ChesnoTech · ChesnoTech · May 7, 2026 · May 7, 2026
diff --git a/.gitignore b/.gitignore
@@ -23,6 +23,9 @@ logs/
 # Don't commit 12MB+ artifacts — every dev rebuilds locally on first commit.
 **/graphify-out/
 
+# ── Uploaded client artifacts (per-instance, regenerated at runtime) ──
+FINAL_PRODUCTION_SYSTEM/uploads/client-resources/
+
 # ── PHP Dependencies (managed by Composer) ────────────────
 FINAL_PRODUCTION_SYSTEM/vendor/
 

diff --git a/FINAL_PRODUCTION_SYSTEM/admin_v2.php b/FINAL_PRODUCTION_SYSTEM/admin_v2.php
@@ -154,7 +154,7 @@
 if (isset($_POST['action']) && $_POST['action'] === 'change_language' && isset($_POST['language'])) {
     $newLang = preg_replace('/[^a-z]/', '', strtolower($_POST['language']));
     if (in_array($newLang, ['en', 'ru'])) {
-        $stmt = $pdo->prepare("UPDATE admin_users SET preferred_language = ? WHERE id = ?");
+        $stmt = $pdo->prepare("UPDATE `" . t('admin_users') . "` SET preferred_language = ? WHERE id = ?");
         $stmt->execute([$newLang, $admin_session['admin_id']]);
         loadLanguage($newLang);
         if (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
@@ -404,7 +404,7 @@
 // Handle logout
 if (isset($_GET['logout'])) {
     if (isset($_SESSION['admin_token'])) {
-        $stmt = $pdo->prepare("UPDATE admin_sessions SET is_active = 0 WHERE session_token = ?");
+        $stmt = $pdo->prepare("UPDATE `" . t('admin_sessions') . "` SET is_active = 0 WHERE session_token = ?");
         $stmt->execute([$_SESSION['admin_token']]);
     }
     session_destroy();

diff --git a/FINAL_PRODUCTION_SYSTEM/api/authenticate-usb.php b/FINAL_PRODUCTION_SYSTEM/api/authenticate-usb.php
@@ -90,8 +90,8 @@
     // Find USB device by serial number
     $stmt = $pdo->prepare("
         SELECT d.*, t.full_name, t.is_active
-        FROM usb_devices d
-        INNER JOIN technicians t ON d.technician_id = t.technician_id
+        FROM `" . t('usb_devices') . "` d
+        INNER JOIN `" . t('technicians') . "` t ON d.technician_id = t.technician_id
         WHERE d.device_serial_number = ?
     ");
     $stmt->execute([$usbSerialNumber]);
@@ -165,7 +165,7 @@
 
     // Insert session
     $stmt = $pdo->prepare("
-        INSERT INTO active_sessions (
+        INSERT INTO `" . t('active_sessions') . "` (
             technician_id, session_token, created_at, expires_at,
             is_active, auth_method, usb_device_id, computer_name
         ) VALUES (?, ?, NOW(), ?, 1, 'usb', ?, ?)
@@ -180,7 +180,7 @@
 
     // Update USB device last used info
     $stmt = $pdo->prepare("
-        UPDATE usb_devices
+        UPDATE `" . t('usb_devices') . "`
         SET last_used_date = NOW(),
             last_used_ip = ?,
             last_used_computer_name = ?,
@@ -191,7 +191,7 @@
 
     // Update technician last login
     $stmt = $pdo->prepare("
-        UPDATE technicians
+        UPDATE `" . t('technicians') . "`
         SET last_login = NOW(),
             failed_login_attempts = 0,
             locked_until = NULL

diff --git a/FINAL_PRODUCTION_SYSTEM/api/change-password.php b/FINAL_PRODUCTION_SYSTEM/api/change-password.php
@@ -29,7 +29,7 @@
 try {
     // Get technician details
     $stmt = $pdo->prepare("
-        SELECT * FROM technicians 
+        SELECT * FROM `" . t('technicians') . "` 
         WHERE technician_id = ? AND is_active = 1
     ");
     $stmt->execute([$technician_id]);
@@ -63,7 +63,7 @@
     $new_password_hash = password_hash($new_password, PASSWORD_BCRYPT, ['cost' => BCRYPT_COST]);
 
     $stmt = $pdo->prepare("
-        UPDATE technicians
+        UPDATE `" . t('technicians') . "`
         SET password_hash = ?, temp_password = NULL, must_change_password = FALSE
         WHERE technician_id = ?
     ");

diff --git a/FINAL_PRODUCTION_SYSTEM/api/collect-hardware-v2.php b/FINAL_PRODUCTION_SYSTEM/api/collect-hardware-v2.php
@@ -26,8 +26,8 @@
     // Validate session token and get technician info
     $stmt = $pdo->prepare("
         SELECT s.technician_id, t.full_name, s.expires_at
-        FROM active_sessions s
-        INNER JOIN technicians t ON s.technician_id = t.technician_id
+        FROM `" . t('active_sessions') . "` s
+        INNER JOIN `" . t('technicians') . "` t ON s.technician_id = t.technician_id
         WHERE s.session_token = ?
           AND s.expires_at > NOW()
         LIMIT 1
@@ -44,7 +44,7 @@
     // Check if hardware info already exists for this order number
     $stmt = $pdo->prepare("
         SELECT id, collection_timestamp
-        FROM hardware_info
+        FROM `" . t('hardware_info') . "`
         WHERE order_number = ?
         ORDER BY collection_timestamp DESC
         LIMIT 1
@@ -164,7 +164,7 @@
 
     // Insert hardware information
     $stmt = $pdo->prepare("
-        INSERT INTO hardware_info (
+        INSERT INTO `" . t('hardware_info') . "` (
             activation_id, order_number, technician_id, session_token,
             motherboard_manufacturer, motherboard_product, motherboard_serial, motherboard_version,
             bios_manufacturer, bios_version, bios_release_date, bios_serial_number,
@@ -280,7 +280,7 @@
 
     // Log the collection attempt
     $stmt = $pdo->prepare("
-        INSERT INTO hardware_collection_log (
+        INSERT INTO `" . t('hardware_collection_log') . "` (
             order_number, technician_id, session_token, hardware_info_id, collection_status
         ) VALUES (?, ?, ?, ?, 'success')
     ");
@@ -316,7 +316,7 @@
     try {
         if (isset($technicianId) && isset($orderNumber) && isset($sessionToken)) {
             $stmt = $pdo->prepare("
-                INSERT INTO hardware_collection_log (
+                INSERT INTO `" . t('hardware_collection_log') . "` (
                     order_number, technician_id, session_token, hardware_info_id,
                     collection_status, error_message
                 ) VALUES (?, ?, ?, NULL, 'failed', ?)

diff --git a/FINAL_PRODUCTION_SYSTEM/api/download-resource.php b/FINAL_PRODUCTION_SYSTEM/api/download-resource.php
@@ -30,7 +30,7 @@
     // Validate session token
     $stmt = $pdo->prepare("
         SELECT s.technician_id
-        FROM active_sessions s
+        FROM `" . t('active_sessions') . "` s
         WHERE s.session_token = ? AND s.expires_at > NOW()
     ");
     $stmt->execute([$sessionToken]);
@@ -43,7 +43,7 @@
     }
 
     // Look up the resource
-    $stmt = $pdo->prepare("SELECT * FROM client_resources WHERE resource_key = ?");
+    $stmt = $pdo->prepare("SELECT * FROM `" . t('client_resources') . "` WHERE resource_key = ?");
     $stmt->execute([$resourceKey]);
     $resource = $stmt->fetch(PDO::FETCH_ASSOC);
 

diff --git a/FINAL_PRODUCTION_SYSTEM/api/get-alt-server-config.php b/FINAL_PRODUCTION_SYSTEM/api/get-alt-server-config.php
@@ -23,8 +23,8 @@
     // Verify valid session and get technician preferences
     $stmt = $pdo->prepare("
         SELECT s.technician_id, t.preferred_server
-        FROM active_sessions s
-        INNER JOIN technicians t ON s.technician_id = t.technician_id
+        FROM `" . t('active_sessions') . "` s
+        INNER JOIN `" . t('technicians') . "` t ON s.technician_id = t.technician_id
         WHERE s.session_token = ? AND s.expires_at > NOW()
     ");
     $stmt->execute([$sessionToken]);
@@ -38,7 +38,7 @@
     // Helper function to get config value
     function getConfig($key) {
         global $pdo;
-        $stmt = $pdo->prepare("SELECT config_value FROM system_config WHERE config_key = ?");
+        $stmt = $pdo->prepare("SELECT config_value FROM `" . t('system_config') . "` WHERE config_key = ?");
         $stmt->execute([$key]);
         $result = $stmt->fetch(PDO::FETCH_ASSOC);
         return $result ? $result['config_value'] : null;

diff --git a/FINAL_PRODUCTION_SYSTEM/api/get-client-config.php b/FINAL_PRODUCTION_SYSTEM/api/get-client-config.php
@@ -23,7 +23,7 @@
     // Verify valid session
     $stmt = $pdo->prepare("
         SELECT s.technician_id
-        FROM active_sessions s
+        FROM `" . t('active_sessions') . "` s
         WHERE s.session_token = ? AND s.expires_at > NOW()
     ");
     $stmt->execute([$sessionToken]);

diff --git a/FINAL_PRODUCTION_SYSTEM/api/get-key.php b/FINAL_PRODUCTION_SYSTEM/api/get-key.php
@@ -21,7 +21,7 @@
         if (qcIsEnabled($pdo)) {
             $globalSettings = qcGetGlobalSettings($pdo);
             if (!empty($globalSettings['blocking_prevents_key'])) {
-                $hwStmt = $pdo->prepare("SELECT id FROM hardware_info WHERE order_number = ? ORDER BY collection_timestamp DESC LIMIT 1");
+                $hwStmt = $pdo->prepare("SELECT id FROM `" . t('hardware_info') . "` WHERE order_number = ? ORDER BY collection_timestamp DESC LIMIT 1");
                 $hwStmt->execute([$order_number]);
                 $hwRow = $hwStmt->fetch(PDO::FETCH_ASSOC);
                 if ($hwRow && qcHasBlockingIssues($pdo, (int) $hwRow['id'])) {
@@ -47,7 +47,7 @@
         // Update existing session with new order number if different
         if ($existing_session['order_number'] !== $order_number) {
             $stmt = $pdo->prepare("
-                UPDATE active_sessions 
+                UPDATE `" . t('active_sessions') . "` 
                 SET order_number = ?, expires_at = DATE_ADD(NOW(), INTERVAL ? MINUTE)
                 WHERE id = ?
             ");
@@ -74,7 +74,7 @@
         $pdo->rollback();
 
         // Check if ANY keys exist vs. all keys exhausted (for automatic failover)
-        $stmt = $pdo->prepare("SELECT COUNT(*) as available_count FROM oem_keys WHERE key_status IN ('unused', 'retry')");
+        $stmt = $pdo->prepare("SELECT COUNT(*) as available_count FROM `" . t('oem_keys') . "` WHERE key_status IN ('unused', 'retry')");
         $stmt->execute();
         $availableCount = $stmt->fetch(PDO::FETCH_ASSOC)['available_count'];
 
@@ -104,7 +104,7 @@
 
     // Insert new session (we already checked for existing sessions above)
     $stmt = $pdo->prepare("
-        INSERT INTO active_sessions (technician_id, session_token, key_id, order_number, expires_at, auth_method, computer_name)
+        INSERT INTO `" . t('active_sessions') . "` (technician_id, session_token, key_id, order_number, expires_at, auth_method, computer_name)
         VALUES (?, ?, ?, ?, ?, 'password', ?)
     ");
     $stmt->execute([$technician_id, $session_token, $key['id'], $order_number, $expires_at, $computerName]);
@@ -121,7 +121,7 @@
     // Check key pool levels and send alerts if needed
     try {
         $edition = $key['product_type'] ?? 'Unknown';
-        $poolStmt = $pdo->prepare("SELECT COUNT(*) as remaining FROM oem_keys WHERE key_status IN ('unused', 'retry') AND product_type = ?");
+        $poolStmt = $pdo->prepare("SELECT COUNT(*) as remaining FROM `" . t('oem_keys') . "` WHERE key_status IN ('unused', 'retry') AND product_type = ?");
         $poolStmt->execute([$edition]);
         $remaining = (int)$poolStmt->fetch()['remaining'];
 

diff --git a/FINAL_PRODUCTION_SYSTEM/api/import-csv.php b/FINAL_PRODUCTION_SYSTEM/api/import-csv.php
@@ -66,7 +66,7 @@
         // Try to insert key
         try {
             $stmt = $pdo->prepare("
-                INSERT INTO oem_keys (product_key, oem_identifier, barcode, key_status, roll_serial)
+                INSERT INTO `" . t('oem_keys') . "` (product_key, oem_identifier, barcode, key_status, roll_serial)
                 VALUES (?, ?, ?, ?, 'imported')
             ");
             $stmt->execute([$product_key, $oem_identifier, $barcode, $key_status]);

diff --git a/FINAL_PRODUCTION_SYSTEM/api/login.php b/FINAL_PRODUCTION_SYSTEM/api/login.php
@@ -16,7 +16,7 @@
 try {
     // Get technician details (including language preference)
     $stmt = $pdo->prepare("
-        SELECT * FROM technicians
+        SELECT * FROM `" . t('technicians') . "`
         WHERE technician_id = ? AND is_active = 1
     ");
     $stmt->execute([$technician_id]);
@@ -64,7 +64,7 @@
         }
 
         $stmt = $pdo->prepare("
-            UPDATE technicians 
+            UPDATE `" . t('technicians') . "` 
             SET failed_login_attempts = ?, locked_until = ?
             WHERE technician_id = ?
         ");
@@ -94,7 +94,7 @@
 
     // Login successful - reset failed attempts
     $stmt = $pdo->prepare("
-        UPDATE technicians 
+        UPDATE `" . t('technicians') . "` 
         SET failed_login_attempts = 0, locked_until = NULL, last_login = NOW()
         WHERE technician_id = ?
     ");
@@ -137,7 +137,7 @@
 
     // Include active product lines for order type selection
     try {
-        $plStmt = $pdo->query("SELECT id, name, order_pattern, description FROM product_lines WHERE is_active = 1 ORDER BY name ASC");
+        $plStmt = $pdo->query("SELECT id, name, order_pattern, description FROM `" . t('product_lines') . "` WHERE is_active = 1 ORDER BY name ASC");
         $productLines = $plStmt->fetchAll(PDO::FETCH_ASSOC);
         if (!empty($productLines)) {
             $response['product_lines'] = array_map(function($pl) {

diff --git a/FINAL_PRODUCTION_SYSTEM/api/middleware/RateLimiter.php b/FINAL_PRODUCTION_SYSTEM/api/middleware/RateLimiter.php
@@ -140,7 +140,7 @@ public function logViolation($identifier, $action, $endpoint, $requestCount, $li
 
         try {
             $stmt = $pdo->prepare("
-                INSERT INTO rate_limit_violations (
+                INSERT INTO `" . t('rate_limit_violations') . "` (
                     identifier, action, endpoint, client_ip, user_agent,
                     request_count, limit_threshold, window_seconds
                 ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)

diff --git a/FINAL_PRODUCTION_SYSTEM/api/report-result.php b/FINAL_PRODUCTION_SYSTEM/api/report-result.php
@@ -126,7 +126,7 @@ function validateAPIAccess(): bool {
 }
 
 // NEW: Check if unique ID already exists (prevent duplicates)
-$stmt = $pdo->prepare("SELECT id FROM activation_attempts WHERE activation_unique_id = ?");
+$stmt = $pdo->prepare("SELECT id FROM `" . t('activation_attempts') . "` WHERE activation_unique_id = ?");
 $stmt->execute([$activationUniqueId]);
 if ($stmt->fetch()) {
     jsonResponse([
@@ -156,7 +156,7 @@ function validateAPIAccess(): bool {
 
     // Record activation attempt with all required fields
     $stmt = $pdo->prepare("
-        INSERT INTO activation_attempts (
+        INSERT INTO `" . t('activation_attempts') . "` (
             key_id,
             technician_id,
             order_number,
@@ -203,7 +203,7 @@ function validateAPIAccess(): bool {
     if ($result === 'success') {
         // Success path: Mark key as good and deactivate session
         $stmt = $pdo->prepare("
-            UPDATE oem_keys
+            UPDATE `" . t('oem_keys') . "`
             SET key_status = 'good',
                 updated_at = NOW()
             WHERE id = ?
@@ -212,7 +212,7 @@ function validateAPIAccess(): bool {
 
         // Deactivate session (activation complete)
         $stmt = $pdo->prepare("
-            UPDATE active_sessions
+            UPDATE `" . t('active_sessions') . "`
             SET is_active = 0
             WHERE id = ?
         ");
@@ -226,7 +226,7 @@ function validateAPIAccess(): bool {
     } else {
         // Failure path: Update fail counter and determine key status
         $stmt = $pdo->prepare("
-            UPDATE oem_keys
+            UPDATE `" . t('oem_keys') . "`
             SET fail_counter = fail_counter + 1,
                 updated_at = NOW()
             WHERE id = ?
@@ -236,7 +236,7 @@ function validateAPIAccess(): bool {
         // Get updated fail counter
         $stmt = $pdo->prepare("
             SELECT fail_counter, product_key, oem_identifier
-            FROM oem_keys
+            FROM `" . t('oem_keys') . "`
             WHERE id = ?
         ");
         $stmt->execute([$session['key_id']]);
@@ -253,7 +253,7 @@ function validateAPIAccess(): bool {
         if ($failCounter >= $maxAttempts) {
             // Mark as bad after max failures
             $stmt = $pdo->prepare("
-                UPDATE oem_keys
+                UPDATE `" . t('oem_keys') . "`
                 SET key_status = 'bad'
                 WHERE id = ?
             ");
@@ -264,7 +264,7 @@ function validateAPIAccess(): bool {
 
             // Deactivate session (key is bad)
             $stmt = $pdo->prepare("
-                UPDATE active_sessions
+                UPDATE `" . t('active_sessions') . "`
                 SET is_active = 0
                 WHERE id = ?
             ");
@@ -275,7 +275,7 @@ function validateAPIAccess(): bool {
         } else {
             // Mark for retry
             $stmt = $pdo->prepare("
-                UPDATE oem_keys
+                UPDATE `" . t('oem_keys') . "`
                 SET key_status = 'retry'
                 WHERE id = ?
             ");
@@ -382,7 +382,7 @@ function sendEmailNotification(
         if ($keyData === null) {
             $stmt = $pdo->prepare("
                 SELECT product_key, oem_identifier, fail_counter, key_status
-                FROM oem_keys
+                FROM `" . t('oem_keys') . "`
                 WHERE id = ?
             ");
             $stmt->execute([$session['key_id']]);
@@ -396,7 +396,7 @@ function sendEmailNotification(
         // Get technician full name
         $stmt = $pdo->prepare("
             SELECT full_name, email
-            FROM technicians
+            FROM `" . t('technicians') . "`
             WHERE technician_id = ?
         ");
         $stmt->execute([$session['technician_id']]);