      - name: Set deployment status
+        if: always()
+        env:
+          GH_TOKEN: ${{ github.token }}
+          IMAGE_TAG: ${{ inputs.image_tag }}
+          TARGET_ENV: ${{ inputs.environment }}
+        run: |
+          set -euo pipefail
+          
+          STATE="${{ steps.webhook.outputs.status }}"
+          
+          if [ "$STATE" = "success" ]; then
+            DESCRIPTION=$(jq -nr --arg tag "$IMAGE_TAG" --arg env "$TARGET_ENV" \
+              '"Deployed image \($tag) to \($env)"')
+            
+            gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+              -X POST \
+              -f state="success" \
+              -f description="$DESCRIPTION"
+          else
+            gh api "repos/${GITHUB_REPOSITORY}/deployments/${{ steps.deployment.outputs.deployment_id }}/statuses" \
+              -X POST \
+              -f state="failure" \
+              -f description="Deployment failed"
+            exit 1
+          fi
--- a/.github/workflows/test-coding-standards.yml
+++ b/.github/workflows/test-coding-standards.yml
@@ -28,7 +28,6 @@ jobs:
      fail-fast: false
      matrix:
        php-version:
-          - '8.1'
          - '8.2'
          - '8.3'
          - '8.4'
--- a/.github/workflows/php-linter.yml
+++ b/.github/workflows/php-linter.yml
@@ -12,14 +12,6 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - name: PHP Lint 8.0
-        uses: dbfx/github-phplint/8.0@master
-        with:
-          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""   
-      - name: PHP Lint 8.1
-        uses: dbfx/github-phplint/8.1@master
-        with:
-          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
      - name: PHP Lint 8.2
        uses: dbfx/github-phplint/8.2@master
        with:
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -0,0 +1,121 @@
+name: PHPUnit Tests
+
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: PHP ${{ matrix.php-version }} Tests
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - '8.2'
+          - '8.3'
+          - '8.4'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: intl, mbstring, mysqli
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install npm dependencies
+        run: npm install
+
+      - name: Start MariaDB
+        run: |
+          docker run -d --name mysql \
+            -e MYSQL_ROOT_PASSWORD=root \
+            -e MYSQL_DATABASE=ospos \
+            -e MYSQL_USER=admin \
+            -e MYSQL_PASSWORD=pointofsale \
+            -p 3306:3306 \
+            mariadb:10.5
+          # Wait for MariaDB to be ready
+          until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
+            echo "Waiting for MariaDB..."
+            sleep 2
+          done
+          echo "MariaDB is ready!"
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.php-version }}-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: composer update --ansi --no-interaction
+
+      - name: Create .env file
+        run: cp .env.example .env
+
+      - name: Run PHPUnit tests
+        env:
+          CI_ENVIRONMENT: testing
+          MYSQL_HOST_NAME: 127.0.0.1
+        run: composer test -- --log-junit test-results/junit.xml
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results-php-${{ matrix.php-version }}
+          path: test-results/
+          retention-days: 30
+
+      - name: Stop MariaDB
+        if: always()
+        run: docker stop mysql && docker rm mysql
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,172 @@
+name: Release Version Bump
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_type:
+        description: 'Version bump type'
+        required: true
+        type: choice
+        options:
+          - minor
+          - major
+          - patch
+        default: 'minor'
+
+permissions:
+  contents: write
+
+jobs:
+  prepare-release:
+    name: Prepare Release
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get current version
+        id: current_version
+        run: |
+          CURRENT_VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
+          echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "Current version: $CURRENT_VERSION"
+
+      - name: Calculate new version
+        id: version
+        run: |
+          CURRENT_VERSION="${{ steps.current_version.outputs.current_version }}"
+          VERSION_TYPE="${{ github.event.inputs.version_type }}"
+          
+          # Parse current version
+          MAJOR=$(echo $CURRENT_VERSION | cut -d. -f1)
+          MINOR=$(echo $CURRENT_VERSION | cut -d. -f2)
+          PATCH=$(echo $CURRENT_VERSION | cut -d. -f3)
+          
+          # Bump version based on type
+          case $VERSION_TYPE in
+            major)
+              MAJOR=$((MAJOR + 1))
+              MINOR=0
+              PATCH=0
+              ;;
+            minor)
+              MINOR=$((MINOR + 1))
+              PATCH=0
+              ;;
+            patch)
+              PATCH=$((PATCH + 1))
+              ;;
+          esac
+          
+          NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
+          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
+          echo "previous_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "New version: $NEW_VERSION (was: $CURRENT_VERSION, type: $VERSION_TYPE)"
+
+      - name: Update version in App.php
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/public string \\\$application_version = '[^']*';/public string \\\$application_version = '$NEW_VERSION';/" app/Config/App.php
+          echo "Updated app/Config/App.php"
+
+      - name: Update version in package.json
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/\"version\": \"[^\"]*\",/\"version\": \"$NEW_VERSION\",/" package.json
+          echo "Updated package.json"
+
+      - name: Update version in docker-compose.nginx.yml
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/jekkos\/opensourcepos:[^ ]*/jekkos\/opensourcepos:$NEW_VERSION/" docker-compose.nginx.yml
+          echo "Updated docker-compose.nginx.yml"
+
+      - name: Update version in README.md
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          # Extract major.minor for the "latest X.Y version" text
+          MAJOR_MINOR=$(echo "$NEW_VERSION" | cut -d. -f1,2)
+          sed -i "s/The latest \`[0-9]*\.[0-9]*\` version/The latest \`${MAJOR_MINOR}\` version/" README.md
+          echo "Updated README.md with version ${MAJOR_MINOR}"
+
+      - name: Generate changelog
+        id: changelog
+        run: |
+          PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          # Get commits since last version
+          if git rev-parse "$PREVIOUS_VERSION" >/dev/null 2>&1; then
+            COMMITS=$(git log "$PREVIOUS_VERSION"..HEAD --pretty=format:"- %s" --no-merges)
+          else
+            COMMITS=$(git log --pretty=format:"- %s" --no-merges -50)
+          fi
+          
+          # Create changelog entry
+          CHANGELOG_FILE="CHANGELOG.md"
+          
+          # Create the new version comparison link
+          NEW_LINK="[${NEW_VERSION}]: https://github.com/opensourcepos/opensourcepos/compare/${PREVIOUS_VERSION}...${NEW_VERSION}"
+          
+          # Insert new link after [unreleased] line
+          sed -i "/^\[unreleased\]/a $NEW_LINK" "$CHANGELOG_FILE"
+          
+          # Update [unreleased] link to start from new version
+          sed -i "s|^\[unreleased\]: .*|\[unreleased\]: https://github.com/opensourcepos/opensourcepos/compare/${NEW_VERSION}...HEAD|" "$CHANGELOG_FILE"
+          
+          # Create version header and content using temp file to avoid sed issues with special characters
+          VERSION_DATE=$(date +%Y-%m-%d)
+          VERSION_HEADER="## [$NEW_VERSION] - $VERSION_DATE"
+          
+          # Create temp file with changelog entry
+          TMP_FILE=$(mktemp)
+          {
+            echo ""
+            echo "$VERSION_HEADER"
+            echo ""
+            echo "$COMMITS"
+          } > "$TMP_FILE"
+          
+          # Insert after Unreleased header
+          sed -i "/^## \[Unreleased\]/r $TMP_FILE" "$CHANGELOG_FILE"
+          rm "$TMP_FILE"
+          
+          echo "Updated CHANGELOG.md"
+          echo "Changelog entries:"
+          echo "$COMMITS"
+
+      - name: Update version in issue templates
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          # Calculate version to remove (keep 5 versions)
+          PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
+          
+          # Bug report template - insert new version after development (unreleased)
+          BUG_TEMPLATE=".github/ISSUE_TEMPLATE/bug report.yml"
+          sed -i "/- development (unreleased)/a\\        - OpenSourcePOS ${NEW_VERSION}" "$BUG_TEMPLATE"
+          # Remove the oldest version (5th version from the end)
+          sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$BUG_TEMPLATE"
+          echo "Updated $BUG_TEMPLATE"
+          
+          # Feature request template - insert new version after development (unreleased)
+          FEATURE_TEMPLATE=".github/ISSUE_TEMPLATE/feature_request.yml"
+          sed -i "/- development (unreleased)/a\\        - OpenSourcePOS ${NEW_VERSION}" "$FEATURE_TEMPLATE"
+          # Remove the oldest version (5th version from the end)
+          sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$FEATURE_TEMPLATE"
+          echo "Updated $FEATURE_TEMPLATE"
+
+      - name: Commit version bump
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          git add app/Config/App.php package.json docker-compose.nginx.yml CHANGELOG.md README.md .github/ISSUE_TEMPLATE/
+          git commit -m "chore: release version $NEW_VERSION"
+          git push origin HEAD
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ public/license/*
 !public/license/.gitkeep
 app/Config/email.php
 npm-debug.log*
+.vscode

 # Docker
 !docker/.env
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,54 +0,0 @@
-sudo: required
-
-branches:
-  except:
-    - unstable
-    - weblate
-services:
-  - docker
-
-dist: jammy
-language: node_js
-node_js:
-  - 20
-script:
-  - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-  - docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
-  - version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
-  - sed -i 's/production/development/g' .env
-  - sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
-  - echo "$version-$branch-$rev"
-  - npm version "$version-$branch-$rev" --force || true
-  - sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
-  - npm ci && npm install -g gulp && npm run build
-  - docker build . --target ospos -t ospos
-  - docker build . --target ospos_test -t ospos_test
-  - docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
-  - docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
-env:
-  global:
-  - BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
-  - TAG=${TRAVIS_TAG:-$BRANCH}
-  - date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
-after_success:
-  - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
-    "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
-  - gulp compress
-  - mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
-  - mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
-deploy:
-  - provider: releases
-    edge: true
-    file: dist/opensourcepos.$version.$rev.zip
-    name: "Unstable OpensourcePos"
-    overwrite: true
-    release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
-    prerelease: true
-    tag_name: unstable
-    user: jekkos
-
-    api_key:
-      secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
-
-    on:
-      branch: master
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -0,0 +1,40 @@
+# Agent Instructions
+
+This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
+
+## Code Style
+
+- Follow PHP CodeIgniter 4 coding standards
+- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
+- Write PHP 8.1+ compatible code with proper type declarations
+- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
+
+## Development
+
+- Create a new git worktree for each issue, based on the latest state of `origin/master`
+- Commit fixes to the worktree and push to the remote
+
+## Testing
+
+- Run PHPUnit tests: `composer test`
+- Tests must pass before submitting changes
+
+## Build
+
+- Install dependencies: `composer install && npm install`
+- Build assets: `npm run build` or `gulp`
+
+## Conventions
+
+- Controllers go in `app/Controllers/`
+- Models go in `app/Models/`
+- Views go in `app/Views/`
+- Database migrations in `app/Database/Migrations/`
+- Use CodeIgniter 4 framework patterns and helpers
+- Sanitize user input; escape output using `esc()` helper
+
+## Security
+
+- Never commit secrets, credentials, or `.env` files
+- Use parameterized queries to prevent SQL injection
+- Validate and sanitize all user input
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...HEAD
+[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.4.1...HEAD
 [3.4.1]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...3.4.1
 [3.4.0]: https://github.com/opensourcepos/opensourcepos/compare/3.3.9...3.4.0
 [3.3.9]: https://github.com/opensourcepos/opensourcepos/compare/3.3.8...3.3.9
@@ -33,10 +33,36 @@ All notable changes to this project will be documented in this file.

 ## [Unreleased]

-## [3.4.0] - 2025-02-06
+## [3.4.1] - 2025-06-05
+- Feature: PSR-12 Compliant Indentation by @objecttothis in ([#4196](https://github.com/opensourcepos/opensourcepos/pull/4196))
+- Add .env to dist zip by @jekkos in ([#4199](https://github.com/opensourcepos/opensourcepos/pull/4199))
+- Add CI4 coding standards linter ([#3708](https://github.com/opensourcepos/opensourcepos/issues/3708)) by @jekkos in ([#4198](https://github.com/opensourcepos/opensourcepos/pull/4198))
+- Bump canvg from 3.0.10 to 3.0.11 by @dependabot in ([#4189](https://github.com/opensourcepos/opensourcepos/pull/4189))
+- Bump jspdf and jspdf-autotable by @dependabot in ([#4190](https://github.com/opensourcepos/opensourcepos/pull/4190))
+- Feature bump ci to 4.6.0 by @objecttothis in ([#4197](https://github.com/opensourcepos/opensourcepos/pull/4197))
+- Add Kurdish language option to UI by @BudsieBuds in ([#4210](https://github.com/opensourcepos/opensourcepos/pull/4210))
+- Convert language ku to ckb by @BudsieBuds in ([#4211](https://github.com/opensourcepos/opensourcepos/pull/4211))
+- Fix PHP 8.4 errors by @BudsieBuds in ([#4215](https://github.com/opensourcepos/opensourcepos/pull/4215))
+- Add default bootstrap to themes by @BudsieBuds in ([#4219](https://github.com/opensourcepos/opensourcepos/pull/4219))
+- Update language names by @BudsieBuds in ([#4218](https://github.com/opensourcepos/opensourcepos/pull/4218))
+- Update install docs by @BudsieBuds in ([#4217](https://github.com/opensourcepos/opensourcepos/pull/4217))
+- Convert menu icons to SVG by @BudsieBuds in ([#4220](https://github.com/opensourcepos/opensourcepos/pull/4220))
+- Enhance license handling by @BudsieBuds in ([#4223](https://github.com/opensourcepos/opensourcepos/pull/4223))
+- Fix datetime rendering ([#4226](https://github.com/opensourcepos/opensourcepos/issues/4226)) by @jekkos in ([#4227](https://github.com/opensourcepos/opensourcepos/pull/4227))
+- Fix datetime rendering by @jekkos in ([#4228](https://github.com/opensourcepos/opensourcepos/pull/4228))
+- Fix null error when sending by email a receipt of a sale that has no invoice by @diego-ramos in ([#4229](https://github.com/opensourcepos/opensourcepos/pull/4229))
+- Update Receivings.php to save form. by @odiea in ([#4231](https://github.com/opensourcepos/opensourcepos/pull/4231))
+- Update Cashups.php for ajax cashup total to work. by @odiea in ([#4238](https://github.com/opensourcepos/opensourcepos/pull/4238))
+- Coding style updates for PSR-12 compliance & improved readability by @BudsieBuds in ([#4204](https://github.com/opensourcepos/opensourcepos/pull/4204))
+- Fix Codeigniter disallowed characters error with payment types that have accents by @diego-ramos in ([#4232](https://github.com/opensourcepos/opensourcepos/pull/4232))
+- Fixed broken escape string for success & warning messages by @Franchovy in ([#4253](https://github.com/opensourcepos/opensourcepos/pull/4253))
+- Bugfix constraint migration fix by @objecttothis in ([#4230](https://github.com/opensourcepos/opensourcepos/pull/4230))
+- Fix item number lookup in sales/receivings ([#4212](https://github.com/opensourcepos/opensourcepos/issues/4212)) by @jekkos in ([#4250](https://github.com/opensourcepos/opensourcepos/pull/4250))
+
+## [3.4.0] - 2025-03-23

 - Translation updates (Spanish, Indonesian, Swedish, Urdu, Chinese, Thai, French, Dutch)
- PHP 8.x support
+- PHP `8.x` support
 - Security fixes (XSS, SQLi)
 - Migration to Gulp as buildsystem
 - Decimal validation fix
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,98 +1,85 @@
-Contributor Covenant Code of Conduct
-Our Pledge
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-Our Standards
-Examples of behavior that contributes to a positive environment for our
-community include:
+[comment]: # (Contributor Covenant 2.1 - from https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md)
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our community include:

 * Demonstrating empathy and kindness toward other people
 * Being respectful of differing opinions, viewpoints, and experiences
 * Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the overall
-community
+* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall community

 Examples of unacceptable behavior include:

-* The use of sexualized language or imagery, and sexual attention or advances of
-any kind
+* The use of sexualized language or imagery, and sexual attention or advances of any kind
 * Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others’ private information, such as a physical or email address,
-without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-professional setting
+* Publishing others' private information, such as a physical or email address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting

-Enforcement Responsibilities
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
-Scope
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official email address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-Enforcement
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
-All complaints will be reviewed and investigated promptly and fairly.
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-Enforcement Guidelines
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-1. Correction
-Community Impact: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-Consequence: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-2. Warning
-Community Impact: A violation through a single incident or series of
-actions.
-Consequence: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-3. Temporary Ban
-Community Impact: A serious violation of community standards, including
-sustained inappropriate behavior.
-Consequence: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-4. Permanent Ban
-Community Impact: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-Consequence: A permanent ban from any sort of public interaction within the
-community.
-Attribution
-This Code of Conduct is adapted from the Contributor Covenant,
-version 2.1, available at
-https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
-Community Impact Guidelines were inspired by
-Mozilla’s code of conduct enforcement ladder.
-For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+## Enforcement Responsibilities

+Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.

+Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at [INSERT CONTACT METHOD]. All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
--- a/36
+++ b/36
@@ -1,28 +1,26 @@
 FROM php:8.2-apache AS ospos
 LABEL maintainer="jekkos"

-RUN apt update && apt-get install -y libicu-dev libgd-dev
-RUN a2enmod rewrite
-RUN docker-php-ext-install mysqli bcmath intl gd
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libicu-dev \
+    libgd-dev \
+    && docker-php-ext-install mysqli bcmath intl gd \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && a2enmod rewrite \
+    && sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
+
 RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini

 WORKDIR /app
-COPY . /app
-RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
-RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
-
-FROM ospos AS ospos_test
-
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-
-RUN apt-get install -y libzip-dev wget git
-RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
-RUN docker-php-ext-install zip
-RUN composer install -d/app
-#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
-WORKDIR /app/tests
-
-CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
+COPY --chown=www-data:www-data . /app
+RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
+    && mkdir -p /app/public/uploads/item_pics \
+    && chown www-data:www-data /app/public/uploads/item_pics \
+    && chmod 640 /app/.env \
+    && ln -s /app/*[^public] /var/www \
+    && rm -rf /var/www/html \
+    && ln -nsf /app/public /var/www/html

 FROM ospos AS ospos_dev

--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1,27 +1,68 @@
 ## Server Requirements

- PHP version `8.1` to `8.4` are supported, PHP version `≤7.4` is NOT supported. Please note that PHP needs to have the extensions `php-json`, `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring`, `php-curl` and `php-xml` installed and enabled. An unstable master build can be downloaded in the releases section.
+- PHP version `8.2` to `8.4` are supported, PHP version `≤ 8.1` is NOT supported. Please note that PHP needs to have the extensions `php-json`, `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring`, `php-curl` and `php-xml` installed and enabled. An unstable master build can be downloaded in the releases section.
 - MySQL `5.7` is supported, also MariaDB replacement `10.x` is supported and might offer better performance.
 - Apache `2.4` is supported. Nginx should work fine too, see [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Local-Deployment-using-LEMP).
 - Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
 - For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.

+## Security Configuration
+
+### Allowed Hostnames (REQUIRED for Production)
+
+⚠️ **CRITICAL**: OpenSourcePOS validates the Host header to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You MUST configure `app.allowedHostnames` for production deployments. If not configured, the application will fail to start.**
+
+**Add to your `.env` file:**
+
+```bash
+# Comma-separated list of allowed hostnames (no protocols or ports)
+app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
+```
+
+**For local development:**
+
+```bash
+app.allowedHostnames = 'localhost'
+```
+
+**If you see this error at startup:**
+
+```text
+RuntimeException: Security: allowedHostnames is not configured.
+```
+
+**Solution**: Add `app.allowedHostnames` to your `.env` file with your domain(s).
+
+**Why this matters:**
+- Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
+- Ensures URLs are generated with the correct domain
+- Security advisory: https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-jchf-7hr6-h4f3
+- Fixes issue #4480: .env configuration now works via comma-separated values
+
+### HTTPS Behind Proxy
+
+If your installation is behind a proxy with SSL offloading, set:
+```
+FORCE_HTTPS = true
+```
+
 ## Local install

-First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project.  To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
+First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.

 1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
 2. Create/locate a new MySQL database to install Open Source Point of Sale into.
-3. Execute the file `app/Database/database.sql` to create the tables needed.
-4. Unzip and upload Open Source Point of Sale files to the web-server.
-5. Open `.env` file and modify credentials to connect to your database if needed.
+3. Unzip and upload Open Source Point of Sale files to the web-server.
+4. If `.env` does not exist, copy `.env.example` to `.env`.
+5. Open `.env` and modify credentials to connect to your database if needed.
+6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
 7. Go to your install `public` dir via the browser.
 8. Log in using
   - Username: admin
   - Password: pointofsale
 9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
-9. Enjoy!
-10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
+10. Enjoy!
+11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.

 ## Local install using Docker

--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 </p>

 <p align="center">
-<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
+<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
 <a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
 <a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
 <a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -102,11 +102,11 @@ NOTE: If you're running non-release code, please make sure you always run the la

 - If you have suhosin installed and face an issue with CSRF, please make sure you read [issue #1492](https://github.com/opensourcepos/opensourcepos/issues/1492).

- PHP `≥ 8.1` is required to run this app.
+- PHP `≥ 8.2` is required to run this app.

 ## 🏃 Keep the Machine Running

-If you like our project, please consider buying us a coffee through the button below so we can keep adding features.
+If you like our project, please consider buying us a coffee through the button below so we can keep adding features. Please star the project if you like it!

 [![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MUN6AEG7NY6H8)\
 Or refer to the [FUNDING.yml](.github/FUNDING.yml) file.
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o

 ## 🙏 Credits

-| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
+| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
 | --- | --- | --- |
-| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
-| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |
+| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
+| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,9 +1,9 @@
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

-
 - [Security Policy](#security-policy)
  - [Supported Versions](#supported-versions)
+  - [Security Advisories](#security-advisories)
  - [Reporting a Vulnerability](#reporting-a-vulnerability)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,13 +12,35 @@

 ## Supported Versions

-We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
+We release patches for security vulnerabilities.

-| CVSS v3.0 | Supported Versions                                 |
-| --------- | -------------------------------------------------- |
-| 7.3       | 3.3.5                                              |
-| 9.8       | 3.3.6                                              |
+| Version   | Supported          |
+| --------- | ------------------ |
+| >= 3.4.2  | :white_check_mark: |
+| < 3.4.2   | :x:                |
+
+## Security Advisories
+
+The following security vulnerabilities have been published:
+
+### High Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
+
+### Medium Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
+
+For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).

 ## Reporting a Vulnerability

-Please report (suspected) security vulnerabilities to **[jekkos@opensourcepos.org](mailto:jekkos@opensourcepos.org)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
+Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. 
+
+You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -3,31 +3,42 @@
 namespace Config;

 use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Session\Handlers\DatabaseHandler;

 class App extends BaseConfig
 {
    /**
     * This is the code version of the Open Source Point of Sale you're running.
+     *
+     * @var string
     */
-    public string $application_version = '3.4.1';
+    public string $application_version = '3.4.2';

    /**
     * This is the commit hash for the version you are currently using.
+     *
+     * @var string
     */
    public string $commit_sha1 = 'dev';

    /**
     * Logs are stored in writable/logs
+     *
+     * @var bool
     */
    public bool $db_log_enabled = false;

    /**
     * DB Query Log only long-running queries
+     *
+     * @var bool
     */
    public bool $db_log_only_long = false;

    /**
     * Defines whether to require/reroute to HTTPS
+     *
+     * @var bool
     */
    public bool $https_on;    // Set in the constructor

@@ -267,14 +278,80 @@ class App extends BaseConfig
     * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
     * @see http://www.w3.org/TR/CSP/
     */
-    public bool $CSPEnabled = false;    // TODO: Currently CSP3 tags are not supported so enabling this causes problems with script-src-elem, style-src-attr and style-src-elem
+    public bool $CSPEnabled = false;

    public function __construct()
    {
        parent::__construct();
-        $this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] === 'true');
-        $this->baseURL  = $this->https_on ? 'https' : 'http';
-        $this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
+
+        // Solution for CodeIgniter 4 limitation: arrays cannot be set from .env
+        // See: https://github.com/codeigniter4/CodeIgniter4/issues/7311
+        $envAllowedHostnames = getenv('app.allowedHostnames');
+        if ($envAllowedHostnames !== false && trim($envAllowedHostnames) !== '') {
+            $this->allowedHostnames = array_values(array_filter(
+                array_map('trim', explode(',', $envAllowedHostnames)),
+                static fn (string $hostname): bool => $hostname !== ''
+            ));
+        }
+
+        $this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
+
+        $host = $this->getValidHost();
+        $this->baseURL = $this->https_on ? 'https' : 'http';
+        $this->baseURL .= '://' . $host . '/';
        $this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
    }
+
+    /**
+     * Validates and returns a trusted hostname.
+     *
+     * Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
+     * by validating the HTTP_HOST against a whitelist of allowed hostnames.
+     *
+     * In production: Fails fast if allowedHostnames is not configured.
+     * In development: Allows localhost fallback with an error log.
+     *
+     * @return string A validated hostname
+     * @throws \RuntimeException If allowedHostnames is not configured in production
+     */
+    private function getValidHost(): string
+    {
+        $httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
+
+        // Determine environment
+        // CodeIgniter's test bootstrap sets $_SERVER['CI_ENVIRONMENT'] = 'testing'
+        // Check $_SERVER first, then $_ENV, then fall back to 'production'
+        $environment = $_SERVER['CI_ENVIRONMENT'] ?? $_ENV['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT') ?: 'production';
+
+        if (empty($this->allowedHostnames)) {
+            $errorMessage =
+                'Security: allowedHostnames is not configured. ' .
+                'Host header injection protection is disabled. ' .
+                'Either set app.allowedHostnames in your .env file ' .
+                '(e.g., app.allowedHostnames = "example.com,www.example.com") ' .
+                'or configure $allowedHostnames in app/Config/App.php. ' .
+                'Received Host: ' . $httpHost;
+
+            // Production: Fail explicitly to prevent silent security vulnerabilities
+            // Testing and development: Allow localhost fallback
+            if ($environment === 'production') {
+                throw new \RuntimeException($errorMessage);
+            }
+
+            log_message('error', $errorMessage . ' Using localhost fallback (development only).');
+            return 'localhost';
+        }
+
+        if (in_array($httpHost, $this->allowedHostnames, true)) {
+            return $httpHost;
+        }
+
+        // Host not in whitelist - use first configured hostname as fallback
+        log_message('warning',
+            'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
+            'Using fallback: ' . $this->allowedHostnames[0]
+        );
+
+        return $this->allowedHostnames[0];
+    }
 }
--- a/app/Config/Autoload.php
+++ b/app/Config/Autoload.php
@@ -17,8 +17,6 @@ use CodeIgniter\Config\AutoloadConfig;
 *
 * NOTE: This class is required prior to Autoloader instantiation,
 *       and does not extend BaseConfig.
- *
- * @immutable
 */
 class Autoload extends AutoloadConfig
 {
@@ -42,7 +40,7 @@ class Autoload extends AutoloadConfig
    public $psr4 = [
        APP_NAMESPACE => APPPATH,
        'Config'      => APPPATH . 'Config',
-        'dompdf'      => APPPATH . 'ThirdParty/dompdf/src',
+        'dompdf'      => APPPATH . 'ThirdParty/dompdf/src'
    ];

    /**
@@ -169,7 +167,7 @@ class Autoload extends AutoloadConfig
        'Token_lib'     => '/App/Libraries/Token_lib.php',

        // Miscellaneous
-        'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php',
+        'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php'
    ];

    /**
@@ -205,6 +203,6 @@ class Autoload extends AutoloadConfig
        'cookie',
        'tabular',
        'locale',
-        'security',
+        'security'
    ];
 }
--- a/app/Config/CURLRequest.php
+++ b/app/Config/CURLRequest.php
@@ -6,6 +6,22 @@ use CodeIgniter\Config\BaseConfig;

 class CURLRequest extends BaseConfig
 {
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Connection Options
+     * --------------------------------------------------------------------------
+     *
+     * Share connection options between requests.
+     *
+     * @var list<int>
+     *
+     * @see https://www.php.net/manual/en/curl.constants.php#constant.curl-lock-data-connect
+     */
+    public array $shareConnectionOptions = [
+        CURL_LOCK_DATA_CONNECT,
+        CURL_LOCK_DATA_DNS,
+    ];
+
    /**
     * --------------------------------------------------------------------------
     * CURLRequest Share Options
--- a/app/Config/Cache.php
+++ b/app/Config/Cache.php
@@ -3,6 +3,7 @@
 namespace Config;

 use CodeIgniter\Cache\CacheInterface;
+use CodeIgniter\Cache\Handlers\ApcuHandler;
 use CodeIgniter\Cache\Handlers\DummyHandler;
 use CodeIgniter\Cache\Handlers\FileHandler;
 use CodeIgniter\Cache\Handlers\MemcachedHandler;
@@ -78,7 +79,7 @@ class Cache extends BaseConfig
     * Your file storage preferences can be specified below, if you are using
     * the File driver.
     *
-     * @var array<string, int|string|null>
+     * @var array{storePath?: string, mode?: int}
     */
    public array $file = [
        'storePath' => WRITEPATH . 'cache/',
@@ -95,7 +96,7 @@ class Cache extends BaseConfig
     *
     * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached
     *
-     * @var array<string, bool|int|string>
+     * @var array{host?: string, port?: int, weight?: int, raw?: bool}
     */
    public array $memcached = [
        'host'   => '127.0.0.1',
@@ -108,17 +109,28 @@ class Cache extends BaseConfig
     * -------------------------------------------------------------------------
     * Redis settings
     * -------------------------------------------------------------------------
+     *
     * Your Redis server can be specified below, if you are using
     * the Redis or Predis drivers.
     *
-     * @var array<string, int|string|null>
+     * @var array{
+     *     host?: string,
+     *     password?: string|null,
+     *     port?: int,
+     *     timeout?: int,
+     *     async?: bool,
+     *     persistent?: bool,
+     *     database?: int
+     * }
     */
    public array $redis = [
-        'host'     => '127.0.0.1',
-        'password' => null,
-        'port'     => 6379,
-        'timeout'  => 0,
-        'database' => 0,
+        'host'       => '127.0.0.1',
+        'password'   => null,
+        'port'       => 6379,
+        'timeout'    => 0,
+        'async'      => false, // specific to Predis and ignored by the native Redis extension
+        'persistent' => false,
+        'database'   => 0,
    ];

    /**
@@ -132,6 +144,7 @@ class Cache extends BaseConfig
     * @var array<string, class-string<CacheInterface>>
     */
    public array $validHandlers = [
+        'apcu'      => ApcuHandler::class,
        'dummy'     => DummyHandler::class,
        'file'      => FileHandler::class,
        'memcached' => MemcachedHandler::class,
@@ -158,4 +171,28 @@ class Cache extends BaseConfig
     * @var bool|list<string>
     */
    public $cacheQueryString = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Web Page Caching: Cache Status Codes
+     * --------------------------------------------------------------------------
+     *
+     * HTTP status codes that are allowed to be cached. Only responses with
+     * these status codes will be cached by the PageCache filter.
+     *
+     * Default: [] - Cache all status codes (backward compatible)
+     *
+     * Recommended: [200] - Only cache successful responses
+     *
+     * You can also use status codes like:
+     *   [200, 404, 410] - Cache successful responses and specific error codes
+     *   [200, 201, 202, 203, 204] - All 2xx successful responses
+     *
+     * WARNING: Using [] may cache temporary error pages (404, 500, etc).
+     * Consider restricting to [200] for production applications to avoid
+     * caching errors that should be temporary.
+     *
+     * @var list<int>
+     */
+    public array $cacheStatusCodes = [];
 }
--- a/app/Config/Constants.php
+++ b/app/Config/Constants.php
@@ -33,17 +33,17 @@ defined('COMPOSER_PATH') || define('COMPOSER_PATH', ROOTPATH . 'vendor/autoload.
 | Provide simple ways to work with the myriad of PHP functions that
 | require information to be in seconds.
 */
-defined('SECOND')           || define('SECOND', 1);
-defined('MINUTE')           || define('MINUTE', 60);
-defined('HOUR')             || define('HOUR', 3600);
-defined('DAY')              || define('DAY', 86400);
-defined('WEEK')             || define('WEEK', 604800);
-defined('MONTH')            || define('MONTH', 2_592_000);
-defined('YEAR')             || define('YEAR', 31_536_000);
-defined('DECADE')           || define('DECADE', 315_360_000);
+defined('SECOND') || define('SECOND', 1);
+defined('MINUTE') || define('MINUTE', 60);
+defined('HOUR')   || define('HOUR', 3600);
+defined('DAY')    || define('DAY', 86400);
+defined('WEEK')   || define('WEEK', 604800);
+defined('MONTH')  || define('MONTH', 2_592_000);
+defined('YEAR')   || define('YEAR', 31_536_000);
+defined('DECADE') || define('DECADE', 315_360_000);
 defined('DEFAULT_DATE')     || define('DEFAULT_DATE', mktime(0, 0, 0, 1, 1, 2010));
 defined('DEFAULT_DATETIME') || define('DEFAULT_DATETIME', mktime(0, 0, 0, 1, 1, 2010));
-defined('NOW')              || define('NOW', time());
+defined('NOW')    || define('NOW', time());

 /*
 | --------------------------------------------------------------------------
@@ -85,47 +85,47 @@ defined('EXIT__AUTO_MAX')      || define('EXIT__AUTO_MAX', 125);    // highest a
 * Global Constants.
 */
 const NEW_ENTRY = -1;
-const ACTIVE    = 0;
-const DELETED   = 1;
+const ACTIVE = 0;
+const DELETED = 1;

 /**
 * Attribute Related Constants.
 */
-const GROUP                  = 'GROUP';
-const DROPDOWN               = 'DROPDOWN';
-const DECIMAL                = 'DECIMAL';
-const DATE                   = 'DATE';
-const TEXT                   = 'TEXT';
-const CHECKBOX               = 'CHECKBOX';
-const NO_DEFINITION_ID       = 0;
+const GROUP = 'GROUP';
+const DROPDOWN = 'DROPDOWN';
+const DECIMAL = 'DECIMAL';
+const DATE = 'DATE';
+const TEXT = 'TEXT';
+const CHECKBOX = 'CHECKBOX';
+const NO_DEFINITION_ID = 0;
 const CATEGORY_DEFINITION_ID = -1;
-const DEFINITION_TYPES       = [GROUP, DROPDOWN, DECIMAL, TEXT, DATE, CHECKBOX];
+const DEFINITION_TYPES = [GROUP, DROPDOWN, DECIMAL, TEXT, DATE, CHECKBOX];

 /**
 * Item Related Constants.
 */
-const HAS_STOCK    = 0;
+const HAS_STOCK = 0;
 const HAS_NO_STOCK = 1;

-const ITEM              = 0;
-const ITEM_KIT          = 1;
+const ITEM = 0;
+const ITEM_KIT = 1;
 const ITEM_AMOUNT_ENTRY = 2;
-const ITEM_TEMP         = 3;
-const NEW_ITEM          = -1;
+const ITEM_TEMP = 3;
+const NEW_ITEM = -1;

-const PRINT_ALL    = 0;
+const PRINT_ALL = 0;
 const PRINT_PRICED = 1;
-const PRINT_KIT    = 2;
+const PRINT_KIT = 2;

 const PRINT_YES = 0;
-const PRINT_NO  = 1;
+const PRINT_NO = 1;

-const PRICE_ALL       = 0;
-const PRICE_KIT       = 1;
+const PRICE_ALL = 0;
+const PRICE_KIT = 1;
 const PRICE_KIT_ITEMS = 2;

-const PRICE_OPTION_ALL       = 0;
-const PRICE_OPTION_KIT       = 1;
+const PRICE_OPTION_ALL = 0;
+const PRICE_OPTION_KIT = 1;
 const PRICE_OPTION_KIT_STOCK = 2;

 const NAME_SEPARATOR = ' | ';
@@ -135,37 +135,42 @@ const NAME_SEPARATOR = ' | ';
 */
 const COMPLETED = 0;
 const SUSPENDED = 1;
-const CANCELED  = 2;
+const CANCELED = 2;

-const SALE_TYPE_POS        = 0;
-const SALE_TYPE_INVOICE    = 1;
+const SALE_TYPE_POS = 0;
+const SALE_TYPE_INVOICE = 1;
 const SALE_TYPE_WORK_ORDER = 2;
-const SALE_TYPE_QUOTE      = 3;
-const SALE_TYPE_RETURN     = 4;
+const SALE_TYPE_QUOTE = 3;
+const SALE_TYPE_RETURN = 4;

 const PERCENT = 0;
-const FIXED   = 1;
+const FIXED = 1;

 const PRICE_MODE_STANDARD = 0;
-const PRICE_MODE_KIT      = 1;
+const PRICE_MODE_KIT = 1;

 const PAYMENT_TYPE_UNASSIGNED = '--';

-const CASH_ADJUSTMENT_TRUE  = 1;
+const CASH_ADJUSTMENT_TRUE = 1;
 const CASH_ADJUSTMENT_FALSE = 0;
-const CASH_MODE_TRUE        = 1;
-const CASH_MODE_FALSE       = 0;
+const CASH_MODE_TRUE = 1;
+const CASH_MODE_FALSE = 0;

 /**
 * Supplier Related Constants
 */
 const GOODS_SUPPLIER = 0;
-const COST_SUPPLIER  = 1;
+const COST_SUPPLIER = 1;

 /**
 * Locale Related Constants
 */
-const MAX_PRECISION         = 1e14;
-const DEFAULT_PRECISION     = 2;
-const DEFAULT_LANGUAGE      = 'english';
+const MAX_PRECISION = 1e14;
+const DEFAULT_PRECISION = 2;
+const DEFAULT_LANGUAGE = 'english';
 const DEFAULT_LANGUAGE_CODE = 'en';
+
+/**
+ * Admin modules - list of modules required for admin privileges
+ */
+const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -30,6 +30,11 @@ class ContentSecurityPolicy extends BaseConfig
     */
    public ?string $reportURI = null;

+    /**
+     * Specifies a reporting endpoint to which violation reports ought to be sent.
+     */
+    public ?string $reportTo = null;
+
    /**
     * Instructs user agents to rewrite URL schemes, changing
     * HTTP to HTTPS. This directive is for websites with
@@ -38,12 +43,12 @@ class ContentSecurityPolicy extends BaseConfig
    public bool $upgradeInsecureRequests = false;

    // -------------------------------------------------------------------------
-    // Sources allowed
+    // CSP DIRECTIVES SETTINGS
    // NOTE: once you set a policy to 'none', it cannot be further restricted
    // -------------------------------------------------------------------------

    /**
-     * Will default to self if not overridden
+     * Will default to `'self'` if not overridden
     *
     * @var list<string>|string|null
     */
@@ -61,9 +66,24 @@ class ContentSecurityPolicy extends BaseConfig
        'self',
        'unsafe-inline',
        'unsafe-eval',
-        'www.google.com www.gstatic.com',
+        'www.google.com www.gstatic.com'
    ];

+    /**
+     * Specifies valid sources for JavaScript <script> elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $scriptSrcElem = 'self';
+
+    /**
+     * Specifies valid sources for JavaScript inline event
+     * handlers and JavaScript URLs.
+     *
+     * @var list<string>|string
+     */
+    public array|string $scriptSrcAttr = 'self';
+
    /**
     * Lists allowed stylesheets' URLs.
     *
@@ -76,6 +96,21 @@ class ContentSecurityPolicy extends BaseConfig
        'https://fonts.googleapis.com',
    ];

+    /**
+     * Specifies valid sources for stylesheets <link> elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $styleSrcElem = 'self';
+
+    /**
+     * Specifies valid sources for stylesheets inline
+     * style attributes and `<style>` elements.
+     *
+     * @var list<string>|string
+     */
+    public array|string $styleSrcAttr = 'self';
+
    /**
     * Defines the origins from which images can be loaded.
     *
@@ -169,6 +204,11 @@ class ContentSecurityPolicy extends BaseConfig
     */
    public $manifestSrc;

+    /**
+     * @var list<string>|string
+     */
+    public array|string $workerSrc = [];
+
    /**
     * Limits the kinds of plugins a page may invoke.
     *
@@ -184,17 +224,17 @@ class ContentSecurityPolicy extends BaseConfig
    public $sandbox;

    /**
-     * Nonce tag for style
+     * Nonce placeholder for style tags.
     */
    public string $styleNonceTag = '{csp-style-nonce}';

    /**
-     * Nonce tag for script
+     * Nonce placeholder for script tags.
     */
    public string $scriptNonceTag = '{csp-script-nonce}';

    /**
-     * Replace nonce tag automatically
+     * Replace nonce tag automatically?
     */
    public bool $autoNonce = true;
 }
--- a/app/Config/Cookie.php
+++ b/app/Config/Cookie.php
@@ -85,7 +85,7 @@ class Cookie extends BaseConfig
     * (empty string) means default SameSite attribute set by browsers (`Lax`)
     * will be set on cookies. If set to `None`, `$secure` must also be set.
     *
-     * @phpstan-var 'None'|'Lax'|'Strict'|''
+     * @var ''|'Lax'|'None'|'Strict'
     */
    public string $samesite = 'Lax';

--- a/app/Config/Database.php
+++ b/app/Config/Database.php
@@ -25,24 +25,26 @@ class Database extends Config
     * @var array<string, mixed>
     */
    public array $default = [
-        'DSN'        => '',
-        'hostname'   => 'localhost',
-        'username'   => 'admin',
-        'password'   => 'pointofsale',
-        'database'   => 'ospos',
-        'DBDriver'   => 'MySQLi',
-        'DBPrefix'   => 'ospos_',
-        'pConnect'   => false,
-        'DBDebug'    => (ENVIRONMENT !== 'production'),
-        'charset'    => 'utf8mb4',
-        'DBCollat'   => 'utf8mb4_general_ci',
-        'swapPre'    => '',
-        'encrypt'    => false,
-        'compress'   => false,
-        'strictOn'   => false,
-        'failover'   => [],
-        'port'       => 3306,
-        'dateFormat' => [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'numberNative' => false,
+        'foundRows'    => false,
+        'dateFormat'   => [
            'date'     => 'Y-m-d',
            'datetime' => 'Y-m-d H:i:s',
            'time'     => 'H:i:s',
@@ -74,6 +76,7 @@ class Database extends Config
        'port'        => 3306,
        'foreignKeys' => true,
        'busyTimeout' => 1000,
+        'synchronous' => null,
        'dateFormat'  => [
            'date'     => 'Y-m-d',
            'datetime' => 'Y-m-d H:i:s',
@@ -87,26 +90,26 @@ class Database extends Config
     * @var array
     */
    public $development = [
-        'DSN'         => '',
-        'hostname'    => 'localhost',
-        'username'    => 'admin',
-        'password'    => 'pointofsale',
-        'database'    => 'ospos',
-        'DBDriver'    => 'MySQLi',
-        'DBPrefix'    => 'ospos_',
-        'pConnect'    => false,
-        'DBDebug'     => (ENVIRONMENT !== 'production'),
-        'charset'     => 'utf8mb4',
-        'DBCollat'    => 'utf8mb4_general_ci',
-        'swapPre'     => '',
-        'encrypt'     => false,
-        'compress'    => false,
-        'strictOn'    => false,
-        'failover'    => [],
-        'port'        => 3306,
-        'foreignKeys' => true,
-        'busyTimeout' => 1000,
-        'dateFormat'  => [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'foreignKeys'  => true,
+        'busyTimeout'  => 1000,
+        'dateFormat'   => [
            'date'     => 'Y-m-d',
            'datetime' => 'Y-m-d H:i:s',
            'time'     => 'H:i:s',
@@ -124,17 +127,16 @@ class Database extends Config
            case 'testing':
                $this->defaultGroup = 'tests';
                break;
-
-            case 'development':
+            case 'development';
                $this->defaultGroup = 'development';
                break;
        }

        foreach ([&$this->development, &$this->tests, &$this->default] as &$config) {
-            $config['hostname'] = ! getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
-            $config['username'] = ! getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
-            $config['password'] = ! getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
-            $config['database'] = ! getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
+            $config['hostname'] = !getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
+            $config['username'] = !getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
+            $config['password'] = !getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
+            $config['database'] = !getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
        }
    }
 }
--- a/app/Config/DocTypes.php
+++ b/app/Config/DocTypes.php
@@ -2,9 +2,6 @@

 namespace Config;

-/**
- * @immutable
- */
 class DocTypes
 {
    /**
--- a/app/Config/Email.php
+++ b/app/Config/Email.php
@@ -30,6 +30,11 @@ class Email extends BaseConfig
     */
    public string $SMTPHost = 'mail.mxserver.com';

+    /**
+     * Which SMTP authentication method to use: login, plain
+     */
+    public string $SMTPAuthMethod = 'login';
+
    /**
     * SMTP Username
     */
--- a/app/Config/Encryption.php
+++ b/app/Config/Encryption.php
@@ -23,6 +23,23 @@ class Encryption extends BaseConfig
     */
    public string $key = '';

+    /**
+     * --------------------------------------------------------------------------
+     * Previous Encryption Keys
+     * --------------------------------------------------------------------------
+     *
+     * When rotating encryption keys, add old keys here to maintain ability
+     * to decrypt data encrypted with previous keys. Encryption always uses
+     * the current $key. Decryption tries current key first, then falls back
+     * to previous keys if decryption fails.
+     *
+     * In .env file, use comma-separated string:
+     *   encryption.previousKeys = hex2bin:9be8c64fcea509867...,hex2bin:3f5a1d8e9c2b7a4f6...
+     *
+     * @var list<string>|string
+     */
+    public array|string $previousKeys = '';
+
    /**
     * --------------------------------------------------------------------------
     * Encryption Driver to Use
--- a/app/Config/Events.php
+++ b/app/Config/Events.php
@@ -2,12 +2,12 @@

 namespace Config;

-use App\Events\Db_log;
-use App\Events\Load_config;
-use App\Events\Method;
 use CodeIgniter\Events\Events;
 use CodeIgniter\Exceptions\FrameworkException;
 use CodeIgniter\HotReloader\HotReloader;
+use App\Events\Db_log;
+use App\Events\Load_config;
+use App\Events\Method;

 /*
 * --------------------------------------------------------------------
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -65,12 +65,15 @@ class Filters extends BaseFilters
     * List of filter aliases that are always
     * applied before and after every request.
     *
-     * @var array<string, array<string, array<string, string>>>|array<string, list<string>>
+     * @var array{
+     *     before: array<string, array{except: list<string>|string}>|list<string>,
+     *     after: array<string, array{except: list<string>|string}>|list<string>
+     * }
     */
    public array $globals = [
        'before' => [
            'honeypot',
-            // 'csrf' => ['except' => 'login'],    // TODO: Temporarily disable CSRF until we get everything sorted
+            'csrf' => ['except' => 'login|migrate'],
            'invalidchars',
        ],
        'after' => [
@@ -105,4 +108,20 @@ class Filters extends BaseFilters
     * @var array<string, array<string, list<string>>>
     */
    public array $filters = [];
+
+    /**
+     * Constructor to conditionally disable CSRF filter in testing environment
+     */
+    public function __construct()
+    {
+        // Check for testing environment via env variable or constant
+        $isTesting = ($_ENV['CI_ENVIRONMENT'] ?? $_SERVER['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT')) === 'testing'
+            || (defined('ENVIRONMENT') && ENVIRONMENT === 'testing');
+
+        // Remove CSRF filter from globals in testing environment
+        if ($isTesting) {
+            // Remove the 'csrf' key from $globals['before'] while preserving array structure
+            $this->globals['before'] = array_filter($this->globals['before'], static fn($key) => $key !== 'csrf', ARRAY_FILTER_USE_KEY);
+        }
+    }
 }
--- a/app/Config/Format.php
+++ b/app/Config/Format.php
@@ -61,4 +61,13 @@ class Format extends BaseConfig
        'application/xml'  => 0,
        'text/xml'         => 0,
    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Maximum depth for JSON encoding.
+     * --------------------------------------------------------------------------
+     *
+     * This value determines how deep the JSON encoder will traverse nested structures.
+     */
+    public int $jsonEncodeDepth = 512;
 }
--- a/app/Config/Hostnames.php
+++ b/app/Config/Hostnames.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Config;
+
+class Hostnames
+{
+    // List of known two-part TLDs for subdomain extraction
+    public const TWO_PART_TLDS = [
+        'co.uk', 'org.uk', 'gov.uk', 'ac.uk', 'sch.uk', 'ltd.uk', 'plc.uk',
+        'com.au', 'net.au', 'org.au', 'edu.au', 'gov.au', 'asn.au', 'id.au',
+        'co.jp', 'ac.jp', 'go.jp', 'or.jp', 'ne.jp', 'gr.jp',
+        'co.nz', 'org.nz', 'govt.nz', 'ac.nz', 'net.nz', 'geek.nz', 'maori.nz', 'school.nz',
+        'co.in', 'net.in', 'org.in', 'ind.in', 'ac.in', 'gov.in', 'res.in',
+        'com.cn', 'net.cn', 'org.cn', 'gov.cn', 'edu.cn',
+        'com.sg', 'net.sg', 'org.sg', 'gov.sg', 'edu.sg', 'per.sg',
+        'co.za', 'org.za', 'gov.za', 'ac.za', 'net.za',
+        'co.kr', 'or.kr', 'go.kr', 'ac.kr', 'ne.kr', 'pe.kr',
+        'co.th', 'or.th', 'go.th', 'ac.th', 'net.th', 'in.th',
+        'com.my', 'net.my', 'org.my', 'edu.my', 'gov.my', 'mil.my', 'name.my',
+        'com.mx', 'org.mx', 'net.mx', 'edu.mx', 'gob.mx',
+        'com.br', 'net.br', 'org.br', 'gov.br', 'edu.br', 'art.br', 'eng.br',
+        'co.il', 'org.il', 'ac.il', 'gov.il', 'net.il', 'muni.il',
+        'co.id', 'or.id', 'ac.id', 'go.id', 'net.id', 'web.id', 'my.id',
+        'com.hk', 'edu.hk', 'gov.hk', 'idv.hk', 'net.hk', 'org.hk',
+        'com.tw', 'net.tw', 'org.tw', 'edu.tw', 'gov.tw', 'idv.tw',
+        'com.sa', 'net.sa', 'org.sa', 'gov.sa', 'edu.sa', 'sch.sa', 'med.sa',
+        'co.ae', 'net.ae', 'org.ae', 'gov.ae', 'ac.ae', 'sch.ae',
+        'com.tr', 'net.tr', 'org.tr', 'gov.tr', 'edu.tr', 'av.tr', 'gen.tr',
+        'co.ke', 'or.ke', 'go.ke', 'ac.ke', 'sc.ke', 'me.ke', 'mobi.ke', 'info.ke',
+        'com.ng', 'org.ng', 'gov.ng', 'edu.ng', 'net.ng', 'sch.ng', 'name.ng',
+        'com.pk', 'net.pk', 'org.pk', 'gov.pk', 'edu.pk', 'fam.pk',
+        'com.eg', 'edu.eg', 'gov.eg', 'org.eg', 'net.eg',
+        'com.cy', 'net.cy', 'org.cy', 'gov.cy', 'ac.cy',
+        'com.lk', 'org.lk', 'edu.lk', 'gov.lk', 'net.lk', 'int.lk',
+        'com.bd', 'net.bd', 'org.bd', 'ac.bd', 'gov.bd', 'mil.bd',
+        'com.ar', 'net.ar', 'org.ar', 'gov.ar', 'edu.ar', 'mil.ar',
+        'gob.cl', 'com.pl', 'net.pl', 'org.pl', 'gov.pl', 'edu.pl',
+        'co.ir', 'ac.ir', 'org.ir', 'id.ir', 'gov.ir', 'sch.ir', 'net.ir',
+    ];
+}
--- a/app/Config/Images.php
+++ b/app/Config/Images.php
@@ -16,6 +16,8 @@ class Images extends BaseConfig
    /**
     * The path to the image library.
     * Required for ImageMagick, GraphicsMagick, or NetPBM.
+     *
+     * @deprecated 4.7.0 No longer used.
     */
    public string $libraryPath = '/usr/local/bin/convert';

--- a/app/Config/Logger.php
+++ b/app/Config/Logger.php
@@ -4,6 +4,7 @@ namespace Config;

 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Log\Handlers\FileHandler;
+use CodeIgniter\Log\Handlers\HandlerInterface;

 class Logger extends BaseConfig
 {
@@ -73,7 +74,7 @@ class Logger extends BaseConfig
     * Handlers are executed in the order defined in this array, starting with
     * the handler on top and continuing down.
     *
-     * @var array<class-string, array<string, int|list<string>|string>>
+     * @var array<class-string<HandlerInterface>, array<string, int|list<string>|string>>
     */
    public array $handlers = [
        /*
--- a/app/Config/Migrations.php
+++ b/app/Config/Migrations.php
@@ -47,4 +47,19 @@ class Migrations extends BaseConfig
     * - Y_m_d_His_
     */
    public string $timestampFormat = 'YmdHis_';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Enable/Disable Migration Lock
+     * --------------------------------------------------------------------------
+     *
+     * Locking is disabled by default.
+     *
+     * When enabled, it will prevent multiple migration processes
+     * from running at the same time by using a lock mechanism.
+     *
+     * This is useful in production environments to avoid conflicts
+     * or race conditions during concurrent deployments.
+     */
+    public bool $lock = false;
 }
--- a/app/Config/Mimes.php
+++ b/app/Config/Mimes.php
@@ -3,8 +3,6 @@
 namespace Config;

 /**
- * Mimes
- *
 * This file contains an array of mime types.  It is used by the
 * Upload class to help identify allowed file types.
 *
@@ -15,8 +13,6 @@ namespace Config;
 *
 * When working with mime types, please make sure you have the ´fileinfo´
 * extension enabled to reliably detect the media types.
- *
- * @immutable
 */
 class Mimes
 {
@@ -482,6 +478,8 @@ class Mimes
            'application/sla',
            'application/vnd.ms-pki.stl',
            'application/x-navistyle',
+            'model/stl',
+            'application/octet-stream',
        ],
    ];

@@ -490,7 +488,7 @@ class Mimes
     *
     * @return string|null The mime type found, or none if unable to determine.
     */
-    public static function guessTypeFromExtension(string $extension): array|string|null
+    public static function guessTypeFromExtension(string $extension)
    {
        $extension = trim(strtolower($extension), '. ');

@@ -508,7 +506,7 @@ class Mimes
     *
     * @return string|null The extension determined, or null if unable to match.
     */
-    public static function guessExtensionFromType(string $type, ?string $proposedExtension = null): ?string
+    public static function guessExtensionFromType(string $type, ?string $proposedExtension = null)
    {
        $type = trim(strtolower($type), '. ');

--- a/app/Config/Modules.php
+++ b/app/Config/Modules.php
@@ -9,8 +9,6 @@ use CodeIgniter\Modules\Modules as BaseModules;
 *
 * NOTE: This class is required prior to Autoloader instantiation,
 *       and does not extend BaseConfig.
- *
- * @immutable
 */
 class Modules extends BaseModules
 {
--- a/app/Config/OSPOS.php
+++ b/app/Config/OSPOS.php
@@ -24,6 +24,9 @@ class OSPOS extends BaseConfig
        $this->set_settings();
    }

+    /**
+     * @return void
+     */
    public function set_settings(): void
    {
        $cache = $this->cache->get('settings');
@@ -31,18 +34,32 @@ class OSPOS extends BaseConfig
        if ($cache) {
            $this->settings = decode_array($cache);
        } else {
-            $appconfig = model(Appconfig::class);
-
-            foreach ($appconfig->get_all()->getResult() as $app_config) {
-                $this->settings[$app_config->key] = $app_config->value;
+            try {
+                $appconfig = model(Appconfig::class);
+                foreach ($appconfig->get_all()->getResult() as $app_config) {
+                    $this->settings[$app_config->key] = $app_config->value;
+                }
+                $this->cache->save('settings', encode_array($this->settings));
+            } catch (\Exception $e) {
+                // Database table doesn't exist yet (migrations haven't run)
+                // or database connection failed. Return empty settings to
+                // allow migration page to display. Catches mysqli_sql_exception
+                // which is not a subclass of DatabaseException.
+                $this->settings = [
+                    'language' => 'english',
+                    'language_code' => 'en',
+                    'company' => 'Home'
+                ];
            }
-            $this->cache->save('settings', encode_array($this->settings));
        }
    }

+    /**
+     * @return void
+     */
    public function update_settings(): void
    {
        $this->cache->delete('settings');
        $this->set_settings();
    }
-}
+}
--- a/app/Config/Optimize.php
+++ b/app/Config/Optimize.php
@@ -8,7 +8,7 @@ namespace Config;
 * NOTE: This class does not extend BaseConfig for performance reasons.
 *       So you cannot replace the property values with Environment Variables.
 *
- * @immutable
+ * WARNING: Do not use these options when running the app in the Worker Mode.
 */
 class Optimize
 {
--- a/app/Config/Pager.php
+++ b/app/Config/Pager.php
@@ -56,6 +56,6 @@ class Pager extends BaseConfig
        'first_tag_open'   => '<li>',
        'first_tagl_close' => '</li>',
        'last_tag_open'    => '<li>',
-        'last_tagl_close'  => '</li>',
+        'last_tagl_close'  => '</li>'
    ];
 }
--- a/app/Config/Paths.php
+++ b/app/Config/Paths.php
@@ -15,8 +15,6 @@ namespace Config;
 *
 * NOTE: This class is required prior to Autoloader instantiation,
 *       and does not extend BaseConfig.
- *
- * @immutable
 */
 class Paths
 {
@@ -77,4 +75,16 @@ class Paths
     * is used when no value is provided to `Services::renderer()`.
     */
    public string $viewDirectory = __DIR__ . '/../Views';
+
+    /**
+     * ---------------------------------------------------------------
+     * ENVIRONMENT DIRECTORY NAME
+     * ---------------------------------------------------------------
+     *
+     * This variable must contain the name of the directory where
+     * the .env file is located.
+     * Please consider security implications when changing this
+     * value - the directory should not be publicly accessible.
+     */
+    public string $envDirectory = __DIR__ . '/../../';
 }
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -10,6 +10,7 @@ $routes->setDefaultController('Login');
 $routes->get('/', 'Login::index');
 $routes->get('login', 'Login::index');
 $routes->post('login', 'Login::index');
+$routes->post('migrate', 'Login::migrate');

 $routes->add('no_access/index/(:segment)', 'No_access::index/$1');
 $routes->add('no_access/index/(:segment)/(:segment)', 'No_access::index/$1/$2');
--- a/app/Config/Routing.php
+++ b/app/Config/Routing.php
@@ -96,6 +96,15 @@ class Routing extends BaseRouting
     */
    public bool $autoRoute = true;

+    /**
+     * If TRUE, the system will look for attributes on controller
+     * class and methods that can run before and after the
+     * controller/method.
+     *
+     * If FALSE, will ignore any attributes.
+     */
+    public bool $useControllerAttributes = true;
+
    /**
     * For Defined Routes.
     * If TRUE, will enable the use of the 'prioritize' option
--- a/app/Config/Security.php
+++ b/app/Config/Security.php
@@ -15,7 +15,7 @@ class Security extends BaseConfig
     *
     * @var string 'cookie' or 'session'
     */
-    public string $csrfProtection = 'cookie';
+    public string $csrfProtection = 'session';

    /**
     * --------------------------------------------------------------------------
@@ -71,7 +71,7 @@ class Security extends BaseConfig
     *
     * Regenerate CSRF Token on every submission.
     */
-    public bool $regenerate = true;
+    public bool $regenerate = false;

    /**
     * --------------------------------------------------------------------------
--- a/app/Config/Services.php
+++ b/app/Config/Services.php
@@ -2,11 +2,13 @@

 namespace Config;

-use CodeIgniter\Config\BaseService;
-use CodeIgniter\HTTP\IncomingRequest;
-use Config\Services as AppServices;
+use App\Libraries\MY_Language;
+use Locale;
 use HTMLPurifier;
 use HTMLPurifier_Config;
+use CodeIgniter\Config\BaseService;
+use Config\Services as AppServices;
+use CodeIgniter\HTTP\IncomingRequest;

 /**
 * Services Configuration file.
@@ -23,7 +25,6 @@ use HTMLPurifier_Config;
 */
 class Services extends BaseService
 {
-    private static $htmlPurifier;
    /*
     * public static function example($getShared = true)
     * {
@@ -38,9 +39,11 @@ class Services extends BaseService
    /**
     * Responsible for loading the language string translations.
     *
+     * @param string|null $locale
+     * @param bool $getShared
     * @return MY_Language
     */
-    public static function language(?string $locale = null, bool $getShared = true)
+    public static function language(?string $locale = null, bool $getShared = true): MY_Language
    {
        if ($getShared) {
            return static::getSharedInstance('language', $locale)->setLocale($locale);
@@ -55,17 +58,19 @@ class Services extends BaseService
        // Use '?:' for empty string check
        $locale = $locale ?: $requestLocale;

-        return new \App\Libraries\MY_Language($locale);
+        return new MY_Language($locale);
    }

-    public static function htmlPurifier($getShared = true)
+    private static HTMLPurifier $htmlPurifier;
+
+    public static function htmlPurifier($getShared = true): object
    {
        if ($getShared) {
            return static::getSharedInstance('htmlPurifier');
        }

-        if (! isset(static::$htmlPurifier)) {
-            $config               = HTMLPurifier_Config::createDefault();
+        if (!isset(static::$htmlPurifier)) {
+            $config = HTMLPurifier_Config::createDefault();
            static::$htmlPurifier = new HTMLPurifier($config);
        }

--- a/app/Config/Session.php
+++ b/app/Config/Session.php
@@ -5,6 +5,7 @@ namespace Config;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Session\Handlers\BaseHandler;
 use CodeIgniter\Session\Handlers\DatabaseHandler;
+use CodeIgniter\Session\Handlers\FileHandler;

 class Session extends BaseConfig
 {
@@ -124,4 +125,27 @@ class Session extends BaseConfig
     * seconds.
     */
    public int $lockMaxRetries = 300;
+
+    public function __construct()
+    {
+        parent::__construct();
+
+        if ($this->driver === DatabaseHandler::class) {
+            try {
+                $db = Database::connect();
+
+                if (!$db->tableExists($this->savePath)) {
+                    $this->driver = FileHandler::class;
+                    $this->savePath = WRITEPATH . 'session';
+                }
+            } catch (\Exception $e) {
+                // Database not available yet (e.g. fresh install before migrations).
+                // Fall back to file-based sessions so the login/migration page
+                // can still be served. Catches mysqli_sql_exception which is
+                // not a subclass of DatabaseException but is a RuntimeException.
+                $this->driver = FileHandler::class;
+                $this->savePath = WRITEPATH . 'session';
+            }
+        }
+    }
 }
--- a/app/Config/Toolbar.php
+++ b/app/Config/Toolbar.php
@@ -119,4 +119,29 @@ class Toolbar extends BaseConfig
    public array $watchedExtensions = [
        'php', 'css', 'js', 'html', 'svg', 'json', 'env',
    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Ignored HTTP Headers
+     * --------------------------------------------------------------------------
+     *
+     * CodeIgniter Debug Toolbar normally injects HTML and JavaScript into every
+     * HTML response. This is correct for full page loads, but it breaks requests
+     * that expect only a clean HTML fragment.
+     *
+     * Libraries like HTMX, Unpoly, and Hotwire (Turbo) update parts of the page or
+     * manage navigation on the client side. Injecting the Debug Toolbar into their
+     * responses can cause invalid HTML, duplicated scripts, or JavaScript errors
+     * (such as infinite loops or "Maximum call stack size exceeded").
+     *
+     * Any request containing one of the following headers is treated as a
+     * client-managed or partial request, and the Debug Toolbar injection is skipped.
+     *
+     * @var array<string, string|null>
+     */
+    public array $disableOnHeaders = [
+        'X-Requested-With' => 'xmlhttprequest', // AJAX requests
+        'HX-Request'       => 'true',           // HTMX requests
+        'X-Up-Version'     => null,             // Unpoly partial requests
+    ];
 }
--- a/app/Config/UserAgents.php
+++ b/app/Config/UserAgents.php
@@ -230,9 +230,13 @@ class UserAgents extends BaseConfig
     */
    public array $robots = [
        'googlebot'            => 'Googlebot',
+        'google-pagerenderer'  => 'Google Page Renderer',
+        'google-read-aloud'    => 'Google Read Aloud',
+        'google-safety'        => 'Google Safety Bot',
        'msnbot'               => 'MSNBot',
        'baiduspider'          => 'Baiduspider',
        'bingbot'              => 'Bing',
+        'bingpreview'          => 'BingPreview',
        'slurp'                => 'Inktomi Slurp',
        'yahoo'                => 'Yahoo',
        'ask jeeves'           => 'Ask Jeeves',
@@ -248,5 +252,11 @@ class UserAgents extends BaseConfig
        'ia_archiver'          => 'Alexa Crawler',
        'MJ12bot'              => 'Majestic-12',
        'Uptimebot'            => 'Uptimebot',
+        'duckduckbot'          => 'DuckDuckBot',
+        'sogou'                => 'Sogou Spider',
+        'exabot'               => 'Exabot',
+        'bot'                  => 'Generic Bot',
+        'crawler'              => 'Generic Crawler',
+        'spider'               => 'Generic Spider',
    ];
 }
--- a/app/Config/Validation.php
+++ b/app/Config/Validation.php
@@ -2,12 +2,12 @@

 namespace Config;

-use App\Config\Validation\OSPOSRules;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Validation\StrictRules\CreditCardRules;
 use CodeIgniter\Validation\StrictRules\FileRules;
 use CodeIgniter\Validation\StrictRules\FormatRules;
 use CodeIgniter\Validation\StrictRules\Rules;
+use App\Config\Validation\OSPOSRules;

 class Validation extends BaseConfig
 {
--- a/app/Config/Validation/OSPOSRules.php
+++ b/app/Config/Validation/OSPOSRules.php
@@ -19,30 +19,28 @@ class OSPOSRules
    /**
     * Validates the username and password sent to the login view. User is logged in on successful validation.
     *
-     * @param string      $username Username to check against.
-     * @param string      $fields   Comma separated string of the fields for validation.
-     * @param array       $data     Data sent to the view.
-     * @param string|null $error    The error sent back to the validation handler on failure.
-     *
+     * @param string $username Username to check against.
+     * @param string $fields Comma separated string of the fields for validation.
+     * @param array $data Data sent to the view.
+     * @param string|null $error The error sent back to the validation handler on failure.
     * @return bool True if validation passes or false if there are errors.
-     *
     * @noinspection PhpUnused
     */
    public function login_check(string $username, string $fields, array $data, ?string &$error = null): bool
    {
-        $employee      = model(Employee::class);
+        $employee = model(Employee::class);
        $this->request = Services::request();
-        $this->config  = config(OSPOS::class)->settings;
+        $this->config = config(OSPOS::class)->settings;

        // Installation Check
-        if (! $this->installation_check()) {
+        if (!$this->installation_check()) {
            $error = lang('Login.invalid_installation');

            return false;
        }

        $password = $data['password'];
-        if (! $employee->login($username, $password)) {
+        if (!$employee->login($username, $password)) {
            $error = lang('Login.invalid_username_and_password');

            return false;
@@ -52,7 +50,7 @@ class OSPOSRules
        if ($gcaptcha_enabled) {
            $g_recaptcha_response = $this->request->getPost('g-recaptcha-response');

-            if (! $this->gcaptcha_check($g_recaptcha_response)) {
+            if (!$this->gcaptcha_check($g_recaptcha_response)) {
                $error = lang('Login.invalid_gcaptcha');

                return false;
@@ -65,22 +63,21 @@ class OSPOSRules
    /**
     * Checks to see if GCaptcha verification was successful.
     *
-     * @param mixed $response
-     *
+     * @param $response
     * @return bool true on successful GCaptcha verification or false if GCaptcha failed.
     */
    private function gcaptcha_check($response): bool
    {
-        if (! empty($response)) {
+        if (!empty($response)) {
            $check = [
                'secret'   => $this->config['gcaptcha_secret_key'],
                'response' => $response,
-                'remoteip' => $this->request->getIPAddress(),
+                'remoteip' => $this->request->getIPAddress()
            ];

            $ch = curl_init();

-            curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
+            curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -91,7 +88,7 @@ class OSPOSRules

            $status = json_decode($result, true);

-            if (! empty($status['success'])) {
+            if (!empty($status['success'])) {
                return true;
            }
        }
@@ -101,12 +98,14 @@ class OSPOSRules

    /**
     * Checks to make sure dependency PHP extensions are installed
+     *
+     * @return bool
     */
    private function installation_check(): bool
    {
        $installed_extensions = implode(', ', get_loaded_extensions());
-        $required_extensions  = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
-        $pattern              = '/';
+        $required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
+        $pattern = '/';

        foreach ($required_extensions as $extension) {
            $pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
@@ -115,9 +114,9 @@ class OSPOSRules
        $pattern .= '/i';
        $is_installed = preg_match($pattern, $installed_extensions);

-        if (! $is_installed) {
+        if (!$is_installed) {
            log_message('error', '[ERROR] Check your php.ini.');
-            log_message('error', "PHP installed extensions: {$installed_extensions}");
+            log_message('error', "PHP installed extensions: $installed_extensions");
            log_message('error', 'PHP required extensions: ' . implode(', ', $required_extensions));
        }

@@ -127,10 +126,28 @@ class OSPOSRules
    /**
     * Validates the candidate as a decimal number. Takes the locale into account. Used in validation rule calls.
     *
+     * @param string $candidate
+     * @param string|null $error
+     * @return bool
     * @noinspection PhpUnused
     */
    public function decimal_locale(string $candidate, ?string &$error = null): bool
    {
        return parse_decimals($candidate) !== false;
    }
+
+    /**
+     * Validates that a locale-aware decimal value is non-negative (>= 0).
+     *
+     * @param string $candidate
+     * @param string|null $error
+     * @return bool
+     * @noinspection PhpUnused
+     */
+    public function nonNegativeDecimal(string $candidate, ?string &$error = null): bool
+    {
+        $value = parse_decimals($candidate);
+
+        return $value !== false && $value >= 0;
+    }
 }
--- a/app/Config/View.php
+++ b/app/Config/View.php
@@ -59,4 +59,21 @@ class View extends BaseView
     * @var list<class-string<ViewDecoratorInterface>>
     */
    public array $decorators = [];
+
+    /**
+     * Subdirectory within app/Views for namespaced view overrides.
+     *
+     * Namespaced views will be searched in:
+     *
+     *   app/Views/{$appOverridesFolder}/{Namespace}/{view_path}.{php|html...}
+     *
+     * This allows application-level overrides for package or module views
+     * without modifying vendor source files.
+     *
+     * Examples:
+     *   'overrides' -> app/Views/overrides/Example/Blog/post/card.php
+     *   'vendor'    -> app/Views/vendor/Example/Blog/post/card.php
+     *   ''          -> app/Views/Example/Blog/post/card.php (direct mapping)
+     */
+    public string $appOverridesFolder = 'overrides';
 }
--- a/app/Config/WorkerMode.php
+++ b/app/Config/WorkerMode.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace Config;
+
+/**
+ * This configuration controls how CodeIgniter behaves when running
+ * in worker mode (with FrankenPHP).
+ */
+class WorkerMode
+{
+    /**
+     * Persistent Services
+     *
+     * List of service names that should persist across requests.
+     * These services will NOT be reset between requests.
+     *
+     * Services not in this list will be reset for each request to prevent
+     * state leakage.
+     *
+     * Recommended persistent services:
+     * - `autoloader`: PSR-4 autoloading configuration
+     * - `locator`: File locator
+     * - `exceptions`: Exception handler
+     * - `commands`: CLI commands registry
+     * - `codeigniter`: Main application instance
+     * - `superglobals`: Superglobals wrapper
+     * - `routes`: Router configuration
+     * - `cache`: Cache instance
+     *
+     * @var list<string>
+     */
+    public array $persistentServices = [
+        'autoloader',
+        'locator',
+        'exceptions',
+        'commands',
+        'codeigniter',
+        'superglobals',
+        'routes',
+        'cache',
+    ];
+
+    /**
+     * Reset Event Listeners
+     *
+     * List of event names whose listeners should be removed between requests.
+     * Use this if you register event listeners inside other event callbacks
+     * (rather than at the top level of Config/Events.php), which would cause
+     * them to accumulate across requests in worker mode.
+     *
+     * @var list<string>
+     */
+    public array $resetEventListeners = [];
+
+    /**
+     * Force Garbage Collection
+     *
+     * Whether to force garbage collection after each request.
+     * Helps prevent memory leaks at a small performance cost.
+     */
+    public bool $forceGarbageCollection = true;
+}
--- a/app/Controllers/Attributes.php
+++ b/app/Controllers/Attributes.php
@@ -3,12 +3,14 @@
 namespace App\Controllers;

 use App\Models\Attribute;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

-require_once 'Secure_Controller.php';
+require_once('Secure_Controller.php');

 /**
 * Attributes controls the custom attributes assigned to items
- */
+ **/
 class Attributes extends Secure_Controller
 {
    private Attribute $attribute;
@@ -22,18 +24,20 @@ class Attributes extends Secure_Controller

    /**
     * Gets and sends the main view for Attributes to the browser.
-     */
-    public function getIndex(): void
+     *
+     * @return string
+     **/
+    public function getIndex(): string
    {
        $data['table_headers'] = get_attribute_definition_manage_table_headers();

-        echo view('attributes/manage', $data);
+        return view('attributes/manage', $data);
    }

    /**
     * Returns attribute table data rows. This will be called with AJAX.
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -45,53 +49,54 @@ class Attributes extends Secure_Controller
        $total_rows = $this->attribute->get_found_rows($search);

        $data_rows = [];
-
        foreach ($attributes->getResult() as $attribute_row) {
            $attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags);
-            $data_rows[]                     = get_attribute_definition_data_row($attribute_row);
+            $data_rows[] = get_attribute_definition_data_row($attribute_row);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * AJAX called function which saves the attribute value sent via POST by using the model save function.
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postSaveAttributeValue(): void
+    public function postSaveAttributeValue(): ResponseInterface
    {
        $success = $this->attribute->saveAttributeValue(
            html_entity_decode($this->request->getPost('attribute_value')),
            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
            $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
-            $this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
+            $this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false
        );

-        echo json_encode(['success' => $success !== 0]);
+        return $this->response->setJSON(['success' => $success != 0]);
    }

    /**
     * AJAX called function deleting an attribute value using the model delete function.
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postDeleteDropdownAttributeValue(): void
+    public function postDeleteDropdownAttributeValue(): ResponseInterface
    {
        $success = $this->attribute->deleteDropdownAttributeValue(
            html_entity_decode($this->request->getPost('attribute_value')),
-            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
+            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
        );

-        echo json_encode(['success' => $success]);
+        return $this->response->setJSON(['success' => $success]);
    }

    /**
     * AJAX called function which saves the attribute definition.
     *
+     * @param int $definition_id
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): void
+    public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): ResponseInterface
    {
        $definition_flags = 0;

@@ -101,116 +106,167 @@ class Attributes extends Secure_Controller
            $definition_flags |= $flag;
        }

+        // Validate definition_group (definition_fk) foreign key
+        $definition_group_input = $this->request->getPost('definition_group');
+        $definition_fk = $this->validateDefinitionGroup($definition_group_input);
+
+        if ($definition_fk === false) {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Attributes.definition_invalid_group'),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+
        // Save definition data
        $definition_data = [
            'definition_name'  => $this->request->getPost('definition_name'),
-            'definition_unit'  => $this->request->getPost('definition_unit') !== '' ? $this->request->getPost('definition_unit') : null,
+            'definition_unit'  => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
            'definition_flags' => $definition_flags,
-            'definition_fk'    => $this->request->getPost('definition_group') !== '' ? $this->request->getPost('definition_group') : null,
+            'definition_fk'    => $definition_fk
        ];

-        if ($this->request->getPost('definition_type') !== null) {
+        if ($this->request->getPost('definition_type') != null) {
            $definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')];
        }

        $definition_name = $definition_data['definition_name'];

-        if ($this->attribute->save_definition($definition_data, $definition_id)) {
+        if ($this->attribute->saveDefinition($definition_data, $definition_id)) {
            // New definition
-            if ($definition_id === NO_DEFINITION_ID) {
+            if ($definition_id == NO_DEFINITION_ID) {
                $definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values')));

                foreach ($definition_values as $definition_value) {
                    $this->attribute->saveAttributeValue($definition_value, $definition_data['definition_id']);
                }

-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
-                    'id'      => $definition_data['definition_id'],
+                    'id'      => $definition_data['definition_id']
                ]);
            } else { // Existing definition
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
-                    'id'      => $definition_id,
+                    'id'      => $definition_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

    /**
+     * Validates a definition_group foreign key.
+     * Returns the validated integer ID, null if empty, or false if invalid.
+     *
+     * @param mixed $definition_group_input
+     * @return int|null|false
+     */
+    private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
+    {
+        if ($definition_group_input === '' || $definition_group_input === null) {
+            return null;
+        }
+
+        $definition_group_id = (int) $definition_group_input;
+
+        // Must be a positive integer, exist in attribute_definitions, and be of type GROUP
+        if ($definition_group_id <= 0
+            || !$this->attribute->exists($definition_group_id)
+            || $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
+        ) {
+            return false;
+        }
+
+        return $definition_group_id;
+    }
+
+    /**
+     *
+     * @param int $definition_id
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getSuggestAttribute(int $definition_id): void
+    public function getSuggestAttribute(int $definition_id): ResponseInterface
    {
        $suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
-        $attribute_definition_info                   = $this->attribute->getAttributeInfo($row_id);
+        $attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
        $attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
-        $data_row                                    = get_attribute_definition_data_row($attribute_definition_info);
+        $data_row = get_attribute_definition_data_row($attribute_definition_info);

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

+    /**
+     * @param int $definition_flags
+     * @return array
+     */
    private function get_attributes(int $definition_flags = 0): array
    {
        $definition_flag_names = [];
-
        foreach (Attribute::get_definition_flags() as $id => $term) {
            if ($id & $definition_flags) {
                $definition_flag_names[$id] = lang('Attributes.' . strtolower($term) . '_visibility');
            }
        }
-
        return $definition_flag_names;
    }

-    public function getView(int $definition_id = NO_DEFINITION_ID): void
+    /**
+     * @param int $definition_id
+     * @return string
+     */
+    public function getView(int $definition_id = NO_DEFINITION_ID): string
    {
        $info = $this->attribute->getAttributeInfo($definition_id);
-
        foreach (get_object_vars($info) as $property => $value) {
-            $info->{$property} = $value;
+            $info->$property = $value;
        }

-        $data['definition_id']        = $definition_id;
-        $data['definition_values']    = $this->attribute->get_definition_values($definition_id);
-        $data['definition_group']     = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
+        $data['definition_id'] = $definition_id;
+        $data['definition_values'] = $this->attribute->get_definition_values($definition_id);
+        $data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
        $data['definition_group'][''] = lang('Common.none_selected_text');
-        $data['definition_info']      = $info;
+        $data['definition_info'] = $info;

-        $show_all                          = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
-        $data['definition_flags']          = $this->get_attributes($show_all);
-        $selected_flags                    = $info->definition_flags === '' ? $show_all : $info->definition_flags;
+        $show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
+        $data['definition_flags'] = $this->get_attributes($show_all);
+        $selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
        $data['selected_definition_flags'] = $this->get_attributes($selected_flags);

-        echo view('attributes/form', $data);
+        return view('attributes/form', $data);
    }

    /**
     * Deletes an attribute definition
+     * @return ResponseInterface
     */
-    public function postDelete(): void
+    public function postDelete(): ResponseInterface
    {
        $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        if ($this->attribute->deleteDefinitionList($attributes_to_delete)) {
+        if($this->attribute->deleteDefinitionList($attributes_to_delete)) {
            $message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
-            echo json_encode(['success' => true, 'message' => $message]);
+            return $this->response->setJSON(['success' => true, 'message' => $message]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/BaseController.php
+++ b/app/Controllers/BaseController.php
@@ -3,44 +3,28 @@
 namespace App\Controllers;

 use CodeIgniter\Controller;
-use CodeIgniter\HTTP\CLIRequest;
-use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
 use Psr\Log\LoggerInterface;

 /**
- * Class BaseController
- *
 * BaseController provides a convenient place for loading components
 * and performing functions that are needed by all your controllers.
- * Extend this class in any new controllers:
- *     class Home extends BaseController
 *
- * For security be sure to declare any new methods as protected or private.
+ * Extend this class in any new controllers:
+ * ```
+ *     class Home extends BaseController
+ * ```
+ *
+ * For security, be sure to declare any new methods as protected or private.
 */
 abstract class BaseController extends Controller
 {
-    /**
-     * Instance of the main Request object.
-     *
-     * @var CLIRequest|IncomingRequest
-     */
-    protected $request;
-
-    /**
-     * An array of helpers to be loaded automatically upon
-     * class instantiation. These helpers will be available
-     * to all other controllers that extend BaseController.
-     *
-     * @var list<string>
-     */
-    protected $helpers = [];
-
    /**
     * Be sure to declare properties for any property fetch you initialized.
     * The creation of dynamic property is deprecated in PHP 8.2.
     */
+
    // protected $session;

    /**
@@ -48,11 +32,14 @@ abstract class BaseController extends Controller
     */
    public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
    {
-        // Do Not Edit This Line
+        // Load here all helpers you want to be available in your controllers that extend BaseController.
+        // Caution: Do not put the this below the parent::initController() call below.
+        // $this->helpers = ['form', 'url'];
+
+        // Caution: Do not edit this line.
        parent::initController($request, $response, $logger);

        // Preload any models, libraries, etc, here.
-
-        // E.g.: $this->session = service('session');
+        // $this->session = service('session');
    }
 }
--- a/app/Controllers/Cashups.php
+++ b/app/Controllers/Cashups.php
@@ -5,7 +5,9 @@ namespace App\Controllers;
 use App\Models\Cashup;
 use App\Models\Expense;
 use App\Models\Reports\Summary_payments;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;

 class Cashups extends Secure_Controller
 {
@@ -18,58 +20,69 @@ class Cashups extends Secure_Controller
    {
        parent::__construct('cashups');

-        $this->cashup           = model(Cashup::class);
-        $this->expense          = model(Expense::class);
+        $this->cashup = model(Cashup::class);
+        $this->expense = model(Expense::class);
        $this->summary_payments = model(Summary_payments::class);
-        $this->config           = config(OSPOS::class)->settings;
+        $this->config = config(OSPOS::class)->settings;
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_cashups_manage_table_headers();

        // filters that will be loaded in the multiselect dropdown
        $data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];

-        echo view('cashups/manage', $data);
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
+
+        return view('cashups/manage', $data);
    }

-    public function getSearch(): void
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
    {
-        $search  = $this->request->getGet('search');
-        $limit   = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-        $offset  = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort    = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
-        $order   = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $search = $this->request->getGet('search');
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $filters = [
            'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),    // TODO: Is this the best way to filter dates
            'end_date'   => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'is_deleted' => false,
+            'is_deleted' => false
        ];

        // Check if any filter is set in the multiselect dropdown
        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
-        $filters         = array_merge($filters, $request_filters);
-        $cash_ups        = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
-        $total_rows      = $this->cashup->get_found_rows($search, $filters);
-        $data_rows       = [];
-
+        $filters = array_merge($filters, $request_filters);
+        $cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->cashup->get_found_rows($search, $filters);
+        $data_rows = [];
        foreach ($cash_ups->getResult() as $cash_up) {
            $data_rows[] = get_cash_up_data_row($cash_up);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function getView(int $cashup_id = NEW_ENTRY): void
+    /**
+     * @param int $cashup_id
+     * @return string
+     */
+    public function getView(int $cashup_id = NEW_ENTRY): string
    {
        $data = [];

        $data['employees'] = [];
-
        foreach ($this->employee->get_all()->getResult() as $employee) {
            foreach (get_object_vars($employee) as $property => $value) {
-                $employee->{$property} = $value;
+                $employee->$property = $value;
            }

            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
@@ -78,22 +91,22 @@ class Cashups extends Secure_Controller
        $cash_ups_info = $this->cashup->get_info($cashup_id);

        foreach (get_object_vars($cash_ups_info) as $property => $value) {
-            $cash_ups_info->{$property} = $value;
+            $cash_ups_info->$property = $value;
        }

        // Open cashup
-        if ($cash_ups_info->cashup_id === NEW_ENTRY) {
-            $cash_ups_info->open_date         = date('Y-m-d H:i:s');
-            $cash_ups_info->close_date        = $cash_ups_info->open_date;
-            $cash_ups_info->open_employee_id  = $this->employee->get_logged_in_employee_info()->person_id;
+        if ($cash_ups_info->cashup_id == NEW_ENTRY) {
+            $cash_ups_info->open_date = date('Y-m-d H:i:s');
+            $cash_ups_info->close_date = $cash_ups_info->open_date;
+            $cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
            $cash_ups_info->close_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
        }
        // If all the amounts are null or 0 that means it's a close cashup
        elseif (
-            (float) ($cash_ups_info->closed_amount_cash) === 0
-            && (float) ($cash_ups_info->closed_amount_due) === 0
-            && (float) ($cash_ups_info->closed_amount_card) === 0
-            && (float) ($cash_ups_info->closed_amount_check) === 0
+            floatval($cash_ups_info->closed_amount_cash) == 0
+            && floatval($cash_ups_info->closed_amount_due) == 0
+            && floatval($cash_ups_info->closed_amount_card) == 0
+            && floatval($cash_ups_info->closed_amount_check) == 0
        ) {
            // Set the close date and time to the actual as this is a close session
            $cash_ups_info->close_date = date('Y-m-d H:i:s');
@@ -103,12 +116,12 @@ class Cashups extends Secure_Controller

            // If it's date mode only and not date & time truncate the open and end date to date only
            if (empty($this->config['date_or_time_format'])) {
-                if ($cash_ups_info->open_date !== null) {
+                if ($cash_ups_info->open_date != null) {
                    $start_date = substr($cash_ups_info->open_date, 0, 10);
                } else {
                    $start_date = null;
                }
-                if ($cash_ups_info->close_date !== null) {
+                if ($cash_ups_info->close_date != null) {
                    $end_date = substr($cash_ups_info->close_date, 0, 10);
                } else {
                    $end_date = null;
@@ -118,7 +131,7 @@ class Cashups extends Secure_Controller
                    'start_date'  => $start_date,
                    'end_date'    => $end_date,
                    'sale_type'   => 'complete',
-                    'location_id' => 'all',
+                    'location_id' => 'all'
                ];
            } else {
                // Search for all the payments given the time range
@@ -126,7 +139,7 @@ class Cashups extends Secure_Controller
                    'start_date'  => $cash_ups_info->open_date,
                    'end_date'    => $cash_ups_info->close_date,
                    'sale_type'   => 'complete',
-                    'location_id' => 'all',
+                    'location_id' => 'all'
                ];
            }

@@ -134,17 +147,17 @@ class Cashups extends Secure_Controller
            $reports_data = $this->summary_payments->getData($inputs);

            foreach ($reports_data as $row) {
-                if ($row['trans_group'] === lang('Reports.trans_payments')) {
-                    if ($row['trans_type'] === lang('Sales.cash')) {
+                if ($row['trans_group'] == lang('Reports.trans_payments')) {
+                    if ($row['trans_type'] == lang('Sales.cash')) {
                        $cash_ups_info->closed_amount_cash += $row['trans_amount'];
-                    } elseif ($row['trans_type'] === lang('Sales.due')) {
+                    } elseif ($row['trans_type'] == lang('Sales.due')) {
                        $cash_ups_info->closed_amount_due += $row['trans_amount'];
                    } elseif (
-                        $row['trans_type'] === lang('Sales.debit')
-                        || $row['trans_type'] === lang('Sales.credit')
+                        $row['trans_type'] == lang('Sales.debit') ||
+                        $row['trans_type'] == lang('Sales.credit')
                    ) {
                        $cash_ups_info->closed_amount_card += $row['trans_amount'];
-                    } elseif ($row['trans_type'] === lang('Sales.check')) {
+                    } elseif ($row['trans_type'] == lang('Sales.check')) {
                        $cash_ups_info->closed_amount_check += $row['trans_amount'];
                    }
                }
@@ -157,7 +170,7 @@ class Cashups extends Secure_Controller
                'only_check'  => false,
                'only_credit' => false,
                'only_debit'  => false,
-                'is_deleted'  => false,
+                'is_deleted'  => false
            ];

            $payments = $this->expense->get_payments_summary('', array_merge($inputs, $filters));
@@ -171,23 +184,31 @@ class Cashups extends Secure_Controller

        $data['cash_ups_info'] = $cash_ups_info;

-        echo view('cashups/form', $data);
+        return view("cashups/form", $data);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $cash_ups_info = $this->cashup->get_info($row_id);
-        $data_row      = get_cash_up_data_row($cash_ups_info);
+        $data_row = get_cash_up_data_row($cash_ups_info);

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function postSave(int $cashup_id = NEW_ENTRY): void
+    /**
+     * @param int $cashup_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $cashup_id = NEW_ENTRY): ResponseInterface
    {
-        $open_date           = $this->request->getPost('open_date');
+        $open_date = $this->request->getPost('open_date');
        $open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);

-        $close_date           = $this->request->getPost('close_date');
+        $close_date = $this->request->getPost('close_date');
        $close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date);

        $cash_up_data = [
@@ -200,62 +221,64 @@ class Cashups extends Secure_Controller
            'closed_amount_card'   => parse_decimals($this->request->getPost('closed_amount_card')),
            'closed_amount_check'  => parse_decimals($this->request->getPost('closed_amount_check')),
            'closed_amount_total'  => parse_decimals($this->request->getPost('closed_amount_total')),
-            'note'                 => $this->request->getPost('note') !== null,
+            'note'                 => $this->request->getPost('note') != null,
            'description'          => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'open_employee_id'     => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
            'close_employee_id'    => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
-            'deleted'              => $this->request->getPost('deleted') !== null,
+            'deleted'              => $this->request->getPost('deleted') != null
        ];

        if ($this->cashup->save_value($cash_up_data, $cashup_id)) {
            // New cashup_id
-            if ($cashup_id === NEW_ENTRY) {
-                echo json_encode(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
+            if ($cashup_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
            } else { // Existing Cashup
-                echo json_encode(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
            }
        } else { // Failure
-            echo json_encode(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        if ($this->cashup->delete_list($cash_ups_to_delete)) {
-            echo json_encode(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
+            return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
        }
    }

    /**
     * Calculate the total for cashups. Used in app\Views\cashups\form.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postAjax_cashup_total(): void
+    public function postAjax_cashup_total(): ResponseInterface
    {
-        $open_amount_cash     = parse_decimals($this->request->getPost('open_amount_cash'));
+        $open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
        $transfer_amount_cash = parse_decimals($this->request->getPost('transfer_amount_cash'));
-        $closed_amount_cash   = parse_decimals($this->request->getPost('closed_amount_cash'));
-        $closed_amount_due    = parse_decimals($this->request->getPost('closed_amount_due'));
-        $closed_amount_card   = parse_decimals($this->request->getPost('closed_amount_card'));
-        $closed_amount_check  = parse_decimals($this->request->getPost('closed_amount_check'));
+        $closed_amount_cash = parse_decimals($this->request->getPost('closed_amount_cash'));
+        $closed_amount_due = parse_decimals($this->request->getPost('closed_amount_due'));
+        $closed_amount_card = parse_decimals($this->request->getPost('closed_amount_card'));
+        $closed_amount_check = parse_decimals($this->request->getPost('closed_amount_check'));

        $total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check);    // TODO: hungarian notation

-        echo json_encode(['total' => to_currency_no_money($total)]);
+        return $this->response->setJSON(['total' => to_currency_no_money($total)]);
    }

    /**
     * Calculate total
-     *
-     * @param mixed $closed_amount_check
     */
    private function _calculate_total(float $open_amount_cash, float $transfer_amount_cash, float $closed_amount_due, float $closed_amount_cash, float $closed_amount_card, $closed_amount_check): float    // TODO: need to get rid of hungarian notation here. Also, the signature is pretty long.  Perhaps they need to go into an object or array?
    {
-        return $closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check;
+        return ($closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check);
    }
 }
--- a/app/Controllers/Config.php
+++ b/app/Controllers/Config.php
--- a/app/Controllers/Customers.php
+++ b/app/Controllers/Customers.php
@@ -3,10 +3,12 @@
 namespace App\Controllers;

 use App\Libraries\Mailchimp_lib;
+
 use App\Models\Customer;
 use App\Models\Customer_rewards;
 use App\Models\Tax_code;
 use CodeIgniter\HTTP\DownloadResponse;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
 use Config\Services;
 use stdClass;
@@ -23,32 +25,36 @@ class Customers extends Persons
    public function __construct()
    {
        parent::__construct('customers');
-        $this->mailchimp_lib    = new Mailchimp_lib();
+        $this->mailchimp_lib = new Mailchimp_lib();
        $this->customer_rewards = model(Customer_rewards::class);
-        $this->customer         = model(Customer::class);
-        $this->tax_code         = model(Tax_code::class);
-        $this->config           = config(OSPOS::class)->settings;
+        $this->customer = model(Customer::class);
+        $this->tax_code = model(Tax_code::class);
+        $this->config = config(OSPOS::class)->settings;

        $encrypter = Services::encrypter();

-        if (! empty($this->config['mailchimp_list_id'])) {
+        if (!empty($this->config['mailchimp_list_id'])) {
            $this->_list_id = $encrypter->decrypt($this->config['mailchimp_list_id']);
        } else {
            $this->_list_id = '';
        }
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_customer_manage_table_headers();

-        echo view('people/manage', $data);
+        return view('people/manage', $data);
    }

    /**
     * Gets one row for a customer manage table. This is called using AJAX to update one row.
+     * @return ResponseInterface
     */
-    public function getRow(int $row_id): void
+    public function getRow(int $row_id): ResponseInterface
    {
        $person = $this->customer->get_info($row_id);

@@ -57,32 +63,35 @@ class Customers extends Persons

        if (empty($stats)) {
            // Create object with empty properties.
-            $stats               = new stdClass();
-            $stats->total        = 0;
-            $stats->min          = 0;
-            $stats->max          = 0;
-            $stats->average      = 0;
+            $stats = new stdClass();
+            $stats->total = 0;
+            $stats->min = 0;
+            $stats->max = 0;
+            $stats->average = 0;
            $stats->avg_discount = 0;
-            $stats->quantity     = 0;
+            $stats->quantity = 0;
        }

        $data_row = get_customer_data_row($person, $stats);

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

+
    /**
     * Returns customer table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
-        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->sanitizeSortColumn(customer_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
-        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort = $this->sanitizeSortColumn(customer_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $customers  = $this->customer->search($search, $limit, $offset, $sort, $order);
+        $customers = $this->customer->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->customer->get_found_rows($search);

        $data_rows = [];
@@ -92,94 +101,95 @@ class Customers extends Persons
            $stats = $this->customer->get_stats($person->person_id);    // TODO: duplicated... see above
            if (empty($stats)) {
                // Create object with empty properties.
-                $stats               = new stdClass();
-                $stats->total        = 0;
-                $stats->min          = 0;
-                $stats->max          = 0;
-                $stats->average      = 0;
+                $stats = new stdClass();
+                $stats->total = 0;
+                $stats->min = 0;
+                $stats->max = 0;
+                $stats->average = 0;
                $stats->avg_discount = 0;
-                $stats->quantity     = 0;
+                $stats->quantity = 0;
            }

            $data_rows[] = get_customer_data_row($person, $stats);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
     */
-    public function getSuggest(): void
+    public function getSuggest(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->customer->get_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function suggest_search(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->customer->get_search_suggestions($search, 25, false);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Loads the customer edit form
+     * @return string
     */
-    public function getView(int $customer_id = NEW_ENTRY): void
+    public function getView(int $customer_id = NEW_ENTRY): string
    {
        // Set default values
-        if ($customer_id === null) {
-            $customer_id = NEW_ENTRY;
-        }
+        if ($customer_id == null) $customer_id = NEW_ENTRY;

        $info = $this->customer->get_info($customer_id);
-
        foreach (get_object_vars($info) as $property => $value) {
-            $info->{$property} = $value;
+            $info->$property = $value;
        }
        $data['person_info'] = $info;

        if (empty($info->person_id) || empty($info->date) || empty($info->employee_id)) {
-            $data['person_info']->date        = date('Y-m-d H:i:s');
+            $data['person_info']->date = date('Y-m-d H:i:s');
            $data['person_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
        }

-        $employee_info    = $this->employee->get_info($info->employee_id);
+        $employee_info = $this->employee->get_info($info->employee_id);
        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;

        $tax_code_info = $this->tax_code->get_info($info->sales_tax_code_id);

-        if ($tax_code_info->tax_code !== null) {
+        if ($tax_code_info->tax_code != null) {
            $data['sales_tax_code_label'] = $tax_code_info->tax_code . ' ' . $tax_code_info->tax_code_name;
        } else {
            $data['sales_tax_code_label'] = '';
        }

        $packages = ['' => lang('Items.none')];
-
        foreach ($this->customer_rewards->get_all()->getResultArray() as $row) {
            $packages[$row['package_id']] = $row['package_name'];
        }
-        $data['packages']         = $packages;
+        $data['packages'] = $packages;
        $data['selected_package'] = $info->package_id;

        $data['use_destination_based_tax'] = $this->config['use_destination_based_tax'];

        // Retrieve the total amount the customer spent so far together with min, max and average values
        $stats = $this->customer->get_stats($customer_id);
-        if (! empty($stats)) {
+        if (!empty($stats)) {
            foreach (get_object_vars($stats) as $property => $value) {
-                $info->{$property} = $value;
+                $info->$property = $value;
            }
            $data['stats'] = $stats;
        }

        // Retrieve the info from Mailchimp only if there is an email address assigned
-        if (! empty($info->email)) {
+        if (!empty($info->email)) {
            // Collect Mailchimp customer info
            if (($mailchimp_info = $this->mailchimp_lib->getMemberInfo($this->_list_id, $info->email)) !== false) {
                $data['mailchimp_info'] = $mailchimp_info;
@@ -187,55 +197,56 @@ class Customers extends Persons
                // Collect customer Mailchimp emails activities (stats)
                if (($activities = $this->mailchimp_lib->getMemberActivity($this->_list_id, $info->email)) !== false) {
                    if (array_key_exists('activity', $activities)) {
-                        $open     = 0;
-                        $unopen   = 0;
-                        $click    = 0;
-                        $total    = 0;
+                        $open = 0;
+                        $unopen = 0;
+                        $click = 0;
+                        $total = 0;
                        $lastopen = '';

                        foreach ($activities['activity'] as $activity) {
-                            if ($activity['action'] === 'sent') {
-                                $unopen++;
-                            } elseif ($activity['action'] === 'open') {
+                            if ($activity['action'] == 'sent') {
+                                ++$unopen;
+                            } elseif ($activity['action'] == 'open') {
                                if (empty($lastopen)) {
                                    $lastopen = substr($activity['timestamp'], 0, 10);
                                }
-                                $open++;
-                            } elseif ($activity['action'] === 'click') {
+                                ++$open;
+                            } elseif ($activity['action'] == 'click') {
                                if (empty($lastopen)) {
                                    $lastopen = substr($activity['timestamp'], 0, 10);
                                }
-                                $click++;
+                                ++$click;
                            }

-                            $total++;
+                            ++$total;
                        }

-                        $data['mailchimp_activity']['total']    = $total;
-                        $data['mailchimp_activity']['open']     = $open;
-                        $data['mailchimp_activity']['unopen']   = $unopen;
-                        $data['mailchimp_activity']['click']    = $click;
+                        $data['mailchimp_activity']['total'] = $total;
+                        $data['mailchimp_activity']['open'] = $open;
+                        $data['mailchimp_activity']['unopen'] = $unopen;
+                        $data['mailchimp_activity']['click'] = $click;
                        $data['mailchimp_activity']['lastopen'] = $lastopen;
                    }
                }
            }
        }

-        echo view('customers/form', $data);
+        return view("customers/form", $data);
    }

    /**
     * Inserts/updates a customer
+     * @return ResponseInterface
     */
-    public function postSave(int $customer_id = NEW_ENTRY): void
+    public function postSave(int $customer_id = NEW_ENTRY): ResponseInterface
    {
        $first_name = $this->request->getPost('first_name');
-        $last_name  = $this->request->getPost('last_name');
-        $email      = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+        $last_name = $this->request->getPost('last_name');
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));

        // Format first and last name properly
        $first_name = $this->nameize($first_name);
-        $last_name  = $this->nameize($last_name);
+        $last_name = $this->nameize($last_name);

        $person_data = [
            'first_name'   => $first_name,
@@ -249,23 +260,23 @@ class Customers extends Persons
            'state'        => $this->request->getPost('state'),
            'zip'          => $this->request->getPost('zip'),
            'country'      => $this->request->getPost('country'),
-            'comments'     => $this->request->getPost('comments'),
+            'comments'     => $this->request->getPost('comments')
        ];

        $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date'));

        $customer_data = [
-            'consent'           => $this->request->getPost('consent') !== null,
-            'account_number'    => $this->request->getPost('account_number') === '' ? null : $this->request->getPost('account_number'),
+            'consent'           => $this->request->getPost('consent') != null,
+            'account_number'    => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number'),
            'tax_id'            => $this->request->getPost('tax_id'),
-            'company_name'      => $this->request->getPost('company_name') === '' ? null : $this->request->getPost('company_name'),
-            'discount'          => $this->request->getPost('discount') === '' ? 0.00 : parse_decimals($this->request->getPost('discount')),
-            'discount_type'     => $this->request->getPost('discount_type') === null ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
-            'package_id'        => $this->request->getPost('package_id') === '' ? null : $this->request->getPost('package_id'),
-            'taxable'           => $this->request->getPost('taxable') !== null,
+            'company_name'      => $this->request->getPost('company_name') == '' ? null : $this->request->getPost('company_name'),
+            'discount'          => $this->request->getPost('discount') == '' ? 0.00 : parse_decimals($this->request->getPost('discount')),
+            'discount_type'     => $this->request->getPost('discount_type') == null ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
+            'package_id'        => $this->request->getPost('package_id') == '' ? null : $this->request->getPost('package_id'),
+            'taxable'           => $this->request->getPost('taxable') != null,
            'date'              => $date_formatter->format('Y-m-d H:i:s'),
            'employee_id'       => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
-            'sales_tax_code_id' => $this->request->getPost('sales_tax_code_id') === '' ? null : $this->request->getPost('sales_tax_code_id', FILTER_SANITIZE_NUMBER_INT),
+            'sales_tax_code_id' => $this->request->getPost('sales_tax_code_id') == '' ? null : $this->request->getPost('sales_tax_code_id', FILTER_SANITIZE_NUMBER_INT)
        ];

        if ($this->customer->save_customer($person_data, $customer_data, $customer_id)) {
@@ -276,29 +287,29 @@ class Customers extends Persons
                $email,
                $first_name,
                $last_name,
-                $mailchimp_status === null ? '' : $mailchimp_status,
-                ['vip' => $this->request->getPost('mailchimp_vip') !== null],
+                $mailchimp_status == null ? "" : $mailchimp_status,
+                ['vip' => $this->request->getPost('mailchimp_vip') != null]
            );

            // New customer
-            if ($customer_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($customer_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Customers.successful_adding') . ' ' . $first_name . ' ' . $last_name,
-                    'id'      => $customer_data['person_id'],
+                    'id'      => $customer_data['person_id']
                ]);
            } else { // Existing customer
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Customers.successful_updating') . ' ' . $first_name . ' ' . $last_name,
-                    'id'      => $customer_id,
+                    'id'      => $customer_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Customers.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }
@@ -306,37 +317,40 @@ class Customers extends Persons
    /**
     * Verifies if an email address already exists. Used in app/Views/customers/form.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postCheckEmail(): void
+    public function postCheckEmail(): ResponseInterface
    {
-        $email     = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
        $person_id = $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT);

        $exists = $this->customer->check_email_exists($email, $person_id);

-        echo ! $exists ? 'true' : 'false';
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
    }

    /**
     * Verifies if an account number already exists. Used in app/Views/customers/form.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postCheckAccountNumber(): void
+    public function postCheckAccountNumber(): ResponseInterface
    {
        $exists = $this->customer->check_account_number_exists($this->request->getPost('account_number'), $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT));

-        echo ! $exists ? 'true' : 'false';
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
    }

    /**
     * This deletes customers from the customers table
+     * @return ResponseInterface
     */
-    public function postDelete(): void
+    public function postDelete(): ResponseInterface
    {
        $customers_to_delete = $this->request->getPost('ids');
-        $customers_info      = $this->customer->get_multiple_info($customers_to_delete);
+        $customers_info = $this->customer->get_multiple_info($customers_to_delete);

        $count = 0;

@@ -349,13 +363,13 @@ class Customers extends Persons
            }
        }

-        if ($count === count($customers_to_delete)) {
-            echo json_encode([
+        if ($count == count($customers_to_delete)) {
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple'),
+                'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
        }
    }

@@ -363,38 +377,38 @@ class Customers extends Persons
     * Customers import from csv spreadsheet
     *
     * @return DownloadResponse The template for Customer CSV imports is returned and download forced.
-     *
     * @noinspection PhpUnused
     */
    public function getCsv(): DownloadResponse
    {
        $name = 'importCustomers.csv';
-        $data = file_get_contents(WRITEPATH . "uploads/{$name}");
-
+        $data = file_get_contents(WRITEPATH . "uploads/$name");
        return $this->response->download($name, $data);
    }

    /**
     * Displays the customer CSV import modal. Used in app/Views/people/manage.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function getCsvImport(): void
+    public function getCsvImport(): string
    {
-        echo view('customers/form_csv_import');
+        return view('customers/form_csv_import');
    }

    /**
     * Imports a CSV file containing customers. Used in app/Views/customers/form_csv_import.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postImportCsvFile(): void
+    public function postImportCsvFile(): ResponseInterface
    {
-        if ($_FILES['file_path']['error'] !== UPLOAD_ERR_OK) {
-            echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
+        if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
        } else {
-            if (($handle = fopen($_FILES['file_path']['tmp_name'], 'rb')) !== false) {
+            if (($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== false) {
                // Skip the first row as it's the table description
                fgetcsv($handle);
                $i = 1;
@@ -402,10 +416,10 @@ class Customers extends Persons
                $failCodes = [];

                while (($data = fgetcsv($handle)) !== false) {
-                    $consent = $data[3] === '' ? 0 : 1;
+                    $consent = $data[3] == '' ? 0 : 1;

-                    if (count($data) >= 16 && $consent) {
-                        $email       = strtolower($data[4]);
+                    if (sizeof($data) >= 16 && $consent) {
+                        $email = strtolower($data[4]);
                        $person_data = [
                            'first_name'   => $data[0],
                            'last_name'    => $data[1],
@@ -418,7 +432,7 @@ class Customers extends Persons
                            'state'        => $data[9],
                            'zip'          => $data[10],
                            'country'      => $data[11],
-                            'comments'     => $data[12],
+                            'comments'     => $data[12]
                        ];

                        $customer_data = [
@@ -426,16 +440,16 @@ class Customers extends Persons
                            'company_name'  => $data[13],
                            'discount'      => $data[15],
                            'discount_type' => $data[16],
-                            'taxable'       => $data[17] === '' ? 0 : 1,
+                            'taxable'       => $data[17] == '' ? 0 : 1,
                            'date'          => date('Y-m-d H:i:s'),
-                            'employee_id'   => $this->employee->get_logged_in_employee_info()->person_id,
+                            'employee_id'   => $this->employee->get_logged_in_employee_info()->person_id
                        ];
                        $account_number = $data[14];

                        // Don't duplicate people with same email
                        $invalidated = $this->customer->check_email_exists($email);

-                        if ($account_number !== '') {
+                        if ($account_number != '') {
                            $customer_data['account_number'] = $account_number;
                            $invalidated &= $this->customer->check_account_number_exists($account_number);
                        }
@@ -445,7 +459,7 @@ class Customers extends Persons

                    if ($invalidated) {
                        $failCodes[] = $i;
-                        log_message('error', "Row {$i} was not imported: Either email or account number already exist or data was invalid.");
+                        log_message('error', "Row $i was not imported: Either email or account number already exist or data was invalid.");
                    } elseif ($this->customer->save_customer($person_data, $customer_data)) {
                        // Save customer to Mailchimp selected list
                        $this->mailchimp_lib->addOrUpdateMember($this->_list_id, $person_data['email'], $person_data['first_name'], '', $person_data['last_name']);
@@ -453,18 +467,18 @@ class Customers extends Persons
                        $failCodes[] = $i;
                    }

-                    $i++;
+                    ++$i;
                }

                if (count($failCodes) > 0) {
                    $message = lang('Customers.csv_import_partially_failed', [count($failCodes), implode(', ', $failCodes)]);

-                    echo json_encode(['success' => false, 'message' => $message]);
+                    return $this->response->setJSON(['success' => false, 'message' => $message]);
                } else {
-                    echo json_encode(['success' => true, 'message' => lang('Customers.csv_import_success')]);
+                    return $this->response->setJSON(['success' => true, 'message' => lang('Customers.csv_import_success')]);
                }
            } else {
-                echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
+                return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
            }
        }
    }
--- a/app/Controllers/Employees.php
+++ b/app/Controllers/Employees.php
@@ -3,9 +3,14 @@
 namespace App\Controllers;

 use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 /**
- * @property Module module
+ *
+ *
+ * @property module module
+ *
 */
 class Employees extends Persons
 {
@@ -18,8 +23,10 @@ class Employees extends Persons

    /**
     * Returns employee table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -27,54 +34,64 @@ class Employees extends Persons
        $sort   = $this->sanitizeSortColumn(person_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $employees  = $this->employee->search($search, $limit, $offset, $sort, $order);
+        $employees = $this->employee->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->employee->get_found_rows($search);

        $data_rows = [];
-
        foreach ($employees->getResult() as $person) {
            $data_rows[] = get_person_data_row($person);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * AJAX called function gives search suggestions based on what is being searched for.
+     *
+     * @return ResponseInterface
     */
-    public function getSuggest(): void
+    public function getSuggest(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->employee->get_search_suggestions($search, 25, true);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function suggest_search(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->employee->get_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Loads the employee edit form
+     * @return string
     */
-    public function getView(int $employee_id = NEW_ENTRY): void
+    public function getView(int $employee_id = NEW_ENTRY): string
    {
        $person_info = $this->employee->get_info($employee_id);
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
+            header('Location: ' . base_url('no_access/employees/employees'));
+            exit();
+        }

        foreach (get_object_vars($person_info) as $property => $value) {
-            $person_info->{$property} = $value;
+            $person_info->$property = $value;
        }
        $data['person_info'] = $person_info;
        $data['employee_id'] = $employee_id;

        $modules = [];
-
        foreach ($this->module->get_all_modules()->getResult() as $module) {
-            $module->grant      = $this->employee->has_grant($module->module_id, $person_info->person_id);
+            $module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
            $module->menu_group = $this->employee->get_menu_group($module->module_id, $person_info->person_id);

            $modules[] = $module;
@@ -82,30 +99,43 @@ class Employees extends Persons
        $data['all_modules'] = $modules;

        $permissions = [];
-
        foreach ($this->module->get_all_subpermissions()->getResult() as $permission) {    // TODO: subpermissions does not follow naming standards.
            $permission->permission_id = str_replace(' ', '_', $permission->permission_id);
-            $permission->grant         = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
+            $permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);

            $permissions[] = $permission;
        }
        $data['all_subpermissions'] = $permissions;

-        echo view('employees/form', $data);
+        return view('employees/form', $data);
    }

    /**
     * Inserts/updates an employee
+     * @return ResponseInterface
     */
-    public function postSave(int $employee_id = NEW_ENTRY): void
+    public function postSave(int $employee_id = NEW_ENTRY): ResponseInterface
    {
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if ($employee_id != NEW_ENTRY) {
+            $target_employee = $this->employee->get_info($employee_id);
+            if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
+                return $this->response->setJSON([
+                    'success' => false,
+                    'message' => lang('Employees.error_updating_admin'),
+                    'id'      => NEW_ENTRY
+                ]);
+            }
+        }
+
        $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: duplicated code
-        $last_name  = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $email      = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+        $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));

        // format first and last name properly
        $first_name = $this->nameize($first_name);
-        $last_name  = $this->nameize($last_name);
+        $last_name = $this->nameize($last_name);

        $person_data = [
            'first_name'   => $first_name,
@@ -119,92 +149,111 @@ class Employees extends Persons
            'state'        => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'zip'          => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'country'      => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
        ];

        $grants_array = [];
+        $isAdmin = $this->employee->isAdmin($current_user->person_id);

        foreach ($this->module->get_all_permissions()->getResult() as $permission) {
            $grants = [];
-            $grant  = $this->request->getPost('grant_' . $permission->permission_id) !== null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
+            $grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';

-            if ($grant === $permission->permission_id) {
+            if ($grant == $permission->permission_id) {
+                if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
+                    continue;
+                }
                $grants['permission_id'] = $permission->permission_id;
-                $grants['menu_group']    = $this->request->getPost('menu_group_' . $permission->permission_id) !== null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
-                $grants_array[]          = $grants;
+                $grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
+                $grants_array[] = $grants;
            }
        }

        // Password has been changed OR first time password set
-        if (! empty($this->request->getPost('password')) && ENVIRONMENT !== 'testing') {
-            $exploded      = explode(':', $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+        if (!empty($this->request->getPost('password')) && ENVIRONMENT != 'testing') {
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
            $employee_data = [
                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
                'password'      => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
                'hash_version'  => 2,
                'language_code' => $exploded[0],
-                'language'      => $exploded[1],
+                'language'      => $exploded[1]
            ];
        } else { // Password not changed
-            $exploded      = explode(':', $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
            $employee_data = [
                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
                'language_code' => $exploded[0],
-                'language'      => $exploded[1],
+                'language'      => $exploded[1]
            ];
        }

        if ($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id)) {
            // New employee
-            if ($employee_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($employee_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
-                    'id'      => $employee_data['person_id'],
+                    'id'      => $employee_data['person_id']
                ]);
            } else { // Existing employee
-                echo json_encode([
+                $logged_in_employee_id = session()->get('person_id');
+                if ($employee_id == $logged_in_employee_id) {
+                    session()->set('language_code', $employee_data['language_code']);
+                    session()->set('language', $employee_data['language']);
+                }
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
-                    'id'      => $employee_id,
+                    'id'      => $employee_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

    /**
     * This deletes employees from the employees table
+     * @return ResponseInterface
     */
-    public function postDelete(): void
+    public function postDelete(): ResponseInterface
    {
        $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if (!$this->employee->isAdmin($current_user->person_id)) {
+            foreach ($employees_to_delete as $emp_id) {
+                if ($this->employee->isAdmin((int)$emp_id)) {
+                    return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
+                }
+            }
+        }

        if ($this->employee->delete_list($employees_to_delete)) {    // TODO: this is passing a string, but delete_list expects an array
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple'),
+                'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
        }
    }

    /**
     * Checks an employee username against the database. Used in app\Views\employees\form.php
     *
+     * @param $employee_id
+     * @return ResponseInterface
     * @noinspection PhpUnused
-     *
-     * @param mixed $employee_id
     */
-    public function getCheckUsername($employee_id): void
+    public function getCheckUsername($employee_id): ResponseInterface
    {
        $exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
-        echo ! $exists ? 'true' : 'false';
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
    }
 }
--- a/app/Controllers/Expenses.php
+++ b/app/Controllers/Expenses.php
@@ -4,7 +4,9 @@ namespace App\Controllers;

 use App\Models\Expense;
 use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;

 class Expenses extends Secure_Controller
 {
@@ -15,11 +17,14 @@ class Expenses extends Secure_Controller
    {
        parent::__construct('expenses');

-        $this->expense          = model(Expense::class);
+        $this->expense = model(Expense::class);
        $this->expense_category = model(Expense_category::class);
    }

-    public function getIndex(): void
+    /**
+     * @return void
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_expenses_manage_table_headers();

@@ -30,20 +35,26 @@ class Expenses extends Secure_Controller
            'only_check'  => lang('Expenses.check_filter'),
            'only_credit' => lang('Expenses.credit_filter'),
            'only_debit'  => lang('Expenses.debit_filter'),
-            'is_deleted'  => lang('Expenses.is_deleted'),
+            'is_deleted'  => lang('Expenses.is_deleted')
        ];

-        echo view('expenses/manage', $data);
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
+
+        return view('expenses/manage', $data);
    }

-    public function getSearch(): void
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
    {
-        $search  = $this->request->getGet('search');
-        $limit   = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-        $offset  = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort    = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
-        $order   = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $filters = [
+        $search   = $this->request->getGet('search');
+        $limit    = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset   = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort     = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
+        $order    = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $filters  = [
            'start_date'  => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'end_date'    => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'only_cash'   => false,
@@ -51,17 +62,17 @@ class Expenses extends Secure_Controller
            'only_check'  => false,
            'only_credit' => false,
            'only_debit'  => false,
-            'is_deleted'  => false,
+            'is_deleted'  => false
        ];

        // Check if any filter is set in the multiselect dropdown
        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
-        $filters         = array_merge($filters, $request_filters);
-        $expenses        = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
-        $total_rows      = $this->expense->get_found_rows($search, $filters);
-        $payments        = $this->expense->get_payments_summary($search, $filters);
+        $filters = array_merge($filters, $request_filters);
+        $expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->expense->get_found_rows($search, $filters);
+        $payments = $this->expense->get_payments_summary($search, $filters);
        $payment_summary = get_expenses_manage_payments_summary($payments, $expenses);
-        $data_rows       = [];
+        $data_rows = [];

        foreach ($expenses->getResult() as $expense) {
            $data_rows[] = get_expenses_data_row($expense);
@@ -71,44 +82,50 @@ class Expenses extends Secure_Controller
            $data_rows[] = get_expenses_data_last_row($expenses);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
    }

-    public function getView(int $expense_id = NEW_ENTRY): void
+    /**
+     * @param int $expense_id
+     * @return void
+     */
+    public function getView(int $expense_id = NEW_ENTRY): string
    {
        $data = [];    // TODO: Duplicated code

-        $data['employees'] = [];
-
-        foreach ($this->employee->get_all()->getResult() as $employee) {
-            foreach (get_object_vars($employee) as $property => $value) {
-                $employee->{$property} = $value;
-            }
-
-            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
-        }
-
        $data['expenses_info'] = $this->expense->get_info($expense_id);
+        $expense_id = $data['expenses_info']->expense_id;
+
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
+
+        $data['employees'] = [];
+        if ($can_assign_employee) {
+            foreach ($this->employee->get_all()->getResult() as $employee) {
+                $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+            }
+        } else {
+            $stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
+            $stored_employee = $this->employee->get_info($stored_employee_id);
+            $data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
+        }
+        $data['can_assign_employee'] = $can_assign_employee;

        $expense_categories = [];
-
        foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
            $expense_categories[$row['expense_category_id']] = $row['category_name'];
        }
        $data['expense_categories'] = $expense_categories;

-        $expense_id = $data['expenses_info']->expense_id;
-
-        if ($expense_id === NEW_ENTRY) {
-            $data['expenses_info']->date        = date('Y-m-d H:i:s');
-            $data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        if ($expense_id == NEW_ENTRY) {
+            $data['expenses_info']->date = date('Y-m-d H:i:s');
+            $data['expenses_info']->employee_id = $current_employee_id;
        }

        $data['payments'] = [];
-
        foreach ($this->expense->get_expense_payment($expense_id)->getResult() as $payment) {
            foreach (get_object_vars($payment) as $property => $value) {
-                $payment->{$property} = $value;
+                $payment->$property = $value;
            }

            $data['payments'][] = $payment;
@@ -117,57 +134,82 @@ class Expenses extends Secure_Controller
        // Don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
        $data['payment_options'] = $this->expense->get_payment_options();

-        echo view('expenses/form', $data);
+        return view("expenses/form", $data);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $expense_info = $this->expense->get_info($row_id);
-        $data_row     = get_expenses_data_row($expense_info);
+        $data_row = get_expenses_data_row($expense_info);

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function postSave(int $expense_id = NEW_ENTRY): void
+    /**
+     * @param int $expense_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $expense_id = NEW_ENTRY): ResponseInterface
    {
-        $config  = config(OSPOS::class)->settings;
+        $config = config(OSPOS::class)->settings;
        $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);

+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
+
+        if (!$this->employee->has_grant('employees', $current_employee_id)) {
+            if ($expense_id == NEW_ENTRY) {
+                $employee_id = $current_employee_id;
+            } else {
+                $existing_expense = $this->expense->get_info($expense_id);
+                $employee_id = $existing_expense->employee_id;
+            }
+        } else {
+            $employee_id = $submitted_employee_id;
+        }
+
        $expense_data = [
            'date'                => $date_formatter->format('Y-m-d H:i:s'),
-            'supplier_id'         => $this->request->getPost('supplier_id') === '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
+            'supplier_id'         => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
            'supplier_tax_code'   => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'amount'              => parse_decimals($this->request->getPost('amount')),
            'tax_amount'          => parse_decimals($this->request->getPost('tax_amount')),
            'payment_type'        => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
            'description'         => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'employee_id'         => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
-            'deleted'             => $this->request->getPost('deleted') !== null,
+            'employee_id'         => $employee_id,
+            'deleted'             => $this->request->getPost('deleted') != null
        ];

        if ($this->expense->save_value($expense_data, $expense_id)) {
            // New Expense
-            if ($expense_id === NEW_ENTRY) {
-                echo json_encode(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
+            if ($expense_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
            } else { // Existing Expense
-                echo json_encode(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
            }
        } else { // Failure
-            echo json_encode(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        if ($this->expense->delete_list($expenses_to_delete)) {
-            echo json_encode(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
+            return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
        }
    }
 }
--- a/app/Controllers/Expenses_categories.php
+++ b/app/Controllers/Expenses_categories.php
@@ -3,6 +3,8 @@
 namespace App\Controllers;

 use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 class Expenses_categories extends Secure_Controller    // TODO: Is this class ever used?
 {
@@ -15,17 +17,20 @@ class Expenses_categories extends Secure_Controller    // TODO: Is this class ev
        $this->expense_category = model(Expense_category::class);
    }

-    public function getIndex(): void
+    /**
+     * @return void
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_expense_category_manage_table_headers();

-        echo view('expenses_categories/manage', $data);
+        return view('expenses_categories/manage', $data);
    }

    /**
     * Returns expense_category_manage table data rows. This will be called with AJAX.
-     */
-    public function getSearch(): void
+     **/
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -34,73 +39,87 @@ class Expenses_categories extends Secure_Controller    // TODO: Is this class ev
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
-        $total_rows         = $this->expense_category->get_found_rows($search);
+        $total_rows = $this->expense_category->get_found_rows($search);

        $data_rows = [];
-
        foreach ($expense_categories->getResult() as $expense_category) {
            $data_rows[] = get_expense_category_data_row($expense_category);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return void
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView(int $expense_category_id = NEW_ENTRY): void
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function getView(int $expense_category_id = NEW_ENTRY): string
    {
        $data['category_info'] = $this->expense_category->get_info($expense_category_id);

-        echo view('expenses_categories/form', $data);
+        return view("expenses_categories/form", $data);
    }

-    public function postSave(int $expense_category_id = NEW_ENTRY): void
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function postSave(int $expense_category_id = NEW_ENTRY): ResponseInterface
    {
        $expense_category_data = [
            'category_name'        => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
        ];

        if ($this->expense_category->save_value($expense_category_data, $expense_category_id)) {
            // New expense_category
-            if ($expense_category_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($expense_category_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Expenses_categories.successful_adding'),
-                    'id'      => $expense_category_data['expense_category_id'],
+                    'id'      => $expense_category_data['expense_category_id']
                ]);
            } else { // Existing Expense Category
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Expenses_categories.successful_updating'),
-                    'id'      => $expense_category_id,
+                    'id'      => $expense_category_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
                'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return void
+     */
+    public function postDelete(): ResponseInterface
    {
        $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        if ($this->expense_category->delete_list($expense_category_to_delete)) {    // TODO: Convert to ternary notation.
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple'),
+                'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Giftcards.php
+++ b/app/Controllers/Giftcards.php
@@ -3,7 +3,9 @@
 namespace App\Controllers;

 use App\Models\Giftcard;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;

 class Giftcards extends Secure_Controller
 {
@@ -16,17 +18,20 @@ class Giftcards extends Secure_Controller
        $this->giftcard = model(Giftcard::class);
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_giftcards_manage_table_headers();

-        echo view('giftcards/manage', $data);
+        return view('giftcards/manage', $data);
    }

    /**
     * Returns Giftcards table data rows. This will be called with AJAX.
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -34,71 +39,86 @@ class Giftcards extends Secure_Controller
        $sort   = $this->sanitizeSortColumn(giftcard_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'giftcard_id');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $giftcards  = $this->giftcard->search($search, $limit, $offset, $sort, $order);
+        $giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->giftcard->get_found_rows($search);

        $data_rows = [];
-
        foreach ($giftcards->getResult() as $giftcard) {
            $data_rows[] = get_giftcard_data_row($giftcard);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * Gets search suggestions for giftcards. Used in app\Views\sales\register.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getSuggest(): void
+    public function getSuggest(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->giftcard->get_search_suggestions($search, true);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function suggest_search(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->giftcard->get_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView(int $giftcard_id = NEW_ENTRY): void
+    /**
+     * @param int $giftcard_id
+     * @return string
+     */
+    public function getView(int $giftcard_id = NEW_ENTRY): string
    {
-        $config        = config(OSPOS::class)->settings;
+        $config = config(OSPOS::class)->settings;
        $giftcard_info = $this->giftcard->get_info($giftcard_id);

        $data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
-        $data['selected_person_id']   = $giftcard_info->person_id;
-        if ($config['giftcard_number'] === 'random') {
+        $data['selected_person_id'] = $giftcard_info->person_id;
+        if ($config['giftcard_number'] == 'random') {
            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : '';
        } else {
-            $max_number_obj          = $this->giftcard->get_max_number();
-            $max_giftnumber          = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0;    // TODO: variable does not follow naming standard.
+            $max_number_obj = $this->giftcard->get_max_number();
+            $max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0;    // TODO: variable does not follow naming standard.
            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $max_giftnumber + 1;
        }
-        $data['giftcard_id']    = $giftcard_id;
+        $data['giftcard_id'] = $giftcard_id;
        $data['giftcard_value'] = $giftcard_info->value;

-        echo view('giftcards/form', $data);
+        return view("giftcards/form", $data);
    }

-    public function postSave(int $giftcard_id = NEW_ENTRY): void
+    /**
+     * @param int $giftcard_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $giftcard_id = NEW_ENTRY): ResponseInterface
    {
        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        if ($giftcard_id === NEW_ENTRY && trim($giftcard_number) === '') {
+        if ($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') {
            $giftcard_number = $this->giftcard->generate_unique_giftcard_name($giftcard_number);
        }

@@ -106,29 +126,29 @@ class Giftcards extends Secure_Controller
            'record_time'     => date('Y-m-d H:i:s'),
            'giftcard_number' => $giftcard_number,
            'value'           => parse_decimals($this->request->getPost('giftcard_amount')),
-            'person_id'       => $this->request->getPost('person_id') === '' ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT),
+            'person_id'       => empty($this->request->getPost('person_id')) ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT)
        ];

        if ($this->giftcard->save_value($giftcard_data, $giftcard_id)) {
            // New giftcard
-            if ($giftcard_id === NEW_ENTRY) {    // TODO: Constant needed
-                echo json_encode([
+            if ($giftcard_id == NEW_ENTRY) {    // TODO: Constant needed
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
-                    'id'      => $giftcard_data['giftcard_id'],
+                    'id'      => $giftcard_data['giftcard_id']
                ]);
            } else { // Existing giftcard
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
-                    'id'      => $giftcard_id,
+                    'id'      => $giftcard_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }
@@ -136,26 +156,33 @@ class Giftcards extends Secure_Controller
    /**
     * Checks the giftcard number validity. Used in app\Views\giftcards\form.php
     *
+     * @return void
     * @noinspection PhpUnused
     */
-    public function postCheckNumberGiftcard(): void
+    public function postCheckNumberGiftcard(): ResponseInterface
    {
-        $giftcard_amount = parse_decimals($this->request->getPost('giftcard_amount'));
-        $parsed_value    = filter_var($giftcard_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-        echo json_encode(['success' => $parsed_value !== false && $parsed_value > 0 && $giftcard_amount !== false, 'giftcard_amount' => to_currency_no_money($parsed_value)]);
+        $existing_id = $this->request->getPost('giftcard_id', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_id = $this->giftcard->get_giftcard_id($giftcard_number);
+        $success = ($giftcard_id == (int) $existing_id || !$giftcard_id );
+
+        return $this->response->setJSON($success ? 'true' : 'false');
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        if ($this->giftcard->delete_list($giftcards_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple'),
+                'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Home.php
+++ b/app/Controllers/Home.php
@@ -2,7 +2,9 @@

 namespace App\Controllers;

+use App\Libraries\MY_Migration;
 use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\ResponseInterface;

 class Home extends Secure_Controller
 {
@@ -11,79 +13,116 @@ class Home extends Secure_Controller
        parent::__construct('home', null, 'home');
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $logged_in = $this->employee->is_logged_in();
-        echo view('home/home');
+        return view('home/home');
    }

    /**
     * Logs the currently logged in employee out of the system.  Used in app/Views/partial/header.php
     *
+     * @return RedirectResponse
     * @noinspection PhpUnused
     */
    public function getLogout(): RedirectResponse
    {
        $this->employee->logout();
-
        return redirect()->to('login');
    }

    /**
-     * Load "change employee password" form
+     * Load the "change employee password" form
     *
-     * @noinspection PhpUnused
+     * @param int $employeeId
+     * @return ResponseInterface|string
     */
-    public function getChangePassword(int $employee_id = -1): void    // TODO: Replace -1 with a constant
+    public function getChangePassword(int $employeeId = NEW_ENTRY): ResponseInterface|string
    {
-        $person_info = $this->employee->get_info($employee_id);
+        $loggedInEmployee = $this->employee->get_logged_in_employee_info();
+        $currentPersonId = (int) $loggedInEmployee->person_id;

+        $employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
+
+        if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
+            return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
+        }
+
+        $person_info = $this->employee->get_info($employeeId);
        foreach (get_object_vars($person_info) as $property => $value) {
-            $person_info->{$property} = $value;
+            $person_info->$property = $value;
        }
        $data['person_info'] = $person_info;

-        echo view('home/form_change_password', $data);
+        return view('home/form_change_password', $data);
    }

    /**
     * Change employee password
+     *
+     * @return ResponseInterface
     */
-    public function postSave(int $employee_id = -1): void    // TODO: Replace -1 with a constant
+    public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
    {
-        if (! empty($this->request->getPost('current_password')) && $employee_id !== -1) {
-            if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
-                $employee_data = [
-                    'username'     => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-                    'password'     => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
-                    'hash_version' => 2,
-                ];
+        $currentUser = $this->employee->get_logged_in_employee_info();
+        $currentPersonId = (int) $currentUser->person_id;

-                if ($this->employee->change_password($employee_data, $employee_id)) {
-                    echo json_encode([
-                        'success' => true,
-                        'message' => lang('Employees.successful_change_password'),
-                        'id'      => $employee_id,
-                    ]);
-                } else { // Failure    // TODO: Replace -1 with constant
-                    echo json_encode([
+        $employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
+
+        if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
+            return $this->response->setStatusCode(403)->setJSON([
+                'success' => false,
+                'message' => lang('Employees.unauthorized_modify')
+            ]);
+        }
+
+        if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
+            if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
+                // Validate password length BEFORE hashing
+                $new_password = $this->request->getPost('password');
+
+                if (strlen($new_password) < 8) {
+                    return $this->response->setJSON([
                        'success' => false,
-                        'message' => lang('Employees.unsuccessful_change_password'),
-                        'id'      => -1,
+                        'message' => lang('Employees.password_minlength'),
+                        'id'      => NEW_ENTRY
                    ]);
                }
-            } else {    // TODO: Replace -1 with constant
-                echo json_encode([
+
+                $employee_data = [
+                    'username'     => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                    'password'     => password_hash($new_password, PASSWORD_DEFAULT),
+                    'hash_version' => 2
+                ];
+
+                if ($this->employee->change_password($employee_data, $employeeId)) {
+                    return $this->response->setJSON([
+                        'success' => true,
+                        'message' => lang('Employees.successful_change_password'),
+                        'id'      => $employeeId
+                    ]);
+                } else {
+                    return $this->response->setJSON([
+                        'success' => false,
+                        'message' => lang('Employees.unsuccessful_change_password'),
+                        'id'      => NEW_ENTRY
+                    ]);
+                }
+            } else {
+                return $this->response->setJSON([
                    'success' => false,
                    'message' => lang('Employees.current_password_invalid'),
-                    'id'      => -1,
+                    'id'      => NEW_ENTRY
                ]);
            }
-        } else {    // TODO: Replace -1 with constant
-            echo json_encode([
+        } else {
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Employees.current_password_invalid'),
-                'id'      => -1,
+                'id'      => NEW_ENTRY
            ]);
        }
    }
--- a/app/Controllers/Item_kits.php
+++ b/app/Controllers/Item_kits.php
@@ -3,9 +3,12 @@
 namespace App\Controllers;

 use App\Libraries\Barcode_lib;
+
 use App\Models\Item;
 use App\Models\Item_kit;
 use App\Models\Item_kit_items;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 class Item_kits extends Secure_Controller
 {
@@ -17,8 +20,8 @@ class Item_kits extends Secure_Controller
    {
        parent::__construct('item_kits');

-        $this->item           = model(Item::class);
-        $this->item_kit       = model(Item_kit::class);
+        $this->item = model(Item::class);
+        $this->item_kit = model(Item_kit::class);
        $this->item_kit_items = model(Item_kit_items::class);
    }

@@ -31,18 +34,17 @@ class Item_kits extends Secure_Controller

        $item_kit->total_cost_price = 0;
        $item_kit->total_unit_price = $kit_item_info->unit_price;
-        $total_quantity             = 0;
+        $total_quantity = 0;

        foreach ($this->item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) {
            $item_info = $this->item->get_info($item_kit_item['item_id']);
-
            foreach (get_object_vars($item_info) as $property => $value) {
-                $item_info->{$property} = $value;
+                $item_info->$property = $value;
            }

            $item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];

-            if ($item_kit->price_option === PRICE_OPTION_ALL || ($item_kit->price_option === PRICE_OPTION_KIT_STOCK && $item_info->stock_type === HAS_STOCK)) {
+            if ($item_kit->price_option == PRICE_OPTION_ALL || ($item_kit->price_option == PRICE_OPTION_KIT_STOCK && $item_info->stock_type == HAS_STOCK)) {
                $item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity'];
                $total_quantity += $item_kit_item['quantity'];
            }
@@ -50,24 +52,27 @@ class Item_kits extends Secure_Controller

        $discount_fraction = bcdiv($item_kit->kit_discount, '100');

-        $item_kit->total_unit_price -= round(($item_kit->kit_discount_type === PERCENT)
+        $item_kit->total_unit_price = $item_kit->total_unit_price - round(($item_kit->kit_discount_type == PERCENT)
            ? bcmul($item_kit->total_unit_price, $discount_fraction)
            : $item_kit->kit_discount, totals_decimals(), PHP_ROUND_HALF_UP);

        return $item_kit;
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_item_kits_manage_table_headers();

-        echo view('item_kits/manage', $data);
+        return view('item_kits/manage', $data);
    }

    /**
     * Returns Item_kit table data rows. This will be called with AJAX.
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search') ?? '';
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -75,61 +80,71 @@ class Item_kits extends Secure_Controller
        $sort   = $this->sanitizeSortColumn(item_kit_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_kit_id');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $item_kits  = $this->item_kit->search($search, $limit, $offset, $sort, $order);
+        $item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->item_kit->get_found_rows($search);

        $data_rows = [];
-
        foreach ($item_kits->getResult() as $item_kit) {
            // Calculate the total cost and retail price of the Kit, so it can be printed out in the manage table
-            $item_kit    = $this->_add_totals_to_item_kit($item_kit);
+            $item_kit = $this->_add_totals_to_item_kit($item_kit);
            $data_rows[] = get_item_kit_data_row($item_kit);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function suggest_search(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->item_kit->get_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        // Calculate the total cost and retail price of the Kit, so it can be added to the table refresh
        $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));

-        echo json_encode(get_item_kit_data_row($item_kit));
+        return $this->response->setJSON(get_item_kit_data_row($item_kit));
    }

-    public function getView(int $item_kit_id = NEW_ENTRY): void
+    /**
+     * @param int $item_kit_id
+     * @return string
+     */
+    public function getView(int $item_kit_id = NEW_ENTRY): string
    {
        $info = $this->item_kit->get_info($item_kit_id);

-        if ($item_kit_id === NEW_ENTRY) {
+        if ($item_kit_id == NEW_ENTRY) {
            $info->price_option = '0';
            $info->print_option = PRINT_ALL;
-            $info->kit_item_id  = 0;
-            $info->item_number  = '';
+            $info->kit_item_id = 0;
+            $info->item_number = '';
            $info->kit_discount = 0;
        }

        foreach (get_object_vars($info) as $property => $value) {
-            $info->{$property} = $value;
+            $info->$property = $value;
        }

-        $data['item_kit_info'] = $info;
+        $data['item_kit_info']  = $info;

        $items = [];

        foreach ($this->item_kit_items->get_info($item_kit_id) as $item_kit_item) {
            $item['kit_sequence'] = $item_kit_item['kit_sequence'];
-            $item['name']         = $this->item->get_info($item_kit_item['item_id'])->name;
-            $item['item_id']      = $item_kit_item['item_id'];
-            $item['quantity']     = $item_kit_item['quantity'];
+            $item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
+            $item['item_id'] = $item_kit_item['item_id'];
+            $item['quantity'] = $item_kit_item['quantity'];

            $items[] = $item;
        }
@@ -137,113 +152,119 @@ class Item_kits extends Secure_Controller
        $data['item_kit_items'] = $items;

        $data['selected_kit_item_id'] = $info->kit_item_id;
-        $data['selected_kit_item']    = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
+        $data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';

-        echo view('item_kits/form', $data);
+        return view("item_kits/form", $data);
    }

-    public function postSave(int $item_kit_id = NEW_ENTRY): void
+    /**
+     * @param int $item_kit_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $item_kit_id = NEW_ENTRY): ResponseInterface
    {
        $item_kit_data = [
            'name'              => $this->request->getPost('name'),
            'item_kit_number'   => $this->request->getPost('item_kit_number'),
-            'item_id'           => $this->request->getPost('kit_item_id') ? null : (int) ($this->request->getPost('kit_item_id')),
+            'item_id'           => $this->request->getPost('kit_item_id'),
            'kit_discount'      => parse_decimals($this->request->getPost('kit_discount')),
-            'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : (int) ($this->request->getPost('kit_discount_type')),
-            'price_option'      => $this->request->getPost('price_option') === null ? PRICE_ALL : (int) ($this->request->getPost('price_option')),
-            'print_option'      => $this->request->getPost('print_option') === null ? PRINT_ALL : (int) ($this->request->getPost('print_option')),
-            'description'       => $this->request->getPost('description'),
+            'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : intval($this->request->getPost('kit_discount_type')),
+            'price_option'      => $this->request->getPost('price_option') === null ? PRICE_ALL : intval($this->request->getPost('price_option')),
+            'print_option'      => $this->request->getPost('print_option') === null ? PRINT_ALL : intval($this->request->getPost('print_option')),
+            'description'       => $this->request->getPost('description')
        ];

        if ($this->item_kit->save_value($item_kit_data, $item_kit_id)) {
            $new_item = false;
            // New item kit
-            if ($item_kit_id === NEW_ENTRY) {
+            if ($item_kit_id == NEW_ENTRY) {
                $item_kit_id = $item_kit_data['item_kit_id'];
-                $new_item    = true;
+                $new_item = true;
            }

            $item_kit_items_array = $this->request->getPost('item_kit_qty') === null ? null : $this->request->getPost('item_kit_qty');

-            if ($item_kit_items_array !== null) {
+            if ($item_kit_items_array != null) {
                $item_kit_items = [];
-
                foreach ($item_kit_items_array as $item_id => $item_kit_qty) {
                    $item_kit_items[] = [
                        'item_id'      => $item_id,
                        'quantity'     => $item_kit_qty === null ? 0 : parse_quantity($item_kit_qty),
-                        'kit_sequence' => $this->request->getPost("item_kit_seq[{$item_id}]") === null ? 0 : (int) ($this->request->getPost("item_kit_seq[{$item_id}]")),
+                        'kit_sequence' => $this->request->getPost("item_kit_seq[$item_id]") === null ? 0 : intval($this->request->getPost("item_kit_seq[$item_id]"))
                    ];
                }
            }

-            if (! empty($item_kit_items)) {
+            if (!empty($item_kit_items)) {
                $success = $this->item_kit_items->save_value($item_kit_items, $item_kit_id);
            } else {
                $success = true;
            }

            if ($new_item) {
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => $success,
                    'message' => lang('Item_kits.successful_adding') . ' ' . $item_kit_data['name'],
-                    'id'      => $item_kit_id,
+                    'id'      => $item_kit_id
                ]);
            } else {
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => $success,
                    'message' => lang('Item_kits.successful_updating') . ' ' . $item_kit_data['name'],
-                    'id'      => $item_kit_id,
+                    'id'      => $item_kit_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        if ($this->item_kit->delete_list($item_kits_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple'),
+                'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
        }
    }

    /**
     * Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postCheckItemNumber(): void
+    public function postCheckItemNumber(): ResponseInterface
    {
        $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
-        echo ! $exists ? 'true' : 'false';
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
    }

    /**
     * AJAX called function that generates barcodes for selected item_kits.
     *
     * @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
-     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function getGenerateBarcodes(string $item_kit_ids): void
+    public function getGenerateBarcodes(string $item_kit_ids): string
    {
        $barcode_lib = new Barcode_lib();
-        $result      = [];
+        $result = [];

        $item_kit_ids = explode(':', $item_kit_ids);
-
        foreach ($item_kit_ids as $item_kid_id) {
            // Calculate the total cost and retail price of the Kit, so it can be added to the barcode text at the bottom
            $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($item_kid_id));
@@ -255,20 +276,20 @@ class Item_kits extends Secure_Controller
                'item_id'     => $item_kid_id,
                'item_number' => $item_kid_id,
                'cost_price'  => $item_kit->total_cost_price,
-                'unit_price'  => $item_kit->total_unit_price,
+                'unit_price'  => $item_kit->total_unit_price
            ];
        }

-        $data['items']  = $result;
+        $data['items'] = $result;
        $barcode_config = $barcode_lib->get_barcode_config();
        // In case the selected barcode type is not Code39 or Code128 we set by default Code128
        // The rationale for this is that EAN codes cannot have strings as seed, so 'KIT ' is not allowed
-        if ($barcode_config['barcode_type'] !== 'C39' && $barcode_config['barcode_type'] !== 'C128') {
+        if ($barcode_config['barcode_type'] != 'C39' && $barcode_config['barcode_type'] != 'C128') {
            $barcode_config['barcode_type'] = 'C128';
        }
        $data['barcode_config'] = $barcode_config;

        // Display barcodes
-        echo view('barcodes/barcode_sheet', $data);
+        return view("barcodes/barcode_sheet", $data);
    }
 }
--- a/app/Controllers/Items.php
+++ b/app/Controllers/Items.php
--- a/app/Controllers/Login.php
+++ b/app/Controllers/Login.php
@@ -5,23 +5,27 @@ namespace App\Controllers;
 use App\Libraries\MY_Migration;
 use App\Models\Employee;
 use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Model;
 use Config\OSPOS;
 use Config\Services;

 /**
- * @property Employee employee
+ * @property employee employee
 */
 class Login extends BaseController
 {
    public Model $employee;

-    public function index(): RedirectResponse|string
+    /**
+     * @return RedirectResponse|string
+     */
+    public function index(): string|RedirectResponse
    {
        $this->employee = model(Employee::class);
-        if (! $this->employee->is_logged_in()) {
+        if (!$this->employee->is_logged_in()) {
            $migration = new MY_Migration(config('Migrations'));
-            $config    = config(OSPOS::class)->settings;
+            $config = config(OSPOS::class)->settings;

            $gcaptcha_enabled = array_key_exists('gcaptcha_enable', $config)
                ? $config['gcaptcha_enable']
@@ -33,40 +37,64 @@ class Login extends BaseController

            $data = [
                'has_errors'       => false,
+                'is_new_install'   => !(MY_Migration::get_current_version()),
                'is_latest'        => $migration->is_latest(),
                'latest_version'   => $migration->get_latest_migration(),
                'gcaptcha_enabled' => $gcaptcha_enabled,
                'config'           => $config,
-                'validation'       => $validation,
+                'validation'       => $validation
            ];

            if ($this->request->getMethod() !== 'POST') {
                return view('login', $data);
            }

-            $rules    = ['username' => 'required|login_check[data]'];
+            $rules = ['username' => 'required|login_check[data]'];
            $messages = [
                'username' => [
                    'required'    => lang('Login.required_username'),
                    'login_check' => lang('Login.invalid_username_and_password'),
-                ],
+                ]
            ];

-            if (! $this->validate($rules, $messages)) {
-                $data['has_errors'] = ! empty($validation->getErrors());
+            if (!$this->validate($rules, $messages)) {
+                $data['has_errors'] = !empty($validation->getErrors());

                return view('login', $data);
            }

-            if (! $data['is_latest']) {
+            if (!$data['is_latest']) {
                set_time_limit(3600);

                $migration->setNamespace('App')->latest();
-
                return redirect()->to('login');
            }
        }

        return redirect()->to('home');
    }
+
+    public function migrate(): ResponseInterface
+    {
+        try {
+            $migration = new MY_Migration(config('Migrations'));
+            $migration->migrate_to_ci4();
+            
+            set_time_limit(3600);
+            $migration->setNamespace('App')->latest();
+            
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => 'Migration completed successfully'
+            ]);
+            
+        } catch (\Exception $e) {
+            log_message('error', 'Migration failed: ' . $e->getMessage());
+            
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => 'Migration failed: ' . $e->getMessage()
+            ])->setStatusCode(500);
+        }
+    }
 }
--- a/app/Controllers/Messages.php
+++ b/app/Controllers/Messages.php
@@ -3,7 +3,9 @@
 namespace App\Controllers;

 use App\Libraries\Sms_lib;
+
 use App\Models\Person;
+use CodeIgniter\HTTP\ResponseInterface;

 class Messages extends Secure_Controller
 {
@@ -16,25 +18,35 @@ class Messages extends Secure_Controller
        $this->sms_lib = new Sms_lib();
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
-        echo view('messages/sms');
+        return view('messages/sms');
    }

-    public function getView(int $person_id = NEW_ENTRY): void
+    /**
+     * @param int $person_id
+     * @return string
+     */
+    public function getView(int $person_id = NEW_ENTRY): string
    {
        $person = model(Person::class);
-        $info   = $person->get_info($person_id);
+        $info = $person->get_info($person_id);

        foreach (get_object_vars($info) as $property => $value) {
-            $info->{$property} = $value;
+            $info->$property = $value;
        }
        $data['person_info'] = $info;

-        echo view('messages/form_sms', $data);
+        return view('messages/form_sms', $data);
    }

-    public function send(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function send(): ResponseInterface
    {
        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -42,18 +54,20 @@ class Messages extends Secure_Controller
        $response = $this->sms_lib->sendSMS($phone, $message);

        if ($response) {
-            echo json_encode(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
+            return $this->response->setJSON(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
        }
    }

    /**
     * Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
     *
+     * @param int $person_id
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function send_form(int $person_id = NEW_ENTRY): void
+    public function send_form(int $person_id = NEW_ENTRY): ResponseInterface
    {
        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -61,16 +75,16 @@ class Messages extends Secure_Controller
        $response = $this->sms_lib->sendSMS($phone, $message);

        if ($response) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success'   => true,
                'message'   => lang('Messages.successfully_sent') . ' ' . esc($phone),
-                'person_id' => $person_id,
+                'person_id' => $person_id
            ]);
        } else {
-            echo json_encode([
+            return $this->response->setJSON([
                'success'   => false,
                'message'   => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
-                'person_id' => NEW_ENTRY,
+                'person_id' => NEW_ENTRY
            ]);
        }
    }
--- a/app/Controllers/No_access.php
+++ b/app/Controllers/No_access.php
@@ -3,12 +3,13 @@
 namespace App\Controllers;

 use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;

 /**
 * Part of the grants mechanism to restrict access to modules that the user doesn't have permission for.
 * Instantiated in the views.
 *
- * @property Module module
+ * @property module module
 */
 class No_access extends BaseController
 {
@@ -19,11 +20,16 @@ class No_access extends BaseController
        $this->module = model(Module::class);
    }

-    public function getIndex(string $module_id = '', string $permission_id = ''): void
+    /**
+     * @param string $module_id
+     * @param string $permission_id
+     * @return string
+     */
+    public function getIndex(string $module_id = '', string $permission_id = ''): string
    {
        $data['module_name']   = $this->module->get_module_name($module_id);
        $data['permission_id'] = $permission_id;

-        echo view('no_access', $data);
+        return view('no_access', $data);
    }
 }
--- a/app/Controllers/Office.php
+++ b/app/Controllers/Office.php
@@ -3,6 +3,7 @@
 namespace App\Controllers;

 use App\Models\Employee;
+use CodeIgniter\HTTP\ResponseInterface;

 /**
 * @property Employee employee
@@ -16,11 +17,17 @@ class Office extends Secure_Controller
        parent::__construct('office', null, 'office');
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
-        echo view('home/office');
+        return view('home/office');
    }

+    /**
+     * @return void
+     */
    public function logout(): void
    {
        $this->employee = model(Employee::class);
--- a/app/Controllers/Persons.php
+++ b/app/Controllers/Persons.php
@@ -3,13 +3,17 @@
 namespace App\Controllers;

 use App\Models\Person;
-
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 use function Tamtamchik\NameCase\str_name_case;

 abstract class Persons extends Secure_Controller
 {
    protected Person $person;

+    /**
+     * @param string|null $module_id
+     */
    public function __construct(?string $module_id = null)
    {
        parent::__construct($module_id);
@@ -17,32 +21,37 @@ abstract class Persons extends Secure_Controller
        $this->person = model(Person::class);
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_people_manage_table_headers();

-        echo view('people/manage', $data);
+        return view('people/manage', $data);
    }

    /**
     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
     */
-    public function getSuggest(): void
+    public function getSuggest(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->person->get_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Gets one row for a person manage table. This is called using AJAX to update one row.
+     * @return ResponseInterface
     */
-    public function getRow(int $row_id): void
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_person_data_row($this->person->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

    /**
@@ -60,6 +69,8 @@ abstract class Persons extends Secure_Controller
        $adjusted_name = str_name_case($input);

        // TODO: Use preg_replace to match HTML entities and convert them to lowercase. This is a workaround for https://github.com/tamtamchik/namecase/issues/20
-        return preg_replace_callback('/&[a-zA-Z0-9#]+;/', static fn ($matches) => strtolower($matches[0]), $adjusted_name);
+        return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function ($matches) {
+            return strtolower($matches[0]);
+        }, $adjusted_name);
    }
 }
--- a/app/Controllers/Receivings.php
+++ b/app/Controllers/Receivings.php
@@ -2,16 +2,18 @@

 namespace App\Controllers;

-use App\Libraries\Barcode_lib;
 use App\Libraries\Receiving_lib;
 use App\Libraries\Token_lib;
+use App\Libraries\Barcode_lib;
 use App\Models\Inventory;
 use App\Models\Item;
 use App\Models\Item_kit;
 use App\Models\Receiving;
 use App\Models\Stock_location;
 use App\Models\Supplier;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;
 use ReflectionException;

 class Receivings extends Secure_Controller
@@ -32,78 +34,85 @@ class Receivings extends Secure_Controller
        parent::__construct('receivings');

        $this->receiving_lib = new Receiving_lib();
-        $this->token_lib     = new Token_lib();
-        $this->barcode_lib   = new Barcode_lib();
+        $this->token_lib = new Token_lib();
+        $this->barcode_lib = new Barcode_lib();

-        $this->inventory      = model(Inventory::class);
-        $this->item_kit       = model(Item_kit::class);
-        $this->item           = model(Item::class);
-        $this->receiving      = model(Receiving::class);
+        $this->inventory = model(Inventory::class);
+        $this->item_kit = model(Item_kit::class);
+        $this->item = model(Item::class);
+        $this->receiving = model(Receiving::class);
        $this->stock_location = model(Stock_location::class);
-        $this->supplier       = model(Supplier::class);
-        $this->config         = config(OSPOS::class)->settings;
+        $this->supplier = model(Supplier::class);
+        $this->config = config(OSPOS::class)->settings;
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
-        $this->_reload();
+        return $this->_reload();
    }

    /**
     * Returns search suggestions for an item. Used in app/Views/sales/register.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getItemSearch(): void
+    public function getItemSearch(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
        $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Gets search suggestions for a stock item. Used in app/Views/receivings/receiving.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getStockItemSearch(): void
+    public function getStockItemSearch(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
        $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Set supplier if it exists in the database. Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function postSelectSupplier(): void
+    public function postSelectSupplier(): string
    {
        $supplier_id = $this->request->getPost('supplier', FILTER_SANITIZE_NUMBER_INT);
        if ($this->supplier->exists($supplier_id)) {
            $this->receiving_lib->set_supplier($supplier_id);
        }

-        $this->_reload();    // TODO: Hungarian notation
+        return $this->_reload();    // TODO: Hungarian notation
    }

    /**
     * Change receiving mode for current receiving. Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function postChangeMode(): void
+    public function postChangeMode(): string
    {
        $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $stock_source      = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
+        $stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);

-        if ((! $stock_source || $stock_source === $this->receiving_lib->get_stock_source())
-            && (! $stock_destination || $stock_destination === $this->receiving_lib->get_stock_destination())
+        if ((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) &&
+            (!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())
        ) {
            $this->receiving_lib->clear_reference();
            $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -113,75 +122,79 @@ class Receivings extends Secure_Controller
            $this->receiving_lib->set_stock_destination($stock_destination);
        }

-        $this->_reload();    // TODO: Hungarian notation
+        return $this->_reload();    // TODO: Hungarian notation
    }

    /**
     * Sets receiving comment. Used in app/Views/receivings/receiving.php
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postSetComment(): void
+    public function postSetComment(): ResponseInterface
    {
        $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+        return $this->response->setJSON(['success' => true]);
    }

    /**
     * Sets the print after sale flag for the receiving. Used in app/Views/receivings/receiving.php
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postSetPrintAfterSale(): void
+    public function postSetPrintAfterSale(): ResponseInterface
    {
-        $this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') !== null);
+        $this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') != null);
+        return $this->response->setJSON(['success' => true]);
    }

    /**
     * Sets the reference number for the receiving.  Used in app/Views/receivings/receiving.php
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function postSetReference(): void
+    public function postSetReference(): ResponseInterface
    {
        $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+        return $this->response->setJSON(['success' => true]);
    }

    /**
     * Add an item to the receiving. Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function postAdd(): void
+    public function postAdd(): string
    {
        $data = [];

-        $mode                                     = $this->receiving_lib->get_mode();
+        $mode = $this->receiving_lib->get_mode();
        $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
-        $quantity      = ($mode === 'receive' || $mode === 'requisition') ? $quantity : -$quantity;
+        $quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity;
        $item_location = $this->receiving_lib->get_stock_source();
-        $discount      = $this->config['default_receivings_discount'];
+        $discount = $this->config['default_receivings_discount'];
        $discount_type = $this->config['default_receivings_discount_type'];

-        if ($mode === 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
+        if ($mode == 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
            $this->receiving_lib->return_entire_receiving($item_id_or_number_or_item_kit_or_receipt);
        } elseif ($this->item_kit->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) {
            $this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt, $item_location, $discount, $discount_type);
-        } elseif (! $this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount, $discount_type)) {
+        } elseif (!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount,  $discount_type)) {
            $data['error'] = lang('Receivings.unable_to_add_item');
        }

-        $this->_reload($data);    // TODO: Hungarian notation
+        return $this->_reload($data);    // TODO: Hungarian notation
    }

    /**
     * Edit line item in current receiving. Used in app/Views/receivings/receiving.php
     *
+     * @param int|string|null $item_id
+     * @return string
     * @noinspection PhpUnused
-     *
-     * @param mixed $item_id
     */
-    public function postEditItem($item_id): void
+    public function postEditItem(int|string|null $item_id): string
    {
        $data = [];

@@ -191,14 +204,14 @@ class Receivings extends Secure_Controller
            'discount' => 'trim|permit_empty|decimal_locale',
        ];

-        $price                  = parse_decimals($this->request->getPost('price'));
-        $quantity               = parse_quantity($this->request->getPost('quantity'));
+        $price = parse_decimals($this->request->getPost('price'));
+        $quantity = parse_quantity($this->request->getPost('quantity'));
        $raw_receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity'));

-        $description   = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: Duplicated code
-        $serialnumber  = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+        $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: Duplicated code
+        $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
        $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT);
-        $discount      = $discount_type
+        $discount = $discount_type
            ? parse_quantity(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
            : parse_decimals(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));

@@ -210,123 +223,137 @@ class Receivings extends Secure_Controller
            $data['error'] = lang('Receivings.error_editing_item');
        }

-        $this->_reload($data);    // TODO: Hungarian notation
+        return $this->_reload($data);    // TODO: Hungarian notation
    }

    /**
     * Edit a receiving. Used in app/Controllers/Receivings.php
-     *
+     * @param $receiving_id
+     * @return string
     * @noinspection PhpUnused
-     *
-     * @param mixed $receiving_id
     */
-    public function getEdit($receiving_id): void
+    public function getEdit($receiving_id): string
    {
        $data = [];

        $data['suppliers'] = ['' => 'No Supplier'];
-
        foreach ($this->supplier->get_all()->getResult() as $supplier) {
            $data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
        }

-        $data['employees'] = [];
+        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();

-        foreach ($this->employee->get_all()->getResult() as $employee) {
-            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
+
+        $data['employees'] = [];
+        if ($can_assign_employee) {
+            foreach ($this->employee->get_all()->getResult() as $employee) {
+                $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+            }
+        } else {
+            $stored_employee_id = $receiving_info['employee_id'];
+            $stored_employee = $this->employee->get_info($stored_employee_id);
+            $data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
        }

-        $receiving_info                 = $this->receiving->get_info($receiving_id)->getRowArray();
-        $data['selected_supplier_name'] = ! empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
-        $data['selected_supplier_id']   = $receiving_info['supplier_id'];
-        $data['receiving_info']         = $receiving_info;
+        $data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
+        $data['selected_supplier_id'] = $receiving_info['supplier_id'];
+        $data['receiving_info'] = $receiving_info;
+        $data['can_assign_employee'] = $can_assign_employee;

-        echo view('receivings/form', $data);
+        return view('receivings/form', $data);
    }

    /**
     * Deletes an item from the current receiving. Used in app/Views/receivings/receiving.php
     *
+     * @param $item_number
+     * @return string
     * @noinspection PhpUnused
-     *
-     * @param mixed $item_number
     */
-    public function getDeleteItem($item_number): void
+    public function getDeleteItem($item_number): string
    {
        $this->receiving_lib->delete_item($item_number);

-        $this->_reload();    // TODO: Hungarian notation
+        return $this->_reload();    // TODO: Hungarian notation
    }

    /**
+     * @param int $receiving_id
+     * @param bool $update_inventory
+     * @return ResponseInterface
     * @throws ReflectionException
     */
-    public function postDelete(int $receiving_id = -1, bool $update_inventory = true): void
+    public function postDelete(int $receiving_id = -1, bool $update_inventory = true): ResponseInterface
    {
-        $employee_id   = $this->employee->get_logged_in_employee_info()->person_id;
-        $receiving_ids = $receiving_id === -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id];    // TODO: Replace -1 with constant
+        $employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $receiving_ids = $receiving_id == -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id];    // TODO: Replace -1 with constant

        if ($this->receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) {    // TODO: Likely need to surround this block of code in a try-catch to catch the ReflectionException
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
                'message' => lang('Receivings.successfully_deleted') . ' ' . count($receiving_ids) . ' ' . lang('Receivings.one_or_multiple'),
-                'ids'     => $receiving_ids,
+                'ids'     => $receiving_ids
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
        }
    }

    /**
     * Removes a supplier from a receiving. Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function getRemoveSupplier(): void
+    public function getRemoveSupplier(): string
    {
        $this->receiving_lib->clear_reference();
        $this->receiving_lib->remove_supplier();

-        $this->_reload();    // TODO: Hungarian notation
+        return $this->_reload();    // TODO: Hungarian notation
    }

    /**
     * Complete and finalize receiving.  Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @throws ReflectionException
     * @noinspection PhpUnused
     */
-    public function postComplete(): void
+    public function postComplete(): string
    {
+
        $data = [];

-        $data['cart']                 = $this->receiving_lib->get_cart();
-        $data['total']                = $this->receiving_lib->get_total();
-        $data['transaction_time']     = to_datetime(time());
-        $data['mode']                 = $this->receiving_lib->get_mode();
-        $data['comment']              = $this->receiving_lib->get_comment();
-        $data['reference']            = $this->receiving_lib->get_reference();
-        $data['payment_type']         = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['total'] = $this->receiving_lib->get_total();
+        $data['transaction_time'] = to_datetime(time());
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['comment'] = $this->receiving_lib->get_comment();
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
-        $data['stock_location']       = $this->receiving_lib->get_stock_source();
-        if ($this->request->getPost('amount_tendered') !== null) {
+        $data['stock_location'] = $this->receiving_lib->get_stock_source();
+        if ($this->request->getPost('amount_tendered') != null) {
            $data['amount_tendered'] = parse_decimals($this->request->getPost('amount_tendered'));
-            $data['amount_change']   = to_currency($data['amount_tendered'] - $data['total']);
+            $data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']);
        }

-        $employee_id      = $this->employee->get_logged_in_employee_info()->person_id;
-        $employee_info    = $this->employee->get_info($employee_id);
+        $employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $employee_info = $this->employee->get_info($employee_id);
        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;

        $supplier_id = $this->receiving_lib->get_supplier();
-        if ($supplier_id !== -1) {
-            $supplier_info            = $this->supplier->get_info($supplier_id);
-            $data['supplier']         = $supplier_info->company_name;    // TODO: duplicated code
-            $data['first_name']       = $supplier_info->first_name;
-            $data['last_name']        = $supplier_info->last_name;
-            $data['supplier_email']   = $supplier_info->email;
+        if ($supplier_id != -1) {
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;    // TODO: duplicated code
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
            $data['supplier_address'] = $supplier_info->address_1;
-            if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
            } else {
                $data['supplier_location'] = '';
@@ -336,7 +363,7 @@ class Receivings extends Secure_Controller
        // SAVE receiving to database
        $data['receiving_id'] = 'RECV ' . $this->receiving->save_value($data['cart'], $supplier_id, $employee_id, $data['comment'], $data['reference'], $data['payment_type'], $data['stock_location']);

-        if ($data['receiving_id'] === 'RECV -1') {
+        if ($data['receiving_id'] == 'RECV -1') {
            $data['error_message'] = lang('Receivings.transaction_failed');
        } else {
            $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
@@ -344,66 +371,69 @@ class Receivings extends Secure_Controller

        $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();

-        echo view('receivings/receipt', $data);
+        $view = view("receivings/receipt", $data);

        $this->receiving_lib->clear_all();
+
+        return $view;
    }

    /**
     * Complete a receiving requisition. Used in app/Views/receivings/receiving.php.
     *
+     * @return string
     * @throws ReflectionException
     * @noinspection PhpUnused
     */
-    public function postRequisitionComplete(): void
+    public function postRequisitionComplete(): string
    {
-        if ($this->receiving_lib->get_stock_source() !== $this->receiving_lib->get_stock_destination()) {
+        if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) {
            foreach ($this->receiving_lib->get_cart() as $item) {
                $this->receiving_lib->delete_item($item['line']);
                $this->receiving_lib->add_item($item['item_id'], $item['quantity'], $this->receiving_lib->get_stock_destination(), $item['discount_type']);
                $this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source(), $item['discount_type']);
            }

-            $this->postComplete();
+            return $this->postComplete();
        } else {
            $data['error'] = lang('Receivings.error_requisition');

-            $this->_reload($data);    // TODO: Hungarian notation
+            return $this->_reload($data);    // TODO: Hungarian notation
        }
    }

    /**
     * Gets the receipt for a receiving. Used in app/Views/receivings/form.php
     *
+     * @param $receiving_id
+     * @return string
     * @noinspection PhpUnused
-     *
-     * @param mixed $receiving_id
     */
-    public function getReceipt($receiving_id): void
+    public function getReceipt($receiving_id): string
    {
        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
        $this->receiving_lib->copy_entire_receiving($receiving_id);
-        $data['cart']                 = $this->receiving_lib->get_cart();
-        $data['total']                = $this->receiving_lib->get_total();
-        $data['mode']                 = $this->receiving_lib->get_mode();
-        $data['transaction_time']     = to_datetime(strtotime($receiving_info['receiving_time']));
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['total'] = $this->receiving_lib->get_total();
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['transaction_time'] = to_datetime(strtotime($receiving_info['receiving_time']));
        $data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
-        $data['payment_type']         = $receiving_info['payment_type'];
-        $data['reference']            = $this->receiving_lib->get_reference();
-        $data['receiving_id']         = 'RECV ' . $receiving_id;
-        $data['barcode']              = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
-        $employee_info                = $this->employee->get_info($receiving_info['employee_id']);
-        $data['employee']             = $employee_info->first_name . ' ' . $employee_info->last_name;
+        $data['payment_type'] = $receiving_info['payment_type'];
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['receiving_id'] = 'RECV ' . $receiving_id;
+        $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
+        $employee_info = $this->employee->get_info($receiving_info['employee_id']);
+        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;

        $supplier_id = $this->receiving_lib->get_supplier();    // TODO: Duplicated code
-        if ($supplier_id !== -1) {
-            $supplier_info            = $this->supplier->get_info($supplier_id);
-            $data['supplier']         = $supplier_info->company_name;
-            $data['first_name']       = $supplier_info->first_name;
-            $data['last_name']        = $supplier_info->last_name;
-            $data['supplier_email']   = $supplier_info->email;
+        if ($supplier_id != -1) {
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
            $data['supplier_address'] = $supplier_info->address_1;
-            if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
            } else {
                $data['supplier_location'] = '';
@@ -412,40 +442,46 @@ class Receivings extends Secure_Controller

        $data['print_after_sale'] = false;

-        echo view('receivings/receipt', $data);
+        $view = view("receivings/receipt", $data);

        $this->receiving_lib->clear_all();
+
+        return $view;
    }

-    private function _reload(array $data = []): void    // TODO: Hungarian notation
+    /**
+     * @param array $data
+     * @return string
+     */
+    private function _reload(array $data = []): string    // TODO: Hungarian notation
    {
-        $data['cart']                 = $this->receiving_lib->get_cart();
-        $data['modes']                = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
-        $data['mode']                 = $this->receiving_lib->get_mode();
-        $data['stock_locations']      = $this->stock_location->get_allowed_locations('receivings');
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['stock_locations'] = $this->stock_location->get_allowed_locations('receivings');
        $data['show_stock_locations'] = count($data['stock_locations']) > 1;
        if ($data['show_stock_locations']) {
            $data['modes']['requisition'] = lang('Receivings.requisition');
-            $data['stock_source']         = $this->receiving_lib->get_stock_source();
-            $data['stock_destination']    = $this->receiving_lib->get_stock_destination();
+            $data['stock_source'] = $this->receiving_lib->get_stock_source();
+            $data['stock_destination'] = $this->receiving_lib->get_stock_destination();
        }

-        $data['total']                = $this->receiving_lib->get_total();
+        $data['total'] = $this->receiving_lib->get_total();
        $data['items_module_allowed'] = $this->employee->has_grant('items', $this->employee->get_logged_in_employee_info()->person_id);
-        $data['comment']              = $this->receiving_lib->get_comment();
-        $data['reference']            = $this->receiving_lib->get_reference();
-        $data['payment_options']      = $this->receiving->get_payment_options();
+        $data['comment'] = $this->receiving_lib->get_comment();
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['payment_options'] = $this->receiving->get_payment_options();

        $supplier_id = $this->receiving_lib->get_supplier();

-        if ($supplier_id !== -1) {    // TODO: Duplicated Code... replace -1 with a constant
-            $supplier_info            = $this->supplier->get_info($supplier_id);
-            $data['supplier']         = $supplier_info->company_name;
-            $data['first_name']       = $supplier_info->first_name;
-            $data['last_name']        = $supplier_info->last_name;
-            $data['supplier_email']   = $supplier_info->email;
+        if ($supplier_id != -1) {    // TODO: Duplicated Code... replace -1 with a constant
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
            $data['supplier_address'] = $supplier_info->address_1;
-            if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
            } else {
                $data['supplier_location'] = '';
@@ -454,39 +490,50 @@ class Receivings extends Secure_Controller

        $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();

-        echo view('receivings/receiving', $data);
+        return view("receivings/receiving", $data);
    }

    /**
+     * @return ResponseInterface
     * @throws ReflectionException
     */
-    public function postSave(int $receiving_id = -1): void    // TODO: Replace -1 with a constant
+    public function postSave(int $receiving_id = -1): ResponseInterface    // TODO: Replace -1 with a constant
    {
        $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: newdate does not follow naming conventions

        $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
        $receiving_time = $date_formatter->format('Y-m-d H:i:s');

+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
+
+        if (!$this->employee->has_grant('employees', $current_employee_id)) {
+            $existing_receiving = $this->receiving->get_info($receiving_id)->getRowArray();
+            $employee_id = $existing_receiving['employee_id'];
+        } else {
+            $employee_id = $submitted_employee_id;
+        }
+
        $receiving_data = [
            'receiving_time' => $receiving_time,
            'supplier_id'    => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
-            'employee_id'    => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'employee_id'    => $employee_id,
            'comment'        => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'reference'      => $this->request->getPost('reference') !== '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null,
+            'reference'      => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
        ];

        $this->inventory->update('RECV ' . $receiving_id, ['trans_date' => $receiving_time]);
        if ($this->receiving->update($receiving_id, $receiving_data)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
                'message' => lang('Receivings.successfully_updated'),
-                'id'      => $receiving_id,
+                'id'      => $receiving_id
            ]);
        } else {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Receivings.unsuccessfully_updated'),
-                'id'      => $receiving_id,
+                'id'      => $receiving_id
            ]);
        }
    }
@@ -494,12 +541,13 @@ class Receivings extends Secure_Controller
    /**
     * Cancel an in-process receiving. Used in app/Views/receivings/receiving.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function postCancelReceiving(): void
+    public function postCancelReceiving(): string
    {
        $this->receiving_lib->clear_all();

-        $this->_reload();    // TODO: Hungarian Notation
+        return $this->_reload();    // TODO: Hungarian Notation
    }
 }
--- a/app/Controllers/Reports.php
+++ b/app/Controllers/Reports.php
--- a/app/Controllers/Sales.php
+++ b/app/Controllers/Sales.php
--- a/app/Controllers/Secure_Controller.php
+++ b/app/Controllers/Secure_Controller.php
@@ -4,6 +4,8 @@ namespace App\Controllers;

 use App\Models\Employee;
 use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
+use CodeIgniter\Model;
 use CodeIgniter\Session\Session;
 use Config\OSPOS;
 use Config\Services;
@@ -12,10 +14,11 @@ use Config\Services;
 * Controllers that are considered secure extend Secure_Controller, optionally a $module_id can
 * be set to also check if a user can access a particular module in the system.
 *
+ * @property employee employee
+ * @property module module
 * @property array global_view_data
- * @property Employee employee
- * @property Module module
- * @property Session session
+ * @property session session
+ *
 */
 class Secure_Controller extends BaseController
 {
@@ -24,43 +27,45 @@ class Secure_Controller extends BaseController
    protected Module $module;
    protected Session $session;

+    /**
+     * @param string $module_id
+     * @param string|null $submodule_id
+     * @param string|null $menu_group
+     */
    public function __construct(string $module_id = '', ?string $submodule_id = null, ?string $menu_group = null)
    {
        $this->employee = model(Employee::class);
-        $this->module   = model(Module::class);
-        $config         = config(OSPOS::class)->settings;
-        $validation     = Services::validation();
-
-        if (! $this->employee->is_logged_in()) {
-            header('Location:' . base_url('login'));
+        $this->module = model(Module::class);
+        $config = config(OSPOS::class)->settings;
+        $validation = Services::validation();

+        if (!$this->employee->is_logged_in()) {
+            header("Location:" . base_url('login'));
            exit();
        }

        $logged_in_employee_info = $this->employee->get_logged_in_employee_info();
        if (
-            ! $this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
-            || (isset($submodule_id) && ! $this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))
+            !$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
+            || (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))
        ) {
-            header('Location:' . base_url("no_access/{$module_id}/{$submodule_id}"));
-
+            header("Location:" . base_url("no_access/$module_id/$submodule_id"));
            exit();
        }

        // Load up global global_view_data visible to all the loaded views
        $this->session = session();
-        if ($menu_group === null) {
+        if ($menu_group == null) {
            $menu_group = $this->session->get('menu_group');
        } else {
            $this->session->set('menu_group', $menu_group);
        }

-        $allowed_modules = $menu_group === 'home'
+        $allowed_modules = $menu_group == 'home'
            ? $this->module->get_allowed_home_modules($logged_in_employee_info->person_id)
            : $this->module->get_allowed_office_modules($logged_in_employee_info->person_id);

        $this->global_view_data = [];
-
        foreach ($allowed_modules->getResult() as $module) {
            $this->global_view_data['allowed_modules'][] = $module;
        }
@@ -68,36 +73,33 @@ class Secure_Controller extends BaseController
        $this->global_view_data += [
            'user_info'       => $logged_in_employee_info,
            'controller_name' => $module_id,
-            'config'          => $config,
+            'config'          => $config
        ];
        view('viewData', $this->global_view_data);
    }

    public function sanitizeSortColumn($headers, $field, $default): string
    {
-        return $field !== null && in_array($field, array_keys(array_merge(...$headers)), true) ? $field : $default;
+        return $field != null && in_array($field, array_keys(array_merge(...$headers))) ? $field : $default;
    }

    /**
     * AJAX function used to confirm whether values sent in the request are numeric
-     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getCheckNumeric(): void
+    public function getCheckNumeric(): ResponseInterface
    {
        foreach ($this->request->getGet() as $value) {
            if (parse_decimals($value) === false) {
-                echo 'false';
-
-                return;
+                return $this->response->setJSON('false');
            }
        }
-        echo 'true';
+        return $this->response->setJSON('true');
    }

    /**
-     * @param mixed $key
-     *
+     * @param $key
     * @return mixed|void
     */
    public function getConfig($key)
@@ -132,6 +134,7 @@ class Secure_Controller extends BaseController
    }

    /**
+     * @param int $data_item_id
     * @return false
     */
    public function getView(int $data_item_id = -1)
@@ -140,6 +143,7 @@ class Secure_Controller extends BaseController
    }

    /**
+     * @param int $data_item_id
     * @return false
     */
    public function postSave(int $data_item_id = -1)
--- a/app/Controllers/Suppliers.php
+++ b/app/Controllers/Suppliers.php
@@ -3,6 +3,8 @@
 namespace App\Controllers;

 use App\Models\Supplier;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 class Suppliers extends Persons
 {
@@ -15,98 +17,111 @@ class Suppliers extends Persons
        $this->supplier = model(Supplier::class);
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_suppliers_manage_table_headers();

-        echo view('people/manage', $data);
+        return view('people/manage', $data);
    }

    /**
     * Gets one row for a supplier manage table. This is called using AJAX to update one row.
-     *
-     * @param mixed $row_id
+     * @param $row_id
+     * @return ResponseInterface
     */
-    public function getRow($row_id): void
+    public function getRow($row_id): ResponseInterface
    {
-        $data_row             = get_supplier_data_row($this->supplier->get_info($row_id));
+        $data_row = get_supplier_data_row($this->supplier->get_info($row_id));
        $data_row['category'] = $this->supplier->get_category_name($data_row['category']);

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

    /**
     * Returns Supplier table data rows. This will be called with AJAX.
-     */
-    public function getSearch(): void
+     * @return void
+     **/
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
-        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->sanitizeSortColumn(supplier_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
-        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort = $this->sanitizeSortColumn(supplier_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $suppliers  = $this->supplier->search($search, $limit, $offset, $sort, $order);
+        $suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->supplier->get_found_rows($search);

        $data_rows = [];

        foreach ($suppliers->getResult() as $supplier) {
-            $row             = get_supplier_data_row($supplier);
+            $row = get_supplier_data_row($supplier);
            $row['category'] = $this->supplier->get_category_name($row['category']);
-            $data_rows[]     = $row;
+            $data_rows[] = $row;
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * Gives search suggestions based on what is being searched for
-     */
-    public function getSuggest(): void
+     * @return ResponseInterface
+     **/
+    public function getSuggest(): ResponseInterface
    {
-        $search      = $this->request->getGet('term');
+        $search = $this->request->getGet('term');
        $suggestions = $this->supplier->get_search_suggestions($search, true);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function suggest_search(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->supplier->get_search_suggestions($search, false);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Loads the supplier edit form
+     *
+     * @param int $supplier_id
+     * @return string
     */
-    public function getView(int $supplier_id = NEW_ENTRY): void
+    public function getView(int $supplier_id = NEW_ENTRY): string
    {
        $info = $this->supplier->get_info($supplier_id);
-
        foreach (get_object_vars($info) as $property => $value) {
-            $info->{$property} = $value;
+            $info->$property = $value;
        }
        $data['person_info'] = $info;
-        $data['categories']  = $this->supplier->get_categories();
+        $data['categories'] = $this->supplier->get_categories();

-        echo view('suppliers/form', $data);
+        return view("suppliers/form", $data);
    }

    /**
     * Inserts/updates a supplier
+     *
+     * @param int $supplier_id
+     * @return ResponseInterface
     */
-    public function postSave(int $supplier_id = NEW_ENTRY): void
+    public function postSave(int $supplier_id = NEW_ENTRY): ResponseInterface
    {
        $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: Duplicate code
-        $last_name  = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $email      = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+        $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));

        // Format first and last name properly
        $first_name = $this->nameize($first_name);
-        $last_name  = $this->nameize($last_name);
+        $last_name = $this->nameize($last_name);

        $person_data = [
            'first_name'   => $first_name,
@@ -120,55 +135,58 @@ class Suppliers extends Persons
            'state'        => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'zip'          => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'country'      => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
        ];

        $supplier_data = [
            'company_name'   => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'agency_name'    => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'category'       => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'account_number' => $this->request->getPost('account_number') === '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'tax_id'         => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT),
+            'account_number' => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'tax_id'         => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
        ];

        if ($this->supplier->save_supplier($person_data, $supplier_data, $supplier_id)) {
            // New supplier
-            if ($supplier_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($supplier_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Suppliers.successful_adding') . ' ' . $supplier_data['company_name'],
-                    'id'      => $supplier_data['person_id'],
+                    'id'      => $supplier_data['person_id']
                ]);
            } else { // Existing supplier
-                echo json_encode([
+
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Suppliers.successful_updating') . ' ' . $supplier_data['company_name'],
-                    'id'      => $supplier_id,
+                    'id'      => $supplier_id
                ]);
            }
        } else { // Failure
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
-                'message' => lang('Suppliers.error_adding_updating') . ' ' . $supplier_data['company_name'],
-                'id'      => NEW_ENTRY,
+                'message' => lang('Suppliers.error_adding_updating') . ' ' .     $supplier_data['company_name'],
+                'id'      => NEW_ENTRY
            ]);
        }
    }

    /**
     * This deletes suppliers from the suppliers table
+     *
+     * @return ResponseInterface
     */
-    public function postDelete(): void
+    public function postDelete(): ResponseInterface
    {
        $suppliers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);

        if ($this->supplier->delete_list($suppliers_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple'),
+                'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Tax_categories.php
+++ b/app/Controllers/Tax_categories.php
@@ -3,9 +3,11 @@
 namespace App\Controllers;

 use App\Models\Tax_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 /**
- * @property Tax_category tax_category
+ * @property tax_category tax_category
 */
 class Tax_categories extends Secure_Controller
 {
@@ -18,93 +20,113 @@ class Tax_categories extends Secure_Controller
        $this->tax_category = model(Tax_category::class);
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['tax_categories_table_headers'] = get_tax_categories_table_headers();

-        echo view('taxes/tax_categories', $data);
+        return view('taxes/tax_categories', $data);
    }

    /**
     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_categories_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_category_id');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);
-        $total_rows     = $this->tax_category->get_found_rows($search);
+        $total_rows = $this->tax_category->get_found_rows($search);

        $data_rows = [];
-
        foreach ($tax_categories->getResult() as $tax_category) {
            $data_rows[] = get_tax_categories_data_row($tax_category);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function getRow($row_id): void
+    /**
+     * @param $row_id
+     * @return ResponseInterface
+     */
+    public function getRow($row_id): ResponseInterface
    {
        $data_row = get_tax_categories_data_row($this->tax_category->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView(int $tax_category_id = NEW_ENTRY): void
+    /**
+     * @param int $tax_category_id
+     * @return string
+     */
+    public function getView(int $tax_category_id = NEW_ENTRY): string
    {
        $data['tax_category_info'] = $this->tax_category->get_info($tax_category_id);

-        echo view('taxes/tax_category_form', $data);
+        return view("taxes/tax_category_form", $data);
    }

-    public function postSave(int $tax_category_id = NEW_ENTRY): void
+
+    /**
+     * @param int $tax_category_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $tax_category_id = NEW_ENTRY): ResponseInterface
    {
        $tax_category_data = [
            'tax_category'       => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'tax_category_code'  => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT),
+            'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT)
        ];

        if ($this->tax_category->save_value($tax_category_data, $tax_category_id)) {
            // New tax_category_id
-            if ($tax_category_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($tax_category_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_categories.successful_adding'),
-                    'id'      => $tax_category_data['tax_category_id'],
+                    'id'      => $tax_category_data['tax_category_id']
                ]);
            } else {
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_categories.successful_updating'),
-                    'id'      => $tax_category_id,
+                    'id'      => $tax_category_id
                ]);
            }
        } else {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Tax_categories.error_adding_updating') . ' ' . $tax_category_data['tax_category'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $tax_categories_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);

        if ($this->tax_category->delete_list($tax_categories_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple'),
+                'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Tax_codes.php
+++ b/app/Controllers/Tax_codes.php
@@ -3,9 +3,11 @@
 namespace App\Controllers;

 use App\Models\Tax_code;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 /**
- * @property Tax_code tax_code
+ * @property tax_code tax_code
 */
 class Tax_codes extends Secure_Controller
 {
@@ -19,30 +21,39 @@ class Tax_codes extends Secure_Controller
        helper('tax_helper');
    }

-    public function getIndex(): void
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
-        echo view('taxes/tax_codes', $this->get_data());
+        return view('taxes/tax_codes', $this->get_data());
    }

+    /**
+     * @return array
+     */
    public function get_data(): array
    {
-        $data['table_headers'] = get_tax_code_table_headers();

+        $data['table_headers'] = get_tax_code_table_headers();
        return $data;
    }

    /**
     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_code_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_code');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

-        $tax_codes  = $this->tax_code->search($search, $limit, $offset, $sort, $order);
+        $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
        $total_rows = $this->tax_code->get_found_rows($search);

        $data_rows = [];
@@ -51,66 +62,82 @@ class Tax_codes extends Secure_Controller
            $data_rows[] = get_tax_code_data_row($tax_code);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_tax_code_data_row($this->tax_code->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView(int $tax_code_id = NEW_ENTRY): void
+    /**
+     * @param int $tax_code_id
+     * @return string
+     */
+    public function getView(int $tax_code_id = NEW_ENTRY): string
    {
        $data['tax_code_info'] = $this->tax_code->get_info($tax_code_id);

-        echo view('taxes/tax_code_form', $data);
+        return view("taxes/tax_code_form", $data);
    }

-    public function postSave(int $tax_code_id = NEW_ENTRY): void
+
+    /**
+     * @param int $tax_code_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $tax_code_id = NEW_ENTRY): ResponseInterface
    {
        $tax_code_data = [
            'tax_code'      => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
            'city'          => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'state'         => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'state'         => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
        ];

        if ($this->tax_code->save($tax_code_data)) {
-            if ($tax_code_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($tax_code_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_codes.successful_adding'),
-                    'id'      => $tax_code_data['tax_code_id'],
+                    'id'      => $tax_code_data['tax_code_id']
                ]);
            } else {
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_codes.successful_updating'),
-                    'id'      => $tax_code_id,
+                    'id'      => $tax_code_id
                ]);
            }
        } else {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Tax_codes.error_adding_updating') . ' ' . $tax_code_data['tax_code_id'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);

        if ($this->tax_code->delete_list($tax_codes_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple'),
+                'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Tax_jurisdictions.php
+++ b/app/Controllers/Tax_jurisdictions.php
@@ -3,9 +3,11 @@
 namespace App\Controllers;

 use App\Models\Tax_jurisdiction;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;

 /**
- * @property Tax_jurisdiction tax_jurisdiction
+ * @property tax_jurisdiction tax_jurisdiction
 */
 class Tax_jurisdictions extends Secure_Controller
 {
@@ -20,91 +22,112 @@ class Tax_jurisdictions extends Secure_Controller
        helper('tax_helper');
    }

-    public function getIndex(): void
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['table_headers'] = get_tax_jurisdictions_table_headers();

-        echo view('taxes/tax_jurisdictions', $data);
+        return view('taxes/tax_jurisdictions', $data);
    }

    /**
     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_jurisdictions_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'jurisdiction_id');
        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
-        $total_rows        = $this->tax_jurisdiction->get_found_rows($search);
+        $total_rows = $this->tax_jurisdiction->get_found_rows($search);

        $data_rows = [];
-
        foreach ($tax_jurisdictions->getResult() as $tax_jurisdiction) {
            $data_rows[] = get_tax_jurisdictions_data_row($tax_jurisdiction);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

-    public function getRow(int $row_id): void
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_tax_jurisdictions_data_row($this->tax_jurisdiction->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView(int $tax_jurisdiction_id = NEW_ENTRY): void
+    /**
+     * @param int $tax_jurisdiction_id
+     * @return string
+     */
+    public function getView(int $tax_jurisdiction_id = NEW_ENTRY): string
    {
        $data['tax_jurisdiction_info'] = $this->tax_jurisdiction->get_info($tax_jurisdiction_id);

-        echo view('taxes/tax_jurisdiction_form', $data);
+        return view("taxes/tax_jurisdiction_form", $data);
    }

-    public function postSave(int $jurisdiction_id = NEW_ENTRY): void
+
+    /**
+     * @param int $jurisdiction_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $jurisdiction_id = NEW_ENTRY): ResponseInterface
    {
        $tax_jurisdiction_data = [
            'jurisdiction_name'   => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
        ];

        if ($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) {
-            if ($jurisdiction_id === NEW_ENTRY) {
-                echo json_encode([
+            if ($jurisdiction_id == NEW_ENTRY) {
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_jurisdictions.successful_adding'),
-                    'id'      => $tax_jurisdiction_data['jurisdiction_id'],
+                    'id'      => $tax_jurisdiction_data['jurisdiction_id']
                ]);
            } else {
-                echo json_encode([
+                return $this->response->setJSON([
                    'success' => true,
                    'message' => lang('Tax_jurisdictions.successful_updating'),
-                    'id'      => $jurisdiction_id,
+                    'id'      => $jurisdiction_id
                ]);
            }
        } else {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => false,
                'message' => lang('Tax_jurisdictions.error_adding_updating') . ' ' . $tax_jurisdiction_data['jurisdiction_name'],
-                'id'      => NEW_ENTRY,
+                'id'      => NEW_ENTRY
            ]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $tax_jurisdictions_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);

        if ($this->tax_jurisdiction->delete_list($tax_jurisdictions_to_delete)) {
-            echo json_encode([
+            return $this->response->setJSON([
                'success' => true,
-                'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple'),
+                'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple')
            ]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
        }
    }
 }
--- a/app/Controllers/Taxes.php
+++ b/app/Controllers/Taxes.php
@@ -3,12 +3,14 @@
 namespace App\Controllers;

 use App\Libraries\Tax_lib;
-use App\Models\enums\Rounding_mode;
+use App\Models\Enums\Rounding_mode;
 use App\Models\Tax;
 use App\Models\Tax_category;
 use App\Models\Tax_code;
 use App\Models\Tax_jurisdiction;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;

 class Taxes extends Secure_Controller
 {
@@ -23,37 +25,40 @@ class Taxes extends Secure_Controller
    {
        parent::__construct('taxes');

-        $this->tax              = model(Tax::class);
-        $this->tax_category     = model(Tax_category::class);
-        $this->tax_code         = model(Tax_code::class);
+        $this->tax = model(Tax::class);
+        $this->tax_category = model(Tax_category::class);
+        $this->tax_code = model(Tax_code::class);
        $this->tax_jurisdiction = model(Tax_jurisdiction::class);

        $this->tax_lib = new Tax_lib();
-        $this->config  = config(OSPOS::class)->settings;
+        $this->config = config(OSPOS::class)->settings;

        helper('tax_helper');
    }

-    public function getIndex(): void
+    /**
+     * @return string
+     */
+    public function getIndex(): string
    {
        $data['tax_codes'] = $this->tax_code->get_all()->getResultArray();
-        if (count($data['tax_codes']) === 0) {
+        if (count($data['tax_codes']) == 0) {
            $data['tax_codes'] = $this->tax_code->get_empty_row();
        }

        $data['tax_categories'] = $this->tax_category->get_all()->getResultArray();
-        if (count($data['tax_categories']) === 0) {
+        if (count($data['tax_categories']) == 0) {
            $data['tax_categories'] = $this->tax_category->get_empty_row();
        }

        $data['tax_jurisdictions'] = $this->tax_jurisdiction->get_all()->getResultArray();
-        if (count($data['tax_jurisdictions']) === 0) {
+        if (count($data['tax_jurisdictions']) == 0) {
            $data['tax_jurisdictions'] = $this->tax_jurisdiction->get_empty_row();
        }

-        $data['tax_rate_table_headers']       = get_tax_rates_manage_table_headers();
+        $data['tax_rate_table_headers'] = get_tax_rates_manage_table_headers();
        $data['tax_categories_table_headers'] = get_tax_categories_table_headers();
-        $data['tax_types']                    = $this->tax_lib->get_tax_types();
+        $data['tax_types'] = $this->tax_lib->get_tax_types();

        if ($this->config['tax_included']) {
            $data['default_tax_type'] = Tax_lib::TAX_TYPE_INCLUDED;
@@ -63,68 +68,80 @@ class Taxes extends Secure_Controller

        $data['tax_type_options'] = $this->tax_lib->get_tax_type_options($data['default_tax_type']);

-        echo view('taxes/manage', $data);
+        return view('taxes/manage', $data);
    }

    /**
     * Returns tax_codes table data rows. This will be called with AJAX.
+     *
+     * @return void
     */
-    public function getSearch(): void
+    public function getSearch(): ResponseInterface
    {
        $search = $this->request->getGet('search');
-        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort = $this->sanitizeSortColumn(get_tax_rates_manage_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_rate_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);

        $total_rows = $this->tax->get_found_rows($search);

        $data_rows = [];
-
        foreach ($tax_rates->getResult() as $tax_rate_row) {
            $data_rows[] = get_tax_rates_data_row($tax_rate_row);
        }

-        echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
    }

    /**
     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
     */
-    public function suggest_search(): void
+    public function suggest_search(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->tax->get_search_suggestions($search);    // TODO: There is no get_search_suggestions function in the tax model

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Provides list of tax categories to select from
+     * @return ResponseInterface
     */
-    public function suggest_tax_categories(): void
+    public function suggest_tax_categories(): ResponseInterface
    {
-        $search      = $this->request->getPost('term');
+        $search = $this->request->getPost('term');
        $suggestions = $this->tax_category->get_tax_category_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

-    public function getRow(int $row_id): void
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
    {
        $data_row = get_tax_rates_data_row($this->tax->get_info($row_id));

-        echo json_encode($data_row);
+        return $this->response->setJSON($data_row);
    }

-    public function getView_tax_codes(int $tax_code = NEW_ENTRY): void
+    /**
+     * @param int $tax_code
+     * @return string
+     */
+    public function getView_tax_codes(int $tax_code = NEW_ENTRY): string
    {
        $tax_code_info = $this->tax->get_info($tax_code);

        $default_tax_category_id = 1; // Tax category id is always the default tax category    // TODO: Replace 1 with constant
-        $default_tax_category    = $this->tax->get_tax_category($default_tax_category_id);    // TODO: this variable is never used in the code.
+        $default_tax_category = $this->tax->get_tax_category($default_tax_category_id);    // TODO: this variable is never used in the code.

        $tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);

@@ -134,91 +151,99 @@ class Taxes extends Secure_Controller
            $data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
        }

-        $data['rounding_options']      = Rounding_mode::get_rounding_options();
+        $data['rounding_options'] = Rounding_mode::get_rounding_options();
        $data['html_rounding_options'] = $this->get_html_rounding_options();

-        if ($tax_code === NEW_ENTRY) {   // TODO: Duplicated code
-            $data['tax_code']             = '';
-            $data['tax_code_name']        = '';
-            $data['tax_code_type']        = '0';
-            $data['city']                 = '';
-            $data['state']                = '';
-            $data['tax_rate']             = '0.0000';
-            $data['rate_tax_code']        = '';
+        if ($tax_code == NEW_ENTRY) {   // TODO: Duplicated code
+            $data['tax_code'] = '';
+            $data['tax_code_name'] = '';
+            $data['tax_code_type'] = '0';
+            $data['city'] = '';
+            $data['state'] = '';
+            $data['tax_rate'] = '0.0000';
+            $data['rate_tax_code'] = '';
            $data['rate_tax_category_id'] = 1;
-            $data['tax_category']         = '';
-            $data['add_tax_category']     = '';
-            $data['rounding_code']        = '0';
+            $data['tax_category'] = '';
+            $data['add_tax_category'] = '';
+            $data['rounding_code'] = '0';
        } else {
-            $data['tax_code']             = $tax_code;
-            $data['tax_code_name']        = $tax_code_info->tax_code_name;
-            $data['tax_code_type']        = $tax_code_info->tax_code_type;
-            $data['city']                 = $tax_code_info->city;
-            $data['state']                = $tax_code_info->state;
-            $data['rate_tax_code']        = $tax_code_info->rate_tax_code;
+            $data['tax_code'] = $tax_code;
+            $data['tax_code_name'] = $tax_code_info->tax_code_name;
+            $data['tax_code_type'] = $tax_code_info->tax_code_type;
+            $data['city'] = $tax_code_info->city;
+            $data['state'] = $tax_code_info->state;
+            $data['rate_tax_code'] = $tax_code_info->rate_tax_code;
            $data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
-            $data['tax_category']         = $tax_code_info->tax_category;
-            $data['add_tax_category']     = '';
-            $data['tax_rate']             = $tax_rate_info->tax_rate;
-            $data['rounding_code']        = $tax_rate_info->rounding_code;
+            $data['tax_category'] = $tax_code_info->tax_category;
+            $data['add_tax_category'] = '';
+            $data['tax_rate'] = $tax_rate_info->tax_rate;
+            $data['rounding_code'] = $tax_rate_info->rounding_code;
        }

        $tax_rates = [];
-
        foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) {    // TODO: get_tax_code_rate_exceptions doesn't exist.  This was deleted by @steveireland in https://github.com/opensourcepos/opensourcepos/commit/32204698379c230f2a6756655f40334308023de9#diff-e746bab6720cf5dbf855de6cda68f7aca9ecea7ddd5a39bb852e9b9047a7a838L435 but it's unclear if that was on purpose or accidental.
-            $tax_rate_row                         = [];
+            $tax_rate_row = [];
            $tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
-            $tax_rate_row['tax_category']         = $tax_code_rate['tax_category'];
-            $tax_rate_row['tax_rate']             = $tax_code_rate['tax_rate'];
-            $tax_rate_row['rounding_code']        = $tax_code_rate['rounding_code'];
+            $tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
+            $tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
+            $tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];

            $tax_rates[] = $tax_rate_row;
        }

        $data['tax_rates'] = $tax_rates;

-        echo view('taxes/tax_code_form', $data);
+        return view('taxes/tax_code_form', $data);
    }

-    public function getView(int $tax_rate_id = NEW_ENTRY): void
+
+    /**
+     * @param int $tax_rate_id
+     * @return string
+     */
+    public function getView(int $tax_rate_id = NEW_ENTRY): string
    {
        $tax_rate_info = $this->tax->get_info($tax_rate_id);

-        $data['tax_rate_id']      = $tax_rate_id;
+        $data['tax_rate_id'] = $tax_rate_id;
        $data['rounding_options'] = Rounding_mode::get_rounding_options();

-        $data['tax_code_options']         = $this->tax_lib->get_tax_code_options();
-        $data['tax_category_options']     = $this->tax_lib->get_tax_category_options();
+        $data['tax_code_options'] = $this->tax_lib->get_tax_code_options();
+        $data['tax_category_options'] = $this->tax_lib->get_tax_category_options();
        $data['tax_jurisdiction_options'] = $this->tax_lib->get_tax_jurisdiction_options();

-        if ($tax_rate_id === NEW_ENTRY) {
-            $data['rate_tax_code_id']     = $this->config['default_tax_code'];
+        if ($tax_rate_id == NEW_ENTRY) {
+            $data['rate_tax_code_id'] = $this->config['default_tax_code'];
            $data['rate_tax_category_id'] = $this->config['default_tax_category'];
            $data['rate_jurisdiction_id'] = $this->config['default_tax_jurisdiction'];
-            $data['tax_rounding_code']    = Rounding_mode::HALF_UP;
-            $data['tax_rate']             = '0.0000';
+            $data['tax_rounding_code'] = Rounding_mode::HALF_UP;
+            $data['tax_rate'] = '0.0000';
        } else {
-            $data['rate_tax_code_id']     = $tax_rate_info->rate_tax_code_id;
-            $data['rate_tax_code']        = $tax_rate_info->tax_code;
+            $data['rate_tax_code_id'] = $tax_rate_info->rate_tax_code_id;
+            $data['rate_tax_code'] = $tax_rate_info->tax_code;
            $data['rate_tax_category_id'] = $tax_rate_info->rate_tax_category_id;
            $data['rate_jurisdiction_id'] = $tax_rate_info->rate_jurisdiction_id;
-            $data['tax_rounding_code']    = $tax_rate_info->tax_rounding_code;
-            $data['tax_rate']             = $tax_rate_info->tax_rate;
+            $data['tax_rounding_code'] = $tax_rate_info->tax_rounding_code;
+            $data['tax_rate'] = $tax_rate_info->tax_rate;
        }

-        echo view('taxes/tax_rates_form', $data);
+        return view('taxes/tax_rates_form', $data);
    }

-    public function getView_tax_categories(int $tax_code = NEW_ENTRY): void    // TODO: This appears to be called no where in the code.
+    /**
+     * @param int $tax_code
+     * @return string
+     */
+    public function getView_tax_categories(int $tax_code = NEW_ENTRY): string    // TODO: This appears to be called no where in the code.
    {
        $tax_code_info = $this->tax->get_info($tax_code);    // TODO: Duplicated Code

        $default_tax_category_id = 1; // Tax category id is always the default tax category    // TODO: replace with a constant.
-        $default_tax_category    = $this->tax->get_tax_category($default_tax_category_id);
+        $default_tax_category = $this->tax->get_tax_category($default_tax_category_id);

        $tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);

-        $data['rounding_options']      = Rounding_mode::get_rounding_options();
+        $data['rounding_options'] = Rounding_mode::get_rounding_options();
        $data['html_rounding_options'] = $this->get_html_rounding_options();

        if ($this->config['tax_included']) {
@@ -227,59 +252,62 @@ class Taxes extends Secure_Controller
            $data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
        }

-        if ($tax_code === NEW_ENTRY) {
-            $data['tax_code']             = '';
-            $data['tax_code_name']        = '';
-            $data['tax_code_type']        = '0';
-            $data['city']                 = '';
-            $data['state']                = '';
-            $data['tax_rate']             = '0.0000';
-            $data['rate_tax_code']        = '';
+        if ($tax_code == NEW_ENTRY) {
+            $data['tax_code'] = '';
+            $data['tax_code_name'] = '';
+            $data['tax_code_type'] = '0';
+            $data['city'] = '';
+            $data['state'] = '';
+            $data['tax_rate'] = '0.0000';
+            $data['rate_tax_code'] = '';
            $data['rate_tax_category_id'] = 1;
-            $data['tax_category']         = '';
-            $data['add_tax_category']     = '';
-            $data['rounding_code']        = '0';
+            $data['tax_category'] = '';
+            $data['add_tax_category'] = '';
+            $data['rounding_code'] = '0';
        } else {
-            $data['tax_code']             = $tax_code;
-            $data['tax_code_name']        = $tax_code_info->tax_code_name;
-            $data['tax_code_type']        = $tax_code_info->tax_code_type;
-            $data['city']                 = $tax_code_info->city;
-            $data['state']                = $tax_code_info->state;
-            $data['rate_tax_code']        = $tax_code_info->rate_tax_code;
+            $data['tax_code'] = $tax_code;
+            $data['tax_code_name'] = $tax_code_info->tax_code_name;
+            $data['tax_code_type'] = $tax_code_info->tax_code_type;
+            $data['city'] = $tax_code_info->city;
+            $data['state'] = $tax_code_info->state;
+            $data['rate_tax_code'] = $tax_code_info->rate_tax_code;
            $data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
-            $data['tax_category']         = $tax_code_info->tax_category;
-            $data['add_tax_category']     = '';
-            $data['tax_rate']             = $tax_rate_info->tax_rate;
-            $data['rounding_code']        = $tax_rate_info->rounding_code;
+            $data['tax_category'] = $tax_code_info->tax_category;
+            $data['add_tax_category'] = '';
+            $data['tax_rate'] = $tax_rate_info->tax_rate;
+            $data['rounding_code'] = $tax_rate_info->rounding_code;
        }

        $tax_rates = [];
-
        foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) {    // TODO: get_tax_code_rate_exceptions doesn't exist in the tax model
-            $tax_rate_row                         = [];
+            $tax_rate_row = [];
            $tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
-            $tax_rate_row['tax_category']         = $tax_code_rate['tax_category'];
-            $tax_rate_row['tax_rate']             = $tax_code_rate['tax_rate'];
-            $tax_rate_row['rounding_code']        = $tax_code_rate['rounding_code'];
+            $tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
+            $tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
+            $tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];

            $tax_rates[] = $tax_rate_row;
        }

        $data['tax_rates'] = $tax_rates;

-        echo view('taxes/tax_category_form', $data);
+        return view('taxes/tax_category_form', $data);
    }

-    public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): void // TODO: This appears to be called no where in the code.
+    /**
+     * @param int $tax_code
+     * @return string
+     */
+    public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): string // TODO: This appears to be called no where in the code.
    {
        $tax_code_info = $this->tax->get_info($tax_code);    // TODO: Duplicated code

        $default_tax_category_id = 1; // Tax category id is always the default tax category
-        $default_tax_category    = $this->tax->get_tax_category($default_tax_category_id);    // TODO: This variable is not used anywhere in the code
+        $default_tax_category = $this->tax->get_tax_category($default_tax_category_id);    // TODO: This variable is not used anywhere in the code

        $tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);

-        $data['rounding_options']      = Rounding_mode::get_rounding_options();
+        $data['rounding_options'] = Rounding_mode::get_rounding_options();
        $data['html_rounding_options'] = $this->get_html_rounding_options();

        if ($this->config['tax_included']) {
@@ -288,60 +316,66 @@ class Taxes extends Secure_Controller
            $data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
        }

-        if ($tax_code === NEW_ENTRY) {
-            $data['tax_code']             = '';
-            $data['tax_code_name']        = '';
-            $data['tax_code_type']        = '0';
-            $data['city']                 = '';
-            $data['state']                = '';
-            $data['tax_rate']             = '0.0000';
-            $data['rate_tax_code']        = '';
+        if ($tax_code == NEW_ENTRY) {
+            $data['tax_code'] = '';
+            $data['tax_code_name'] = '';
+            $data['tax_code_type'] = '0';
+            $data['city'] = '';
+            $data['state'] = '';
+            $data['tax_rate'] = '0.0000';
+            $data['rate_tax_code'] = '';
            $data['rate_tax_category_id'] = 1;
-            $data['tax_category']         = '';
-            $data['add_tax_category']     = '';
-            $data['rounding_code']        = '0';
+            $data['tax_category'] = '';
+            $data['add_tax_category'] = '';
+            $data['rounding_code'] = '0';
        } else {
-            $data['tax_code']             = $tax_code;
-            $data['tax_code_name']        = $tax_code_info->tax_code_name;
-            $data['tax_code_type']        = $tax_code_info->tax_code_type;
-            $data['city']                 = $tax_code_info->city;
-            $data['state']                = $tax_code_info->state;
-            $data['rate_tax_code']        = $tax_code_info->rate_tax_code;
+            $data['tax_code'] = $tax_code;
+            $data['tax_code_name'] = $tax_code_info->tax_code_name;
+            $data['tax_code_type'] = $tax_code_info->tax_code_type;
+            $data['city'] = $tax_code_info->city;
+            $data['state'] = $tax_code_info->state;
+            $data['rate_tax_code'] = $tax_code_info->rate_tax_code;
            $data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
-            $data['tax_category']         = $tax_code_info->tax_category;
-            $data['add_tax_category']     = '';
-            $data['tax_rate']             = $tax_rate_info->tax_rate;
-            $data['rounding_code']        = $tax_rate_info->rounding_code;
+            $data['tax_category'] = $tax_code_info->tax_category;
+            $data['add_tax_category'] = '';
+            $data['tax_rate'] = $tax_rate_info->tax_rate;
+            $data['rounding_code'] = $tax_rate_info->rounding_code;
        }

        $tax_rates = [];
-
        foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) {    // TODO: get_tax_code_rate_exceptions doesn't exist in the tax model
-            $tax_rate_row                         = [];
+            $tax_rate_row = [];
            $tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
-            $tax_rate_row['tax_category']         = $tax_code_rate['tax_category'];
-            $tax_rate_row['tax_rate']             = $tax_code_rate['tax_rate'];
-            $tax_rate_row['rounding_code']        = $tax_code_rate['rounding_code'];
+            $tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
+            $tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
+            $tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];

            $tax_rates[] = $tax_rate_row;
        }

        $data['tax_rates'] = $tax_rates;

-        echo view('taxes/tax_jurisdiction_form', $data);
+        return view('taxes/tax_jurisdiction_form', $data);
    }

+    /**
+     * @return string
+     */
    public static function get_html_rounding_options(): string
    {
        return Rounding_mode::get_html_rounding_options();
    }

-    public function postSave(int $tax_rate_id = NEW_ENTRY): void
+    /**
+     * @param int $tax_rate_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $tax_rate_id = NEW_ENTRY): ResponseInterface
    {
        $tax_category_id = $this->request->getPost('rate_tax_category_id', FILTER_SANITIZE_NUMBER_INT);
-        $tax_rate        = parse_tax($this->request->getPost('tax_rate'));
+        $tax_rate = parse_tax($this->request->getPost('tax_rate'));

-        if ($tax_rate === 0) {    // TODO: Replace 0 with constant?
+        if ($tax_rate == 0) {    // TODO: Replace 0 with constant?
            $tax_category_info = $this->tax_category->get_info($tax_category_id);    // TODO: this variable is not used anywhere in the code
        }

@@ -350,93 +384,98 @@ class Taxes extends Secure_Controller
            'rate_tax_category_id' => $tax_category_id,
            'rate_jurisdiction_id' => $this->request->getPost('rate_jurisdiction_id', FILTER_SANITIZE_NUMBER_INT),
            'tax_rate'             => $tax_rate,
-            'tax_rounding_code'    => $this->request->getPost('tax_rounding_code', FILTER_SANITIZE_NUMBER_INT),
+            'tax_rounding_code'    => $this->request->getPost('tax_rounding_code', FILTER_SANITIZE_NUMBER_INT)
        ];

        if ($this->tax->save_value($tax_rate_data, $tax_rate_id)) {
-            if ($tax_rate_id === NEW_ENTRY) {    // TODO: this needs to be replaced with ternary notation
-                echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
+            if ($tax_rate_id == NEW_ENTRY) {    // TODO: this needs to be replaced with ternary notation
+                return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
            } else { // Existing tax_code
-                echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
+                return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
            }
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
        }
    }

-    public function postDelete(): void
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
    {
        $tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);

        if ($this->tax->delete_list($tax_codes_to_delete)) {    // TODO: this needs to be replaced with ternary notation
-            echo json_encode(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
+            return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
        } else {
-            echo json_encode(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
+            return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
        }
    }

    /**
     * Get search suggestions for tax codes. Used in app/Views/customers/form.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function getSuggestTaxCodes(): void
+    public function getSuggestTaxCodes(): ResponseInterface
    {
-        $search      = $this->request->getPostGet('term');
+        $search = $this->request->getPostGet('term');
        $suggestions = $this->tax_code->get_tax_codes_search_suggestions($search);

-        echo json_encode($suggestions);
+        return $this->response->setJSON($suggestions);
    }

    /**
     * Saves Tax Codes. Used in app/Views/taxes/tax_codes.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function save_tax_codes(): void
+    public function postSave_tax_codes(): ResponseInterface
    {
-        $tax_code_id   = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
-        $tax_code      = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
+        $tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $city          = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $state         = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $array_save = [];    // TODO: the naming of this variable is not good.
-
        foreach ($tax_code_id as $key => $val) {
            $array_save[] = [
                'tax_code_id'   => $val,
                'tax_code'      => $tax_code[$key],
                'tax_code_name' => $tax_code_name[$key],
                'city'          => $city[$key],
-                'state'         => $state[$key],
+                'state'         => $state[$key]
            ];
        }

        $success = $this->tax_code->save_tax_codes($array_save);

-        echo json_encode([
+        return $this->response->setJSON([
            'success' => $success,
-            'message' => lang('Taxes.tax_codes_saved_' . ($success ? '' : 'un') . 'successfully'),
+            'message' => lang('Taxes.tax_codes_saved_' . ($success ? '' : 'un') . 'successfully')
        ]);
    }

    /**
     * Saves given tax jurisdiction. Used in app/Views/taxes/tax_jurisdictions.php.
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function save_tax_jurisdictions(): void
+    public function postSave_tax_jurisdictions(): ResponseInterface
    {
-        $jurisdiction_id     = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
-        $jurisdiction_name   = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $tax_group           = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $tax_type            = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT);
+        $jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
+        $jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT);
        $reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $tax_group_sequence  = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
-        $cascade_sequence    = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT);
+        $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
+        $cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT);

-        $array_save        = [];
+        $array_save = [];
        $unique_tax_groups = [];

        foreach ($jurisdiction_id as $key => $val) {
@@ -447,37 +486,37 @@ class Taxes extends Secure_Controller
                'tax_type'            => $tax_type[$key],
                'reporting_authority' => $reporting_authority[$key],
                'tax_group_sequence'  => $tax_group_sequence[$key],
-                'cascade_sequence'    => $cascade_sequence[$key],
+                'cascade_sequence'    => $cascade_sequence[$key]
            ];

-            if (in_array($tax_group[$key], $unique_tax_groups, true)) {    // TODO: This can be replaced with `in_array($tax_group[$key], $unique_tax_groups)`
-                echo json_encode([
+            if (in_array($tax_group[$key], $unique_tax_groups)) {    // TODO: This can be replaced with `in_array($tax_group[$key], $unique_tax_groups)`
+                return $this->response->setJSON([
                    'success' => false,
-                    'message' => lang('Taxes.tax_group_not_unique', [$tax_group[$key]]),
+                    'message' => lang('Taxes.tax_group_not_unique', [$tax_group[$key]])
                ]);
-
-                return;
+            } else {
+                $unique_tax_groups[] = $tax_group[$key];
            }
-            $unique_tax_groups[] = $tax_group[$key];
        }

        $success = $this->tax_jurisdiction->save_jurisdictions($array_save);

-        echo json_encode([
+        return $this->response->setJSON([
            'success' => $success,
-            'message' => lang('Taxes.tax_jurisdictions_saved_' . ($success ? '' : 'un') . 'successfully'),
+            'message' => lang('Taxes.tax_jurisdictions_saved_' . ($success ? '' : 'un') . 'successfully')
        ]);
    }

    /**
     * Saves tax categories. Used in app/Views/taxes/tax_categories.php
     *
+     * @return ResponseInterface
     * @noinspection PhpUnused
     */
-    public function save_tax_categories(): void
+    public function postSave_tax_categories(): ResponseInterface
    {
-        $tax_category_id    = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
-        $tax_category       = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
+        $tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        $tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);

        $array_save = [];
@@ -486,48 +525,51 @@ class Taxes extends Secure_Controller
            $array_save[] = [
                'tax_category_id'    => $val,
                'tax_category'       => $tax_category[$key],
-                'tax_group_sequence' => $tax_group_sequence[$key],
+                'tax_group_sequence' => $tax_group_sequence[$key]
            ];
        }

        $success = $this->tax_category->save_categories($array_save);

-        echo json_encode([
+        return $this->response->setJSON([
            'success' => $success,
-            'message' => lang('Taxes.tax_categories_saved_' . ($success ? '' : 'un') . 'successfully'),
+            'message' => lang('Taxes.tax_categories_saved_' . ($success ? '' : 'un') . 'successfully')
        ]);
    }

    /**
     * Gets tax codes partial view. Used in app/Views/taxes/tax_codes.php.
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function ajax_tax_codes(): void
+    public function getAjax_tax_codes(): string
    {
        $tax_codes = $this->tax_code->get_all()->getResultArray();

-        echo view('partial/tax_codes', ['tax_codes' => $tax_codes]);
+        return view('partial/tax_codes', ['tax_codes' => $tax_codes]);
    }

    /**
     * Gets current tax categories. Used in app/Views/taxes/tax_categories.php
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function ajax_tax_categories(): void
+    public function getAjax_tax_categories(): string
    {
        $tax_categories = $this->tax_category->get_all()->getResultArray();

-        echo view('partial/tax_categories', ['tax_categories' => $tax_categories]);
+        return view('partial/tax_categories', ['tax_categories' => $tax_categories]);
    }

    /**
     * Gets the tax jurisdiction partial view.  Used in app/Views/taxes/tax_jurisdictions.php.
     *
+     * @return string
     * @noinspection PhpUnused
     */
-    public function ajax_tax_jurisdictions(): void
+    public function getAjax_tax_jurisdictions(): string
    {
        $tax_jurisdictions = $this->tax_jurisdiction->get_all()->getResultArray();

@@ -539,10 +581,10 @@ class Taxes extends Secure_Controller

        $tax_types = $this->tax_lib->get_tax_types();

-        echo view('partial/tax_jurisdictions', [
+        return view('partial/tax_jurisdictions', [
            'tax_jurisdictions' => $tax_jurisdictions,
            'tax_types'         => $tax_types,
-            'default_tax_type'  => $default_tax_type,
+            'default_tax_type'  => $default_tax_type
        ]);
    }
 }
--- a/app/Database/Dockerfile
+++ b/app/Database/Dockerfile
@@ -1,5 +1,5 @@
 FROM alpine:3.14
-MAINTAINER jekkos
+LABEL maintainer="jekkos"

 ADD database.sql /docker-entrypoint-initdb.d/database.sql
 VOLUME /docker-entrypoint-initdb.d
--- a/app/Database/Migrations/20170501000000_initial_schema.php
+++ b/app/Database/Migrations/20170501000000_initial_schema.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Database\Migrations;
+
+use CodeIgniter\Database\Migration;
+
+class Migration_Initial_Schema extends Migration
+{
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Perform a migration step.
+     * Only runs on fresh installs - skips if database already has tables.
+     *
+     * For testing: CI4's DatabaseTestTrait with $refresh=true handles table
+     * cleanup/creation automatically. This migration only loads initial schema
+     * on fresh databases where no application tables exist.
+     */
+    public function up(): void
+    {
+        // Check if core application tables exist (existing install)
+        // Note: migrations table may exist even on fresh DB due to migration tracking
+        $tables = $this->db->listTables();
+        
+        // Check for a core application table, not just migrations table
+        foreach ($tables as $table) {
+            // Strip prefix if present for comparison
+            $tableName = str_replace($this->db->getPrefix(), '', $table);
+            if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
+                // Database already populated - skip initial schema
+                // This is an existing installation upgrading from older version
+                return;
+            }
+        }
+        
+        // Fresh install - load initial schema
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
+    }
+
+    /**
+     * Revert a migration step.
+     * Cannot revert initial schema - would lose all data.
+     */
+    public function down(): void
+    {
+        // Cannot safely revert initial schema
+        // Would require dropping all tables which would lose all data
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 0');
+        
+        foreach ($this->db->listTables() as $table) {
+            $this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
+        }
+        
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 1');
+    }
+}
--- a/app/Database/Migrations/20170501150000_upgrade_to_3_1_1.php
+++ b/app/Database/Migrations/20170501150000_upgrade_to_3_1_1.php
@@ -23,7 +23,5 @@ class Migration_Upgrade_To_3_1_1 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20170502221506_sales_tax_data.php
+++ b/app/Database/Migrations/20170502221506_sales_tax_data.php
@@ -8,18 +8,17 @@ use CodeIgniter\Database\Migration;
 use CodeIgniter\Database\ResultInterface;

 /**
- * @property Appconfig appconfig
- * @property Tax_lib tax_lib
+ * @property tax_lib tax_lib
+ * @property appconfig appconfig
 */
 class Migration_Sales_Tax_Data extends Migration
 {
-    public const ROUND_UP   = 5;    // TODO: These need to be moved to constants.php
+    public const ROUND_UP = 5;    // TODO: These need to be moved to constants.php
    public const ROUND_DOWN = 6;
-    public const HALF_FIVE  = 7;
-    public const YES        = '1';
-    public const VAT_TAX    = '0';
-    public const SALES_TAX  = '1';
-
+    public const HALF_FIVE = 7;
+    public const YES = '1';
+    public const VAT_TAX = '0';
+    public const SALES_TAX = '1';
    private Appconfig $appconfig;

    public function __construct()
@@ -35,7 +34,7 @@ class Migration_Sales_Tax_Data extends Migration
    public function up(): void
    {
        $number_of_unmigrated = $this->get_count_of_unmigrated();
-        error_log("Migrating sales tax history. The number of sales that will be migrated is {$number_of_unmigrated}");
+        log_message('info', "Migrating sales tax history. The number of sales that will be migrated is $number_of_unmigrated");

        if ($number_of_unmigrated > 0) {
            $unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
@@ -45,20 +44,22 @@ class Migration_Sales_Tax_Data extends Migration
            }
        }

-        error_log('Migrating sales tax history. The number of sales that will be migrated is finished.');
+        log_message('info', 'Migrating sales tax history. The number of sales that will be migrated is finished.');
    }

    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}

+    /**
+     * @param int $sale_id
+     * @return void
+     */
    private function upgrade_tax_history_for_sale(int $sale_id): void
    {
-        $tax_decimals               = $this->appconfig->get_value('tax_decimals', 2);
-        $tax_included               = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) === Migration_Sales_Tax_Data::YES;
+        $tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
+        $tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
        $customer_sales_tax_support = false;

        if ($tax_included) {    // TODO: Convert to ternary notation.
@@ -67,13 +68,13 @@ class Migration_Sales_Tax_Data extends Migration
            $tax_type = Migration_Sales_Tax_Data::SALES_TAX;
        }

-        $sales_taxes        = [];
+        $sales_taxes = [];
        $tax_group_sequence = 0;
-        $items              = $this->get_sale_items_for_migration($sale_id)->getResultArray();
+        $items = $this->get_sale_items_for_migration($sale_id)->getResultArray();

        foreach ($items as $item) {
            // This computes tax for each line item and adds it to the tax type total
-            $tax_group = (float) $item['percent'] . '% ' . $item['name'];
+            $tax_group = (float)$item['percent'] . '% ' . $item['name'];
            $tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], true);

            $item_tax_amount = $tax_included
@@ -93,6 +94,10 @@ class Migration_Sales_Tax_Data extends Migration
        $this->save_sales_tax($sales_taxes);
    }

+    /**
+     * @param int $block_count
+     * @return ResultInterface
+     */
    private function get_unmigrated(int $block_count): ResultInterface
    {
        $builder = $this->db->table('sales_items_taxes as SIT');
@@ -108,6 +113,10 @@ class Migration_Sales_Tax_Data extends Migration
        return $builder->get();
    }

+    /**
+     * @param int $sale_id
+     * @return ResultInterface
+     */
    private function get_sale_items_for_migration(int $sale_id): ResultInterface
    {
        $builder = $this->db->table('sales_items as sales_items');
@@ -124,6 +133,9 @@ class Migration_Sales_Tax_Data extends Migration
        return $builder->get();
    }

+    /**
+     * @return int
+     */
    private function get_count_of_unmigrated(): int
    {
        $result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
@@ -133,15 +145,23 @@ class Migration_Sales_Tax_Data extends Migration
            . ' as ST ON SIT.sale_id = ST.sale_id WHERE ST.sale_id is null GROUP BY SIT.sale_id, ST.sale_id'
            . ' ORDER BY SIT.sale_id) as US')->getResultArray();

-        if (! $result) {
-            error_log('Database error in 20170502221506_sales_tax_data.php related to sales_taxes or sales_items_taxes.');
-
+        if (!$result) {
+            log_message('info', 'Database error in 20170502221506_sales_tax_data.php related to sales_taxes or sales_items_taxes.');
            return 0;
        }

        return $result[0]['COUNT(*)'] ?: 0;
    }

+    /**
+     * @param int $sale_id
+     * @param int $line
+     * @param string $name
+     * @param float $percent
+     * @param int $tax_type
+     * @param float $item_tax_amount
+     * @return void
+     */
    private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
    {
        $builder = $this->db->table('sales_items_taxes');
@@ -152,6 +172,10 @@ class Migration_Sales_Tax_Data extends Migration
        $builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
    }

+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
    private function save_sales_tax(array &$sales_taxes): void
    {
        $builder = $this->db->Table('sales_taxes');
@@ -161,37 +185,56 @@ class Migration_Sales_Tax_Data extends Migration
        }
    }

+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount_percentage
+     * @param bool $include_discount
+     * @return string
+     */
    public function get_item_total(string $quantity, string $price, string $discount_percentage, bool $include_discount = false): string
    {
        $total = bcmul($quantity, $price);

        if ($include_discount) {
            $discount_amount = $this->get_item_discount($quantity, $price, $discount_percentage);
-
            return bcsub($total, $discount_amount);
        }

        return $total;
    }

+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount
+     * @return float
+     */
    public function get_item_discount(string $quantity, string $price, string $discount): float
    {
-        $total             = bcmul($quantity, $price);
+        $total = bcmul($quantity, $price);
        $discount_fraction = bcdiv($discount, 100);
-        $discount          = bcmul($total, $discount_fraction);
+        $discount = bcmul($total, $discount_fraction);

        return round($discount, totals_decimals(), PHP_ROUND_HALF_UP);    // TODO: I don't think this is currency safe.  Round will cast it's first parameter to a float. It also returns a float.
    }

+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount_percentage
+     * @param string $tax_percentage
+     * @return string
+     */
    public function get_item_tax(string $quantity, string $price, string $discount_percentage, string $tax_percentage): string
    {
-        $tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) === Migration_Sales_Tax_Data::YES;
+        $tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;

        $price = $this->get_item_total($quantity, $price, $discount_percentage, true);

        if ($tax_included) {
-            $tax_fraction   = bcadd('100', $tax_percentage);
-            $tax_fraction   = bcdiv($tax_fraction, '100');
+            $tax_fraction = bcadd('100', $tax_percentage);
+            $tax_fraction = bcdiv($tax_fraction, '100');
            $price_tax_excl = bcdiv($price, $tax_fraction);

            return bcsub($price, $price_tax_excl);
@@ -201,23 +244,38 @@ class Migration_Sales_Tax_Data extends Migration
        return bcmul($price, $tax_fraction);
    }

+    /**
+     * @param string $tax_basis
+     * @param string $tax_percentage
+     * @param int $rounding_mode
+     * @param int $decimals
+     * @return float
+     */
    public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float
    {
        $tax_fraction = bcdiv($tax_percentage, '100');
-        $tax_amount   = bcmul($tax_basis, $tax_fraction);
+        $tax_amount = bcmul($tax_basis, $tax_fraction);

        return $this->round_number($rounding_mode, $tax_amount, $decimals);
    }

+    /**
+     * @param int $rounding_mode
+     * @param string $amount
+     * @param int $decimals
+     * @return float
+     */
    public function round_number(int $rounding_mode, string $amount, int $decimals): float
    {
-        if ($rounding_mode === Migration_Sales_Tax_Data::ROUND_UP) {
-            $fig           = 10 ** $decimals;
+        $amount = (float)$amount;
+
+        if ($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP) {
+            $fig = pow(10, $decimals);
            $rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
-        } elseif ($rounding_mode === Migration_Sales_Tax_Data::ROUND_DOWN) {
-            $fig           = 10 ** $decimals;
+        } elseif ($rounding_mode == Migration_Sales_Tax_Data::ROUND_DOWN) {
+            $fig = pow(10, $decimals);
            $rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount))) / $fig;
-        } elseif ($rounding_mode === Migration_Sales_Tax_Data::HALF_FIVE) {
+        } elseif ($rounding_mode == Migration_Sales_Tax_Data::HALF_FIVE) {
            $rounded_total = round($amount / 5) * 5;
        } else {
            $rounded_total = round($amount, $decimals, $rounding_mode);
@@ -226,10 +284,24 @@ class Migration_Sales_Tax_Data extends Migration
        return $rounded_total;    // TODO: I don't think this is currency safe.  I think we need to be using bcmath() functions like we are in the rest of the code.
    }

+    /**
+     * @param array $sales_taxes
+     * @param string $tax_type
+     * @param string $tax_group
+     * @param float $tax_rate
+     * @param string $tax_basis
+     * @param string $item_tax_amount
+     * @param int $tax_group_sequence
+     * @param int $rounding_code
+     * @param int $sale_id
+     * @param string $name
+     * @param string $tax_code
+     * @return void
+     */
    public function update_sales_taxes(array &$sales_taxes, string $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
    {
        $tax_group_index = $this->clean('X' . $tax_group);
-        if (! array_key_exists($tax_group_index, $sales_taxes)) {
+        if (!array_key_exists($tax_group_index, $sales_taxes)) {
            $insertkey = $tax_group_index;    // TODO: $insertkey does not follow naming conventions.
            $sales_tax = [
                $insertkey => [
@@ -242,19 +314,23 @@ class Migration_Sales_Tax_Data extends Migration
                    'name'            => $name,
                    'tax_rate'        => $tax_rate,
                    'sales_tax_code'  => $tax_code,
-                    'rounding_code'   => $rounding_code,
-                ],
+                    'rounding_code'   => $rounding_code
+                ]
            ];
            // Add to existing array
            $sales_taxes += $sales_tax;
        } else {
            // Important: the sales amounts are accumulated for the group at the maximum configurable scale value of 4
            // but the scale will in reality be the scale specified by the tax_decimal configuration value used for sales_items_taxes
-            $sales_taxes[$tax_group_index]['sale_tax_basis']  = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
+            $sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
            $sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
        }
    }

+    /**
+     * @param string $string
+     * @return string
+     */
    public function clean(string $string): string    // TODO: $string is not a good name for this variable
    {
        $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
@@ -262,9 +338,13 @@ class Migration_Sales_Tax_Data extends Migration
        return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
    }

+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
    public function apply_invoice_taxing(array &$sales_taxes): void
    {
-        if (! empty($sales_taxes)) {    // TODO: Duplicated code
+        if (!empty($sales_taxes)) {    // TODO: Duplicated code
            $sort = [];

            foreach ($sales_taxes as $key => $value) {
@@ -281,11 +361,14 @@ class Migration_Sales_Tax_Data extends Migration
        }
    }

+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
    public function round_sales_taxes(array &$sales_taxes): void
    {
-        if (! empty($sales_taxes)) {
+        if (!empty($sales_taxes)) {
            $sort = [];
-
            foreach ($sales_taxes as $k => $v) {
                $sort['print_sequence'][$k] = $v['print_sequence'];
            }
@@ -295,24 +378,24 @@ class Migration_Sales_Tax_Data extends Migration
        $decimals = totals_decimals();

        foreach ($sales_taxes as $row_number => $sales_tax) {
-            $sale_tax_amount         = $sales_tax['sale_tax_amount'];
-            $rounding_code           = $sales_tax['rounding_code'];
+            $sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
+            $rounding_code = $sales_tax['rounding_code'];
            $rounded_sale_tax_amount = $sale_tax_amount;

            if (
-                $rounding_code === PHP_ROUND_HALF_UP
-                || $rounding_code === PHP_ROUND_HALF_DOWN
-                || $rounding_code === PHP_ROUND_HALF_EVEN
-                || $rounding_code === PHP_ROUND_HALF_ODD
+                $rounding_code == PHP_ROUND_HALF_UP
+                || $rounding_code == PHP_ROUND_HALF_DOWN
+                || $rounding_code == PHP_ROUND_HALF_EVEN
+                || $rounding_code == PHP_ROUND_HALF_ODD
            ) {
                $rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
-            } elseif ($rounding_code === Migration_Sales_Tax_Data::ROUND_UP) {
-                $fig                     = (int) str_pad('1', $decimals, '0');
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_UP) {
+                $fig = (int) str_pad('1', $decimals, '0');
                $rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
-            } elseif ($rounding_code === Migration_Sales_Tax_Data::ROUND_DOWN) {
-                $fig                     = (int) str_pad('1', $decimals, '0');
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_DOWN) {
+                $fig = (int) str_pad('1', $decimals, '0');
                $rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
-            } elseif ($rounding_code === Migration_Sales_Tax_Data::HALF_FIVE) {
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::HALF_FIVE) {
                $rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
            }

--- a/app/Database/Migrations/20180225100000_upgrade_to_3_2_0.php
+++ b/app/Database/Migrations/20180225100000_upgrade_to_3_2_0.php
@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_2_0 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20180501100000_upgrade_to_3_2_1.php
+++ b/app/Database/Migrations/20180501100000_upgrade_to_3_2_1.php
@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_2_1 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20181015100000_attributes.php
+++ b/app/Database/Migrations/20181015100000_attributes.php
@@ -18,7 +18,5 @@ class Migration_Attributes extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190111270000_upgrade_to_3_3_0.php
+++ b/app/Database/Migrations/20190111270000_upgrade_to_3_3_0.php
@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_3_0 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190129212600_indiagst.php
+++ b/app/Database/Migrations/20190129212600_indiagst.php
@@ -11,7 +11,7 @@ class Migration_IndiaGST extends Migration
     */
    public function up(): void
    {
-        if (! $this->db->fieldExists('sales_tax_code', 'customers')) {
+        if (!$this->db->fieldExists('sales_tax_code', 'customers')) {
            return;
        }

@@ -19,8 +19,6 @@ class Migration_IndiaGST extends Migration
        helper('migration');
        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst.sql');

-        error_log('Migrating tax configuration');
-
        $count_of_tax_codes = $this->get_count_of_tax_code_entries();

        if ($count_of_tax_codes > 0) {
@@ -42,17 +40,16 @@ class Migration_IndiaGST extends Migration
        }

        $this->drop_backups();
-
-        error_log('Migrating tax configuration completed');
    }

    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}

+    /**
+     * @return int
+     */
    private function get_count_of_tax_code_entries(): int
    {
        $builder = $this->db->table('tax_codes_backup');
@@ -61,6 +58,9 @@ class Migration_IndiaGST extends Migration
        return $builder->get()->getRow()->count;
    }

+    /**
+     * @return int
+     */
    private function get_count_of_sales_taxes_entries(): int
    {
        $builder = $this->db->table('sales_taxes_backup');
@@ -69,6 +69,9 @@ class Migration_IndiaGST extends Migration
        return $builder->get()->getRow()->count;
    }

+    /**
+     * @return int
+     */
    private function get_count_of_rate_entries(): int
    {
        $builder = $this->db->table('tax_code_rates_backup');
@@ -81,6 +84,8 @@ class Migration_IndiaGST extends Migration
     *  This copies the old tax code configuration into the new tax code configuration
     *  assigning a tax_code_id id to the entry  This only needs to be done if there are
     *  tax codes in the table.
+     *
+     * @return void
     */
    private function migrate_tax_code_data(): void
    {
@@ -93,6 +98,8 @@ class Migration_IndiaGST extends Migration
     *  This will assign a tax code id using the tax code field that was left in place on the customer table.
     *  After it is complete then it will drop the old customer tax code.
     *  This MUST run so that the old tax code is dropped
+     *
+     * @return void
     */
    private function migrate_customer_tax_codes(): void
    {
@@ -125,6 +132,9 @@ class Migration_IndiaGST extends Migration
            . 'order by sale_id');
    }

+    /**
+     * @return void
+     */
    private function migrate_tax_rates(): void
    {
        // Create a dummy jurisdiction record and retrieve the jurisdiction rate id
@@ -142,6 +152,9 @@ class Migration_IndiaGST extends Migration
            . ' ON tax_code = rate_tax_code');
    }

+    /**
+     * @return void
+     */
    private function drop_backups(): void
    {
        $this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_codes_backup'));
--- a/app/Database/Migrations/20190213210000_indiagst1.php
+++ b/app/Database/Migrations/20190213210000_indiagst1.php
@@ -13,16 +13,10 @@ class Migration_IndiaGST1 extends Migration
    {
        helper('migration');
        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst1.sql');
-
-        error_log('Fix definition of Supplier.Tax Id');
-
-        error_log('Definition of Supplier.Tax Id corrected');
    }

    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190220210000_indiagst2.php
+++ b/app/Database/Migrations/20190220210000_indiagst2.php
@@ -18,7 +18,5 @@ class Migration_IndiaGST2 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190301124900_decimal_attribute_type.php
+++ b/app/Database/Migrations/20190301124900_decimal_attribute_type.php
@@ -18,7 +18,5 @@ class Migration_decimal_attribute_type extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190317102600_add_iso_4217.php
+++ b/app/Database/Migrations/20190317102600_add_iso_4217.php
@@ -18,7 +18,5 @@ class Migration_add_iso_4217 extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190427100000_paymenttracking.php
+++ b/app/Database/Migrations/20190427100000_paymenttracking.php
@@ -18,7 +18,5 @@ class Migration_PaymentTracking extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190502100000_refundtracking.php
+++ b/app/Database/Migrations/20190502100000_refundtracking.php
@@ -33,7 +33,7 @@ class Migration_RefundTracking extends Migration
                    ON sales.sale_id = sales_taxes.sale_id
                WHERE sales.sale_status = \'' . COMPLETED . '\' AND sales_taxes.tax_type = \'1\'
                GROUP BY sale_id
-            )',
+            )'
        );

        $this->db->query(
@@ -47,7 +47,7 @@ class Migration_RefundTracking extends Migration
                . 'LEFT OUTER JOIN ' . $this->db->prefixTable('migrate_taxes') . ' AS sumpay_taxes '
                . 'ON sales.sale_id = sumpay_taxes.sale_id '
                . 'WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
-            )',
+            )'
        );

        $this->db->query('UPDATE ' . $this->db->prefixTable('migrate_sales') . ' AS sumpay_items '
@@ -64,7 +64,7 @@ class Migration_RefundTracking extends Migration
                LEFT OUTER JOIN ' . $this->db->prefixTable('sales_payments') . ' AS sales_payments
                    ON sales.sale_id = sales_payments.sale_id
                WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
-            )',
+            )'
        );

        // You may be asking yourself why the following is not creating a temporary table.
@@ -78,7 +78,7 @@ class Migration_RefundTracking extends Migration
                FROM ' . $this->db->prefixTable('migrate_sales') . ' AS a
                JOIN ' . $this->db->prefixTable('migrate_payments') . ' AS b ON a.sale_id = b.sale_id
                WHERE total_payments > trans_amount AND number_payments = 1
-            )',
+            )'
        );

        // Update existing cash transactions with refund amount
@@ -91,7 +91,7 @@ class Migration_RefundTracking extends Migration
            WHERE EXISTS
                (SELECT b.refund_amount
                    FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b
-                    WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')',
+                    WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')'
        );

        // Insert new cash refund transactions for non-cash payments
@@ -102,7 +102,7 @@ class Migration_RefundTracking extends Migration
            FROM ' . $this->db->prefixTable('migrate_refund') . ' AS r
            JOIN ' . $this->db->prefixTable('sales_payments') . ' AS p ON r.sale_id = p.sale_id
            JOIN ' . $this->db->prefixTable('migrate_sales') . ' AS s ON r.sale_id = s.sale_id
-            WHERE p.payment_type != \'' . $cash_payment . '\'',
+            WHERE p.payment_type != \'' . $cash_payment . '\''
        );

        // Post migration cleanup
@@ -112,7 +112,5 @@ class Migration_RefundTracking extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/app/Database/Migrations/20190612100000_dbfix.php
+++ b/app/Database/Migrations/20190612100000_dbfix.php
@@ -18,7 +18,5 @@ class Migration_DBFix extends Migration
    /**
     * Revert a migration step.
     */
-    public function down(): void
-    {
-    }
+    public function down(): void {}
 }
--- a/Show More
+++ b/Show More