-
Notifications
You must be signed in to change notification settings - Fork 22
Home
bitsandbots edited this page May 16, 2026
·
1 revision
A self-hosted, offline-capable inventory management system built with PHP 8.x and MariaDB. Runs on a Raspberry Pi or any LAMP stack. Full offline operation — no CDN, no external APIs.
| Page | Description |
|---|---|
| Architecture | Directory map, request lifecycle, RBAC model, soft-delete pattern, database schema |
| Tech Stack | Languages, libraries, security features, CI tools, deployment target |
| Setup and Usage | Installation (auto + manual), configuration, daily workflows, troubleshooting |
| API and Components | MySqli_DB, Session, CSRF, soft-delete helpers, rate-limiting, Settings, CRUD conventions |
| Gap Analysis | What works, what's missing, known issues, tenancy roadmap |
- Inventory: Products with SKU, location, quantity, pricing, categories, images; AJAX search
- Sales & Orders: Multi-line-item orders per customer; add by SKU or search; auto quantity decrement; invoices and picklists
- Reporting: Date-range, daily, and monthly sales reports; stock-level reports; profit margin analysis
- Security: bcrypt passwords (SHA1 auto-upgrade), CSRF on all forms + GET deletes, CSP headers, login rate limiting, session hardening, parameterized queries, XSS prevention
- Soft-Delete & Trash: Reversible delete on users/customers/sales/orders/stock; Admin trash UI with restore and permanent purge
- Settings: DB-backed key/value settings; admin-only settings page; configurable currency code
- Multi-user RBAC: Admin (1) / Supervisor (2) / User (3) roles; disabled user/group enforcement
-
Offline-first: All CSS/JS bundled — works on air-gapped networks
6 suites · 62 tests — run with
bash tests/run.sh| Suite | Tests | |-------|-------| | AuthTest | 9 — login, SHA1→bcrypt migration, session fixation | | CSRFTest | 16 — token lifecycle, POST + GET verification | | CRUDTest | 11 — product CRUD, SQL-injection resistance | | SecurityHeadersTest | 7 — CSP, X-Frame-Options, nosniff, Referrer-Policy | | SettingsTest | 6 — Settings::get/set, currency round-trip | | SoftDeleteTest | 13 — soft-delete/restore/purge lifecycle |
git clone https://github.com/bitsandbots/inventory.git
cd inventory
bash install.shMIT License · Enhanced by CoreConduit Consulting Services