fix: add autoload-dev for Tests namespace and fix UrlHelperTest namespace

- Add autoload-dev section to composer.json for Tests namespace
- Rename tests/helpers to tests/Helpers for PSR-4 compliance
- Add proper namespace to UrlHelperTest.php
- This fixes PHPUnit test discovery - previously only 6 tests were running

.dockerignore

@@ -1,24 +1,56 @@
-node_modules
-tmp
+# Version control
+.git
+.gitignore
+
+# Sensitive config (user may mount their own)
 app/Config/Email.php
+
+# Build artifacts
+node_modules/
+dist/
+tmp/
 *.patch
 patches/
+
+# IDE and editor files
 .idea/
-git-svn-diff.py
-*.bash
+.vscode/
 .swp
+*.swp
 .buildpath
 .project
-.settings/*
-.git
-dist/
-node_modules/
-*.swp
+.settings/
+
+# Development tools and configs
+tests/
+phpunit.xml
+.php-cs-fixer.*
+phpstan.neon
+*.bash
+git-svn-diff.py
+
+# Documentation
+*.md
+!LICENSE
+branding/
+
+# Build configs (not needed at runtime)
+composer.json
+composer.lock
+package.json
+package-lock.json
+gulpfile.js
+.env.example
+.dockerignore
+
+# Temporary and backup files
 *.rej
 *.orig
 *~
 *.~
 *.log
-app/writable/session/*
-!app/writable/session/index.html
 
+# CI
+.github/
+.github/workflows/
+build/

.editorconfig

@@ -1,22 +1,15 @@
+# editorconfig.org
+
 root = true
 
 [*]
 charset = utf-8
 end_of_line = lf
 indent_size = 4
-indent_style = tab
+indent_style = space
 insert_final_newline = true
+trim_trailing_whitespace = true
 max_line_length = 120
-tab_width = 4
 
-[{*.cjs,*.js}]
-indent_style = tab
-
-[{*.ctp,*.hphp,*.inc,*.module,*.php,*.php4,*.php5,*.phtml}]
-indent_style = tab
-
-[{*.har,*.jsb2,*.jsb3,*.json,.babelrc,.eslintrc,.prettierrc,.stylelintrc,bowerrc,composer.lock,jest.config}]
-indent_style = tab
-
-[{*.htm,*.html,*.ng,*.sht,*.shtm,*.shtml}]
-indent_style = tab
+[*.md]
+trim_trailing_whitespace = false

.env-example

@@ -1,63 +0,0 @@
-#--------------------------------------------------------------------
-# ENVIRONMENT
-#--------------------------------------------------------------------
-
-CI_ENVIRONMENT = production
-
-#--------------------------------------------------------------------
-# DATABASE
-#--------------------------------------------------------------------
-
-database.default.hostname = 'localhost'
-database.default.database = 'ospos'
-database.default.username = 'admin'
-database.default.password = 'pointofsale'
-database.default.DBDriver = 'MySQLi'
-database.default.DBPrefix = 'ospos_'
-
-database.development.hostname = 'localhost'
-database.development.database = 'ospos'
-database.development.username = 'admin'
-database.development.password = 'pointofsale'
-database.development.DBDriver = 'MySQLi'
-database.development.DBPrefix = 'ospos_'
-
-database.tests.hostname = 'localhost'
-database.tests.database = 'ospos'
-database.tests.username = 'admin'
-database.tests.password = 'pointofsale'
-database.tests.DBDriver = 'MySQLi'
-database.tests.DBPrefix = 'ospos_'
-
-#--------------------------------------------------------------------
-# ENCRYPTION
-#--------------------------------------------------------------------
-
-encryption.key = ''
-
-#--------------------------------------------------------------------
-# LOGGER
-	 # - 0 = Disables logging, Error logging TURNED OFF
-	 # - 1 = Emergency Messages - System is unusable
-	 # - 2 = Alert Messages - Action Must Be Taken Immediately
-	 # - 3 = Critical Messages - Application component unavailable, unexpected exception.
-	 # - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
-	 # - 5 = Warnings - Exceptional occurrences that are not errors.
-	 # - 6 = Notices - Normal but significant events.
-	 # - 7 = Info - Interesting events, like user logging in, etc.
-	 # - 8 = Debug - Detailed debug information.
-	 # - 9 = All Messages
-#--------------------------------------------------------------------
-
-logger.threshold = 0
-app.db_log_enabled = false
-
-#--------------------------------------------------------------------
-# HONEYPOT
-#--------------------------------------------------------------------
-
-honeypot.hidden = true
-honeypot.label = 'Fill This Field'
-honeypot.name = 'honeypot'
-honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'
-honeypot.container = '<div style="display:none">{template}</div>'

.env.example

@@ -3,13 +3,35 @@
 #--------------------------------------------------------------------
 
 CI_ENVIRONMENT = production
-CI_DEBUG = false
-
 
 #--------------------------------------------------------------------
-# APP
+# SECURITY: ALLOWED HOSTNAMES
 #--------------------------------------------------------------------
-app.appTimezone = 'UTC'
+# IMPORTANT: Whitelist of allowed hostnames to prevent Host Header 
+# Injection attacks (GHSA-jchf-7hr6-h4f3).
+#
+# If not configured, the application will default to 'localhost',
+# which may break functionality in production.
+#
+# Configure this with all domains/subdomains that host your application:
+# - Primary domain
+# - WWW subdomain (if used)  
+# - Any alternative domains
+#
+# Examples:
+#   Single domain:
+#     app.allowedHostnames.0 = 'example.com'
+#
+#   Multiple domains:
+#     app.allowedHostnames.0 = 'example.com'
+#     app.allowedHostnames.1 = 'www.example.com'
+#     app.allowedHostnames.2 = 'demo.opensourcepos.org'
+#
+# For localhost development:
+#     app.allowedHostnames.0 = 'localhost'
+#
+# Note: Do not include the protocol (http/https) or port number.
+#app.allowedHostnames.0 = ''
 
 #--------------------------------------------------------------------
 # DATABASE
@@ -21,7 +43,6 @@ database.default.username = 'admin'
 database.default.password = 'pointofsale'
 database.default.DBDriver = 'MySQLi'
 database.default.DBPrefix = 'ospos_'
-database.default.port = 3306
 
 database.development.hostname = 'localhost'
 database.development.database = 'ospos'
@@ -29,7 +50,6 @@ database.development.username = 'admin'
 database.development.password = 'pointofsale'
 database.development.DBDriver = 'MySQLi'
 database.development.DBPrefix = 'ospos_'
-database.development.port = 3306
 
 database.tests.hostname = 'localhost'
 database.tests.database = 'ospos'
@@ -37,19 +57,6 @@ database.tests.username = 'admin'
 database.tests.password = 'pointofsale'
 database.tests.DBDriver = 'MySQLi'
 database.tests.DBPrefix = 'ospos_'
-database.tests.charset = utf8mb4
-database.tests.DBCollat = utf8mb4_general_ci
-database.tests.port = 3306
-
-#--------------------------------------------------------------------
-# EMAIL
-#--------------------------------------------------------------------
-email.SMTPHost = ''
-email.SMTPUser = ''
-email.SMTPPass = ''
-email.SMTPPort = 
-email.SMTPTimeout = 5
-email.SMTPCrypto = 'tls'
 
 #--------------------------------------------------------------------
 # ENCRYPTION
@@ -57,6 +64,23 @@ email.SMTPCrypto = 'tls'
 
 encryption.key = ''
 
+#--------------------------------------------------------------------
+# LOGGER
+# - 0 = Disables logging, Error logging TURNED OFF
+# - 1 = Emergency Messages - System is unusable
+# - 2 = Alert Messages - Action Must Be Taken Immediately
+# - 3 = Critical Messages - Application component unavailable, unexpected exception.
+# - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
+# - 5 = Warnings - Exceptional occurrences that are not errors.
+# - 6 = Notices - Normal but significant events.
+# - 7 = Info - Interesting events, like user logging in, etc.
+# - 8 = Debug - Detailed debug information.
+# - 9 = All Messages
+#--------------------------------------------------------------------
+
+logger.threshold = 0
+app.db_log_enabled = false
+
 #--------------------------------------------------------------------
 # HONEYPOT
 #--------------------------------------------------------------------
@@ -64,23 +88,5 @@ encryption.key = ''
 honeypot.hidden = true
 honeypot.label = 'Fill This Field'
 honeypot.name = 'honeypot'
-honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'
+honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
 honeypot.container = '<div style="display:none">{template}</div>'
-
-#--------------------------------------------------------------------
-# LOGGER
-	 # - 0 = Disables logging, Error logging TURNED OFF
-	 # - 1 = Emergency Messages - System is unusable
-	 # - 2 = Alert Messages - Action Must Be Taken Immediately
-	 # - 3 = Critical Messages - Application component unavailable, unexpected exception.
-	 # - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
-	 # - 5 = Warnings - Exceptional occurrences that are not errors.
-	 # - 6 = Notices - Normal but significant events.
-	 # - 7 = Info - Interesting events, like user logging in, etc.
-	 # - 8 = Debug - Detailed debug information.
-	 # - 9 = All Messages
-#--------------------------------------------------------------------
-
-logger.threshold = 0
-app.db_log_enabled = false
-app.db_log_only_long = false

.github/ISSUE_TEMPLATE/bug report.yml

@@ -42,10 +42,12 @@ body:
       label: OpensourcePOS Version
       description: What version of our software are you running?
       options:
+        - development (unreleased)
+        - opensourcepos 3.4.1
+        - opensourcepos 3.4.0
         - opensourcepos 3.3.9
         - opensourcepos 3.3.8
         - opensourcepos 3.3.7
-        - development (unreleased)
       default: 0
     validations:
       required: true

.github/workflows/README.md

@@ -0,0 +1,61 @@
+# GitHub Actions
+
+This document describes the CI/CD workflows for OSPOS.
+
+## Build and Release Workflow (`.github/workflows/build-release.yml`)
+
+### Build Process
+- Setup PHP 8.2 with required extensions
+- Setup Node.js 20
+- Install composer dependencies
+- Install npm dependencies
+- Build frontend assets with Gulp
+
+### Docker Images
+- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
+- On master: tagged with version and `latest`
+- On other branches: tagged with version only
+- Pushed to Docker Hub
+
+### Releases
+- Create distribution archives (tar.gz, zip)
+- Create/update GitHub "unstable" release on master branch only
+
+## Required Secrets
+
+To use this workflow, you need to add the following secrets to your repository:
+
+1. **DOCKER_USERNAME** - Docker Hub username for pushing images
+2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
+
+### How to add secrets
+
+1. Go to your repository on GitHub
+2. Click **Settings** → **Secrets and variables** → **Actions**
+3. Click **New repository secret**
+4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
+
+The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
+
+## Workflow Triggers
+
+- **Push to master** - Runs build, Docker push (with `latest` tag), and release
+- **Push to other branches** - Runs build and Docker push (version tag only)
+- **Push tags** - Runs build and Docker push (version tag only)
+- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
+
+## Existing Workflows
+
+This repository also has these workflows:
+- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
+- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
+- `.github/workflows/php-linter.yml` - PHP linting
+
+## Testing
+
+PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
+
+To test the build workflow:
+1. Add the required secrets
+2. Push to master or create a PR
+3. Monitor the Actions tab in GitHub

.github/workflows/build-release.yml

@@ -0,0 +1,218 @@
+name: Build and Release
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      version-tag: ${{ steps.version.outputs.version-tag }}
+      short-sha: ${{ steps.version.outputs.short-sha }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.2'
+          extensions: intl, mbstring, mysqli, gd, bcmath, zip
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install composer dependencies
+        run: composer install --no-dev --optimize-autoloader
+
+      - name: Install npm dependencies
+        run: npm ci
+
+      - name: Install gulp globally
+        run: npm install -g gulp-cli
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///')
+          TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '-')
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TAG: ${{ github.ref_name }}
+
+      - name: Create .env file
+        run: |
+          cp .env.example .env
+          sed -i 's/production/development/g' .env
+
+      - name: Update commit hash
+        run: |
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
+
+      - name: Build frontend assets
+        run: npm run build
+
+      - name: Create distribution archives
+        run: |
+          set -euo pipefail
+          gulp compress
+          VERSION="${{ steps.version.outputs.version }}"
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
+          mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-${{ steps.version.outputs.short-sha }}
+          path: dist/
+          retention-days: 7
+
+      - name: Upload build context for Docker
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-context-${{ steps.version.outputs.short-sha }}
+          path: |
+            .
+            !.git
+            !node_modules
+          retention-days: 1
+
+  docker:
+    name: Build Docker Image
+    runs-on: ubuntu-22.04
+    needs: build
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Download build context
+        uses: actions/download-artifact@v4
+        with:
+          name: build-context-${{ needs.build.outputs.short-sha }}
+          path: .
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Determine Docker tags
+        id: tags
+        run: |
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '-')
+          if [ "$BRANCH" = "master" ]; then
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:latest" >> $GITHUB_OUTPUT
+          else
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          target: ospos
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.tags.outputs.tags }}
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-22.04
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-${{ needs.build.outputs.short-sha }}
+          path: dist/
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION="${{ needs.build.outputs.version }}"
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+
+      - name: Create/Update unstable release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: unstable
+          name: Unstable OpenSourcePOS
+          body: |
+            This is a build of the latest master which might contain bugs. Use at your own risk.
+            
+            Check the releases section for the latest official release.
+          files: |
+            dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
+          prerelease: true
+          draft: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -1,71 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '21 12 * * 3'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/delete-unstable-release.yml

@@ -0,0 +1,22 @@
+name: "Delete Unstable Release"
+
+on:
+  push:
+    branches:
+    - master
+
+jobs:
+  delete_unstable_release:
+    runs-on: ubuntu-latest
+    steps: 
+      - name: "Delete last unstable release"
+        uses: sgpublic/delete-release-action@v1.2
+        env: 
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+        with:
+          release-drop: false
+          release-drop-tag: false
+          pre-release-drop: true
+          pre-release-keep-count: -1
+          pre-release-drop-tag: true
+

.github/workflows/main.yml

@@ -0,0 +1,63 @@
+name: Coding Standards
+
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'spark'
+      - '.github/workflows/test-coding-standards.yml'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'spark'
+      - '.github/workflows/test-coding-standards.yml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: PHP ${{ matrix.php-version }} Lint with PHP CS Fixer
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - '8.1'
+          - '8.2'
+          - '8.3'
+          - '8.4'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: tokenizer
+          coverage: none
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.php-version }}-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: composer update --ansi --no-interaction
+
+      - name: Run lint on `app/`, `public/`
+        run: vendor/bin/php-cs-fixer fix --verbose --ansi --dry-run --config=.php-cs-fixer.no-header.php --using-cache=no --diff

.github/workflows/opencode.yml

@@ -0,0 +1,33 @@
+name: opencode
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  opencode:
+    if: |
+      contains(github.event.comment.body, ' /oc') ||
+      startsWith(github.event.comment.body, '/oc') ||
+      contains(github.event.comment.body, ' /opencode') ||
+      startsWith(github.event.comment.body, '/opencode')
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: read
+      issues: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Run opencode
+        uses: anomalyco/opencode/github@latest
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        with:
+          model: anthropic/claude-3-haiku-20240307

.github/workflows/php-linter.yml

@@ -0,0 +1,34 @@
+name: PHP Linting
+
+on: push
+
+jobs:
+  phplint:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: PHP Lint 8.0
+        uses: dbfx/github-phplint/8.0@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""   
+      - name: PHP Lint 8.1
+        uses: dbfx/github-phplint/8.1@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.2
+        uses: dbfx/github-phplint/8.2@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.3
+        uses: dbfx/github-phplint/8.3@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.4
+        uses: dbfx/github-phplint/8.4@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""

.github/workflows/phpunit.yml

@@ -0,0 +1,122 @@
+name: PHPUnit Tests
+
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: PHP ${{ matrix.php-version }} Tests
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - '8.1'
+          - '8.2'
+          - '8.3'
+          - '8.4'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: intl, mbstring, mysqli
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install npm dependencies
+        run: npm install
+
+      - name: Start MariaDB
+        run: |
+          docker run -d --name mysql \
+            -e MYSQL_ROOT_PASSWORD=root \
+            -e MYSQL_DATABASE=ospos \
+            -e MYSQL_USER=admin \
+            -e MYSQL_PASSWORD=pointofsale \
+            -p 3306:3306 \
+            mariadb:10.5
+          # Wait for MariaDB to be ready
+          until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
+            echo "Waiting for MariaDB..."
+            sleep 2
+          done
+          echo "MariaDB is ready!"
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.php-version }}-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: composer update --ansi --no-interaction
+
+      - name: Create .env file
+        run: cp .env.example .env
+
+      - name: Run PHPUnit tests
+        env:
+          CI_ENVIRONMENT: testing
+          MYSQL_HOST_NAME: 127.0.0.1
+        run: composer test -- --log-junit test-results/junit.xml
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results-php-${{ matrix.php-version }}
+          path: test-results/
+          retention-days: 30
+
+      - name: Stop MariaDB
+        if: always()
+        run: docker stop mysql && docker rm mysql

.github/workflows/update-issue-templates.yml

@@ -0,0 +1,72 @@
+name: Update Issue Templates
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  update-templates:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        
+      - name: Fetch releases and update templates
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # Fetch releases from GitHub API
+          RELEASES=$(gh api repos/${{ github.repository }}/releases --jq '.[].tag_name' | head -n 10)
+          
+          # Create temporary file with options
+          OPTIONS_FILE=$(mktemp)
+          echo "        - development (unreleased)" >> "$OPTIONS_FILE"
+          while IFS= read -r release; do
+            echo "        - opensourcepos $release" >> "$OPTIONS_FILE"
+          done <<< "$RELEASES"
+          
+          update_template() {
+            local template="$1"
+            local template_path=".github/ISSUE_TEMPLATE/$template"
+            
+            # Find the line numbers for the OpensourcePOS Version dropdown
+            start_line=$(grep -n "label: OpensourcePOS Version" "$template_path" | cut -d: -f1)
+            
+            if [ -z "$start_line" ]; then
+              echo "Could not find OpensourcePOS Version in $template"
+              return 1
+            fi
+            
+            # Find the options section and default line
+            options_start=$((start_line + 3))
+            default_line=$(grep -n "default:" "$template_path" | awk -F: -v opts="$options_start" '$1 > opts {print $1; exit}')
+            
+            # Create new template file
+            head -n $((options_start - 1)) "$template_path" > "${template_path}.new"
+            cat "$OPTIONS_FILE" >> "${template_path}.new"
+            tail -n +$default_line "$template_path" >> "${template_path}.new"
+            mv "${template_path}.new" "$template_path"
+            
+            echo "Updated $template"
+          }
+          
+          update_template "bug report.yml"
+          update_template "feature_request.yml"
+          
+      - name: Commit and push changes
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add .github/ISSUE_TEMPLATE/*.yml
+          if git diff --staged --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "Update issue templates with latest releases [skip ci]"
+            git push
+          fi

.gitignore

@@ -2,8 +2,13 @@
 node_modules
 vendor
 public/resources
+public/images/menubar/*
+!public/images/menubar/.gitkeep
+public/license/*
+!public/license/.gitkeep
 app/Config/email.php
 npm-debug.log*
+.vscode
 
 # Docker
 !docker/.env

.htaccess

@@ -40,7 +40,7 @@ IndexIgnore *
   </Files>
 
   # prevent access to csv, txt and md files
-  <FilesMatch "\.(csv|txt|md|yml|json|lock)$">
+  <FilesMatch "\.(csv|txt|md|yml|json|lock|env)$">
     Require all denied
   </FilesMatch>
 </IfModule>

.php-cs-fixer.no-header.php

@@ -29,7 +29,7 @@ $finder = Finder::create()
     ]);
 
 $overrides = [
-    // for updating to coding-standard
+    // For updating to coding-standard
     'modernize_strpos'    => true,
 ];
 

.travis.yml

@@ -1,59 +0,0 @@
-sudo: required
-
-branches:
-  except:
-    - weblate
-services:
-  - docker
-
-dist: jammy
-language: node_js
-node_js:
-  - 20
-script:
-  - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-  - docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
-  - version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
-  - sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
-  - echo "$version-$branch-$rev" 
-  - npm version "$version-$branch-$rev" --force || true
-  - npm ci && npm install -g gulp && npm run build 
-  - docker build . --target ospos -t ospos
-  - docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
-env:
-  global:
-  - BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
-  - TAG=${TRAVIS_TAG:-$BRANCH}
-  - date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD` 
-after_success:
-  - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
-    "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
-  - gulp compress
-  - mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
-  - mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
-deploy:
-  - provider: npm
-    file: dist/opensourcepos.$version.$rev.tgz
-    registry: npm.pkg.github.com
-    email: jeroen@steganos.dev
-    skip_cleanup: true
-    api_key:
-      secure: "DNPJOrT51wdO0BAbkX2hKowdXYh7x8d43xvAw7eVfOslyBPiv6Bb/1QdC2Bpnlqe0WiJVS5hvBTMrJ+vSDK5i/l8jA+ZoI6ms1+P1DQ6sBBMBQI2fuvRCrJj+Fp3WnaduZb/N7R+FqdKQwD/ZORyhzJ4whtHkrO8uC7cY/wlacU="
-
-    on:
-      all_branches: true
-  - provider: releases
-    file: dist/opensourcepos.$version.$rev.zip
-    name: "OpensourcePos $version"
-    release_notes_file: CHANGELOG.md
-    prerelease: true
-    skip_cleanup: true
-
-    user: jekkos
-    overwrite: true
-    api_key:
-      secure: "DNPJOrT51wdO0BAbkX2hKowdXYh7x8d43xvAw7eVfOslyBPiv6Bb/1QdC2Bpnlqe0WiJVS5hvBTMrJ+vSDK5i/l8jA+ZoI6ms1+P1DQ6sBBMBQI2fuvRCrJj+Fp3WnaduZb/N7R+FqdKQwD/ZORyhzJ4whtHkrO8uC7cY/wlacU="
-
-    on:
-      tags: true
-      branch: master

AGENTS.md

@@ -0,0 +1,40 @@
+# Agent Instructions
+
+This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
+
+## Code Style
+
+- Follow PHP CodeIgniter 4 coding standards
+- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
+- Write PHP 8.1+ compatible code with proper type declarations
+- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
+
+## Development
+
+- Create a new git worktree for each issue, based on the latest state of `origin/master`
+- Commit fixes to the worktree and push to the remote
+
+## Testing
+
+- Run PHPUnit tests: `composer test`
+- Tests must pass before submitting changes
+
+## Build
+
+- Install dependencies: `composer install && npm install`
+- Build assets: `npm run build` or `gulp`
+
+## Conventions
+
+- Controllers go in `app/Controllers/`
+- Models go in `app/Models/`
+- Views go in `app/Views/`
+- Database migrations in `app/Database/Migrations/`
+- Use CodeIgniter 4 framework patterns and helpers
+- Sanitize user input; escape output using `esc()` helper
+
+## Security
+
+- Never commit secrets, credentials, or `.env` files
+- Use parameterized queries to prevent SQL injection
+- Validate and sanitize all user input

BUILD.md

@@ -23,9 +23,9 @@ The build process uses the build tools "npm" and "gulp" to piece everything toge
 2. Unzip it and copy the contents into the working folder.
 3. Start a terminal session from the root of your working folder. For example, I normally open up the working folder in PHPStorm and run the commands from the Terminal provided by the IDE.
 4. Enter the following three commands in sequence:
-	- `composer install`
-	- `npm install`
-	- `npm run build`
+    - `composer install`
+    - `npm install`
+    - `npm run build`
 
 That's all there is to it.
 

CHANGELOG.md

@@ -1,4 +1,7 @@
-[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.3.9...HEAD
+[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...HEAD
+[3.4.2]: https://github.com/opensourcepos/opensourcepos/compare/3.4.1...3.4.2
+[3.4.1]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...3.4.1
+[3.4.0]: https://github.com/opensourcepos/opensourcepos/compare/3.3.9...3.4.0
 [3.3.9]: https://github.com/opensourcepos/opensourcepos/compare/3.3.8...3.3.9
 [3.3.8]: https://github.com/opensourcepos/opensourcepos/compare/3.3.7...3.3.8
 [3.3.7]: https://github.com/opensourcepos/opensourcepos/compare/3.3.6...3.3.7
@@ -31,6 +34,16 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+## [3.4.0] - 2025-02-06
+
+- Translation updates (Spanish, Indonesian, Swedish, Urdu, Chinese, Thai, French, Dutch)
+- PHP 8.x support
+- Security fixes (XSS, SQLi)
+- Migration to Gulp as buildsystem
+- Decimal validation fix
+- Sticky header fix
+- Receipt sent as attachment
+- Barcode generation library upgrade
 - Bump framework to CodeIgniter `4.x.x`
 - Improve security performance against bots
 

CODE_OF_CONDUCT.md

@@ -0,0 +1,98 @@
+Contributor Covenant Code of Conduct
+Our Pledge
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+Our Standards
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others’ private information, such as a physical or email address,
+without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+professional setting
+
+Enforcement Responsibilities
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+Scope
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+Enforcement
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+Enforcement Guidelines
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+1. Correction
+Community Impact: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+Consequence: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+2. Warning
+Community Impact: A violation through a single incident or series of
+actions.
+Consequence: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+3. Temporary Ban
+Community Impact: A serious violation of community standards, including
+sustained inappropriate behavior.
+Consequence: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+4. Permanent Ban
+Community Impact: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+Consequence: A permanent ban from any sort of public interaction within the
+community.
+Attribution
+This Code of Conduct is adapted from the Contributor Covenant,
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+Community Impact Guidelines were inspired by
+Mozilla’s code of conduct enforcement ladder.
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
+
+

Dockerfile

@@ -1,28 +1,22 @@
 FROM php:8.2-apache AS ospos
 LABEL maintainer="jekkos"
 
-RUN apt update && apt-get install -y libicu-dev libgd-dev
-RUN a2enmod rewrite 
-RUN docker-php-ext-install mysqli bcmath intl gd
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libicu-dev \
+    libgd-dev \
+    && docker-php-ext-install mysqli bcmath intl gd \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && a2enmod rewrite
+
 RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
 
 WORKDIR /app
-COPY . /app
-RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
-RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
-
-FROM ospos AS ospos_test
-
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-
-RUN apt-get install -y libzip-dev wget git
-RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
-RUN docker-php-ext-install zip
-RUN composer install -d/app 
-#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
-WORKDIR /app/tests
-
-CMD ["/app/vendor/phpunit/phpunit/phpunit"]
+COPY --chown=www-data:www-data . /app
+RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
+    && ln -s /app/*[^public] /var/www \
+    && rm -rf /var/www/html \
+    && ln -nsf /app/public /var/www/html
 
 FROM ospos AS ospos_dev
 

Dockerfile.test

@@ -0,0 +1,3 @@
+FROM php:8.4-cli
+RUN apt-get update && apt-get install -y libicu-dev && docker-php-ext-install intl
+WORKDIR /app

INSTALL.md

@@ -1,27 +1,58 @@
 ## Server Requirements
 
-- PHP version `7.4` to `8.3` are supported, PHP version `≤7.3` is NOT supported. Please note that PHP needs to have the extensions `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring` , `php-curl` and `php-xml` installed and enabled.
-- MySQL `5.6` and `5.7` are supported, also MariaDB replacement `10.x` is supported and might offer better performance.
+- PHP version `8.1` to `8.4` are supported, PHP version `≤7.4` is NOT supported. Please note that PHP needs to have the extensions `php-json`, `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring`, `php-curl` and `php-xml` installed and enabled. An unstable master build can be downloaded in the releases section.
+- MySQL `5.7` is supported, also MariaDB replacement `10.x` is supported and might offer better performance.
 - Apache `2.4` is supported. Nginx should work fine too, see [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Local-Deployment-using-LEMP).
 - Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
 - For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
 
+## Security Configuration
+
+### Allowed Hostnames (Required for Production)
+
+OpenSourcePOS validates the Host header against a whitelist to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You must configure this for production deployments.**
+
+Add the following to your `.env` file:
+
+```
+app.allowedHostnames.0 = 'yourdomain.com'
+app.allowedHostnames.1 = 'www.yourdomain.com'
+```
+
+**For local development**, use:
+```
+app.allowedHostnames.0 = 'localhost'
+```
+
+If `allowedHostnames` is not configured:
+1. A security warning will be logged
+2. The application will fall back to 'localhost' as the hostname
+3. This means URLs generated by the application (links, redirects, etc.) will point to 'localhost'
+
+### HTTPS Behind Proxy
+
+If your installation is behind a proxy with SSL offloading, set:
+```
+FORCE_HTTPS = true
+```
+
 ## Local install
 
-First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.php`, that most likely means you have cloned the repository and have not built the project.  To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
+First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
 
-1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/packages/1047637) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
+1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
 2. Create/locate a new MySQL database to install Open Source Point of Sale into.
-3. Execute the file `database/database.sql` to create the tables needed.
-4. Unzip and upload Open Source Point of Sale files to the web-server.
-5. Open `app/Config/database.php` and modify credentials to connect to your database if needed.
-6. Open `app/Config/config.php` and swap the encryption key with your own.
+3. Unzip and upload Open Source Point of Sale files to the web-server.
+4. If `.env` does not exist, copy `.env.example` to `.env`.
+5. Open `.env` and modify credentials to connect to your database if needed.
+6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
 7. Go to your install `public` dir via the browser.
 8. Log in using
    - Username: admin
    - Password: pointofsale
-9. Enjoy!
-10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
+9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
+10. Enjoy!
+11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
 
 ## Local install using Docker
 

LICENSE

@@ -1,30 +1,30 @@
 MIT License
 
-Copyright (c) 2013-2023 jekkos
+Copyright (c) 2013-2025 jekkos
+Copyright (c) 2017-2025 objecttothis
+Copyright (c) 2017-2025 odiea
+Copyright (c) 2021-2025 BudsieBuds
+Copyright (c) 2017-2024 Steve Ireland
+Copyright (c) 2018-2024 WebShells
 Copyright (c) 2015-2023 FrancescoUK (aka daN4cat)
-Copyright (c) 2017-2023 Steve Ireland
-Copyright (c) 2017-2023 objecttothis
-Copyright (c) 2017-2023 odiea
-Copyright (c) 2017-2023 WebShells
-Copyright (c) 2020-2021 Andriux1990
-Copyright (c) 2021 BudsieBuds
+Copyright (c) 2015-2022 Aamir Shahzad (aka asakpke), RoshanTech, eSite.pk
+Copyright (c) 2019-2020 Andriux1990
+Copyright (c) 2018-2019 Erasto Marroquin (aka Erastus)
 Copyright (c) 2019 Loyd Jayme (aka loydjayme25)
-Copyright (c) 2018 Erasto Marroquin (aka Erastus)
 Copyright (c) 2018 Nathan Sas (aka nathanzky)
 Copyright (c) 2018 Emilio Silva (aka emi-silva)
-Copyright (c) 2017 Jesus Guerrero Botella (aka i92guboj)
+Copyright (c) 2016-2017 Ramkrishna Mondal (aka RamkrishnaMondal)
+Copyright (c) 2016-2017 Jorge Colmenarez (aka jlctmaster), frontuari.com
+Copyright (c) 2016-2017 Jesus Guerrero Botella (aka i92guboj)
 Copyright (c) 2017 Deep Shah (aka deepshah)
 Copyright (c) 2017 Joshua Fernandez (aka joshua1234511)
 Copyright (c) 2017 asadjaved63
-Copyright (c) 2016-2017 Ramkrishna Mondal (aka RamkrishnaMondal)
-Copyright (c) 2016-2017 Jorge Colmenarez (aka jlctmaster), frontuari.com
 Copyright (c) 2016 Rinaldy@dbarber (aka rnld26)
-Copyright (c) 2015-2022 Aamir Shahzad (aka asakpke), RoshanTech, eSite.pk
 Copyright (c) 2015 Toni Haryanto (aka yllumi)
+Copyright (c) 2012-2014 pappastech
 Copyright (c) 2013 Rob Garrison
 Copyright (c) 2013 Parq
 Copyright (c) 2013 Ramel
-Copyright (c) 2012-2014 pappastech
 Copyright (c) 2012 Alain
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -8,7 +8,7 @@
 </p>
 
 <p align="center">
-<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
+<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
 <a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
 <a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
 <a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -94,11 +94,11 @@ NOTE: If you're running non-release code, please make sure you always run the la
 
 - Apache server configurations are SysAdmin issues and not strictly related to OSPOS. Please make sure you can show a "Hello world" HTML page before pointing to OSPOS public directory. Make sure `.htaccess` is correctly configured.
 
-- If the avatar pictures are not shown in items or at item save you get an error, please make sure your `public` and subdirs are assigned to the correct owner and the access permission is set to `750`.
+- If the avatar pictures are not shown in items or at item save you get an error, please make sure your `writable` and subdirs are assigned to the correct owner and the access permission is set to `750`.
 
 - If you install OSPOS in Docker behind a proxy that performs `ssloffloading`, you can enable the URL generated to be HTTPS instead of HTTP, by activating the environment variable `FORCE_HTTPS = 1`.
 
-- If you install OSPOS behind a proxy and OSPOS constantly drops your session, consider whitelisting the proxy IP address by setting `$config['proxy_ips'] = '<proxy ip>';` in the [main PHP config file](https://github.com/opensourcepos/opensourcepos/blob/master/application/config/config.php). In extreme instances, changing `$config['sess_match_ip'] = true;` to `FALSE` may also help.
+- If you install OSPOS behind a proxy and OSPOS constantly drops your session, consider whitelisting the proxy IP address by setting `public array $proxyIPs = [];` in the [main PHP config file](https://github.com/opensourcepos/opensourcepos/blob/master/app/Config/App.php).
 
 - If you have suhosin installed and face an issue with CSRF, please make sure you read [issue #1492](https://github.com/opensourcepos/opensourcepos/issues/1492).
 
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o
 
 ## 🙏 Credits
 
-| <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
-|--- | --- |
-| <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
-| Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |
+| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
+| --- | --- | --- |
+| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
+| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |

SECURITY.md

@@ -1,9 +1,9 @@
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
-
 - [Security Policy](#security-policy)
   - [Supported Versions](#supported-versions)
+  - [Security Advisories](#security-advisories)
   - [Reporting a Vulnerability](#reporting-a-vulnerability)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,13 +12,35 @@
 
 ## Supported Versions
 
-We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
+We release patches for security vulnerabilities.
 
-| CVSS v3.0 | Supported Versions                                 |
-| --------- | -------------------------------------------------- |
-| 7.3       | 3.3.5                                              |
-| 9.8       | 3.3.6                                              |
+| Version   | Supported          |
+| --------- | ------------------ |
+| >= 3.4.2  | :white_check_mark: |
+| < 3.4.2   | :x:                |
+
+## Security Advisories
+
+The following security vulnerabilities have been published:
+
+### High Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
+
+### Medium Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
+
+For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities to **[jekkos@opensourcepos.org](mailto:jekkos@opensourcepos.org)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
+Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. 
+
+You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

UPGRADE.md

@@ -1,5 +1,8 @@
 ## How to Upgrade
 
+> [!WARNING]
+> Not updated for upcoming CodeIgniter4 release (3.4.0 and subsequent versions).
+
 1. Back up all your current database and OSPOS code.
 2. Make sure you have a copy of `application/config/config.php` and `application/config/database.php`.
 3. Remove all directories.

app/Config/App.php

@@ -7,61 +7,69 @@ use CodeIgniter\Session\Handlers\DatabaseHandler;
 
 class App extends BaseConfig
 {
-	/**
-	 * This is the code version of the Open Source Point of Sale you're running.
-	 *
-	 * @var string
-	 */
-	public string $application_version = '3.4.0-dev';
-
-	/**
-	 * This is the commit hash for the version you are currently using.
-	 *
-	 * @var string
-	 */
-	public string $commit_sha1 = 'dev';
-
-	/**
-	 * Logs are stored in writable/logs
-	 *
-	 * @var bool
-	 */
-	public bool $db_log_enabled = false;
-
-	/**
-	 * DB Query Log only long-running queries
-	 *
-	 * @var bool
-	 */
-	public bool $db_log_only_long = false;
-
-	/**
-	 * Defines whether to require/reroute to HTTPS
-	 *
-	 * @var bool
-	 */
-	public bool $https_on;	//Set in the constructor
-
-	/**
-	 * --------------------------------------------------------------------------
-	 * Base Site URL
-	 * --------------------------------------------------------------------------
-	 *
-	 * URL to your CodeIgniter root. Typically, this will be your base URL,
-	 * WITH a trailing slash:
-	 *
-	 * E.g., http://example.com/
-	 */
-	public string $baseURL;	//Defined in the constructor
+    /**
+     * This is the code version of the Open Source Point of Sale you're running.
+     *
+     * @var string
+     */
+    public string $application_version = '3.4.2';
 
     /**
-     * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
-     * If you want to accept multiple Hostnames, set this.
+     * This is the commit hash for the version you are currently using.
      *
-     * E.g.,
-     * When your site URL ($baseURL) is 'http://example.com/', and your site
-     * also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
-     *     ['media.example.com', 'accounts.example.com']
+     * @var string
+     */
+    public string $commit_sha1 = 'dev';
+
+    /**
+     * Logs are stored in writable/logs
+     *
+     * @var bool
+     */
+    public bool $db_log_enabled = false;
+
+    /**
+     * DB Query Log only long-running queries
+     *
+     * @var bool
+     */
+    public bool $db_log_only_long = false;
+
+    /**
+     * Defines whether to require/reroute to HTTPS
+     *
+     * @var bool
+     */
+    public bool $https_on;    // Set in the constructor
+
+    /**
+     * --------------------------------------------------------------------------
+     * Base Site URL
+     * --------------------------------------------------------------------------
+     *
+     * URL to your CodeIgniter root. Typically, this will be your base URL,
+     * WITH a trailing slash:
+     *
+     * E.g., http://example.com/
+     */
+    public string $baseURL;    // Defined in the constructor
+
+    /**
+     * Allowed Hostnames for the Site URL.
+     * 
+     * Security: This is used to validate the HTTP Host header to prevent
+     * Host Header Injection attacks. If the Host header doesn't match
+     * an entry in this list, the request will use the first allowed hostname.
+     * 
+     * IMPORTANT: This MUST be configured for production deployments.
+     * If empty, the application will fall back to 'localhost'.
+     * 
+     * Configure via .env file:
+     *   app.allowedHostnames.0 = 'example.com'
+     *   app.allowedHostnames.1 = 'www.example.com'
+     * 
+     * For local development:
+     *   app.allowedHostnames.0 = 'localhost'
      *
      * @var list<string>
      */
@@ -117,7 +125,7 @@ class App extends BaseConfig
     | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
     |
     */
-    public string $permittedURIChars = 'a-z 0-9~%.:_\-';
+    public string $permittedURIChars = 'a-z 0-9~%.:_\-=';
 
     /**
      * --------------------------------------------------------------------------
@@ -143,63 +151,64 @@ class App extends BaseConfig
      */
     public bool $negotiateLocale = true;
 
-	/**
-	 * --------------------------------------------------------------------------
-	 * Supported Locales
-	 * --------------------------------------------------------------------------
-	 *
-	 * If $negotiateLocale is true, this array lists the locales supported
-	 * by the application in descending order of priority. If no match is
-	 * found, the first locale will be used.
-	 *
-	 * IncomingRequest::setLocale() also uses this list.
-	 *
-	 * @var list<string>
-	 */
-	public array $supportedLocales = [
-		'ar-EG',
-		'ar-LB',
-		'az',
-		'bg',
-		'bs',
-		'cs',
-		'da',
-		'de-CH',
-		'de-DE',
-		'el',
+    /**
+     * --------------------------------------------------------------------------
+     * Supported Locales
+     * --------------------------------------------------------------------------
+     *
+     * If $negotiateLocale is true, this array lists the locales supported
+     * by the application in descending order of priority. If no match is
+     * found, the first locale will be used.
+     *
+     * IncomingRequest::setLocale() also uses this list.
+     *
+     * @var list<string>
+     */
+    public array $supportedLocales = [
+        'ar-EG',
+        'ar-LB',
+        'az',
+        'bg',
+        'bs',
+        'ckb',
+        'cs',
+        'da',
+        'de-CH',
+        'de-DE',
+        'el',
         'en',
-		'en-GB',
-		'es-ES',
-		'es-MX',
-		'fa',
-		'fr',
-		'he',
-		'hr-HR',
-		'hu',
-		'hy',
-		'id',
-		'it',
-		'km',
-		'lo',
-		'ml',
-		'nb',
-		'nl-BE',
+        'en-GB',
+        'es-ES',
+        'es-MX',
+        'fa',
+        'fr',
+        'he',
+        'hr-HR',
+        'hu',
+        'hy',
+        'id',
+        'it',
+        'km',
+        'lo',
+        'ml',
+        'nb',
+        'nl-BE',
         'nl-NL',
-		'pl',
-		'pt-BR',
-		'ro',
-		'ru',
-		'sv',
-		'ta',
-		'th',
-		'tl',
-		'tr',
-		'uk',
-		'ur',
-		'vi',
-		'zh-Hans',
-		'zh-Hant',
-	];
+        'pl',
+        'pt-BR',
+        'ro',
+        'ru',
+        'sv',
+        'ta',
+        'th',
+        'tl',
+        'tr',
+        'uk',
+        'ur',
+        'vi',
+        'zh-Hans',
+        'zh-Hant',
+    ];
 
     /**
      * --------------------------------------------------------------------------
@@ -261,30 +270,66 @@ class App extends BaseConfig
      */
     public array $proxyIPs = [];
 
-	/**
-	 * --------------------------------------------------------------------------
-	 * Content Security Policy
-	 * --------------------------------------------------------------------------
-	 *
-	 * Enables the Response's Content Secure Policy to restrict the sources that
-	 * can be used for images, scripts, CSS files, audio, video, etc. If enabled,
-	 * the Response object will populate default values for the policy from the
-	 * `ContentSecurityPolicy.php` file. Controllers can always add to those
-	 * restrictions at run time.
-	 *
-	 * For a better understanding of CSP, see these documents:
-	 *
-	 * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
-	 * @see http://www.w3.org/TR/CSP/
-	 */
-	public bool $CSPEnabled = false;
+    /**
+     * --------------------------------------------------------------------------
+     * Content Security Policy
+     * --------------------------------------------------------------------------
+     *
+     * Enables the Response's Content Secure Policy to restrict the sources that
+     * can be used for images, scripts, CSS files, audio, video, etc. If enabled,
+     * the Response object will populate default values for the policy from the
+     * `ContentSecurityPolicy.php` file. Controllers can always add to those
+     * restrictions at run time.
+     *
+     * For a better understanding of CSP, see these documents:
+     *
+     * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+     * @see http://www.w3.org/TR/CSP/
+     */
+    public bool $CSPEnabled = false;    // TODO: Currently CSP3 tags are not supported so enabling this causes problems with script-src-elem, style-src-attr and style-src-elem
 
-	public function __construct()
-	{
-		parent::__construct();
-		$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
-		$this->baseURL = $this->https_on ? 'https' : 'http';
-		$this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
-		$this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
-	}
+    public function __construct()
+    {
+        parent::__construct();
+        $this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
+        
+        $host = $this->getValidHost();
+        $this->baseURL = $this->https_on ? 'https' : 'http';
+        $this->baseURL .= '://' . $host . '/';
+        $this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
+    }
+
+    /**
+     * Validates and returns a trusted hostname.
+     * 
+     * Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
+     * by validating the HTTP_HOST against a whitelist of allowed hostnames.
+     * 
+     * @return string A validated hostname
+     */
+    private function getValidHost(): string
+    {
+        $httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
+
+        if (empty($this->allowedHostnames)) {
+            log_message('warning', 
+                'Security: allowedHostnames is not configured. ' .
+                'Host header injection protection is disabled. ' .
+                'Please set app.allowedHostnames in your .env file. ' .
+                'Received Host: ' . $httpHost
+            );
+            return 'localhost';
+        }
+
+        if (in_array($httpHost, $this->allowedHostnames, true)) {
+            return $httpHost;
+        }
+
+        log_message('warning', 
+            'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
+            'Using fallback: ' . $this->allowedHostnames[0]
+        );
+
+        return $this->allowedHostnames[0];
+    }
 }

app/Config/Autoload.php

@@ -42,7 +42,7 @@ class Autoload extends AutoloadConfig
     public $psr4 = [
         APP_NAMESPACE => APPPATH,
         'Config'      => APPPATH . 'Config',
-		'dompdf' => APPPATH . 'ThirdParty/dompdf/src'
+        'dompdf'      => APPPATH . 'ThirdParty/dompdf/src'
     ];
 
     /**
@@ -62,115 +62,115 @@ class Autoload extends AutoloadConfig
      *
      * @var array<string, string>
      */
-	public $classmap = [
-		//Controllers
-		'Attributes' => '/App/Controllers/Attributes.php',
-		'Cashups' => '/App/Controllers/Cashups.php',
-		'Config' => '/App/Controllers/Config.php',
-		'Customers' => '/App/Controllers/Customers.php',
-		'Employees' => '/App/Controllers/Employees.php',
-		'Expenses' => '/App/Controllers/Expenses.php',
-		'Expenses_categories' => '/App/Controllers/Expenses_categories.php',
-		'Giftcards' => '/App/Controllers/Giftcards.php',
-		'Home' => '/App/Controllers/Home.php',
-		'Item_kits' => '/App/Controllers/Item_kits.php',
-		'Items' => '/App/Controllers/Items.php',
-		'Login' => '/App/Controllers/Login.php',
-		'Messages' => '/App/Controllers/Messages.php',
-		'No_access' => '/App/Controllers/No_access.php',
-		'Office' => '/App/Controllers/Office.php',
-		'Persons' => '/App/Controllers/Persons.php',
-		'Receivings' => '/App/Controllers/Receivings.php',
-		'Reports' => '/App/Controllers/Reports.php',
-		'Sales' => '/App/Controllers/Sales.php',
-		'Secure_Controller' => '/App/Controllers/Secure_Controller.php',
-		'Suppliers' => '/App/Controllers/Suppliers.php',
-		'Tax_categories' => '/App/Controllers/Tax_categories.php',
-		'Tax_codes' => '/App/Controllers/Tax_codes.php',
-		'Tax_jurisdictions' => '/App/Controllers/Tax_jurisdictions.php',
-		'Taxes' => '/App/Controllers/Taxes.php',
+    public $classmap = [
+        // Controllers
+        'Attributes'          => '/App/Controllers/Attributes.php',
+        'Cashups'             => '/App/Controllers/Cashups.php',
+        'Config'              => '/App/Controllers/Config.php',
+        'Customers'           => '/App/Controllers/Customers.php',
+        'Employees'           => '/App/Controllers/Employees.php',
+        'Expenses'            => '/App/Controllers/Expenses.php',
+        'Expenses_categories' => '/App/Controllers/Expenses_categories.php',
+        'Giftcards'           => '/App/Controllers/Giftcards.php',
+        'Home'                => '/App/Controllers/Home.php',
+        'Item_kits'           => '/App/Controllers/Item_kits.php',
+        'Items'               => '/App/Controllers/Items.php',
+        'Login'               => '/App/Controllers/Login.php',
+        'Messages'            => '/App/Controllers/Messages.php',
+        'No_access'           => '/App/Controllers/No_access.php',
+        'Office'              => '/App/Controllers/Office.php',
+        'Persons'             => '/App/Controllers/Persons.php',
+        'Receivings'          => '/App/Controllers/Receivings.php',
+        'Reports'             => '/App/Controllers/Reports.php',
+        'Sales'               => '/App/Controllers/Sales.php',
+        'Secure_Controller'   => '/App/Controllers/Secure_Controller.php',
+        'Suppliers'           => '/App/Controllers/Suppliers.php',
+        'Tax_categories'      => '/App/Controllers/Tax_categories.php',
+        'Tax_codes'           => '/App/Controllers/Tax_codes.php',
+        'Tax_jurisdictions'   => '/App/Controllers/Tax_jurisdictions.php',
+        'Taxes'               => '/App/Controllers/Taxes.php',
 
-		//Models
-		'Appconfig' => '/App/Models/Appconfig.php',
-		'Attribute' => '/App/Models/Attribute.php',
-		'Cashup' => '/App/Models/Cashup.php',
-		'Customer' => '/App/Models/Customer.php',
-		'Customer_rewards' => '/App/Models/Customer_rewards.php',
-		'Dinner_table' => '/App/Models/Dinner_table.php',
-		'Employee' => '/App/Models/Employee.php',
-		'Expense' => '/App/Models/Expense.php',
-		'Expense_category' => '/App/Models/Expense_category.php',
-		'Giftcard' => '/App/Models/Giftcard.php',
-		'Inventory' => '/App/Models/Inventory.php',
-		'Item_kit' => '/App/Models/Item_kit.php',
-		'Item_kit_items' => '/App/Models/Item_kit_items.php',
-		'Item_quantity' => '/App/Models/Item_quantity.php',
-		'Item_taxes' => '/App/Models/Item_taxes.php',
-		'Module' => '/App/Models/Module.php',
-		'Person' => '/App/Models/Person.php',
-		'Receiving' => '/App/Models/Receiving.php',
-		'Rewards' => '/App/Models/Rewards.php',
-		'Sale' => '/App/Models/Sale.php',
-		'Stock_location' => '/App/Models/Stock_location.php',
-		'Supplier' => '/App/Models/Supplier.php',
-		'Tax' => '/App/Models/Tax.php',
-		'Tax_category' => '/App/Models/Tax_category.php',
-		'Tax_code' => '/App/Models/Tax_code.php',
-		'Tax_jurisdiction' => '/App/Models/Tax_jurisdiction.php',
+        // Models
+        'Appconfig'        => '/App/Models/Appconfig.php',
+        'Attribute'        => '/App/Models/Attribute.php',
+        'Cashup'           => '/App/Models/Cashup.php',
+        'Customer'         => '/App/Models/Customer.php',
+        'Customer_rewards' => '/App/Models/Customer_rewards.php',
+        'Dinner_table'     => '/App/Models/Dinner_table.php',
+        'Employee'         => '/App/Models/Employee.php',
+        'Expense'          => '/App/Models/Expense.php',
+        'Expense_category' => '/App/Models/Expense_category.php',
+        'Giftcard'         => '/App/Models/Giftcard.php',
+        'Inventory'        => '/App/Models/Inventory.php',
+        'Item_kit'         => '/App/Models/Item_kit.php',
+        'Item_kit_items'   => '/App/Models/Item_kit_items.php',
+        'Item_quantity'    => '/App/Models/Item_quantity.php',
+        'Item_taxes'       => '/App/Models/Item_taxes.php',
+        'Module'           => '/App/Models/Module.php',
+        'Person'           => '/App/Models/Person.php',
+        'Receiving'        => '/App/Models/Receiving.php',
+        'Rewards'          => '/App/Models/Rewards.php',
+        'Sale'             => '/App/Models/Sale.php',
+        'Stock_location'   => '/App/Models/Stock_location.php',
+        'Supplier'         => '/App/Models/Supplier.php',
+        'Tax'              => '/App/Models/Tax.php',
+        'Tax_category'     => '/App/Models/Tax_category.php',
+        'Tax_code'         => '/App/Models/Tax_code.php',
+        'Tax_jurisdiction' => '/App/Models/Tax_jurisdiction.php',
 
-		//Reports
-		'Report' => '/App/Models/Reports/Report.php',
-		'Detailed_receiving' => '/App/Models/Reports/Detailed_receiving.php',
-		'Detailed_sales' => '/App/Models/Reports/Detailed_sales.php',
-		'Inventory_low' => '/App/Models/Reports/Inventory_low.php',
-		'Inventory_summary' => '/App/Models/Reports/Inventory_summary.php',
-		'Specific_customer' => '/App/Models/Reports/Specific_customer.php',
-		'Specific_discount' => '/App/Models/Reports/Specific_discount.php',
-		'Specific_employee' => '/App/Models/Reports/Specific_employee.php',
-		'Specific_supplier' => '/App/Models/Reports/Specific_supplier.php',
-		'Summary_categories' => '/App/Models/Reports/Summary_categories.php',
-		'Summary_customers' => '/App/Models/Reports/Summary_customers.php',
-		'Summary_discounts' => '/App/Models/Reports/Summary_discounts.php',
-		'Summary_employees' => '/App/Models/Reports/Summary_employees.php',
-		'Summary_expenses_categories' => '/App/Models/Reports/Summary_expenses_categories.php',
-		'Summary_items' => '/App/Models/Reports/Summary_items.php',
-		'Summary_payments' => '/App/Models/Reports/Summary_payments.php',
-		'Summary_report' => '/App/Models/Reports/Summary_report.php',
-		'Summary_sales' => '/App/Models/Reports/Summary_sales.php',
-		'Summary_sales_taxes' => '/App/Models/Reports/Summary_sales_taxes.php',
-		'Summary_suppliers' => '/App/Models/Reports/Summary_suppliers.php',
-		'Summary_taxes' => '/App/Models/Reports/Summary_taxes.php',
+        // Reports
+        'Report'                      => '/App/Models/Reports/Report.php',
+        'Detailed_receiving'          => '/App/Models/Reports/Detailed_receiving.php',
+        'Detailed_sales'              => '/App/Models/Reports/Detailed_sales.php',
+        'Inventory_low'               => '/App/Models/Reports/Inventory_low.php',
+        'Inventory_summary'           => '/App/Models/Reports/Inventory_summary.php',
+        'Specific_customer'           => '/App/Models/Reports/Specific_customer.php',
+        'Specific_discount'           => '/App/Models/Reports/Specific_discount.php',
+        'Specific_employee'           => '/App/Models/Reports/Specific_employee.php',
+        'Specific_supplier'           => '/App/Models/Reports/Specific_supplier.php',
+        'Summary_categories'          => '/App/Models/Reports/Summary_categories.php',
+        'Summary_customers'           => '/App/Models/Reports/Summary_customers.php',
+        'Summary_discounts'           => '/App/Models/Reports/Summary_discounts.php',
+        'Summary_employees'           => '/App/Models/Reports/Summary_employees.php',
+        'Summary_expenses_categories' => '/App/Models/Reports/Summary_expenses_categories.php',
+        'Summary_items'               => '/App/Models/Reports/Summary_items.php',
+        'Summary_payments'            => '/App/Models/Reports/Summary_payments.php',
+        'Summary_report'              => '/App/Models/Reports/Summary_report.php',
+        'Summary_sales'               => '/App/Models/Reports/Summary_sales.php',
+        'Summary_sales_taxes'         => '/App/Models/Reports/Summary_sales_taxes.php',
+        'Summary_suppliers'           => '/App/Models/Reports/Summary_suppliers.php',
+        'Summary_taxes'               => '/App/Models/Reports/Summary_taxes.php',
 
-		//Tokens
-		'Token' => '/App/Models/Tokens/Token.php',
-		'Token_barcode_ean' => '/App/Models/Tokens/Token_barcode_ean.php',
-		'Token_barcode_price' => '/App/Models/Tokens/Token_barcode_price.php',
-		'Token_barcode_weight' => '/App/Models/Tokens/Token_barcode_weight.php',
-		'Token_customer' => '/App/Models/Tokens/Token_customer.php',
-		'Token_invoice_count' => '/App/Models/Tokens/Token_invoice_count.php',
-		'Token_invoice_sequence' => '/App/Models/Tokens/Token_invoice_sequence.php',
-		'Token_quote_sequence' => '/App/Models/Tokens/Token_quote_sequence.php',
-		'Token_suspended_invoice_count' => '/App/Models/Tokens/Token_suspended_invoice_count.php',
-		'Token_work_order_sequence' => '/App/Models/Tokens/Token_work_order_sequence.php',
-		'Token_year_invoice_count' => '/App/Models/Tokens/Token_year_invoice_count.php',
-		'Token_year_quote_count' => '/App/Models/Tokens/Token_year_quote_count.php',
+        // Tokens
+        'Token'                         => '/App/Models/Tokens/Token.php',
+        'Token_barcode_ean'             => '/App/Models/Tokens/Token_barcode_ean.php',
+        'Token_barcode_price'           => '/App/Models/Tokens/Token_barcode_price.php',
+        'Token_barcode_weight'          => '/App/Models/Tokens/Token_barcode_weight.php',
+        'Token_customer'                => '/App/Models/Tokens/Token_customer.php',
+        'Token_invoice_count'           => '/App/Models/Tokens/Token_invoice_count.php',
+        'Token_invoice_sequence'        => '/App/Models/Tokens/Token_invoice_sequence.php',
+        'Token_quote_sequence'          => '/App/Models/Tokens/Token_quote_sequence.php',
+        'Token_suspended_invoice_count' => '/App/Models/Tokens/Token_suspended_invoice_count.php',
+        'Token_work_order_sequence'     => '/App/Models/Tokens/Token_work_order_sequence.php',
+        'Token_year_invoice_count'      => '/App/Models/Tokens/Token_year_invoice_count.php',
+        'Token_year_quote_count'        => '/App/Models/Tokens/Token_year_quote_count.php',
 
-		//Libraries
-		'Barcode_lib' => '/App/Libraries/Barcode_lib.php',
-		'Email_lib' => '/App/Libraries/Email_lib.php',
-		'Item_lib' => '/App/Libraries/Item_lib.php',
-		'Mailchimp_lib' => '/App/Libraries/Mailchimp_lib.php',
-		'MY_Email' => '/App/Libraries/MY_Email.php',
-		'MY_Migration' => '/App/Libraries/MY_Migration.php',
-		'Receving_lib' => '/App/Libraries/Receiving_lib.php',
-		'Sale_lib' => '/App/Libraries/Sale_lib.php',
-		'Sms_lib' => '/App/Libraries/Sms_lib.php',
-		'Tax_lib' => '/App/Libraries/Tax_lib.php',
-		'Token_lib' => '/App/Libraries/Token_lib.php',
+        // Libraries
+        'Barcode_lib'   => '/App/Libraries/Barcode_lib.php',
+        'Email_lib'     => '/App/Libraries/Email_lib.php',
+        'Item_lib'      => '/App/Libraries/Item_lib.php',
+        'Mailchimp_lib' => '/App/Libraries/Mailchimp_lib.php',
+        'MY_Email'      => '/App/Libraries/MY_Email.php',
+        'MY_Migration'  => '/App/Libraries/MY_Migration.php',
+        'Receving_lib'  => '/App/Libraries/Receiving_lib.php',
+        'Sale_lib'      => '/App/Libraries/Sale_lib.php',
+        'Sms_lib'       => '/App/Libraries/Sms_lib.php',
+        'Tax_lib'       => '/App/Libraries/Tax_lib.php',
+        'Token_lib'     => '/App/Libraries/Token_lib.php',
 
-		//Miscellaneous
-		'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php'
-	];
+        // Miscellaneous
+        'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php'
+    ];
 
     /**
      * -------------------------------------------------------------------
@@ -201,10 +201,10 @@ class Autoload extends AutoloadConfig
      * @var list<string>
      */
     public $helpers = [
-		'form',
-		'cookie',
-		'tabular',
-		'locale',
-		'security'
-	];
+        'form',
+        'cookie',
+        'tabular',
+        'locale',
+        'security'
+    ];
 }

app/Config/Boot/testing.php

@@ -1,38 +1,23 @@
 <?php
 
-/*
- * The environment testing is reserved for PHPUnit testing. It has special
- * conditions built into the framework at various places to assist with that.
- * You can’t use it for your development.
- */
-
 /*
  |--------------------------------------------------------------------------
- | ERROR DISPLAY
+| ERROR DISPLAY
  |--------------------------------------------------------------------------
- | In development, we want to show as many errors as possible to help
- | make sure they don't make it to production. And save us hours of
- | painful debugging.
- */
+*/
 error_reporting(E_ALL);
 ini_set('display_errors', '1');
 
 /*
  |--------------------------------------------------------------------------
- | DEBUG BACKTRACES
+| DEBUG BACKTRACES
  |--------------------------------------------------------------------------
- | If true, this constant will tell the error screens to display debug
- | backtraces along with the other error information. If you would
- | prefer to not see this, set this value to false.
- */
+*/
 defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
 
 /*
  |--------------------------------------------------------------------------
- | DEBUG MODE
+| DEBUG MODE
  |--------------------------------------------------------------------------
- | Debug mode is an experimental flag that can allow changes throughout
- | the system. It's not widely used currently, and may not survive
- | release of the framework.
- */
-defined('CI_DEBUG') || define('CI_DEBUG', true);
+*/
+defined('CI_DEBUG') || define('CI_DEBUG', true);

app/Config/Cache.php

@@ -34,18 +34,6 @@ class Cache extends BaseConfig
      */
     public string $backupHandler = 'dummy';
 
-    /**
-     * --------------------------------------------------------------------------
-     * Cache Directory Path
-     * --------------------------------------------------------------------------
-     *
-     * The path to where cache files should be stored, if using a file-based
-     * system.
-     *
-     * @deprecated Use the driver-specific variant under $file
-     */
-    public string $storePath = WRITEPATH . 'cache/';
-
     /**
      * --------------------------------------------------------------------------
      * Key Prefix
@@ -86,6 +74,7 @@ class Cache extends BaseConfig
      * --------------------------------------------------------------------------
      * File settings
      * --------------------------------------------------------------------------
+     *
      * Your file storage preferences can be specified below, if you are using
      * the File driver.
      *
@@ -100,6 +89,7 @@ class Cache extends BaseConfig
      * -------------------------------------------------------------------------
      * Memcached settings
      * -------------------------------------------------------------------------
+     *
      * Your Memcached servers can be specified below, if you are using
      * the Memcached drivers.
      *

app/Config/Constants.php

@@ -41,10 +41,9 @@ defined('WEEK')   || define('WEEK', 604800);
 defined('MONTH')  || define('MONTH', 2_592_000);
 defined('YEAR')   || define('YEAR', 31_536_000);
 defined('DECADE') || define('DECADE', 315_360_000);
-defined('DEFAULT_DATE') || define('DEFAULT_DATE', mktime(0, 0, 0, 1, 1, 2010));
+defined('DEFAULT_DATE')     || define('DEFAULT_DATE', mktime(0, 0, 0, 1, 1, 2010));
 defined('DEFAULT_DATETIME') || define('DEFAULT_DATETIME', mktime(0, 0, 0, 1, 1, 2010));
-defined('NOW') || define('NOW', time());
-
+defined('NOW')    || define('NOW', time());
 
 /*
  | --------------------------------------------------------------------------
@@ -82,21 +81,6 @@ defined('EXIT_DATABASE')       || define('EXIT_DATABASE', 8);       // database
 defined('EXIT__AUTO_MIN')      || define('EXIT__AUTO_MIN', 9);      // lowest automatically-assigned error code
 defined('EXIT__AUTO_MAX')      || define('EXIT__AUTO_MAX', 125);    // highest automatically-assigned error code
 
-/**
- * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_LOW instead.
- */
-define('EVENT_PRIORITY_LOW', 200);
-
-/**
- * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_NORMAL instead.
- */
-define('EVENT_PRIORITY_NORMAL', 100);
-
-/**
- * @deprecated Use \CodeIgniter\Events\Events::PRIORITY_HIGH instead.
- */
-define('EVENT_PRIORITY_HIGH', 10);
-
 /**
  * Global Constants.
  */
@@ -185,3 +169,8 @@ const MAX_PRECISION = 1e14;
 const DEFAULT_PRECISION = 2;
 const DEFAULT_LANGUAGE = 'english';
 const DEFAULT_LANGUAGE_CODE = 'en';
+
+/**
+ * Admin modules - list of modules required for admin privileges
+ */
+const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

app/Config/ContentSecurityPolicy.php

@@ -47,28 +47,45 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var list<string>|string|null
      */
-    public $defaultSrc;
+    public $defaultSrc = [
+        'self',
+        'www.google.com',
+    ];
 
     /**
      * Lists allowed scripts' URLs.
      *
      * @var list<string>|string
      */
-    public $scriptSrc = 'self';
+    public $scriptSrc = [
+        'self',
+        'unsafe-inline',
+        'unsafe-eval',
+        'www.google.com www.gstatic.com'
+    ];
 
     /**
      * Lists allowed stylesheets' URLs.
      *
      * @var list<string>|string
      */
-    public $styleSrc = 'self';
+    public $styleSrc = [
+        'self',
+        'unsafe-inline',
+        'nonce-{csp-style-nonce}',
+        'https://fonts.googleapis.com',
+    ];
 
     /**
      * Defines the origins from which images can be loaded.
      *
      * @var list<string>|string
      */
-    public $imageSrc = 'self';
+    public $imageSrc = [
+        'self',
+        'data:',
+        'blob:',
+    ];
 
     /**
      * Restricts the URLs that can appear in a page's `<base>` element.
@@ -92,14 +109,21 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var list<string>|string
      */
-    public $connectSrc = 'self';
+    public $connectSrc = [
+        'self',
+        'nominatim.openstreetmap.org',
+    ];
 
     /**
      * Specifies the origins that can serve web fonts.
      *
      * @var list<string>|string
      */
-    public $fontSrc;
+    public $fontSrc = [
+        'self',
+        'fonts.googleapis.com',
+        'fonts.gstatic.com',
+    ];
 
     /**
      * Lists valid endpoints for submission from `<form>` tags.
@@ -138,7 +162,7 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var list<string>|string
      */
-    public $objectSrc = 'self';
+    public $objectSrc = 'none';
 
     /**
      * @var list<string>|string|null

app/Config/Database.php

@@ -19,104 +19,99 @@ class Database extends Config
      */
     public string $defaultGroup = 'default';
 
-	/**
-	 * The default database connection.
-	 *
-	 * @var array<string, mixed>
-	 */
-	public array $default = [
-		'DSN' => '',
-		'hostname' => 'localhost',
-		'username' => 'admin',
-		'password' => 'pointofsale',
-		'database' => 'ospos',
-		'DBDriver' => 'MySQLi',
-		'DBPrefix' => 'ospos_',
-		'pConnect' => false,
-		'DBDebug' => (ENVIRONMENT !== 'production'),
-		'charset' => 'utf8mb4',
-		'DBCollat' => 'utf8mb4_general_ci',
-		'swapPre' => '',
-		'encrypt' => false,
-		'compress' => false,
-		'strictOn' => false,
-		'failover' => [],
-		'port' => 3306,
-		'numberNative' => false,
-		'dateFormat'   => [
-			'date'     => 'Y-m-d',
-			'datetime' => 'Y-m-d H:i:s',
-			'time'     => 'H:i:s',
-			],
-		];
+    /**
+     * The default database connection.
+     *
+     * @var array<string, mixed>
+     */
+    public array $default = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
 
-	/**
-	 * This database connection is used when
-	 * running PHPUnit database tests.
-	 *
-	 * @var array<string, mixed>
-	 */
-	public array $tests = [
-		'DSN' => '',
-		'hostname' => 'localhost',
-		'username' => 'admin',
-		'password' => 'pointofsale',
-		'database' => 'ospos',
-		'DBDriver' => 'MySQLi',
-		'DBPrefix' => 'ospos_',
-		'pConnect' => false,
-		'DBDebug' => (ENVIRONMENT !== 'production'),
-		'charset' => 'utf8mb4',
-		'DBCollat' => 'utf8mb4_general_ci',
-		'swapPre' => '',
-		'encrypt' => false,
-		'compress' => false,
-		'strictOn' => false,
-		'failover' => [],
-		'port' => 3306,
-		'foreignKeys' => true,
-		'busyTimeout' => 1000,
-		'numberNative' => false,
-		'dateFormat'   => [
-			'date'     => 'Y-m-d',
-			'datetime' => 'Y-m-d H:i:s',
-			'time'     => 'H:i:s',
-		],
-	];
+    /**
+     * This database connection is used when running PHPUnit database tests.
+     *
+     * @var array<string, mixed>
+     */
+    public array $tests = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'foreignKeys'  => true,
+        'busyTimeout'  => 1000,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
 
-	/**
-	 * This database connection is used when
-	 * developing against non-production data.
-	 *
-	 * @var array
-	 */
-	public $development = [
-		'DSN' => '',
-		'hostname' => 'localhost',
-		'username' => 'admin',
-		'password' => 'pointofsale',
-		'database' => 'ospos',
-		'DBDriver' => 'MySQLi',
-		'DBPrefix' => 'ospos_',
-		'pConnect' => false,
-		'DBDebug' => (ENVIRONMENT !== 'production'),
-		'charset' => 'utf8mb4',
-		'DBCollat' => 'utf8mb4_general_ci',
-		'swapPre' => '',
-		'encrypt' => false,
-		'compress' => false,
-		'strictOn' => false,
-		'failover' => [],
-		'port' => 3306,
-		'foreignKeys' => true,
-		'busyTimeout' => 1000,
-		'numberNative' => false,
-		'dateFormat'   => [
-			'date'     => 'Y-m-d',
-			'datetime' => 'Y-m-d H:i:s',
-			'time'     => 'H:i:s',
-		],
-	];
+    /**
+     * This database connection is used when developing against non-production data.
+     *
+     * @var array
+     */
+    public $development = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'foreignKeys'  => true,
+        'busyTimeout'  => 1000,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
 
     public function __construct()
     {
@@ -125,22 +120,20 @@ class Database extends Config
         // Ensure that we always set the database group to 'tests' if
         // we are currently running an automated test suite, so that
         // we don't overwrite live data on accident.
-		switch(ENVIRONMENT)
-		{
-			case 'testing':
-				$this->defaultGroup = 'tests';
-				break;
-			case 'development';
-				$this->defaultGroup = 'development';
-				break;
-		}
+        switch (ENVIRONMENT) {
+            case 'testing':
+                $this->defaultGroup = 'tests';
+                break;
+            case 'development';
+                $this->defaultGroup = 'development';
+                break;
+        }
 
-		foreach ([&$this->development, &$this->tests, &$this->default] as &$config)
-		{
-			$config['hostname'] = !getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
-			$config['username'] = !getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
-			$config['password'] = !getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
-			$config['database'] = !getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
-		}
+        foreach ([&$this->development, &$this->tests, &$this->default] as &$config) {
+            $config['hostname'] = !getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
+            $config['username'] = !getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
+            $config['password'] = !getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
+            $config['database'] = !getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
+        }
     }
 }

app/Config/Events.php

@@ -2,12 +2,12 @@
 
 namespace Config;
 
-use App\Events\Db_log;
-use App\Events\Load_config;
-use App\Events\Method;
 use CodeIgniter\Events\Events;
 use CodeIgniter\Exceptions\FrameworkException;
 use CodeIgniter\HotReloader\HotReloader;
+use App\Events\Db_log;
+use App\Events\Load_config;
+use App\Events\Method;
 
 /*
  * --------------------------------------------------------------------
@@ -26,7 +26,7 @@ use CodeIgniter\HotReloader\HotReloader;
  *      Events::on('create', [$myInstance, 'myMethod']);
  */
 
-Events::on('pre_system', static function () {
+Events::on('pre_system', static function (): void {
     if (ENVIRONMENT !== 'testing') {
         if (ini_get('zlib.output_compression')) {
             throw FrameworkException::forEnabledZlibOutputCompression();
@@ -47,10 +47,10 @@ Events::on('pre_system', static function () {
      */
     if (CI_DEBUG && ! is_cli()) {
         Events::on('DBQuery', 'CodeIgniter\Debug\Toolbar\Collectors\Database::collect');
-        Services::toolbar()->respond();
+        service('toolbar')->respond();
         // Hot Reload route - for framework use on the hot reloader.
         if (ENVIRONMENT === 'development') {
-            Services::routes()->get('__hot-reload', static function () {
+            service('routes')->get('__hot-reload', static function (): void {
                 (new HotReloader())->run();
             });
         }

app/Config/Exceptions.php

@@ -60,12 +60,10 @@ class Exceptions extends BaseConfig
 
     /**
      * --------------------------------------------------------------------------
-     * LOG DEPRECATIONS INSTEAD OF THROWING?
+     * WHETHER TO THROW AN EXCEPTION ON DEPRECATED ERRORS
      * --------------------------------------------------------------------------
-     * By default, CodeIgniter converts deprecations into exceptions. Also,
-     * starting in PHP 8.1 will cause a lot of deprecated usage warnings.
-     * Use this option to temporarily cease the warnings and instead log those.
-     * This option also works for user deprecations.
+     * If set to `true`, DEPRECATED errors are only logged and no exceptions are
+     * thrown. This option also works for user deprecations.
      */
     public bool $logDeprecations = true;
 
@@ -82,7 +80,7 @@ class Exceptions extends BaseConfig
      */
     public string $deprecationLogLevel = LogLevel::WARNING;
 
-    /**
+    /*
      * DEFINE THE HANDLERS USED
      * --------------------------------------------------------------------------
      * Given the HTTP status code, returns exception handler that

app/Config/Feature.php

@@ -10,7 +10,7 @@ use CodeIgniter\Config\BaseConfig;
 class Feature extends BaseConfig
 {
     /**
-     * Use improved new auto routing instead of the default legacy version.
+     * Use improved new auto routing instead of the legacy version.
      */
     public bool $autoRoutesImproved = true;
 
@@ -26,4 +26,12 @@ class Feature extends BaseConfig
      * If false, `limit(0)` returns no records. (the behavior of 3.1.9 or later in version 3.x.)
      */
     public bool $limitZeroAsAll = true;
+
+    /**
+     * Use strict location negotiation.
+     *
+     * By default, the locale is selected based on a loose comparison of the language code (ISO 639-1)
+     * Enabling strict comparison will also consider the region code (ISO 3166-1 alpha-2).
+     */
+    public bool $strictLocaleNegotiation = false;
 }

app/Config/Filters.php

@@ -70,7 +70,7 @@ class Filters extends BaseFilters
     public array $globals = [
         'before' => [
             'honeypot',
-            //'csrf' => ['except' => 'login'],	//TODO: Temporarily disable CSRF until we get everything sorted.
+            'csrf' => ['except' => 'login'],
             'invalidchars',
         ],
         'after' => [
@@ -100,9 +100,25 @@ class Filters extends BaseFilters
      * before or after URI patterns.
      *
      * Example:
-     * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
+     * isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
      *
      * @var array<string, array<string, list<string>>>
      */
     public array $filters = [];
+
+    /**
+     * Constructor to conditionally disable CSRF filter in testing environment
+     */
+    public function __construct()
+    {
+        // Check for testing environment via env variable or constant
+        $isTesting = ($_ENV['CI_ENVIRONMENT'] ?? $_SERVER['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT')) === 'testing'
+            || (defined('ENVIRONMENT') && ENVIRONMENT === 'testing');
+
+        // Remove CSRF filter from globals in testing environment
+        if ($isTesting) {
+            // Remove the 'csrf' key from $globals['before'] while preserving array structure
+            $this->globals['before'] = array_filter($this->globals['before'], static fn($key) => $key !== 'csrf', ARRAY_FILTER_USE_KEY);
+        }
+    }
 }

app/Config/Format.php

@@ -3,7 +3,6 @@
 namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
-use CodeIgniter\Format\FormatterInterface;
 use CodeIgniter\Format\JSONFormatter;
 use CodeIgniter\Format\XMLFormatter;
 
@@ -62,16 +61,4 @@ class Format extends BaseConfig
         'application/xml'  => 0,
         'text/xml'         => 0,
     ];
-
-    /**
-     * A Factory method to return the appropriate formatter for the given mime type.
-     *
-     * @return FormatterInterface
-     *
-     * @deprecated This is an alias of `\CodeIgniter\Format\Format::getFormatter`. Use that instead.
-     */
-    public function getFormatter(string $mime)
-    {
-        return Services::format()->getFormatter($mime);
-    }
 }

app/Config/Kint.php

@@ -3,7 +3,6 @@
 namespace Config;
 
 use Kint\Parser\ConstructablePluginInterface;
-use Kint\Renderer\AbstractRenderer;
 use Kint\Renderer\Rich\TabPluginInterface;
 use Kint\Renderer\Rich\ValuePluginInterface;
 
@@ -41,7 +40,6 @@ class Kint
     */
     public string $richTheme = 'aante-light.css';
     public bool $richFolder  = false;
-    public int $richSort     = AbstractRenderer::SORT_FULL;
 
     /**
      * @var array<string, class-string<ValuePluginInterface>>|null

app/Config/Mimes.php

@@ -491,11 +491,10 @@ class Mimes
      * @return string|null The mime type found, or none if unable to determine.
      */
     public static function guessTypeFromExtension(string $extension): array|string|null
-	{
+    {
         $extension = trim(strtolower($extension), '. ');
 
-        if (!array_key_exists($extension, static::$mimes))
-		{
+        if (! array_key_exists($extension, static::$mimes)) {
             return null;
         }
 
@@ -510,7 +509,7 @@ class Mimes
      * @return string|null The extension determined, or null if unable to match.
      */
     public static function guessExtensionFromType(string $type, ?string $proposedExtension = null): ?string
-	{
+    {
         $type = trim(strtolower($type), '. ');
 
         $proposedExtension = trim(strtolower($proposedExtension ?? ''));

app/Config/OSPOS.php

@@ -13,45 +13,41 @@ use CodeIgniter\Config\BaseConfig;
  */
 class OSPOS extends BaseConfig
 {
-	public array $settings;
-	public string $commit_sha1 = 'dev';	//TODO: Travis scripts need to be updated to replace this with the commit hash on build
-	private CacheInterface $cache;
+    public array $settings;
+    public string $commit_sha1 = 'dev';    // TODO: Travis scripts need to be updated to replace this with the commit hash on build
+    private CacheInterface $cache;
 
-	public function __construct()
-	{
-		parent::__construct();
-		$this->cache = Services::cache();
-		$this->set_settings();
-	}
+    public function __construct()
+    {
+        parent::__construct();
+        $this->cache = Services::cache();
+        $this->set_settings();
+    }
 
-	/**
-	 * @return void
-	 */
-	public function set_settings(): void
-	{
-		$cache = $this->cache->get('settings');
+    /**
+     * @return void
+     */
+    public function set_settings(): void
+    {
+        $cache = $this->cache->get('settings');
 
-		if($cache)
-		{
-			$this->settings = decode_array($cache);
-		}
-		else
-		{
-			$appconfig = model(Appconfig::class);
-			foreach($appconfig->get_all()->getResult() as $app_config)
-			{
-				$this->settings[$app_config->key] = $app_config->value;
-			}
-			$this->cache->save('settings', encode_array($this->settings));
-		}
-	}
+        if ($cache) {
+            $this->settings = decode_array($cache);
+        } else {
+            $appconfig = model(Appconfig::class);
+            foreach ($appconfig->get_all()->getResult() as $app_config) {
+                $this->settings[$app_config->key] = $app_config->value;
+            }
+            $this->cache->save('settings', encode_array($this->settings));
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function update_settings(): void
-	{
-		$this->cache->delete('settings');
-		$this->set_settings();
-	}
+    /**
+     * @return void
+     */
+    public function update_settings(): void
+    {
+        $this->cache->delete('settings');
+        $this->set_settings();
+    }
 }

app/Config/Pager.php

@@ -35,27 +35,27 @@ class Pager extends BaseConfig
      */
     public int $perPage = 20;
 
-	/**
-	 * --------------------------------------------------------------------------
-	 * Bootstrap 3 pagination links styling
-	 * --------------------------------------------------------------------------
-	 *
-	 * Source code from http://stackoverflow.com/questions/20088779/bootstrap-3-pagination-with-codeigniter
-	 */
-	public $config = [
-		'full_tag_open' => "<ul class='pagination pagination-sm'>",
-		'full_tag_close' => '</ul>',
-		'num_tag_open' => '<li>',
-		'num_tag_close' => '</li>',
-		'cur_tag_open' => "<li class='disabled'><li class='active'><a href='#'>",
-		'cur_tag_close' => "<span class='sr-only'></span></a></li>",
-		'next_tag_open' => "<li>",
-		'next_tagl_close' => "</li>",
-		'prev_tag_open' => "<li>",
-		'prev_tagl_close' => "</li>",
-		'first_tag_open' => "<li>",
-		'first_tagl_close' => "</li>",
-		'last_tag_open' => "<li>",
-		'last_tagl_close' => "</li>"
-	];
+    /**
+     * --------------------------------------------------------------------------
+     * Bootstrap 3 pagination links styling
+     * --------------------------------------------------------------------------
+     *
+     * Source code from http://stackoverflow.com/questions/20088779/bootstrap-3-pagination-with-codeigniter
+     */
+    public $config = [
+        'full_tag_open'    => '<ul class="pagination pagination-sm">',
+        'full_tag_close'   => '</ul>',
+        'num_tag_open'     => '<li>',
+        'num_tag_close'    => '</li>',
+        'cur_tag_open'     => '<li class="disabled"><li class="active"><a href="#">',
+        'cur_tag_close'    => '<span class="sr-only"></span></a></li>',
+        'next_tag_open'    => '<li>',
+        'next_tagl_close'  => '</li>',
+        'prev_tag_open'    => '<li>',
+        'prev_tagl_close'  => '</li>',
+        'first_tag_open'   => '<li>',
+        'first_tagl_close' => '</li>',
+        'last_tag_open'    => '<li>',
+        'last_tagl_close'  => '</li>'
+    ];
 }

app/Config/Security.php

@@ -13,9 +13,9 @@ class Security extends BaseConfig
      *
      * Protection Method for Cross Site Request Forgery protection.
      *
-     * @var string 'cookie' or 'session'
+     * @var string|false 'cookie', 'session', or false
      */
-    public string $csrfProtection = 'cookie';
+    public string|false $csrfProtection = 'session';
 
     /**
      * --------------------------------------------------------------------------
@@ -71,7 +71,7 @@ class Security extends BaseConfig
      *
      * Regenerate CSRF Token on every submission.
      */
-    public bool $regenerate = true;
+    public bool $regenerate = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -83,21 +83,4 @@ class Security extends BaseConfig
      * @see https://codeigniter4.github.io/userguide/libraries/security.html#redirection-on-failure
      */
     public bool $redirect = (ENVIRONMENT === 'production');
-
-    /**
-     * --------------------------------------------------------------------------
-     * CSRF SameSite
-     * --------------------------------------------------------------------------
-     *
-     * Setting for CSRF SameSite cookie token.
-     *
-     * Allowed values are: None - Lax - Strict - ''.
-     *
-     * Defaults to `Lax` as recommended in this link:
-     *
-     * @see https://portswigger.net/web-security/csrf/samesite-cookies
-     *
-     * @deprecated `Config\Cookie` $samesite property is used.
-     */
-    public string $samesite = 'Lax';
 }

app/Config/Services.php

@@ -2,9 +2,12 @@
 
 namespace Config;
 
-use CodeIgniter\Config\BaseService;
+use Locale;
 use HTMLPurifier;
 use HTMLPurifier_Config;
+use CodeIgniter\Config\BaseService;
+use Config\Services as AppServices;
+use CodeIgniter\HTTP\IncomingRequest;
 
 /**
  * Services Configuration file.
@@ -32,21 +35,42 @@ class Services extends BaseService
      * }
      */
 
-	private static $htmlPurifier;
+    /**
+     * Responsible for loading the language string translations.
+     *
+     * @return MY_Language
+     */
+    public static function language(?string $locale = null, bool $getShared = true)
+    {
+        if ($getShared) {
+            return static::getSharedInstance('language', $locale)->setLocale($locale);
+        }
 
-	public static function htmlPurifier($getShared = true)
-	{
-		if ($getShared)
-		{
-			return static::getSharedInstance('htmlPurifier');
-		}
+        if (AppServices::get('request') instanceof IncomingRequest) {
+            $requestLocale = AppServices::get('request')->getLocale();
+        } else {
+            $requestLocale = Locale::getDefault();
+        }
 
-		if (!isset(static::$htmlPurifier))
-		{
-			$config = HTMLPurifier_Config::createDefault();
-			static::$htmlPurifier = new HTMLPurifier($config);
-		}
+        // Use '?:' for empty string check
+        $locale = $locale ?: $requestLocale;
 
-		return static::$htmlPurifier;
-	}
+        return new \App\Libraries\MY_Language($locale);
+    }
+
+    private static $htmlPurifier;
+
+    public static function htmlPurifier($getShared = true)
+    {
+        if ($getShared) {
+            return static::getSharedInstance('htmlPurifier');
+        }
+
+        if (!isset(static::$htmlPurifier)) {
+            $config = HTMLPurifier_Config::createDefault();
+            static::$htmlPurifier = new HTMLPurifier($config);
+        }
+
+        return static::$htmlPurifier;
+    }
 }

app/Config/Validation.php

@@ -2,12 +2,12 @@
 
 namespace Config;
 
-use App\Config\Validation\OSPOSRules;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Validation\StrictRules\CreditCardRules;
 use CodeIgniter\Validation\StrictRules\FileRules;
 use CodeIgniter\Validation\StrictRules\FormatRules;
 use CodeIgniter\Validation\StrictRules\Rules;
+use App\Config\Validation\OSPOSRules;
 
 class Validation extends BaseConfig
 {
@@ -26,8 +26,8 @@ class Validation extends BaseConfig
         FormatRules::class,
         FileRules::class,
         CreditCardRules::class,
-		OSPOSRules::class
-	];
+        OSPOSRules::class,
+    ];
 
     /**
      * Specifies the views that are used to display the

app/Config/Validation/OSPOSRules.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Config\Validation;
 
 use App\Models\Employee;
@@ -12,151 +13,126 @@ use Config\Services;
  */
 class OSPOSRules
 {
-	private IncomingRequest $request;
-	private array $config;
+    private IncomingRequest $request;
+    private array $config;
 
-	/**
-	 * Validates the username and password sent to the login view. User is logged in on successful validation.
-	 *
-	 * @param string $username Username to check against.
-	 * @param string $fields Comma separated string of the fields for validation.
-	 * @param array $data Data sent to the view.
-	 * @param string|null $error The error sent back to the validation handler on failure.
-	 * @return bool True if validation passes or false if there are errors.
-	 * @noinspection PhpUnused
-	 */
-	public function login_check(string $username, string $fields , array $data, ?string &$error = null): bool
-	{
-		$employee = model(Employee::class);
-		$this->request = Services::request();
-		$this->config = config(OSPOS::class)->settings;
+    /**
+     * Validates the username and password sent to the login view. User is logged in on successful validation.
+     *
+     * @param string $username Username to check against.
+     * @param string $fields Comma separated string of the fields for validation.
+     * @param array $data Data sent to the view.
+     * @param string|null $error The error sent back to the validation handler on failure.
+     * @return bool True if validation passes or false if there are errors.
+     * @noinspection PhpUnused
+     */
+    public function login_check(string $username, string $fields, array $data, ?string &$error = null): bool
+    {
+        $employee = model(Employee::class);
+        $this->request = Services::request();
+        $this->config = config(OSPOS::class)->settings;
 
-		//Installation Check
-		if(!$this->installation_check())
-		{
-			$error = lang('Login.invalid_installation');
+        // Installation Check
+        if (!$this->installation_check()) {
+            $error = lang('Login.invalid_installation');
 
-			return false;
-		}
+            return false;
+        }
 
-		$password = $data['password'];
-		if(!$employee->login($username, $password))
-		{
-			$error = lang('Login.invalid_username_and_password');
+        $password = $data['password'];
+        if (!$employee->login($username, $password)) {
+            $error = lang('Login.invalid_username_and_password');
 
-			return false;
-		}
+            return false;
+        }
 
-		$gcaptcha_enabled = array_key_exists('gcaptcha_enable', $this->config) && $this->config['gcaptcha_enable'];
-		if($gcaptcha_enabled)
-		{
-			$g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
+        $gcaptcha_enabled = array_key_exists('gcaptcha_enable', $this->config) && $this->config['gcaptcha_enable'];
+        if ($gcaptcha_enabled) {
+            $g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
 
-			if(!$this->gcaptcha_check($g_recaptcha_response))
-			{
-				$error = lang('Login.invalid_gcaptcha');
+            if (!$this->gcaptcha_check($g_recaptcha_response)) {
+                $error = lang('Login.invalid_gcaptcha');
 
-				return false;
-			}
-		}
+                return false;
+            }
+        }
 
-		return true;
-	}
+        return true;
+    }
 
-	/**
-	 * Checks to see if GCaptcha verification was successful.
-	 *
-	 * @param $response
-	 * @return bool true on successful GCaptcha verification or false if GCaptcha failed.
-	 */
-	private function gcaptcha_check($response): bool
-	{
-		if(!empty($response))
-		{
-			$check = [
-				'secret'   => $this->config['gcaptcha_secret_key'],
-				'response' => $response,
-				'remoteip' => $this->request->getIPAddress()
-			];
+    /**
+     * Checks to see if GCaptcha verification was successful.
+     *
+     * @param $response
+     * @return bool true on successful GCaptcha verification or false if GCaptcha failed.
+     */
+    private function gcaptcha_check($response): bool
+    {
+        if (!empty($response)) {
+            $check = [
+                'secret'   => $this->config['gcaptcha_secret_key'],
+                'response' => $response,
+                'remoteip' => $this->request->getIPAddress()
+            ];
 
-			$ch = curl_init();
+            $ch = curl_init();
 
-			curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
-			curl_setopt($ch, CURLOPT_POST, true);
-			curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
+            curl_setopt($ch, CURLOPT_POST, true);
+            curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
-			$result = curl_exec($ch);
+            $result = curl_exec($ch);
 
-			curl_close($ch);
+            curl_close($ch);
 
-			$status = json_decode($result, true);
+            $status = json_decode($result, true);
 
-			if(!empty($status['success']))
-			{
-				return true;
-			}
-		}
+            if (!empty($status['success'])) {
+                return true;
+            }
+        }
 
-		return false;
-	}
+        return false;
+    }
 
-	/**
-	 * Checks to make sure dependency PHP extensions are installed
-	 *
-	 * @return bool
-	 */
-	private function installation_check(): bool
-	{
-		$installed_extensions = implode(', ', get_loaded_extensions());
-		$required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl'];
-		$pattern = '/';
+    /**
+     * Checks to make sure dependency PHP extensions are installed
+     *
+     * @return bool
+     */
+    private function installation_check(): bool
+    {
+        $installed_extensions = implode(', ', get_loaded_extensions());
+        $required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
+        $pattern = '/';
 
-		foreach($required_extensions as $extension)
-		{
-			$pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
-		}
+        foreach ($required_extensions as $extension) {
+            $pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
+        }
 
-		$pattern .= '/i';
-		$is_installed = preg_match($pattern, $installed_extensions);
+        $pattern .= '/i';
+        $is_installed = preg_match($pattern, $installed_extensions);
 
-		if(!$is_installed)
-		{
-			log_message('error', '[ERROR] Check your php.ini.');
-			log_message('error',"PHP installed extensions: $installed_extensions");
-			log_message('error','PHP required extensions: ' . implode(', ', $required_extensions));
-		}
+        if (!$is_installed) {
+            log_message('error', '[ERROR] Check your php.ini.');
+            log_message('error', "PHP installed extensions: $installed_extensions");
+            log_message('error', 'PHP required extensions: ' . implode(', ', $required_extensions));
+        }
 
-		return $is_installed;
-	}
+        return $is_installed;
+    }
 
-	/**
-	 * Validates the candidate as a decimal number. Takes the locale into account. Used in validation rule calls.
-	 *
-	 * @param string $candidate
-	 * @param string|null $error
-	 * @return bool
-	 * @noinspection PhpUnused
-	 */
-	public function decimal_locale(string $candidate, ?string &$error = null): bool
-	{
-		$candidate = prepare_decimal($candidate);
-		$validation = Services::validation();
-
-		$validation->setRules([
-			'candidate' => 'decimal'
-		]);
-
-		$data = [
-			'candidate' => $candidate
-		];
-
-		if (!$validation->run($data))
-		{
-			$error = $validation->getErrors();
-			return false;
-		}
-
-		return true;
-	}
+    /**
+     * Validates the candidate as a decimal number. Takes the locale into account. Used in validation rule calls.
+     *
+     * @param string $candidate
+     * @param string|null $error
+     * @return bool
+     * @noinspection PhpUnused
+     */
+    public function decimal_locale(string $candidate, ?string &$error = null): bool
+    {
+        return parse_decimals($candidate) !== false;
+    }
 }

app/Controllers/Attributes.php

@@ -3,6 +3,8 @@
 namespace App\Controllers;
 
 use App\Models\Attribute;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 require_once('Secure_Controller.php');
 
@@ -11,251 +13,260 @@ require_once('Secure_Controller.php');
  **/
 class Attributes extends Secure_Controller
 {
-	private Attribute $attribute;
+    private Attribute $attribute;
 
-	public function __construct()
-	{
-		parent::__construct('attributes');
+    public function __construct()
+    {
+        parent::__construct('attributes');
 
-		$this->attribute = model(Attribute::class);
-	}
+        $this->attribute = model(Attribute::class);
+    }
 
-	/**
-	 * Gets and sends the main view for Attributes to the browser.
-	 *
-	 * @return void
-	 **/
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_attribute_definition_manage_table_headers();
+    /**
+     * Gets and sends the main view for Attributes to the browser.
+     *
+     * @return string
+     **/
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_attribute_definition_manage_table_headers();
 
-		echo view('attributes/manage', $data);
-	}
+        return view('attributes/manage', $data);
+    }
 
-	/**
-	 * Returns attribute table data rows. This will be called with AJAX.
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns attribute table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(attribute_definition_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'definition_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$attributes = $this->attribute->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->attribute->get_found_rows($search);
+        $attributes = $this->attribute->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->attribute->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($attributes->getResult() as $attribute_row)
-		{
-			$attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags);
-			$data_rows[] = get_attribute_definition_data_row($attribute_row);
-		}
+        $data_rows = [];
+        foreach ($attributes->getResult() as $attribute_row) {
+            $attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags);
+            $data_rows[] = get_attribute_definition_data_row($attribute_row);
+        }
 
-		echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * AJAX called function which saves the attribute value sent via POST by using the model save function.
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function postSaveAttributeValue(): void
-	{
-		$success = $this->attribute->save_value(
-			html_entity_decode($this->request->getPost('attribute_value')),
-			$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
-			$this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT),
-			$this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT)
-		);
+    /**
+     * AJAX called function which saves the attribute value sent via POST by using the model save function.
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveAttributeValue(): ResponseInterface
+    {
+        $success = $this->attribute->saveAttributeValue(
+            html_entity_decode($this->request->getPost('attribute_value')),
+            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
+            $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
+            $this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false
+        );
 
-		echo json_encode(['success' => $success != 0]);
-	}
+        return $this->response->setJSON(['success' => $success != 0]);
+    }
 
-	/**
-	 * AJAX called function deleting an attribute value using the model delete function.
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function postDelete_attribute_value(): void
-	{
-		$success = $this->attribute->delete_value(
-			html_entity_decode($this->request->getPost('attribute_value')),
-			$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
-		);
+    /**
+     * AJAX called function deleting an attribute value using the model delete function.
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postDeleteDropdownAttributeValue(): ResponseInterface
+    {
+        $success = $this->attribute->deleteDropdownAttributeValue(
+            html_entity_decode($this->request->getPost('attribute_value')),
+            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
+        );
 
-		echo json_encode(['success' => $success]);
-	}
+        return $this->response->setJSON(['success' => $success]);
+    }
 
-	/**
-	 * AJAX called function which saves the attribute definition.
-	 *
-	 * @param int $definition_id
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): void
-	{
-		$definition_flags = 0;
+    /**
+     * AJAX called function which saves the attribute definition.
+     *
+     * @param int $definition_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): ResponseInterface
+    {
+        $definition_flags = 0;
 
-		$flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		foreach($flags as $flag)
-		{
-			$definition_flags |= $flag;
-		}
+        foreach ($flags as $flag) {
+            $definition_flags |= $flag;
+        }
 
-		//Save definition data
-		$definition_data = [
-			'definition_name' => $this->request->getPost('definition_name'),
-			'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
-			'definition_flags' => $definition_flags,
-			'definition_fk' => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : null
-		];
+        // Validate definition_group (definition_fk) foreign key
+        $definition_group_input = $this->request->getPost('definition_group');
+        $definition_fk = $this->validateDefinitionGroup($definition_group_input);
 
-		if ($this->request->getPost('definition_type') != null)
-		{
-			$definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')];
-		}
+        if ($definition_fk === false) {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Attributes.definition_invalid_group'),
+                'id'      => NEW_ENTRY
+            ]);
+        }
 
-		$definition_name = $definition_data['definition_name'];
+        // Save definition data
+        $definition_data = [
+            'definition_name'  => $this->request->getPost('definition_name'),
+            'definition_unit'  => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
+            'definition_flags' => $definition_flags,
+            'definition_fk'    => $definition_fk
+        ];
 
-		if($this->attribute->save_definition($definition_data, $definition_id))
-		{
-			//New definition
-			if($definition_id == NO_DEFINITION_ID)
-			{
-				$definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values')));
+        if ($this->request->getPost('definition_type') != null) {
+            $definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')];
+        }
 
-				foreach($definition_values as $definition_value)
-				{
-					$this->attribute->save_value($definition_value, $definition_data['definition_id']);
-				}
+        $definition_name = $definition_data['definition_name'];
 
-				echo json_encode([
-					'success' => true,
-					'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
-					'id' => $definition_data['definition_id']
-				]);
-			}
-			//Existing definition
-			else
-			{
-				echo json_encode([
-					'success' => true,
-					'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
-					'id' => $definition_id
-				]);
-			}
-		}
-		//Failure
-		else
-		{
-			echo json_encode([
-				'success' => false,
-				'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->attribute->save_definition($definition_data, $definition_id)) {
+            // New definition
+            if ($definition_id == NO_DEFINITION_ID) {
+                $definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values')));
 
-	/**
-	 *
-	 * @param int $definition_id
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function getSuggestAttribute(int $definition_id): void
-	{
-		$suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));
+                foreach ($definition_values as $definition_value) {
+                    $this->attribute->saveAttributeValue($definition_value, $definition_data['definition_id']);
+                }
 
-		echo json_encode($suggestions);
-	}
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
+                    'id'      => $definition_data['definition_id']
+                ]);
+            } else { // Existing definition
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
+                    'id'      => $definition_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$attribute_definition_info = $this->attribute->get_info($row_id);
-		$attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
-		$data_row = get_attribute_definition_data_row($attribute_definition_info);
+    /**
+     * Validates a definition_group foreign key.
+     * Returns the validated integer ID, null if empty, or false if invalid.
+     *
+     * @param mixed $definition_group_input
+     * @return int|null|false
+     */
+    private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
+    {
+        if ($definition_group_input === '' || $definition_group_input === null) {
+            return null;
+        }
 
-		echo json_encode($data_row);
-	}
+        $definition_group_id = (int) $definition_group_input;
 
-	/**
-	 * @param int $definition_flags
-	 * @return array
-	 */
-	private function get_attributes(int $definition_flags = 0): array
-	{
-		$definition_flag_names = [];
-		foreach (Attribute::get_definition_flags() as $id => $term)
-		{
-			if ($id & $definition_flags)
-			{
-				$definition_flag_names[$id] = lang('Attributes.' . strtolower($term) . '_visibility');
-			}
-		}
-		return $definition_flag_names;
-	}
+        // Must be a positive integer, exist in attribute_definitions, and be of type GROUP
+        if ($definition_group_id <= 0
+            || !$this->attribute->exists($definition_group_id)
+            || $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
+        ) {
+            return false;
+        }
 
-	/**
-	 * @param int $definition_id
-	 * @return void
-	 */
-	public function getView(int $definition_id = NO_DEFINITION_ID): void
-	{
-		$info = $this->attribute->get_info($definition_id);
-		foreach(get_object_vars($info) as $property => $value)
-		{
-			$info->$property = $value;
-		}
+        return $definition_group_id;
+    }
 
-		$data['definition_id'] = $definition_id;
-		$data['definition_values'] = $this->attribute->get_definition_values($definition_id);
-		$data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
-		$data['definition_group'][''] = lang('Common.none_selected_text');
-		$data['definition_info'] = $info;
+    /**
+     *
+     * @param int $definition_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getSuggestAttribute(int $definition_id): ResponseInterface
+    {
+        $suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));
 
-		$show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
-		$data['definition_flags'] = $this->get_attributes($show_all);
-		$selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
-		$data['selected_definition_flags'] = $this->get_attributes($selected_flags);
+        return $this->response->setJSON($suggestions);
+    }
 
-		echo view('attributes/form', $data);
-	}
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
+        $attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
+        $data_row = get_attribute_definition_data_row($attribute_definition_info);
 
-	/**
-	 * AJAX called function to delete an attribute value. This is never called in the code. Perhaps it was boiler plate code that just isn't needed?
-	 * @param int $attribute_id
-	 * @return bool
-	 * @noinspection PhpUnused
-	 */
-	public function delete_value(int $attribute_id): bool	//TODO: This function appears to never be used in the codebase.  Is it needed?
-	{
-		return $this->attribute->delete_value($attribute_id, NO_DEFINITION_ID);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * Deletes an attribute definition
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * @param int $definition_flags
+     * @return array
+     */
+    private function get_attributes(int $definition_flags = 0): array
+    {
+        $definition_flag_names = [];
+        foreach (Attribute::get_definition_flags() as $id => $term) {
+            if ($id & $definition_flags) {
+                $definition_flag_names[$id] = lang('Attributes.' . strtolower($term) . '_visibility');
+            }
+        }
+        return $definition_flag_names;
+    }
 
-		if($this->attribute->delete_definition_list($attributes_to_delete))
-		{
-			$message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
-			echo json_encode(['success' => true, 'message' => $message]);
-		}
-		else
-		{
-			echo json_encode(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
-		}
-	}
+    /**
+     * @param int $definition_id
+     * @return string
+     */
+    public function getView(int $definition_id = NO_DEFINITION_ID): string
+    {
+        $info = $this->attribute->getAttributeInfo($definition_id);
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+
+        $data['definition_id'] = $definition_id;
+        $data['definition_values'] = $this->attribute->get_definition_values($definition_id);
+        $data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
+        $data['definition_group'][''] = lang('Common.none_selected_text');
+        $data['definition_info'] = $info;
+
+        $show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
+        $data['definition_flags'] = $this->get_attributes($show_all);
+        $selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
+        $data['selected_definition_flags'] = $this->get_attributes($selected_flags);
+
+        return view('attributes/form', $data);
+    }
+
+    /**
+     * Deletes an attribute definition
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if($this->attribute->deleteDefinitionList($attributes_to_delete)) {
+            $message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
+            return $this->response->setJSON(['success' => true, 'message' => $message]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/BaseController.php

@@ -53,6 +53,6 @@ abstract class BaseController extends Controller
 
         // Preload any models, libraries, etc, here.
 
-        // E.g.: $this->session = \Config\Services::session();
+        // E.g.: $this->session = service('session');
     }
 }

app/Controllers/Cashups.php

@@ -5,320 +5,280 @@ namespace App\Controllers;
 use App\Models\Cashup;
 use App\Models\Expense;
 use App\Models\Reports\Summary_payments;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;
 
 class Cashups extends Secure_Controller
 {
-	 private Cashup $cashup;
-	 private Expense $expense;
-	 private Summary_payments $summary_payments;
-	 private array $config;
+    private Cashup $cashup;
+    private Expense $expense;
+    private Summary_payments $summary_payments;
+    private array $config;
 
-	public function __construct()
-	{
-		parent::__construct('cashups');
+    public function __construct()
+    {
+        parent::__construct('cashups');
 
-		$this->cashup = model(Cashup::class);
-		$this->expense = model(Expense::class);
-		$this->summary_payments = model(Summary_payments::class);
-		$this->config = config(OSPOS::class)->settings;
-	}
+        $this->cashup = model(Cashup::class);
+        $this->expense = model(Expense::class);
+        $this->summary_payments = model(Summary_payments::class);
+        $this->config = config(OSPOS::class)->settings;
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_cashups_manage_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_cashups_manage_table_headers();
 
-		// filters that will be loaded in the multiselect dropdown
-		$data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
+        // filters that will be loaded in the multiselect dropdown
+        $data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
 
-		echo view('cashups/manage', $data);
-	}
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
 
-	/**
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$filters = [
-			 'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),	//TODO: Is this the best way to filter dates
-			 'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			 'is_deleted' => false
-		];
+        return view('cashups/manage', $data);
+    }
 
-		// check if any filter is set in the multiselect dropdown
-		$request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
-		$filters = array_merge($filters, $request_filters);
-		$cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
-		$total_rows = $this->cashup->get_found_rows($search, $filters);
-		$data_rows = [];
-		foreach($cash_ups->getResult() as $cash_up)
-		{
-			$data_rows[] = get_cash_up_data_row($cash_up);
-		}
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $filters = [
+            'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),    // TODO: Is this the best way to filter dates
+            'end_date'   => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'is_deleted' => false
+        ];
 
-		echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        // Check if any filter is set in the multiselect dropdown
+        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
+        $filters = array_merge($filters, $request_filters);
+        $cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->cashup->get_found_rows($search, $filters);
+        $data_rows = [];
+        foreach ($cash_ups->getResult() as $cash_up) {
+            $data_rows[] = get_cash_up_data_row($cash_up);
+        }
 
-	/**
-	 * @param int $cashup_id
-	 * @return void
-	 */
-	public function getView(int $cashup_id = NEW_ENTRY): void
-	{
-		$data = [];
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-		$data['employees'] = [];
-		foreach($this->employee->get_all()->getResult() as $employee)
-		{
-			foreach(get_object_vars($employee) as $property => $value)
-			{
-				$employee->$property = $value;
-			}
+    /**
+     * @param int $cashup_id
+     * @return string
+     */
+    public function getView(int $cashup_id = NEW_ENTRY): string
+    {
+        $data = [];
 
-			$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
-		}
+        $data['employees'] = [];
+        foreach ($this->employee->get_all()->getResult() as $employee) {
+            foreach (get_object_vars($employee) as $property => $value) {
+                $employee->$property = $value;
+            }
 
-		$cash_ups_info = $this->cashup->get_info($cashup_id);
+            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        }
 
-		foreach(get_object_vars($cash_ups_info) as $property => $value)
-		{
-			$cash_ups_info->$property = $value;
-		}
+        $cash_ups_info = $this->cashup->get_info($cashup_id);
 
-		// open cashup
-		if($cash_ups_info->cashup_id == NEW_ENTRY)
-		{
-			$cash_ups_info->open_date = date('Y-m-d H:i:s');
-			$cash_ups_info->close_date = $cash_ups_info->open_date;
-			$cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
-			$cash_ups_info->close_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
-		}
-		// if all the amounts are null or 0 that means it's a close cashup
-		elseif(floatval($cash_ups_info->closed_amount_cash) == 0
-			&& floatval($cash_ups_info->closed_amount_due) == 0
-			&& floatval($cash_ups_info->closed_amount_card) == 0
-			&& floatval($cash_ups_info->closed_amount_check) == 0)
-		{
-			// set the close date and time to the actual as this is a close session
-			$cash_ups_info->close_date = date('Y-m-d H:i:s');
+        foreach (get_object_vars($cash_ups_info) as $property => $value) {
+            $cash_ups_info->$property = $value;
+        }
 
-			// the closed amount starts with the open amount -/+ any trasferred amount
-			$cash_ups_info->closed_amount_cash = $cash_ups_info->open_amount_cash + $cash_ups_info->transfer_amount_cash;
+        // Open cashup
+        if ($cash_ups_info->cashup_id == NEW_ENTRY) {
+            $cash_ups_info->open_date = date('Y-m-d H:i:s');
+            $cash_ups_info->close_date = $cash_ups_info->open_date;
+            $cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+            $cash_ups_info->close_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        }
+        // If all the amounts are null or 0 that means it's a close cashup
+        elseif (
+            floatval($cash_ups_info->closed_amount_cash) == 0
+            && floatval($cash_ups_info->closed_amount_due) == 0
+            && floatval($cash_ups_info->closed_amount_card) == 0
+            && floatval($cash_ups_info->closed_amount_check) == 0
+        ) {
+            // Set the close date and time to the actual as this is a close session
+            $cash_ups_info->close_date = date('Y-m-d H:i:s');
 
-			// if it's date mode only and not date & time truncate the open and end date to date only
-			if(empty($this->config['date_or_time_format']))
-			{
-				if($cash_ups_info->open_date != null)
-				{
-					$start_date = substr($cash_ups_info->open_date, 0, 10);
-				}
-				else
-				{
-					$start_date = null;
-				}
-				if($cash_ups_info->close_date != null)
-				{
-					$end_date = substr($cash_ups_info->close_date, 0, 10);
-				}
-				else
-				{
-					$end_date = null;
-				}
-				// search for all the payments given the time range
-				$inputs = [
-					'start_date' => $start_date,
-					'end_date' => $end_date,
-					'sale_type' => 'complete',
-					'location_id' => 'all'
-				];
-			}
-			else
-			{
-				// search for all the payments given the time range
-				$inputs = [
-					'start_date' => $cash_ups_info->open_date,
-					'end_date' => $cash_ups_info->close_date,
-					'sale_type' => 'complete',
-					'location_id' => 'all'
-				];
-			}
+            // The closed amount starts with the open amount -/+ any trasferred amount
+            $cash_ups_info->closed_amount_cash = $cash_ups_info->open_amount_cash + $cash_ups_info->transfer_amount_cash;
 
-			// get all the transactions payment summaries
-			$reports_data = $this->summary_payments->getData($inputs);
+            // If it's date mode only and not date & time truncate the open and end date to date only
+            if (empty($this->config['date_or_time_format'])) {
+                if ($cash_ups_info->open_date != null) {
+                    $start_date = substr($cash_ups_info->open_date, 0, 10);
+                } else {
+                    $start_date = null;
+                }
+                if ($cash_ups_info->close_date != null) {
+                    $end_date = substr($cash_ups_info->close_date, 0, 10);
+                } else {
+                    $end_date = null;
+                }
+                // Search for all the payments given the time range
+                $inputs = [
+                    'start_date'  => $start_date,
+                    'end_date'    => $end_date,
+                    'sale_type'   => 'complete',
+                    'location_id' => 'all'
+                ];
+            } else {
+                // Search for all the payments given the time range
+                $inputs = [
+                    'start_date'  => $cash_ups_info->open_date,
+                    'end_date'    => $cash_ups_info->close_date,
+                    'sale_type'   => 'complete',
+                    'location_id' => 'all'
+                ];
+            }
 
-			foreach($reports_data as $row)
-			{
-				if($row['trans_group'] == lang('Reports.trans_payments'))
-				{
-					if($row['trans_type'] == lang('Sales.cash'))
-					{
-						$cash_ups_info->closed_amount_cash += $row['trans_amount'];
-					}
-					elseif($row['trans_type'] == lang('Sales.due'))
-					{
-						$cash_ups_info->closed_amount_due += $row['trans_amount'];
-					}
-					elseif($row['trans_type'] == lang('Sales.debit') ||
-						$row['trans_type'] == lang('Sales.credit'))
-					{
-						$cash_ups_info->closed_amount_card += $row['trans_amount'];
-					}
-					elseif($row['trans_type'] == lang('Sales.check'))
-					{
-						$cash_ups_info->closed_amount_check += $row['trans_amount'];
-					}
-				}
-			}
+            // Get all the transactions payment summaries
+            $reports_data = $this->summary_payments->getData($inputs);
 
-			// lookup expenses paid in cash
-			$filters = [
-						 'only_cash' => true,
-						 'only_due' => false,
-						 'only_check' => false,
-						 'only_credit' => false,
-						 'only_debit' => false,
-						 'is_deleted' => false
-			];
+            foreach ($reports_data as $row) {
+                if ($row['trans_group'] == lang('Reports.trans_payments')) {
+                    if ($row['trans_type'] == lang('Sales.cash')) {
+                        $cash_ups_info->closed_amount_cash += $row['trans_amount'];
+                    } elseif ($row['trans_type'] == lang('Sales.due')) {
+                        $cash_ups_info->closed_amount_due += $row['trans_amount'];
+                    } elseif (
+                        $row['trans_type'] == lang('Sales.debit') ||
+                        $row['trans_type'] == lang('Sales.credit')
+                    ) {
+                        $cash_ups_info->closed_amount_card += $row['trans_amount'];
+                    } elseif ($row['trans_type'] == lang('Sales.check')) {
+                        $cash_ups_info->closed_amount_check += $row['trans_amount'];
+                    }
+                }
+            }
 
-			$payments = $this->expense->get_payments_summary('', array_merge($inputs, $filters));
+            // Lookup expenses paid in cash
+            $filters = [
+                'only_cash'   => true,
+                'only_due'    => false,
+                'only_check'  => false,
+                'only_credit' => false,
+                'only_debit'  => false,
+                'is_deleted'  => false
+            ];
 
-			foreach($payments as $row)
-			{
-				$cash_ups_info->closed_amount_cash -= $row['amount'];
-			}
+            $payments = $this->expense->get_payments_summary('', array_merge($inputs, $filters));
 
-			$cash_ups_info->closed_amount_total = $this->_calculate_total($cash_ups_info->open_amount_cash, $cash_ups_info->transfer_amount_cash, $cash_ups_info->closed_amount_cash, $cash_ups_info->closed_amount_due, $cash_ups_info->closed_amount_card, $cash_ups_info->closed_amount_check);
-		}
+            foreach ($payments as $row) {
+                $cash_ups_info->closed_amount_cash -= $row['amount'];
+            }
 
-		$data['cash_ups_info'] = $cash_ups_info;
+            $cash_ups_info->closed_amount_total = $this->_calculate_total($cash_ups_info->open_amount_cash, $cash_ups_info->transfer_amount_cash, $cash_ups_info->closed_amount_cash, $cash_ups_info->closed_amount_due, $cash_ups_info->closed_amount_card, $cash_ups_info->closed_amount_check);
+        }
 
-		echo view("cashups/form", $data);
-	}
+        $data['cash_ups_info'] = $cash_ups_info;
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$cash_ups_info = $this->cashup->get_info($row_id);
-		$data_row = get_cash_up_data_row($cash_ups_info);
+        return view("cashups/form", $data);
+    }
 
-		echo json_encode($data_row);
-	}
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $cash_ups_info = $this->cashup->get_info($row_id);
+        $data_row = get_cash_up_data_row($cash_ups_info);
 
-	/**
-	 * @param int $cashup_id
-	 * @return void
-	 */
-	public function postSave(int $cashup_id = NEW_ENTRY): void
-	{
-		$open_date = $this->request->getPost('open_date');
-		$open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
+        return $this->response->setJSON($data_row);
+    }
 
-		$close_date = $this->request->getPost('close_date');
-		$close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date);
+    /**
+     * @param int $cashup_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $cashup_id = NEW_ENTRY): ResponseInterface
+    {
+        $open_date = $this->request->getPost('open_date');
+        $open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
 
-		$open_amount_cash = prepare_decimal($this->request->getPost('open_amount_cash'));
-		$transfer_amount_cash = prepare_decimal($this->request->getPost('transfer_amount_cash'));
-		$closed_amount_cash = prepare_decimal($this->request->getPost('closed_amount_cash'));
-		$closed_amount_due = prepare_decimal($this->request->getPost('closed_amount_due'));
-		$closed_amount_card = prepare_decimal($this->request->getPost('closed_amount_card'));
-		$closed_amount_check = prepare_decimal($this->request->getPost('closed_amount_check'));
-		$closed_amount_total = prepare_decimal($this->request->getPost('closed_amount_total'));
+        $close_date = $this->request->getPost('close_date');
+        $close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date);
 
-		$cash_up_data = [
-			'open_date' => $open_date_formatter->format('Y-m-d H:i:s'),
-			'close_date' => $close_date_formatter->format('Y-m-d H:i:s'),
-			'open_amount_cash' => parse_decimals(filter_var($open_amount_cash, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'transfer_amount_cash' => parse_decimals(filter_var($transfer_amount_cash, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'closed_amount_cash' => parse_decimals(filter_var($closed_amount_cash, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'closed_amount_due' => parse_decimals(filter_var($closed_amount_due, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'closed_amount_card' => parse_decimals(filter_var($closed_amount_card, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'closed_amount_check' => parse_decimals(filter_var($closed_amount_check, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'closed_amount_total' => parse_decimals(filter_var($closed_amount_total, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
-			'note' => $this->request->getPost('note') != null,
-			'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'open_employee_id' => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
-			'close_employee_id' => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
-			'deleted' => $this->request->getPost('deleted') != null
-		];
+        $cash_up_data = [
+            'open_date'            => $open_date_formatter->format('Y-m-d H:i:s'),
+            'close_date'           => $close_date_formatter->format('Y-m-d H:i:s'),
+            'open_amount_cash'     => parse_decimals($this->request->getPost('open_amount_cash')),
+            'transfer_amount_cash' => parse_decimals($this->request->getPost('transfer_amount_cash')),
+            'closed_amount_cash'   => parse_decimals($this->request->getPost('closed_amount_cash')),
+            'closed_amount_due'    => parse_decimals($this->request->getPost('closed_amount_due')),
+            'closed_amount_card'   => parse_decimals($this->request->getPost('closed_amount_card')),
+            'closed_amount_check'  => parse_decimals($this->request->getPost('closed_amount_check')),
+            'closed_amount_total'  => parse_decimals($this->request->getPost('closed_amount_total')),
+            'note'                 => $this->request->getPost('note') != null,
+            'description'          => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'open_employee_id'     => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'close_employee_id'    => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'deleted'              => $this->request->getPost('deleted') != null
+        ];
 
-		if($this->cashup->save_value($cash_up_data, $cashup_id))
-		{
-			//New cashup_id
-			if($cashup_id == NEW_ENTRY)
-			{
-				echo json_encode(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
-			}
-			else // Existing Cashup
-			{
-				echo json_encode(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
-			}
-		}
-		else//failure
-		{
-			echo json_encode(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
-		}
-	}
+        if ($this->cashup->save_value($cash_up_data, $cashup_id)) {
+            // New cashup_id
+            if ($cashup_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
+            } else { // Existing Cashup
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
+            }
+        } else { // Failure
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		if($this->cashup->delete_list($cash_ups_to_delete))
-		{
-			echo json_encode(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
-		}
-		else
-		{
-			echo json_encode(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
-		}
-	}
+        if ($this->cashup->delete_list($cash_ups_to_delete)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
+        }
+    }
 
-	/**
-	 * Calculate the total for cashups. Used in app\Views\cashups\form.php
-	 *
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function ajax_cashup_total(): void
-	{
-		$raw_open_amount_cash = $this->request->getPost('open_amount_cash');
-		$raw_transfer_amount_cash = $this->request->getPost('transfer_amount_cash');
-		$raw_closed_amount_cash = $this->request->getPost('closed_amount_cash');
-		$raw_closed_amount_due = $this->request->getPost('closed_amount_due');
-		$raw_closed_amount_card = $this->request->getPost('closed_amount_card');
-		$raw_closed_amount_check = $this->request->getPost('closed_amount_check');
+    /**
+     * Calculate the total for cashups. Used in app\Views\cashups\form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postAjax_cashup_total(): ResponseInterface
+    {
+        $open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
+        $transfer_amount_cash = parse_decimals($this->request->getPost('transfer_amount_cash'));
+        $closed_amount_cash = parse_decimals($this->request->getPost('closed_amount_cash'));
+        $closed_amount_due = parse_decimals($this->request->getPost('closed_amount_due'));
+        $closed_amount_card = parse_decimals($this->request->getPost('closed_amount_card'));
+        $closed_amount_check = parse_decimals($this->request->getPost('closed_amount_check'));
 
-		$open_amount_cash = parse_decimals(filter_var(prepare_decimal($raw_open_amount_cash), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		$transfer_amount_cash = parse_decimals(filter_var(prepare_decimal($raw_transfer_amount_cash), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		$closed_amount_cash = parse_decimals(filter_var(prepare_decimal($raw_closed_amount_cash), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		$closed_amount_due = parse_decimals(filter_var(prepare_decimal($raw_closed_amount_due), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		$closed_amount_card = parse_decimals(filter_var(prepare_decimal($raw_closed_amount_card), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		$closed_amount_check = parse_decimals(filter_var(prepare_decimal($raw_closed_amount_check), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
+        $total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check);    // TODO: hungarian notation
 
-		$total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check);	//TODO: hungarian notation
+        return $this->response->setJSON(['total' => to_currency_no_money($total)]);
+    }
 
-		echo json_encode(['total' => to_currency_no_money($total)]);
-	}
-
-	/**
-	* Calculate total
-	*/
-	private function _calculate_total(float $open_amount_cash, float $transfer_amount_cash, float $closed_amount_due, float $closed_amount_cash, float $closed_amount_card, $closed_amount_check): float	//TODO: need to get rid of hungarian notation here. Also, the signature is pretty long.  Perhaps they need to go into an object or array?
-	{
-		return ($closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check);
-	}
+    /**
+     * Calculate total
+     */
+    private function _calculate_total(float $open_amount_cash, float $transfer_amount_cash, float $closed_amount_due, float $closed_amount_cash, float $closed_amount_card, $closed_amount_check): float    // TODO: need to get rid of hungarian notation here. Also, the signature is pretty long.  Perhaps they need to go into an object or array?
+    {
+        return ($closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check);
+    }
 }

app/Controllers/Employees.php

@@ -3,6 +3,8 @@
 namespace App\Controllers;
 
 use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 /**
  *
@@ -12,220 +14,246 @@ use App\Models\Module;
  */
 class Employees extends Persons
 {
-	public function __construct()
-	{
-		parent::__construct('employees');
+    public function __construct()
+    {
+        parent::__construct('employees');
 
-		$this->module = model('Module');
-	}
+        $this->module = model('Module');
+    }
 
-	/**
-	 * Returns employee table data rows. This will be called with AJAX.
-	 *
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns employee table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(person_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$employees = $this->employee->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->employee->get_found_rows($search);
+        $employees = $this->employee->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->employee->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($employees->getResult() as $person)
-		{
-			$data_rows[] = get_person_data_row($person);
-		}
+        $data_rows = [];
+        foreach ($employees->getResult() as $person) {
+            $data_rows[] = get_person_data_row($person);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * AJAX called function gives search suggestions based on what is being searched for.
-	 *
-	 * @return void
-	 */
-	public function getSuggest(): void
-	{
-		$suggestions = $this->employee->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 25, true);
+    /**
+     * AJAX called function gives search suggestions based on what is being searched for.
+     *
+     * @return ResponseInterface
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->employee->get_search_suggestions($search, 25, true);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function suggest_search(): void
-	{
-		$suggestions = $this->employee->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->employee->get_search_suggestions($search);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * Loads the employee edit form
-	 */
-	public function getView(int $employee_id = NEW_ENTRY): void
-	{
-		$person_info = $this->employee->get_info($employee_id);
-		foreach(get_object_vars($person_info) as $property => $value)
-		{
-			$person_info->$property = $value;
-		}
-		$data['person_info'] = $person_info;
-		$data['employee_id'] = $employee_id;
+    /**
+     * Loads the employee edit form
+     * @return string
+     */
+    public function getView(int $employee_id = NEW_ENTRY): string
+    {
+        $person_info = $this->employee->get_info($employee_id);
+        $current_user = $this->employee->get_logged_in_employee_info();
 
-		$modules = [];
-		foreach($this->module->get_all_modules()->getResult() as $module)
-		{
-			$module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
-			$module->menu_group = $this->employee->get_menu_group($module->module_id, $person_info->person_id);
+        if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
+            header('Location: ' . base_url('no_access/employees/employees'));
+            exit();
+        }
 
-			$modules[] = $module;
-		}
-		$data['all_modules'] = $modules;
+        foreach (get_object_vars($person_info) as $property => $value) {
+            $person_info->$property = $value;
+        }
+        $data['person_info'] = $person_info;
+        $data['employee_id'] = $employee_id;
 
-		$permissions = [];
-		foreach($this->module->get_all_subpermissions()->getResult() as $permission)	//TODO: subpermissions does not follow naming standards.
-		{
-			$permission->permission_id = str_replace(' ', '_', $permission->permission_id);
-			$permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
+        $modules = [];
+        foreach ($this->module->get_all_modules()->getResult() as $module) {
+            $module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
+            $module->menu_group = $this->employee->get_menu_group($module->module_id, $person_info->person_id);
 
-			$permissions[] = $permission;
-		}
-		$data['all_subpermissions'] = $permissions;
+            $modules[] = $module;
+        }
+        $data['all_modules'] = $modules;
 
-		echo view('employees/form', $data);
-	}
+        $permissions = [];
+        foreach ($this->module->get_all_subpermissions()->getResult() as $permission) {    // TODO: subpermissions does not follow naming standards.
+            $permission->permission_id = str_replace(' ', '_', $permission->permission_id);
+            $permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
 
-	/**
-	 * Inserts/updates an employee
-	 */
-	public function postSave(int $employee_id = NEW_ENTRY): void
-	{
-		$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);	//TODO: duplicated code
-		$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+            $permissions[] = $permission;
+        }
+        $data['all_subpermissions'] = $permissions;
 
-		// format first and last name properly
-		$first_name = $this->nameize($first_name);
-		$last_name = $this->nameize($last_name);
+        return view('employees/form', $data);
+    }
 
-		$person_data = [
-			'first_name' => $first_name,
-			'last_name' => $last_name,
-			'gender' => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
-			'email' => $email,
-			'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-		];
+    /**
+     * Inserts/updates an employee
+     * @return ResponseInterface
+     */
+    public function postSave(int $employee_id = NEW_ENTRY): ResponseInterface
+    {
+        $current_user = $this->employee->get_logged_in_employee_info();
 
-		$grants_array = [];
-		foreach($this->module->get_all_permissions()->getResult() as $permission)
-		{
-			$grants = [];
-			$grant = $this->request->getPost('grant_'.$permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
+        if ($employee_id != NEW_ENTRY) {
+            $target_employee = $this->employee->get_info($employee_id);
+            if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
+                return $this->response->setJSON([
+                    'success' => false,
+                    'message' => lang('Employees.error_updating_admin'),
+                    'id'      => NEW_ENTRY
+                ]);
+            }
+        }
 
-			if($grant == $permission->permission_id)
-			{
-				$grants['permission_id'] = $permission->permission_id;
-				$grants['menu_group'] = $this->request->getPost('menu_group_'.$permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
-				$grants_array[] = $grants;
-			}
-		}
+        $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: duplicated code
+        $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
 
-		//Password has been changed OR first time password set
-		if(!empty($this->request->getPost('password')) && ENVIRONMENT != 'testing')
-		{
-			$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
-			$employee_data = [
-				'username' 	=> $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-				'password' 	=> password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
-				'hash_version' 	=> 2,
-				'language_code' => $exploded[0],
-				'language' 	=> $exploded[1]
-			];
-		}
-		else //Password not changed
-		{
-			$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
-			$employee_data = [
-				'username' 	=> $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-				'language_code'	=> $exploded[0],
-				'language' 	=> $exploded[1]
-			];
-		}
+        // format first and last name properly
+        $first_name = $this->nameize($first_name);
+        $last_name = $this->nameize($last_name);
 
-		if($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id))
-		{
-			// New employee
-			if($employee_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
-					'id' => $employee_data['person_id']
-				]);
-			}
-			else // Existing employee
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
-					'id' => $employee_id
-				]);
-			}
-		}
-		else // Failure
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        $person_data = [
+            'first_name'   => $first_name,
+            'last_name'    => $last_name,
+            'gender'       => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
+            'email'        => $email,
+            'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_1'    => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_2'    => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'city'         => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'state'        => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'zip'          => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'country'      => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
 
-	/**
-	 * This deletes employees from the employees table
-	 */
-	public function postDelete(): void
-	{
-		$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $grants_array = [];
+        $isAdmin = $this->employee->isAdmin($current_user->person_id);
 
-		if($this->employee->delete_list($employees_to_delete))	//TODO: this is passing a string, but delete_list expects an array
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
-		}
-	}
+        foreach ($this->module->get_all_permissions()->getResult() as $permission) {
+            $grants = [];
+            $grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
 
-	/**
-	 * Checks an employee username against the database. Used in app\Views\employees\form.php
-	 *
-	 * @param $employee_id
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function getCheckUsername($employee_id): void
-	{
-		$exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
-		echo !$exists ? 'true' : 'false';
-	}
+            if ($grant == $permission->permission_id) {
+                if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
+                    continue;
+                }
+                $grants['permission_id'] = $permission->permission_id;
+                $grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
+                $grants_array[] = $grants;
+            }
+        }
+
+        // Password has been changed OR first time password set
+        if (!empty($this->request->getPost('password')) && ENVIRONMENT != 'testing') {
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+            $employee_data = [
+                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                'password'      => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
+                'hash_version'  => 2,
+                'language_code' => $exploded[0],
+                'language'      => $exploded[1]
+            ];
+        } else { // Password not changed
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+            $employee_data = [
+                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                'language_code' => $exploded[0],
+                'language'      => $exploded[1]
+            ];
+        }
+
+        if ($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id)) {
+            // New employee
+            if ($employee_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $employee_data['person_id']
+                ]);
+            } else { // Existing employee
+                $logged_in_employee_id = session()->get('person_id');
+                if ($employee_id == $logged_in_employee_id) {
+                    session()->set('language_code', $employee_data['language_code']);
+                    session()->set('language', $employee_data['language']);
+                }
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $employee_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * This deletes employees from the employees table
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if (!$this->employee->isAdmin($current_user->person_id)) {
+            foreach ($employees_to_delete as $emp_id) {
+                if ($this->employee->isAdmin((int)$emp_id)) {
+                    return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
+                }
+            }
+        }
+
+        if ($this->employee->delete_list($employees_to_delete)) {    // TODO: this is passing a string, but delete_list expects an array
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
+        }
+    }
+
+    /**
+     * Checks an employee username against the database. Used in app\Views\employees\form.php
+     *
+     * @param $employee_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getCheckUsername($employee_id): ResponseInterface
+    {
+        $exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
 }

app/Controllers/Expenses.php

@@ -4,220 +4,212 @@ namespace App\Controllers;
 
 use App\Models\Expense;
 use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;
 
 class Expenses extends Secure_Controller
 {
-	private Expense $expense;
-	private Expense_category $expense_category;
+    private Expense $expense;
+    private Expense_category $expense_category;
 
-	public function __construct()
-	{
-		parent::__construct('expenses');
+    public function __construct()
+    {
+        parent::__construct('expenses');
 
-		$this->expense = model(Expense::class);
-		$this->expense_category = model(Expense_category::class);
-	}
+        $this->expense = model(Expense::class);
+        $this->expense_category = model(Expense_category::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_expenses_manage_table_headers();
+    /**
+     * @return void
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_expenses_manage_table_headers();
 
-		// filters that will be loaded in the multiselect dropdown
-		$data['filters'] = [
-			'only_cash' => lang('Expenses.cash_filter'),
-			'only_due' => lang('Expenses.due_filter'),
-			'only_check' => lang('Expenses.check_filter'),
-			'only_credit' => lang('Expenses.credit_filter'),
-			'only_debit' => lang('Expenses.debit_filter'),
-			'is_deleted' => lang('Expenses.is_deleted')
-		];
+        // filters that will be loaded in the multiselect dropdown
+        $data['filters'] = [
+            'only_cash'   => lang('Expenses.cash_filter'),
+            'only_due'    => lang('Expenses.due_filter'),
+            'only_check'  => lang('Expenses.check_filter'),
+            'only_credit' => lang('Expenses.credit_filter'),
+            'only_debit'  => lang('Expenses.debit_filter'),
+            'is_deleted'  => lang('Expenses.is_deleted')
+        ];
 
-		echo view('expenses/manage', $data);
-	}
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
 
-	/**
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search   = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit    = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset   = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort     = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order    = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$filters  = [
-			'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'only_cash' => false,
-			'only_due' => false,
-			'only_check' => false,
-			'only_credit' => false,
-			'only_debit' => false,
-			'is_deleted' => false
-		];
+        return view('expenses/manage', $data);
+    }
 
-		// check if any filter is set in the multiselect dropdown
-		$request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
-		$filters = array_merge($filters, $request_filters);
-		$expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
-		$total_rows = $this->expense->get_found_rows($search, $filters);
-		$payments = $this->expense->get_payments_summary($search, $filters);
-		$payment_summary = get_expenses_manage_payments_summary($payments, $expenses);
-		$data_rows = [];
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search   = $this->request->getGet('search');
+        $limit    = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset   = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort     = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
+        $order    = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $filters  = [
+            'start_date'  => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'end_date'    => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'only_cash'   => false,
+            'only_due'    => false,
+            'only_check'  => false,
+            'only_credit' => false,
+            'only_debit'  => false,
+            'is_deleted'  => false
+        ];
 
-		foreach($expenses->getResult() as $expense)
-		{
-			$data_rows[] = get_expenses_data_row($expense);
-		}
+        // Check if any filter is set in the multiselect dropdown
+        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
+        $filters = array_merge($filters, $request_filters);
+        $expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->expense->get_found_rows($search, $filters);
+        $payments = $this->expense->get_payments_summary($search, $filters);
+        $payment_summary = get_expenses_manage_payments_summary($payments, $expenses);
+        $data_rows = [];
 
-		if($total_rows > 0)
-		{
-			$data_rows[] = get_expenses_data_last_row($expenses);
-		}
+        foreach ($expenses->getResult() as $expense) {
+            $data_rows[] = get_expenses_data_row($expense);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
-	}
+        if ($total_rows > 0) {
+            $data_rows[] = get_expenses_data_last_row($expenses);
+        }
 
-	/**
-	 * @param int $expense_id
-	 * @return void
-	 */
-	public function getView(int $expense_id = NEW_ENTRY): void
-	{
-		$data = [];	//TODO: Duplicated code
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
+    }
 
-		$data['employees'] = [];
-		foreach($this->employee->get_all()->getResult() as $employee)
-		{
-			foreach(get_object_vars($employee) as $property => $value)
-			{
-				$employee->$property = $value;
-			}
+    /**
+     * @param int $expense_id
+     * @return void
+     */
+    public function getView(int $expense_id = NEW_ENTRY): string
+    {
+        $data = [];    // TODO: Duplicated code
 
-			$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
-		}
+        $data['expenses_info'] = $this->expense->get_info($expense_id);
+        $expense_id = $data['expenses_info']->expense_id;
 
-		$data['expenses_info'] = $this->expense->get_info($expense_id);
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
 
-		$expense_categories = [];
-		foreach($this->expense_category->get_all(0, 0, true)->getResultArray() as $row)
-		{
-			$expense_categories[$row['expense_category_id']] = $row['category_name'];
-		}
-		$data['expense_categories'] = $expense_categories;
+        $data['employees'] = [];
+        if ($can_assign_employee) {
+            foreach ($this->employee->get_all()->getResult() as $employee) {
+                $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+            }
+        } else {
+            $stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
+            $stored_employee = $this->employee->get_info($stored_employee_id);
+            $data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
+        }
+        $data['can_assign_employee'] = $can_assign_employee;
 
-		$expense_id = $data['expenses_info']->expense_id;
+        $expense_categories = [];
+        foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
+            $expense_categories[$row['expense_category_id']] = $row['category_name'];
+        }
+        $data['expense_categories'] = $expense_categories;
 
-		if($expense_id == NEW_ENTRY)
-		{
-			$data['expenses_info']->date = date('Y-m-d H:i:s');
-			$data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
-		}
+        if ($expense_id == NEW_ENTRY) {
+            $data['expenses_info']->date = date('Y-m-d H:i:s');
+            $data['expenses_info']->employee_id = $current_employee_id;
+        }
 
-		$data['payments'] = [];
-		foreach($this->expense->get_expense_payment($expense_id)->getResult() as $payment)
-		{
-			foreach(get_object_vars($payment) as $property => $value)
-			{
-				$payment->$property = $value;
-			}
+        $data['payments'] = [];
+        foreach ($this->expense->get_expense_payment($expense_id)->getResult() as $payment) {
+            foreach (get_object_vars($payment) as $property => $value) {
+                $payment->$property = $value;
+            }
 
-			$data['payments'][] = $payment;
-		}
+            $data['payments'][] = $payment;
+        }
 
-		// don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
-		$data['payment_options'] = $this->expense->get_payment_options();
+        // Don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
+        $data['payment_options'] = $this->expense->get_payment_options();
 
-		echo view("expenses/form", $data);
-	}
+        return view("expenses/form", $data);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$expense_info = $this->expense->get_info($row_id);
-		$data_row = get_expenses_data_row($expense_info);
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $expense_info = $this->expense->get_info($row_id);
+        $data_row = get_expenses_data_row($expense_info);
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $expense_id
-	 * @return void
-	 */
-	public function postSave(int $expense_id = NEW_ENTRY): void
-	{
-		$config = config(OSPOS::class)->settings;
-		$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * @param int $expense_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $expense_id = NEW_ENTRY): ResponseInterface
+    {
+        $config = config(OSPOS::class)->settings;
+        $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
-		$amount = prepare_decimal($this->request->getPost('amount'));
-		$tax_amount = prepare_decimal($this->request->getPost('tax_amount'));
+        $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
 
-		$expense_data = [
-			'date' => $date_formatter->format('Y-m-d H:i:s'),
-			'supplier_id' => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
-			'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'amount' => filter_var($amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
-			'tax_amount' => filter_var($tax_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
-			'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
-			'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
-			'deleted' => $this->request->getPost('deleted') != null
-		];
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
 
-		if($this->expense->save_value($expense_data, $expense_id))
-		{
-			//New Expense
-			if($expense_id == NEW_ENTRY)
-			{
-				echo json_encode (['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
-			}
-			else // Existing Expense
-			{
-				echo json_encode (['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
-			}
-		}
-		else//failure
-		{
-			echo json_encode (['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
-		}
-	}
+        if (!$this->employee->has_grant('employees', $current_employee_id)) {
+            if ($expense_id == NEW_ENTRY) {
+                $employee_id = $current_employee_id;
+            } else {
+                $existing_expense = $this->expense->get_info($expense_id);
+                $employee_id = $existing_expense->employee_id;
+            }
+        } else {
+            $employee_id = $submitted_employee_id;
+        }
 
-	/**
-	 * Checks the expense amount for validity. Used in app\Views\expenses\form.php
-	 *
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function ajax_check_amount(): void
-	{
-		$value = $this->request->getPost();
-		$parsed_value = filter_var(prepare_decimal(array_pop($value)), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-		echo json_encode (['success' => $parsed_value !== false]);
-	}
+        $expense_data = [
+            'date'                => $date_formatter->format('Y-m-d H:i:s'),
+            'supplier_id'         => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
+            'supplier_tax_code'   => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'amount'              => parse_decimals($this->request->getPost('amount')),
+            'tax_amount'          => parse_decimals($this->request->getPost('tax_amount')),
+            'payment_type'        => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
+            'description'         => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'employee_id'         => $employee_id,
+            'deleted'             => $this->request->getPost('deleted') != null
+        ];
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        if ($this->expense->save_value($expense_data, $expense_id)) {
+            // New Expense
+            if ($expense_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
+            } else { // Existing Expense
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
+            }
+        } else { // Failure
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
+        }
+    }
 
-		if($this->expense->delete_list($expenses_to_delete))
-		{
-			echo json_encode (['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
-		}
-	}
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->expense->delete_list($expenses_to_delete)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
+        }
+    }
 }

app/Controllers/Expenses_categories.php

@@ -3,131 +3,123 @@
 namespace App\Controllers;
 
 use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
-class Expenses_categories extends Secure_Controller	//TODO: Is this class ever used?
+class Expenses_categories extends Secure_Controller    // TODO: Is this class ever used?
 {
-	private Expense_category $expense_category;
+    private Expense_category $expense_category;
 
-	public function __construct()
-	{
-		parent::__construct('expenses_categories');
+    public function __construct()
+    {
+        parent::__construct('expenses_categories');
 
-		$this->expense_category = model(Expense_category::class);
-	}
+        $this->expense_category = model(Expense_category::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_expense_category_manage_table_headers();
+    /**
+     * @return void
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_expense_category_manage_table_headers();
 
-		 echo view('expenses_categories/manage', $data);
-	}
+        return view('expenses_categories/manage', $data);
+    }
 
-	/**
-	 * Returns expense_category_manage table data rows. This will be called with AJAX.
-	 **/
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns expense_category_manage table data rows. This will be called with AJAX.
+     **/
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(expense_category_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_category_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->expense_category->get_found_rows($search);
+        $expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->expense_category->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($expense_categories->getResult() as $expense_category)
-		{
-			$data_rows[] = get_expense_category_data_row($expense_category);
-		}
+        $data_rows = [];
+        foreach ($expense_categories->getResult() as $expense_category) {
+            $data_rows[] = get_expense_category_data_row($expense_category);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));
+    /**
+     * @param int $row_id
+     * @return void
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $expense_category_id
-	 * @return void
-	 */
-	public function getView(int $expense_category_id = NEW_ENTRY): void
-	{
-		$data['category_info'] = $this->expense_category->get_info($expense_category_id);
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function getView(int $expense_category_id = NEW_ENTRY): string
+    {
+        $data['category_info'] = $this->expense_category->get_info($expense_category_id);
 
-		echo view("expenses_categories/form", $data);
-	}
+        return view("expenses_categories/form", $data);
+    }
 
-	/**
-	 * @param int $expense_category_id
-	 * @return void
-	 */
-	public function postSave(int $expense_category_id = NEW_ENTRY): void
-	{
-		$expense_category_data = [
-			'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-		];
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function postSave(int $expense_category_id = NEW_ENTRY): ResponseInterface
+    {
+        $expense_category_data = [
+            'category_name'        => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
 
-		if($this->expense_category->save_value($expense_category_data, $expense_category_id))
-		{
-			// New expense_category
-			if($expense_category_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Expenses_categories.successful_adding'),
-					'id' => $expense_category_data['expense_category_id']
-				]);
-			}
-			else // Existing Expense Category
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Expenses_categories.successful_updating'),
-					'id' => $expense_category_id
-				]);
-			}
-		}
-		else//failure
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->expense_category->save_value($expense_category_data, $expense_category_id)) {
+            // New expense_category
+            if ($expense_category_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Expenses_categories.successful_adding'),
+                    'id'      => $expense_category_data['expense_category_id']
+                ]);
+            } else { // Existing Expense Category
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Expenses_categories.successful_updating'),
+                    'id'      => $expense_category_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * @return void
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		if($this->expense_category->delete_list($expense_category_to_delete))	//TODO: Convert to ternary notation.
-		{
-			echo json_encode([
-				'success' => true,
-				'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
-		}
-	}
+        if ($this->expense_category->delete_list($expense_category_to_delete)) {    // TODO: Convert to ternary notation.
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/Giftcards.php

@@ -3,194 +3,186 @@
 namespace App\Controllers;
 
 use App\Models\Giftcard;
+use CodeIgniter\HTTP\ResponseInterface;
 use Config\OSPOS;
+use Config\Services;
 
 class Giftcards extends Secure_Controller
 {
-	private Giftcard $giftcard;
+    private Giftcard $giftcard;
 
-	public function __construct()
-	{
-		parent::__construct('giftcards');
+    public function __construct()
+    {
+        parent::__construct('giftcards');
 
-		$this->giftcard = model(Giftcard::class);
-	}
+        $this->giftcard = model(Giftcard::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_giftcards_manage_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_giftcards_manage_table_headers();
 
-		echo view('giftcards/manage', $data);
-	}
+        return view('giftcards/manage', $data);
+    }
 
-	/**
-	 * Returns Giftcards table data rows. This will be called with AJAX.
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns Giftcards table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(giftcard_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'giftcard_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->giftcard->get_found_rows($search);
+        $giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->giftcard->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($giftcards->getResult() as $giftcard)
-		{
-			$data_rows[] = get_giftcard_data_row($giftcard);
-		}
+        $data_rows = [];
+        foreach ($giftcards->getResult() as $giftcard) {
+            $data_rows[] = get_giftcard_data_row($giftcard);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * Gets search suggestions for giftcards. Used in app\Views\sales\register.php
-	 *
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function getSuggest(): void
-	{
-		$suggestions = $this->giftcard->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true);
+    /**
+     * Gets search suggestions for giftcards. Used in app\Views\sales\register.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->giftcard->get_search_suggestions($search, true);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function suggest_search(): void
-	{
-		$suggestions = $this->giftcard->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->giftcard->get_search_suggestions($search);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $giftcard_id
-	 * @return void
-	 */
-	public function getView(int $giftcard_id = NEW_ENTRY): void
-	{
-		$config = config(OSPOS::class)->settings;
-		$giftcard_info = $this->giftcard->get_info($giftcard_id);
+    /**
+     * @param int $giftcard_id
+     * @return string
+     */
+    public function getView(int $giftcard_id = NEW_ENTRY): string
+    {
+        $config = config(OSPOS::class)->settings;
+        $giftcard_info = $this->giftcard->get_info($giftcard_id);
 
-		$data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
-		$data['selected_person_id'] = $giftcard_info->person_id;
-		if($config['giftcard_number'] == 'random')
-		{
-			$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : '';
-		}
-		else
-		{
-			$max_number_obj = $this->giftcard->get_max_number();
-			$max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0;	//TODO: variable does not follow naming standard.
-			$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $max_giftnumber + 1;
-		}
-		$data['giftcard_id'] = $giftcard_id;
-		$data['giftcard_value'] = $giftcard_info->value;
+        $data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
+        $data['selected_person_id'] = $giftcard_info->person_id;
+        if ($config['giftcard_number'] == 'random') {
+            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : '';
+        } else {
+            $max_number_obj = $this->giftcard->get_max_number();
+            $max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0;    // TODO: variable does not follow naming standard.
+            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $max_giftnumber + 1;
+        }
+        $data['giftcard_id'] = $giftcard_id;
+        $data['giftcard_value'] = $giftcard_info->value;
 
-		echo view("giftcards/form", $data);
-	}
+        return view("giftcards/form", $data);
+    }
 
-	/**
-	 * @param int $giftcard_id
-	 * @return void
-	 */
-	public function postSave(int $giftcard_id = NEW_ENTRY): void
-	{
-		$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$giftcard_amount = prepare_decimal($this->request->getPost('giftcard_amount'));
+    /**
+     * @param int $giftcard_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $giftcard_id = NEW_ENTRY): ResponseInterface
+    {
+        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		if($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '')
-		{
-			$giftcard_number = $this->giftcard->generate_unique_giftcard_name(filter_var($giftcard_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
-		}
+        if ($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') {
+            $giftcard_number = $this->giftcard->generate_unique_giftcard_name($giftcard_number);
+        }
 
-		$giftcard_data = [
-			'record_time' => date('Y-m-d H:i:s'),
-			'giftcard_number' => $giftcard_number,
-			'value' => filter_var($giftcard_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
-			'person_id' => $this->request->getPost('person_id') == '' ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT)
-		];
+        $giftcard_data = [
+            'record_time'     => date('Y-m-d H:i:s'),
+            'giftcard_number' => $giftcard_number,
+            'value'           => parse_decimals($this->request->getPost('giftcard_amount')),
+            'person_id'       => empty($this->request->getPost('person_id')) ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT)
+        ];
 
-		if($this->giftcard->save_value($giftcard_data, $giftcard_id))
-		{
-			//New giftcard
-			if($giftcard_id == NEW_ENTRY)	//TODO: Constant needed
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
-					'id' => $giftcard_data['giftcard_id']
-				]);
-			}
-			else //Existing giftcard
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
-					'id' => $giftcard_id
-				]);
-			}
-		}
-		else //failure
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->giftcard->save_value($giftcard_data, $giftcard_id)) {
+            // New giftcard
+            if ($giftcard_id == NEW_ENTRY) {    // TODO: Constant needed
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
+                    'id'      => $giftcard_data['giftcard_id']
+                ]);
+            } else { // Existing giftcard
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
+                    'id'      => $giftcard_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * Checks the giftcard number validity. Used in app\Views\giftcards\form.php
-	 *
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function postCheckNumberGiftcard(): void
-	{
-		$giftcard_amount = prepare_decimal($this->request->getPost('giftcard_amount'));
-		$parsed_value = filter_var($giftcard_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-		echo json_encode (['success' => $parsed_value !== false, 'giftcard_amount' => to_currency_no_money($parsed_value)]);
-	}
+    /**
+     * Checks the giftcard number validity. Used in app\Views\giftcards\form.php
+     *
+     * @return void
+     * @noinspection PhpUnused
+     */
+    public function postCheckNumberGiftcard(): ResponseInterface
+    {
+        $existing_id = $this->request->getPost('giftcard_id', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_id = $this->giftcard->get_giftcard_id($giftcard_number);
+        $success = ($giftcard_id == (int) $existing_id || !$giftcard_id );
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        return $this->response->setJSON($success ? 'true' : 'false');
+    }
 
-		if($this->giftcard->delete_list($giftcards_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete).' '.lang('Giftcards.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
-		}
-	}
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->giftcard->delete_list($giftcards_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/Home.php

@@ -3,100 +3,125 @@
 namespace App\Controllers;
 
 use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\ResponseInterface;
 
 class Home extends Secure_Controller
 {
-	public function __construct()
-	{
-		parent::__construct('home', null, 'home');
-	}
+    public function __construct()
+    {
+        parent::__construct('home', null, 'home');
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$logged_in = $this->employee->is_logged_in();
-		echo view('home/home');
-	}
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $logged_in = $this->employee->is_logged_in();
+        return view('home/home');
+    }
 
-	/**
-	 * Logs the currently logged in employee out of the system.  Used in app/Views/partial/header.php
-	 *
-	 * @return RedirectResponse
-	 * @noinspection PhpUnused
-	 */
-	public function getLogout(): RedirectResponse
-	{
-		$this->employee->logout();
-		return redirect()->to('login');
-	}
+    /**
+     * Logs the currently logged in employee out of the system.  Used in app/Views/partial/header.php
+     *
+     * @return RedirectResponse
+     * @noinspection PhpUnused
+     */
+    public function getLogout(): RedirectResponse
+    {
+        $this->employee->logout();
+        return redirect()->to('login');
+    }
 
-	/**
-	 * Load "change employee password" form
-	 *
-	 * @noinspection PhpUnused
-	 */
-	public function getChangePassword(int $employee_id = -1): void	//TODO: Replace -1 with a constant
-	{
-		$person_info = $this->employee->get_info($employee_id);
-		foreach(get_object_vars($person_info) as $property => $value)
-		{
-			$person_info->$property = $value;
-		}
-		$data['person_info'] = $person_info;
+    /**
+     * Load "change employee password" form
+     *
+     * @return ResponseInterface|string
+     * @noinspection PhpUnused
+     */
+    public function getChangePassword(int $employeeId = NEW_ENTRY)
+    {
+        $loggedInEmployee = $this->employee->get_logged_in_employee_info();
+        $currentPersonId = $loggedInEmployee->person_id;
 
-		echo view('home/form_change_password', $data);
-	}
+        $employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
 
-	/**
-	 * Change employee password
-	 */
-	public function save(int $employee_id = -1): void	//TODO: Replace -1 with a constant
-	{
-		if(!empty($this->request->getPost('current_password')) && $employee_id != -1)
-		{
-			if($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password')))
-			{
-				$employee_data = [
-					'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-					'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
-					'hash_version' => 2
-				];
+        if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
+            return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
+        }
 
-				if($this->employee->change_password($employee_data, $employee_id))
-				{
-					echo json_encode ([
-						'success' => true,
-						'message' => lang('Employees.successful_change_password'),
-						'id' => $employee_id
-					]);
-				}
-				else//failure
-				{//TODO: Replace -1 with constant
-					echo json_encode ([
-						'success' => false,
-						'message' => lang('Employees.unsuccessful_change_password'),
-						'id' => -1
-					]);
-				}
-			}
-			else
-			{//TODO: Replace -1 with constant
-				echo json_encode ([
-					'success' => false,
-					'message' => lang('Employees.current_password_invalid'),
-					'id' => -1
-				]);
-			}
-		}
-		else
-		{//TODO: Replace -1 with constant
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Employees.current_password_invalid'),
-				'id' => -1
-			]);
-		}
-	}
-}
+        $person_info = $this->employee->get_info($employeeId);
+        foreach (get_object_vars($person_info) as $property => $value) {
+            $person_info->$property = $value;
+        }
+        $data['person_info'] = $person_info;
+
+        return view('home/form_change_password', $data);
+    }
+
+    /**
+     * Change employee password
+     *
+     * @return ResponseInterface
+     */
+    public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
+    {
+        $currentUser = $this->employee->get_logged_in_employee_info();
+
+        $employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
+
+        if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
+            return $this->response->setStatusCode(403)->setJSON([
+                'success' => false,
+                'message' => lang('Employees.unauthorized_modify')
+            ]);
+        }
+
+        if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
+            if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
+                // Validate password length BEFORE hashing
+                $new_password = $this->request->getPost('password');
+                
+                if (strlen($new_password) < 8) {
+                    return $this->response->setJSON([
+                        'success' => false,
+                        'message' => lang('Employees.password_minlength'),
+                        'id'      => NEW_ENTRY
+                    ]);
+                }
+                
+                $employee_data = [
+                    'username'     => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                    'password'     => password_hash($new_password, PASSWORD_DEFAULT),
+                    'hash_version' => 2
+                ];
+
+                if ($this->employee->change_password($employee_data, $employeeId)) {
+                    return $this->response->setJSON([
+                        'success' => true,
+                        'message' => lang('Employees.successful_change_password'),
+                        'id'      => $employeeId
+                    ]);
+                } else {
+                    return $this->response->setJSON([
+                        'success' => false,
+                        'message' => lang('Employees.unsuccessful_change_password'),
+                        'id'      => NEW_ENTRY
+                    ]);
+                }
+            } else {
+                return $this->response->setJSON([
+                    'success' => false,
+                    'message' => lang('Employees.current_password_invalid'),
+                    'id'      => NEW_ENTRY
+                ]);
+            }
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Employees.current_password_invalid'),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+}

app/Controllers/Item_kits.php

@@ -7,313 +7,289 @@ use App\Libraries\Barcode_lib;
 use App\Models\Item;
 use App\Models\Item_kit;
 use App\Models\Item_kit_items;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 class Item_kits extends Secure_Controller
 {
-	private Item $item;
-	private Item_kit $item_kit;
-	private Item_kit_items $item_kit_items;
+    private Item $item;
+    private Item_kit $item_kit;
+    private Item_kit_items $item_kit_items;
 
-	public function __construct()
-	{
-		parent::__construct('item_kits');
+    public function __construct()
+    {
+        parent::__construct('item_kits');
 
-		$this->item = model(Item::class);
-		$this->item_kit = model(Item_kit::class);
-		$this->item_kit_items = model(Item_kit_items::class);
-	}
+        $this->item = model(Item::class);
+        $this->item_kit = model(Item_kit::class);
+        $this->item_kit_items = model(Item_kit_items::class);
+    }
 
-	/**
-	 * Add the total cost and retail price to a passed item_kit retrieving the data from each singular item part of the kit
-	 */
-	private function _add_totals_to_item_kit(object $item_kit): object    //TODO: Hungarian notation
-	{
-		$kit_item_info = $this->item->get_info($item_kit->kit_item_id ?? $item_kit->item_id);
+    /**
+     * Add the total cost and retail price to a passed item_kit retrieving the data from each singular item part of the kit
+     */
+    private function _add_totals_to_item_kit(object $item_kit): object    // TODO: Hungarian notation
+    {
+        $kit_item_info = $this->item->get_info($item_kit->kit_item_id ?? $item_kit->item_id);
 
-		$item_kit->total_cost_price = 0;
-		$item_kit->total_unit_price = $kit_item_info->unit_price;
-		$total_quantity = 0;
+        $item_kit->total_cost_price = 0;
+        $item_kit->total_unit_price = $kit_item_info->unit_price;
+        $total_quantity = 0;
 
-		foreach($this->item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item)
-		{
-			$item_info = $this->item->get_info($item_kit_item['item_id']);
-			foreach(get_object_vars($item_info) as $property => $value)
-			{
-				$item_info->$property = $value;
-			}
+        foreach ($this->item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) {
+            $item_info = $this->item->get_info($item_kit_item['item_id']);
+            foreach (get_object_vars($item_info) as $property => $value) {
+                $item_info->$property = $value;
+            }
 
-			$item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];
+            $item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];
 
-			if($item_kit->price_option == PRICE_OPTION_ALL || ($item_kit->price_option == PRICE_OPTION_KIT_STOCK && $item_info->stock_type == HAS_STOCK ))
-			{
-				$item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity'];
-				$total_quantity += $item_kit_item['quantity'];
-			}
-		}
+            if ($item_kit->price_option == PRICE_OPTION_ALL || ($item_kit->price_option == PRICE_OPTION_KIT_STOCK && $item_info->stock_type == HAS_STOCK)) {
+                $item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity'];
+                $total_quantity += $item_kit_item['quantity'];
+            }
+        }
 
-		$discount_fraction = bcdiv($item_kit->kit_discount, '100');
+        $discount_fraction = bcdiv($item_kit->kit_discount, '100');
 
-		$item_kit->total_unit_price = $item_kit->total_unit_price - round(($item_kit->kit_discount_type == PERCENT)
-				? bcmul($item_kit->total_unit_price, $discount_fraction)
-				: $item_kit->kit_discount, totals_decimals(), PHP_ROUND_HALF_UP);
+        $item_kit->total_unit_price = $item_kit->total_unit_price - round(($item_kit->kit_discount_type == PERCENT)
+            ? bcmul($item_kit->total_unit_price, $discount_fraction)
+            : $item_kit->kit_discount, totals_decimals(), PHP_ROUND_HALF_UP);
 
-		return $item_kit;
-	}
+        return $item_kit;
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_item_kits_manage_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_item_kits_manage_table_headers();
 
-		echo view('item_kits/manage', $data);
-	}
+        return view('item_kits/manage', $data);
+    }
 
-	/**
-	 * Returns Item_kit table data rows. This will be called with AJAX.
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns Item_kit table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search') ?? '';
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(item_kit_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_kit_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->item_kit->get_found_rows($search);
+        $item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->item_kit->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($item_kits->getResult() as $item_kit)
-		{
-			// calculate the total cost and retail price of the Kit, so it can be printed out in the manage table
-			$item_kit = $this->_add_totals_to_item_kit($item_kit);
-			$data_rows[] = get_item_kit_data_row($item_kit);
-		}
+        $data_rows = [];
+        foreach ($item_kits->getResult() as $item_kit) {
+            // Calculate the total cost and retail price of the Kit, so it can be printed out in the manage table
+            $item_kit = $this->_add_totals_to_item_kit($item_kit);
+            $data_rows[] = get_item_kit_data_row($item_kit);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function suggest_search(): void
-	{
-		$suggestions = $this->item_kit->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->item_kit->get_search_suggestions($search);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		// calculate the total cost and retail price of the Kit, so it can be added to the table refresh
-		$item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        // Calculate the total cost and retail price of the Kit, so it can be added to the table refresh
+        $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));
 
-		echo json_encode(get_item_kit_data_row($item_kit));
-	}
+        return $this->response->setJSON(get_item_kit_data_row($item_kit));
+    }
 
-	/**
-	 * @param int $item_kit_id
-	 * @return void
-	 */
-	public function getView(int $item_kit_id = NEW_ENTRY): void
-	{
-		$info = $this->item_kit->get_info($item_kit_id);
+    /**
+     * @param int $item_kit_id
+     * @return string
+     */
+    public function getView(int $item_kit_id = NEW_ENTRY): string
+    {
+        $info = $this->item_kit->get_info($item_kit_id);
 
-		if($item_kit_id == NEW_ENTRY)
-		{
-			$info->price_option = '0';
-			$info->print_option = PRINT_ALL;
-			$info->kit_item_id = 0;
-			$info->item_number = '';
-			$info->kit_discount = 0;
-		}
+        if ($item_kit_id == NEW_ENTRY) {
+            $info->price_option = '0';
+            $info->print_option = PRINT_ALL;
+            $info->kit_item_id = 0;
+            $info->item_number = '';
+            $info->kit_discount = 0;
+        }
 
-		foreach(get_object_vars($info) as $property => $value)
-		{
-			$info->$property = $value;
-		}
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
 
-		$data['item_kit_info']  = $info;
+        $data['item_kit_info']  = $info;
 
-		$items = [];
+        $items = [];
 
-		foreach($this->item_kit_items->get_info($item_kit_id) as $item_kit_item)
-		{
-			$item['kit_sequence'] = $item_kit_item['kit_sequence'];
-			$item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
-			$item['item_id'] = $item_kit_item['item_id'];
-			$item['quantity'] = $item_kit_item['quantity'];
+        foreach ($this->item_kit_items->get_info($item_kit_id) as $item_kit_item) {
+            $item['kit_sequence'] = $item_kit_item['kit_sequence'];
+            $item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
+            $item['item_id'] = $item_kit_item['item_id'];
+            $item['quantity'] = $item_kit_item['quantity'];
 
-			$items[] = $item;
-		}
+            $items[] = $item;
+        }
 
-		$data['item_kit_items'] = $items;
+        $data['item_kit_items'] = $items;
 
-		$data['selected_kit_item_id'] = $info->kit_item_id;
-		$data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
+        $data['selected_kit_item_id'] = $info->kit_item_id;
+        $data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
 
-		echo view("item_kits/form", $data);
-	}
+        return view("item_kits/form", $data);
+    }
 
-	/**
-	 * @param int $item_kit_id
-	 * @return void
-	 */
-	public function postSave(int $item_kit_id = NEW_ENTRY): void
-	{
-		$kit_discount = prepare_decimal($this->request->getPost('kit_discount'));
+    /**
+     * @param int $item_kit_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $item_kit_id = NEW_ENTRY): ResponseInterface
+    {
+        $item_kit_data = [
+            'name'              => $this->request->getPost('name'),
+            'item_kit_number'   => $this->request->getPost('item_kit_number'),
+            'item_id'           => $this->request->getPost('kit_item_id'),
+            'kit_discount'      => parse_decimals($this->request->getPost('kit_discount')),
+            'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : intval($this->request->getPost('kit_discount_type')),
+            'price_option'      => $this->request->getPost('price_option') === null ? PRICE_ALL : intval($this->request->getPost('price_option')),
+            'print_option'      => $this->request->getPost('print_option') === null ? PRINT_ALL : intval($this->request->getPost('print_option')),
+            'description'       => $this->request->getPost('description')
+        ];
 
-		$item_kit_data = [
-			'name' => $this->request->getPost('name'),
-			'item_kit_number' => $this->request->getPost('item_kit_number'),
-			'item_id' => $this->request->getPost('kit_item_id') ? null : intval($this->request->getPost('kit_item_id')),
-			'kit_discount' => filter_var($kit_discount,FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION),
-			'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : intval($this->request->getPost('kit_discount_type')),
-			'price_option' => $this->request->getPost('price_option') === null ? PRICE_ALL : intval($this->request->getPost('price_option')),
-			'print_option' => $this->request->getPost('print_option') === null ? PRINT_ALL : intval($this->request->getPost('print_option')),
-			'description' => $this->request->getPost('description')
-		];
+        if ($this->item_kit->save_value($item_kit_data, $item_kit_id)) {
+            $new_item = false;
+            // New item kit
+            if ($item_kit_id == NEW_ENTRY) {
+                $item_kit_id = $item_kit_data['item_kit_id'];
+                $new_item = true;
+            }
 
-		if($this->item_kit->save_value($item_kit_data, $item_kit_id))
-		{
-			$new_item = false;
-			//New item kit
-			if($item_kit_id == NEW_ENTRY)
-			{
-				$item_kit_id = $item_kit_data['item_kit_id'];
-				$new_item = true;
-			}
+            $item_kit_items_array = $this->request->getPost('item_kit_qty') === null ? null : $this->request->getPost('item_kit_qty');
 
-			$item_kit_items_array = $this->request->getPost('item_kit_qty') === null ? null : $this->request->getPost('item_kit_qty');
+            if ($item_kit_items_array != null) {
+                $item_kit_items = [];
+                foreach ($item_kit_items_array as $item_id => $item_kit_qty) {
+                    $item_kit_items[] = [
+                        'item_id'      => $item_id,
+                        'quantity'     => $item_kit_qty === null ? 0 : parse_quantity($item_kit_qty),
+                        'kit_sequence' => $this->request->getPost("item_kit_seq[$item_id]") === null ? 0 : intval($this->request->getPost("item_kit_seq[$item_id]"))
+                    ];
+                }
+            }
 
-			if($item_kit_items_array != null)
-			{
-				$item_kit_items = [];
-				foreach($item_kit_items_array as $item_id => $item_kit_qty)
-				{
-					$item_kit_items[] = [
-						'item_id' => $item_id,
-						'quantity' => $item_kit_qty === null ? 0 : parse_quantity($item_kit_qty),
-						'kit_sequence' => $this->request->getPost("item_kit_seq[$item_id]") === null ? 0 : intval($this->request->getPost("item_kit_seq[$item_id]"))
-					];
-				}
-			}
+            if (!empty($item_kit_items)) {
+                $success = $this->item_kit_items->save_value($item_kit_items, $item_kit_id);
+            } else {
+                $success = true;
+            }
 
-			if (!empty($item_kit_items))
-			{
-				$success = $this->item_kit_items->save_value($item_kit_items, $item_kit_id);
-			}
-			else
-			{
-				$success = true;
-			}
+            if ($new_item) {
+                return $this->response->setJSON([
+                    'success' => $success,
+                    'message' => lang('Item_kits.successful_adding') . ' ' . $item_kit_data['name'],
+                    'id'      => $item_kit_id
+                ]);
+            } else {
+                return $this->response->setJSON([
+                    'success' => $success,
+                    'message' => lang('Item_kits.successful_updating') . ' ' . $item_kit_data['name'],
+                    'id'      => $item_kit_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-			if($new_item)
-			{
-				echo json_encode ([
-					'success' => $success,
-					'message' => lang('Item_kits.successful_adding').' '.$item_kit_data['name'],
-					'id' => $item_kit_id
-				]);
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-			}
-			else
-			{
-				echo json_encode ([
-					'success' => $success,
-					'message' => lang('Item_kits.successful_updating').' '.$item_kit_data['name'],
-					'id' => $item_kit_id
-				]);
-			}
-		}
-		else//failure
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->item_kit->delete_list($item_kits_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckItemNumber(): ResponseInterface
+    {
+        $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
 
-		if($this->item_kit->delete_list($item_kits_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
-		}
-	}
+    /**
+     * AJAX called function that generates barcodes for selected item_kits.
+     *
+     * @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getGenerateBarcodes(string $item_kit_ids): string
+    {
+        $barcode_lib = new Barcode_lib();
+        $result = [];
 
-	/**
-	 * Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
-	 *
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function postCheckItemNumber(): void
-	{
-		$exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
-		echo !$exists ? 'true' : 'false';
-	}
+        $item_kit_ids = explode(':', $item_kit_ids);
+        foreach ($item_kit_ids as $item_kid_id) {
+            // Calculate the total cost and retail price of the Kit, so it can be added to the barcode text at the bottom
+            $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($item_kid_id));
 
-	/**
-	 * AJAX called function that generates barcodes for selected item_kits.
-	 *
-	 * @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function getGenerateBarcodes(string $item_kit_ids): void
-	{
-		$barcode_lib = new Barcode_lib();
-		$result = [];
+            $item_kid_id = 'KIT ' . urldecode($item_kid_id);
 
-		$item_kit_ids = explode(':', $item_kit_ids);
-		foreach($item_kit_ids as $item_kid_id)
-		{
-			// calculate the total cost and retail price of the Kit, so it can be added to the barcode text at the bottom
-			$item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($item_kid_id));
+            $result[] = [
+                'name'        => $item_kit->name,
+                'item_id'     => $item_kid_id,
+                'item_number' => $item_kid_id,
+                'cost_price'  => $item_kit->total_cost_price,
+                'unit_price'  => $item_kit->total_unit_price
+            ];
+        }
 
-			$item_kid_id = 'KIT '. urldecode($item_kid_id);
+        $data['items'] = $result;
+        $barcode_config = $barcode_lib->get_barcode_config();
+        // In case the selected barcode type is not Code39 or Code128 we set by default Code128
+        // The rationale for this is that EAN codes cannot have strings as seed, so 'KIT ' is not allowed
+        if ($barcode_config['barcode_type'] != 'C39' && $barcode_config['barcode_type'] != 'C128') {
+            $barcode_config['barcode_type'] = 'C128';
+        }
+        $data['barcode_config'] = $barcode_config;
 
-			$result[] = [
-				'name' => $item_kit->name,
-				'item_id' => $item_kid_id,
-				'item_number' => $item_kid_id,
-				'cost_price' => $item_kit->total_cost_price,
-				'unit_price' => $item_kit->total_unit_price
-			];
-		}
-
-		$data['items'] = $result;
-		$barcode_config = $barcode_lib->get_barcode_config();
-		// in case the selected barcode type is not Code39 or Code128 we set by default Code128
-		// the rationale for this is that EAN codes cannot have strings as seed, so 'KIT ' is not allowed
-		if($barcode_config['barcode_type'] != 'C39' && $barcode_config['barcode_type'] != 'C128')
-		{
-			$barcode_config['barcode_type'] = 'C128';
-		}
-		$data['barcode_config'] = $barcode_config;
-
-		// display barcodes
-		echo view("barcodes/barcode_sheet", $data);
-	}
+        // Display barcodes
+        return view("barcodes/barcode_sheet", $data);
+    }
 }

app/Controllers/Login.php

@@ -14,65 +14,61 @@ use Config\Services;
  */
 class Login extends BaseController
 {
-	public Model $employee;
+    public Model $employee;
 
-	/**
-	 * @return RedirectResponse|string
-	 */
-	public function index(): string|RedirectResponse
-	{
-		$this->employee = model(Employee::class);
-		if(!$this->employee->is_logged_in())
-		{
-			$migration = new MY_Migration(config('Migrations'));
-			$config = config(OSPOS::class)->settings;
+    /**
+     * @return RedirectResponse|string
+     */
+    public function index(): string|RedirectResponse
+    {
+        $this->employee = model(Employee::class);
+        if (!$this->employee->is_logged_in()) {
+            $migration = new MY_Migration(config('Migrations'));
+            $config = config(OSPOS::class)->settings;
 
-			$gcaptcha_enabled = array_key_exists('gcaptcha_enable', $config)
-				? $config['gcaptcha_enable']
-				: false;
+            $gcaptcha_enabled = array_key_exists('gcaptcha_enable', $config)
+                ? $config['gcaptcha_enable']
+                : false;
 
-			$migration->migrate_to_ci4();
+            $migration->migrate_to_ci4();
 
-			$validation = Services::validation();
+            $validation = Services::validation();
 
-			$data = [
-				'has_errors' => false,
-				'is_latest' => $migration->is_latest(),
-				'latest_version' => $migration->get_latest_migration(),
-				'gcaptcha_enabled' => $gcaptcha_enabled,
-				'config' => $config,
-				'validation' => $validation
-			];
+            $data = [
+                'has_errors'       => false,
+                'is_latest'        => $migration->is_latest(),
+                'latest_version'   => $migration->get_latest_migration(),
+                'gcaptcha_enabled' => $gcaptcha_enabled,
+                'config'           => $config,
+                'validation'       => $validation
+            ];
 
-			if($this->request->getMethod() !== 'POST')
-			{
-				return view('login', $data);
-			}
+            if ($this->request->getMethod() !== 'POST') {
+                return view('login', $data);
+            }
 
-			$rules = ['username' => 'required|login_check[data]'];
-			$messages = [
-				'username' => [
-					'required' => lang('Login.required_username'),
-					'login_check' => lang('Login.invalid_username_and_password'),
-				]
-			];
+            $rules = ['username' => 'required|login_check[data]'];
+            $messages = [
+                'username' => [
+                    'required'    => lang('Login.required_username'),
+                    'login_check' => lang('Login.invalid_username_and_password'),
+                ]
+            ];
 
-			if(!$this->validate($rules, $messages))
-			{
-				$data['has_errors'] = !empty($validation->getErrors());
+            if (!$this->validate($rules, $messages)) {
+                $data['has_errors'] = !empty($validation->getErrors());
 
-				return view('login', $data);
-			}
+                return view('login', $data);
+            }
 
-			if(!$data['is_latest'])
-			{
-				set_time_limit(3600);
+            if (!$data['is_latest']) {
+                set_time_limit(3600);
 
-				$migration->setNamespace('App')->latest();
-				return redirect()->to('login');
-			}
-		}
+                $migration->setNamespace('App')->latest();
+                return redirect()->to('login');
+            }
+        }
 
-		return redirect()->to('home');
-	}
+        return redirect()->to('home');
+    }
 }

app/Controllers/Messages.php

@@ -5,93 +5,87 @@ namespace App\Controllers;
 use App\Libraries\Sms_lib;
 
 use App\Models\Person;
+use CodeIgniter\HTTP\ResponseInterface;
 
 class Messages extends Secure_Controller
 {
-	private Sms_lib $sms_lib;
+    private Sms_lib $sms_lib;
 
-	public function __construct()
-	{
-		parent::__construct('messages');
+    public function __construct()
+    {
+        parent::__construct('messages');
 
-		$this->sms_lib = new Sms_lib();
-	}
+        $this->sms_lib = new Sms_lib();
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		echo view('messages/sms');
-	}
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return view('messages/sms');
+    }
 
-	/**
-	 * @param int $person_id
-	 * @return void
-	 */
-	public function getView(int $person_id = NEW_ENTRY): void
-	{
-		$person = model(Person::class);
-		$info = $person->get_info($person_id);
+    /**
+     * @param int $person_id
+     * @return string
+     */
+    public function getView(int $person_id = NEW_ENTRY): string
+    {
+        $person = model(Person::class);
+        $info = $person->get_info($person_id);
 
-		foreach(get_object_vars($info) as $property => $value)
-		{
-			$info->$property = $value;
-		}
-		$data['person_info'] = $info;
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+        $data['person_info'] = $info;
 
-		echo view('messages/form_sms', $data);
-	}
+        return view('messages/form_sms', $data);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function send(): void
-	{
-		$phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * @return ResponseInterface
+     */
+    public function send(): ResponseInterface
+    {
+        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$response = $this->sms_lib->sendSMS($phone, $message);
+        $response = $this->sms_lib->sendSMS($phone, $message);
 
-		if($response)
-		{
-			echo json_encode (['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
-		}
-	}
+        if ($response) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
+        }
+    }
 
-	/**
-	 * Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
-	 *
-	 * @param int $person_id
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function send_form(int $person_id = NEW_ENTRY): void
-	{
-		$phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
+     *
+     * @param int $person_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function send_form(int $person_id = NEW_ENTRY): ResponseInterface
+    {
+        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$response = $this->sms_lib->sendSMS($phone, $message);
+        $response = $this->sms_lib->sendSMS($phone, $message);
 
-		if($response)
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Messages.successfully_sent') . ' ' . esc($phone),
-				'person_id' => $person_id
-			]);
-		}
-		else
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
-				'person_id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($response) {
+            return $this->response->setJSON([
+                'success'   => true,
+                'message'   => lang('Messages.successfully_sent') . ' ' . esc($phone),
+                'person_id' => $person_id
+            ]);
+        } else {
+            return $this->response->setJSON([
+                'success'   => false,
+                'message'   => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
+                'person_id' => NEW_ENTRY
+            ]);
+        }
+    }
 }

app/Controllers/No_access.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
 
 /**
  * Part of the grants mechanism to restrict access to modules that the user doesn't have permission for.
@@ -12,23 +13,23 @@ use App\Models\Module;
  */
 class No_access extends BaseController
 {
-	private Module $module;
+    private Module $module;
 
-	public function __construct()
-	{
-		$this->module = model(Module::class);
-	}
+    public function __construct()
+    {
+        $this->module = model(Module::class);
+    }
 
-	/**
-	 * @param string $module_id
-	 * @param string $permission_id
-	 * @return void
-	 */
-	public function getIndex(string $module_id = '', string $permission_id = ''): void
-	{
-		$data['module_name']   = $this->module->get_module_name($module_id);
-		$data['permission_id'] = $permission_id;
+    /**
+     * @param string $module_id
+     * @param string $permission_id
+     * @return string
+     */
+    public function getIndex(string $module_id = '', string $permission_id = ''): string
+    {
+        $data['module_name']   = $this->module->get_module_name($module_id);
+        $data['permission_id'] = $permission_id;
 
-		echo view('no_access', $data);
-	}
+        return view('no_access', $data);
+    }
 }

app/Controllers/Office.php

@@ -3,34 +3,35 @@
 namespace App\Controllers;
 
 use App\Models\Employee;
+use CodeIgniter\HTTP\ResponseInterface;
 
 /**
  * @property Employee employee
  */
 class Office extends Secure_Controller
 {
-	protected Employee $employee;
+    protected Employee $employee;
 
-	public function __construct()
-	{
-		parent::__construct('office', null, 'office');
-	}
+    public function __construct()
+    {
+        parent::__construct('office', null, 'office');
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		echo view('home/office');
-	}
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return view('home/office');
+    }
 
-	/**
-	 * @return void
-	 */
-	public function logout(): void
-	{
-		$this->employee = model(Employee::class);
+    /**
+     * @return void
+     */
+    public function logout(): void
+    {
+        $this->employee = model(Employee::class);
 
-		$this->employee->logout();
-	}
+        $this->employee->logout();
+    }
 }

app/Controllers/Persons.php

@@ -3,67 +3,74 @@
 namespace App\Controllers;
 
 use App\Models\Person;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 use function Tamtamchik\NameCase\str_name_case;
 
 abstract class Persons extends Secure_Controller
 {
-	protected Person $person;
+    protected Person $person;
 
-	/**
-	 * @param string|null $module_id
-	 */
-	public function __construct(string $module_id = null)
-	{
-		parent::__construct($module_id);
+    /**
+     * @param string|null $module_id
+     */
+    public function __construct(?string $module_id = null)
+    {
+        parent::__construct($module_id);
 
-		$this->person = model(Person::class);
-	}
+        $this->person = model(Person::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_people_manage_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_people_manage_table_headers();
 
-		echo view('people/manage', $data);
-	}
+        return view('people/manage', $data);
+    }
 
-	/**
-	 * Gives search suggestions based on what is being searched for
-	 */
-	public function getSuggest(): void
-	{
-		$suggestions = $this->person->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+    /**
+     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->person->get_search_suggestions($search);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * Gets one row for a person manage table. This is called using AJAX to update one row.
-	 */
-	public function getRow(int $row_id): void
-	{
-		$data_row = get_person_data_row($this->person->get_info($row_id));
+    /**
+     * Gets one row for a person manage table. This is called using AJAX to update one row.
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_person_data_row($this->person->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * Capitalize segments of a name, and put the rest into lower case.
-	 * You can pass the characters you want to use as delimiters as exceptions.
-	 * The function supports UTF-8 strings
-	 *
-	 * Example:
-	 * i.e. <?php echo nameize("john o'grady-smith"); ?>
-	 *
-	 * returns John O'Grady-Smith
-	 */
-	protected function nameize(string $input): string
-	{
-		$adjusted_name = str_name_case($input);
+    /**
+     * Capitalize segments of a name, and put the rest into lower case.
+     * You can pass the characters you want to use as delimiters as exceptions.
+     * The function supports UTF-8 strings
+     *
+     * Example:
+     * i.e. <?php echo nameize("john o'grady-smith"); ?>
+     *
+     * returns John O'Grady-Smith
+     */
+    protected function nameize(string $input): string
+    {
+        $adjusted_name = str_name_case($input);
 
-		// Use preg_replace to match HTML entities and convert them to lowercase.
-		return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function($matches) { return strtolower($matches[0]); }, $adjusted_name);
-	}
+        // TODO: Use preg_replace to match HTML entities and convert them to lowercase. This is a workaround for https://github.com/tamtamchik/namecase/issues/20
+        return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function ($matches) {
+            return strtolower($matches[0]);
+        }, $adjusted_name);
+    }
 }

app/Controllers/Secure_Controller.php

@@ -4,7 +4,7 @@ namespace App\Controllers;
 
 use App\Models\Employee;
 use App\Models\Module;
-
+use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Model;
 use CodeIgniter\Session\Session;
 use Config\OSPOS;
@@ -22,124 +22,140 @@ use Config\Services;
  */
 class Secure_Controller extends BaseController
 {
-	public array $global_view_data;
-	protected Employee $employee;
-	protected Module $module;
-	protected Session $session;
+    public array $global_view_data;
+    protected Employee $employee;
+    protected Module $module;
+    protected Session $session;
 
-	/**
-	 * @param string $module_id
-	 * @param string|null $submodule_id
-	 * @param string|null $menu_group
-	 */
-	public function __construct(string $module_id = '', string $submodule_id = null, string $menu_group = null)
-	{
-		$this->employee = model(Employee::class);
-		$this->module = model(Module::class);
-		$config = config(OSPOS::class)->settings;
-		$validation = Services::validation();
+    /**
+     * @param string $module_id
+     * @param string|null $submodule_id
+     * @param string|null $menu_group
+     */
+    public function __construct(string $module_id = '', ?string $submodule_id = null, ?string $menu_group = null)
+    {
+        $this->employee = model(Employee::class);
+        $this->module = model(Module::class);
+        $config = config(OSPOS::class)->settings;
+        $validation = Services::validation();
 
-		if(!$this->employee->is_logged_in())
-		{
-			header("Location:".base_url('login'));
-			exit();
-		}
+        if (!$this->employee->is_logged_in()) {
+            header("Location:" . base_url('login'));
+            exit();
+        }
 
-		$logged_in_employee_info = $this->employee->get_logged_in_employee_info();
-		if(!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
-			|| (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id)))
-		{
-			header("Location:".base_url("no_access/$module_id/$submodule_id"));
-			exit();
-		}
+        $logged_in_employee_info = $this->employee->get_logged_in_employee_info();
+        if (
+            !$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
+            || (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))
+        ) {
+            header("Location:" . base_url("no_access/$module_id/$submodule_id"));
+            exit();
+        }
 
-		// load up global global_view_data visible to all the loaded views
-		$this->session = session();
-		if($menu_group == null)
-		{
-			$menu_group = $this->session->get('menu_group');
-		}
-		else
-		{
-			$this->session->set('menu_group', $menu_group);
-		}
+        // Load up global global_view_data visible to all the loaded views
+        $this->session = session();
+        if ($menu_group == null) {
+            $menu_group = $this->session->get('menu_group');
+        } else {
+            $this->session->set('menu_group', $menu_group);
+        }
 
-		$allowed_modules = $menu_group == 'home'
-			? $this->module->get_allowed_home_modules($logged_in_employee_info->person_id)
-			: $this->module->get_allowed_office_modules($logged_in_employee_info->person_id);
+        $allowed_modules = $menu_group == 'home'
+            ? $this->module->get_allowed_home_modules($logged_in_employee_info->person_id)
+            : $this->module->get_allowed_office_modules($logged_in_employee_info->person_id);
 
-		$this->global_view_data = [];
-		foreach($allowed_modules->getResult() as $module)
-		{
-			$this->global_view_data['allowed_modules'][] = $module;
-		}
+        $this->global_view_data = [];
+        foreach ($allowed_modules->getResult() as $module) {
+            $this->global_view_data['allowed_modules'][] = $module;
+        }
 
-		$this->global_view_data += [
-			'user_info' => $logged_in_employee_info,
-			'controller_name' => $module_id,
-			'config' => $config
-		];
-		view('viewData', $this->global_view_data);
-	}
+        $this->global_view_data += [
+            'user_info'       => $logged_in_employee_info,
+            'controller_name' => $module_id,
+            'config'          => $config
+        ];
+        view('viewData', $this->global_view_data);
+    }
 
-	/**
-	 * AJAX function used to confirm whether values sent in the request are numeric
-	 * @return void
-	 * @noinspection PhpUnused
-	 */
-	public function getCheckNumeric(): void
-	{
-		$result = true;
+    public function sanitizeSortColumn($headers, $field, $default): string
+    {
+        return $field != null && in_array($field, array_keys(array_merge(...$headers))) ? $field : $default;
+    }
 
-		foreach($this->request->getGet(null, FILTER_SANITIZE_FULL_SPECIAL_CHARS) as $value)
-		{
-			$result &= (int)parse_decimals($value);
-		}
+    /**
+     * AJAX function used to confirm whether values sent in the request are numeric
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getCheckNumeric(): ResponseInterface
+    {
+        foreach ($this->request->getGet() as $value) {
+            if (parse_decimals($value) === false) {
+                return $this->response->setJSON('false');
+            }
+        }
+        return $this->response->setJSON('true');
+    }
 
-		echo $result !== false ? 'true' : 'false';
-	}
+    /**
+     * @param $key
+     * @return mixed|void
+     */
+    public function getConfig($key)
+    {
+        if (isset($config[$key])) {
+            return $config[$key];
+        }
+    }
 
-	/**
-	 * @param $key
-	 * @return mixed|void
-	 */
-	public function getConfig($key)
-	{
-		if (isset($config[$key]))
-		{
-			return $config[$key];
-		}
-	}
+    /**
+     * @return false
+     */
+    public function getIndex()
+    {
+        return false;
+    }
 
-	/**
-	 * @return false
-	 */
-	public function getIndex() { return false; }
+    /**
+     * @return false
+     */
+    public function getSearch()
+    {
+        return false;
+    }
 
-	/**
-	 * @return false
-	 */
-	public function getSearch() { return false; }
+    /**
+     * @return false
+     */
+    public function suggest_search()
+    {
+        return false;
+    }
 
-	/**
-	 * @return false
-	 */
-	public function suggest_search() { return false; }
+    /**
+     * @param int $data_item_id
+     * @return false
+     */
+    public function getView(int $data_item_id = -1)
+    {
+        return false;
+    }
 
-	/**
-	 * @param int $data_item_id
-	 * @return false
-	 */
-	public function getView(int $data_item_id = -1) { return false; }
+    /**
+     * @param int $data_item_id
+     * @return false
+     */
+    public function postSave(int $data_item_id = -1)
+    {
+        return false;
+    }
 
-	/**
-	 * @param int $data_item_id
-	 * @return false
-	 */
-	public function postSave(int $data_item_id = -1) { return false; }
-
-	/**
-	 * @return false
-	 */
-	public function postDelete() { return false; }
+    /**
+     * @return false
+     */
+    public function postDelete()
+    {
+        return false;
+    }
 }

app/Controllers/Suppliers.php

@@ -3,194 +3,190 @@
 namespace App\Controllers;
 
 use App\Models\Supplier;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 class Suppliers extends Persons
 {
-	private Supplier $supplier;
+    private Supplier $supplier;
 
-	public function __construct()
-	{
-		parent::__construct('suppliers');
+    public function __construct()
+    {
+        parent::__construct('suppliers');
 
-		$this->supplier = model(Supplier::class);
-	}
+        $this->supplier = model(Supplier::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		$data['table_headers'] = get_suppliers_manage_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_suppliers_manage_table_headers();
 
-		echo view('people/manage', $data);
-	}
+        return view('people/manage', $data);
+    }
 
-	/**
-	 * Gets one row for a supplier manage table. This is called using AJAX to update one row.
-	 * @param $row_id
-	 * @return void
-	 */
-	public function getRow($row_id): void
-	{
-		$data_row = get_supplier_data_row($this->supplier->get_info($row_id));
-		$data_row['category'] = $this->supplier->get_category_name($data_row['category']);
+    /**
+     * Gets one row for a supplier manage table. This is called using AJAX to update one row.
+     * @param $row_id
+     * @return ResponseInterface
+     */
+    public function getRow($row_id): ResponseInterface
+    {
+        $data_row = get_supplier_data_row($this->supplier->get_info($row_id));
+        $data_row['category'] = $this->supplier->get_category_name($data_row['category']);
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * Returns Supplier table data rows. This will be called with AJAX.
-	 * @return void
-	 **/
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns Supplier table data rows. This will be called with AJAX.
+     * @return void
+     **/
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort = $this->sanitizeSortColumn(supplier_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->supplier->get_found_rows($search);
+        $suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->supplier->get_found_rows($search);
 
-		$data_rows = [];
+        $data_rows = [];
 
-		foreach($suppliers->getResult() as $supplier)
-		{
-			$row = get_supplier_data_row($supplier);
-			$row['category'] = $this->supplier->get_category_name($row['category']);
-			$data_rows[] = $row;
-		}
+        foreach ($suppliers->getResult() as $supplier) {
+            $row = get_supplier_data_row($supplier);
+            $row['category'] = $this->supplier->get_category_name($row['category']);
+            $data_rows[] = $row;
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * Gives search suggestions based on what is being searched for
-	 **/
-	public function getSuggest(): void
-	{
-		$suggestions = $this->supplier->get_search_suggestions($this->request->getGet('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), true);
+    /**
+     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
+     **/
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->supplier->get_search_suggestions($search, true);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function suggest_search(): void
-	{
-		$suggestions = $this->supplier->get_search_suggestions($this->request->getPost('term', FILTER_SANITIZE_FULL_SPECIAL_CHARS), false);
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->supplier->get_search_suggestions($search, false);
 
-		echo json_encode($suggestions);
-	}
+        return $this->response->setJSON($suggestions);
+    }
 
-	/**
-	 * Loads the supplier edit form
-	 *
-	 * @param int $supplier_id
-	 * @return void
-	 */
-	public function getView(int $supplier_id = NEW_ENTRY): void
-	{
-		$info = $this->supplier->get_info($supplier_id);
-		foreach(get_object_vars($info) as $property => $value)
-		{
-			$info->$property = $value;
-		}
-		$data['person_info'] = $info;
-		$data['categories'] = $this->supplier->get_categories();
+    /**
+     * Loads the supplier edit form
+     *
+     * @param int $supplier_id
+     * @return string
+     */
+    public function getView(int $supplier_id = NEW_ENTRY): string
+    {
+        $info = $this->supplier->get_info($supplier_id);
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+        $data['person_info'] = $info;
+        $data['categories'] = $this->supplier->get_categories();
 
-		echo view("suppliers/form", $data);
-	}
+        return view("suppliers/form", $data);
+    }
 
-	/**
-	 * Inserts/updates a supplier
-	 *
-	 * @param int $supplier_id
-	 * @return void
-	 */
-	public function postSave(int $supplier_id = NEW_ENTRY): void
-	{
-		$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);	//TODO: Duplicate code
-		$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+    /**
+     * Inserts/updates a supplier
+     *
+     * @param int $supplier_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $supplier_id = NEW_ENTRY): ResponseInterface
+    {
+        $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: Duplicate code
+        $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
 
-		// format first and last name properly
-		$first_name = $this->nameize($first_name);
-		$last_name = $this->nameize($last_name);
+        // Format first and last name properly
+        $first_name = $this->nameize($first_name);
+        $last_name = $this->nameize($last_name);
 
-		$person_data = [
-			'first_name' => $first_name,
-			'last_name' => $last_name,
-			'gender' => $this->request->getPost('gender'),
-			'email' => $email,
-			'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'address_1' => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'address_2' => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-		];
+        $person_data = [
+            'first_name'   => $first_name,
+            'last_name'    => $last_name,
+            'gender'       => $this->request->getPost('gender'),
+            'email'        => $email,
+            'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_1'    => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_2'    => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'city'         => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'state'        => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'zip'          => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'country'      => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
 
-		$supplier_data = [
-			'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'account_number' => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
-		];
+        $supplier_data = [
+            'company_name'   => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'agency_name'    => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'category'       => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'account_number' => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'tax_id'         => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
+        ];
 
-		if($this->supplier->save_supplier($person_data, $supplier_data, $supplier_id))
-		{
-			//New supplier
-			if($supplier_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Suppliers.successful_adding') . ' ' . $supplier_data['company_name'],
-					'id' => $supplier_data['person_id']
-				]);
-			}
-			else //Existing supplier
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Suppliers.successful_updating') . ' ' . $supplier_data['company_name'],
-					'id' => $supplier_id]);
-			}
-		}
-		else//failure
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Suppliers.error_adding_updating') . ' ' . 	$supplier_data['company_name'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->supplier->save_supplier($person_data, $supplier_data, $supplier_id)) {
+            // New supplier
+            if ($supplier_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Suppliers.successful_adding') . ' ' . $supplier_data['company_name'],
+                    'id'      => $supplier_data['person_id']
+                ]);
+            } else { // Existing supplier
 
-	/**
-	 * This deletes suppliers from the suppliers table
-	 *
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$suppliers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Suppliers.successful_updating') . ' ' . $supplier_data['company_name'],
+                    'id'      => $supplier_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Suppliers.error_adding_updating') . ' ' .     $supplier_data['company_name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-		if($this->supplier->delete_list($suppliers_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
-		}
-	}
+    /**
+     * This deletes suppliers from the suppliers table
+     *
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $suppliers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
+
+        if ($this->supplier->delete_list($suppliers_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/Tax_categories.php

@@ -3,138 +3,130 @@
 namespace App\Controllers;
 
 use App\Models\Tax_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 /**
  * @property tax_category tax_category
  */
 class Tax_categories extends Secure_Controller
 {
-	private Tax_category $tax_category;
+    private Tax_category $tax_category;
 
-	public function __construct()
-	{
-		parent::__construct('tax_categories');
+    public function __construct()
+    {
+        parent::__construct('tax_categories');
 
-		$this->tax_category = model(Tax_category::class);
-	}
+        $this->tax_category = model(Tax_category::class);
+    }
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		 $data['tax_categories_table_headers'] = get_tax_categories_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['tax_categories_table_headers'] = get_tax_categories_table_headers();
 
-		 echo view('taxes/tax_categories', $data);
-	}
+        return view('taxes/tax_categories', $data);
+    }
 
-	/**
-	 * Returns tax_category table data rows. This will be called with AJAX.
-	 *
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->tax_category->get_found_rows($search);
+        $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->tax_category->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($tax_categories->getResult() as $tax_category)
-		{
-			$data_rows[] = get_tax_categories_data_row($tax_category);
-		}
+        $data_rows = [];
+        foreach ($tax_categories->getResult() as $tax_category) {
+            $data_rows[] = get_tax_categories_data_row($tax_category);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * @param $row_id
-	 * @return void
-	 */
-	public function getRow($row_id): void
-	{
-		$data_row = get_tax_categories_data_row($this->tax_category->get_info($row_id));
+    /**
+     * @param $row_id
+     * @return ResponseInterface
+     */
+    public function getRow($row_id): ResponseInterface
+    {
+        $data_row = get_tax_categories_data_row($this->tax_category->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $tax_category_id
-	 * @return void
-	 */
-	public function getView(int $tax_category_id = NEW_ENTRY): void
-	{
-		$data['tax_category_info'] = $this->tax_category->get_info($tax_category_id);
+    /**
+     * @param int $tax_category_id
+     * @return string
+     */
+    public function getView(int $tax_category_id = NEW_ENTRY): string
+    {
+        $data['tax_category_info'] = $this->tax_category->get_info($tax_category_id);
 
-		echo view("taxes/tax_category_form", $data);
-	}
+        return view("taxes/tax_category_form", $data);
+    }
 
 
-	/**
-	 * @param int $tax_category_id
-	 * @return void
-	 */
-	public function postSave(int $tax_category_id = NEW_ENTRY): void
-	{
-		$tax_category_data = [
-			'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT)
-		];
+    /**
+     * @param int $tax_category_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $tax_category_id = NEW_ENTRY): ResponseInterface
+    {
+        $tax_category_data = [
+            'tax_category'       => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'tax_category_code'  => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT)
+        ];
 
-		if($this->tax_category->save_value($tax_category_data, $tax_category_id))
-		{
-			// New tax_category_id
-			if($tax_category_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_categories.successful_adding'),
-					'id' => $tax_category_data['tax_category_id']
-				]);
-			}
-			else
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_categories.successful_updating'),
-					'id' => $tax_category_id
-				]);
-			}
-		}
-		else
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Tax_categories.error_adding_updating') . ' ' . $tax_category_data['tax_category'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->tax_category->save_value($tax_category_data, $tax_category_id)) {
+            // New tax_category_id
+            if ($tax_category_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_categories.successful_adding'),
+                    'id'      => $tax_category_data['tax_category_id']
+                ]);
+            } else {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_categories.successful_updating'),
+                    'id'      => $tax_category_id
+                ]);
+            }
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Tax_categories.error_adding_updating') . ' ' . $tax_category_data['tax_category'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$tax_categories_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $tax_categories_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
 
-		if($this->tax_category->delete_list($tax_categories_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
-		}
-	}
+        if ($this->tax_category->delete_list($tax_categories_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/Tax_codes.php

@@ -3,149 +3,141 @@
 namespace App\Controllers;
 
 use App\Models\Tax_code;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 /**
  * @property tax_code tax_code
  */
 class Tax_codes extends Secure_Controller
 {
-	private Tax_code $tax_code;
+    private Tax_code $tax_code;
 
-	public function __construct()
-	{
-		parent::__construct('tax_codes');
+    public function __construct()
+    {
+        parent::__construct('tax_codes');
 
-		$this->tax_code = model(Tax_code::class);
-		helper('tax_helper');
-	}
+        $this->tax_code = model(Tax_code::class);
+        helper('tax_helper');
+    }
 
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		 echo view('taxes/tax_codes', $this->get_data());
-	}
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return view('taxes/tax_codes', $this->get_data());
+    }
 
-	/**
-	 * @return array
-	 */
-	public function get_data(): array
-	{
+    /**
+     * @return array
+     */
+    public function get_data(): array
+    {
 
-		$data['table_headers'] = get_tax_code_table_headers();
-		return $data;
-	}
+        $data['table_headers'] = get_tax_code_table_headers();
+        return $data;
+    }
 
-	/**
-	 * Returns tax_category table data rows. This will be called with AJAX.
-	 *
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->tax_code->get_found_rows($search);
+        $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->tax_code->get_found_rows($search);
 
-		$data_rows = [];
+        $data_rows = [];
 
-		foreach($tax_codes->getResult() as $tax_code)
-		{
-			$data_rows[] = get_tax_code_data_row($tax_code);
-		}
+        foreach ($tax_codes->getResult() as $tax_code) {
+            $data_rows[] = get_tax_code_data_row($tax_code);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$data_row = get_tax_code_data_row($this->tax_code->get_info($row_id));
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_tax_code_data_row($this->tax_code->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $tax_code_id
-	 * @return void
-	 */
-	public function getView(int $tax_code_id = NEW_ENTRY): void
-	{
-		$data['tax_code_info'] = $this->tax_code->get_info($tax_code_id);
+    /**
+     * @param int $tax_code_id
+     * @return string
+     */
+    public function getView(int $tax_code_id = NEW_ENTRY): string
+    {
+        $data['tax_code_info'] = $this->tax_code->get_info($tax_code_id);
 
-		echo view("taxes/tax_code_form", $data);
-	}
+        return view("taxes/tax_code_form", $data);
+    }
 
 
-	/**
-	 * @param int $tax_code_id
-	 * @return void
-	 */
-	public function postSave(int $tax_code_id = NEW_ENTRY): void
-	{
-		$tax_code_data = [
-			'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-		];
+    /**
+     * @param int $tax_code_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $tax_code_id = NEW_ENTRY): ResponseInterface
+    {
+        $tax_code_data = [
+            'tax_code'      => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'city'          => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'state'         => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
 
-		if($this->tax_code->save($tax_code_data))
-		{
-			if($tax_code_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_codes.successful_adding'),
-					'id' => $tax_code_data['tax_code_id']
-				]);
-			}
-			else
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_codes.successful_updating'),
-					'id' => $tax_code_id
-				]);
-			}
-		}
-		else
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Tax_codes.error_adding_updating') . ' ' . $tax_code_data['tax_code_id'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->tax_code->save($tax_code_data)) {
+            if ($tax_code_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_codes.successful_adding'),
+                    'id'      => $tax_code_data['tax_code_id']
+                ]);
+            } else {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_codes.successful_updating'),
+                    'id'      => $tax_code_id
+                ]);
+            }
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Tax_codes.error_adding_updating') . ' ' . $tax_code_data['tax_code_id'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
 
-		if($this->tax_code->delete_list($tax_codes_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
-		}
-	}
+        if ($this->tax_code->delete_list($tax_codes_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/Tax_jurisdictions.php

@@ -3,139 +3,131 @@
 namespace App\Controllers;
 
 use App\Models\Tax_jurisdiction;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
 
 /**
  * @property tax_jurisdiction tax_jurisdiction
  */
 class Tax_jurisdictions extends Secure_Controller
 {
-	private Tax_jurisdiction $tax_jurisdiction;
+    private Tax_jurisdiction $tax_jurisdiction;
 
-	public function __construct()
-	{
-		parent::__construct('tax_jurisdictions');
+    public function __construct()
+    {
+        parent::__construct('tax_jurisdictions');
 
-		$this->tax_jurisdiction = model(Tax_jurisdiction::class);
+        $this->tax_jurisdiction = model(Tax_jurisdiction::class);
 
-		helper('tax_helper');
-	}
+        helper('tax_helper');
+    }
 
 
-	/**
-	 * @return void
-	 */
-	public function getIndex(): void
-	{
-		 $data['table_headers'] = get_tax_jurisdictions_table_headers();
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_tax_jurisdictions_table_headers();
 
-		 echo view('taxes/tax_jurisdictions', $data);
-	}
+        return view('taxes/tax_jurisdictions', $data);
+    }
 
-	/**
-	 * Returns tax_category table data rows. This will be called with AJAX.
-	 *
-	 * @return void
-	 */
-	public function getSearch(): void
-	{
-		$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
-		$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-		$sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-		$order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    /**
+     * Returns tax_category table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
-		$tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
-		$total_rows = $this->tax_jurisdiction->get_found_rows($search);
+        $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->tax_jurisdiction->get_found_rows($search);
 
-		$data_rows = [];
-		foreach($tax_jurisdictions->getResult() as $tax_jurisdiction)
-		{
-			$data_rows[] = get_tax_jurisdictions_data_row($tax_jurisdiction);
-		}
+        $data_rows = [];
+        foreach ($tax_jurisdictions->getResult() as $tax_jurisdiction) {
+            $data_rows[] = get_tax_jurisdictions_data_row($tax_jurisdiction);
+        }
 
-		echo json_encode (['total' => $total_rows, 'rows' => $data_rows]);
-	}
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
 
-	/**
-	 * @param int $row_id
-	 * @return void
-	 */
-	public function getRow(int $row_id): void
-	{
-		$data_row = get_tax_jurisdictions_data_row($this->tax_jurisdiction->get_info($row_id));
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_tax_jurisdictions_data_row($this->tax_jurisdiction->get_info($row_id));
 
-		echo json_encode($data_row);
-	}
+        return $this->response->setJSON($data_row);
+    }
 
-	/**
-	 * @param int $tax_jurisdiction_id
-	 * @return void
-	 */
-	public function getView(int $tax_jurisdiction_id = NEW_ENTRY): void
-	{
-		$data['tax_jurisdiction_info'] = $this->tax_jurisdiction->get_info($tax_jurisdiction_id);
+    /**
+     * @param int $tax_jurisdiction_id
+     * @return string
+     */
+    public function getView(int $tax_jurisdiction_id = NEW_ENTRY): string
+    {
+        $data['tax_jurisdiction_info'] = $this->tax_jurisdiction->get_info($tax_jurisdiction_id);
 
-		echo view("taxes/tax_jurisdiction_form", $data);
-	}
+        return view("taxes/tax_jurisdiction_form", $data);
+    }
 
 
-	/**
-	 * @param int $jurisdiction_id
-	 * @return void
-	 */
-	public function postSave(int $jurisdiction_id = NEW_ENTRY): void
-	{
-		$tax_jurisdiction_data = [
-			'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-			'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
-		];
+    /**
+     * @param int $jurisdiction_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $jurisdiction_id = NEW_ENTRY): ResponseInterface
+    {
+        $tax_jurisdiction_data = [
+            'jurisdiction_name'   => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
 
-		if($this->tax_jurisdiction->save_value($tax_jurisdiction_data))
-		{
-			if($jurisdiction_id == NEW_ENTRY)
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_jurisdictions.successful_adding'),
-					'id' => $tax_jurisdiction_data['jurisdiction_id']
-				]);
-			}
-			else
-			{
-				echo json_encode ([
-					'success' => true,
-					'message' => lang('Tax_jurisdictions.successful_updating'),
-					'id' => $jurisdiction_id
-				]);
-			}
-		}
-		else
-		{
-			echo json_encode ([
-				'success' => false,
-				'message' => lang('Tax_jurisdictions.error_adding_updating') . ' ' . $tax_jurisdiction_data['jurisdiction_name'],
-				'id' => NEW_ENTRY
-			]);
-		}
-	}
+        if ($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) {
+            if ($jurisdiction_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_jurisdictions.successful_adding'),
+                    'id'      => $tax_jurisdiction_data['jurisdiction_id']
+                ]);
+            } else {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Tax_jurisdictions.successful_updating'),
+                    'id'      => $jurisdiction_id
+                ]);
+            }
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Tax_jurisdictions.error_adding_updating') . ' ' . $tax_jurisdiction_data['jurisdiction_name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
 
-	/**
-	 * @return void
-	 */
-	public function postDelete(): void
-	{
-		$tax_jurisdictions_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $tax_jurisdictions_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
 
-		if($this->tax_jurisdiction->delete_list($tax_jurisdictions_to_delete))
-		{
-			echo json_encode ([
-				'success' => true,
-				'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple')
-			]);
-		}
-		else
-		{
-			echo json_encode (['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
-		}
-	}
+        if ($this->tax_jurisdiction->delete_list($tax_jurisdictions_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
+        }
+    }
 }

app/Controllers/index.html

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-	<title>403 Forbidden</title>
+    <title>403 Forbidden</title>
 </head>
 <body>
 

app/Database/Migrations/20170501000000_initial_schema.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Database\Migrations;
+
+use CodeIgniter\Database\Migration;
+
+class Migration_Initial_Schema extends Migration
+{
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Perform a migration step.
+     * Only runs on fresh installs - skips if database already has tables.
+     *
+     * For testing: CI4's DatabaseTestTrait with $refresh=true handles table
+     * cleanup/creation automatically. This migration only loads initial schema
+     * on fresh databases where no application tables exist.
+     */
+    public function up(): void
+    {
+        // Check if core application tables exist (existing install)
+        // Note: migrations table may exist even on fresh DB due to migration tracking
+        $tables = $this->db->listTables();
+        
+        // Check for a core application table, not just migrations table
+        foreach ($tables as $table) {
+            // Strip prefix if present for comparison
+            $tableName = str_replace($this->db->getPrefix(), '', $table);
+            if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
+                // Database already populated - skip initial schema
+                // This is an existing installation upgrading from older version
+                return;
+            }
+        }
+        
+        // Fresh install - load initial schema
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
+    }
+
+    /**
+     * Revert a migration step.
+     * Cannot revert initial schema - would lose all data.
+     */
+    public function down(): void
+    {
+        // Cannot safely revert initial schema
+        // Would require dropping all tables which would lose all data
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 0');
+        
+        foreach ($this->db->listTables() as $table) {
+            $this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
+        }
+        
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 1');
+    }
+}

app/Database/Migrations/20170501150000_upgrade_to_3_1_1.php

@@ -6,25 +6,22 @@ use CodeIgniter\Database\Migration;
 
 class Migration_Upgrade_To_3_1_1 extends Migration
 {
-	public function __construct()
-	{
-		parent::__construct();
-	}
+    public function __construct()
+    {
+        parent::__construct();
+    }
 
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.0.2_to_3.1.1.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.0.2_to_3.1.1.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20170502221506_sales_tax_data.php

@@ -13,418 +13,393 @@ use CodeIgniter\Database\ResultInterface;
  */
 class Migration_Sales_Tax_Data extends Migration
 {
-	public const ROUND_UP = 5;	//TODO: These need to be moved to constants.php
-	public const ROUND_DOWN = 6;
-	public const HALF_FIVE = 7;
-	public const YES = '1';
-	public const VAT_TAX = '0';
-	public const SALES_TAX = '1';
-	private Appconfig $appconfig;
+    public const ROUND_UP = 5;    // TODO: These need to be moved to constants.php
+    public const ROUND_DOWN = 6;
+    public const HALF_FIVE = 7;
+    public const YES = '1';
+    public const VAT_TAX = '0';
+    public const SALES_TAX = '1';
+    private Appconfig $appconfig;
 
-	public function __construct()
-	{
-		parent::__construct();
-		$this->appconfig = model(Appconfig::class);
-	}
-//TODO: we need to figure out why we get a server error when uncommented portions of this migration run
+    public function __construct()
+    {
+        parent::__construct();
+        $this->appconfig = model(Appconfig::class);
+    }
+    // TODO: we need to figure out why we get a server error when uncommented portions of this migration run
 
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$number_of_unmigrated = $this->get_count_of_unmigrated();
-		error_log("Migrating sales tax history. The number of sales that will be migrated is $number_of_unmigrated");
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        $number_of_unmigrated = $this->get_count_of_unmigrated();
+        log_message('info', "Migrating sales tax history. The number of sales that will be migrated is $number_of_unmigrated");
 
-		if($number_of_unmigrated > 0)
-		{
-			$unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
+        if ($number_of_unmigrated > 0) {
+            $unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
 
-			foreach($unmigrated_invoices as $key => $unmigrated_invoice)
-			{
-				$this->upgrade_tax_history_for_sale($unmigrated_invoice['sale_id']);
-			}
-		}
+            foreach ($unmigrated_invoices as $key => $unmigrated_invoice) {
+                $this->upgrade_tax_history_for_sale($unmigrated_invoice['sale_id']);
+            }
+        }
 
-		error_log('Migrating sales tax history. The number of sales that will be migrated is finished.');
-	}
+        log_message('info', 'Migrating sales tax history. The number of sales that will be migrated is finished.');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 
-	/**
-	 * @param int $sale_id
-	 * @return void
-	 */
-	private function upgrade_tax_history_for_sale(int $sale_id): void
-	{
-		$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
-		$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
-		$customer_sales_tax_support = false;
+    /**
+     * @param int $sale_id
+     * @return void
+     */
+    private function upgrade_tax_history_for_sale(int $sale_id): void
+    {
+        $tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
+        $tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
+        $customer_sales_tax_support = false;
 
-		if($tax_included)	//TODO: Convert to ternary notation.
-		{
-			$tax_type = Migration_Sales_Tax_Data::VAT_TAX;
-		}
-		else
-		{
-			$tax_type = Migration_Sales_Tax_Data::SALES_TAX;
-		}
+        if ($tax_included) {    // TODO: Convert to ternary notation.
+            $tax_type = Migration_Sales_Tax_Data::VAT_TAX;
+        } else {
+            $tax_type = Migration_Sales_Tax_Data::SALES_TAX;
+        }
 
-		$sales_taxes = [];
-		$tax_group_sequence = 0;
-		$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
+        $sales_taxes = [];
+        $tax_group_sequence = 0;
+        $items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
 
-		foreach($items as $item)
-		{
-			// This computes tax for each line item and adds it to the tax type total
-			$tax_group = (float)$item['percent'] . '% ' . $item['name'];
-			$tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], true);
+        foreach ($items as $item) {
+            // This computes tax for each line item and adds it to the tax type total
+            $tax_group = (float)$item['percent'] . '% ' . $item['name'];
+            $tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], true);
 
-			$item_tax_amount = $tax_included
-				? $this->get_item_tax($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], $item['percent'])
-				: $this->get_sales_tax_for_amount($tax_basis, $item['percent'], PHP_ROUND_HALF_UP, $tax_decimals);
+            $item_tax_amount = $tax_included
+                ? $this->get_item_tax($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], $item['percent'])
+                : $this->get_sales_tax_for_amount($tax_basis, $item['percent'], PHP_ROUND_HALF_UP, $tax_decimals);
 
-			$this->update_sales_items_taxes_amount($sale_id, $item['line'], $item['name'], $item['percent'], $tax_type, $item_tax_amount);
-			$this->update_sales_taxes($sales_taxes, $tax_type, $tax_group, $item['percent'], $tax_basis, $item_tax_amount, $tax_group_sequence, PHP_ROUND_HALF_UP, $sale_id, $item['name']);
-			$tax_group_sequence++;
-		}
-		//Not sure when this would ever kick in, but this is technically the correct logic.
-		if($customer_sales_tax_support)	//TODO: This will always evaluate to false
-		{
-			$this->apply_invoice_taxing($sales_taxes);
-		}
+            $this->update_sales_items_taxes_amount($sale_id, $item['line'], $item['name'], $item['percent'], $tax_type, $item_tax_amount);
+            $this->update_sales_taxes($sales_taxes, $tax_type, $tax_group, $item['percent'], $tax_basis, $item_tax_amount, $tax_group_sequence, PHP_ROUND_HALF_UP, $sale_id, $item['name']);
+            $tax_group_sequence++;
+        }
+        // Not sure when this would ever kick in, but this is technically the correct logic
+        if ($customer_sales_tax_support) {    // TODO: This will always evaluate to false
+            $this->apply_invoice_taxing($sales_taxes);
+        }
 
-		$this->round_sales_taxes($sales_taxes);
-		$this->save_sales_tax($sales_taxes);
-	}
+        $this->round_sales_taxes($sales_taxes);
+        $this->save_sales_tax($sales_taxes);
+    }
 
-	/**
-	 * @param int $block_count
-	 * @return ResultInterface
-	 */
-	private function get_unmigrated(int $block_count): ResultInterface
-	{
-		$builder = $this->db->table('sales_items_taxes as SIT');
-		$builder->select('SIT.sale_id');
-		$builder->select('ST.sale_id as sales_taxes_sale_id');
-		$builder->join('sales_taxes as ST','SIT.sale_id = ST.sale_id', 'left');
-		$builder->where('ST.sale_id', null);
-		$builder->groupBy('SIT.sale_id');
-		$builder->groupBy('ST.sale_id');
-		$builder->orderBy('SIT.sale_id');
-		$builder->limit($block_count);
+    /**
+     * @param int $block_count
+     * @return ResultInterface
+     */
+    private function get_unmigrated(int $block_count): ResultInterface
+    {
+        $builder = $this->db->table('sales_items_taxes as SIT');
+        $builder->select('SIT.sale_id');
+        $builder->select('ST.sale_id as sales_taxes_sale_id');
+        $builder->join('sales_taxes as ST', 'SIT.sale_id = ST.sale_id', 'left');
+        $builder->where('ST.sale_id', null);
+        $builder->groupBy('SIT.sale_id');
+        $builder->groupBy('ST.sale_id');
+        $builder->orderBy('SIT.sale_id');
+        $builder->limit($block_count);
 
-		return $builder->get();
-	}
+        return $builder->get();
+    }
 
-	/**
-	 * @param int $sale_id
-	 * @return ResultInterface
-	 */
-	private function get_sale_items_for_migration(int $sale_id): ResultInterface
-	{
-		$builder = $this->db->table('sales_items as sales_items');
-		$builder->select('sales_items.sale_id as sale_id');
-		$builder->select('sales_items.line as line');
-		$builder->select('item_unit_price');
-		$builder->select('discount_percent');
-		$builder->select('quantity_purchased');
-		$builder->select('percent');
-		$builder->select('name');
-		$builder->join('sales_items_taxes as sales_items_taxes', 'sales_items.sale_id = sales_items_taxes.sale_id and sales_items.line = sales_items_taxes.line');
-		$builder->where('sales_items.sale_id', $sale_id);
+    /**
+     * @param int $sale_id
+     * @return ResultInterface
+     */
+    private function get_sale_items_for_migration(int $sale_id): ResultInterface
+    {
+        $builder = $this->db->table('sales_items as sales_items');
+        $builder->select('sales_items.sale_id as sale_id');
+        $builder->select('sales_items.line as line');
+        $builder->select('item_unit_price');
+        $builder->select('discount_percent');
+        $builder->select('quantity_purchased');
+        $builder->select('percent');
+        $builder->select('name');
+        $builder->join('sales_items_taxes as sales_items_taxes', 'sales_items.sale_id = sales_items_taxes.sale_id and sales_items.line = sales_items_taxes.line');
+        $builder->where('sales_items.sale_id', $sale_id);
 
-		return $builder->get();
-	}
+        return $builder->get();
+    }
 
-	/**
-	 * @return int
-	 */
-	private function get_count_of_unmigrated(): int
-	{
-		$result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
-			. $this->db->prefixTable('sales_items_taxes')
-			. ' as SIT LEFT JOIN '
-			. $this->db->prefixTable('sales_taxes')
-			. ' as ST ON SIT.sale_id = ST.sale_id WHERE ST.sale_id is null GROUP BY SIT.sale_id, ST.sale_id'
-			. ' ORDER BY SIT.sale_id) as US')->getResultArray();
-		return $result[0]['COUNT(*)'];
-	}
+    /**
+     * @return int
+     */
+    private function get_count_of_unmigrated(): int
+    {
+        $result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
+            . $this->db->prefixTable('sales_items_taxes')
+            . ' as SIT LEFT JOIN '
+            . $this->db->prefixTable('sales_taxes')
+            . ' as ST ON SIT.sale_id = ST.sale_id WHERE ST.sale_id is null GROUP BY SIT.sale_id, ST.sale_id'
+            . ' ORDER BY SIT.sale_id) as US')->getResultArray();
 
-	/**
-	 * @param int $sale_id
-	 * @param int $line
-	 * @param string $name
-	 * @param float $percent
-	 * @param int $tax_type
-	 * @param float $item_tax_amount
-	 * @return void
-	 */
-	private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
-	{
-		$builder = $this->db->table('sales_items_taxes');
-		$builder->where('sale_id', $sale_id);
-		$builder->where('line', $line);
-		$builder->where('name', $name);
-		$builder->where('percent', $percent);
-		$builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
-	}
+        if (!$result) {
+            log_message('info', 'Database error in 20170502221506_sales_tax_data.php related to sales_taxes or sales_items_taxes.');
+            return 0;
+        }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	private function save_sales_tax(array &$sales_taxes): void
-	{
-		$builder = $this->db->Table('sales_taxes');
+        return $result[0]['COUNT(*)'] ?: 0;
+    }
 
-		foreach($sales_taxes as $line => $sales_tax)
-		{
-			$builder->insert($sales_tax);
-		}
-	}
+    /**
+     * @param int $sale_id
+     * @param int $line
+     * @param string $name
+     * @param float $percent
+     * @param int $tax_type
+     * @param float $item_tax_amount
+     * @return void
+     */
+    private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
+    {
+        $builder = $this->db->table('sales_items_taxes');
+        $builder->where('sale_id', $sale_id);
+        $builder->where('line', $line);
+        $builder->where('name', $name);
+        $builder->where('percent', $percent);
+        $builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
+    }
 
-	/**
-	 * @param string $quantity
-	 * @param string $price
-	 * @param string $discount_percentage
-	 * @param bool $include_discount
-	 * @return string
-	 */
-	public function get_item_total(string $quantity, string $price, string $discount_percentage, bool $include_discount = false): string
-	{
-		$total = bcmul($quantity, $price);
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    private function save_sales_tax(array &$sales_taxes): void
+    {
+        $builder = $this->db->Table('sales_taxes');
 
-		if($include_discount)
-		{
-			$discount_amount = $this->get_item_discount($quantity, $price, $discount_percentage);
-			return bcsub($total, $discount_amount);
-		}
+        foreach ($sales_taxes as $line => $sales_tax) {
+            $builder->insert($sales_tax);
+        }
+    }
 
-		return $total;
-	}
+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount_percentage
+     * @param bool $include_discount
+     * @return string
+     */
+    public function get_item_total(string $quantity, string $price, string $discount_percentage, bool $include_discount = false): string
+    {
+        $total = bcmul($quantity, $price);
 
-	/**
-	 * @param string $quantity
-	 * @param string $price
-	 * @param string $discount
-	 * @return float
-	 */
-	public function get_item_discount(string $quantity, string $price, string $discount): float
-	{
-		$total = bcmul($quantity, $price);
-		$discount_fraction = bcdiv($discount, 100);
-		$discount = bcmul($total, $discount_fraction);
+        if ($include_discount) {
+            $discount_amount = $this->get_item_discount($quantity, $price, $discount_percentage);
+            return bcsub($total, $discount_amount);
+        }
 
-		return round($discount, totals_decimals(), PHP_ROUND_HALF_UP);	//TODO: I don't think this is currency safe.  Round will cast it's first parameter to a float. It also returns a float.
-	}
+        return $total;
+    }
 
-	/**
-	 * @param string $quantity
-	 * @param string $price
-	 * @param string $discount_percentage
-	 * @param string $tax_percentage
-	 * @return string
-	 */
-	public function get_item_tax(string $quantity, string $price, string $discount_percentage, string $tax_percentage): string
-	{
-		$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount
+     * @return float
+     */
+    public function get_item_discount(string $quantity, string $price, string $discount): float
+    {
+        $total = bcmul($quantity, $price);
+        $discount_fraction = bcdiv($discount, 100);
+        $discount = bcmul($total, $discount_fraction);
 
-		$price = $this->get_item_total($quantity, $price, $discount_percentage, true);
+        return round($discount, totals_decimals(), PHP_ROUND_HALF_UP);    // TODO: I don't think this is currency safe.  Round will cast it's first parameter to a float. It also returns a float.
+    }
 
-		if($tax_included)
-		{
-			$tax_fraction = bcadd('100', $tax_percentage);
-			$tax_fraction = bcdiv($tax_fraction, '100');
-			$price_tax_excl = bcdiv($price, $tax_fraction);
+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount_percentage
+     * @param string $tax_percentage
+     * @return string
+     */
+    public function get_item_tax(string $quantity, string $price, string $discount_percentage, string $tax_percentage): string
+    {
+        $tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
 
-			return bcsub($price, $price_tax_excl);
-		}
-		$tax_fraction = bcdiv($tax_percentage, '100');
+        $price = $this->get_item_total($quantity, $price, $discount_percentage, true);
 
-		return bcmul($price, $tax_fraction);
-	}
+        if ($tax_included) {
+            $tax_fraction = bcadd('100', $tax_percentage);
+            $tax_fraction = bcdiv($tax_fraction, '100');
+            $price_tax_excl = bcdiv($price, $tax_fraction);
 
-	/**
-	 * @param string $tax_basis
-	 * @param string $tax_percentage
-	 * @param int $rounding_mode
-	 * @param int $decimals
-	 * @return float
-	 */
-	public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float
-	{
-		$tax_fraction = bcdiv($tax_percentage, '100');
-		$tax_amount = bcmul($tax_basis, $tax_fraction);
+            return bcsub($price, $price_tax_excl);
+        }
+        $tax_fraction = bcdiv($tax_percentage, '100');
 
-		return $this->round_number($rounding_mode, $tax_amount, $decimals);
-	}
+        return bcmul($price, $tax_fraction);
+    }
 
-	/**
-	 * @param int $rounding_mode
-	 * @param string $amount
-	 * @param int $decimals
-	 * @return float
-	 */
-	public function round_number(int $rounding_mode, string $amount, int $decimals): float
-	{
-		if($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP)
-		{
-			$fig = pow(10,$decimals);
-			$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount)))/$fig;
-		}
-		elseif($rounding_mode == Migration_Sales_Tax_Data::ROUND_DOWN)
-		{
-			$fig = pow(10,$decimals);
-			$rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount)))/$fig;
-		}
-		elseif($rounding_mode == Migration_Sales_Tax_Data::HALF_FIVE)
-		{
-			$rounded_total = round($amount / 5) * 5;
-		}
-		else
-		{
-			$rounded_total = round($amount, $decimals, $rounding_mode);
-		}
+    /**
+     * @param string $tax_basis
+     * @param string $tax_percentage
+     * @param int $rounding_mode
+     * @param int $decimals
+     * @return float
+     */
+    public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float
+    {
+        $tax_fraction = bcdiv($tax_percentage, '100');
+        $tax_amount = bcmul($tax_basis, $tax_fraction);
 
-		return $rounded_total;	//TODO: I don't think this is currency safe.  I think we need to be using bcmath() functions like we are in the rest of the code.
-	}
+        return $this->round_number($rounding_mode, $tax_amount, $decimals);
+    }
 
-	/**
-	 * @param array $sales_taxes
-	 * @param string $tax_type
-	 * @param string $tax_group
-	 * @param float $tax_rate
-	 * @param string $tax_basis
-	 * @param string $item_tax_amount
-	 * @param int $tax_group_sequence
-	 * @param int $rounding_code
-	 * @param int $sale_id
-	 * @param string $name
-	 * @param string $tax_code
-	 * @return void
-	 */
-	public function update_sales_taxes(array &$sales_taxes, string $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
-	{
-		$tax_group_index = $this->clean('X'.$tax_group);
-		if(!array_key_exists($tax_group_index, $sales_taxes))
-		{
-			$insertkey = $tax_group_index;	//TODO: $insertkey does not follow naming conventions.
-			$sales_tax = [
-				$insertkey => [
-					'sale_id' => $sale_id,
-					'tax_type' => $tax_type,
-					'tax_group' => $tax_group,
-					'sale_tax_basis' => $tax_basis,
-					'sale_tax_amount' => $item_tax_amount,
-					'print_sequence' => $tax_group_sequence,
-					'name' => $name,
-					'tax_rate' => $tax_rate,
-					'sales_tax_code' => $tax_code,
-					'rounding_code' => $rounding_code
-				]
-			];
-			//add to existing array
-			$sales_taxes += $sales_tax;
-		}
-		else
-		{
-			// Important ... the sales amounts are accumulated for the group at the maximum configurable scale value of 4
-			// but the scale will in reality be the scale specified by the tax_decimal configuration value used for sales_items_taxes
-			$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
-			$sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
-		}
-	}
+    /**
+     * @param int $rounding_mode
+     * @param string $amount
+     * @param int $decimals
+     * @return float
+     */
+    public function round_number(int $rounding_mode, string $amount, int $decimals): float
+    {
+        $amount = (float)$amount;
 
-	/**
-	 * @param string $string
-	 * @return string
-	 */
-	public function clean(string $string): string	//TODO: $string is not a good name for this variable
-	{
-		$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
+        if ($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP) {
+            $fig = pow(10, $decimals);
+            $rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
+        } elseif ($rounding_mode == Migration_Sales_Tax_Data::ROUND_DOWN) {
+            $fig = pow(10, $decimals);
+            $rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount))) / $fig;
+        } elseif ($rounding_mode == Migration_Sales_Tax_Data::HALF_FIVE) {
+            $rounded_total = round($amount / 5) * 5;
+        } else {
+            $rounded_total = round($amount, $decimals, $rounding_mode);
+        }
 
-		return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
-	}
+        return $rounded_total;    // TODO: I don't think this is currency safe.  I think we need to be using bcmath() functions like we are in the rest of the code.
+    }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	public function apply_invoice_taxing(array &$sales_taxes): void
-	{
-		if(!empty($sales_taxes))	//TODO: Duplicated code
-		{
-			$sort = [];
+    /**
+     * @param array $sales_taxes
+     * @param string $tax_type
+     * @param string $tax_group
+     * @param float $tax_rate
+     * @param string $tax_basis
+     * @param string $item_tax_amount
+     * @param int $tax_group_sequence
+     * @param int $rounding_code
+     * @param int $sale_id
+     * @param string $name
+     * @param string $tax_code
+     * @return void
+     */
+    public function update_sales_taxes(array &$sales_taxes, string $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
+    {
+        $tax_group_index = $this->clean('X' . $tax_group);
+        if (!array_key_exists($tax_group_index, $sales_taxes)) {
+            $insertkey = $tax_group_index;    // TODO: $insertkey does not follow naming conventions.
+            $sales_tax = [
+                $insertkey => [
+                    'sale_id'         => $sale_id,
+                    'tax_type'        => $tax_type,
+                    'tax_group'       => $tax_group,
+                    'sale_tax_basis'  => $tax_basis,
+                    'sale_tax_amount' => $item_tax_amount,
+                    'print_sequence'  => $tax_group_sequence,
+                    'name'            => $name,
+                    'tax_rate'        => $tax_rate,
+                    'sales_tax_code'  => $tax_code,
+                    'rounding_code'   => $rounding_code
+                ]
+            ];
+            // Add to existing array
+            $sales_taxes += $sales_tax;
+        } else {
+            // Important: the sales amounts are accumulated for the group at the maximum configurable scale value of 4
+            // but the scale will in reality be the scale specified by the tax_decimal configuration value used for sales_items_taxes
+            $sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
+            $sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
+        }
+    }
 
-			foreach($sales_taxes as $key => $value)
-			{
-				$sort['print_sequence'][$key] = $value['print_sequence'];
-			}
+    /**
+     * @param string $string
+     * @return string
+     */
+    public function clean(string $string): string    // TODO: $string is not a good name for this variable
+    {
+        $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
 
-			array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
-		}
+        return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
+    }
 
-		$decimals = totals_decimals();
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    public function apply_invoice_taxing(array &$sales_taxes): void
+    {
+        if (!empty($sales_taxes)) {    // TODO: Duplicated code
+            $sort = [];
 
-		foreach($sales_taxes as $row_number => $sales_tax)
-		{
-			$sales_taxes[$row_number]['sale_tax_amount'] = $this->get_sales_tax_for_amount($sales_tax['sale_tax_basis'], $sales_tax['tax_rate'], $sales_tax['rounding_code'], $decimals);
-		}
-	}
+            foreach ($sales_taxes as $key => $value) {
+                $sort['print_sequence'][$key] = $value['print_sequence'];
+            }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	public function round_sales_taxes(array &$sales_taxes): void
-	{
-		if(!empty($sales_taxes))
-		{
-			$sort = [];
-			foreach($sales_taxes as $k=>$v)
-			{
-				$sort['print_sequence'][$k] = $v['print_sequence'];
-			}
-			array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
-		}
+            array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
+        }
 
-		$decimals = totals_decimals();
+        $decimals = totals_decimals();
 
-		foreach($sales_taxes as $row_number => $sales_tax)
-		{
-			$sale_tax_amount = $sales_tax['sale_tax_amount'];
-			$rounding_code = $sales_tax['rounding_code'];
-			$rounded_sale_tax_amount = $sale_tax_amount;
+        foreach ($sales_taxes as $row_number => $sales_tax) {
+            $sales_taxes[$row_number]['sale_tax_amount'] = $this->get_sales_tax_for_amount($sales_tax['sale_tax_basis'], $sales_tax['tax_rate'], $sales_tax['rounding_code'], $decimals);
+        }
+    }
 
-			if ($rounding_code == PHP_ROUND_HALF_UP
-				|| $rounding_code == PHP_ROUND_HALF_DOWN
-				|| $rounding_code == PHP_ROUND_HALF_EVEN
-				|| $rounding_code == PHP_ROUND_HALF_ODD)
-			{
-				$rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
-			}
-			elseif($rounding_code == Migration_Sales_Tax_Data::ROUND_UP)
-			{
-				$fig = (int) str_pad('1', $decimals, '0');
-				$rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
-			}
-			elseif($rounding_code == Migration_Sales_Tax_Data::ROUND_DOWN)
-			{
-				$fig = (int) str_pad('1', $decimals, '0');
-				$rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
-			}
-			elseif($rounding_code == Migration_Sales_Tax_Data::HALF_FIVE)
-			{
-				$rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
-			}
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    public function round_sales_taxes(array &$sales_taxes): void
+    {
+        if (!empty($sales_taxes)) {
+            $sort = [];
+            foreach ($sales_taxes as $k => $v) {
+                $sort['print_sequence'][$k] = $v['print_sequence'];
+            }
+            array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
+        }
 
-			$sales_taxes[$row_number]['sale_tax_amount'] = $rounded_sale_tax_amount;
-		}
-	}
+        $decimals = totals_decimals();
+
+        foreach ($sales_taxes as $row_number => $sales_tax) {
+            $sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
+            $rounding_code = $sales_tax['rounding_code'];
+            $rounded_sale_tax_amount = $sale_tax_amount;
+
+            if (
+                $rounding_code == PHP_ROUND_HALF_UP
+                || $rounding_code == PHP_ROUND_HALF_DOWN
+                || $rounding_code == PHP_ROUND_HALF_EVEN
+                || $rounding_code == PHP_ROUND_HALF_ODD
+            ) {
+                $rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_UP) {
+                $fig = (int) str_pad('1', $decimals, '0');
+                $rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_DOWN) {
+                $fig = (int) str_pad('1', $decimals, '0');
+                $rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
+            } elseif ($rounding_code == Migration_Sales_Tax_Data::HALF_FIVE) {
+                $rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
+            }
+
+            $sales_taxes[$row_number]['sale_tax_amount'] = $rounded_sale_tax_amount;
+        }
+    }
 }

app/Database/Migrations/20180225100000_upgrade_to_3_2_0.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_Upgrade_To_3_2_0 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.1.1_to_3.2.0.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.1.1_to_3.2.0.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20180501100000_upgrade_to_3_2_1.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_Upgrade_To_3_2_1 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.2.0_to_3.2.1.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.2.0_to_3.2.1.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20181015100000_attributes.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_Attributes extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_attributes.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_attributes.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190111270000_upgrade_to_3_3_0.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_Upgrade_To_3_3_0 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.2.1_to_3.3.0.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.2.1_to_3.3.0.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190129212600_indiagst.php

@@ -6,169 +6,159 @@ use CodeIgniter\Database\Migration;
 
 class Migration_IndiaGST extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		if(!$this->db->fieldExists('sales_tax_code', 'customers'))
-		{
-			return;
-		}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        if (!$this->db->fieldExists('sales_tax_code', 'customers')) {
+            return;
+        }
 
-		// If number of entries is greater than zero then the tax data needs to be migrated
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst.sql');
+        // If number of entries is greater than zero then the tax data needs to be migrated
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst.sql');
 
-		error_log('Migrating tax configuration');
+        $count_of_tax_codes = $this->get_count_of_tax_code_entries();
 
-		$count_of_tax_codes = $this->get_count_of_tax_code_entries();
+        if ($count_of_tax_codes > 0) {
+            $this->migrate_tax_code_data();
+        }
 
-		if($count_of_tax_codes > 0)
-		{
-			$this->migrate_tax_code_data();
-		}
+        $this->migrate_customer_tax_codes();
 
-		$this->migrate_customer_tax_codes();
+        $count_of_rate_entries = $this->get_count_of_rate_entries();
 
-		$count_of_rate_entries = $this->get_count_of_rate_entries();
+        if ($count_of_rate_entries > 0) {
+            $this->migrate_tax_rates();
+        }
 
-		if($count_of_rate_entries > 0)
-		{
-			$this->migrate_tax_rates();
-		}
+        $count_of_sales_taxes_entries = $this->get_count_of_sales_taxes_entries();
 
-		$count_of_sales_taxes_entries = $this->get_count_of_sales_taxes_entries();
+        if ($count_of_sales_taxes_entries > 0) {
+            $this->migrate_sales_taxes_data();
+        }
 
-		if($count_of_sales_taxes_entries > 0)
-		{
-			$this->migrate_sales_taxes_data();
-		}
+        $this->drop_backups();
+    }
 
-		$this->drop_backups();
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 
-		error_log('Migrating tax configuration completed');
-	}
+    /**
+     * @return int
+     */
+    private function get_count_of_tax_code_entries(): int
+    {
+        $builder = $this->db->table('tax_codes_backup');
+        $builder->select('COUNT(*) as count');
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-	}
+        return $builder->get()->getRow()->count;
+    }
 
-	/**
-	 * @return int
-	 */
-	private function get_count_of_tax_code_entries(): int
-	{
-		$builder = $this->db->table('tax_codes_backup');
-		$builder->select('COUNT(*) as count');
+    /**
+     * @return int
+     */
+    private function get_count_of_sales_taxes_entries(): int
+    {
+        $builder = $this->db->table('sales_taxes_backup');
+        $builder->select('COUNT(*) as count');
 
-		return $builder->get()->getRow()->count;
-	}
+        return $builder->get()->getRow()->count;
+    }
 
-	/**
-	 * @return int
-	 */
-	private function get_count_of_sales_taxes_entries(): int
-	{
-		$builder = $this->db->table('sales_taxes_backup');
-		$builder->select('COUNT(*) as count');
+    /**
+     * @return int
+     */
+    private function get_count_of_rate_entries(): int
+    {
+        $builder = $this->db->table('tax_code_rates_backup');
+        $builder->select('COUNT(*) as count');
 
-		return $builder->get()->getRow()->count;
-	}
+        return $builder->get()->getRow()->count;
+    }
 
-	/**
-	 * @return int
-	 */
-	private function get_count_of_rate_entries(): int
-	{
-		$builder = $this->db->table('tax_code_rates_backup');
-		$builder->select('COUNT(*) as count');
+    /**
+     *  This copies the old tax code configuration into the new tax code configuration
+     *  assigning a tax_code_id id to the entry  This only needs to be done if there are
+     *  tax codes in the table.
+     *
+     * @return void
+     */
+    private function migrate_tax_code_data(): void
+    {
+        $this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_codes') . ' (tax_code, tax_code_name, city, state)
+            SELECT tax_code, tax_code_name, city, state FROM ' . $this->db->prefixTable('tax_codes_backup'));
+    }
 
-		return $builder->get()->getRow()->count;
-	}
+    /**
+     *  The previous upgrade script added the new column to the customers table.
+     *  This will assign a tax code id using the tax code field that was left in place on the customer table.
+     *  After it is complete then it will drop the old customer tax code.
+     *  This MUST run so that the old tax code is dropped
+     *
+     * @return void
+     */
+    private function migrate_customer_tax_codes(): void
+    {
+        $this->db->query('UPDATE ' . $this->db->prefixTable('customers') . ' AS  fa SET fa.sales_tax_code_id = (
+            SELECT tax_code_id FROM ' . $this->db->prefixTable('tax_codes') . ' AS fb where fa.sales_tax_code = fb.tax_code)');
 
-	/**
-	 *  This copies the old tax code configuration into the new tax code configuration
-	 *  assigning a tax_code_id id to the entry  This only needs to be done if there are
-	 *  tax codes in the table.
-	 *
-	 * @return void
-	 */
-	private function migrate_tax_code_data(): void
-	{
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_codes') . ' (tax_code, tax_code_name, city, state)
-			SELECT tax_code, tax_code_name, city, state FROM ' . $this->db->prefixTable('tax_codes_backup'));
-	}
+        $this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' DROP COLUMN sales_tax_code');
+    }
 
-	/**
-	 *  The previous upgrade script added the new column to the customers table.
-	 *  This will assign a tax code id using the tax code field that was left in place on the customer table.
-	 *  After it is complete then it will drop the old customer tax code.
-	 *  This MUST run so that the old tax code is dropped
-	 *
-	 * @return void
-	 */
-	private function migrate_customer_tax_codes(): void
-	{
-		$this->db->query('UPDATE ' . $this->db->prefixTable('customers') . ' AS  fa SET fa.sales_tax_code_id = (
-			SELECT tax_code_id FROM ' . $this->db->prefixTable('tax_codes') . ' AS fb where fa.sales_tax_code = fb.tax_code)');
+    /**
+     * The sales taxes table is undergoing a significant primary key change
+     * The new table assumes that sales taxes are associated with a jurisdiction
+     * For base taxes and the older tax system the tax jurisdiction code table will be
+     * initialized with an entry that is used to represent a dummy or consolidated jurisdiction.
+     * If there is only one tax jurisdiction then it can be renamed and life moves on.
+     * If the user wants to start reporting taxes by jurisdiction then the new jurisdictions need
+     * to be created and defined manually AFTER the upgrade.
+     * CONVERTING OLD TAX DATA TO BE SPLIT OUT BY JURISDICTION IS BEYOND THE SCOPE OF THIS EFFORT
+     */
+    private function migrate_sales_taxes_data(): void
+    {
+        $this->db->query('INSERT INTO ' . $this->db->prefixTable('sales_taxes')
+            . ' (sale_id, jurisdiction_id, tax_category_id, tax_type, tax_group, sale_tax_basis, sale_tax_amount, print_sequence, '
+            . '`name`, tax_rate, sales_tax_code_id, rounding_code) '
+            . 'select sale_id, rate_jurisdiction_id, rate_tax_category_id, tax_type, tax_group, sale_tax_basis, sale_tax_amount, '
+            . 'print_sequence, `name`, A.tax_rate, tax_code_id, rounding_code '
+            . 'from ' . $this->db->prefixTable('sales_taxes_backup') . ' AS A '
+            . 'left outer join ' . $this->db->prefixTable('tax_codes') . ' AS B on sales_tax_code = tax_code '
+            . 'left outer join ' . $this->db->prefixTable('tax_rates') . ' AS C on tax_code_id = rate_tax_code_id and A.tax_rate = C.tax_rate '
+            . 'order by sale_id');
+    }
 
-		$this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' DROP COLUMN sales_tax_code');
-	}
+    /**
+     * @return void
+     */
+    private function migrate_tax_rates(): void
+    {
+        // Create a dummy jurisdiction record and retrieve the jurisdiction rate id
 
-	/**
-	 * The sales taxes table is undergoing a significant primary key change
-	 * The new table assumes that sales taxes are associated with a jurisdiction
-	 * For base taxes and the older tax system the tax jurisdiction code table will be
-	 * initialized with an entry that is used to represent a dummy or consolidated jurisdiction.
-	 * If there is only one tax jurisdiction then it can be renamed and life moves on.
-	 * If the user wants to start reporting taxes by jurisdiction then the new jurisdictions need
-	 * to be created and defined manually AFTER the upgrade.
-	 * CONVERTING OLD TAX DATA TO BE SPLIT OUT BY JURISDICTION IS BEYOND THE SCOPE OF THIS EFFORT
-	 */
-	private function migrate_sales_taxes_data(): void
-	{
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('sales_taxes')
-			. ' (sale_id, jurisdiction_id, tax_category_id, tax_type, tax_group, sale_tax_basis, sale_tax_amount, print_sequence, '
-			. '`name`, tax_rate, sales_tax_code_id, rounding_code) '
-			. 'select sale_id, rate_jurisdiction_id, rate_tax_category_id, tax_type, tax_group, sale_tax_basis, sale_tax_amount, '
-			. 'print_sequence, `name`, A.tax_rate, tax_code_id, rounding_code '
-			. 'from ' . $this->db->prefixTable('sales_taxes_backup') . ' AS A '
-			. 'left outer join ' . $this->db->prefixTable('tax_codes') . ' AS B on sales_tax_code = tax_code '
-			. 'left outer join ' . $this->db->prefixTable('tax_rates') . ' AS C on tax_code_id = rate_tax_code_id and A.tax_rate = C.tax_rate '
-			. 'order by sale_id');
-	}
+        $this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_jurisdictions') . ' (jurisdiction_name, tax_group, tax_type, reporting_authority, '
+            . "tax_group_sequence, cascade_sequence, deleted)  VALUES ('Jurisdiction1', 'TaxGroup1', '1', 'Authority1', 1, 0, '0')");
 
-	/**
-	 * @return void
-	 */
-	private function migrate_tax_rates(): void
-	{
-		// create a dummy jurisdiction record and retrieve the jurisdiction rate id
+        $jurisdiction_id = $this->db->query('SELECT jurisdiction_id FROM ' . $this->db->prefixTable('tax_jurisdictions') . " WHERE jurisdiction_name = 'Jurisdiction1'")->getRow()->jurisdiction_id;
 
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_jurisdictions') . ' (jurisdiction_name, tax_group, tax_type, reporting_authority, '
-		. "tax_group_sequence, cascade_sequence, deleted)  VALUES ('Jurisdiction1', 'TaxGroup1', '1', 'Authority1', 1, 0, '0')");
+        // Insert old tax_code rates data into the new tax rates table
+        $this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_rates')
+            . ' (rate_tax_category_id, rate_jurisdiction_id, rate_tax_code_id, tax_rate, tax_rounding_code) '
+            . 'SELECT rate_tax_category_id, ' . $jurisdiction_id . ', tax_code_id, tax_rate, rounding_code FROM '
+            . $this->db->prefixTable('tax_code_rates_backup') . ' JOIN ' . $this->db->prefixTable('tax_codes')
+            . ' ON tax_code = rate_tax_code');
+    }
 
-		$jurisdiction_id = $this->db->query('SELECT jurisdiction_id FROM ' . $this->db->prefixTable('tax_jurisdictions') . " WHERE jurisdiction_name = 'Jurisdiction1'")->getRow()->jurisdiction_id;
-
-		// Insert old tax_code rates data into the new tax rates table
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('tax_rates')
-			. ' (rate_tax_category_id, rate_jurisdiction_id, rate_tax_code_id, tax_rate, tax_rounding_code) '
-			. 'SELECT rate_tax_category_id, ' . $jurisdiction_id . ', tax_code_id, tax_rate, rounding_code FROM '
-			. $this->db->prefixTable('tax_code_rates_backup') . ' JOIN ' . $this->db->prefixTable('tax_codes')
-			. ' ON tax_code = rate_tax_code');
-	}
-
-	/**
-	 * @return void
-	 */
-	private function drop_backups(): void
-	{
-		$this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_codes_backup'));
-		$this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('sales_taxes_backup'));
-		$this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_code_rates_backup'));
-	}
+    /**
+     * @return void
+     */
+    private function drop_backups(): void
+    {
+        $this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_codes_backup'));
+        $this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('sales_taxes_backup'));
+        $this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_code_rates_backup'));
+    }
 }

app/Database/Migrations/20190213210000_indiagst1.php

@@ -6,24 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_IndiaGST1 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst1.sql');
-
-		error_log('Fix definition of Supplier.Tax Id');
-
-		error_log('Definition of Supplier.Tax Id corrected');
-	}
-
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst1.sql');
+    }
 
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190220210000_indiagst2.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_IndiaGST2 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst2.sql');
-	}
-
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst2.sql');
+    }
 
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190301124900_decimal_attribute_type.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_decimal_attribute_type extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_decimal_attribute_type.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_decimal_attribute_type.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190317102600_add_iso_4217.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_add_iso_4217 extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_add_iso_4217.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_add_iso_4217.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190427100000_paymenttracking.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_PaymentTracking extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_paymenttracking.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_paymenttracking.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190502100000_refundtracking.php

@@ -6,108 +6,111 @@ use CodeIgniter\Database\Migration;
 
 class Migration_RefundTracking extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper(['migration', 'locale']);
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_refundtracking.sql');
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper(['migration', 'locale']);
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_refundtracking.sql');
 
-		// Add missing cash_refund amounts to payments table
-		$decimals = totals_decimals();
+        // Add missing cash_refund amounts to payments table
+        $decimals = totals_decimals();
 
-		$trans_amount = 'ROUND(SUM(CASE WHEN sales_items.discount_type = ' . PERCENT
-			. ' THEN sales_items.item_unit_price * sales_items.quantity_purchased * (1 - sales_items.discount / 100) '
-			. 'ELSE sales_items.item_unit_price * sales_items.quantity_purchased - sales_items.discount END), ' . $decimals . ') AS trans_amount';
+        $trans_amount = 'ROUND(SUM(CASE WHEN sales_items.discount_type = ' . PERCENT
+            . ' THEN sales_items.item_unit_price * sales_items.quantity_purchased * (1 - sales_items.discount / 100) '
+            . 'ELSE sales_items.item_unit_price * sales_items.quantity_purchased - sales_items.discount END), ' . $decimals . ') AS trans_amount';
 
-		$cash_payment = lang('Sales.cash');
+        $cash_payment = lang('Sales.cash');
 
-		$this->db->query('CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_taxes') .
-			' (INDEX(sale_id)) ENGINE=MEMORY
-			(
-				SELECT sales.sale_id, SUM(sales_taxes.sale_tax_amount) AS total_taxes
-				FROM ' . $this->db->prefixTable('sales') . ' AS sales
-				LEFT OUTER JOIN ' . $this->db->prefixTable('sales_taxes') . ' AS sales_taxes
-					ON sales.sale_id = sales_taxes.sale_id
-				WHERE sales.sale_status = \'' . COMPLETED . '\' AND sales_taxes.tax_type = \'1\'
-				GROUP BY sale_id
-			)'
-		);
+        $this->db->query(
+            'CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_taxes') .
+                ' (INDEX(sale_id)) ENGINE=MEMORY
+            (
+                SELECT sales.sale_id, SUM(sales_taxes.sale_tax_amount) AS total_taxes
+                FROM ' . $this->db->prefixTable('sales') . ' AS sales
+                LEFT OUTER JOIN ' . $this->db->prefixTable('sales_taxes') . ' AS sales_taxes
+                    ON sales.sale_id = sales_taxes.sale_id
+                WHERE sales.sale_status = \'' . COMPLETED . '\' AND sales_taxes.tax_type = \'1\'
+                GROUP BY sale_id
+            )'
+        );
 
-		$this->db->query('CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_sales') .
-			' (INDEX(sale_id)) ENGINE=MEMORY
-			(
-				SELECT sales.sale_id, '. $trans_amount . ', sales.employee_id, sales.sale_time'
-				. ' FROM ' . $this->db->prefixTable('sales') . ' AS sales '
-				. 'LEFT OUTER JOIN ' . $this->db->prefixTable('sales_items') . ' AS sales_items '
-				. 'ON sales.sale_id = sales_items.sale_id '
-				. 'LEFT OUTER JOIN ' . $this->db->prefixTable('migrate_taxes') . ' AS sumpay_taxes '
-				. 'ON sales.sale_id = sumpay_taxes.sale_id '
-				. 'WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
-			)'
-		);
+        $this->db->query(
+            'CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_sales') .
+                ' (INDEX(sale_id)) ENGINE=MEMORY
+            (
+                SELECT sales.sale_id, ' . $trans_amount . ', sales.employee_id, sales.sale_time'
+                . ' FROM ' . $this->db->prefixTable('sales') . ' AS sales '
+                . 'LEFT OUTER JOIN ' . $this->db->prefixTable('sales_items') . ' AS sales_items '
+                . 'ON sales.sale_id = sales_items.sale_id '
+                . 'LEFT OUTER JOIN ' . $this->db->prefixTable('migrate_taxes') . ' AS sumpay_taxes '
+                . 'ON sales.sale_id = sumpay_taxes.sale_id '
+                . 'WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
+            )'
+        );
 
-		$this->db->query('UPDATE ' . $this->db->prefixTable('migrate_sales') . ' AS sumpay_items '
-			. 'SET trans_amount = trans_amount + IFNULL((SELECT total_taxes FROM ' . $this->db->prefixTable('migrate_taxes')
-			. ' AS sumpay_taxes WHERE sumpay_items.sale_id = sumpay_taxes.sale_id),0)');
+        $this->db->query('UPDATE ' . $this->db->prefixTable('migrate_sales') . ' AS sumpay_items '
+            . 'SET trans_amount = trans_amount + IFNULL((SELECT total_taxes FROM ' . $this->db->prefixTable('migrate_taxes')
+            . ' AS sumpay_taxes WHERE sumpay_items.sale_id = sumpay_taxes.sale_id),0)');
 
-		$this->db->query('CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_payments') .
-			' (INDEX(sale_id)) ENGINE=MEMORY
-			(
-				SELECT sales.sale_id, COUNT(sales.sale_id) AS number_payments, 
-					SUM(sales_payments.payment_amount - sales_payments.cash_refund) AS total_payments
-				FROM ' . $this->db->prefixTable('sales') . ' AS sales
-				LEFT OUTER JOIN ' . $this->db->prefixTable('sales_payments') . ' AS sales_payments
-					ON sales.sale_id = sales_payments.sale_id
-				WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
-			)'
-		);
+        $this->db->query(
+            'CREATE TEMPORARY TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_payments') .
+                ' (INDEX(sale_id)) ENGINE=MEMORY
+            (
+                SELECT sales.sale_id, COUNT(sales.sale_id) AS number_payments,
+                    SUM(sales_payments.payment_amount - sales_payments.cash_refund) AS total_payments
+                FROM ' . $this->db->prefixTable('sales') . ' AS sales
+                LEFT OUTER JOIN ' . $this->db->prefixTable('sales_payments') . ' AS sales_payments
+                    ON sales.sale_id = sales_payments.sale_id
+                WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
+            )'
+        );
 
-		// You may be asking yourself why the following is not creating a temporary table.
-		// It should be, it originallly was, but there is a bug in MySQL where temporary tables where some SQL statements fail.
-		//  The update statement that follows this CREATE TABLE is one of those statements.
-		$this->db->query('CREATE TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_refund') .
-			' (INDEX(sale_id)) ENGINE=MEMORY
-			(
-				SELECT a.sale_id, total_payments - trans_amount AS refund_amount
-				FROM ' . $this->db->prefixTable('migrate_sales') . ' AS a
-				JOIN ' . $this->db->prefixTable('migrate_payments') . ' AS b ON a.sale_id = b.sale_id
-				WHERE total_payments > trans_amount AND number_payments = 1
-			)'
-		);
+        // You may be asking yourself why the following is not creating a temporary table.
+        // It should be, it originallly was, but there is a bug in MySQL where temporary tables where some SQL statements fail.
+        //  The update statement that follows this CREATE TABLE is one of those statements.
+        $this->db->query(
+            'CREATE TABLE IF NOT EXISTS ' . $this->db->prefixTable('migrate_refund') .
+                ' (INDEX(sale_id)) ENGINE=MEMORY
+            (
+                SELECT a.sale_id, total_payments - trans_amount AS refund_amount
+                FROM ' . $this->db->prefixTable('migrate_sales') . ' AS a
+                JOIN ' . $this->db->prefixTable('migrate_payments') . ' AS b ON a.sale_id = b.sale_id
+                WHERE total_payments > trans_amount AND number_payments = 1
+            )'
+        );
 
-		// Update existing cash transactions with refund amount
-		$this->db->query('UPDATE ' . $this->db->prefixTable('sales_payments') . ' AS a
-			SET a.cash_refund =
-			(SELECT b.refund_amount 
-				FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b 
-				WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . '\')
-			WHERE EXISTS
-				(SELECT b.refund_amount 
-					FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b 
-					WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')'
-		);
+        // Update existing cash transactions with refund amount
+        $this->db->query(
+            'UPDATE ' . $this->db->prefixTable('sales_payments') . ' AS a
+            SET a.cash_refund =
+            (SELECT b.refund_amount
+                FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b
+                WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . '\')
+            WHERE EXISTS
+                (SELECT b.refund_amount
+                    FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b
+                    WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')'
+        );
 
-		// Insert new cash refund transactions for non-cash payments
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('sales_payments') .
-		   ' (sale_id, payment_type, employee_id, payment_time, payment_amount, cash_refund) 
-			SELECT r.sale_id, \'' . $cash_payment . '\', s.employee_id, sale_time, 0, r.refund_amount 
-			FROM ' . $this->db->prefixTable('migrate_refund') . ' AS r
-			JOIN ' . $this->db->prefixTable('sales_payments') . ' AS p ON r.sale_id = p.sale_id
-			JOIN ' . $this->db->prefixTable('migrate_sales') . ' AS s ON r.sale_id = s.sale_id
-			WHERE p.payment_type != \'' . $cash_payment . '\''
-		);
+        // Insert new cash refund transactions for non-cash payments
+        $this->db->query(
+            'INSERT INTO ' . $this->db->prefixTable('sales_payments') .
+                ' (sale_id, payment_type, employee_id, payment_time, payment_amount, cash_refund)
+            SELECT r.sale_id, \'' . $cash_payment . '\', s.employee_id, sale_time, 0, r.refund_amount
+            FROM ' . $this->db->prefixTable('migrate_refund') . ' AS r
+            JOIN ' . $this->db->prefixTable('sales_payments') . ' AS p ON r.sale_id = p.sale_id
+            JOIN ' . $this->db->prefixTable('migrate_sales') . ' AS s ON r.sale_id = s.sale_id
+            WHERE p.payment_type != \'' . $cash_payment . '\''
+        );
 
-		// Post migration cleanup
-		$this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('migrate_refund'));
-	}
+        // Post migration cleanup
+        $this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('migrate_refund'));
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190612100000_dbfix.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_DBFix extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_dbfix.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_dbfix.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190615100000_fix_attribute_datetime.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_fix_attribute_datetime extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_fix_attribute_datetime.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_fix_attribute_datetime.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20190712150200_fix_empty_reports.php

@@ -6,30 +6,31 @@ use CodeIgniter\Database\Migration;
 
 class Migration_fix_empty_reports extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$builder = $this->db->table('stock_locations');
-		$builder->select('location_name');
-		$builder->where('location_id', 1);
-		$builder->limit(1);
-		$location_name = $builder->get()->getResultArray()[0]['location_name'];
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        log_message('info', 'Starting migration: Fix empty reports.');
 
-		$location_name = str_replace(' ', '_', $location_name);
-		$builder = $this->db->table('permissions');
-		$builder->set('location_id', 1);
-		$builder->where('permission_id','receivings_' . $location_name);
-		$builder->orWhere('permission_id', 'sales_' . $location_name);
-		$builder->update();
-	}
+        $builder = $this->db->table('stock_locations');
+        $builder->select('location_name');
+        $builder->where('location_id', 1);
+        $builder->limit(1);
+        $location_name = $builder->get()->getResultArray()[0]['location_name'];
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
+        $location_name = str_replace(' ', '_', $location_name);
+        $builder = $this->db->table('permissions');
+        $builder->set('location_id', 1);
+        $builder->where('permission_id', 'receivings_' . $location_name);
+        $builder->orWhere('permission_id', 'sales_' . $location_name);
+        $builder->update();
 
-	}
+        log_message('info', 'Finished migration: Fix empty reports.');
+    }
+
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20191008100000_receipttaxindicator.php

@@ -6,20 +6,21 @@ use CodeIgniter\Database\Migration;
 
 class Migration_receipttaxindicator extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$this->db->query('INSERT INTO ' . $this->db->prefixTable('app_config') . ' (`key`, `value`)
-			VALUES (\'receipt_show_tax_ind\', \'0\')');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        log_message('info', 'Migrating receipt tax indicator.');
+        $this->db->query('INSERT INTO ' . $this->db->prefixTable('app_config') . ' (`key`, `value`)
+            VALUES (\'receipt_show_tax_ind\', \'0\')');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-		$this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE key = \'receipt_show_tax_ind\'');
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void
+    {
+        $this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE `key` = \'receipt_show_tax_ind\'');
+    }
 }

app/Database/Migrations/20191231100000_paymentdatefix.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_PaymentDateFix extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_paymentdatefix.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_paymentdatefix.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20200125100000_saleschangeprice.php

@@ -6,20 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_SalesChangePrice extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_saleschangeprice.sql');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_saleschangeprice.sql');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }

app/Database/Migrations/20200202000000_taxamount.php

@@ -15,392 +15,369 @@ use CodeIgniter\Database\ResultInterface;
  */
 class Migration_TaxAmount extends Migration
 {
-	public const ROUND_UP = 5;
-	public const ROUND_DOWN = 6;
-	public const HALF_FIVE = 7;
-	public const YES = '1';
-	public const VAT_TAX = '0';
-	public const SALES_TAX = '1';	//TODO: It appears that this constant is never used
-	private Appconfig $appconfig;
+    public const ROUND_UP = 5;
+    public const ROUND_DOWN = 6;
+    public const HALF_FIVE = 7;
+    public const YES = '1';
+    public const VAT_TAX = '0';
+    public const SALES_TAX = '1';    // TODO: It appears that this constant is never used
+    private Appconfig $appconfig;
 
-	public function __construct()
-	{
-		parent::__construct();
+    public function __construct()
+    {
+        parent::__construct();
 
-		$this->appconfig = model(Appconfig::class);
-	}
+        $this->appconfig = model(Appconfig::class);
+    }
 
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$tax_included = ($this->appconfig->get_value('tax_included', Migration_TaxAmount::YES) == Migration_TaxAmount::YES);
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        $tax_included = ($this->appconfig->get_value('tax_included', Migration_TaxAmount::YES) == Migration_TaxAmount::YES);
 
-		if($tax_included)
-		{
-			$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
-			$number_of_unmigrated = $this->get_count_of_unmigrated();
+        if ($tax_included) {
+            $tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
+            $number_of_unmigrated = $this->get_count_of_unmigrated();
 
-			error_log('Migrating sales tax fixing. The number of sales that will be migrated is ' . $number_of_unmigrated);
+            log_message('info', 'Migrating sales tax fixing. The number of sales that will be migrated is ' . $number_of_unmigrated);
 
-			if($number_of_unmigrated > 0)
-			{
-				$unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
-				$this->db->query('RENAME TABLE ' . $this->db->prefixTable('sales_taxes') . ' TO ' . $this->db->prefixTable('sales_taxes_backup'));
-				$this->db->query('CREATE TABLE ' . $this->db->prefixTable('sales_taxes') . ' LIKE ' . $this->db->prefixTable('sales_taxes_backup'));
+            if ($number_of_unmigrated > 0) {
+                $unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
+                $this->db->query('RENAME TABLE ' . $this->db->prefixTable('sales_taxes') . ' TO ' . $this->db->prefixTable('sales_taxes_backup'));
+                $this->db->query('CREATE TABLE ' . $this->db->prefixTable('sales_taxes') . ' LIKE ' . $this->db->prefixTable('sales_taxes_backup'));
 
-				foreach($unmigrated_invoices as $key => $unmigrated_invoice)
-				{
-					$this->upgrade_tax_history_for_sale($unmigrated_invoice['sale_id'], $tax_decimals, true);
-				}
-				$this->db->query('DROP TABLE ' . $this->db->prefixTable('sales_taxes_backup'));
-			}
+                foreach ($unmigrated_invoices as $key => $unmigrated_invoice) {
+                    $this->upgrade_tax_history_for_sale($unmigrated_invoice['sale_id'], $tax_decimals, true);
+                }
+                $this->db->query('DROP TABLE ' . $this->db->prefixTable('sales_taxes_backup'));
+            }
 
-			error_log('Migrating sales tax fixing. The number of sales that will be migrated is finished.');
-		}
-	}
+            log_message('info', 'Migrating sales tax fixing. The number of sales that will be migrated is finished.');
+        }
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 
-	}
+    /**
+     * @param int $sale_id
+     * @param string $tax_decimals
+     * @param bool $tax_included
+     * @return void
+     */
+    private function upgrade_tax_history_for_sale(int $sale_id, string $tax_decimals, bool $tax_included): void    // TODO: $tax_included is passed as a parameter but never used in the function body.
+    {
+        $customer_sales_tax_support = false;
+        $tax_type = Migration_TaxAmount::VAT_TAX;
+        $sales_taxes = [];
+        $tax_group_sequence = 0;
+        $items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
 
-	/**
-	 * @param int $sale_id
-	 * @param string $tax_decimals
-	 * @param bool $tax_included
-	 * @return void
-	 */
-	private function upgrade_tax_history_for_sale(int $sale_id, string $tax_decimals, bool $tax_included): void	//TODO: $tax_included is passed as a parameter but never used in the function body.
-	{
-		$customer_sales_tax_support = false;
-		$tax_type = Migration_TaxAmount::VAT_TAX;
-		$sales_taxes = [];
-		$tax_group_sequence = 0;
-		$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
+        foreach ($items as $item) {
+            // This computes tax for each line item and adds it to the tax type total
+            $tax_group = (float)$item['percent'] . '% ' . $item['name'];
+            $tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount'], true);
+            $item_tax_amount = $this->get_item_tax($tax_basis, $item['percent'], PHP_ROUND_HALF_UP, $tax_decimals);
+            $this->update_sales_items_taxes_amount($sale_id, $item['line'], $item['name'], $item['percent'], $tax_type, $item_tax_amount);
+            $this->update_sales_taxes($sales_taxes, $tax_type, $tax_group, $item['percent'], $tax_basis, $item_tax_amount, $tax_group_sequence, PHP_ROUND_HALF_UP, $sale_id, $item['name']);
+            $tax_group_sequence += 1;
+        }
 
-		foreach($items as $item)
-		{
-			// This computes tax for each line item and adds it to the tax type total
-			$tax_group = (float)$item['percent'] . '% ' . $item['name'];
-			$tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount'], true);
-			$item_tax_amount = $this->get_item_tax($tax_basis, $item['percent'], PHP_ROUND_HALF_UP, $tax_decimals);
-			$this->update_sales_items_taxes_amount($sale_id, $item['line'], $item['name'], $item['percent'], $tax_type, $item_tax_amount);
-			$this->update_sales_taxes($sales_taxes, $tax_type, $tax_group, $item['percent'], $tax_basis, $item_tax_amount, $tax_group_sequence, PHP_ROUND_HALF_UP, $sale_id, $item['name']);
-			$tax_group_sequence += 1;
-		}
+        if ($customer_sales_tax_support) {    // TODO: This will always evaluate to false.
+            $this->apply_invoice_taxing($sales_taxes);
+        }
 
-		if($customer_sales_tax_support)	//TODO: This will always evaluate to false.
-		{
-			$this->apply_invoice_taxing($sales_taxes);
-		}
+        $this->round_sales_taxes($sales_taxes);
+        $this->save_sales_tax($sales_taxes);
+    }
 
-		$this->round_sales_taxes($sales_taxes);
-		$this->save_sales_tax($sales_taxes);
-	}
+    /**
+     * @param int $block_count
+     * @return ResultInterface
+     */
+    private function get_unmigrated(int $block_count): ResultInterface
+    {
+        $builder = $this->db->table('sales_items_taxes as SIT');
+        $builder->select('SIT.sale_id');
+        $builder->select('ST.sale_id as sales_taxes_sale_id');
+        $builder->join('sales_taxes as ST', 'SIT.sale_id = ST.sale_id', 'left');
+        $builder->groupBy('SIT.sale_id');
+        $builder->groupBy('ST.sale_id');
+        $builder->orderBy('SIT.sale_id');
+        $builder->limit($block_count);
 
-	/**
-	 * @param int $block_count
-	 * @return ResultInterface
-	 */
-	private function get_unmigrated(int $block_count): ResultInterface
-	{
-		$builder = $this->db->table('sales_items_taxes as SIT');
-		$builder->select('SIT.sale_id');
-		$builder->select('ST.sale_id as sales_taxes_sale_id');
-		$builder->join('sales_taxes as ST', 'SIT.sale_id = ST.sale_id', 'left');
-		$builder->groupBy('SIT.sale_id');
-		$builder->groupBy('ST.sale_id');
-		$builder->orderBy('SIT.sale_id');
-		$builder->limit($block_count);
+        return $builder->get();
+    }
 
-		return $builder->get();
-	}
+    /**
+     * @return int
+     */
+    private function get_count_of_unmigrated(): int
+    {
+        $result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
+            . $this->db->prefixTable('sales_items_taxes')
+            . ' as SIT LEFT JOIN '
+            . $this->db->prefixTable('sales_taxes')
+            . ' as ST ON SIT.sale_id = ST.sale_id GROUP BY SIT.sale_id, ST.sale_id'
+            . ' ORDER BY SIT.sale_id) as US')->getResultArray();
 
-	/**
-	 * @return int
-	 */
-	private function get_count_of_unmigrated(): int
-	{
-		$result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
-			. $this->db->prefixTable('sales_items_taxes')
-			. ' as SIT LEFT JOIN '
-			. $this->db->prefixTable('sales_taxes')
-			. ' as ST ON SIT.sale_id = ST.sale_id GROUP BY SIT.sale_id, ST.sale_id'
-			. ' ORDER BY SIT.sale_id) as US')->getResultArray();
+        if (!$result) {
+            log_message('info', 'Database error in 20200202000000_taxamount.php related to sales_taxes or sales_items_taxes.');
+            return 0;
+        }
 
-		return $result[0]['COUNT(*)'];
-	}
 
-	/**
-	 * @param int $sale_id
-	 * @return ResultInterface
-	 */
-	private function get_sale_items_for_migration(int $sale_id): ResultInterface
-	{
-		$builder = $this->db->table('sales_items as sales_items');
-		$builder->select('sales_items.sale_id as sale_id');
-		$builder->select('sales_items.line as line');
-		$builder->select('item_unit_price');
-		$builder->select('discount');
-		$builder->select('quantity_purchased');
-		$builder->select('percent');
-		$builder->select('name');
-		$builder->join('sales_items_taxes as sales_items_taxes', 'sales_items.sale_id = sales_items_taxes.sale_id and sales_items.line = sales_items_taxes.line');
-		$builder->where('sales_items.sale_id', $sale_id);
+        return $result[0]['COUNT(*)'] ?: 0;
+    }
 
-		return $builder->get();
-	}
+    /**
+     * @param int $sale_id
+     * @return ResultInterface
+     */
+    private function get_sale_items_for_migration(int $sale_id): ResultInterface
+    {
+        $builder = $this->db->table('sales_items as sales_items');
+        $builder->select('sales_items.sale_id as sale_id');
+        $builder->select('sales_items.line as line');
+        $builder->select('item_unit_price');
+        $builder->select('discount');
+        $builder->select('quantity_purchased');
+        $builder->select('percent');
+        $builder->select('name');
+        $builder->join('sales_items_taxes as sales_items_taxes', 'sales_items.sale_id = sales_items_taxes.sale_id and sales_items.line = sales_items_taxes.line');
+        $builder->where('sales_items.sale_id', $sale_id);
 
-	/**
-	 * @param int $sale_id
-	 * @param int $line
-	 * @param string $name
-	 * @param float $percent
-	 * @param int $tax_type
-	 * @param float $item_tax_amount
-	 * @return void
-	 */
-	private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
-	{
-		$builder = $this->db->table('sales_items_taxes');
-		$builder->where('sale_id', $sale_id);
-		$builder->where('line', $line);
-		$builder->where('name', $name);
-		$builder->where('percent', $percent);
-		$builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
-	}
+        return $builder->get();
+    }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	private function save_sales_tax(array &$sales_taxes): void
-	{
-		$builder = $this->db->table('sales_taxes');
+    /**
+     * @param int $sale_id
+     * @param int $line
+     * @param string $name
+     * @param float $percent
+     * @param int $tax_type
+     * @param float $item_tax_amount
+     * @return void
+     */
+    private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
+    {
+        $builder = $this->db->table('sales_items_taxes');
+        $builder->where('sale_id', $sale_id);
+        $builder->where('line', $line);
+        $builder->where('name', $name);
+        $builder->where('percent', $percent);
+        $builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
+    }
 
-		foreach($sales_taxes as $line => $sales_tax)
-		{
-			$builder->insert($sales_tax);
-		}
-	}
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    private function save_sales_tax(array &$sales_taxes): void
+    {
+        $builder = $this->db->table('sales_taxes');
 
-	/**
-	 * @param string $quantity
-	 * @param string $price
-	 * @param string $discount
-	 * @param bool $include_discount
-	 * @return string
-	 */
-	public function get_item_total(string $quantity, string $price, string $discount, bool $include_discount = false): string
-	{
-		$total = bcmul($quantity, $price);
+        foreach ($sales_taxes as $line => $sales_tax) {
+            $builder->insert($sales_tax);
+        }
+    }
 
-		if($include_discount)
-		{
-			$total = bcsub($total, bcmul(bcmul($quantity, $price), bcdiv($discount, 100)));
-		}
+    /**
+     * @param string $quantity
+     * @param string $price
+     * @param string $discount
+     * @param bool $include_discount
+     * @return string
+     */
+    public function get_item_total(string $quantity, string $price, string $discount, bool $include_discount = false): string
+    {
+        $total = bcmul($quantity, $price);
 
-		return $total;
-	}
+        if ($include_discount) {
+            $total = bcsub($total, bcmul(bcmul($quantity, $price), bcdiv($discount, 100)));
+        }
 
-	/**
-	 * @param string $tax_basis
-	 * @param string $tax_percentage
-	 * @param int $rounding_mode
-	 * @param int $decimals
-	 * @return float
-	 */
-	public function get_item_tax(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float	//TODO: is this currency safe?
-	{
-		$tax_fraction = bcdiv(bcadd('100', $tax_percentage), '100');
-		$price_tax_excl = bcdiv($tax_basis, $tax_fraction);
-		$tax_amount = bcsub($tax_basis, $price_tax_excl);
+        return $total;
+    }
 
-		return $this->round_number($rounding_mode, $tax_amount, $decimals);
-	}
+    /**
+     * @param string $tax_basis
+     * @param string $tax_percentage
+     * @param int $rounding_mode
+     * @param int $decimals
+     * @return float
+     */
+    public function get_item_tax(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float    // TODO: is this currency safe?
+    {
+        $tax_fraction = bcdiv(bcadd('100', $tax_percentage), '100');
+        $price_tax_excl = bcdiv($tax_basis, $tax_fraction);
+        $tax_amount = bcsub($tax_basis, $price_tax_excl);
 
-	/**
-	 * @param string $tax_basis
-	 * @param string $tax_percentage
-	 * @param int $rounding_mode
-	 * @param int $decimals
-	 * @return float
-	 */
-	public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float	//TODO: is this currency safe?
-	{
-		$tax_fraction = bcdiv($tax_percentage, '100');
-		$tax_amount = bcmul($tax_basis, $tax_fraction);
+        return $this->round_number($rounding_mode, $tax_amount, $decimals);
+    }
 
-		return $this->round_number($rounding_mode, $tax_amount, $decimals);
-	}
+    /**
+     * @param string $tax_basis
+     * @param string $tax_percentage
+     * @param int $rounding_mode
+     * @param int $decimals
+     * @return float
+     */
+    public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float    // TODO: is this currency safe?
+    {
+        $tax_fraction = bcdiv($tax_percentage, '100');
+        $tax_amount = bcmul($tax_basis, $tax_fraction);
 
-	/**
-	 * @param int $rounding_mode
-	 * @param string $amount
-	 * @param int $decimals
-	 * @return float
-	 */
-	public function round_number(int $rounding_mode, string $amount, int $decimals): float	//TODO: is this currency safe?
-	{//TODO: This needs to be converted to a switch
-		if($rounding_mode == Migration_TaxAmount::ROUND_UP)	//TODO: === ?
-		{
-			$fig = pow(10, $decimals);
-			$rounded_total = (ceil($fig * $amount) + ceil($fig*$amount - ceil($fig * $amount)))/$fig;
-		}
-		elseif($rounding_mode == Migration_TaxAmount::ROUND_DOWN)	//TODO: === ?
-		{
-			$fig = pow(10, $decimals);
-			$rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount)))/$fig;
-		}
-		elseif($rounding_mode == Migration_TaxAmount::HALF_FIVE)	//TODO: === ?
-		{
-			$rounded_total = round($amount / 5) * 5;
-		}
-		else
-		{
-			$rounded_total = round($amount, $decimals, $rounding_mode);
-		}
+        return $this->round_number($rounding_mode, $tax_amount, $decimals);
+    }
 
-		return $rounded_total;
-	}
+    /**
+     * @param int $rounding_mode
+     * @param string $amount
+     * @param int $decimals
+     * @return float
+     */
+    public function round_number(int $rounding_mode, string $amount, int $decimals): float    // TODO: is this currency safe?
+    {   // TODO: This needs to be converted to a switch
+        $amount = (float)$amount;
 
-	/**
-	 * @param array $sales_taxes
-	 * @param int $tax_type
-	 * @param string $tax_group
-	 * @param float $tax_rate
-	 * @param string $tax_basis
-	 * @param string $item_tax_amount
-	 * @param int $tax_group_sequence
-	 * @param int $rounding_code
-	 * @param int $sale_id
-	 * @param string $name
-	 * @param string $tax_code
-	 * @return void
-	 */
-	public function update_sales_taxes(array &$sales_taxes, int $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
-	{
-		$tax_group_index = $this->clean('X' . $tax_group);
+        if ($rounding_mode == Migration_TaxAmount::ROUND_UP) {    // TODO: === ?
+            $fig = pow(10, $decimals);
+            $rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
+        } elseif ($rounding_mode == Migration_TaxAmount::ROUND_DOWN) {    // TODO: === ?
+            $fig = pow(10, $decimals);
+            $rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount))) / $fig;
+        } elseif ($rounding_mode == Migration_TaxAmount::HALF_FIVE) {    // TODO: === ?
+            $rounded_total = round($amount / 5) * 5;
+        } else {
+            $rounded_total = round($amount, $decimals, $rounding_mode);
+        }
 
-		if(!array_key_exists($tax_group_index, $sales_taxes))
-		{
-			$insertkey = $tax_group_index;
-			$sales_tax = [
-				$insertkey => [
-					'sale_id' => $sale_id,
-					'tax_type' => $tax_type,
-					'tax_group' => $tax_group,
-					'sale_tax_basis' => $tax_basis,
-					'sale_tax_amount' => $item_tax_amount,
-					'print_sequence' => $tax_group_sequence,
-					'name' => $name,
-					'tax_rate' => $tax_rate,
-					'sales_tax_code_id' => $tax_code,
-					'rounding_code' => $rounding_code
-				]
-			];
+        return $rounded_total;
+    }
 
-			//add to existing array
-			$sales_taxes += $sales_tax;
-		}
-		else
-		{
-			// Important ... the sales amounts are accumulated for the group at the maximum configurable scale value of 4
-			// but the scale will in reality be the scale specified by the tax_decimal configuration value  used for sales_items_taxes
-			$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
-			$sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
-		}
-	}
+    /**
+     * @param array $sales_taxes
+     * @param int $tax_type
+     * @param string $tax_group
+     * @param float $tax_rate
+     * @param string $tax_basis
+     * @param string $item_tax_amount
+     * @param int $tax_group_sequence
+     * @param int $rounding_code
+     * @param int $sale_id
+     * @param string $name
+     * @param string $tax_code
+     * @return void
+     */
+    public function update_sales_taxes(array &$sales_taxes, int $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
+    {
+        $tax_group_index = $this->clean('X' . $tax_group);
 
-	/**
-	 * @param string $string
-	 * @return string
-	 */
-	public function clean(string $string): string	//TODO: This can probably go into the migration helper as it's used it more than one migration. Also, $string needs to be refactored to a different name.
-	{
-		$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
+        if (!array_key_exists($tax_group_index, $sales_taxes)) {
+            $insertkey = $tax_group_index;
+            $sales_tax = [
+                $insertkey => [
+                    'sale_id'           => $sale_id,
+                    'tax_type'          => $tax_type,
+                    'tax_group'         => $tax_group,
+                    'sale_tax_basis'    => $tax_basis,
+                    'sale_tax_amount'   => $item_tax_amount,
+                    'print_sequence'    => $tax_group_sequence,
+                    'name'              => $name,
+                    'tax_rate'          => $tax_rate,
+                    'sales_tax_code_id' => $tax_code,
+                    'rounding_code'     => $rounding_code
+                ]
+            ];
 
-		return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
-	}
+            // Add to existing array
+            $sales_taxes += $sales_tax;
+        } else {
+            // Important: the sales amounts are accumulated for the group at the maximum configurable scale value of 4
+            // but the scale will in reality be the scale specified by the tax_decimal configuration value  used for sales_items_taxes
+            $sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
+            $sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
+        }
+    }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	public function apply_invoice_taxing(array &$sales_taxes): void
-	{
-		if(!empty($sales_taxes))	//TODO: Duplicated code
-		{
-			$sort = [];
-			foreach($sales_taxes as $k => $v)
-			{
-				$sort['print_sequence'][$k] = $v['print_sequence'];
-			}
-			array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
-		}
+    /**
+     * @param string $string
+     * @return string
+     */
+    public function clean(string $string): string    // TODO: This can probably go into the migration helper as it's used it more than one migration. Also, $string needs to be refactored to a different name.
+    {
+        $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
 
-		$decimals = totals_decimals();
+        return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
+    }
 
-		foreach($sales_taxes as $row_number => $sales_tax)
-		{
-			$sales_taxes[$row_number]['sale_tax_amount'] = $this->get_sales_tax_for_amount($sales_tax['sale_tax_basis'], $sales_tax['tax_rate'], $sales_tax['rounding_code'], $decimals);
-		}
-	}
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    public function apply_invoice_taxing(array &$sales_taxes): void
+    {
+        if (!empty($sales_taxes)) {    // TODO: Duplicated code
+            $sort = [];
+            foreach ($sales_taxes as $k => $v) {
+                $sort['print_sequence'][$k] = $v['print_sequence'];
+            }
+            array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
+        }
 
-	/**
-	 * @param array $sales_taxes
-	 * @return void
-	 */
-	public function round_sales_taxes(array &$sales_taxes): void
-	{
-		if(!empty($sales_taxes))
-		{
-			$sort = [];
+        $decimals = totals_decimals();
 
-			foreach($sales_taxes as $k=>$v)
-			{
-				$sort['print_sequence'][$k] = $v['print_sequence'];
-			}
+        foreach ($sales_taxes as $row_number => $sales_tax) {
+            $sales_taxes[$row_number]['sale_tax_amount'] = $this->get_sales_tax_for_amount($sales_tax['sale_tax_basis'], $sales_tax['tax_rate'], $sales_tax['rounding_code'], $decimals);
+        }
+    }
 
-			array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
-		}
+    /**
+     * @param array $sales_taxes
+     * @return void
+     */
+    public function round_sales_taxes(array &$sales_taxes): void
+    {
+        if (!empty($sales_taxes)) {
+            $sort = [];
 
-		$decimals = totals_decimals();
+            foreach ($sales_taxes as $k => $v) {
+                $sort['print_sequence'][$k] = $v['print_sequence'];
+            }
 
-		foreach($sales_taxes as $row_number => $sales_tax)
-		{
-			$sale_tax_amount = $sales_tax['sale_tax_amount'];
-			$rounding_code = $sales_tax['rounding_code'];
-			$rounded_sale_tax_amount = $sale_tax_amount;
+            array_multisort($sort['print_sequence'], SORT_ASC, $sales_taxes);
+        }
 
-			if ($rounding_code == PHP_ROUND_HALF_UP	//TODO: This block of if/elseif statements can be converted to a switch.
-				|| $rounding_code == PHP_ROUND_HALF_DOWN
-				|| $rounding_code == PHP_ROUND_HALF_EVEN
-				|| $rounding_code == PHP_ROUND_HALF_ODD)
-			{
-				$rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
-			}
-			elseif($rounding_code == Migration_TaxAmount::ROUND_UP)
-			{
-				$fig = (int) str_pad('1', $decimals, '0');
-				$rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
-			}
-			elseif($rounding_code == Migration_TaxAmount::ROUND_DOWN)
-			{
-				$fig = (int) str_pad('1', $decimals, '0');
-				$rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
-			}
-			elseif($rounding_code == Migration_TaxAmount::HALF_FIVE)
-			{
-				$rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
-			}
+        $decimals = totals_decimals();
 
-			$sales_taxes[$row_number]['sale_tax_amount'] = $rounded_sale_tax_amount;
-		}
-	}
+        foreach ($sales_taxes as $row_number => $sales_tax) {
+            $sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
+            $rounding_code = $sales_tax['rounding_code'];
+            $rounded_sale_tax_amount = $sale_tax_amount;
+
+            if (
+                $rounding_code == PHP_ROUND_HALF_UP    // TODO: This block of if/elseif statements can be converted to a switch.
+                || $rounding_code == PHP_ROUND_HALF_DOWN
+                || $rounding_code == PHP_ROUND_HALF_EVEN
+                || $rounding_code == PHP_ROUND_HALF_ODD
+            ) {
+                $rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
+            } elseif ($rounding_code == Migration_TaxAmount::ROUND_UP) {
+                $fig = (int) str_pad('1', $decimals, '0');
+                $rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
+            } elseif ($rounding_code == Migration_TaxAmount::ROUND_DOWN) {
+                $fig = (int) str_pad('1', $decimals, '0');
+                $rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
+            } elseif ($rounding_code == Migration_TaxAmount::HALF_FIVE) {
+                $rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
+            }
+
+            $sales_taxes[$row_number]['sale_tax_amount'] = $rounded_sale_tax_amount;
+        }
+    }
 }

app/Database/Migrations/20200215100000_taxgroupconstraint.php

@@ -6,19 +6,20 @@ use CodeIgniter\Database\Migration;
 
 class Migration_taxgroupconstraint extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$this->db->query('ALTER TABLE ' . $this->db->prefixTable('tax_jurisdictions') . ' ADD CONSTRAINT tax_jurisdictions_uq1 UNIQUE (tax_group)');
-	}
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        log_message('info', 'Migrating tax group constraints.');
+        $this->db->query('ALTER TABLE ' . $this->db->prefixTable('tax_jurisdictions') . ' ADD CONSTRAINT tax_jurisdictions_uq1 UNIQUE (tax_group)');
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-		$this->db->query('ALTER TABLE ' . $this->db->prefixTable('tax_jurisdictions') . ' DROP INDEX tax_jurisdictions_uq1');
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void
+    {
+        $this->db->query('ALTER TABLE ' . $this->db->prefixTable('tax_jurisdictions') . ' DROP INDEX tax_jurisdictions_uq1');
+    }
 }

app/Database/Migrations/20200508000000_image_upload_defaults.php

@@ -6,29 +6,30 @@ use CodeIgniter\Database\Migration;
 
 class Migration_image_upload_defaults extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		$image_values = [
-			['key' => 'image_allowed_types', 'value' => 'gif|jpg|png'],
-			['key' => 'image_max_height', 'value' => '480'],
-			['key' => 'image_max_size', 'value' => '128'],
-			['key' => 'image_max_width', 'value' => '640']
-		];
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        log_message('info', 'Migrating image upload defaults.');
+        $image_values = [
+            ['key' => 'image_allowed_types', 'value' => 'gif|jpg|png'],
+            ['key' => 'image_max_height',    'value' => '480'],
+            ['key' => 'image_max_size',      'value' => '128'],
+            ['key' => 'image_max_width',     'value' => '640']
+        ];
 
-		$builder = $this->db->table('app_config');
-		$builder->insertBatch($image_values);
-	}
+        $builder = $this->db->table('app_config');
+        $builder->insertBatch($image_values);
+    }
 
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-		$builder = $this->db->table('app_config');
-		$builder->whereIn('key', ['image_allowed_types','image_max_height','image_max_size','image_max_width']);
-		$builder->delete();
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void
+    {
+        $builder = $this->db->table('app_config');
+        $builder->whereIn('key', ['image_allowed_types', 'image_max_height', 'image_max_size', 'image_max_width']);
+        $builder->delete();
+    }
 }

app/Database/Migrations/20200819000000_modify_attr_links_constraint.php

@@ -6,23 +6,17 @@ use CodeIgniter\Database\Migration;
 
 class Migration_modify_attr_links_constraint extends Migration
 {
-	/**
-	 * Perform a migration step.
-	 */
-	public function up(): void
-	{
-		error_log('Migrating modify_attr_links_constraint');
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_modify_attr_links_constraint.sql');
+    }
 
-		helper('migration');
-		execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_modify_attr_links_constraint.sql');
-
-		error_log('Migrating modify_attr_links_constraint');
-	}
-
-	/**
-	 * Revert a migration step.
-	 */
-	public function down(): void
-	{
-	}
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void {}
 }