- Application: Restaurant POS (Point of Sale).
- Stack: PHP + MySQL + vanilla JavaScript + HTML/CSS.
- Purpose: manage menu, orders, customers, staff, and sales analytics.
- Install XAMPP or similar (Apache + MySQL).
- Place project in web root (e.g.
C:\xampp\htdocs\Nadine-system). - Create MySQL database
ordering_system. - Import schema and seed data as needed (not included in this summary).
- Open
src/config/config.phpto configure DB credentials and base URL.
src/config/config.php:- Starts session.
- Connects to MySQL:
new mysqli("localhost", "root", "", "ordering_system"). - Sets
base_url = "http://localhost/Nadine-system/". checkLogin(): redirects toauth/login.phpif not signed in.checkRole($roles): redirects toauth/unauthorized.phpwhen unauthorized.
auth/: login/logout/unauthorized.src/dashboard/: stat endpoints for charts.src/manage/: menu CRUD and management.src/menu/: menu browsing, search, checkout.src/order/: order list, details, status update, payments, search.src/accounts/: staff accounts management.src/users/: customer and user dashboards.assets/: CSS and JS behavior.
- Requires login.
- Outputs monthly sales JSON by payment status using query on
order_items+orders. - Return format:
month,paid_total,pending_total,refunded_total,total.
- Script includes
src/config/config.php. - Calls
checkLogin()at top. - Optional
checkRole([...])for role-based access. - Runs query logic and renders output (HTML or JSON).
- Many scripts use direct SQL concatenation with
$_POST/$_GET: SQL injection risk. - No CSRF tokens.
- No explicit input validation or sanitization paths in this module.
- Recommended: move to prepared statements, strict parameter validation, CSRF protection.
- Login required pages include
checkLogin(). - Navigation and UI share components in
src/include/sidebar.php. - For new API endpoint: use same pattern, echo JSON, central include config/auth.
- Add
README.mdupdate to document routes and schema. - Add
docs/architecture.mdwith data diagram and models. - Build an
api-docsfor UI chart services.
authhandles login session and unauthorized view.src/config/config.phpmanages session, DB, base URL, role guard.dashboardendpoints are JSON data sources for graphs.manageendpoint pages handle menu create/read/update/delete.menufolder serves public-facing menu, search and checkout.orderfolder serves order lifecycle (list, details, status updates, payment updates).accountsmaintains staff users and profile actions.usersare UI / dashboards for customers, maybe listing.
| Route | Type | Description |
|---|---|---|
auth/login.php |
Web form | Login page |
auth/logout.php |
Action | Destroy session and redirect |
auth/unauthorized.php |
Web page | Role denied status |
db/fetch_data.php |
JSON API | Monthly sales by payment status |
src/dashboard/weekly_sales.php |
JSON API | Weekly sales data |
src/dashboard/monthly_sales.php |
JSON API | Monthly sales data |
src/dashboard/recent_orders.php |
JSON API | Latest orders list |
src/manage/add_menu.php |
Action | Insert new menu item |
src/manage/update_menu.php |
Action | Update existing menu item |
src/manage/delete_menu.php |
Action | Delete menu item |
src/order/orders.php |
UI + data | List orders with pending/paid status |
src/order/update_status.php |
Action | Change order status (processing/delivered) |
src/order/upPayment_status.php |
Action | Update payment status |
src/accounts/register.php |
Action | Add staff account |
src/accounts/edit_acc.php |
UI form | Edit staff account |
config.phpenforces login and DB; every protected page includes it.- Each feature area lives in a folder by domain (dashboard/manage/order/accounts).
- Actions often use
$_POST, SQL string build, then redirect. - Visualization data endpoints provide JSON to JS charts.
- Add automated tests (if moving to frameworks).
- Document SQL schema (tables/columns + indexes) with ER diagram.
- Add code style guidelines (PSR-12 or custom) and security checklist.