PHPPhp,Mysql,JavascriptFull Project

Charted Account Project

PB Pb28 Master Team Complete Source Code
Charted Account Project

Noor Hasan & Associates CMS: Technical Architecture & Architecture Report

1. Project Overview & System Purpose

Noor Hasan CMS ek custom-built, lightweight aur highly optimized Content Management System (CMS) hai jise Noor Hasan & Associates (Chartered Accountants, Malerkotla, Punjab) ke liye develop kiya gaya hai. Yeh application do mukhya (core) purposes ko fulfill karti hai:

  1. Public Information Terminal: Ek fast-loading, clean aur professional interface jo clients ko firm ke services, dynamic industries aur legal compliance updates provide karta hai.

  2. Back-Office Admin Panel: Ek secure dashboard jahan se authorized administrator bina kisi technical knowledge ke pooray website ke content, navigation menu, dynamic service categories aur career openings ko manage kar sakta hai.

Yeh system native PHP aur PHP Data Objects (PDO) ka use karke banaya gaya hai, jisse yeh bina kisi third-party framework (jaise WordPress ya Laravel) ke bohot fast execute hota hai aur zero security bloatware provide karta hai.

2. Directory Structure & File Blueprint

Codebase ko maintainability aur security ke hisab se modular layers mein divide kiya gaya hai:

  • /config/ (Configuration Layer)

    • app.php: Global constants jaise Application Name, standard timezone (Asia/Kolkata), absolute paths aur base URLs ko store karta hai.

    • database.php: Production server ke live MySQL database credentials (host, database name, username, password) contain karta hai.

    • database.example.php: Database template file jo setup ke waqt developers ke liye reference ka kaam karti hai.

  • /includes/ (Core App Engine & Functions)

    • bootstrap.php: Environment initialize karta hai, session handle karta hai aur pure application ke liye static singleton PDO connection instantiate karta hai.

    • auth.php: Admin panel ke liye session-based authorization controls handles karta hai, jisme password_verify() ka use kiya gaya hai.

    • data.php: Core data abstraction layer jo database se menus, blog posts, jobs aur categories fetch karne ke functions provide karta hai.

    • functions.php: Cross-cutting global utilities jaise data output sanitization (e()), secure redirect engines aur image file upload parameters manage karta hai.

    • header.php / footer.php: Main public layout files jo responsive navigation items aur global layouts render karti hain.

  • /admin/ (Secure Management Workspace)

    • index.php: Admin dashboard jo quick system highlights aur unread message counters display karta hai.

    • settings.php: Firm ki static information (phone, address, metadata, logo) aur ICAI Compliance Notes ko edit karne ka form interface.

    • services.php / industries.php: Dynamic professional paths aur clients portfolio handle karne ke panels.

    • blog.php / careers.php: Dynamic compliance updates aur internship/job openings control karne ka dynamic setup.

    • messages.php: Public enquiry form se aaye hue messages ko read aur delete karne ka backend portal.

  • /setup/ (Database Provisioning Layer)

    • install.php: Database creation aur default master contents ko seed karne ka setup script.

    • install.sql: Complete MySQL raw schema layout tables, default constraints aur system seed configurations ke saath.

 

3. Database Schema & ER Relationship Analysis

Database ko InnoDB transactional engine par structured kiya gaya hai, jo direct relational mappings, standard reference integrities (ON DELETE CASCADE) aur international multi-byte text encoding (utf8mb4_unicode_ci) ko fully support karta hai.

Table Definitions Blueprint

Read Carefully

  1. admins: Master administrative user access controls ko manage karne ke liye unique usernames aur dynamically stretched password hashes store karta hai.

  2. settings: Flat relational Key-Value model jo global site data, contact phone numbers aur corporate metadata descriptions retain karta hai.

  3. service_categories: Grouping layers banata hai (jaise Audit, Taxation, Corporate Advisory) aur control karta hai ki kaunsi category home page par dikhegi.

  4. services: Individual dynamic services (jaise Statutory Audit, GST Filing, ITR Filing) ko store karta hai jo categorical IDs ke saath strictly constrained hain.

  5. blog_posts: SEO-friendly dynamic slugs aur content fields ke saath dynamic text posts contain karta hai.

  6. careers: Open internship openings aur roles ke explicit text descriptions aur data retain karta hai.

  7. contact_messages: Public user enquiries aur communication text data register karta hai status flags ke saath.

Core SQL Table Schema (setup/install.sql)

SQL 
CREATE TABLE IF NOT EXISTS service_categories (
    id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
    name VARCHAR(150) NOT NULL,
    slug VARCHAR(100) NOT NULL UNIQUE,
    sort_order INT NOT NULL DEFAULT 0,
    show_on_home TINYINT(1) NOT NULL DEFAULT 0,
    home_card_title VARCHAR(150) DEFAULT NULL,
    is_active TINYINT(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

CREATE TABLE IF NOT EXISTS services (
    id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
    category_id INT UNSIGNED NOT NULL,
    name VARCHAR(200) NOT NULL,
    sort_order INT NOT NULL DEFAULT 0,
    is_active TINYINT(1) NOT NULL DEFAULT 1,
    FOREIGN KEY (category_id) REFERENCES service_categories(id) ON DELETE CASCADE
) ENGINE=InnoDB;

4. Production Security Controls Audit

Codebase ka detailed code-level audit confirm karta hai ki system OWASP ke critical parameters par fully secure hai:

A. SQL Injection (SQLi) Prevention

System mein koi bhi data string direct raw queries mein concatenate nahi hoti. Pure application mein data transactional parameters PDO Parameterized Prepared Statements ke through execute hote hain, jisse input fields execution layer se isolated rehti hain:

PHP 
// Location: admin/messages.php
// Strict type-casting aur statement binding implementation example
db()->prepare('UPDATE contact_messages SET is_read = 1 WHERE id = ?')
    ->execute([(int) $_GET['read']]);

B. Cross-Site Scripting (XSS) Mitigation

Public-facing pages par data print karte waqt dynamic formatting filter e() apply kiya gaya hai, jo output variables ko entity escape strings mein badal deta hai aur arbitrary browser scripts ko completely bypass karta hai:

PHP 
// Location: includes/functions.php
function e(?string $value): string
{
    return htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
}

C. Cryptographic Identity Protection

Admin panel ke master login credentials plain text ya legacy hashes (jaise MD5/SHA1) mein store nahi hote. Yeh platform secure hashing stretching mechanisms (PASSWORD_DEFAULT) ke direct code integrations use karta hai:

PHP 
// Location: admin/password.php
$newHash = password_hash($new, PASSWORD_DEFAULT);
db()->prepare('UPDATE admins SET password_hash = ? WHERE id = ?')
    ->execute([newHash, $_SESSION['admin_id']]);

D. File Upload Hardening (uploads/.htaccess)

System mein dynamic files repository (/uploads/) par static backend restrictions apply ki gayi hain. /uploads/.htaccess rule engine direct file executions ko lock kar deta hai, jisse koi malicious web-shell scripts execute nahi ho saktin:

Apache 
# Location: /uploads/.htaccess
Options -Indexes

# System level script execution lock inside storage directories
"(?i)\.(php|phtml|php3|php4|php5|php7|phps|pht|pl|py|jsp|asp|sh|cgi)$">
    ForceType text/plain
    Order deny,allow
    Deny from all

5. Deployment Guide & Server Optimization Steps

Core Server Environment Needs

  • OS Environment: Enterprise Linux Distributions (jaise Ubuntu Server 24.04 LTS ya Rocky Linux 9).

  • Web Delivery Processing Server: Apache HTTP Server config with active mod_rewrite elements, ya Nginx engines running integrated php-fpm systems.

  • PHP Base Runtime Instance: PHP 8.2 ya higher, compiled with baseline extensions for pdo_mysql, mbstring, aur dynamic session libraries.

  • Database Cluster Solution: MySQL Server 8.0+ ya MariaDB 10.6+ setups running standard InnoDB tables.

Step-by-Step Installation Setup

  1. Move App Assets: Apne production workspace folder ya system zip file ko targets web directory server root mein extract karein (jaise /var/www/html/noor-hasan-cms).

  2. Setup Local Credentials Environment: config/database.example.php ko copy karke production-ready config/database.php create karein aur credentials bind karein:

    PHP 
    define('DB_HOST', '127.0.0.1');
define('DB_NAME', 'noor_hasan_cms');
define('DB_USER', 'firm_prod_user');
define('DB_PASS', 'S7#mX!p2_vQ9zR5B'); // Use highly secure randomized strings
define('DB_CHARSET', 'utf8mb4');