-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
116 lines (102 loc) · 3.67 KB
/
index.php
File metadata and controls
116 lines (102 loc) · 3.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
/**
* DRXStore v1.0 - Front Controller
* Works from root OR any subdirectory (drxstore, webroot, etc.)
* Developed by Vineet
*/
// Buffer ALL output - prevents "headers already sent" from any warning/notice
ob_start();
// Define ROOT once here - config/app.php guards against re-definition
if (!defined('ROOT')) define('ROOT', __DIR__);
require_once ROOT . '/config/app.php';
// Start session BEFORE any output or redirect
startSession();
$p = preg_replace('/[^a-z0-9_]/', '', get('p', ''));
// ── Setup guard ──────────────────────────────────────────────────────────
// Check settings table exists AND has a row (not just table present but empty)
$setupDone = false;
try {
$setupDone = $db->count('settings') > 0;
} catch (Exception $e) {
// Table might not exist yet — treat as not set up
$setupDone = false;
}
if (!$setupDone && $p !== 'setup' && $p !== 'login' && $p !== 'logout') {
// If user has an active session but settings are gone (e.g. after DB restore),
// destroy the stale session so they land on setup cleanly
if (!empty($_SESSION['admin_id'])) {
session_destroy();
session_start();
}
header('Location: index.php?p=setup');
ob_end_flush();
exit;
}
// Logout
if ($p === 'logout') {
$pr = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $pr['path'], $pr['domain'], $pr['secure'], $pr['httponly']);
$_SESSION = [];
session_destroy();
header('Location: index.php?p=login');
ob_end_flush();
exit;
}
// Route map
$routes = [
'setup' => 'setup/wizard',
'login' => 'admin/login',
// Admin
'dashboard' => 'admin/dashboard',
'medicines' => 'admin/medicines',
'batches' => 'admin/batches',
'adjust' => 'admin/adjust_stock',
'suppliers' => 'admin/suppliers',
'purchase' => 'admin/purchase',
'view_po' => 'admin/view_po',
'sales' => 'admin/sales',
'sales_hist' => 'admin/sales_history',
'invoice' => 'admin/invoice',
'view_inv' => 'admin/view_invoice',
'customers' => 'admin/customers',
'returns' => 'admin/returns',
'discounts' => 'admin/discounts',
'ledger' => 'admin/ledger',
'reports' => 'admin/reports',
'expiry' => 'admin/expiry_report',
'users' => 'admin/users',
'settings' => 'admin/settings',
'sw_update' => 'admin/software_update',
// Cart
'cart_add' => 'admin/cart_add',
'cart_remove' => 'admin/cart_remove',
'cart_clear' => 'admin/cart_clear',
'cart_setcust'=> 'admin/cart_setcust',
'finalize' => 'admin/finalize_sale',
'get_batches' => 'admin/get_batches',
// API
'smtp_test' => 'admin/smtp_test',
'serve_file' => 'admin/serve_file',
];
// Default routing
if ($p === '') {
if (!empty($_SESSION['admin_id'])) { header('Location: index.php?p=dashboard'); ob_end_flush(); exit; }
header('Location: index.php?p=login');
ob_end_flush();
exit;
}
$target = $routes[$p] ?? null;
if (!$target) {
ob_end_clean();
http_response_code(404);
die('<div style="font-family:sans-serif;padding:30px"><h1>404</h1><p>Page not found.</p><a href="index.php">Home</a></div>');
}
$file = ROOT . '/public/' . $target . '.php';
if (!file_exists($file)) {
ob_end_clean();
http_response_code(500);
die('<div style="font-family:sans-serif;padding:30px;color:#991b1b"><h2>Error</h2><p>Missing: ' . htmlspecialchars($target) . '.php</p></div>');
}
// Pages handle their own output - discard the buffer (pages output directly)
ob_end_clean();
require $file;