mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-25 00:44:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:review-pr-4394
Branches Tags
mirror:master mirror:fix-tax-input-locale mirror:fix/4554-encryption-docker-issue mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2
..
compare: mirror:feature/api-openapi-spec
Branches Tags
mirror:fix-tax-input-locale mirror:fix/4554-encryption-docker-issue mirror:master mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2

1 Commits
review-pr- ... feature/ap

Author SHA1 Message Date
jekkos
09191b9af7 feat: Add OpenAPI 3.1 specification for REST API 
Add comprehensive OpenAPI specification for OSPOS REST API including:

- Customers API (CRUD operations)
- Suppliers API (CRUD operations)
- Items API (CRUD operations with inventory quantities)
- Inventory API (stock adjustments)
- Sales API (read-only queries)
- Receivings API (read-only queries)

Features:
- API Key authentication via X-API-Key header
- Pagination with offset/limit parameters
- Soft delete support for customers, suppliers, items
- Batch operations for delete and update
- Search/suggest endpoints for autocomplete
- Comprehensive schema definitions based on existing models

Includes documentation with:
- Endpoint reference tables
- Schema field descriptions
- Implementation notes and discussion topics
- HTTP status codes and response formats

This is a design proposal for discussion before implementation.
 2026-03-06 10:27:11 +00:00
441 changed files with 5416 additions and 8982 deletions
Expand all files Collapse all files

55
.dockerignore
View File

@@ -1,56 +1,23 @@
# Version control
.git
.gitignore
# Sensitive config (user may mount their own)
node_modules
tmp
app/Config/Email.php
# Build artifacts
node_modules/
dist/
tmp/
*.patch
patches/
# IDE and editor files
.idea/
.vscode/
git-svn-diff.py
*.bash
.swp
*.swp
.buildpath
.project
.settings/
# Development tools and configs
tests/
phpunit.xml
.php-cs-fixer.*
phpstan.neon
*.bash
git-svn-diff.py
# Documentation
*.md
!LICENSE
branding/
# Build configs (not needed at runtime)
composer.json
composer.lock
package.json
package-lock.json
gulpfile.js
.env.example
.dockerignore
# Temporary and backup files
.settings/*
.git
dist/
node_modules/
*.swp
*.rej
*.orig
*~
*.~
*.log
# CI
.github/
.github/workflows/
build/
app/writable/session/*
!app/writable/session/index.html

18
.env.example
View File

@@ -4,24 +4,6 @@
CI_ENVIRONMENT = production
#--------------------------------------------------------------------
# SECURITY: ALLOWED HOSTNAMES
#--------------------------------------------------------------------
# CRITICAL: Whitelist of allowed hostnames to prevent Host Header
# Injection attacks (GHSA-jchf-7hr6-h4f3).
#
# REQUIRED IN PRODUCTION: Application will fail to start if not configured.
# In development, falls back to 'localhost' with an error log.
#
# Configure with comma-separated list of domains/subdomains:
# app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
#
# For local development:
# app.allowedHostnames = 'localhost'
#
# Note: Do not include protocol (http/https) or port numbers.
app.allowedHostnames = ''
#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------

309
.github/ISSUE_TEMPLATE/bug report.yml vendored
View File

@@ -1,188 +1,121 @@
name: 🐛 Bug Report
description: File a bug report to help us improve
title: "[Bug]: "
labels: ["bug", "triage"]
projects: ["ospos/3", "ospos/4"]
assignees: []
body:
# ─────────────────────────────────────────────────────────────────────────────
# INTRODUCTION
# ─────────────────────────────────────────────────────────────────────────────
- type: markdown
attributes:
value: |
## Thanks for taking the time to fill out this bug report! 🐜
Bug reports help us identify and fix issues. Please provide as much detail as possible.
> ⚠️ **Important:** Submit a separate bug report for each problem you encounter.
>
> 🚫 Do not include personal identifying information such as email addresses or encryption keys.
# ─────────────────────────────────────────────────────────────────────────────
# PROBLEM DESCRIPTION
# ─────────────────────────────────────────────────────────────────────────────
- type: textarea
id: bug-description
attributes:
label: 🐛 Bug Description
description: A clear and concise description of what the bug is.
placeholder: |
Example: When I try to print a receipt, the application crashes
with an error message saying "Unable to connect to printer".
validations:
required: true
- type: textarea
id: steps-reproduce
attributes:
label: 📋 Steps to Reproduce
description: Detailed steps to reproduce the behavior.
placeholder: |
1. Go to '...'
2. Click on '...'
3. Scroll down to '...'
4. See error
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: ✅ Expected Behavior
description: A clear and concise description of what you expected to happen.
placeholder: |
Example: The receipt should print successfully without any errors.
validations:
required: true
# ─────────────────────────────────────────────────────────────────────────────
# ENVIRONMENT DETAILS
# ─────────────────────────────────────────────────────────────────────────────
- type: dropdown
id: ospos-version
attributes:
label: 📦 OpenSourcePOS Version
description: What version of our software are you running?
options:
- development (unreleased)
- OpenSourcePOS 3.4.2
- OpenSourcePOS 3.4.1
- OpenSourcePOS 3.4.0
- OpenSourcePOS 3.3.9
- OpenSourcePOS 3.3.8
default: 0
validations:
required: true
- type: dropdown
id: php-version
attributes:
label: 🔧 PHP Version
description: What version of PHP are you running?
options:
- PHP 8.4
- PHP 8.3
- PHP 8.2
- PHP 8.1
- PHP 7.4
- PHP 7.3
- PHP 7.2
default: 0
validations:
required: true
- type: dropdown
id: browsers
attributes:
label: 🌐 Browser(s)
description: What browser(s) are you seeing the problem on?
multiple: true
options:
- Firefox
- Chrome
- Safari
- Microsoft Edge
- Other
- type: input
id: server
attributes:
label: 🖥️ Server Operating System
description: What server OS and version are you running?
placeholder: "e.g., Ubuntu 22.04, CentOS 7, Windows Server 2022"
validations:
required: true
- type: input
id: database
attributes:
label: 🗄️ Database
description: What database management system and version are you using?
placeholder: "e.g., MySQL 8.0, MariaDB 10.11, Percona 8.0"
validations:
required: true
- type: input
id: webserver
attributes:
label: 🌍 Web Server
description: What web server and version are you using?
placeholder: "e.g., Apache 2.4, Nginx 1.24, Caddy 2.7"
validations:
required: true
# ─────────────────────────────────────────────────────────────────────────────
# ADDITIONAL INFORMATION
# ─────────────────────────────────────────────────────────────────────────────
- type: textarea
id: system-info
attributes:
label: 📊 System Information Report
description: |
Copy and paste the system information from OSPOS:
**Navigation:** Configuration → Setup & Conf → System Info
placeholder: |
Paste the System Information Report here...
render: text
validations:
required: true
- type: textarea
id: logs
attributes:
label: 📜 Relevant Log Output
description: |
Please copy and paste any relevant log output.
**Log locations:**
- OSPOS logs: `writable/logs/`
- Web server logs: `/var/log/apache2/` or `/var/log/nginx/`
- PHP logs: Check your `php.ini` for `error_log` location
placeholder: |
Paste log output here...
render: shell
- type: textarea
id: screenshots
attributes:
label: 📸 Screenshots
description: If applicable, add screenshots to help explain your problem.
placeholder: Drag and drop images here...
# ─────────────────────────────────────────────────────────────────────────────
# CONFIRMATION
# ─────────────────────────────────────────────────────────────────────────────
- type: checkboxes
id: terms
attributes:
label: ✓ Confirmation
description: Please confirm the following before submitting
options:
- label: I certify that this is an unmodified copy of OpenSourcePOS
required: true
- label: I have searched existing issues to ensure this bug has not already been reported
required: true
- label: I have provided all the information requested above
required: true
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: ["bug", "triage"]
projects: ["ospos/3", "ospos/4"]
assignees:
- none
body:
- type: markdown
attributes:
value: |
Bug reports indicate that something is not working as intended.
Please include as much detail as possible and submit a separate bug report for each problem.
Do not include personal identifying information such as email addresses or encryption keys.
- type: textarea
id: bug-description
attributes:
label: Bug Description?
description: Describe the problem that you are seeing
placeholder: "Describe the problem that you are seeing"
validations:
required: true
- type: textarea
id: steps-reproduce
attributes:
label: Steps to Reproduce?
description: List the steps to reproduce this issue
placeholder: "Steps to Reproduce"
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: Expected Behavior?
description: Tell us what did you expect to happen?
placeholder: "Expected Behavior"
validations:
required: true
- type: dropdown
id: ospos-version
attributes:
label: OpensourcePOS Version
description: What version of our software are you running?
options:
- development (unreleased)
- opensourcepos 3.4.1
- opensourcepos 3.4.0
- opensourcepos 3.3.9
- opensourcepos 3.3.8
- opensourcepos 3.3.7
default: 0
validations:
required: true
- type: dropdown
id: php-version
attributes:
label: Php version
description: What version of Php?
options:
- Php 7.2
- Php 7.3
- Php 7.4
- Php 8.1
- Php 8.2
- Php 8.3
- Php 8.4
default: 0
validations:
required: true
- type: dropdown
id: browsers
attributes:
label: What browsers are you seeing the problem on?
multiple: true
options:
- Firefox
- Chrome
- Safari
- Microsoft Edge
- Other
- type: input
id: server
attributes:
label: Server Operating System and version
description: "Server Operating System "
placeholder: "Server Operating System "
validations:
required: true
- type: input
id: database
attributes:
label: Database Management System and version
description: "Database Management System"
placeholder: "Database Management"
validations:
required: true
- type: input
id: webserver
attributes:
label: Web Server and version
description: "Web Server and version "
placeholder: "Web Server and version "
validations:
required: true
- type: textarea
id: servers
attributes:
label: System Information Report (optional)
description: Copy and paste from OSPOS > Configuration > Setup & Conf > Setup & Conf?
placeholder: System Information Report
value: "System Information Report"
validations:
required: true
- type: checkboxes
id: terms
attributes:
label: Unmodified copy of OpensourcePOS
description: By submitting this issue you agree this copy has not been modified
options:
- label: I agree this copy has not been modified
required: true

199
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View File

@@ -1,136 +1,63 @@
name: ✨ Feature Request
description: Suggest an idea or enhancement for this project
title: "[Feature]: "
labels: ["enhancement"]
assignees: []
body:
# ─────────────────────────────────────────────────────────────────────────────
# INTRODUCTION
# ─────────────────────────────────────────────────────────────────────────────
- type: markdown
attributes:
value: |
## Thanks for suggesting a new feature! 💡
We appreciate you taking the time to help improve OpenSourcePOS.
> 📋 **Before submitting:** Please search [existing feature requests](https://github.com/opensourcepos/opensourcepos/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) to ensure your idea hasn't already been suggested.
# ─────────────────────────────────────────────────────────────────────────────
# FEATURE DETAILS
# ─────────────────────────────────────────────────────────────────────────────
- type: dropdown
id: feature-type
attributes:
label: 🏷️ Feature Type
description: What type of feature are you requesting?
options:
- "✨ New Feature"
- "📝 Documentation Improvement"
- "🎨 UI/UX Enhancement"
- "🔨 Code Refactoring"
- "⚡ Performance Improvement"
- "✅ New Test Coverage"
- "🔌 Plugin/Integration"
default: 0
validations:
required: true
- type: dropdown
id: ospos-version
attributes:
label: 📦 OpenSourcePOS Version
description: What version are you currently running?
options:
- development (unreleased)
- OpenSourcePOS 3.4.2
- OpenSourcePOS 3.4.1
- OpenSourcePOS 3.4.0
- OpenSourcePOS 3.3.9
- OpenSourcePOS 3.3.8
default: 0
validations:
required: true
- type: textarea
id: problem-statement
attributes:
label: 🎯 Problem Statement
description: |
Is your feature request related to a problem? Please describe.
A clear description of what the problem is. Ex: I'm always frustrated when [...]
placeholder: |
Example: I always have to manually calculate taxes for different regions,
which is time-consuming and error-prone.
validations:
required: true
- type: textarea
id: proposed-solution
attributes:
label: 💡 Proposed Solution
description: A clear and concise description of what you want to happen.
placeholder: |
Example: Add an automatic tax calculation feature that:
- Detects the customer's region
- Applies the correct tax rate
- Generates a tax report automatically
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: 🔄 Alternatives Considered
description: A clear description of any alternative solutions or features you've considered.
placeholder: |
Example: I considered using an external tax service, but it would be
better to have this integrated directly into OpenSourcePOS.
# ─────────────────────────────────────────────────────────────────────────────
# ADDITIONAL INFORMATION
# ─────────────────────────────────────────────────────────────────────────────
- type: textarea
id: additional-context
attributes:
label: 📎 Additional Context
description: |
Add any other context, screenshots, mockups, or references about the feature request here.
**Helpful additions:**
- Links to similar features in other software
- Mockups or diagrams
- Code examples
- Documentation references
placeholder: |
Any other relevant information, links, or screenshots...
- type: textarea
id: acceptance-criteria
attributes:
label: ✅ Acceptance Criteria
description: |
(Optional) Define what "done" looks like for this feature.
Format: **Given** [context], **When** [action], **Then** [outcome]
placeholder: |
Given a customer is selected from region X
When the sale is completed
Then the tax rate for region X is automatically applied
And the tax amount is correctly calculated
And a tax entry is logged in the report
# ─────────────────────────────────────────────────────────────────────────────
# CONFIRMATION
# ─────────────────────────────────────────────────────────────────────────────
- type: checkboxes
id: terms
attributes:
label: ✓ Confirmation
description: Please confirm before submitting
options:
- label: I have searched existing feature requests to ensure this is not a duplicate
required: true
- label: I have provided a clear problem statement and proposed solution
required: true
name: ✨ Feature Request
description: Suggest an idea for this project
title: "[Feature]: "
labels: ["enhancement"]
assignees: ["none"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this feature request! 🤗
Please make sure this feature request hasn't been already submitted by someone by looking through other open/closed issues. 😃
- type: dropdown
attributes:
multiple: false
label: Type of Feature
description: Select the type of feature request.
options:
- "✨ New Feature"
- "📝 Documentation"
- "🎨 Style and UI"
- "🔨 Code Refactor"
- "⚡ Performance Improvements"
- "✅ New Test"
validations:
required: true
- type: dropdown
id: ospos-version
attributes:
label: OpensourcePOS Version
description: What version of our software are you running?
options:
- opensourcepos 3.3.9
- opensourcepos 3.3.8
- opensourcepos 3.3.7
default: 0
validations:
required: true
- type: textarea
id: description
attributes:
label: Description
description: Give us a brief description of the feature or enhancement you would like
validations:
required: true
- type: textarea
id: additional-information
attributes:
label: Additional Information
description: Give us some additional information on the feature request like proposed solutions, links, screenshots, etc.
- type: checkboxes
id: terms
attributes:
label: Verify you searched open requests in OpensourcePOS
description: By submitting this request you agree that you have searched Open Requests in the Tracker
options:
- label: I agree I have searched Open Requests
required: true

61
.github/workflows/README.md vendored
View File

@@ -1,61 +0,0 @@
# GitHub Actions
This document describes the CI/CD workflows for OSPOS.
## Build and Release Workflow (`.github/workflows/build-release.yml`)
### Build Process
- Setup PHP 8.2 with required extensions
- Setup Node.js 20
- Install composer dependencies
- Install npm dependencies
- Build frontend assets with Gulp
### Docker Images
- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
- On master: tagged with version and `latest`
- On other branches: tagged with version only
- Pushed to Docker Hub
### Releases
- Create distribution archives (tar.gz, zip)
- Create/update GitHub "unstable" release on master branch only
## Required Secrets
To use this workflow, you need to add the following secrets to your repository:
1. **DOCKER_USERNAME** - Docker Hub username for pushing images
2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
### How to add secrets
1. Go to your repository on GitHub
2. Click **Settings****Secrets and variables****Actions**
3. Click **New repository secret**
4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
## Workflow Triggers
- **Push to master** - Runs build, Docker push (with `latest` tag), and release
- **Push to other branches** - Runs build and Docker push (version tag only)
- **Push tags** - Runs build and Docker push (version tag only)
- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
## Existing Workflows
This repository also has these workflows:
- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
- `.github/workflows/php-linter.yml` - PHP linting
## Testing
PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
To test the build workflow:
1. Add the required secrets
2. Push to master or create a PR
3. Monitor the Actions tab in GitHub

214
.github/workflows/build-release.yml vendored
View File

@@ -1,214 +0,0 @@
name: Build and Release
on:
push:
pull_request:
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
version-tag: ${{ steps.version.outputs.version-tag }}
short-sha: ${{ steps.version.outputs.short-sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
extensions: intl, mbstring, mysqli, gd, bcmath, zip
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v4
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install composer dependencies
run: composer install --no-dev --optimize-autoloader
- name: Install npm dependencies
run: npm ci
- name: Install gulp globally
run: npm install -g gulp-cli
- name: Get version info
id: version
run: |
VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///' | tr '/' '_')
TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '_')
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
env:
GITHUB_TAG: ${{ github.ref_name }}
- name: Create .env file
run: |
cp .env.example .env
sed -i 's/production/development/g' .env
- name: Update commit hash
run: |
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
- name: Build frontend assets
run: npm run build
- name: Create distribution archives
run: |
set -euo pipefail
gulp compress
VERSION="${{ steps.version.outputs.version }}"
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist-${{ steps.version.outputs.short-sha }}
path: dist/
retention-days: 7
- name: Upload build context for Docker
uses: actions/upload-artifact@v4
with:
name: build-context-${{ steps.version.outputs.short-sha }}
path: |
.
!.git
!node_modules
retention-days: 1
docker:
name: Build Docker Image
runs-on: ubuntu-22.04
needs: build
if: github.event_name == 'push'
steps:
- name: Download build context
uses: actions/download-artifact@v4
with:
name: build-context-${{ needs.build.outputs.short-sha }}
path: .
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine Docker tags
id: tags
run: |
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '_')
if [ "$BRANCH" = "master" ]; then
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:latest" >> $GITHUB_OUTPUT
else
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
fi
env:
GITHUB_REF: ${{ github.ref }}
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
target: ospos
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.tags.outputs.tags }}
release:
name: Create Release
needs: build
runs-on: ubuntu-22.04
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist-${{ needs.build.outputs.short-sha }}
path: dist/
- name: Get version info
id: version
run: |
VERSION="${{ needs.build.outputs.version }}"
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
- name: Create/Update unstable release
uses: softprops/action-gh-release@v2
with:
tag_name: unstable
name: Unstable OpenSourcePOS
body: |
This is a build of the latest master which might contain bugs. Use at your own risk.
Check the releases section for the latest official release.
files: |
dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
prerelease: true
draft: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

71
.github/workflows/codeql-analysis.yml vendored Normal file
View File

@@ -0,0 +1,71 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '21 12 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

33
.github/workflows/opencode.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: opencode
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
opencode:
if: |
contains(github.event.comment.body, ' /oc') ||
startsWith(github.event.comment.body, '/oc') ||
contains(github.event.comment.body, ' /opencode') ||
startsWith(github.event.comment.body, '/opencode')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
issues: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Run opencode
uses: anomalyco/opencode/github@latest
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
with:
model: anthropic/claude-3-haiku-20240307

14
.github/workflows/phpunit.yml vendored
View File

@@ -69,6 +69,9 @@ jobs:
- name: Install npm dependencies
run: npm install
- name: Build database.sql
run: npm run gulp build-database
- name: Start MariaDB
run: |
docker run -d --name mysql \
@@ -76,6 +79,7 @@ jobs:
-e MYSQL_DATABASE=ospos \
-e MYSQL_USER=admin \
-e MYSQL_PASSWORD=pointofsale \
-v $PWD/app/Database/database.sql:/docker-entrypoint-initdb.d/database.sql \
-p 3306:3306 \
mariadb:10.5
# Wait for MariaDB to be ready
@@ -107,15 +111,7 @@ jobs:
env:
CI_ENVIRONMENT: testing
MYSQL_HOST_NAME: 127.0.0.1
run: composer test -- --log-junit test-results/junit.xml
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results-php-${{ matrix.php-version }}
path: test-results/
retention-days: 30
run: composer test
- name: Stop MariaDB
if: always()

172
.github/workflows/release.yml vendored
View File

@@ -1,172 +0,0 @@
name: Release Version Bump
on:
workflow_dispatch:
inputs:
version_type:
description: 'Version bump type'
required: true
type: choice
options:
- minor
- major
- patch
default: 'minor'
permissions:
contents: write
jobs:
prepare-release:
name: Prepare Release
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Get current version
id: current_version
run: |
CURRENT_VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "Current version: $CURRENT_VERSION"
- name: Calculate new version
id: version
run: |
CURRENT_VERSION="${{ steps.current_version.outputs.current_version }}"
VERSION_TYPE="${{ github.event.inputs.version_type }}"
# Parse current version
MAJOR=$(echo $CURRENT_VERSION | cut -d. -f1)
MINOR=$(echo $CURRENT_VERSION | cut -d. -f2)
PATCH=$(echo $CURRENT_VERSION | cut -d. -f3)
# Bump version based on type
case $VERSION_TYPE in
major)
MAJOR=$((MAJOR + 1))
MINOR=0
PATCH=0
;;
minor)
MINOR=$((MINOR + 1))
PATCH=0
;;
patch)
PATCH=$((PATCH + 1))
;;
esac
NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
echo "previous_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "New version: $NEW_VERSION (was: $CURRENT_VERSION, type: $VERSION_TYPE)"
- name: Update version in App.php
run: |
NEW_VERSION="${{ steps.version.outputs.new_version }}"
sed -i "s/public string \\\$application_version = '[^']*';/public string \\\$application_version = '$NEW_VERSION';/" app/Config/App.php
echo "Updated app/Config/App.php"
- name: Update version in package.json
run: |
NEW_VERSION="${{ steps.version.outputs.new_version }}"
sed -i "s/\"version\": \"[^\"]*\",/\"version\": \"$NEW_VERSION\",/" package.json
echo "Updated package.json"
- name: Update version in docker-compose.nginx.yml
run: |
NEW_VERSION="${{ steps.version.outputs.new_version }}"
sed -i "s/jekkos\/opensourcepos:[^ ]*/jekkos\/opensourcepos:$NEW_VERSION/" docker-compose.nginx.yml
echo "Updated docker-compose.nginx.yml"
- name: Update version in README.md
run: |
NEW_VERSION="${{ steps.version.outputs.new_version }}"
# Extract major.minor for the "latest X.Y version" text
MAJOR_MINOR=$(echo "$NEW_VERSION" | cut -d. -f1,2)
sed -i "s/The latest \`[0-9]*\.[0-9]*\` version/The latest \`${MAJOR_MINOR}\` version/" README.md
echo "Updated README.md with version ${MAJOR_MINOR}"
- name: Generate changelog
id: changelog
run: |
PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
NEW_VERSION="${{ steps.version.outputs.new_version }}"
# Get commits since last version
if git rev-parse "$PREVIOUS_VERSION" >/dev/null 2>&1; then
COMMITS=$(git log "$PREVIOUS_VERSION"..HEAD --pretty=format:"- %s" --no-merges)
else
COMMITS=$(git log --pretty=format:"- %s" --no-merges -50)
fi
# Create changelog entry
CHANGELOG_FILE="CHANGELOG.md"
# Create the new version comparison link
NEW_LINK="[${NEW_VERSION}]: https://github.com/opensourcepos/opensourcepos/compare/${PREVIOUS_VERSION}...${NEW_VERSION}"
# Insert new link after [unreleased] line
sed -i "/^\[unreleased\]/a $NEW_LINK" "$CHANGELOG_FILE"
# Update [unreleased] link to start from new version
sed -i "s|^\[unreleased\]: .*|\[unreleased\]: https://github.com/opensourcepos/opensourcepos/compare/${NEW_VERSION}...HEAD|" "$CHANGELOG_FILE"
# Create version header and content using temp file to avoid sed issues with special characters
VERSION_DATE=$(date +%Y-%m-%d)
VERSION_HEADER="## [$NEW_VERSION] - $VERSION_DATE"
# Create temp file with changelog entry
TMP_FILE=$(mktemp)
{
echo ""
echo "$VERSION_HEADER"
echo ""
echo "$COMMITS"
} > "$TMP_FILE"
# Insert after Unreleased header
sed -i "/^## \[Unreleased\]/r $TMP_FILE" "$CHANGELOG_FILE"
rm "$TMP_FILE"
echo "Updated CHANGELOG.md"
echo "Changelog entries:"
echo "$COMMITS"
- name: Update version in issue templates
run: |
NEW_VERSION="${{ steps.version.outputs.new_version }}"
# Calculate version to remove (keep 5 versions)
PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
# Bug report template - insert new version after development (unreleased)
BUG_TEMPLATE=".github/ISSUE_TEMPLATE/bug report.yml"
sed -i "/- development (unreleased)/a\\ - OpenSourcePOS ${NEW_VERSION}" "$BUG_TEMPLATE"
# Remove the oldest version (5th version from the end)
sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$BUG_TEMPLATE"
echo "Updated $BUG_TEMPLATE"
# Feature request template - insert new version after development (unreleased)
FEATURE_TEMPLATE=".github/ISSUE_TEMPLATE/feature_request.yml"
sed -i "/- development (unreleased)/a\\ - OpenSourcePOS ${NEW_VERSION}" "$FEATURE_TEMPLATE"
# Remove the oldest version (5th version from the end)
sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$FEATURE_TEMPLATE"
echo "Updated $FEATURE_TEMPLATE"
- name: Commit version bump
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
NEW_VERSION="${{ steps.version.outputs.new_version }}"
git add app/Config/App.php package.json docker-compose.nginx.yml CHANGELOG.md README.md .github/ISSUE_TEMPLATE/
git commit -m "chore: release version $NEW_VERSION"
git push origin HEAD

54
.travis.yml Normal file
View File

@@ -0,0 +1,54 @@
sudo: required
branches:
except:
- unstable
- weblate
services:
- docker
dist: jammy
language: node_js
node_js:
- 20
script:
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
- version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
- cp .env.example .env && sed -i 's/production/development/g' .env
- sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
- echo "$version-$branch-$rev"
- npm version "$version-$branch-$rev" --force || true
- sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
- npm ci && npm install -g gulp && npm run build
- docker build . --target ospos -t ospos
- docker build . --target ospos_test -t ospos_test
- docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
- docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
env:
global:
- BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
- TAG=$(echo "${TRAVIS_TAG:-$BRANCH}" | tr '/' '-')
- date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
after_success:
- docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
"jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
- gulp compress
- mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
- mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
deploy:
- provider: releases
edge: true
file: dist/opensourcepos.$version.$rev.zip
name: "Unstable OpensourcePos"
overwrite: true
release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
prerelease: true
tag_name: unstable
user: jekkos
api_key:
secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
on:
branch: master

40
AGENTS.md
View File

@@ -1,40 +0,0 @@
# Agent Instructions
This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
## Code Style
- Follow PHP CodeIgniter 4 coding standards
- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
- Write PHP 8.1+ compatible code with proper type declarations
- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
## Development
- Create a new git worktree for each issue, based on the latest state of `origin/master`
- Commit fixes to the worktree and push to the remote
## Testing
- Run PHPUnit tests: `composer test`
- Tests must pass before submitting changes
## Build
- Install dependencies: `composer install && npm install`
- Build assets: `npm run build` or `gulp`
## Conventions
- Controllers go in `app/Controllers/`
- Models go in `app/Models/`
- Views go in `app/Views/`
- Database migrations in `app/Database/Migrations/`
- Use CodeIgniter 4 framework patterns and helpers
- Sanitize user input; escape output using `esc()` helper
## Security
- Never commit secrets, credentials, or `.env` files
- Use parameterized queries to prevent SQL injection
- Validate and sanitize all user input

295
API.md Normal file
View File

@@ -0,0 +1,295 @@
# OSPOS REST API Design
This document describes the proposed REST API for Open Source Point of Sale (OSPOS).
## Overview
The OSPOS REST API provides programmatic access to:
- **Customers** - Full CRUD operations
- **Suppliers** - Full CRUD operations
- **Items** - Full CRUD operations
- **Inventory** - Stock adjustments (update only)
- **Sales** - Read-only queries
- **Receivings** - Read-only queries
## Authentication
All API endpoints require authentication via an API Key passed in the `X-API-Key` header.
```
X-API-Key: your-api-key-here
```
> **Note:** API Key authentication implementation will be added in a subsequent phase. The spec documents the intended authentication mechanism.
## Base URL
All API endpoints are relative to `/api/v1`.
```
https://your-domain.com/api/v1/customers
```
## Pagination
List endpoints support pagination using `offset` and `limit` query parameters:
| Parameter | Type | Default | Maximum | Description |
|-----------|---------|---------|---------|------------------------------|
| `offset` | integer | 0 | - | Number of records to skip |
| `limit` | integer | 25 | 100 | Number of records to return |
**Example Request:**
```
GET /api/v1/customers?offset=0&limit=25
```
**Example Response:**
```json
{
"total": 150,
"offset": 0,
"limit": 25,
"rows": [
{ "person_id": 1, "first_name": "John", ... },
{ "person_id": 2, "first_name": "Jane", ... }
]
}
```
## Response Format
### Success Response
```json
{
"success": true,
"message": "Customer created successfully",
"id": 42
}
```
### Error Response
```json
{
"success": false,
"message": "Error description here"
}
```
### HTTP Status Codes
| Status Code | Description |
|-------------|--------------------------------------------------|
| 200 | Success |
| 201 | Resource created successfully |
| 400 | Bad request / Invalid input |
| 401 | Unauthorized / Invalid API key |
| 404 | Resource not found |
| 409 | Conflict (e.g., duplicate unique field) |
| 500 | Internal server error |
## Endpoints Summary
### Customers
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/customers` | List customers | Read |
| POST | `/customers` | Create customer | Write |
| GET | `/customers/{id}` | Get customer by ID | Read |
| PUT | `/customers/{id}` | Update customer | Write |
| DELETE | `/customers/{id}` | Delete customer (soft delete) | Write |
| POST | `/customers/batch-delete` | Delete multiple customers | Write |
| GET | `/customers/suggest` | Autocomplete suggestions | Read |
### Suppliers
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/suppliers` | List suppliers | Read |
| POST | `/suppliers` | Create supplier | Write |
| GET | `/suppliers/{id}` | Get supplier by ID | Read |
| PUT | `/suppliers/{id}` | Update supplier | Write |
| DELETE | `/suppliers/{id}` | Delete supplier (soft delete) | Write |
| POST | `/suppliers/batch-delete` | Delete multiple suppliers | Write |
| GET | `/suppliers/suggest` | Autocomplete suggestions | Read |
### Items
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/items` | List items | Read |
| POST | `/items` | Create item | Write |
| GET | `/items/{id}` | Get item by ID | Read |
| PUT | `/items/{id}` | Update item | Write |
| DELETE | `/items/{id}` | Delete item (soft delete) | Write |
| POST | `/items/batch-delete` | Delete multiple items | Write |
| POST | `/items/batch-update` | Update multiple items | Write |
| GET | `/items/suggest` | Autocomplete suggestions | Read |
| GET | `/items/{id}/quantities` | Get stock quantities | Read |
### Inventory
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/inventory` | List inventory transactions | Read |
| POST | `/inventory` | Create inventory adjustment | Write |
| POST | `/inventory/bulk` | Bulk inventory adjustments | Write |
### Sales (Read-Only)
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/sales` | List sales | Read |
| GET | `/sales/{id}` | Get sale details | Read |
| GET | `/sales/{id}/items` | Get sale items | Read |
| GET | `/sales/{id}/payments` | Get sale payments | Read |
### Receivings (Read-Only)
| Method | Endpoint | Description | Access |
|--------|-------------------------------|--------------------------------|---------|
| GET | `/receivings` | List receivings | Read |
| GET | `/receivings/{id}` | Get receiving details | Read |
| GET | `/receivings/{id}/items` | Get receiving items | Read |
## Schema Reference
### Common Fields
#### Person Fields (base for Customer, Supplier)
| Field | Type | Description |
|---------------|-----------|------------------------------|
| `first_name` | string | First name (required) |
| `last_name` | string | Last name (required) |
| `gender` | integer | Gender (0=male, 1=female) |
| `phone_number`| string | Phone number |
| `email` | string | Email address |
| `address_1` | string | Address line 1 |
| `address_2` | string | Address line 2 |
| `city` | string | City |
| `state` | string | State/Province |
| `zip` | string | Postal/ZIP code |
| `country` | string | Country |
| `comments` | string | Additional notes |
### Customer Fields
Extends Person fields with:
| Field | Type | Description |
|--------------------|-----------|------------------------------------|
| `person_id` | integer | Unique identifier (read-only) |
| `account_number` | string | Customer account number |
| `taxable` | integer | Taxable status (0/1) |
| `tax_id` | string | Tax identification number |
| `sales_tax_code_id`| integer | Sales tax code ID |
| `discount` | decimal | Discount percentage/amount |
| `discount_type` | integer | Discount type (0=percent, 1=fixed) |
| `company_name` | string | Company name |
| `package_id` | integer | Rewards package ID |
| `points` | integer | Rewards points balance |
| `consent` | integer | Consent status (0/1) |
### Supplier Fields
Extends Person fields with:
| Field | Type | Description |
|-----------------|-----------|-------------------------------------|
| `person_id` | integer | Unique identifier (read-only) |
| `company_name` | string | Company name |
| `account_number`| string | Supplier account number |
| `tax_id` | string | Tax identification number |
| `agency_name` | string | Agency name |
| `category` | integer | Category (0=goods, 1=cost) |
### Item Fields
| Field | Type | Required | Description |
|----------------------|-----------|----------|--------------------------------------|
| `item_id` | integer | auto | Unique identifier (read-only) |
| `name` | string | yes | Item name |
| `category` | string | yes | Item category |
| `supplier_id` | integer | no | Supplier ID |
| `item_number` | string | no | Barcode/SKU |
| `description` | string | no | Item description |
| `cost_price` | decimal | no | Cost price |
| `unit_price` | decimal | yes | Selling price |
| `reorder_level` | decimal | no | Reorder threshold |
| `receiving_quantity` | decimal | no | Receiving quantity (default 1) |
| `allow_alt_description`| integer | no | Allow alt description (0/1) |
| `is_serialized` | integer | no | Has serial number (0/1) |
| `stock_type` | integer | no | Stock type (0=stocked, 1=non-stocked)|
| `item_type` | integer | no | Item type (0=standard, 1=kit, 2=temp)|
| `tax_category_id` | integer | no | Tax category ID |
| `qty_per_pack` | decimal | no | Quantity per pack |
| `pack_name` | string | no | Pack name |
| `hsn_code` | string | no | HSN code |
### Inventory Adjustment
| Field | Type | Required | Description |
|------------------|-----------|----------|--------------------------------------|
| `item_id` | integer | yes | Item ID to adjust |
| `trans_inventory`| decimal | yes | Quantity change (+ add, - remove) |
| `trans_location` | integer | no | Stock location ID |
| `trans_comment` | string | no | Reason for adjustment |
## OpenAPI Specification
The complete OpenAPI 3.1.0 specification is available at:
- **YAML format:** `/public/api/openapi.yaml`
This specification can be used with:
- [Swagger UI](https://swagger.io/tools/swagger-ui/) for interactive documentation
- [Swagger Codegen](https://swagger.io/tools/swagger-codegen/) to generate client SDKs
- [OpenAPI Generator](https://openapi-generator.tech/) for code generation
- API testing tools like Postman or Insomnia
## Implementation Notes
### Phase 1: Core Endpoints (Proposed)
1. Customers API (full CRUD)
2. Suppliers API (full CRUD)
3. Items API (full CRUD)
4. Inventory adjustments API (create only)
### Phase 2: Read-Only Endpoints (Proposed)
1. Sales API (read-only)
2. Receivings API (read-only)
### Phase 3: Extended Features (Future)
1. Batch operations for all endpoints
2. Search/filter capabilities
3. Authorization/permissions integration
4. Rate limiting
5. API key management interface
## Discussion Topics
The following aspects of the API design are open for discussion:
1. **Field naming conventions**: Currently following existing database column names. Should we use camelCase for JSON?
2. **Batch operations**: Current design separates batch-delete and batch-update. Should we consolidate?
3. **Date formats**: Using ISO 8601 (date-time). Is timezone handling needed?
4. **Error response structure**: Current format uses `{success, message}`. Should we include error codes?
5. **Relationship representations**: Should nested resources (e.g., sale items) always be included?
6. **Inventory adjustments**: Should we support setting absolute quantities vs. relative changes?
7. **Authorization integration**: How should API access integrate with existing employee permissions?
8. **Stock locations**: Multiple locations per item - do we need location-specific endpoints?

32
Dockerfile
View File

@@ -1,22 +1,28 @@
FROM php:8.2-apache AS ospos
LABEL maintainer="jekkos"
RUN apt-get update && apt-get install -y --no-install-recommends \
libicu-dev \
libgd-dev \
&& docker-php-ext-install mysqli bcmath intl gd \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& a2enmod rewrite
RUN apt update && apt-get install -y libicu-dev libgd-dev
RUN a2enmod rewrite
RUN docker-php-ext-install mysqli bcmath intl gd
RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
WORKDIR /app
COPY --chown=www-data:www-data . /app
RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
&& ln -s /app/*[^public] /var/www \
&& rm -rf /var/www/html \
&& ln -nsf /app/public /var/www/html
COPY . /app
RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
FROM ospos AS ospos_test
COPY --from=composer /usr/bin/composer /usr/bin/composer
RUN apt-get install -y libzip-dev wget git
RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
RUN docker-php-ext-install zip
RUN composer install -d/app
#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
WORKDIR /app/tests
CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
FROM ospos AS ospos_dev

53
INSTALL.md
View File

@@ -6,63 +6,22 @@
- Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
- For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
## Security Configuration
### Allowed Hostnames (REQUIRED for Production)
⚠️ **CRITICAL**: OpenSourcePOS validates the Host header to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You MUST configure `app.allowedHostnames` for production deployments. If not configured, the application will fail to start.**
**Add to your `.env` file:**
```bash
# Comma-separated list of allowed hostnames (no protocols or ports)
app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
```
**For local development:**
```bash
app.allowedHostnames = 'localhost'
```
**If you see this error at startup:**
```text
RuntimeException: Security: allowedHostnames is not configured.
```
**Solution**: Add `app.allowedHostnames` to your `.env` file with your domain(s).
**Why this matters:**
- Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
- Ensures URLs are generated with the correct domain
- Security advisory: https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-jchf-7hr6-h4f3
- Fixes issue #4480: .env configuration now works via comma-separated values
### HTTPS Behind Proxy
If your installation is behind a proxy with SSL offloading, set:
```
FORCE_HTTPS = true
```
## Local install
First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
2. Create/locate a new MySQL database to install Open Source Point of Sale into.
3. Unzip and upload Open Source Point of Sale files to the web-server.
4. If `.env` does not exist, copy `.env.example` to `.env`.
5. Open `.env` and modify credentials to connect to your database if needed.
6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
3. Execute the file `app/Database/database.sql` to create the tables needed.
4. Unzip and upload Open Source Point of Sale files to the web-server.
5. Open `.env` file and modify credentials to connect to your database if needed. (First copy .env.example to .env and update)
7. Go to your install `public` dir via the browser.
8. Log in using
- Username: admin
- Password: pointofsale
9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
10. Enjoy!
11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
9. Enjoy!
10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
## Local install using Docker

8
README.md
View File

@@ -8,7 +8,7 @@
</p>
<p align="center">
<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
<a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
<a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
<a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o
## 🙏 Credits
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
| --- | --- | --- |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |

37
SECURITY.md
View File

@@ -1,9 +1,9 @@
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Security Policy](#security-policy)
- [Supported Versions](#supported-versions)
- [Security Advisories](#security-advisories)
- [Reporting a Vulnerability](#reporting-a-vulnerability)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,35 +12,14 @@
## Supported Versions
We release patches for security vulnerabilities.
We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
| Version | Supported |
| --------- | ------------------ |
| >= 3.4.2 | :white_check_mark: |
| < 3.4.2 | :x: |
## Security Advisories
The following security vulnerabilities have been published:
### High Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
### Medium Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).
| CVSS v3.0 | Supported Versions |
| --------- | -------------------------------------------------- |
| 7.3 | 3.3.5 |
| 9.8 | 3.3.6 |
| 6.8 | 3.4.2 |
## Reporting a Vulnerability
Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**.
You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

89
app/Config/App.php
View File

@@ -55,21 +55,13 @@ class App extends BaseConfig
public string $baseURL; // Defined in the constructor
/**
* Allowed Hostnames for the Site URL.
*
* Security: This is used to validate the HTTP Host header to prevent
* Host Header Injection attacks. If the Host header doesn't match
* an entry in this list, the request will use the first allowed hostname.
*
* IMPORTANT: This MUST be configured for production deployments.
* If empty in production, the application will fail to start.
* In development, it will fall back to 'localhost' with a warning.
*
* Configure via .env file (comma-separated list):
* app.allowedHostnames = 'example.com,www.example.com'
*
* For local development:
* app.allowedHostnames = 'localhost'
* Allowed Hostnames in the Site URL other than the hostname in the baseURL.
* If you want to accept multiple Hostnames, set this.
*
* E.g.,
* When your site URL ($baseURL) is 'http://example.com/', and your site
* also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
* ['media.example.com', 'accounts.example.com']
*
* @var list<string>
*/
@@ -291,74 +283,9 @@ class App extends BaseConfig
public function __construct()
{
parent::__construct();
// Solution for CodeIgniter 4 limitation: arrays cannot be set from .env
// See: https://github.com/codeigniter4/CodeIgniter4/issues/7311
$envAllowedHostnames = getenv('app.allowedHostnames');
if ($envAllowedHostnames !== false && trim($envAllowedHostnames) !== '') {
$this->allowedHostnames = array_values(array_filter(
array_map('trim', explode(',', $envAllowedHostnames)),
static fn (string $hostname): bool => $hostname !== ''
));
}
$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
$host = $this->getValidHost();
$this->baseURL = $this->https_on ? 'https' : 'http';
$this->baseURL .= '://' . $host . '/';
$this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
$this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
/**
* Validates and returns a trusted hostname.
*
* Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
* by validating the HTTP_HOST against a whitelist of allowed hostnames.
*
* In production: Fails fast if allowedHostnames is not configured.
* In development: Allows localhost fallback with an error log.
*
* @return string A validated hostname
* @throws \RuntimeException If allowedHostnames is not configured in production
*/
private function getValidHost(): string
{
$httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
// Determine environment
// CodeIgniter's test bootstrap sets $_SERVER['CI_ENVIRONMENT'] = 'testing'
// Check $_SERVER first, then $_ENV, then fall back to 'production'
$environment = $_SERVER['CI_ENVIRONMENT'] ?? $_ENV['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT') ?: 'production';
if (empty($this->allowedHostnames)) {
$errorMessage =
'Security: allowedHostnames is not configured. ' .
'Host header injection protection is disabled. ' .
'Set app.allowedHostnames in your .env file. ' .
'Example: app.allowedHostnames = "example.com,www.example.com" ' .
'Received Host: ' . $httpHost;
// Production: Fail explicitly to prevent silent security vulnerabilities
// Testing and development: Allow localhost fallback
if ($environment === 'production') {
throw new \RuntimeException($errorMessage);
}
log_message('error', $errorMessage . ' Using localhost fallback (development only).');
return 'localhost';
}
if (in_array($httpHost, $this->allowedHostnames, true)) {
return $httpHost;
}
// Host not in whitelist - use first configured hostname as fallback
log_message('warning',
'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
'Using fallback: ' . $this->allowedHostnames[0]
);
return $this->allowedHostnames[0];
}
}

5
app/Config/Constants.php
View File

@@ -169,8 +169,3 @@ const MAX_PRECISION = 1e14;
const DEFAULT_PRECISION = 2;
const DEFAULT_LANGUAGE = 'english';
const DEFAULT_LANGUAGE_CODE = 'en';
/**
* Admin modules - list of modules required for admin privileges
*/
const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

2
app/Config/Filters.php
View File

@@ -70,7 +70,7 @@ class Filters extends BaseFilters
public array $globals = [
'before' => [
'honeypot',
'csrf' => ['except' => 'login|migrate'],
'csrf' => ['except' => 'login'],
'invalidchars',
],
'after' => [

21
app/Config/OSPOS.php
View File

@@ -5,7 +5,6 @@ namespace Config;
use App\Models\Appconfig;
use CodeIgniter\Cache\CacheInterface;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Database\Exceptions\DatabaseException;
/**
* This class holds the configuration options stored from the database so that on launch those settings can be cached
@@ -35,21 +34,11 @@ class OSPOS extends BaseConfig
if ($cache) {
$this->settings = decode_array($cache);
} else {
try {
$appconfig = model(Appconfig::class);
foreach ($appconfig->get_all()->getResult() as $app_config) {
$this->settings[$app_config->key] = $app_config->value;
}
$this->cache->save('settings', encode_array($this->settings));
} catch (DatabaseException $e) {
// Database table doesn't exist yet (migrations haven't run)
// Return empty settings to allow migration page to display
$this->settings = [
'language' => 'english',
'language_code' => 'en',
'company' => 'Home'
];
$appconfig = model(Appconfig::class);
foreach ($appconfig->get_all()->getResult() as $app_config) {
$this->settings[$app_config->key] = $app_config->value;
}
$this->cache->save('settings', encode_array($this->settings));
}
}
@@ -61,4 +50,4 @@ class OSPOS extends BaseConfig
$this->cache->delete('settings');
$this->set_settings();
}
}
}

1
app/Config/Routes.php
View File

@@ -10,7 +10,6 @@ $routes->setDefaultController('Login');
$routes->get('/', 'Login::index');
$routes->get('login', 'Login::index');
$routes->post('login', 'Login::index');
$routes->post('migrate', 'Login::migrate');
$routes->add('no_access/index/(:segment)', 'No_access::index/$1');
$routes->add('no_access/index/(:segment)/(:segment)', 'No_access::index/$1/$2');

21
app/Config/Session.php
View File

@@ -5,8 +5,6 @@ namespace Config;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Session\Handlers\BaseHandler;
use CodeIgniter\Session\Handlers\DatabaseHandler;
use CodeIgniter\Session\Handlers\FileHandler;
use Config\Database;
class Session extends BaseConfig
{
@@ -126,23 +124,4 @@ class Session extends BaseConfig
* seconds.
*/
public int $lockMaxRetries = 300;
public function __construct()
{
parent::__construct();
if ($this->driver === DatabaseHandler::class) {
try {
$db = Database::connect();
if (!$db->tableExists($this->savePath)) {
$this->driver = FileHandler::class;
$this->savePath = WRITEPATH . 'session';
}
} catch (\CodeIgniter\Database\Exceptions\DatabaseException $e) {
$this->driver = FileHandler::class;
$this->savePath = WRITEPATH . 'session';
}
}
}
}

15
app/Config/Validation/OSPOSRules.php
View File

@@ -135,19 +135,4 @@ class OSPOSRules
{
return parse_decimals($candidate) !== false;
}
/**
* Validates that a locale-aware decimal value is non-negative (>= 0).
*
* @param string $candidate
* @param string|null $error
* @return bool
* @noinspection PhpUnused
*/
public function nonNegativeDecimal(string $candidate, ?string &$error = null): bool
{
$value = parse_decimals($candidate);
return $value !== false && $value >= 0;
}
}

40
app/Controllers/Attributes.php
View File

@@ -106,24 +106,12 @@ class Attributes extends Secure_Controller
$definition_flags |= $flag;
}
// Validate definition_group (definition_fk) foreign key
$definition_group_input = $this->request->getPost('definition_group');
$definition_fk = $this->validateDefinitionGroup($definition_group_input);
if ($definition_fk === false) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Attributes.definition_invalid_group'),
'id' => NEW_ENTRY
]);
}
// Save definition data
$definition_data = [
'definition_name' => $this->request->getPost('definition_name'),
'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
'definition_flags' => $definition_flags,
'definition_fk' => $definition_fk
'definition_fk' => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : null
];
if ($this->request->getPost('definition_type') != null) {
@@ -162,32 +150,6 @@ class Attributes extends Secure_Controller
}
}
/**
* Validates a definition_group foreign key.
* Returns the validated integer ID, null if empty, or false if invalid.
*
* @param mixed $definition_group_input
* @return int|null|false
*/
private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
{
if ($definition_group_input === '' || $definition_group_input === null) {
return null;
}
$definition_group_id = (int) $definition_group_input;
// Must be a positive integer, exist in attribute_definitions, and be of type GROUP
if ($definition_group_id <= 0
|| !$this->attribute->exists($definition_group_id)
|| $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
) {
return false;
}
return $definition_group_id;
}
/**
*
* @param int $definition_id

3
app/Controllers/Cashups.php
View File

@@ -36,9 +36,6 @@ class Cashups extends Secure_Controller
// filters that will be loaded in the multiselect dropdown
$data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('cashups/manage', $data);
}

72
app/Controllers/Config.php
View File

@@ -3,7 +3,6 @@
namespace App\Controllers;
use App\Libraries\Barcode_lib;
use App\Libraries\Image_lib;
use App\Libraries\Mailchimp_lib;
use App\Libraries\Receiving_lib;
use App\Libraries\Sale_lib;
@@ -12,7 +11,6 @@ use App\Models\Appconfig;
use App\Models\Attribute;
use App\Models\Customer_rewards;
use App\Models\Dinner_table;
use App\Models\Item;
use App\Models\Module;
use App\Models\Enums\Rounding_mode;
use App\Models\Stock_location;
@@ -251,10 +249,6 @@ class Config extends Secure_Controller
$data['image_allowed_types'] = array_combine($image_allowed_types, $image_allowed_types);
$data['selected_image_allowed_types'] = explode(',', $this->config['image_allowed_types']);
$exif_fields = ['Make', 'Model', 'Orientation', 'Copyright', 'Software', 'DateTime', 'GPS'];
$data['exif_fields'] = array_combine($exif_fields, $exif_fields);
$data['selected_exif_fields'] = array_filter(explode(',', $this->config['exif_fields_to_keep'] ?? ''));
// Integrations Related fields
$data['mailchimp'] = [];
@@ -360,15 +354,6 @@ class Config extends Secure_Controller
$file->move(FCPATH . 'uploads/', $file_info['raw_name'] . '.' . $file_info['file_ext'], true);
$exif_fields_to_keep = array_filter(explode(',', $this->appconfig->get_value('exif_fields_to_keep', 'Copyright,Orientation,Software')));
if (!empty($exif_fields_to_keep)) {
$image_lib = new Image_lib();
$filepath = FCPATH . 'uploads/' . $file_info['raw_name'] . '.' . $file_info['file_ext'];
if (!$image_lib->stripEXIF($filepath, $exif_fields_to_keep)) {
log_message('warning', 'EXIF stripping failed for: ' . $filepath);
}
}
return ($file_info);
}
@@ -396,14 +381,13 @@ class Config extends Secure_Controller
'image_max_width' => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT),
'image_max_height' => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT),
'image_max_size' => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT),
'image_allowed_types' => implode(',', $this->request->getPost('image_allowed_types') ?? []),
'exif_fields_to_keep' => implode(',', $this->request->getPost('exif_fields_to_keep') ?? []),
'image_allowed_types' => implode(',', $this->request->getPost('image_allowed_types')),
'gcaptcha_enable' => $this->request->getPost('gcaptcha_enable') != null,
'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key'),
'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key'),
'suggestions_first_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_first_column'), 'first'),
'suggestions_second_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_second_column'), 'other'),
'suggestions_third_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_third_column'), 'other'),
'suggestions_first_column' => $this->request->getPost('suggestions_first_column'),
'suggestions_second_column' => $this->request->getPost('suggestions_second_column'),
'suggestions_third_column' => $this->request->getPost('suggestions_third_column'),
'giftcard_number' => $this->request->getPost('giftcard_number'),
'derive_sale_quantity' => $this->request->getPost('derive_sale_quantity') != null,
'multi_pack_enabled' => $this->request->getPost('multi_pack_enabled') != null,
@@ -477,9 +461,8 @@ class Config extends Secure_Controller
public function postSaveLocale(): ResponseInterface
{
$exploded = explode(":", $this->request->getPost('language'));
$currency_symbol = $this->request->getPost('currency_symbol');
$batch_save_data = [
'currency_symbol' => htmlspecialchars($currency_symbol ?? ''),
'currency_symbol' => $this->request->getPost('currency_symbol'),
'currency_code' => $this->request->getPost('currency_code'),
'language_code' => $exploded[0],
'language' => $exploded[1],
@@ -519,24 +502,9 @@ class Config extends Secure_Controller
$password = $this->encrypter->encrypt($this->request->getPost('smtp_pass'));
}
$protocol = $this->request->getPost('protocol');
$mailpath = $this->request->getPost('mailpath');
// Validate mailpath: required for sendmail, optional for others but must be safe if provided
$isMailpathRequired = ($protocol === 'sendmail');
$isMailpathProvided = !empty($mailpath);
$isMailpathValid = $isMailpathProvided && preg_match('/^[a-zA-Z0-9_\-\/.]+$/', $mailpath);
if (($isMailpathRequired && !$isMailpathProvided) || ($isMailpathProvided && !$isMailpathValid)) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Config.mailpath_invalid')
]);
}
$batch_save_data = [
'protocol' => $protocol,
'mailpath' => $mailpath,
'protocol' => $this->request->getPost('protocol'),
'mailpath' => $this->request->getPost('mailpath'),
'smtp_host' => $this->request->getPost('smtp_host'),
'smtp_user' => $this->request->getPost('smtp_user'),
'smtp_pass' => $password,
@@ -974,9 +942,7 @@ class Config extends Secure_Controller
'work_order_enable' => $this->request->getPost('work_order_enable') != null,
'work_order_format' => $this->request->getPost('work_order_format'),
'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT),
'invoice_type' => Sale_lib::isValidInvoiceType($this->request->getPost('invoice_type'))
? $this->request->getPost('invoice_type')
: 'invoice'
'invoice_type' => $this->request->getPost('invoice_type')
];
$success = $this->appconfig->batch_save($batch_save_data);
@@ -1007,26 +973,4 @@ class Config extends Secure_Controller
return $this->response->setJSON(['success' => $success]);
}
/**
* Validates suggestions column configuration to prevent SQL injection.
*
* @param mixed $column The column value from POST
* @param string $fieldType Either 'first' or 'other' to determine default fallback
* @return string Validated column name
*/
private function validateSuggestionsColumn(mixed $column, string $fieldType): string
{
if (!is_string($column)) {
return $fieldType === 'first' ? 'name' : '';
}
$allowed = $fieldType === 'first'
? Item::ALLOWED_SUGGESTIONS_COLUMNS
: Item::ALLOWED_SUGGESTIONS_COLUMNS_WITH_EMPTY;
$fallback = $fieldType === 'first' ? 'name' : '';
return in_array($column, $allowed, true) ? $column : $fallback;
}
}

12
app/Controllers/Employees.php
View File

@@ -78,7 +78,7 @@ class Employees extends Persons
$person_info = $this->employee->get_info($employee_id);
$current_user = $this->employee->get_logged_in_employee_info();
if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
if ($employee_id != NEW_ENTRY && !$this->employee->can_modify_employee($person_info->person_id, $current_user->person_id)) {
header('Location: ' . base_url('no_access/employees/employees'));
exit();
}
@@ -120,7 +120,7 @@ class Employees extends Persons
if ($employee_id != NEW_ENTRY) {
$target_employee = $this->employee->get_info($employee_id);
if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
if (!$this->employee->can_modify_employee($target_employee->person_id, $current_user->person_id)) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.error_updating_admin'),
@@ -153,14 +153,14 @@ class Employees extends Persons
];
$grants_array = [];
$isAdmin = $this->employee->isAdmin($current_user->person_id);
$is_admin = $this->employee->is_admin($current_user->person_id);
foreach ($this->module->get_all_permissions()->getResult() as $permission) {
$grants = [];
$grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
if ($grant == $permission->permission_id) {
if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
if (!$is_admin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
continue;
}
$grants['permission_id'] = $permission->permission_id;
@@ -226,9 +226,9 @@ class Employees extends Persons
$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$current_user = $this->employee->get_logged_in_employee_info();
if (!$this->employee->isAdmin($current_user->person_id)) {
if (!$this->employee->is_admin($current_user->person_id)) {
foreach ($employees_to_delete as $emp_id) {
if ($this->employee->isAdmin((int)$emp_id)) {
if ($this->employee->is_admin((int)$emp_id)) {
return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
}
}

44
app/Controllers/Expenses.php
View File

@@ -38,9 +38,6 @@ class Expenses extends Secure_Controller
'is_deleted' => lang('Expenses.is_deleted')
];
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('expenses/manage', $data);
}
@@ -93,23 +90,16 @@ class Expenses extends Secure_Controller
{
$data = []; // TODO: Duplicated code
$data['expenses_info'] = $this->expense->get_info($expense_id);
$expense_id = $data['expenses_info']->expense_id;
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
foreach ($this->employee->get_all()->getResult() as $employee) {
foreach (get_object_vars($employee) as $property => $value) {
$employee->$property = $value;
}
} else {
$stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
$data['can_assign_employee'] = $can_assign_employee;
$data['expenses_info'] = $this->expense->get_info($expense_id);
$expense_categories = [];
foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
@@ -117,9 +107,11 @@ class Expenses extends Secure_Controller
}
$data['expense_categories'] = $expense_categories;
$expense_id = $data['expenses_info']->expense_id;
if ($expense_id == NEW_ENTRY) {
$data['expenses_info']->date = date('Y-m-d H:i:s');
$data['expenses_info']->employee_id = $current_employee_id;
$data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
}
$data['payments'] = [];
@@ -160,20 +152,6 @@ class Expenses extends Secure_Controller
$date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
if ($expense_id == NEW_ENTRY) {
$employee_id = $current_employee_id;
} else {
$existing_expense = $this->expense->get_info($expense_id);
$employee_id = $existing_expense->employee_id;
}
} else {
$employee_id = $submitted_employee_id;
}
$expense_data = [
'date' => $date_formatter->format('Y-m-d H:i:s'),
'supplier_id' => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
@@ -183,7 +161,7 @@ class Expenses extends Secure_Controller
'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'employee_id' => $employee_id,
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'deleted' => $this->request->getPost('deleted') != null
];

53
app/Controllers/Home.php
View File

@@ -2,7 +2,6 @@
namespace App\Controllers;
use App\Libraries\MY_Migration;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\ResponseInterface;
@@ -37,21 +36,12 @@ class Home extends Secure_Controller
/**
* Load "change employee password" form
*
* @return ResponseInterface|string
* @return string
* @noinspection PhpUnused
*/
public function getChangePassword(int $employeeId = NEW_ENTRY)
public function getChangePassword(int $employee_id = -1): string // TODO: Replace -1 with a constant
{
$loggedInEmployee = $this->employee->get_logged_in_employee_info();
$currentPersonId = $loggedInEmployee->person_id;
$employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
}
$person_info = $this->employee->get_info($employeeId);
$person_info = $this->employee->get_info($employee_id);
foreach (get_object_vars($person_info) as $property => $value) {
$person_info->$property = $value;
}
@@ -65,63 +55,52 @@ class Home extends Secure_Controller
*
* @return ResponseInterface
*/
public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
public function postSave(int $employee_id = -1): ResponseInterface // TODO: Replace -1 with a constant
{
$currentUser = $this->employee->get_logged_in_employee_info();
$employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
return $this->response->setStatusCode(403)->setJSON([
'success' => false,
'message' => lang('Employees.unauthorized_modify')
]);
}
if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
if (!empty($this->request->getPost('current_password')) && $employee_id != -1) {
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
// Validate password length BEFORE hashing
$new_password = $this->request->getPost('password');
if (strlen($new_password) < 8) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.password_minlength'),
'id' => NEW_ENTRY
'id' => -1
]);
}
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'password' => password_hash($new_password, PASSWORD_DEFAULT),
'hash_version' => 2
];
if ($this->employee->change_password($employee_data, $employeeId)) {
if ($this->employee->change_password($employee_data, $employee_id)) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_change_password'),
'id' => $employeeId
'id' => $employee_id
]);
} else {
} else { // Failure // TODO: Replace -1 with constant
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.unsuccessful_change_password'),
'id' => NEW_ENTRY
'id' => -1
]);
}
} else {
} else { // TODO: Replace -1 with constant
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => NEW_ENTRY
'id' => -1
]);
}
} else {
} else { // TODO: Replace -1 with constant
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => NEW_ENTRY
'id' => -1
]);
}
}

78
app/Controllers/Items.php
View File

@@ -3,10 +3,8 @@
namespace App\Controllers;
use App\Libraries\Barcode_lib;
use App\Libraries\Image_lib;
use App\Libraries\Item_lib;
use App\Models\Appconfig;
use App\Models\Attribute;
use App\Models\Inventory;
use App\Models\Item;
@@ -41,7 +39,6 @@ class Items extends Secure_Controller
private Stock_location $stock_location;
private Supplier $supplier;
private Tax_category $tax_category;
private Appconfig $appconfig;
private array $config;
@@ -65,7 +62,6 @@ class Items extends Secure_Controller
$this->stock_location = model(Stock_location::class);
$this->supplier = model(Supplier::class);
$this->tax_category = model(Tax_category::class);
$this->appconfig = model(Appconfig::class);
$this->config = config(OSPOS::class)->settings;
}
@@ -77,12 +73,7 @@ class Items extends Secure_Controller
$this->session->set('allow_temp_items', 0);
$data['table_headers'] = get_items_manage_table_headers();
// Restore stock_location from URL or session
$stockLocation = $this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT);
$data['stock_location'] = $stockLocation
? $stockLocation
: $this->item_lib->get_item_location();
$data['stock_location'] = $this->item_lib->get_item_location();
$data['stock_locations'] = $this->stock_location->get_allowed_locations();
// Filters that will be loaded in the multiselect dropdown
@@ -96,9 +87,6 @@ class Items extends Secure_Controller
'temporary' => lang('Items.temp')
];
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('items/manage', $data);
}
@@ -108,7 +96,7 @@ class Items extends Secure_Controller
**/
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(item_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id');
@@ -160,7 +148,6 @@ class Items extends Secure_Controller
{
helper('file');
$pic_filename = rawurldecode($pic_filename);
$file_extension = pathinfo($pic_filename, PATHINFO_EXTENSION);
$images = glob("./uploads/item_pics/$pic_filename");
$base_path = './uploads/item_pics/' . pathinfo($pic_filename, PATHINFO_FILENAME);
@@ -390,7 +377,7 @@ class Items extends Secure_Controller
} else {
$images = glob("./uploads/item_pics/$item_info->pic_filename");
}
$data['image_path'] = sizeof($images) > 0 ? base_url(implode('/', array_map('rawurlencode', explode('/', ltrim($images[0], './'))))) : '';
$data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : '';
} else {
$data['image_path'] = '';
}
@@ -630,7 +617,7 @@ class Items extends Secure_Controller
// Save item data
$item_data = [
'name' => $this->request->getPost('name'),
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'description' => $this->request->getPost('description'),
'category' => $this->request->getPost('category'),
'item_type' => $item_type,
'stock_type' => $this->request->getPost('stock_type') === null ? HAS_STOCK : intval($this->request->getPost('stock_type')),
@@ -781,27 +768,14 @@ class Items extends Secure_Controller
$filename = $file->getClientName();
$info = pathinfo($filename);
// Sanitize filename to remove problematic characters like spaces
$sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $info['filename']);
$file_info = [
'orig_name' => $filename,
'raw_name' => $sanitized_name,
'raw_name' => $info['filename'],
'file_ext' => $file->guessExtension()
];
$file->move(FCPATH . 'uploads/item_pics/', $file_info['raw_name'] . '.' . $file_info['file_ext'], true);
$exif_fields_to_keep = array_filter(explode(',', $this->appconfig->get_value('exif_fields_to_keep', 'Copyright,Orientation,Software')));
if (!empty($exif_fields_to_keep)) {
$image_lib = new Image_lib();
$filepath = FCPATH . 'uploads/item_pics/' . $file_info['raw_name'] . '.' . $file_info['file_ext'];
if (!$image_lib->stripEXIF($filepath, $exif_fields_to_keep)) {
log_message('warning', 'EXIF stripping failed for: ' . $filepath);
}
}
return ($file_info);
}
@@ -898,12 +872,12 @@ class Items extends Secure_Controller
$items_to_update = $this->request->getPost('item_ids');
$item_data = [];
foreach (Item::ALLOWED_BULK_EDIT_FIELDS as $field) {
$value = $this->request->getPost($field);
if ($field === 'supplier_id' && $value !== '') {
$item_data[$field] = $value;
} elseif ($value !== null && $value !== '') {
$item_data[$field] = $value;
foreach ($_POST as $key => $value) {
// This field is nullable, so treat it differently
if ($key === 'supplier_id' && $value !== '') {
$item_data[$key] = $value;
} elseif ($value !== '' && !(in_array($key, ['item_ids', 'tax_names', 'tax_percents']))) {
$item_data[$key] = $value;
}
}
@@ -1043,11 +1017,7 @@ class Items extends Secure_Controller
}
if (!$is_failed_row) {
$invalidLocations = $this->validateCSVStockLocations($row, $allowedStockLocations);
if (!empty($invalidLocations)) {
$isFailedRow = true;
log_message('error', 'CSV import: Invalid stock location(s) found: ' . implode(', ', $invalidLocations));
}
$is_failed_row = $this->data_error_check($row, $item_data, $allowed_stock_locations, $attribute_definition_names, $attribute_data);
}
// Remove false, null, '' and empty strings but keep 0
@@ -1093,30 +1063,6 @@ class Items extends Secure_Controller
}
/**
* Validates that stock location columns in CSV row are valid locations
*
* @param array $row
* @param array $allowedLocations
* @return array Returns array of invalid location names, empty if all valid
*/
private function validateCSVStockLocations(array $row, array $allowedLocations): array
{
$invalidLocations = [];
$allowedLocationNames = array_values($allowedLocations);
foreach (array_keys($row) as $key) {
if (str_starts_with($key, 'location_')) {
$locationName = substr($key, 9);
if (!in_array($locationName, $allowedLocationNames)) {
$invalidLocations[] = $locationName;
}
}
}
return $invalidLocations;
}
/**
* Checks the entire line of data in an import file for errors
*

26
app/Controllers/Login.php
View File

@@ -5,7 +5,6 @@ namespace App\Controllers;
use App\Libraries\MY_Migration;
use App\Models\Employee;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Model;
use Config\OSPOS;
use Config\Services;
@@ -37,7 +36,6 @@ class Login extends BaseController
$data = [
'has_errors' => false,
'is_new_install' => !(MY_Migration::get_current_version()),
'is_latest' => $migration->is_latest(),
'latest_version' => $migration->get_latest_migration(),
'gcaptcha_enabled' => $gcaptcha_enabled,
@@ -73,28 +71,4 @@ class Login extends BaseController
return redirect()->to('home');
}
public function migrate(): ResponseInterface
{
try {
$migration = new MY_Migration(config('Migrations'));
$migration->migrate_to_ci4();
set_time_limit(3600);
$migration->setNamespace('App')->latest();
return $this->response->setJSON([
'success' => true,
'message' => 'Migration completed successfully'
]);
} catch (\Exception $e) {
log_message('error', 'Migration failed: ' . $e->getMessage());
return $this->response->setJSON([
'success' => false,
'message' => 'Migration failed: ' . $e->getMessage()
])->setStatusCode(500);
}
}
}

29
app/Controllers/Receivings.php
View File

@@ -241,26 +241,15 @@ class Receivings extends Secure_Controller
$data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
}
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {
$stored_employee_id = $receiving_info['employee_id'];
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
$data['selected_supplier_id'] = $receiving_info['supplier_id'];
$data['receiving_info'] = $receiving_info;
$data['can_assign_employee'] = $can_assign_employee;
return view('receivings/form', $data);
}
@@ -502,20 +491,10 @@ class Receivings extends Secure_Controller
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
$receiving_time = $date_formatter->format('Y-m-d H:i:s');
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
$existing_receiving = $this->receiving->get_info($receiving_id)->getRowArray();
$employee_id = $existing_receiving['employee_id'];
} else {
$employee_id = $submitted_employee_id;
}
$receiving_data = [
'receiving_time' => $receiving_time,
'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
'employee_id' => $employee_id,
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
];

18
app/Controllers/Reports.php
View File

@@ -1776,7 +1776,7 @@ class Reports extends Secure_Controller
{
$this->clearCache();
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES, true);
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES);
$inputs = [
'start_date' => $start_date,
@@ -1789,12 +1789,7 @@ class Reports extends Secure_Controller
$this->detailed_sales->create($inputs);
$columns = $this->detailed_sales->getDataColumns();
// Extract just names for column headers
$definitionHeaders = [];
foreach ($definition_names as $definition_id => $definitionInfo) {
$definitionHeaders[$definition_id] = $definitionInfo['name'];
}
$columns['details'] = array_merge($columns['details'], $definitionHeaders);
$columns['details'] = array_merge($columns['details'], $definition_names);
$headers = $columns;
@@ -1935,19 +1930,14 @@ class Reports extends Secure_Controller
{
$this->clearCache();
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS, true);
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS);
$inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id, 'definition_ids' => array_keys($definition_names)];
$this->detailed_receivings->create($inputs);
$columns = $this->detailed_receivings->getDataColumns();
// Extract just names for column headers
$definitionHeaders = [];
foreach ($definition_names as $definition_id => $definitionInfo) {
$definitionHeaders[$definition_id] = $definitionInfo['name'];
}
$columns['details'] = array_merge($columns['details'], $definitionHeaders);
$columns['details'] = array_merge($columns['details'], $definition_names);
$headers = $columns;
$report_data = $this->detailed_receivings->getData($inputs);

93
app/Controllers/Sales.php
View File

@@ -75,15 +75,15 @@ class Sales extends Secure_Controller
/**
* Load the sale edit modal. Used in app/Views/sales/register.php.
*
* @return ResponseInterface|string
* @return string
* @noinspection PhpUnused
*/
public function getManage(): ResponseInterface|string
public function getManage(): string
{
$personId = $this->session->get('person_id');
$person_id = $this->session->get('person_id');
if (!$this->employee->has_grant('reports_sales', $personId)) {
return redirect()->to('no_access/sales/reports_sales');
if (!$this->employee->has_grant('reports_sales', $person_id)) {
redirect('no_access/sales/reports_sales');
} else {
$data['table_headers'] = get_sales_manage_table_headers();
@@ -92,31 +92,18 @@ class Sales extends Secure_Controller
'only_due' => lang('Sales.due_filter'),
'only_check' => lang('Sales.check_filter'),
'only_creditcard' => lang('Sales.credit_filter'),
'only_debit' => lang('Sales.debit'),
'only_invoices' => lang('Sales.invoice_filter'),
'selected_customer' => lang('Sales.selected_customer')
];
if ($this->sale_lib->get_customer() != -1) {
$selectedFilters = ['selected_customer'];
$selected_filters = ['selected_customer'];
$data['customer_selected'] = true;
} else {
$data['customer_selected'] = false;
$selectedFilters = [];
$selected_filters = [];
}
// Restore filters from URL query string
$filters = restoreTableFilters($this->request);
if (!empty($filters['selected_filters'])) {
$selectedFilters = array_merge($selectedFilters, $filters['selected_filters']);
}
if (isset($filters['start_date'])) {
$data['start_date'] = $filters['start_date'];
}
if (isset($filters['end_date'])) {
$data['end_date'] = $filters['end_date'];
}
$data['selected_filters'] = $selectedFilters;
$data['selected_filters'] = $selected_filters;
return view('sales/manage', $data);
}
@@ -155,7 +142,6 @@ class Sales extends Secure_Controller
'only_check' => false,
'selected_customer' => false,
'only_creditcard' => false,
'only_debit' => false,
'only_invoices' => $this->config['invoice_enable'] && $this->request->getGet('only_invoices', FILTER_SANITIZE_NUMBER_INT),
'is_valid_receipt' => $this->sale->is_valid_receipt($search)
];
@@ -582,21 +568,12 @@ class Sales extends Secure_Controller
$data = [];
$rules = [
'price' => 'trim|required|decimal_locale|nonNegativeDecimal',
'price' => 'trim|required|decimal_locale',
'quantity' => 'trim|required|decimal_locale',
'discount' => 'trim|permit_empty|decimal_locale|nonNegativeDecimal',
'discount' => 'trim|permit_empty|decimal_locale',
];
$messages = [
'price' => [
'nonNegativeDecimal' => lang('Sales.negative_price_invalid'),
],
'discount' => [
'nonNegativeDecimal' => lang('Sales.negative_discount_invalid'),
],
];
if ($this->validate($rules, $messages)) {
if ($this->validate($rules)) {
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$price = parse_decimals($this->request->getPost('price'));
@@ -605,38 +582,20 @@ class Sales extends Secure_Controller
$discount = $discount_type
? parse_quantity($this->request->getPost('discount'))
: parse_decimals($this->request->getPost('discount'));
$discount = $discount ?: 0;
// Return mode legitimately uses negative quantities for refunds
if ($this->sale_lib->get_mode() != 'return' && $quantity < 0) {
$data['error'] = lang('Sales.negative_quantity_invalid');
return $this->_reload($data);
}
// Business logic: discount bounds depend on discount_type and item values
if ($discount_type == PERCENT && $discount > 100) {
$data['error'] = lang('Sales.discount_percent_exceeds_100');
return $this->_reload($data);
}
if ($discount_type == FIXED && bccomp((string)$discount, bcmul((string)abs($quantity), (string)$price, 2), 2) > 0) {
$data['error'] = lang('Sales.discount_exceeds_item_total');
return $this->_reload($data);
}
$item_location = $this->request->getPost('location', FILTER_SANITIZE_NUMBER_INT);
$discounted_total = $this->request->getPost('discounted_total') != ''
? parse_decimals($this->request->getPost('discounted_total') ?? '')
: null;
$this->sale_lib->edit_item($line, $description, $serialnumber, $quantity, $discount, $discount_type, $price, $discounted_total);
$this->sale_lib->empty_payments();
$data['warning'] = $this->sale_lib->out_of_stock($this->sale_lib->get_item_id($line), $item_location);
} else {
$errors = $this->validator->getErrors();
$data['error'] = $errors ? reset($errors) : lang('Sales.error_editing_item');
$data['error'] = lang('Sales.error_editing_item');
}
return $this->_reload($data);
@@ -750,12 +709,6 @@ class Sales extends Secure_Controller
$data['cash_amount_due'] = $totals['cash_amount_due'];
$data['non_cash_amount_due'] = $totals['amount_due'];
// Prevent negative total sales (fraud/theft vector) - returns can have negative totals for legitimate refunds
if ($this->sale_lib->get_mode() != 'return' && bccomp($totals['total'], '0') < 0) {
$data['error'] = lang('Sales.negative_total_invalid');
return $this->_reload($data);
}
if ($data['cash_mode']) { // TODO: Convert this to ternary notation
$data['amount_due'] = $totals['cash_amount_due'];
} else {
@@ -802,11 +755,8 @@ class Sales extends Secure_Controller
$data['sale_status'] = COMPLETED;
$sale_type = SALE_TYPE_INVOICE;
$invoice_type = $this->config['invoice_type'];
if (!Sale_lib::isValidInvoiceType($invoice_type)) {
$invoice_type = 'invoice';
}
$invoice_view = $invoice_type;
// The PHP file name is the same as the invoice_type key
$invoice_view = $this->config['invoice_type'];
// Save the data to the sales table
$data['sale_id_num'] = $this->sale->save_value($sale_id, $data['sale_status'], $data['cart'], $customer_id, $employee_id, $data['comments'], $invoice_number, $work_order_number, $quote_number, $sale_type, $data['payments'], $data['dinner_table'], $tax_details);
@@ -819,8 +769,8 @@ class Sales extends Secure_Controller
$data['error_message'] = lang('Sales.transaction_failed');
} else {
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
$this->sale_lib->clear_all();
return view('sales/' . $invoice_view, $data);
$this->sale_lib->clear_all();
}
}
} elseif ($this->sale_lib->is_work_order_mode()) {
@@ -853,8 +803,9 @@ class Sales extends Secure_Controller
$data['barcode'] = null;
$this->sale_lib->clear_all();
return view('sales/work_order', $data);
$this->sale_lib->clear_mode();
$this->sale_lib->clear_all();
}
} elseif ($this->sale_lib->is_quote_mode()) {
$data['sales_quote'] = lang('Sales.quote');
@@ -880,8 +831,9 @@ class Sales extends Secure_Controller
$data['cart'] = $this->sale_lib->sort_and_filter_cart($data['cart']);
$data['barcode'] = null;
$this->sale_lib->clear_all();
return view('sales/quote', $data);
$this->sale_lib->clear_mode();
$this->sale_lib->clear_all();
}
} else {
// Save the data to the sales table
@@ -902,8 +854,8 @@ class Sales extends Secure_Controller
$data['error_message'] = lang('Sales.transaction_failed');
} else {
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
$this->sale_lib->clear_all();
return view('sales/receipt', $data);
$this->sale_lib->clear_all();
}
}
}
@@ -1155,9 +1107,6 @@ class Sales extends Secure_Controller
}
$invoice_type = $this->config['invoice_type'];
if (!Sale_lib::isValidInvoiceType($invoice_type)) {
$invoice_type = 'invoice';
}
$data['invoice_view'] = $invoice_type;
return $data;

2
app/Controllers/Tax_categories.php
View File

@@ -40,7 +40,7 @@ class Tax_categories extends Secure_Controller
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(get_tax_categories_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_category_id');
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);

2
app/Controllers/Tax_codes.php
View File

@@ -50,7 +50,7 @@ class Tax_codes extends Secure_Controller
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(get_tax_code_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_code');
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);

2
app/Controllers/Tax_jurisdictions.php
View File

@@ -43,7 +43,7 @@ class Tax_jurisdictions extends Secure_Controller
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(get_tax_jurisdictions_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'jurisdiction_id');
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);

2
app/Controllers/Taxes.php
View File

@@ -81,7 +81,7 @@ class Taxes extends Secure_Controller
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(get_tax_rates_manage_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_rate_id');
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);

60
app/Database/Migrations/20170501000000_initial_schema.php
View File

@@ -1,60 +0,0 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
class Migration_Initial_Schema extends Migration
{
public function __construct()
{
parent::__construct();
}
/**
* Perform a migration step.
* Only runs on fresh installs - skips if database already has tables.
*
* For testing: CI4's DatabaseTestTrait with $refresh=true handles table
* cleanup/creation automatically. This migration only loads initial schema
* on fresh databases where no application tables exist.
*/
public function up(): void
{
// Check if core application tables exist (existing install)
// Note: migrations table may exist even on fresh DB due to migration tracking
$tables = $this->db->listTables();
// Check for a core application table, not just migrations table
foreach ($tables as $table) {
// Strip prefix if present for comparison
$tableName = str_replace($this->db->getPrefix(), '', $table);
if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
// Database already populated - skip initial schema
// This is an existing installation upgrading from older version
return;
}
}
// Fresh install - load initial schema
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
}
/**
* Revert a migration step.
* Cannot revert initial schema - would lose all data.
*/
public function down(): void
{
// Cannot safely revert initial schema
// Would require dropping all tables which would lose all data
$this->db->query('SET FOREIGN_KEY_CHECKS = 0');
foreach ($this->db->listTables() as $table) {
$this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
}
$this->db->query('SET FOREIGN_KEY_CHECKS = 1');
}
}

4
app/Database/Migrations/20170502221506_sales_tax_data.php
View File

@@ -267,8 +267,6 @@ class Migration_Sales_Tax_Data extends Migration
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float
{
$amount = (float)$amount;
if ($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP) {
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
@@ -378,7 +376,7 @@ class Migration_Sales_Tax_Data extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;

4
app/Database/Migrations/20200202000000_taxamount.php
View File

@@ -243,8 +243,6 @@ class Migration_TaxAmount extends Migration
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float // TODO: is this currency safe?
{ // TODO: This needs to be converted to a switch
$amount = (float)$amount;
if ($rounding_mode == Migration_TaxAmount::ROUND_UP) { // TODO: === ?
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
@@ -356,7 +354,7 @@ class Migration_TaxAmount extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;

65
app/Database/Migrations/20250521000000_FixImageFilenameSpaces.php
View File

@@ -1,65 +0,0 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
/**
* Migration to sanitize existing image filenames by replacing spaces with underscores
* This fixes issue #4372 where thumbnails failed to load for images with spaces in filenames
*/
class FixImageFilenameSpaces extends Migration
{
/**
* Perform a migration.
*/
public function up(): void
{
$db = \Config\Database::connect();
$builder = $db->table('ospos_items');
// Get all items with pic_filename containing spaces
$query = $builder->like('pic_filename', ' ', 'both')->get();
$items = $query->getResult();
foreach ($items as $item) {
$old_filename = $item->pic_filename;
$ext = pathinfo($old_filename, PATHINFO_EXTENSION);
$base_name = pathinfo($old_filename, PATHINFO_FILENAME);
// Sanitize the filename by replacing spaces and special characters
$sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $base_name);
$new_filename = $sanitized_name . '.' . $ext;
// Rename the file on the filesystem
$old_path = FCPATH . 'uploads/item_pics/' . $old_filename;
$new_path = FCPATH . 'uploads/item_pics/' . $new_filename;
if (file_exists($old_path)) {
// Rename the original file
if (rename($old_path, $new_path)) {
// Check if thumbnail exists and rename it too
$old_thumb = FCPATH . 'uploads/item_pics/' . $base_name . '_thumb.' . $ext;
$new_thumb = FCPATH . 'uploads/item_pics/' . $sanitized_name . '_thumb.' . $ext;
if (file_exists($old_thumb)) {
rename($old_thumb, $new_thumb);
}
// Update database record
$builder->where('item_id', $item->item_id)
->update(['pic_filename' => $new_filename]);
}
}
}
}
/**
* Revert a migration.
* Note: This migration does not support rollback as the original filenames are lost
*/
public function down(): void
{
// This migration cannot be safely reversed as the original filenames are lost
// after sanitization.
}
}

49
app/Database/Migrations/20260306120000_MigrationEXIFStrippingOptions.php
View File

@@ -1,49 +0,0 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
use Config\Database;
class MigrationEXIFStrippingOptions extends Migration
{
/**
* Perform a migration step.
*/
public function up(): void
{
log_message('info', 'Migrating EXIF Stripping Options');
$db = Database::connect();
$configs = [
[
'key' => 'exif_fields_to_keep',
'value' => 'Copyright,Orientation,Software'
]
];
foreach ($configs as $config) {
$existing = $db->table('app_config')
->where('key', $config['key'])
->get()
->getRow();
if ($existing === null) {
$db->table('app_config')->insert($config);
}
}
}
/**
* Revert a migration step.
*/
public function down(): void
{
$db = Database::connect();
$db->table('app_config')
->where('key', 'exif_fields_to_keep')
->delete();
}
}

145
app/Database/constraints.sql Normal file
View File

@@ -0,0 +1,145 @@
--
-- Constraints for dumped tables
--
--
-- Constraints for table `ospos_customers`
--
ALTER TABLE `ospos_customers`
ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_employees`
--
ALTER TABLE `ospos_employees`
ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_inventory`
--
ALTER TABLE `ospos_inventory`
ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_items`
--
ALTER TABLE `ospos_items`
ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_items_taxes`
--
ALTER TABLE `ospos_items_taxes`
ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_item_kit_items`
--
ALTER TABLE `ospos_item_kit_items`
ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_permissions`
--
ALTER TABLE `ospos_permissions`
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_grants`
--
ALTER TABLE `ospos_grants`
ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_receivings`
--
ALTER TABLE `ospos_receivings`
ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_receivings_items`
--
ALTER TABLE `ospos_receivings_items`
ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
--
-- Constraints for table `ospos_sales`
--
ALTER TABLE `ospos_sales`
ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_items`
--
ALTER TABLE `ospos_sales_items`
ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_items_taxes`
--
ALTER TABLE `ospos_sales_items_taxes`
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_payments`
--
ALTER TABLE `ospos_sales_payments`
ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
--
-- Constraints for table `ospos_sales_suspended`
--
ALTER TABLE `ospos_sales_suspended`
ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_suspended_items`
--
ALTER TABLE `ospos_sales_suspended_items`
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_suspended_items_taxes`
--
ALTER TABLE `ospos_sales_suspended_items_taxes`
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_suspended_payments`
--
ALTER TABLE `ospos_sales_suspended_payments`
ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
--
-- Constraints for table `ospos_item_quantities`
--
ALTER TABLE `ospos_item_quantities`
ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_suppliers`
--
ALTER TABLE `ospos_suppliers`
ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_giftcards`
--
ALTER TABLE `ospos_giftcards`
ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

145
app/Database/Migrations/sqlscripts/initial_schema.sql → app/Database/tables.sql
View File

@@ -730,148 +730,3 @@ CREATE TABLE `ospos_suppliers` (
--
-- Dumping data for table `ospos_suppliers`
--
--
-- Constraints for dumped tables
--
--
-- Constraints for table `ospos_customers`
--
ALTER TABLE `ospos_customers`
ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_employees`
--
ALTER TABLE `ospos_employees`
ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_inventory`
--
ALTER TABLE `ospos_inventory`
ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_items`
--
ALTER TABLE `ospos_items`
ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_items_taxes`
--
ALTER TABLE `ospos_items_taxes`
ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_item_kit_items`
--
ALTER TABLE `ospos_item_kit_items`
ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_permissions`
--
ALTER TABLE `ospos_permissions`
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_grants`
--
ALTER TABLE `ospos_grants`
ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_receivings`
--
ALTER TABLE `ospos_receivings`
ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_receivings_items`
--
ALTER TABLE `ospos_receivings_items`
ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
--
-- Constraints for table `ospos_sales`
--
ALTER TABLE `ospos_sales`
ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_items`
--
ALTER TABLE `ospos_sales_items`
ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_items_taxes`
--
ALTER TABLE `ospos_sales_items_taxes`
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_payments`
--
ALTER TABLE `ospos_sales_payments`
ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
--
-- Constraints for table `ospos_sales_suspended`
--
ALTER TABLE `ospos_sales_suspended`
ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_suspended_items`
--
ALTER TABLE `ospos_sales_suspended_items`
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_suspended_items_taxes`
--
ALTER TABLE `ospos_sales_suspended_items_taxes`
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_suspended_payments`
--
ALTER TABLE `ospos_sales_suspended_payments`
ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
--
-- Constraints for table `ospos_item_quantities`
--
ALTER TABLE `ospos_item_quantities`
ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_suppliers`
--
ALTER TABLE `ospos_suppliers`
ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_giftcards`
--
ALTER TABLE `ospos_giftcards`
ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

39
app/Events/Load_config.php
View File

@@ -4,8 +4,6 @@ namespace App\Events;
use App\Libraries\MY_Migration;
use App\Models\Appconfig;
use CodeIgniter\Session\Handlers\DatabaseHandler;
use CodeIgniter\Session\Handlers\FileHandler;
use CodeIgniter\Session\Session;
use Config\OSPOS;
use Config\Services;
@@ -21,47 +19,38 @@ class Load_config
{
public Session $session;
/**
* Loads configuration from database into App CI config and then applies those settings
*/
public function load_config(): void
{
// Migrations
$migration_config = config('Migrations');
$migration = new MY_Migration($migration_config);
$this->session = session();
// Database Configuration
$config = config(OSPOS::class);
if (!$migration->is_latest()) {
$this->session->destroy();
}
$this->setDefaultLanguage($config);
// Language
$language_exists = file_exists('../app/Language/' . current_language_code());
if (current_language_code() == null || current_language() == null || !$language_exists) { // TODO: current_language() is undefined
$config->settings['language'] = 'english';
$config->settings['language_code'] = 'en';
}
$language = Services::language();
$language->setLocale(current_language_code());
$language->setLocale($config->settings['language_code']);
// Time Zone
date_default_timezone_set($config->settings['timezone'] ?? ini_get('date.timezone'));
bcscale(max(2, totals_decimals() + tax_decimals()));
}
private function setDefaultLanguage(OSPOS $config): void
{
$languageCode = $config->settings['language_code'] ?? null;
if (empty($config->settings) || $languageCode === null) {
$config->settings['language'] = 'english';
$config->settings['language_code'] = 'en';
return;
}
if (!$this->languageExists($languageCode)) {
$config->settings['language'] = 'english';
$config->settings['language_code'] = 'en';
}
}
private function languageExists(string $languageCode): bool
{
return file_exists(APPPATH . 'Language/' . $languageCode);
}
}

8
app/Helpers/locale_helper.php
View File

@@ -22,7 +22,9 @@ function current_language_code(bool $load_system_language = false): string
}
}
return $config->language_code ?? DEFAULT_LANGUAGE_CODE;
$language_code = $config['language_code'];
return empty($language_code) ? DEFAULT_LANGUAGE_CODE : $language_code;
}
/**
@@ -43,7 +45,9 @@ function current_language(bool $load_system_language = false): string
}
}
return $config->language ?? DEFAULT_LANGUAGE_CODE;
$language = $config['language'];
return empty($language) ? DEFAULT_LANGUAGE : $language;
}
/**

100
app/Helpers/security_helper.php
View File

@@ -11,54 +11,56 @@ function check_encryption(): bool
$old_key = config('Encryption')->key;
if ((empty($old_key)) || (strlen($old_key) < 64)) {
// Create Key
$encryption = new Encryption();
$key = bin2hex($encryption->createKey());
config('Encryption')->key = $key;
// Write to .env
$config_path = ROOTPATH . '.env';
$new_config_path = WRITEPATH . '/backup/.env';
$backup_path = WRITEPATH . '/backup/.env.bak';
$backup_folder = WRITEPATH . '/backup';
if (!file_exists($backup_folder)) {
@mkdir($backup_folder, 0750, true);
if (!file_exists($backup_folder) && !mkdir($backup_folder)) {
log_message('error', 'Could not create backup folder');
return false;
}
if (!file_exists($config_path)) {
$example_path = ROOTPATH . '.env.example';
if (file_exists($example_path)) {
@copy($example_path, $config_path);
} else {
@file_put_contents($config_path, "# OSPOS Configuration\n\n");
}
@chmod($config_path, 0640);
if (!copy($config_path, $backup_path)) {
log_message('error', "Unable to copy $config_path to $backup_path");
}
if (file_exists($config_path)) {
@copy($config_path, $backup_path);
@chmod($backup_path, 0640);
@chmod($config_path, 0640);
// Copy to backup
@chmod($config_path, 0660);
@chmod($backup_path, 0660);
$config_file = file_get_contents($config_path);
$config_file = file_get_contents($config_path);
$config_file = preg_replace("/(encryption\.key.*=.*)('.*')/", "$1'$key'", $config_file);
if (strpos($config_file, 'encryption.key') !== false) {
$config_file = preg_replace("/(encryption\.key.*=.*)('.*')/", "$1'$key'", $config_file);
} else {
$config_file .= "\nencryption.key = '$key'\n";
}
if (!empty($old_key)) {
$old_line = "# encryption.key = '$old_key' REMOVE IF UNNEEDED\r\n";
$insertion_point = stripos($config_file, 'encryption.key');
if ($insertion_point !== false) {
$config_file = substr_replace($config_file, $old_line, $insertion_point, 0);
}
}
@file_put_contents($config_path, $config_file);
@chmod($config_path, 0640);
log_message('info', "Updated encryption key in $config_path");
if (!empty($old_key)) {
$old_line = "# encryption.key = '$old_key' REMOVE IF UNNEEDED\r\n";
$insertion_point = stripos($config_file, 'encryption.key');
$config_file = substr_replace($config_file, $old_line, $insertion_point, 0);
}
$handle = @fopen($config_path, 'w+');
if (empty($handle)) {
log_message('error', "Unable to open $config_path for updating");
return false;
}
@chmod($config_path, 0660);
$write_failed = !fwrite($handle, $config_file);
fclose($handle);
if ($write_failed) {
log_message('error', "Unable to write to $config_path for updating.");
return false;
}
log_message('info', "File $config_path has been updated.");
}
return true;
@@ -72,14 +74,23 @@ function abort_encryption_conversion(): void
$config_path = ROOTPATH . '.env';
$backup_path = WRITEPATH . '/backup/.env.bak';
if (!file_exists($backup_path)) {
return;
}
@chmod($config_path, 0640);
$config_file = file_get_contents($backup_path);
@file_put_contents($config_path, $config_file);
log_message('info', "Restored $config_path from backup");
$handle = @fopen($config_path, 'w+');
if (empty($handle)) {
log_message('error', "Unable to open $config_path to undo encryption conversion");
} else {
@chmod($config_path, 0660);
$write_failed = !fwrite($handle, $config_file);
fclose($handle);
if ($write_failed) {
log_message('error', "Unable to write to $config_path to undo encryption conversion.");
return;
}
log_message('info', "File $config_path has been updated to undo encryption conversion");
}
}
/**
@@ -88,10 +99,13 @@ function abort_encryption_conversion(): void
function remove_backup(): void
{
$backup_path = WRITEPATH . '/backup/.env.bak';
if (!file_exists($backup_path)) {
if (! file_exists($backup_path)) {
return;
}
@unlink($backup_path);
log_message('info', "Removed $backup_path");
if (!unlink($backup_path)) {
log_message('error', "Unable to remove $backup_path.");
return;
}
log_message('info', "File $backup_path has been removed");
}

48
app/Helpers/tabular_helper.php
View File

@@ -48,7 +48,7 @@ function transform_headers(array $headers, bool $readonly = false, bool $editabl
'field' => key($element),
'title' => current($element),
'switchable' => $element['switchable'] ?? !preg_match('(^$|&nbsp)', current($element)),
'escape' => !preg_match("/(edit|email|messages|item_pic)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
'escape' => !preg_match("/(edit|email|messages|item_pic|customer_name|note)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
'sortable' => $element['sortable'] ?? current($element) != '',
'checkbox' => $element['checkbox'] ?? false,
'class' => isset($element['checkbox']) || preg_match('(^$|&nbsp)', current($element)) ? 'print_hide' : '',
@@ -408,7 +408,7 @@ function get_items_manage_table_headers(): string
{
$attribute = model(Attribute::class);
$config = config(OSPOS::class)->settings;
$definitionsWithTypes = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS); // TODO: this should be made into a constant in constants.php
$headers = item_headers();
@@ -420,8 +420,8 @@ function get_items_manage_table_headers(): string
$headers[] = ['item_pic' => lang('Items.image'), 'sortable' => false];
foreach ($definitionsWithTypes as $definition_id => $definitionInfo) {
$headers[] = [$definition_id => $definitionInfo['name'], 'sortable' => false];
foreach ($definition_names as $definition_id => $definition_name) {
$headers[] = [$definition_id => $definition_name, 'sortable' => false];
}
$headers[] = ['inventory' => '', 'escape' => false];
@@ -470,8 +470,7 @@ function get_item_data_row(object $item): array
: glob("./uploads/item_pics/$item->pic_filename");
if (sizeof($images) > 0) {
$image_path = ltrim($images[0], './');
$image .= '<a class="rollover" href="' . base_url(implode('/', array_map('rawurlencode', explode('/', $image_path)))) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . rawurlencode(pathinfo($images[0], PATHINFO_BASENAME))) . '"></a>';
$image .= '<a class="rollover" href="' . base_url($images[0]) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . pathinfo($images[0], PATHINFO_BASENAME)) . '"></a>';
}
}
@@ -479,7 +478,7 @@ function get_item_data_row(object $item): array
$item->name .= NAME_SEPARATOR . $item->pack_name;
}
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS);
$columns = [
'items.item_id' => $item->item_id,
@@ -634,7 +633,7 @@ function parse_attribute_values(array $columns, array $row): array
}
/**
* @param array $definition_names Array of definition_id => ['name' => name, 'type' => type] or definition_id => name
* @param array $definition_names
* @param array $row
* @return array
*/
@@ -651,16 +650,10 @@ function expand_attribute_values(array $definition_names, array $row): array
}
$attribute_values = [];
foreach ($definition_names as $definition_id => $definitionInfo) {
foreach ($definition_names as $definition_id => $definition_name) {
if (isset($indexed_values[$definition_id])) {
$raw_value = $indexed_values[$definition_id];
// Format DECIMAL attributes according to locale
if (is_array($definitionInfo) && isset($definitionInfo['type']) && $definitionInfo['type'] === DECIMAL) {
$attribute_values["$definition_id"] = to_decimals($raw_value);
} else {
$attribute_values["$definition_id"] = $raw_value;
}
$attribute_value = $indexed_values[$definition_id];
$attribute_values["$definition_id"] = $attribute_value;
} else {
$attribute_values["$definition_id"] = "";
}
@@ -931,24 +924,3 @@ function get_controller(): string
$controller_name_parts = explode('\\', $controller_name);
return end($controller_name_parts);
}
/**
* Restores filter values from URL query string.
*
* @param CodeIgniter\HTTP\IncomingRequest $request The request object
* @return array Array with 'start_date', 'end_date', and 'selected_filters' keys
*/
function restoreTableFilters($request): array
{
$startDate = $request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$endDate = $request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$urlFilters = $request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
return array_filter([
'start_date' => $startDate ?: null,
'end_date' => $endDate ?: null,
'selected_filters' => $urlFilters ?? []
], function($value) {
return $value !== null && $value !== [];
});
}

3
app/Helpers/tax_helper.php
View File

@@ -143,7 +143,8 @@ function get_tax_rates_manage_table_headers(): string
*/
function get_tax_rates_data_row($tax_rates_row): array
{
$controller_name = 'taxes';
$router = service('router');
$controller_name = strtolower($router->controllerName());
return [
'tax_rate_id' => $tax_rates_row->tax_rate_id,

1
app/Language/ar-EG/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
"confirm_restore" => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
"definition_cannot_be_deleted" => "لا يمكن حذف السمات المحددة",
"definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
"definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
"definition_flags" => "رؤية الميزات",
"definition_group" => "المجموعة",

16
app/Language/ar-EG/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "الجميع",
'columns' => "أعمدة",
'hide_show_pagination' => "عرض/إخفاء أرقام الصفحات",
'loading' => "جارى التحميل، برجاء الإنتظار",
'page_from_to' => "عرض {0} إلى {1} من {2} صفوف",
'refresh' => "إعادة تحميل",
'rows_per_page' => "{0} صف بالصفحة",
'toggle' => "تغيير",
"all" => "الجميع",
"columns" => "أعمدة",
"hide_show_pagination" => "عرض/إخفاء أرقام الصفحات",
"loading" => "جارى التحميل، برجاء الإنتظار ...",
"page_from_to" => "عرض {0} إلى {1} من {2} صفوف",
"refresh" => "إعادة تحميل",
"rows_per_page" => "{0} صف بالصفحة",
"toggle" => "تغيير",
];

49
app/Language/ar-EG/Calendar.php
View File

@@ -1,49 +0,0 @@
<?php
return [
"su" => "أحد",
"mo" => "اثنين",
"tu" => "ثلاثاء",
"we" => "أربعاء",
"th" => "خميس",
"fr" => "جمعة",
"sa" => "سبت",
"sun" => "الأحد",
"mon" => "الاثنين",
"tue" => "الثلاثاء",
"wed" => "الأربعاء",
"thu" => "الخميس",
"fri" => "الجمعة",
"sat" => "السبت",
"sunday" => "الأحد",
"monday" => "الاثنين",
"tuesday" => "الثلاثاء",
"wednesday" => "الأربعاء",
"thursday" => "الخميس",
"friday" => "الجمعة",
"saturday" => "السبت",
"jan" => "يناير",
"feb" => "فبراير",
"mar" => "مارس",
"apr" => "أبريل",
"may" => "مايو",
"jun" => "يونيو",
"jul" => "يوليو",
"aug" => "أغسطس",
"sep" => "سبتمبر",
"oct" => "أكتوبر",
"nov" => "نوفمبر",
"dec" => "ديسمبر",
"january" => "يناير",
"february" => "فبراير",
"march" => "مارس",
"april" => "أبريل",
"mayl" => "مايو",
"june" => "يونيو",
"july" => "يوليو",
"august" => "أغسطس",
"september" => "سبتمبر",
"october" => "أكتوبر",
"november" => "نوفمبر",
"december" => "ديسمبر",
];

1
app/Language/ar-EG/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "يمين",
"sales_invoice_format" => "شكل فاتورة البيع",
"sales_quote_format" => "شكل فاتورة عرض الاسعار",
"mailpath_invalid" => "",
"saved_successfully" => "تم حفظ التهيئة بنجاح.",
"saved_unsuccessfully" => "لم يتم حفظ التهيئة بنجاح.",
"security_issue" => "تحذير من ثغرة أمنية",

2
app/Language/ar-EG/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "كلمة المرور الحالية غير صحيحة.",
"employee" => "موظف",
"error_adding_updating" => "خطاء فى إضافة/تعديل موظف.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
"error_updating_demo_admin" => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
"language" => "اللغة",

1
app/Language/ar-EG/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "سعر التكلفة مطلوب.",
"count" => "تحديث المخزون",
"csv_import_failed" => "فشل الإستيراد من اكسل",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
"csv_import_partially_failed" => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
"csv_import_success" => "تم استيراد الأصناف بنجاح.",

9
app/Language/ar-EG/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "دخول",
"logout" => "تسجيل خروج",
"migration_needed" => "سيبدأ ترحيل قاعدة البيانات إلى{0} بعد تسجيل الدخول.",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "كلمة السر",
"required_username" => "",
"username" => "اسم المستخدم",

6
app/Language/ar-EG/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "الموظف",
"entry" => "ادخال",
"error_editing_item" => "خطاء فى تحرير الصنف",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "بحث/مسح باركود صنف",
"find_or_scan_item_or_receipt" => "بحث/مسح باركود صنف أو ايصال",
"giftcard" => "بطاقة هدية",

1
app/Language/ar-LB/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
"confirm_restore" => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
"definition_cannot_be_deleted" => "لا يمكن حذف السمات المحددة",
"definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
"definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
"definition_flags" => "رؤية الميزات",
"definition_group" => "المجموعة",

16
app/Language/ar-LB/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "الكل",
'columns' => "أعمدة",
'hide_show_pagination' => "عرض/إخفاء أرقام الصفحات",
'loading' => "جارى التحميل، برجاء الإنتظار",
'page_from_to' => "عرض {0} إلى {1} من {2} صفوف",
'refresh' => "إعادة تحميل",
'rows_per_page' => "{0} صف بالصفحة",
'toggle' => "تغيير",
"all" => "الكل",
"columns" => "أعمدة",
"hide_show_pagination" => "عرض/إخفاء أرقام الصفحات",
"loading" => "جارى التحميل، برجاء الإنتظار ...",
"page_from_to" => "عرض {0} إلى {1} من {2} صفوف",
"refresh" => "إعادة تحميل",
"rows_per_page" => "{0} صف بالصفحة",
"toggle" => "تغيير",
];

1
app/Language/ar-LB/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "يمين",
"sales_invoice_format" => "شكل فاتورة البيع",
"sales_quote_format" => "شكل فاتورة عرض الاسعار",
"mailpath_invalid" => "",
"saved_successfully" => "تم حفظ التهيئة بنجاح.",
"saved_unsuccessfully" => "لم يتم حفظ التهيئة بنجاح.",
"security_issue" => "تحذير من ثغرة أمنية",

2
app/Language/ar-LB/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "كلمة المرور الحالية غير صحيحة.",
"employee" => "موظف",
"error_adding_updating" => "خطاء فى إضافة/تعديل موظف.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
"error_updating_demo_admin" => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
"language" => "اللغة",

1
app/Language/ar-LB/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "سعر التكلفة مطلوب.",
"count" => "تحديث المخزون",
"csv_import_failed" => "فشل الإستيراد من اكسل",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
"csv_import_partially_failed" => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
"csv_import_success" => "تم استيراد الأصناف بنجاح.",

9
app/Language/ar-LB/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "دخول",
"logout" => "تسجيل خروج",
"migration_needed" => "سيبدأ ترحيل قاعدة البيانات إلى{0} بعد تسجيل الدخول.",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "كلمة السر",
"required_username" => "خانة أسم المستخدم مطلوبة.",
"username" => "اسم المستخدم",

6
app/Language/ar-LB/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "الموظف",
"entry" => "ادخال",
"error_editing_item" => "خطاء فى تعديل المادة",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "بحث/مسح باركود المادة",
"find_or_scan_item_or_receipt" => "بحث/مسح باركود المادة أو الايصال",
"giftcard" => "بطاقة هدية",

1
app/Language/az/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "Seçilmiş Atributları silmək istədiyinizdən əminsinizmi?",
"confirm_restore" => "Seçilmiş atributları bərpa etmək istədiyinizə əminsinizmi?",
"definition_cannot_be_deleted" => "Seçilmiş xüsusiyyətləri silmək olmadı",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "{0} -in atributları əlavə oluna və yenilənə bilmədi. Lütfən XƏTA loq faylını yoxlayın.",
"definition_flags" => "Atribut görünüşü",
"definition_group" => "Qrup",

16
app/Language/az/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "hamısı",
'columns' => "Sütunlar",
'hide_show_pagination' => "Gizlət/Göstər səhifənin nömrələnməsin",
'loading' => "Lütfən gözləyin, səhifə yüklənir",
'page_from_to' => "Göstər {0} bundan {1} buna {2} kimi",
'refresh' => "Yenilə",
'rows_per_page' => "{0} yazı səhifədə",
'toggle' => "Keçid",
"all" => "hamısı",
"columns" => "Sütunlar",
"hide_show_pagination" => "Gizlət/Göstər səhifənin nömrələnməsin",
"loading" => "Lütfən gözləyin, səhifə yüklənir...",
"page_from_to" => "Göstər {0} bundan {1} buna {2} kimi",
"refresh" => "Yenilə",
"rows_per_page" => "{0} yazı səhifədə",
"toggle" => "Keçid",
];

1
app/Language/az/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "Konfiqurasiya ugursuz oldu saxlanilmadi",
"sales_invoice_format" => "Satış Fatura Formatı",
"sales_quote_format" => "Satış Sitat Formati",
"mailpath_invalid" => "",
"saved_successfully" => "Konfiqurasiya uğurla saxlanıldı.",
"saved_unsuccessfully" => "Konfiqurasiyanı saxlamq mümkün olmadı.",
"security_issue" => "Təhlükəsizlik açığı xəbərdarlığı",

2
app/Language/az/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "Hazirki Şifrə düzgün deyil.",
"employee" => "Əməkdaş",
"error_adding_updating" => "Əməkdaş əlavə etməsk və ya yeniləməsi baş vermədi.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Demo administrator istifadəçisini silə bilməzsiniz.",
"error_updating_demo_admin" => "Demo administrator istifadəçisini dəyişə bilməzsiniz.",
"language" => "Dil",

1
app/Language/az/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "Topdan satiış - doldurulması vacib sahə.",
"count" => "inventorun yenilənməsi",
"csv_import_failed" => "səhv csv import",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Yüklənmiş faylda məlumat yoxdur və ya düzgün formatlanmır.",
"csv_import_partially_failed" => "Xətlərdə {0} element idxalı uğursuzluq (lar) var: {1}. Heç bir sıra idxal edilmədi.",
"csv_import_success" => "Malların İdxalı Uğurla Həyata Keçdi.",

9
app/Language/az/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "Giriş",
"logout" => "Çıxış",
"migration_needed" => "{0} -ə daxil olandan sonra verilənlər bazası miqrasiyası başlayacaq.",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "Şifrə",
"required_username" => "",
"username" => "İstifadəçi",

6
app/Language/az/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "Əməkdaş",
"entry" => "Daxil",
"error_editing_item" => "XƏTA Malın redaktəsində",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "Malın axtarışı",
"find_or_scan_item_or_receipt" => "Tapmaq skan etmək və ya kvitansiya",
"giftcard" => "Hədiyyə Kartı",

1
app/Language/bg/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "",
"confirm_restore" => "",
"definition_cannot_be_deleted" => "",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "",
"definition_flags" => "",
"definition_group" => "",

16
app/Language/bg/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "Всичко/и",
'columns' => "Колони",
'hide_show_pagination' => "Скриване / Показване на страници",
'loading' => "Зареждане, моля изчакайте",
'page_from_to' => "Показани са {0} до {1} от {2} реда",
'refresh' => "Опресняване",
'rows_per_page' => "{0} редове на страница",
'toggle' => "Щифт",
"all" => "Всичко/и",
"columns" => "Колони",
"hide_show_pagination" => "Скриване / Показване на страници",
"loading" => "Зареждане, моля изчакайте...",
"page_from_to" => "Показани са {0} до {1} от {2} реда",
"refresh" => "Опресняване",
"rows_per_page" => "{0} редове на страница",
"toggle" => "Щифт",
];

1
app/Language/bg/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "Right",
"sales_invoice_format" => "Sales Invoice Format",
"sales_quote_format" => "Sales Quote Format",
"mailpath_invalid" => "",
"saved_successfully" => "Configuration save successful.",
"saved_unsuccessfully" => "Configuration save failed.",
"security_issue" => "Security Vulnerability Warning",

2
app/Language/bg/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "Текущата парола е невалидна.",
"employee" => "Служител",
"error_adding_updating" => "Добавянето или актуализирането на служителите е неуспешно.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Не може да изтриете Пробният Администратор.",
"error_updating_demo_admin" => "Не може да промените Пробният Администратор.",
"language" => "Език",

1
app/Language/bg/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "Wholesale Price is a required field.",
"count" => "Update Inventory",
"csv_import_failed" => "CSV import failed",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "The uploaded file has no data or is formatted incorrectly.",
"csv_import_partially_failed" => "Item import successful with some failures:",
"csv_import_success" => "Item import successful.",

9
app/Language/bg/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "Login",
"logout" => "",
"migration_needed" => "",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "Password",
"required_username" => "",
"username" => "Username",

6
app/Language/bg/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "Служител",
"entry" => "Вход",
"error_editing_item" => "Грешка при редактирането на елемента",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "Намерете или сканирайте елемента",
"find_or_scan_item_or_receipt" => "Намерете или сканирайте елемент или разпис",
"giftcard" => "Gift Карта",

1
app/Language/bs/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "Da li ste sigurni da želite da izbrišete izabrani atribut?",
"confirm_restore" => "Da li ste sigurni da želite vratiti izabrane atribute?",
"definition_cannot_be_deleted" => "Nije moguće izbrisati izabrane atribut",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "Atribut {0} nije moguće dodati ili ažurirati. Molimo provjerite dnevnik grešaka.",
"definition_flags" => "Vidljivost atributa",
"definition_group" => "Grupa",

16
app/Language/bs/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "Sve",
'columns' => "Kolone",
'hide_show_pagination' => "Sakrij / prikaži paginaciju",
'loading' => "Učitavanje sačekajte",
'page_from_to' => "Prikazivanje {0} do {1} od {2} redova",
'refresh' => "Osvježi",
'rows_per_page' => "{0} redova po stranici",
'toggle' => "Promijeni prikaz",
"all" => "Sve",
"columns" => "Kolone",
"hide_show_pagination" => "Sakrij / prikaži paginaciju",
"loading" => "Učitavanje sačekajte...",
"page_from_to" => "Prikazivanje {0} do {1} od {2} redova",
"refresh" => "Osvježi",
"rows_per_page" => "{0} redova po stranici",
"toggle" => "Promijeni prikaz",
];

1
app/Language/bs/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "Desno",
"sales_invoice_format" => "Format fakture",
"sales_quote_format" => "Format navedene prodaje",
"mailpath_invalid" => "",
"saved_successfully" => "Konfiguracija je uspješno snimljena.",
"saved_unsuccessfully" => "Konfiguracija nije uspješno snimljena.",
"security_issue" => "Upozorenje o sigurnosnoj ranjivosti",

2
app/Language/bs/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "Trenutna lozinka je nevažeća.",
"employee" => "Zaposlenik",
"error_adding_updating" => "Dodavanje ili ažuriranje zaposlenika nije uspjelo.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Ne možete izbrisati demo korisnika administratora.",
"error_updating_demo_admin" => "Ne možete promijeniti korisnika demo administratora.",
"language" => "Jezik",

1
app/Language/bs/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "Fakturna cijena je obavezno polje.",
"count" => "Ažuriraj zalihu",
"csv_import_failed" => "Uvoz CSV-a nije uspio",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Učitana CSV datoteka nema podatke ili je pogrešno formatirana.",
"csv_import_partially_failed" => "Bilo je {0} grešaka pri uvozu stavke na liniji: {1}. Nijedan red nije uvezen.",
"csv_import_success" => "Uvoz CSV stavke je uspješan.",

9
app/Language/bs/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "Prijava",
"logout" => "Odjava",
"migration_needed" => "Migracija baze podataka na {0} će početi nakon prijavljivanja.",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "Lozinka",
"required_username" => "",
"username" => "Korisničko ime",

6
app/Language/bs/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "Zaposlenik",
"entry" => "Ulaz",
"error_editing_item" => "Greška pri uređivanju artikla",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "Pronađi/Skeniraj artikal",
"find_or_scan_item_or_receipt" => "Pronađi/Skeniraj artikal ili priznanicu",
"giftcard" => "Poklon kartica",

1
app/Language/ckb/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بسڕیتەوە؟",
"confirm_restore" => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بگەڕێنیتەوە؟",
"definition_cannot_be_deleted" => "نەتوانرا تایبەتمەندی هەڵبژێردراو بسڕدرێتەوە",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "تایبەتمەندی {0} نەتوانرا زیاد بکرێت یان نوێ بکرێتەوە. تکایە لیستی هەڵەکان بپشکنە.",
"definition_flags" => "توانای بینراویی تایبەتمەندی",
"definition_group" => "گروپ",

16
app/Language/ckb/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "هەموو",
'columns' => "ستنوونەکان",
'hide_show_pagination' => "شاردنەوە/پێشاندانی لاپەڕەسازی",
'loading' => "بارکردن، تکایە چاوەڕوان بن",
'page_from_to' => "پیشاندانی {0} بۆ {1} لە {2} ڕیزەکان",
'refresh' => "ڕفرێش",
'rows_per_page' => "{0} ڕیز بۆ هەر لاپەڕەیەک",
'toggle' => "دوگمە",
"all" => "هەموو",
"columns" => "ستنوونەکان",
"hide_show_pagination" => "شاردنەوە/پێشاندانی لاپەڕەسازی",
"loading" => "بارکردن، تکایە چاوەڕوان بن...",
"page_from_to" => "پیشاندانی {0} بۆ {1} لە {2} ڕیزەکان",
"refresh" => "ڕفرێش",
"rows_per_page" => "{0} ڕیز بۆ هەر لاپەڕەیەک",
"toggle" => "دوگمە",
];

2
app/Language/ckb/Employees.php
View File

@@ -14,8 +14,6 @@ return [
'current_password_invalid' => "وشەی نهێنی ئێستا نادروستە.",
'employee' => "فەرمانبەر",
'error_adding_updating' => "زیادکردن یان نوێکردنەوەی کارمەند سەرکەوتوو نەبوو.",
'error_deleting_admin' => "",
'error_updating_admin' => "",
'error_deleting_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمینی تاقیکردنەوەیی بسڕیتەوە.",
'error_updating_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمین تاقیکردنەوەیی بگۆڕیت.",
'language' => "زمان",

1
app/Language/ckb/Items.php
View File

@@ -26,7 +26,6 @@ return [
'cost_price_required' => "نرخی جوملە خانەیەکی پێویستە.",
'count' => "جەرد نوێ بکەوە",
'csv_import_failed' => "هاوردەکردنی CSV سەرکەوتوو نەبوو",
'csv_import_invalid_location' => "",
'csv_import_nodata_wrongformat' => "پەڕگەی CSV بارکراو هیچ داتایەکی نییە یان بە هەڵە فۆرمات کراوە.",
'csv_import_partially_failed' => "{0} شکستی هاوردەکردنی بابەتی لەسەر هێڵەکان هەبوو: {1}. هیچ ڕیزێک هاوردە نەکرا.",
'csv_import_success' => "بابەتی هاوردەکردنی CSV سەرکەوتوو بوو.",

9
app/Language/ckb/Login.php
View File

@@ -9,15 +9,6 @@ return [
'login' => "چوونەژوورەوە",
'logout' => "چوونەدەرەوە",
'migration_needed' => "گواستنەوەی داتابەیس بۆ {0} دوای چوونەژوورەوە دەست پێدەکات.",
'migration_required' => "",
'migration_auth_message' => "",
'migration_initializing' => "",
'migration_running' => "",
'migration_complete' => "",
'migration_complete_login' => "",
'migration_failed' => "",
'migration_error_connection' => "",
'migration_complete_redirect' => "",
'password' => "وشەی نهێنی",
'required_username' => "خانەی ناوی بەکارهێنەر پێویستە.",
'username' => "ناوی بەکارهێنەر",

6
app/Language/ckb/Sales.php
View File

@@ -73,12 +73,6 @@ return [
'employee' => "فەرمانبەر",
'entry' => "تۆمار",
'error_editing_item' => "هەڵە لە دەستکاریکردنی ئایتم",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
'find_or_scan_item' => "دۆزینەوە یان سکانکردنی ئایتم",
'find_or_scan_item_or_receipt' => "دۆزینەوە یان سکانکردنی ئایتم یان پسوڵە",
'giftcard' => "کارتی دیاری",

1
app/Language/cs/Attributes.php
View File

@@ -5,7 +5,6 @@ return [
"confirm_delete" => "",
"confirm_restore" => "",
"definition_cannot_be_deleted" => "",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "",
"definition_flags" => "",
"definition_group" => "",

16
app/Language/cs/Bootstrap_tables.php
View File

@@ -1,12 +1,12 @@
<?php
return [
'all' => "Vše",
'columns' => "Sloupce",
'hide_show_pagination' => "Zobrazit/skrýt stránkování",
'loading' => "Nahrávám, prosím počkejte",
'page_from_to' => "Zobrazeno {0} až {1} z {2} řádků",
'refresh' => "Obnovit",
'rows_per_page' => "{0} řádků na stránku",
'toggle' => "Přepnout",
"all" => "Vše",
"columns" => "Sloupce",
"hide_show_pagination" => "Zobrazit/skrýt stránkování",
"loading" => "Nahrávám, prosím počkejte...",
"page_from_to" => "Zobrazeno {0} až {1} z {2} řádků",
"refresh" => "Obnovit",
"rows_per_page" => "{0} řádků na stránku",
"toggle" => "Přepnout",
];

1
app/Language/cs/Config.php
View File

@@ -282,7 +282,6 @@ return [
"right" => "",
"sales_invoice_format" => "",
"sales_quote_format" => "",
"mailpath_invalid" => "",
"saved_successfully" => "",
"saved_unsuccessfully" => "",
"security_issue" => "Security Vulnerability Warning",

2
app/Language/cs/Employees.php
View File

@@ -14,8 +14,6 @@ return [
"current_password_invalid" => "",
"employee" => "",
"error_adding_updating" => "",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "",
"error_updating_demo_admin" => "",
"language" => "",

1
app/Language/cs/Items.php
View File

@@ -26,7 +26,6 @@ return [
"cost_price_required" => "Musíte zadat nákupní cenu.",
"count" => "Upravit množství",
"csv_import_failed" => "Import z CSVu se nepovedl",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Nahraný soubor neobsahuje žádná data nebo má špatný formát.",
"csv_import_partially_failed" => "Při importu položek došlo k několika chybám:",
"csv_import_success" => "Import položek proběhl bez chyby.",

9
app/Language/cs/Login.php
View File

@@ -9,15 +9,6 @@ return [
"login" => "Login",
"logout" => "",
"migration_needed" => "",
"migration_required" => "",
"migration_auth_message" => "",
"migration_initializing" => "",
"migration_running" => "",
"migration_complete" => "",
"migration_complete_login" => "",
"migration_failed" => "",
"migration_error_connection" => "",
"migration_complete_redirect" => "",
"password" => "Heslo",
"required_username" => "",
"username" => "Uživatelské jméno",

6
app/Language/cs/Sales.php
View File

@@ -73,12 +73,6 @@ return [
"employee" => "Prodávající",
"entry" => "Záznam",
"error_editing_item" => "Chyba při úpravě položky",
"negative_price_invalid" => "",
"negative_quantity_invalid" => "",
"negative_discount_invalid" => "",
"discount_percent_exceeds_100" => "",
"discount_exceeds_item_total" => "",
"negative_total_invalid" => "",
"find_or_scan_item" => "Najít nebo skenovat položku",
"find_or_scan_item_or_receipt" => "Najít nebo skenovat položku či účtenku",
"giftcard" => "Dárkový poukaz",

Some files were not shown because too many files have changed in this diff Show More