Refactoring

CLAUDE.md

@@ -15,11 +15,23 @@ Crop Management Platform (CMS -> PHP migration)
 - Login management: `login/*.php`
 - Static assets: `client-assets/`, `books/`, `uploads/`, etc.
 
-## Database and Security Notes
+## Database Schema Available
 
-- Database connection uses `mysqli_connect` with hard-coded credentials in multiple files (e.g., `soil-analysis-pdf.php`).
-- Input parameters used from `$_GET` not sanitized/validated before SQL, exposing SQL injection risk.
-- Existing user auth and sessions likely in `login` and `dashboard` modules; verify consistent session controls.
+- **Schema File**: `cropmonitor.sql` added to root folder
+- **Key Tables Identified**:
+  - `soil_records`: Main soil analysis data with all nutrient values, base saturations, and specifications
+  - `client_records`: Client information with weather station API keys
+  - `soil_specifications`: Soil type specifications for different crops
+  - `animal_records`: Animal feed analysis data
+  - `plant_records`: Plant tissue analysis data
+  - `fertiliser_specifications`: Fertilizer composition data
+
+## Database Validation
+
+- **Soil Records Fields**: All fields used in `lib/soil_calculations.php` confirmed present (BS_ca_ppm, ca_ppm_min/max, etc.)
+- **Data Types**: Most nutrient values stored as VARCHAR(10), need to handle numeric conversion in PHP
+- **Primary Keys**: All tables have proper primary key indexes
+- **Relationships**: `modx_user_id` field links records to users (legacy modX integration)
 
 ## modX remnants to refactor
 
@@ -56,6 +68,34 @@ Crop Management Platform (CMS -> PHP migration)
 - `login/login.php`, `login/register.php`, `login/change-password.php`
 - `api/api.php` and REST API endpoints
 
+## Recent Progress (2026-03-27)
+
+### ✅ Completed Components
+- **Layout System**: Created reusable `layouts/header.php`, `layouts/footer.php`, `layouts/navbar.php`, `layouts/sidebar.php`
+- **Client Details Form**: Converted `[[!clientDetailsFORM]]` → `components/clientDetailsForm.php` (PDO + validation)
+- **New Client Modal**: Converted `[[!newClientDetails]]` → `components/newClientModal.php` + `controllers/newClientSubmit.php` (AJAX + validation)
+- **Soil Analysis Form**: Created `components/soilAnalysisForm.php` with comprehensive field validation
+- **Secure Controller**: Converted `[[!soilformSubmit]]` → `controllers/soilTestSubmit.php` (PDO + CSRF + auth)
+- **Database Config**: `config/database.php` with PDO connection
+- **Security Libraries**: `lib/auth.php`, `lib/csrf.php`, `lib/validation.php`
+- **Navigation System**: Converted `[[!Personalize?]]` and `[[Wayfinder?]]` → `components/navigation.php` (authentication-based navigation)- **Soil Calculations**: Created `lib/soil_calculations.php` with `soilAnalysisReportCalcs()` and `soilProgramCalcs()` functions
+- **Page Migration**: `soil-test-data.php` now uses include-based layout system
+- **Soil Analysis Migration**: `soil-analysis.php` migrated from modX to secure PHP with PDO, Bootstrap 5, and calculation functions
+### 🔧 Security Improvements Made
+- Replaced mysqli with PDO prepared statements
+- Added CSRF token protection
+- Input validation and sanitization
+- Session-based authentication checks
+- Proper error handling and logging
+- Removed SQL injection vulnerabilities
+
+### 📋 Remaining Tasks
+1. Migrate `soil-analysis.php` (data display page) - **COMPLETED**
+2. Update `soil-analysis-pdf.php` to use secure queries
+3. Convert remaining modX placeholders across all files
+4. Add proper user authentication system
+5. Test form submission and data flow
+
 ## Questions for you
 
 - Do you prefer retaining the current page structure (`dashboard/crop-analysis/*`) or migrating to a MVC-style folder layout?

components/clientDetailsForm.php

@@ -0,0 +1,121 @@
+<?php
+/**
+ * components/clientDetailsForm.php
+ *
+ * Client selection dropdown with auto-fill functionality.
+ * Replaces modX [[!clientDetailsFORM]] snippet.
+ */
+
+// TODO: Replace with proper session-based user authentication
+$userId = $_SESSION['user_id'] ?? 1; // Temporary fallback
+
+try {
+    // Database connection - TODO: Move to centralized config
+    $pdo = new PDO(
+        'mysql:host=localhost;dbname=cropmonitor;charset=utf8',
+        'cropmonitor',
+        'brvnCcaEYxlPCS3',
+        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+    );
+
+    // Prepare and execute query with parameterized statement
+    $stmt = $pdo->prepare("SELECT id, client, company, email, address FROM client_records WHERE modx_user_id = ? ORDER BY client ASC");
+    $stmt->execute([$userId]);
+    $clients = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+} catch (PDOException $e) {
+    // TODO: Proper error logging and user-friendly error display
+    error_log("Database error in clientDetailsForm: " . $e->getMessage());
+    $clients = [];
+}
+?>
+
+<div class="form-group">
+    <label for="selectUsers" class="form-label">Select Client</label>
+    <select id="selectUsers" name="client_id" class="form-control form-control-sm">
+        <option value="">Select current client or add new client below...</option>
+        <?php foreach ($clients as $client): ?>
+            <option value="<?= htmlspecialchars($client['id'], ENT_QUOTES, 'UTF-8') ?>"
+                    data-client="<?= htmlspecialchars($client['client'], ENT_QUOTES, 'UTF-8') ?>"
+                    data-company="<?= htmlspecialchars($client['company'], ENT_QUOTES, 'UTF-8') ?>"
+                    data-email="<?= htmlspecialchars($client['email'], ENT_QUOTES, 'UTF-8') ?>"
+                    data-address="<?= htmlspecialchars($client['address'], ENT_QUOTES, 'UTF-8') ?>">
+                <?= htmlspecialchars($client['id'] . " - " . $client['client'] . " - " . $client['company'], ENT_QUOTES, 'UTF-8') ?>
+            </option>
+        <?php endforeach; ?>
+        <option value="new" class="text-primary font-weight-bold">➕ Add New Client...</option>
+    </select>
+    <div class="form-text">Choose an existing client to auto-fill the form below.</div>
+</div>
+
+<script type="text/javascript">
+document.getElementById('selectUsers').addEventListener('change', function() {
+    const selectedOption = this.options[this.selectedIndex];
+    if (!selectedOption.value) {
+        // Clear fields if "Select..." is chosen
+        clearClientFields();
+        return;
+    }
+
+    if (selectedOption.value === 'new') {
+        // This will be handled by the modal's change event listener
+        return;
+    }
+
+    const client = selectedOption.getAttribute('data-client') || '';
+    const company = selectedOption.getAttribute('data-company') || '';
+    const email = selectedOption.getAttribute('data-email') || '';
+    const fullAddress = selectedOption.getAttribute('data-address') || '';
+
+    // Parse address components (assuming format: "street, town, state, postcode")
+    const addressParts = fullAddress.split(', ');
+    const siteAddress = addressParts[0] || '';
+    const town = addressParts.slice(1, -2).join(', ') || '';
+    const state = addressParts[addressParts.length - 2] || '';
+    const postcode = addressParts[addressParts.length - 1] || '';
+
+    // Fill form fields
+    const nameField = document.getElementById('name');
+    const companyField = document.getElementById('company');
+    const emailField = document.getElementById('email');
+    const siteAddressField = document.getElementById('site_address');
+    const postalAddressField = document.getElementById('postal_address');
+
+    if (nameField) nameField.value = client;
+    if (companyField) companyField.value = company;
+    if (emailField) emailField.value = email;
+    if (siteAddressField) siteAddressField.value = siteAddress;
+    if (postalAddressField) postalAddressField.value = town + (town && (state || postcode) ? ', ' : '') + state + (state && postcode ? ', ' : '') + postcode;
+});
+
+// Function to add new client to dropdown
+function addClientToDropdown(clientData) {
+    const select = document.getElementById('selectUsers');
+    const option = document.createElement('option');
+    option.value = clientData.id;
+    option.setAttribute('data-client', clientData.name);
+    option.setAttribute('data-company', clientData.company);
+    option.setAttribute('data-email', clientData.email);
+    option.setAttribute('data-address', clientData.address);
+    option.textContent = clientData.id + ' - ' + clientData.name + ' - ' + clientData.company;
+
+    // Insert before the "Add New Client" option
+    const addNewOption = select.querySelector('option[value="new"]');
+    select.insertBefore(option, addNewOption);
+
+    // Select the new client
+    select.value = clientData.id;
+    select.dispatchEvent(new Event('change'));
+}
+
+// Make function globally available for the modal
+window.addClientToDropdown = addClientToDropdown;
+
+function clearClientFields() {
+    const fields = ['name', 'company', 'email', 'site_address', 'postal_address'];
+    fields.forEach(fieldId => {
+        const field = document.getElementById(fieldId);
+        if (field) field.value = '';
+    });
+}
+</script>

components/navigation.php

@@ -0,0 +1,146 @@
+<?php
+/**
+ * components/navigation.php
+ *
+ * Navigation component that replaces modX Personalize and Wayfinder snippets.
+ * Handles authentication-based navigation display.
+ *
+ * Usage: include __DIR__.'/components/navigation.php';
+ */
+
+require_once __DIR__.'/../lib/auth.php';
+
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Determine navigation based on authentication status
+$isLoggedIn = isLoggedIn();
+
+// Navigation configuration
+$siteName = 'Crop Management Platform';
+
+if ($isLoggedIn) {
+    // Logged-in user navigation
+    $navItems = [
+        [ 'href' => '/dashboard/dashboard.php', 'label' => 'Dashboard' ],
+        [ 'href' => '/dashboard/crop-analysis/soil-analysis.php', 'label' => 'Soil Analysis' ],
+        [ 'href' => '/dashboard/crop-analysis/soil-report.php', 'label' => 'Reports' ],
+        [ 'href' => '/login/change-password.php', 'label' => 'Account' ],
+        [ 'href' => '/login/logout.php', 'label' => 'Logout' ],
+    ];
+
+    $sidebarItems = [
+        [ 'href' => '/dashboard/dashboard.php', 'label' => 'Home', 'icon' => 'fas fa-home' ],
+        [
+            'label' => 'Soil Analysis',
+            'icon' => 'fas fa-seedling',
+            'children' => [
+                [ 'href' => '/dashboard/crop-analysis/soil-test-data.php', 'label' => 'New Test' ],
+                [ 'href' => '/dashboard/crop-analysis/soil-analysis.php', 'label' => 'View Results' ],
+                [ 'href' => '/dashboard/crop-analysis/soil-report.php', 'label' => 'Reports' ],
+            ]
+        ],
+        [ 'href' => '/dashboard/inbox.php', 'label' => 'Inbox', 'icon' => 'fas fa-inbox' ],
+        [ 'href' => '/dashboard/planning-calendar.php', 'label' => 'Calendar', 'icon' => 'fas fa-calendar' ],
+        [ 'href' => '/login/change-password.php', 'label' => 'Account', 'icon' => 'fas fa-user-cog' ],
+    ];
+} else {
+    // Guest navigation
+    $navItems = [
+        [ 'href' => '/', 'label' => 'Home' ],
+        [ 'href' => '/login/login.php', 'label' => 'Login' ],
+        [ 'href' => '/login/register.php', 'label' => 'Register' ],
+    ];
+
+    $sidebarItems = []; // No sidebar for guests
+}
+
+// Determine active item based on current URL
+$currentPath = parse_url($_SERVER['REQUEST_URI'] ?? '', PHP_URL_PATH) ?? '';
+$activeItem = '';
+
+foreach ($navItems as $item) {
+    if ($item['href'] === $currentPath) {
+        $activeItem = $item['label'];
+        break;
+    }
+}
+
+// Function to render navbar
+function renderNavbar() {
+    global $siteName, $navItems, $activeItem;
+    ?>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
+        <div class="container-fluid">
+            <a class="navbar-brand" href="/"><?= htmlspecialchars($siteName, ENT_QUOTES, 'UTF-8') ?></a>
+            <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#topNavbar" aria-controls="topNavbar" aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="topNavbar">
+                <ul class="navbar-nav ms-auto mb-2 mb-lg-0">
+                    <?php foreach ($navItems as $item): ?>
+                        <li class="nav-item">
+                            <a class="nav-link<?= ($activeItem === $item['label'] ? ' active' : '') ?>" href="<?= htmlspecialchars($item['href'], ENT_QUOTES, 'UTF-8') ?>">
+                                <?= htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8') ?>
+                            </a>
+                        </li>
+                    <?php endforeach; ?>
+                </ul>
+            </div>
+        </div>
+    </nav>
+    <?php
+}
+
+// Function to render sidebar
+function renderSidebar() {
+    global $sidebarItems, $activeItem;
+
+    if (empty($sidebarItems)) {
+        return; // No sidebar for guests
+    }
+    ?>
+    <div class="sb-sidenav-menu">
+        <div class="nav">
+            <?php foreach ($sidebarItems as $item): ?>
+                <?php if (isset($item['children'])): ?>
+                    <!-- Parent item with children -->
+                    <a class="nav-link collapsed" href="#" data-bs-toggle="collapse" data-bs-target="#nav-<?= md5($item['label']) ?>" aria-expanded="false" aria-controls="nav-<?= md5($item['label']) ?>">
+                        <div class="sb-nav-link-icon"><i class="<?= htmlspecialchars($item['icon'], ENT_QUOTES, 'UTF-8') ?>"></i></div>
+                        <?= htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8') ?>
+                        <div class="sb-sidenav-collapse-arrow"><i class="fas fa-angle-down"></i></div>
+                    </a>
+                    <div class="collapse" id="nav-<?= md5($item['label']) ?>" aria-labelledby="heading-<?= md5($item['label']) ?>">
+                        <nav class="sb-sidenav-menu-nested nav">
+                            <?php foreach ($item['children'] as $child): ?>
+                                <a class="nav-link<?= ($activeItem === $child['label'] ? ' active' : '') ?>" href="<?= htmlspecialchars($child['href'], ENT_QUOTES, 'UTF-8') ?>">
+                                    <?= htmlspecialchars($child['label'], ENT_QUOTES, 'UTF-8') ?>
+                                </a>
+                            <?php endforeach; ?>
+                        </nav>
+                    </div>
+                <?php else: ?>
+                    <!-- Regular item -->
+                    <a class="nav-link<?= ($activeItem === $item['label'] ? ' active' : '') ?>" href="<?= htmlspecialchars($item['href'], ENT_QUOTES, 'UTF-8') ?>">
+                        <div class="sb-nav-link-icon"><i class="<?= htmlspecialchars($item['icon'], ENT_QUOTES, 'UTF-8') ?>"></i></div>
+                        <?= htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8') ?>
+                    </a>
+                <?php endif; ?>
+            <?php endforeach; ?>
+        </div>
+    </div>
+    <?php
+}
+
+// Auto-render based on context
+// This allows the component to be included and automatically render the appropriate navigation
+if (!isset($skipAutoRender) || !$skipAutoRender) {
+    if ($isLoggedIn) {
+        renderNavbar();
+    } else {
+        renderNavbar(); // Could render different navbar for guests if needed
+    }
+}
+?>

components/newClientModal.php

@@ -0,0 +1,203 @@
+<?php
+/**
+ * components/newClientModal.php
+ *
+ * Modal dialog for adding new clients.
+ * Replaces modX [[!newClientDetails]] snippet.
+ */
+
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Include CSRF library
+require_once __DIR__ . '/../lib/csrf.php';
+?>
+
+<script type="text/javascript">
+    $(function(){
+        $('#email').click(function(){
+            $('#newClient').modal('show');
+            return false;
+        });
+
+        // Also allow clicking on the "add new client" option in the dropdown
+        $('#selectUsers').on('change', function() {
+            if ($(this).val() === 'new') {
+                $('#newClient').modal('show');
+                $(this).val(''); // Reset dropdown
+                return false;
+            }
+        });
+    });
+</script>
+
+<!-- Modal -->
+<div class="modal fade" id="newClient" tabindex="-1" role="dialog" aria-labelledby="newClientLabel" aria-hidden="true">
+    <div class="modal-dialog modal-lg">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title" id="newClientLabel">Add New Client</h5>
+                <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <form method="post" action="/controllers/newClientSubmit.php" id="newClientDetails" novalidate>
+                    <input type="hidden" name="csrf_token" value="<?php echo generateCsrfToken(); ?>">
+                    <input type="hidden" name="mod_user" id="mod_user" value="<?php echo htmlspecialchars($_SESSION['user_id'] ?? '', ENT_QUOTES, 'UTF-8'); ?>" required>
+                    <input type="hidden" name="modx_user_attributes" id="modx_user_attributes" value="<?php echo htmlspecialchars($_SESSION['user_id'] ?? '', ENT_QUOTES, 'UTF-8'); ?>" required>
+
+                    <div class="row">
+                        <div class="col-md-6">
+                            <div class="mb-3">
+                                <label for="Nname" class="form-label">Client Name <span class="text-danger">*</span></label>
+                                <input type="text" class="form-control" name="Nname" placeholder="Client Name" id="Nname" required maxlength="100">
+                                <div class="invalid-feedback">Please provide a client name.</div>
+                            </div>
+                        </div>
+                        <div class="col-md-6">
+                            <div class="mb-3">
+                                <label for="Ncompany" class="form-label">Company Name</label>
+                                <input type="text" class="form-control" name="Ncompany" placeholder="Company Name" id="Ncompany" maxlength="100">
+                            </div>
+                        </div>
+                    </div>
+
+                    <div class="row">
+                        <div class="col-md-6">
+                            <div class="mb-3">
+                                <label for="Nemail" class="form-label">Email Address <span class="text-danger">*</span></label>
+                                <input type="email" class="form-control" name="Nemail" placeholder="Email Address" id="Nemail" required maxlength="255">
+                                <div class="invalid-feedback">Please provide a valid email address.</div>
+                            </div>
+                        </div>
+                        <div class="col-md-6">
+                            <div class="mb-3">
+                                <label for="Nmobile" class="form-label">Mobile Number</label>
+                                <input type="tel" class="form-control" name="Nmobile" placeholder="Mobile Number" id="Nmobile" maxlength="20">
+                            </div>
+                        </div>
+                    </div>
+
+                    <hr>
+
+                    <div class="mb-3">
+                        <label for="Naddress" class="form-label">Address <span class="text-danger">*</span></label>
+                        <input type="text" class="form-control" name="Naddress" placeholder="Street Address" id="Naddress" required maxlength="255">
+                        <div class="invalid-feedback">Please provide an address.</div>
+                    </div>
+
+                    <div class="mb-3">
+                        <label for="Nstate" class="form-label">Town / State / Postcode <span class="text-danger">*</span></label>
+                        <input type="text" class="form-control" name="Nstate" placeholder="Town, State, Postcode" id="Nstate" required maxlength="255">
+                        <div class="invalid-feedback">Please provide town, state, and postcode.</div>
+                        <div class="form-text">Format: Town, State, Postcode (e.g., Sydney, NSW, 2000)</div>
+                    </div>
+                </form>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+                <button form="newClientDetails" type="submit" name="NCsubmit" value="NCsubmit" class="btn btn-primary">
+                    <i class="fas fa-save"></i> Save Client
+                </button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+// Bootstrap 5 form validation
+(function () {
+    'use strict'
+    var forms = document.querySelectorAll('#newClientDetails')
+    Array.prototype.slice.call(forms)
+        .forEach(function (form) {
+            form.addEventListener('submit', function (event) {
+                if (!form.checkValidity()) {
+                    event.preventDefault()
+                    event.stopPropagation()
+                } else {
+                    // Prevent default form submission and handle via AJAX
+                    event.preventDefault();
+                    submitNewClientForm(form);
+                }
+                form.classList.add('was-validated')
+            }, false)
+        })
+})()
+
+// AJAX form submission
+function submitNewClientForm(form) {
+    const formData = new FormData(form);
+    const submitBtn = form.querySelector('button[type="submit"]');
+    const originalText = submitBtn.innerHTML;
+
+    // Disable button and show loading state
+    submitBtn.disabled = true;
+    submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> Saving...';
+
+    fetch(form.action, {
+        method: 'POST',
+        body: formData
+    })
+    .then(response => response.json())
+    .then(data => {
+        if (data.success) {
+            // Success - add client to dropdown and close modal
+            if (window.addClientToDropdown) {
+                window.addClientToDropdown(data.client);
+            }
+
+            // Close modal
+            const modal = bootstrap.Modal.getInstance(document.getElementById('newClient'));
+            modal.hide();
+
+            // Show success message
+            showAlert('Client added successfully!', 'success');
+        } else {
+            // Error - show message
+            showAlert(data.message || 'Error adding client', 'danger');
+        }
+    })
+    .catch(error => {
+        console.error('Error:', error);
+        showAlert('Network error occurred. Please try again.', 'danger');
+    })
+    .finally(() => {
+        // Re-enable button
+        submitBtn.disabled = false;
+        submitBtn.innerHTML = originalText;
+    });
+}
+
+// Utility function to show alerts
+function showAlert(message, type) {
+    // Remove existing alerts
+    const existingAlerts = document.querySelectorAll('.alert');
+    existingAlerts.forEach(alert => alert.remove());
+
+    // Create new alert
+    const alertDiv = document.createElement('div');
+    alertDiv.className = `alert alert-${type} alert-dismissible fade show position-fixed`;
+    alertDiv.style.cssText = 'top: 20px; right: 20px; z-index: 9999; min-width: 300px;';
+    alertDiv.innerHTML = `
+        ${message}
+        <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
+    `;
+
+    document.body.appendChild(alertDiv);
+
+    // Auto-remove after 5 seconds
+    setTimeout(() => {
+        if (alertDiv.parentNode) {
+            alertDiv.remove();
+        }
+    }, 5000);
+}
+
+// Clear form when modal is hidden
+document.getElementById('newClient').addEventListener('hidden.bs.modal', function () {
+    document.getElementById('newClientDetails').reset();
+    document.getElementById('newClientDetails').classList.remove('was-validated');
+});
+</script>

components/soilAnalysisForm.php

@@ -0,0 +1,117 @@
+<?php
+/**
+ * components/soilAnalysisForm.php
+ *
+ * Soil analysis data entry form component.
+ * Replaces modX [[$soilAnalysisForm]] chunk.
+ */
+
+// Form field definitions with validation rules
+$formSections = [
+    'Client Information' => [
+        'name' => ['type' => 'text', 'label' => 'Client Name', 'required' => true, 'placeholder' => 'Enter client name'],
+        'company' => ['type' => 'text', 'label' => 'Company Name', 'required' => false, 'placeholder' => 'Enter company name'],
+        'email' => ['type' => 'email', 'label' => 'Email Address', 'required' => true, 'placeholder' => 'client@example.com'],
+        'site_address' => ['type' => 'text', 'label' => 'Site Address', 'required' => true, 'placeholder' => 'Enter site address'],
+        'state_postcode' => ['type' => 'text', 'label' => 'State & Postcode', 'required' => true, 'placeholder' => 'State, Postcode'],
+    ],
+    'Sample Information' => [
+        'lab_no' => ['type' => 'text', 'label' => 'Lab Number', 'required' => true, 'placeholder' => 'Lab reference number'],
+        'batch_no' => ['type' => 'text', 'label' => 'Batch Number', 'required' => false, 'placeholder' => 'Batch reference'],
+        'sample_id' => ['type' => 'text', 'label' => 'Sample ID', 'required' => true, 'placeholder' => 'Sample identifier'],
+        'site_id' => ['type' => 'text', 'label' => 'Site ID', 'required' => true, 'placeholder' => 'Site identifier'],
+        'crop_type' => ['type' => 'text', 'label' => 'Crop Type', 'required' => true, 'placeholder' => 'Type of crop'],
+        'soil_type' => ['type' => 'select', 'label' => 'Soil Type', 'required' => true, 'options' => ['Sandy', 'Loamy', 'Clay', 'Silt', 'Peat', 'Chalk']],
+        'date_sampled' => ['type' => 'date', 'label' => 'Date Sampled', 'required' => true],
+    ],
+    'Physical Properties' => [
+        'texture' => ['type' => 'text', 'label' => 'Texture', 'required' => false, 'placeholder' => 'Soil texture description'],
+        'gravel' => ['type' => 'number', 'label' => 'Gravel (%)', 'required' => false, 'step' => '0.1', 'min' => '0', 'max' => '100'],
+        'colour' => ['type' => 'text', 'label' => 'Colour', 'required' => false, 'placeholder' => 'Soil colour'],
+        'ocarbon' => ['type' => 'number', 'label' => 'Organic Carbon (%)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'omatter' => ['type' => 'number', 'label' => 'Organic Matter (%)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+    ],
+    'Chemical Properties' => [
+        'ph_cacl2' => ['type' => 'number', 'label' => 'pH (CaCl₂)', 'required' => false, 'step' => '0.1', 'min' => '0', 'max' => '14'],
+        'ph_h2o' => ['type' => 'number', 'label' => 'pH (H₂O)', 'required' => false, 'step' => '0.1', 'min' => '0', 'max' => '14'],
+        'paramag' => ['type' => 'number', 'label' => 'Paramagnetic', 'required' => false, 'step' => '0.01'],
+        'ec' => ['type' => 'number', 'label' => 'EC (dS/m)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+    ],
+    'Nutrient Analysis' => [
+        'NO3_N' => ['type' => 'number', 'label' => 'NO₃-N (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'NH3_N' => ['type' => 'number', 'label' => 'NH₃-N (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'p_mehlick' => ['type' => 'number', 'label' => 'P Mehlich (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'p_bray2' => ['type' => 'number', 'label' => 'P Bray-2 (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'p_morgan' => ['type' => 'number', 'label' => 'P Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'k_morgan' => ['type' => 'number', 'label' => 'K Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'ca_morgan' => ['type' => 'number', 'label' => 'Ca Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'mg_morgan' => ['type' => 'number', 'label' => 'Mg Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        'na_morgan' => ['type' => 'number', 'label' => 'Na Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+        's_morgan' => ['type' => 'number', 'label' => 'S Morgan (mg/kg)', 'required' => false, 'step' => '0.1', 'min' => '0'],
+    ],
+    'Micronutrients' => [
+        'b_cacl2' => ['type' => 'number', 'label' => 'B (CaCl₂) (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'mn_dtpa' => ['type' => 'number', 'label' => 'Mn (DTPA) (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'zn_dtpa' => ['type' => 'number', 'label' => 'Zn (DTPA) (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'fe_dtpa' => ['type' => 'number', 'label' => 'Fe (DTPA) (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'cu_dtpa' => ['type' => 'number', 'label' => 'Cu (DTPA) (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'al' => ['type' => 'number', 'label' => 'Al (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+        'se' => ['type' => 'number', 'label' => 'Se (mg/kg)', 'required' => false, 'step' => '0.01', 'min' => '0'],
+    ],
+    'Base Saturation' => [
+        'tec' => ['type' => 'number', 'label' => 'TEC', 'required' => false, 'step' => '0.01'],
+        'cec' => ['type' => 'number', 'label' => 'CEC', 'required' => false, 'step' => '0.01'],
+        'ca_mehlick3' => ['type' => 'number', 'label' => 'Ca Mehlich-3', 'required' => false, 'step' => '0.01'],
+        'mg_mehlick3' => ['type' => 'number', 'label' => 'Mg Mehlich-3', 'required' => false, 'step' => '0.01'],
+        'k_mehlick3' => ['type' => 'number', 'label' => 'K Mehlich-3', 'required' => false, 'step' => '0.01'],
+        'na_mehlick3' => ['type' => 'number', 'label' => 'Na Mehlich-3', 'required' => false, 'step' => '0.01'],
+        'al_mehlick3' => ['type' => 'number', 'label' => 'Al Mehlich-3', 'required' => false, 'step' => '0.01'],
+    ],
+];
+?>
+
+<?php foreach ($formSections as $sectionName => $fields): ?>
+    <div class="card mb-4">
+        <div class="card-header">
+            <h5 class="mb-0"><?= htmlspecialchars($sectionName, ENT_QUOTES, 'UTF-8') ?></h5>
+        </div>
+        <div class="card-body">
+            <div class="row">
+                <?php foreach ($fields as $fieldName => $fieldConfig): ?>
+                    <div class="col-md-6 mb-3">
+                        <label for="<?= htmlspecialchars($fieldName, ENT_QUOTES, 'UTF-8') ?>" class="form-label">
+                            <?= htmlspecialchars($fieldConfig['label'], ENT_QUOTES, 'UTF-8') ?>
+                            <?php if ($fieldConfig['required']): ?><span class="text-danger">*</span><?php endif; ?>
+                        </label>
+
+                        <?php if ($fieldConfig['type'] === 'select'): ?>
+                            <select class="form-control" id="<?= htmlspecialchars($fieldName, ENT_QUOTES, 'UTF-8') ?>"
+                                    name="<?= htmlspecialchars($fieldName, ENT_QUOTES, 'UTF-8') ?>"
+                                    <?= $fieldConfig['required'] ? 'required' : '' ?>>
+                                <option value="">Select...</option>
+                                <?php foreach ($fieldConfig['options'] as $option): ?>
+                                    <option value="<?= htmlspecialchars($option, ENT_QUOTES, 'UTF-8') ?>">
+                                        <?= htmlspecialchars($option, ENT_QUOTES, 'UTF-8') ?>
+                                    </option>
+                                <?php endforeach; ?>
+                            </select>
+                        <?php else: ?>
+                            <input type="<?= htmlspecialchars($fieldConfig['type'], ENT_QUOTES, 'UTF-8') ?>"
+                                   class="form-control"
+                                   id="<?= htmlspecialchars($fieldName, ENT_QUOTES, 'UTF-8') ?>"
+                                   name="<?= htmlspecialchars($fieldName, ENT_QUOTES, 'UTF-8') ?>"
+                                   placeholder="<?= htmlspecialchars($fieldConfig['placeholder'] ?? '', ENT_QUOTES, 'UTF-8') ?>"
+                                   <?= $fieldConfig['required'] ? 'required' : '' ?>
+                                   <?php if (isset($fieldConfig['step'])): ?>step="<?= htmlspecialchars($fieldConfig['step'], ENT_QUOTES, 'UTF-8') ?>"<?php endif; ?>
+                                   <?php if (isset($fieldConfig['min'])): ?>min="<?= htmlspecialchars($fieldConfig['min'], ENT_QUOTES, 'UTF-8') ?>"<?php endif; ?>
+                                   <?php if (isset($fieldConfig['max'])): ?>max="<?= htmlspecialchars($fieldConfig['max'], ENT_QUOTES, 'UTF-8') ?>"<?php endif; ?>>
+                        <?php endif; ?>
+                    </div>
+                <?php endforeach; ?>
+            </div>
+        </div>
+    </div>
+<?php endforeach; ?>
+
+<!-- Hidden fields for form processing -->
+<input type="hidden" name="m_user" value="<?= htmlspecialchars($_SESSION['user_id'] ?? '1', ENT_QUOTES, 'UTF-8') ?>">

config/database.php

@@ -0,0 +1,31 @@
+<?php
+/**
+ * config/database.php
+ *
+ * Database configuration and PDO instance.
+ */
+
+// Database configuration
+define('DB_HOST', 'localhost');
+define('DB_NAME', 'cropmonitor');
+define('DB_USER', 'cropmonitor');
+define('DB_PASS', 'brvnCcaEYxlPCS3');
+define('DB_CHARSET', 'utf8');
+
+// Create PDO instance
+try {
+    $pdo = new PDO(
+        "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET,
+        DB_USER,
+        DB_PASS,
+        [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+            PDO::ATTR_EMULATE_PREPARES => false,
+        ]
+    );
+} catch (PDOException $e) {
+    error_log("Database connection failed: " . $e->getMessage());
+    die("Database connection failed. Please try again later.");
+}
+?>

controllers/newClientSubmit.php

@@ -0,0 +1,165 @@
+<?php
+/**
+ * controllers/newClientSubmit.php
+ *
+ * Handle new client creation from modal form.
+ */
+
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Include dependencies
+require_once __DIR__ . '/../config/database.php';
+require_once __DIR__ . '/../lib/auth.php';
+require_once __DIR__ . '/../lib/validation.php';
+require_once __DIR__ . '/../lib/csrf.php';
+
+// Check authentication
+if (!isLoggedIn()) {
+    http_response_code(403);
+    die(json_encode(['success' => false, 'message' => 'Authentication required']));
+}
+
+// Check CSRF token
+if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
+    http_response_code(403);
+    die(json_encode(['success' => false, 'message' => 'CSRF token validation failed']));
+}
+
+// Only process POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['NCsubmit'])) {
+    http_response_code(405);
+    die(json_encode(['success' => false, 'message' => 'Method not allowed']));
+}
+
+header('Content-Type: application/json');
+
+try {
+    // Validate and sanitize input data
+    $input = validateNewClientData($_POST);
+
+    // Check if client with this email already exists for this user
+    if (clientEmailExists($input['email'], $_SESSION['user_id'])) {
+        throw new ValidationException('A client with this email address already exists');
+    }
+
+    // Insert new client
+    $clientId = insertNewClient($input);
+
+    // Return success response with client data for dropdown update
+    echo json_encode([
+        'success' => true,
+        'message' => 'Client added successfully',
+        'client' => [
+            'id' => $clientId,
+            'name' => $input['name'],
+            'company' => $input['company'],
+            'email' => $input['email'],
+            'address' => $input['address'] . ', ' . $input['state']
+        ]
+    ]);
+
+} catch (ValidationException $e) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
+} catch (PDOException $e) {
+    error_log("Database error in new client creation: " . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'Database error occurred. Please try again later.']);
+} catch (Exception $e) {
+    error_log("Unexpected error in new client creation: " . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'An unexpected error occurred. Please try again later.']);
+}
+
+/**
+ * Validate and sanitize new client form data
+ */
+function validateNewClientData(array $post): array
+{
+    $validated = [];
+
+    // Required fields
+    $validated['name'] = sanitizeString($post['Nname'] ?? '', 100);
+    if (empty($validated['name'])) {
+        throw new ValidationException('Client name is required');
+    }
+
+    $validated['email'] = filter_var($post['Nemail'] ?? '', FILTER_VALIDATE_EMAIL);
+    if (!$validated['email']) {
+        throw new ValidationException('Valid email address is required');
+    }
+
+    $validated['address'] = sanitizeString($post['Naddress'] ?? '', 255);
+    if (empty($validated['address'])) {
+        throw new ValidationException('Address is required');
+    }
+
+    $validated['state'] = sanitizeString($post['Nstate'] ?? '', 255);
+    if (empty($validated['state'])) {
+        throw new ValidationException('Town/State/Postcode is required');
+    }
+
+    // Optional fields
+    $validated['company'] = sanitizeString($post['Ncompany'] ?? '', 100);
+    $validated['mobile'] = sanitizeString($post['Nmobile'] ?? '', 20);
+
+    return $validated;
+}
+
+/**
+ * Check if client email already exists for this user
+ */
+function clientEmailExists(string $email, int $userId): bool
+{
+    global $pdo;
+
+    $stmt = $pdo->prepare("SELECT id FROM client_records WHERE email = ? AND modx_user_id = ?");
+    $stmt->execute([$email, $userId]);
+
+    return $stmt->fetch() !== false;
+}
+
+/**
+ * Insert new client into database
+ */
+function insertNewClient(array $data): int
+{
+    global $pdo;
+
+    $sql = "INSERT INTO client_records (
+        modx_user_id,
+        modx_user_attributes,
+        client,
+        company,
+        email,
+        address,
+        mobile,
+        created_at
+    ) VALUES (
+        :modx_user_id,
+        :modx_user_attributes,
+        :client,
+        :company,
+        :email,
+        :address,
+        :mobile,
+        NOW()
+    )";
+
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([
+        'modx_user_id' => $_SESSION['user_id'],
+        'modx_user_attributes' => $_SESSION['user_id'],
+        'client' => $data['name'],
+        'company' => $data['company'],
+        'email' => $data['email'],
+        'address' => $data['address'] . ', ' . $data['state'],
+        'mobile' => $data['mobile']
+    ]);
+
+    return $pdo->lastInsertId();
+}
+?>

controllers/soilTestSubmit.php

@@ -0,0 +1,414 @@
+<?php
+/**
+ * controllers/soilTestSubmit.php
+ *
+ * Secure soil test form submission handler.
+ * Replaces modX [[!soilformSubmit]] snippet.
+ */
+
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Include configuration and dependencies
+require_once __DIR__ . '/../config/database.php';
+require_once __DIR__ . '/../lib/auth.php';
+require_once __DIR__ . '/../lib/validation.php';
+require_once __DIR__ . '/../lib/csrf.php';
+
+// Check authentication
+if (!isLoggedIn()) {
+    http_response_code(403);
+    die('Access denied: User not authenticated');
+}
+
+// Check CSRF token
+if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
+    http_response_code(403);
+    die('CSRF token validation failed');
+}
+
+// Only process POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['SoilcsvForm'])) {
+    http_response_code(405);
+    die('Method not allowed');
+}
+
+try {
+    // Validate and sanitize input data
+    $input = validateSoilTestData($_POST);
+
+    // Perform soil analysis calculations
+    $calculations = calculateSoilAnalysis($input);
+
+    // Generate unique identifier for this record
+    $rand = mt_rand(10000, 99999);
+
+    // Insert data into database
+    $recordId = insertSoilRecord($input, $calculations, $rand);
+
+    // Log successful submission
+    error_log("Soil test record created: ID {$recordId}, User: {$_SESSION['user_id']}");
+
+    // Redirect to results page
+    $redirectUrl = "/dashboard/crop-analysis/soil-analysis.php?rand={$rand}&cid={$input['sample_id']}&rid={$recordId}&stid=" . urlencode($input['crop_type']);
+    header("Location: {$redirectUrl}");
+    exit;
+
+} catch (ValidationException $e) {
+    http_response_code(400);
+    die('Validation error: ' . htmlspecialchars($e->getMessage()));
+} catch (PDOException $e) {
+    error_log("Database error in soil test submission: " . $e->getMessage());
+    http_response_code(500);
+    die('Database error occurred. Please try again later.');
+} catch (Exception $e) {
+    error_log("Unexpected error in soil test submission: " . $e->getMessage());
+    http_response_code(500);
+    die('An unexpected error occurred. Please try again later.');
+}
+
+/**
+ * Validate and sanitize soil test form data
+ */
+function validateSoilTestData(array $post): array
+{
+    $validated = [];
+
+    // Client information
+    $validated['client_id'] = filter_var($post['client_id'] ?? '', FILTER_VALIDATE_INT);
+    if ($validated['client_id'] === false) {
+        throw new ValidationException('Invalid client ID');
+    }
+
+    $validated['name'] = sanitizeString($post['name'] ?? '', 100);
+    $validated['company'] = sanitizeString($post['company'] ?? '', 100);
+    $validated['email'] = filter_var($post['email'] ?? '', FILTER_VALIDATE_EMAIL);
+    if ($validated['email'] === false) {
+        throw new ValidationException('Invalid email address');
+    }
+
+    $validated['site_address'] = sanitizeString($post['site_address'] ?? '', 255);
+    $validated['state_postcode'] = sanitizeString($post['state_postcode'] ?? '', 100);
+
+    // Analysis details
+    $validated['lab_no'] = sanitizeString($post['lab_no'] ?? '', 50);
+    $validated['batch_no'] = sanitizeString($post['batch_no'] ?? '', 50);
+    $validated['sample_id'] = sanitizeString($post['sample_id'] ?? '', 50);
+    $validated['site_id'] = sanitizeString($post['site_id'] ?? '', 50);
+    $validated['crop_type'] = sanitizeString($post['crop_type'] ?? '', 50);
+    $validated['soil_type'] = sanitizeString($post['soil_type'] ?? '', 50);
+
+    $validated['date_sampled'] = $post['date_sampled'] ?? '';
+    if (!empty($validated['date_sampled'])) {
+        $date = DateTime::createFromFormat('Y-m-d', $validated['date_sampled']);
+        if (!$date) {
+            throw new ValidationException('Invalid date sampled format');
+        }
+        $validated['date_sampled'] = $date->format('Y-m-d');
+    }
+
+    // Physical properties
+    $validated['texture'] = sanitizeString($post['texture'] ?? '', 50);
+    $validated['gravel'] = validateNumeric($post['gravel'] ?? '', 0, 100);
+    $validated['colour'] = sanitizeString($post['colour'] ?? '', 50);
+    $validated['ocarbon'] = validateNumeric($post['ocarbon'] ?? '', 0, 100);
+    $validated['omatter'] = validateNumeric($post['omatter'] ?? '', 0, 100);
+
+    // Chemical properties
+    $validated['ph_cacl2'] = validateNumeric($post['ph_cacl2'] ?? '', 0, 14);
+    $validated['ph_h2o'] = validateNumeric($post['ph_h2o'] ?? '', 0, 14);
+    $validated['paramag'] = validateNumeric($post['paramag'] ?? '');
+    $validated['ec'] = validateNumeric($post['ec'] ?? '', 0);
+
+    // Nutrient analysis
+    $nutrientFields = [
+        'NO3_N', 'NH3_N', 'p_mehlick', 'p_bray2', 'p_morgan', 'k_morgan',
+        'ca_morgan', 'mg_morgan', 'na_morgan', 'ch_h2o', 'fe', 's_morgan',
+        'b_cacl2', 'mn_dtpa', 'zn_dtpa', 'fe_dtpa', 'cu_dtpa', 'al',
+        'sl_cacl2', 'm_dtpa', 'co_dtpa', 'se'
+    ];
+
+    foreach ($nutrientFields as $field) {
+        $validated[$field] = validateNumeric($post[$field] ?? '', 0);
+    }
+
+    // Base saturation
+    $validated['tec'] = validateNumeric($post['tec'] ?? '');
+    $validated['cec'] = validateNumeric($post['cec'] ?? '');
+    $validated['ca_mehlick3'] = validateNumeric($post['ca_mehlick3'] ?? '');
+    $validated['mg_mehlick3'] = validateNumeric($post['mg_mehlick3'] ?? '');
+    $validated['k_mehlick3'] = validateNumeric($post['k_mehlick3'] ?? '');
+    $validated['na_mehlick3'] = validateNumeric($post['na_mehlick3'] ?? '');
+    $validated['al_mehlick3'] = validateNumeric($post['al_mehlick3'] ?? '');
+
+    // Additional calculations
+    $validated['c_total'] = validateNumeric($post['c_total'] ?? '');
+    $validated['n_total'] = validateNumeric($post['n_total'] ?? '');
+
+    return $validated;
+}
+
+/**
+ * Perform soil analysis calculations
+ */
+function calculateSoilAnalysis(array $data): array
+{
+    $calculations = [];
+
+    // pH lookup table
+    $phRange = [
+        30 => [75.0, 11.4], 31 => [74.0, 11.2], 32 => [73.0, 11.0], 33 => [72.0, 10.8],
+        34 => [71.0, 10.6], 35 => [70.0, 10.4], 36 => [69.0, 10.2], 37 => [68.0, 10.0],
+        38 => [67.0, 9.8], 39 => [66.0, 9.6], 40 => [65.0, 9.4], 41 => [63.0, 9.2],
+        42 => [61.0, 9.0], 43 => [59.0, 8.8], 44 => [57.0, 8.6], 45 => [55.0, 8.4],
+        46 => [53.0, 8.2], 47 => [51.0, 8.0], 48 => [49.0, 7.8], 49 => [47.0, 7.6],
+        50 => [45.0, 7.4], 51 => [42.0, 7.2], 52 => [39.0, 7.0], 53 => [36.0, 6.8],
+        54 => [33.0, 6.6], 55 => [30.0, 6.4], 56 => [27.0, 6.2], 57 => [24.0, 6.0],
+        58 => [21.0, 5.8], 59 => [18.0, 5.6], 60 => [15.0, 5.4], 61 => [13.5, 5.3],
+        62 => [12.0, 5.2], 63 => [10.5, 5.1], 64 => [9.0, 5.0], 65 => [7.5, 4.9],
+        66 => [6.0, 4.8], 67 => [4.5, 4.7], 68 => [3.0, 4.6], 69 => [1.5, 4.5],
+        70 => [0.0, 4.4], 71 => [0.0, 4.3], 72 => [0.0, 4.2], 73 => [0.0, 4.1],
+        74 => [0.0, 4.0], 75 => [0.0, 3.9], 76 => [0.0, 3.8], 77 => [0.0, 3.7],
+        78 => [0.0, 3.6], 79 => [0.0, 3.5], 80 => [0.0, 3.4], 81 => [0.0, 3.3],
+        82 => [0.0, 3.2], 83 => [0.0, 3.1], 84 => [0.0, 3.0], 85 => [0.0, 2.9],
+        86 => [0.0, 2.8], 87 => [0.0, 2.7], 88 => [0.0, 2.6], 89 => [0.0, 2.5],
+        90 => [0.0, 2.4], 91 => [0.0, 2.3], 92 => [0.0, 2.2], 93 => [0.0, 2.1],
+        94 => [0.0, 2.0], 95 => [0.0, 1.9], 96 => [0.0, 1.8], 97 => [0.0, 1.7],
+        98 => [0.0, 1.6], 99 => [0.0, 1.5], 100 => [0.0, 1.4],
+    ];
+
+    // Base saturation calculations
+    $ph = $data['ph_h2o'];
+    $aluminium = $data['al_mehlick3'];
+
+    $phLookup = round($ph * 10);
+    $hydrogen = $phRange[$phLookup][0] ?? 0;
+    $otherbases = $phRange[$phLookup][1] ?? 0;
+
+    $calculations['h_rec'] = round($hydrogen, 2);
+    $calculations['ob_rec'] = round($otherbases, 2);
+
+    if ($aluminium < 0) {
+        $otherbases = 0;
+    }
+
+    // Calculate hydrogen and other bases results
+    $obresult = 0;
+    $hresult = 0;
+
+    if ($otherbases > 0) {
+        while ((($obresult * 100) / ($data['cec'] + $obresult + $hresult)) <= $otherbases) {
+            $obresult += 0.001;
+            $hresult = ($obresult * $hydrogen) / $otherbases;
+        }
+        $obresult -= 0.001;
+        if ($hresult != 0) {
+            $hresult -= 0.001;
+        }
+    } else {
+        while ((($hresult * 100) / $data['tec']) <= $hydrogen) {
+            $hresult += 0.001;
+        }
+        $hresult -= 0.001;
+    }
+
+    $tecTemp = $data['cec'] + $obresult + $hresult;
+    $calculations['tec'] = round($tecTemp, 2);
+    $calculations['cec'] = round($data['cec'], 2);
+
+    // Base saturation percentages and recommendations
+    $tec = $calculations['tec'];
+
+    if ($tec >= 1 && $tec <= 3) {
+        $calculations['cabs_max'] = 60.00; $calculations['mgbs_max'] = 20.00; $calculations['kbs'] = 5.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } elseif ($tec > 3 && $tec <= 5) {
+        $calculations['cabs_max'] = 62.00; $calculations['mgbs_max'] = 18.00; $calculations['kbs'] = 5.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } elseif ($tec > 5 && $tec <= 7) {
+        $calculations['cabs_max'] = 64.00; $calculations['mgbs_max'] = 16.00; $calculations['kbs'] = 4.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } elseif ($tec > 7 && $tec <= 9) {
+        $calculations['cabs_max'] = 65.00; $calculations['mgbs_max'] = 15.00; $calculations['kbs'] = 4.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } elseif ($tec > 9 && $tec <= 11) {
+        $calculations['cabs_max'] = 67.00; $calculations['mgbs_max'] = 13.00; $calculations['kbs'] = 4.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } elseif ($tec > 11 && $tec <= 30) {
+        $calculations['cabs_max'] = 68.00; $calculations['mgbs_max'] = 12.00; $calculations['kbs'] = 4.00; $calculations['kbs_max'] = 7.00; $calculations['nabs_max'] = 1.50;
+    } else {
+        $calculations['cabs_max'] = 70.00; $calculations['mgbs_max'] = 10.00; $calculations['kbs'] = 3.00; $calculations['kbs_max'] = 6.00; $calculations['nabs_max'] = 1.50;
+    }
+
+    // Calculate percentages and PPM values
+    $calculations['cabs_tec'] = round(($data['ca_mehlick3'] / $tec) * 100, 2);
+    $calculations['mgbs_tec'] = round(($data['mg_mehlick3'] / $tec) * 100, 2);
+    $calculations['kbs_tec'] = round(($data['k_mehlick3'] / $tec) * 100, 2);
+    $calculations['nabs_tec'] = round(($data['na_mehlick3'] / $tec) * 100, 2);
+    $calculations['albs_tec'] = round(($data['al_mehlick3'] / $tec) * 100, 2);
+
+    $calculations['BS_ca_ppm'] = $data['ca_mehlick3'] * 200;
+    $calculations['BS_mg_ppm'] = $data['mg_mehlick3'] * 120;
+    $calculations['BS_k_ppm'] = $data['k_mehlick3'] * 390;
+    $calculations['BS_na_ppm'] = $data['na_mehlick3'] * 230;
+    $calculations['BS_al_ppm'] = $data['al_mehlick3'] * 90;
+
+    // Calculate ratios
+    $calculations['ca_mg_ratio'] = $data['mg_mehlick3'] > 0 ? round($data['ca_mehlick3'] / $data['mg_mehlick3'], 2) : 0;
+    $calculations['c_n_ratio'] = $data['n_total'] > 0 ? round($data['c_total'] / $data['n_total'], 2) : 0;
+
+    return $calculations;
+}
+
+/**
+ * Insert soil record into database
+ */
+function insertSoilRecord(array $data, array $calculations, int $rand): int
+{
+    global $pdo;
+
+    $sql = "INSERT INTO soil_records (
+        client_records_id, modx_user_id, date, email, client_name, site_address, state_postcode,
+        analysis_type, lab_no, batch_no, sample_id, site_id, crop_type, soil_type, date_sampled,
+        tec, cec, texture, gravel, colour, NO3_N, NH3_N, p_mehlick, p_bray2, p_morgan,
+        k_morgan, ca_morgan, mg_morgan, na_morgan, ch_h2o, ocarbon, omatter, fe, ec,
+        ph_cacl2, ph_h2o, paramag, s_morgan, b_cacl2, mn_dtpa, zn_dtpa, fe_dtpa, cu_dtpa,
+        al, sl_cacl2, m_dtpa, co_dtpa, se, ca_mehlick3, BS_ca_ppm, mg_mehlick3, BS_mg_ppm,
+        k_mehlick3, BS_k_ppm, na_mehlick3, BS_na_ppm, al_mehlick3, BS_al_ppm,
+        BS_ca2, BS_mg2, BS_k, BS_na, BS_al3, BS_ob, BS_h,
+        cabs_min, ca_ppm_min, cabs_max, ca_ppm_max, mgbs_min, mg_ppm_min, mgbs_max, mg_ppm_max,
+        kbs_min, k_ppm_min, kbs_max, k_ppm_max, nabs_min, na_ppm_min, nabs_max, na_ppm_max,
+        albs_min, al_ppm_min, albs_max, al_ppm_max, ob_rec, h_rec, ca_mg_ratio, rand
+    ) VALUES (
+        :client_id, :modx_user_id, NOW(), :email, :client_name, :site_address, :state_postcode,
+        'Soil Test', :lab_no, :batch_no, :sample_id, :site_id, :crop_type, :soil_type, :date_sampled,
+        :tec, :cec, :texture, :gravel, :colour, :NO3_N, :NH3_N, :p_mehlick, :p_bray2, :p_morgan,
+        :k_morgan, :ca_morgan, :mg_morgan, :na_morgan, :ch_h2o, :ocarbon, :omatter, :fe, :ec,
+        :ph_cacl2, :ph_h2o, :paramag, :s_morgan, :b_cacl2, :mn_dtpa, :zn_dtpa, :fe_dtpa, :cu_dtpa,
+        :al, :sl_cacl2, :m_dtpa, :co_dtpa, :se, :ca_mehlick3, :BS_ca_ppm, :mg_mehlick3, :BS_mg_ppm,
+        :k_mehlick3, :BS_k_ppm, :na_mehlick3, :BS_na_ppm, :al_mehlick3, :BS_al_ppm,
+        :cabs_tec, :mgbs_tec, :kbs_tec, :nabs_tec, :al_mehlick3, :ob_rec, :h_rec,
+        0, 0, :cabs_max, :ca_ppm_max, 0, 0, :mgbs_max, :mg_ppm_max,
+        :kbs, :k_ppm_min, :kbs_max, :k_ppm_max, 0.50, :na_ppm_min, :nabs_max, :na_ppm_max,
+        0, 0, 0.5, :al_ppm_max, :ob_rec, :h_rec, :ca_mg_ratio, :rand
+    )";
+
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([
+        'client_id' => $data['client_id'],
+        'modx_user_id' => $_SESSION['user_id'],
+        'email' => $data['email'],
+        'client_name' => $data['name'],
+        'site_address' => $data['site_address'],
+        'state_postcode' => $data['state_postcode'],
+        'lab_no' => $data['lab_no'],
+        'batch_no' => $data['batch_no'],
+        'sample_id' => $data['sample_id'],
+        'site_id' => $data['site_id'],
+        'crop_type' => $data['crop_type'],
+        'soil_type' => $data['soil_type'],
+        'date_sampled' => $data['date_sampled'],
+        'tec' => $calculations['tec'],
+        'cec' => $calculations['cec'],
+        'texture' => $data['texture'] ?: null,
+        'gravel' => $data['gravel'],
+        'colour' => $data['colour'] ?: null,
+        'NO3_N' => $data['NO3_N'],
+        'NH3_N' => $data['NH3_N'],
+        'p_mehlick' => $data['p_mehlick'],
+        'p_bray2' => $data['p_bray2'],
+        'p_morgan' => $data['p_morgan'],
+        'k_morgan' => $data['k_morgan'],
+        'ca_morgan' => $data['ca_morgan'],
+        'mg_morgan' => $data['mg_morgan'],
+        'na_morgan' => $data['na_morgan'],
+        'ch_h2o' => $data['ch_h2o'],
+        'ocarbon' => $data['ocarbon'],
+        'omatter' => $data['omatter'],
+        'fe' => $data['fe'],
+        'ec' => $data['ec'],
+        'ph_cacl2' => $data['ph_cacl2'],
+        'ph_h2o' => $data['ph_h2o'],
+        'paramag' => $data['paramag'] ?: null,
+        's_morgan' => $data['s_morgan'],
+        'b_cacl2' => $data['b_cacl2'],
+        'mn_dtpa' => $data['mn_dtpa'],
+        'zn_dtpa' => $data['zn_dtpa'],
+        'fe_dtpa' => $data['fe_dtpa'],
+        'cu_dtpa' => $data['cu_dtpa'],
+        'al' => $data['al'],
+        'sl_cacl2' => $data['sl_cacl2'],
+        'm_dtpa' => $data['m_dtpa'],
+        'co_dtpa' => $data['co_dtpa'],
+        'se' => $data['se'],
+        'ca_mehlick3' => $data['ca_mehlick3'],
+        'BS_ca_ppm' => $calculations['BS_ca_ppm'],
+        'mg_mehlick3' => $data['mg_mehlick3'],
+        'BS_mg_ppm' => $calculations['BS_mg_ppm'],
+        'k_mehlick3' => $data['k_mehlick3'],
+        'BS_k_ppm' => $calculations['BS_k_ppm'],
+        'na_mehlick3' => $data['na_mehlick3'],
+        'BS_na_ppm' => $calculations['BS_na_ppm'],
+        'al_mehlick3' => $data['al_mehlick3'],
+        'BS_al_ppm' => $calculations['BS_al_ppm'],
+        'cabs_tec' => $calculations['cabs_tec'],
+        'mgbs_tec' => $calculations['mgbs_tec'],
+        'kbs_tec' => $calculations['kbs_tec'],
+        'nabs_tec' => $calculations['nabs_tec'],
+        'cabs_max' => $calculations['cabs_max'],
+        'ca_ppm_max' => $calculations['tec'] * $calculations['cabs_max'] * 2,
+        'mgbs_max' => $calculations['mgbs_max'],
+        'mg_ppm_max' => $calculations['tec'] * $calculations['mgbs_max'] * 1.2,
+        'kbs' => $calculations['kbs'],
+        'k_ppm_min' => $calculations['tec'] * $calculations['kbs'] * 3.9,
+        'kbs_max' => $calculations['kbs_max'],
+        'k_ppm_max' => $calculations['tec'] * $calculations['kbs_max'] * 3.9,
+        'na_ppm_min' => $calculations['tec'] * 0.5 * 2.3,
+        'nabs_max' => $calculations['nabs_max'],
+        'na_ppm_max' => $calculations['tec'] * $calculations['nabs_max'] * 2.3,
+        'al_ppm_max' => $calculations['tec'] * 0.5 * 0.9,
+        'ob_rec' => $calculations['ob_rec'],
+        'h_rec' => $calculations['h_rec'],
+        'ca_mg_ratio' => $calculations['ca_mg_ratio'],
+        'rand' => $rand
+    ]);
+
+    return $pdo->lastInsertId();
+}
+
+/**
+ * Custom exception for validation errors
+ */
+class ValidationException extends Exception {}
+
+/**
+ * Sanitize string input
+ */
+function sanitizeString(?string $value, int $maxLength = 255): string
+{
+    if ($value === null) return '';
+    $sanitized = trim($value);
+    $sanitized = filter_var($sanitized, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+    return substr($sanitized, 0, $maxLength);
+}
+
+/**
+ * Validate numeric input
+ */
+function validateNumeric(?string $value, float $min = null, float $max = null): ?float
+{
+    if ($value === '' || $value === null) return null;
+
+    $numeric = filter_var($value, FILTER_VALIDATE_FLOAT);
+    if ($numeric === false) {
+        throw new ValidationException('Invalid numeric value: ' . $value);
+    }
+
+    if ($min !== null && $numeric < $min) {
+        throw new ValidationException('Value below minimum: ' . $numeric);
+    }
+
+    if ($max !== null && $numeric > $max) {
+        throw new ValidationException('Value above maximum: ' . $numeric);
+    }
+
+    return $numeric;
+}
+?>

dashboard/crop-analysis/soil-analysis.php

@@ -1,31 +1,87 @@
-<!doctype html>
-<html lang="en">
-    <head>
-        <title>[[*longtitle]] | [[++site_name]]</title>
-        <base href="[[!++site_url]]" >
-        <meta charset="[[++modx_charset]]" >
-        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" >
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" >
-        <meta name="keywords" content="[[*introtext]]" >
-        <meta name="description" content="[[*description]]" >
+<?php
+/**
+ * dashboard/crop-analysis/soil-analysis.php
+ *
+ * Soil Analysis Results Display Page
+ * Shows detailed soil test results with calculations and recommendations
+ */
+
+require_once __DIR__.'/../../config/database.php';
+require_once __DIR__.'/../../lib/auth.php';
+require_once __DIR__.'/../../lib/validation.php';
+
+// Start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Require authentication
+requireLogin();
+
+// Get and validate parameters
+$client_id = (int)($_GET['cid'] ?? 0);
+$record_id = (float)($_GET['rid'] ?? 0);
+$rand_id = (float)($_GET['rand'] ?? 0);
+
+// Validate required parameters
+if (!$record_id || !$rand_id) {
+    die('Invalid request parameters');
+}
+
+// Get soil record data securely
+try {
+    $pdo = getDBConnection();
+    $stmt = $pdo->prepare("SELECT * FROM soil_records WHERE id = ? AND rand = ?");
+    $stmt->execute([$record_id, $rand_id]);
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if (!$row) {
+        die('Soil record not found');
+    }
 
-        [[!Profile]]
+    // Extract data
+    $client = htmlspecialchars($row['client_name'] ?? '', ENT_QUOTES, 'UTF-8');
+    $address = htmlspecialchars($row['site_address'] ?? '', ENT_QUOTES, 'UTF-8');
+    $state = htmlspecialchars($row['state_postcode'] ?? '', ENT_QUOTES, 'UTF-8');
+    $email = htmlspecialchars($row['email'] ?? '', ENT_QUOTES, 'UTF-8');
+    $labNo = htmlspecialchars($row['lab_no'] ?? '', ENT_QUOTES, 'UTF-8');
+    $sampleDate = htmlspecialchars($row['date_sampled'] ?? '', ENT_QUOTES, 'UTF-8');
+    $sample = htmlspecialchars($row['site_id'] ?? '', ENT_QUOTES, 'UTF-8');
+    $crop = htmlspecialchars($row['sample_id'] ?? '', ENT_QUOTES, 'UTF-8');
+
+} catch (PDOException $e) {
+    error_log("Database error in soil-analysis.php: " . $e->getMessage());
+    die('Database error occurred');
+}
+
+$today = date('jS F Y');
+$pageTitle = 'Soil Analysis Results - ' . $client;
+?>
 
-        <link rel="icon" href="client-assets/images/favicon.ico?v=2" type="image/x-icon" >
+<!doctype html>
+<html lang="en">
+<head>
+    <title><?php echo $pageTitle; ?> | Crop Management Platform</title>
+    <base href="/" >
+    <meta charset="utf-8" >
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" >
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" >
+    <meta name="keywords" content="soil analysis, crop monitoring, agriculture" >
+    <meta name="description" content="Detailed soil analysis results and recommendations" >
 
-        <script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
+    <link rel="icon" href="client-assets/images/favicon.ico?v=2" type="image/x-icon" >
 
-        <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous" rel="stylesheet" type="text/css" />
-        <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css" rel="stylesheet" type="text/css" />
+    <script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
 
-        <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/css/all.css" integrity="sha256-PF6MatZtiJ8/c9O9HQ8uSUXr++R9KBYu4gbNG5511WE=" crossorigin="anonymous" rel="stylesheet" type="text/css"  />
+    <!-- Bootstrap 5 CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-KyZXEAg3QhqLMpG8r+8fhAXLRk2vvoC2f3B09zVXn8CA5QIVfZOJ3BCsw2P0p/We" crossorigin="anonymous">
 
-        <link type="text/css" href="/client-assets/weather-icons/css/weather-icons.min.css?version=1.16" rel="stylesheet" type="text/css" />
-        <link href="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.css" rel="stylesheet" type="text/css" />
+    <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css" rel="stylesheet" type="text/css" />
 
-        <script type="text/javascript" src="https://use.fontawesome.com/1e2844bb90.js"></script>
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" integrity="sha512-9usAa10IRO0HhonpyAIVpjrylPvoDwiPUiKdWk5t3PyolY1cOd4DSE0Ga+ri4AuTroPR5aQvXU9xC6qOPnzFeg==" crossorigin="anonymous" referrerpolicy="no-referrer" rel="stylesheet" type="text/css" />
 
-        <link href="/client-assets/css/dashboard.css" rel="stylesheet" type="text/css" />
+    <link type="text/css" href="/client-assets/weather-icons/css/weather-icons.min.css?version=1.16" rel="stylesheet" type="text/css" />
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.css" rel="stylesheet" type="text/css" />
         <script src="https://unpkg.com/gijgo@1.9.11/js/gijgo.min.js" type="text/javascript"></script>
         <link href="https://unpkg.com/gijgo@1.9.11/css/gijgo.min.css" rel="stylesheet" type="text/css" />
         <script src="client-assets/js/skycons.js" type="text/javascript"></script>
@@ -86,48 +142,6 @@
                 ?>
             </div>
 
-            <?php
-            $result    = null;
-
-            $client_id = (int) (isset($_GET["cid"])) ? $_GET["cid"] : ""; // client number
-            $record_id = (float) (isset($_GET["rid"])) ? $_GET["rid"] : ""; // record number
-            $rand_id = (float) (isset($_GET["rand"])) ? $_GET["rand"] : "";
-
-            $today = date('jS F Y');
-
-            //Database connection
-            //$con = mysqli_connect("localhost", "root", "R3M0T31", "cropmonitor");
-            $con = mysqli_connect("localhost", "cropmonitor", "brvnCcaEYxlPCS3", "cropmonitor");
-
-            // Check connection
-            if (mysqli_connect_errno()) {
-                echo "Failed to connect to MySQL: " . mysqli_connect_error();
-            }
-
-            // Get results from database 
-            $result = mysqli_query($con, "SELECT * FROM `soil_records` WHERE `id` = '" . $record_id . "' AND `rand` = '" . $rand_id . "' ");
-
-            if ($result === FALSE) {
-                die(mysqli_error($con)); // TODO: better error handling
-                echo "User Profile incorrect";
-            } else {
-                while ($row = mysqli_fetch_array($result)) {
-
-                    //TEST
-                    $client     = $row['client_name'];
-                    $address    = $row['site_address'];
-                    $state      = $row['state_postcode'];
-                    $email      = $row['email'];
-                    $labNo      = $row['lab_no'];
-                    $sampleDate = $row['date_sampled'];
-                    $sample     = $row['site_id'];
-                    $crop       = $row['sample_id'];
-
-                    if ($rand_id === NULL) { //if element not tested hide row
-
-                    } else {
-            ?>
-
             <table class='title'>
                 <tbody>
                     <tr>
@@ -175,58 +189,13 @@
                 </tbody>
             </table>
 
-            <?php
-                    }
-                }
-            }
-
-            mysqli_close($con);
-
-
-            /* 
-			<div class="row pt-3">
-				<div class="col-md-2 text-right"><b>DATE:</b></div>
-				<div class="col-md-3 text-left"><?php echo $today; ?></div>
-				<div class="col-md-1"></div>
-				<div class="col-md-3 text-right"><b>SAMPLE ID:</b></div>
-				<div class="col-md-3 text-left"><?php echo $sample; ?></div>
-			</div>
-			<div class="row pt-1">
-				<div class="col-md-2 text-right"><b>CLIENT:</b></div>
-				<div class="col-md-3 text-left"><?php echo $client; ?></div>
-				<div class="col-md-1"></div>
-				<div class="col-md-3 text-right"><b>DATE SAMPLED:</b></div>
-				<div class="col-md-3 text-left"><?php echo $sampleDate; ?></div>
-			</div>
-			<div class="row pt-1">
-				<div class="col-md-2 text-right"><b>Address:</b></div>
-				<div class="col-md-3 text-left"><?php echo $address; ?></div>
-				<div class="col-md-1"></div>
-				<div class="col-md-3 text-right"><b>Lab Number:</b></div>
-				<div class="col-md-3 text-left"><?php echo $labNo; ?></div>
-			</div>
-			<div class="row pt-1">
-				<div class="col-md-2 text-right"><b></b></div>
-				<div class="col-md-3 text-left"><?php echo $state; ?></div>
-				<div class="col-md-1"></div>
-				<div class="col-md-3 text-right"><b>CROP:</b></div>
-				<div class="col-md-3 text-left"><?php echo $crop; ?></div>
-			</div>
-			<div class="row pt-1">
-				<div class="col-md-2 text-right"><b></b></div>
-				<div class="col-md-3 text-left"><?php echo $email; ?></div>
-				<div class="col-md-1"></div>
-				<div class="col-md-3 text-right"><b></b></div>
-				<div class="col-md-3 text-left"></div>
-			</div>
-			*/
-            ?>
-
             <!-- Graph Button -->
             <div class="d-print-none">
                 <div class="row p-2">
                     <div class="col">
-                        [[!soilAnalysisGraphButton]]
+                        <button type="button" class="btn btn-primary" onclick="generateGraph()">
+                            <i class="fas fa-chart-bar"></i> Generate Graph
+                        </button>
                     </div>
                     <div class="col">
                         <div class="form-status-holder"></div>
@@ -248,19 +217,22 @@
 
             <div class="row">
                 <div class="">
-                    [[!soilAnalysisReportCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Mg` &element=`BS_mg_ppm`  &min=`mg_ppm_min` &max=`mg_ppm_max` &nutrient=`Magnesium` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`K`  &element=`BS_k_ppm`  &min=`k_ppm_min` &max=`k_ppm_max` &nutrient=`Potasium` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Na` &element=`BS_na_ppm`  &min=`na_ppm_min` &max=`na_ppm_max` &nutrient=`Sodium` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`P`  &element=`p_colwell`  &min=`` &max=`` &nutrient=`Phosphate` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`S` &element=`s_morgan`  &min=`` &max=`` &nutrient=`Sulfur` &type=`kg &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Mn` &element=`mn_dtpa`  &min=`` &max=`` &nutrient=`Manganese` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Fe` &element=`fe_dtpa`  &min=`` &max=`` &nutrient=`Iron` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Zn` &element=`zn_dtpa`  &min=`` &max=`` &nutrient=`Zinc` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`Cu` &element=`cu_dtpa`  &min=`` &max=`` &nutrient=`Copper` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`AmN` &element=`NH3_N`  &min=`` &max=`` &nutrient=`AmNitrogen` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`B` &element=`b_cacl2`  &min=`` &max=`` &nutrient=`Boron` &type=`kg` &class=`col`]]
-                    [[!soilAnalysisReportCalcs? &symbol=`NN` &element=`NO3_N`  &min=`` &max=`` &nutrient=`NNitrogen` &type=`kg` &class=`col`]]
+                    <?php
+                    require_once __DIR__.'/../../lib/soil_calculations.php';
+                    echo soilAnalysisReportCalcs('Ca', 'BS_ca_ppm', 'ca_ppm_min', 'ca_ppm_max', 'Calcium', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Mg', 'BS_mg_ppm', 'mg_ppm_min', 'mg_ppm_max', 'Magnesium', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('K', 'BS_k_ppm', 'k_ppm_min', 'k_ppm_max', 'Potasium', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Na', 'BS_na_ppm', 'na_ppm_min', 'na_ppm_max', 'Sodium', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('P', 'p_colwell', '', '', 'Phosphate', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('S', 's_morgan', '', '', 'Sulfur', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Mn', 'mn_dtpa', '', '', 'Manganese', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Fe', 'fe_dtpa', '', '', 'Iron', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Zn', 'zn_dtpa', '', '', 'Zinc', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('Cu', 'cu_dtpa', '', '', 'Copper', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('AmN', 'NH3_N', '', '', 'AmNitrogen', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('B', 'b_cacl2', '', '', 'Boron', 'kg', 'col', $record_id, $rand_id);
+                    echo soilAnalysisReportCalcs('NN', 'NO3_N', '', '', 'NNitrogen', 'kg', 'col', $record_id, $rand_id);
+                    ?>
                 </div>
             </div>
 
@@ -269,7 +241,8 @@
             <!-- **************** START OF FORM DATA **************** -->
             <form class="report-form" method="post">
 
-                <input class="" hidden type="text" name="id" id="id" value="[[+modx.user.id]]" >
+                <input type="hidden" name="record_id" value="<?php echo htmlspecialchars($record_id, ENT_QUOTES, 'UTF-8'); ?>">
+                <input type="hidden" name="rand_id" value="<?php echo htmlspecialchars($rand_id, ENT_QUOTES, 'UTF-8'); ?>">
 
                 <!-- **************** OVERVIEW SECTION **************** -->
                 <div class="row bg-dark text-white p-2 mt-3">
@@ -288,11 +261,12 @@
                 </div>
 
                 <div class="">
-                    [[!soilProgramCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg`]]
-                    [[!soilProgramCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg`]]
-                    [[!soilProgramCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg`]]
-                    [[!soilProgramCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg`]]
-                    [[!soilProgramCalcs? &symbol=`Ca` &element=`BS_ca_ppm` &min=`ca_ppm_min` &max=`ca_ppm_max` &nutrient=`Calcium` &type=`kg`]]
+                    <?php
+                    // Generate 5-year soil balancing program
+                    for ($year = 1; $year <= 5; $year++) {
+                        echo soilProgramCalcs('Ca', 'BS_ca_ppm', 'ca_ppm_min', 'ca_ppm_max', 'Calcium', 'kg', $record_id, $rand_id);
+                    }
+                    ?>
                 </div> 
 
                 <hr>
@@ -343,7 +317,7 @@
                     console.log('Saving to the db');
                     form = $('.report-form');
                     $.ajax({
-                        url: "[[~58]]",
+                        url: "/controllers/save_soil_analysis.php",
                         type: "POST",
                         data: form.serialize(), // serializes the form's elements.
                         beforeSend: function(xhr) {
@@ -385,23 +359,27 @@ autosave_interval: '20s'
 
     <!-- jQuery first, then Popper.js, then Bootstrap JS -->
     <script type="text/javascript" src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
-    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
-    <script type="text/javascript" src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script>	
+    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.3/dist/umd/popper.min.js" integrity="sha384-eMNCOe7tC1doHpGoWe/6oMVZahOyBRvxQxkjVwPtGPRwO3dRnJgOyR5MwCOgxqA==" crossorigin="anonymous"></script>
+    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
 
     <script type="text/javascript">
-        addEventListener("load", function() { 
+        addEventListener("load", function() {
             setTimeout(hideURLbar, 0);
         }, false);
-        function hideURLbar(){ 
+        function hideURLbar(){
             window.scrollTo(0,1);
         }
     </script>
 
-    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js" integrity="sha384-xrRywqdh3PHs8keKZN+8zzc5TX0GRTLCcmivcbNJWm2rs5C8PRhcEn3czEjhAO9o" crossorigin="anonymous"></script>
-
     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.js"></script>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.js"></script>
 
+    <script>
+        function generateGraph() {
+            alert('Graph generation functionality will be implemented here.');
+        }
+    </script>
+
     <script>
         //https://github.com/eKoopmans/html2pdf.js
         $('.downloadPDF').click(function () {

dashboard/crop-analysis/soil-recommendations.php

@@ -45,33 +45,14 @@
         </style>
     </head>
 
-    <body class="sb-nav-fixed" id="page-top"> 
-        [[!Personalize?
-        &yesChunk=`navHeaderLogged`
-        &noChunk=`navHeader`
-        &allowedGroups=`basicClients,bacicAdmin,companyClients,companyManagers`
-        ]]
+    <body class="sb-nav-fixed" id="page-top">
+        <?php include __DIR__.'/../../components/navigation.php'; ?>
 
         <div id="layoutSidenav">
             <div id="layoutSidenav_nav">
                 <!-- Sidebar -->
-                [[Wayfinder?
-                &startId=`2` 
-                &displayStart=`0` 
-                &startitemTpl=`startitemTpl` 
-                &selfClass=`show` 
-                &level=`2`
-                &outerTpl=`outer`
-                &outerClass=`sb-sidenav accordion sb-sidenav-dark`
-                &rowTpl=`row`
-                &rowClass=`nav-link`
-                &parentRowTpl=`parentRow`
-                &parentClass=`nav-link collapsed`
-                &innerTpl=`inner`
-                &innerClass=`collapse`
-                &innerRowTpl=`secondInner`
-                &innerRowClass=`nav-link`
-                ]]
+                <?php renderSidebar(); ?>
+            </div>
             </div>
 
             <div id="layoutSidenav_content">

dashboard/crop-analysis/soil-test-data.php

@@ -1,258 +1,90 @@
-<!doctype html>
-<html lang="en">
+<?php
 
-    <head>
-        <title>Soil Test Analysis Report | [[++site_name]]</title>
-        <base href="[[!++site_url]]">
-        <meta charset="[[++modx_charset]]">
-        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-        <meta name="keywords" content="[[*introtext]]">
-        <meta name="description" content="[[*description]]">
-        <link rel="icon" href="client-assets/images/favicon.ico?v=2" type="image/x-icon"> [[!Profile]]
 
-        <script type="text/javascript">
-            window.dataLayer = window.dataLayer || [];
+// dashboard/crop-analysis/soil-test-data.php
+// New include-based layout (migrating from modX snippets)
 
-            function gtag() {
-                dataLayer.push(arguments);
-            }
-            gtag('js', new Date());
-            gtag('set', {
-                'user_id': '[[+modx.user.id]]'
-            }); // Set the user ID using signed-in user_id.
-            gtag('config', 'UA-133963301-1');
-        </script>
+// Start session for CSRF protection
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
 
-        <link href="https://cdn.jsdelivr.net/npm/simple-datatables@latest/dist/style.css" rel="stylesheet" />
-        <link href="client-assets/css/dashboard-2021.css" rel="stylesheet" />
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/js/all.min.js" crossorigin="anonymous"></script>
-        <link href="https://cdn.datatables.net/1.10.20/css/dataTables.bootstrap4.min.css" rel="stylesheet" crossorigin="anonymous" />
-        <script src="client-assets/js/skycons.js"></script>
-        <style>
-            .btn-append {
-                color: #495057;
-                background-color: #e9ecef;
-                border: 1px solid #ced4da;
-            }
-            .footer {
-                position: absolute;
-                bottom: 0;
-                width: 100%;
-                height: 60px;
-                line-height: 60px;
-            }
-        </style>
-    </head>
+$pageTitle = 'Soil Test Analysis Report';
+$siteName = 'Crop Management Platform';
+$activeItem = 'Soil Analysis';
 
-    <body class="sb-nav-fixed" id="page-top"> 
-        [[!Personalize?
-        &yesChunk=`navHeaderLogged`
-        &noChunk=`navHeader`
-        &allowedGroups=`basicClients,bacicAdmin,companyClients,companyManagers`
-        ]]
+include __DIR__ . '/../../layouts/header.php';
+include __DIR__ . '/../../layouts/navbar.php';
+?>
 
-        <div id="layoutSidenav">
-            <div id="layoutSidenav_nav">
-                <!-- Sidebar -->
-                [[Wayfinder?
-                &startId=`2` 
-                &displayStart=`0` 
-                &startitemTpl=`startitemTpl` 
-                &selfClass=`show` 
-                &level=`2`
-                &outerTpl=`outer`
-                &outerClass=`sb-sidenav accordion sb-sidenav-dark`
-                &rowTpl=`row`
-                &rowClass=`nav-link`
-                &parentRowTpl=`parentRow`
-                &parentClass=`nav-link collapsed`
-                &innerTpl=`inner`
-                &innerClass=`collapse`
-                &innerRowTpl=`secondInner`
-                &innerRowClass=`nav-link`
-                ]]
-            </div>
-
-            <div id="layoutSidenav_content">
-                <main>
-
-                    <div class="container-fluid px-4">
-                        <h1 class="mt-4">[[*pagetitle]]</h1>
-
-                        <ol class="breadcrumb mb-4"> [[$dash-breadcrumbs]] </ol>
+<div id="layoutSidenav">
+    <div id="layoutSidenav_nav">
+        <?php include __DIR__ . '/../../layouts/sidebar.php'; ?>
+    </div>
+    <div id="layoutSidenav_content">
+        <main>
+            <div class="container-fluid px-4">
+                <h1 class="mt-4"><?= htmlspecialchars($pageTitle, ENT_QUOTES, 'UTF-8') ?></h1>
+                <ol class="breadcrumb mb-4"><!-- TODO: render breadcrumbs dynamically --></ol>
 
-                        <div class="row">
-                            <script src="https://cdnjs.cloudflare.com/ajax/libs/d3/3.5.17/d3.js" integrity="sha256-gfQwA6PlkZsLqWu4bU4hXPrbTqzixm0B5MdvBLI+Oas=" crossorigin="anonymous"></script>
+                <div class="row">
+                    <div class="container">
+                        <h3 id="forms-example">Soil Test Details</h3>
+                        <p class="text-muted">Complete the soil test form and submit.</p>
 
-                            <div class="container">
-                                <h3 id="forms-example" class="">[[*longtitle]]</h3>
+                        <!-- Client Details Form Component -->
+                        <?php include __DIR__ . '/../../components/clientDetailsForm.php'; ?>
 
-                                <span class="error">* required fields.</span>
+                        <!-- New Client Modal Component -->
+                        <?php include __DIR__ . '/../../components/newClientModal.php'; ?>
 
-                                [[!clientDetailsFORM]]
+                        <form method="post" action="/controllers/soilTestSubmit.php" id="SoilcsvForm" class="needs-validation" novalidate>
+                            <input type="hidden" name="csrf_token" value="<?php echo generateCsrfToken(); ?>">
 
-                                <form method="post" action="#" id="SoilcsvForm" class="needs-validation" novalidate > <!-- ~[*id*]~] [~34~]] -->
+                            <?php // Soil Analysis Form Component ?>
+                            <?php include __DIR__ . '/../../components/soilAnalysisForm.php'; ?>
 
-                                    [[!Personalize?
-                                    &yesChunk=`analysisLogged_Clientdetails`
-                                    &noChunk=`analysis_Clientdetails`
-                                    ]]
+                            <button form="SoilcsvForm" type="submit" name="SoilcsvForm" class="btn btn-success">Submit</button>
+                        </form>
 
-                                    <hr>
+                        <hr />
 
-                                    [[$soilAnalysisForm]]
-
-                                    <button form="SoilcsvForm" type="submit" name="SoilcsvForm" class="btn btn-success">Submit</button>
-                                </form>
-
-                                <hr>
-
-                                <div class="card">
-                                    <div class="card-body">
-                                        <h5 class="card-title">Excel/CSV Upload</h5>
-                                        <p class="card-text">Download a csv of this form for easy filling or upload a filled form to pre-populate.</p>
-                                        <div class="input-group mt-3">
-                                            <div class="custom-file">
-                                                <input type="file" class="custom-file-input" id="upload">
-                                                <label class="custom-file-label border-success" for="upload">Choose file</label>
-                                            </div>
-                                            <div class="input-group-append">
-                                                <button class="btn btn-success" type="button" id="download">Download</button>
-                                            </div>
-                                        </div>
+                        <div class="card">
+                            <div class="card-body">
+                                <h5 class="card-title">Excel/CSV Upload</h5>
+                                <p class="card-text">Download a CSV of this form for easy filling or upload a filled form to pre-populate.</p>
+                                <div class="input-group mt-3">
+                                    <div class="custom-file">
+                                        <input type="file" class="custom-file-input" id="upload" accept=".csv" />
+                                        <label class="custom-file-label border-success" for="upload">Choose file</label>
+                                    </div>
+                                    <div class="input-group-append">
+                                        <button class="btn btn-success" type="button" id="download">Download</button>
                                     </div>
                                 </div>
-
-
-
-                                [[!soilformSubmit]]
-
-                                [[!newClientDetails]]
-
-
-                                <!-- ************************ Download Form as CSV ************************ -->
-                                <script>
-                                    document.getElementById("upload").addEventListener("change", upload, false);
-                                    document.getElementById("download").addEventListener("click", download, false);
-
-                                    function upload(e) {
-                                        var data = null;
-                                        var file = e.target.files[0];
-                                        var reader = new FileReader();
-                                        reader.readAsText(file);
-                                        reader.onload = function (event) {
-                                            var csvData = event.target.result;
-                                            var parsedCSV = d3.csv.parseRows(csvData);
-                                            parsedCSV.forEach(function (d, i) {
-                                                if (i == 0) return true; // skip the header
-                                                document.getElementById(d[0]).value = d[1];
-                                            });
-                                        }
-                                    }
-
-                                    function download(e) {
-                                        data = [ ["id","value"]];
-                                        var f = d3.selectAll("#SoilcsvForm input, select")[0];
-                                        f.forEach(function(d,i){
-                                            data.push([d.id, d.value]);
-                                        });
-                                        console.log(data);
-                                        var csvContent = "data:text/csv;charset=utf-8,";
-                                        data.forEach(function (d, i) {
-                                            dataString = d.join(",");
-                                            csvContent += i < data.length ? dataString + "\n" : dataString;
-                                        });
-                                        var url = window.location.pathname;
-                                        var filename = url.substring(url.lastIndexOf('/')+1);
-                                        var fname = filename.split(".")[0];
-                                        var csvname = fname+".csv";
-
-                                        var encodedUri = encodeURI(csvContent);
-                                        var link = document.createElement("a");
-                                        link.setAttribute("href", encodedUri);
-                                        link.setAttribute("download", csvname);
-                                        link.click();
-                                    }
-                                </script>
-                                <script type="text/javascript">
-                                    // JavaScript for disabling form submission if there are invalid fields
-                                    (function() {
-                                        'use strict';
-                                        window.addEventListener('load', function() {
-                                            // Fetch all the forms we want to apply custom Bootstrap validation styles to
-                                            var forms = document.getElementsByClassName('needs-validation');
-                                            // Loop over them and prevent submission
-                                            var validation = Array.prototype.filter.call(forms, function(form) {
-                                                form.addEventListener('submit', function(event) {
-                                                    if (form.checkValidity() === false) {
-                                                        event.preventDefault();
-                                                        event.stopPropagation();
-                                                    }
-                                                    form.classList.add('was-validated');
-                                                }, false);
-                                            });
-                                        }, false);
-                                    })();
-
-                                </script>
-
                             </div>
-
                         </div>
 
-                    </div>
+                        <?php // include __DIR__ . '/../../controllers/soilTestSubmit.php'; ?>
 
-                </main>
+                        <!-- old modX placeholders: [[!clientDetailsFORM]], [[!soilformSubmit]], [[!newClientDetails]] -->
 
-                <footer class="py-4 bg-light mt-auto">
-                    <div class="container-fluid px-4">
-                        <div class="d-flex align-items-center justify-content-between small">
-                            <div class="text-muted">[[SimpleCopyright? &startYear=`2003`]]. All Rights Reserved <a href="[[~1]]"></a></div>
-                            <div>
-                                <a href="[[~39~]]">Privacy Policy</a>
-                                &middot;
-                                <a href="[[~39~]]">Terms &amp; Conditions</a>
-                            </div>
-                        </div>
                     </div>
-                </footer>
-
+                </div>
             </div>
+        </main>
+
+        <footer class="py-4 bg-light mt-auto">
+            <div class="container-fluid px-4">
+                <div class="d-flex align-items-center justify-content-between small">
+                    <div class="text-muted">&copy; <?= date('Y') ?> Crop Management Platform. All Rights Reserved.</div>
+                    <div>
+                        <a href="/privacy-policy.php">Privacy Policy</a> &middot; <a href="/terms.php">Terms &amp; Conditions</a>
+                    </div>
+                </div>
+            </div>
+        </footer>
+    </div>
+</div>
 
-        </div>
-
-        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script>
-        <script>
-            /*!
-            * Start Bootstrap - SB Admin v7.0.3 (https://startbootstrap.com/template/sb-admin)
-            * Copyright 2013-2021 Start Bootstrap
-            * Licensed under MIT (https://github.com/StartBootstrap/startbootstrap-sb-admin/blob/master/LICENSE)
-            */
-            // 
-            // Scripts
-            // 
-
-            window.addEventListener('DOMContentLoaded', event => {
-
-                // Toggle the side navigation
-                const sidebarToggle = document.body.querySelector('#sidebarToggle');
-                if (sidebarToggle) {
-                    // Uncomment Below to persist sidebar toggle between refreshes
-                    // if (localStorage.getItem('sb|sidebar-toggle') === 'true') {
-                    //     document.body.classList.toggle('sb-sidenav-toggled');
-                    // }
-                    sidebarToggle.addEventListener('click', event => {
-                        event.preventDefault();
-                        document.body.classList.toggle('sb-sidenav-toggled');
-                        localStorage.setItem('sb|sidebar-toggle', document.body.classList.contains('sb-sidenav-toggled'));
-                    });
-                }
-
-            });
-
-        </script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.8.0/Chart.min.js" crossorigin="anonymous"></script>
-        <script src="https://cdn.jsdelivr.net/npm/simple-datatables@latest" crossorigin="anonymous"></script>
-    </body>
-</html>
+<?php include __DIR__ . '/../../layouts/footer.php'; ?>

dashboard/crop-analysis/updatecomment.php

@@ -46,32 +46,13 @@
 </head>
 
 <body class="sb-nav-fixed" id="page-top"> 
-    [[!Personalize?
-        &yesChunk=`navHeaderLogged`
-        &noChunk=`navHeader`
-        &allowedGroups=`basicClients,bacicAdmin,companyClients,companyManagers`
-    ]]
+    <?php include __DIR__.'/../../components/navigation.php'; ?>
     
 	<div id="layoutSidenav">
 	    <div id="layoutSidenav_nav">
     		<!-- Sidebar -->
-    		[[Wayfinder?
-    		    &startId=`2` 
-        		&displayStart=`0` 
-        		&startitemTpl=`startitemTpl` 
-        		&selfClass=`show` 
-        		&level=`2`
-        		&outerTpl=`outer`
-        		    &outerClass=`sb-sidenav accordion sb-sidenav-dark`
-        		&rowTpl=`row`
-        		    &rowClass=`nav-link`
-        		&parentRowTpl=`parentRow`
-        		    &parentClass=`nav-link collapsed`
-        		&innerTpl=`inner`
-        		    &innerClass=`collapse`
-        		&innerRowTpl=`secondInner`
-        		    &innerRowClass=`nav-link`
-    		]]
+    		<?php renderSidebar(); ?>
+        </div>
         </div>
 		
 		<div id="layoutSidenav_content">

layouts/footer.php

@@ -0,0 +1,31 @@
+<!-- jQuery first, then Popper.js, then Bootstrap JS -->
+<script type="text/javascript" src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
+<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.3/dist/umd/popper.min.js" integrity="sha384-eMNCOe7tC1doHpGoWe/6oMVZahOyBRvxQxkjVwPtGPRwO3dRnJgOyR5MwCOgxqA==" crossorigin="anonymous"></script>
+<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
+
+<script type="text/javascript">
+    addEventListener("load", function() { 
+        setTimeout(hideURLbar, 0);
+    }, false);
+    function hideURLbar(){ 
+        window.scrollTo(0,1);
+    }
+</script>
+
+<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.js"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.js"></script>
+
+<script>
+    window.addEventListener('DOMContentLoaded', event => {
+        const sidebarToggle = document.body.querySelector('#sidebarToggle');
+        if (sidebarToggle) {
+            sidebarToggle.addEventListener('click', event => {
+                event.preventDefault();
+                document.body.classList.toggle('sb-sidenav-toggled');
+                localStorage.setItem('sb|sidebar-toggle', document.body.classList.contains('sb-sidenav-toggled'));
+            });
+        }
+    });
+</script>
+</body>
+</html>

layouts/header.php

@@ -0,0 +1,26 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title><?= htmlspecialchars($pageTitle ?? 'Crop Management Platform', ENT_QUOTES, 'UTF-8') ?></title>
+
+    <link rel="icon" href="client-assets/images/favicon.ico?v=2" type="image/x-icon">
+
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.0/dist/css/bootstrap.min.css" rel="stylesheet" crossorigin="anonymous">
+    <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css" rel="stylesheet" type="text/css" />
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/css/all.css" integrity="sha256-PF6MatZtiJ8/c9O9HQ8uSUXr++R9KBYu4gbNG5511WE=" crossorigin="anonymous" rel="stylesheet" type="text/css"  />
+    <link type="text/css" href="/client-assets/weather-icons/css/weather-icons.min.css?version=1.16" rel="stylesheet" type="text/css" />
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.css" rel="stylesheet" type="text/css" />
+    <link href="client-assets/css/dashboard.css" rel="stylesheet" type="text/css" />
+    <link href="client-assets/home/css/graphing.css" rel="stylesheet" type="text/css" media="screen" />
+    <link href="client-assets/home/css/alux.min.css" rel="stylesheet" type="text/css" media="screen" />
+
+    <script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
+    <script type="text/javascript" src="https://use.fontawesome.com/1e2844bb90.js"></script>
+    <script src="https://unpkg.com/gijgo@1.9.11/js/gijgo.min.js" type="text/javascript"></script>
+    <link href="https://unpkg.com/gijgo@1.9.11/css/gijgo.min.css" rel="stylesheet" type="text/css" />
+    <script src="client-assets/js/skycons.js" type="text/javascript"></script>
+</head>
+<body class="sb-nav-fixed" id="page-top">

layouts/navbar.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * layouts/navbar.php
+ * 
+ * Reusable top navigation bar.
+ * Usage: include __DIR__.'/layouts/navbar.php';
+ */
+$siteName = $siteName ?? 'Crop Management Platform';
+$navItems = $navItems ?? [
+    [ 'href' => '/dashboard/dashboard.php', 'label' => 'Dashboard' ],
+    [ 'href' => '/dashboard/crop-analysis/soil-analysis.php', 'label' => 'Soil Analysis' ],
+    [ 'href' => '/dashboard/crop-analysis/soil-report.php', 'label' => 'Reports' ],
+    [ 'href' => '/login/logout.php', 'label' => 'Logout' ],
+];
+$activeItem = $activeItem ?? '';
+?>
+<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
+    <div class="container-fluid">
+        <a class="navbar-brand" href="/"><?= htmlspecialchars($siteName, ENT_QUOTES, 'UTF-8') ?></a>
+        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#topNavbar" aria-controls="topNavbar" aria-expanded="false" aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+        <div class="collapse navbar-collapse" id="topNavbar">
+            <ul class="navbar-nav ms-auto mb-2 mb-lg-0">
+                <?php foreach ($navItems as $item): ?>
+                    <li class="nav-item">
+                        <a class="nav-link<?= ($activeItem === $item['label'] ? ' active' : '') ?>" href="<?= htmlspecialchars($item['href'], ENT_QUOTES, 'UTF-8') ?>">
+                            <?= htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8') ?>
+                        </a>
+                    </li>
+                <?php endforeach; ?>
+            </ul>
+        </div>
+    </div>
+</nav>

layouts/sidebar.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * layouts/sidebar.php
+ * 
+ * Reusable sidebar menu for dashboard pages.
+ * Usage: include __DIR__.'/layouts/sidebar.php';
+ */
+$sidebarItems = $sidebarItems ?? [
+    [ 'href' => '/dashboard/dashboard.php', 'label' => 'Home', 'icon' => 'fas fa-home' ],
+    [ 'href' => '/dashboard/crop-analysis/soil-analysis.php', 'label' => 'Soil Analysis', 'icon' => 'fas fa-seedling' ],
+    [ 'href' => '/dashboard/crop-analysis/soil-report.php', 'label' => 'Soil Reports', 'icon' => 'fas fa-file-alt' ],
+    [ 'href' => '/login/change-password.php', 'label' => 'Account', 'icon' => 'fas fa-user-cog' ],
+];
+$activeItem = $activeItem ?? '';
+?>
+<div class="sb-sidenav-menu">
+    <div class="nav">
+        <?php foreach ($sidebarItems as $item): ?>
+            <a class="nav-link<?= ($activeItem === $item['label'] ? ' active' : '') ?>" href="<?= htmlspecialchars($item['href'], ENT_QUOTES, 'UTF-8') ?>">
+                <div class="sb-nav-link-icon"><i class="<?= htmlspecialchars($item['icon'], ENT_QUOTES, 'UTF-8') ?>"></i></div>
+                <?= htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8') ?>
+            </a>
+        <?php endforeach; ?>
+    </div>
+</div>

lib/auth.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ * lib/auth.php
+ *
+ * Authentication and authorization functions.
+ */
+
+/**
+ * Check if user is logged in
+ */
+function isLoggedIn(): bool
+{
+    return isset($_SESSION['user_id']) && !empty($_SESSION['user_id']);
+}
+
+/**
+ * Get current user ID
+ */
+function getCurrentUserId(): ?int
+{
+    return $_SESSION['user_id'] ?? null;
+}
+
+/**
+ * Require user to be logged in, redirect if not
+ */
+function requireLogin(): void
+{
+    if (!isLoggedIn()) {
+        header('Location: /login/login.php');
+        exit;
+    }
+}
+
+/**
+ * Check if user has specific role/permission
+ */
+function hasPermission(string $permission): bool
+{
+    if (!isLoggedIn()) {
+        return false;
+    }
+
+    // TODO: Implement proper role-based permissions
+    // For now, just check if user is logged in
+    return true;
+}
+?>

lib/csrf.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * lib/csrf.php
+ *
+ * CSRF protection functions.
+ */
+
+/**
+ * Generate CSRF token
+ */
+function generateCsrfToken(): string
+{
+    if (empty($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
+    return $_SESSION['csrf_token'];
+}
+
+/**
+ * Verify CSRF token
+ */
+function verifyCsrfToken(string $token): bool
+{
+    if (empty($_SESSION['csrf_token']) || empty($token)) {
+        return false;
+    }
+    return hash_equals($_SESSION['csrf_token'], $token);
+}
+
+/**
+ * Regenerate CSRF token (call after successful form submission)
+ */
+function regenerateCsrfToken(): void
+{
+    unset($_SESSION['csrf_token']);
+}
+?>

lib/soil_calculations.php

@@ -0,0 +1,186 @@
+<?php
+/**
+ * lib/soil_calculations.php
+ *
+ * Functions for soil analysis calculations and display
+ */
+
+require_once __DIR__.'/database.php';
+
+/**
+ * Calculate and display soil program for a specific element
+ *
+ * @param string $symbol Element symbol (e.g., 'Ca', 'Mg', 'K')
+ * @param string $element Database column name for the element
+ * @param string $min Min value column (empty string uses element column)
+ * @param string $max Max value column (empty string uses element column)
+ * @param string $nutrient Full nutrient name
+ * @param string $type Measurement type (e.g., 'kg', 'ppm', '%')
+ * @param int $record_id Soil record ID
+ * @param float $rand_id Random ID for verification
+ * @return string HTML output for the program row
+ */
+function soilProgramCalcs($symbol, $element, $min, $max, $nutrient, $type, $record_id, $rand_id) {
+    try {
+        $pdo = getDBConnection();
+
+        // Determine which table to use for min/max values
+        if (empty($min)) {
+            $element_min = $element;
+            $dbtable = "soil_specifications.";
+        } else {
+            $element_min = $min;
+            $dbtable = "soil_records.";
+        }
+
+        if (empty($max)) {
+            $element_max = $element;
+            $dbtable = "soil_specifications.";
+        } else {
+            $element_max = $max;
+            $dbtable = "soil_records.";
+        }
+
+        // Prepare and execute query
+        $stmt = $pdo->prepare("
+            SELECT soil_records.{$element},
+                   {$dbtable}{$element_max} AS soilMax,
+                   {$dbtable}{$element_min} AS soilMin
+            FROM soil_records
+            INNER JOIN soil_specifications ON soil_records.soil_type = soil_specifications.soil_type
+            WHERE soil_records.id = ? AND soil_records.rand = ?
+        ");
+
+        $stmt->execute([$record_id, $rand_id]);
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!$row) {
+            return "<div class='row'>
+                <div class='col-1 border-bottom border-left'>1</div>
+                <div class='col border-bottom border-left'>{$nutrient}</div>
+                <div class='col border-bottom border-left'>@</div>
+                <div class='col border-bottom border-left'>N/A</div>
+                <div class='col border-bottom border-left'>kg/Ha</div>
+            </div>";
+        }
+
+        $value = (float) $row[$element];
+        $max_val = (float) $row['soilMax'];
+
+        $measurement = empty($type) ? "" : $type;
+        $value_p = floatval($value);
+
+        // Calculate recommended amount (uses max instead of median like soilAnalysisReportCalcs)
+        $recommended = $max_val - $value_p;
+
+        // Convert acres to hectares (kg/Ac to kg/ha)
+        $acHa = 2.4710559990832394739; // Acres to Hectares
+        $value_converted = ($recommended * $acHa);
+
+        // Show 0 if value is negative, otherwise round to 2 decimal places
+        if ($value_converted < 0) {
+            $value_converted = 0;
+        } else {
+            $value_converted = round($value_converted, 2);
+        }
+
+        $result = $value_converted . " " . $measurement;
+
+        // Return HTML table row
+        return "<div class='row'>
+            <div class='col-1 border-bottom border-left'>1</div>
+            <div class='col border-bottom border-left'>{$nutrient}</div>
+            <div class='col border-bottom border-left'>@</div>
+            <div class='col border-bottom border-left'>{$result}</div>
+            <div class='col border-bottom border-left'>kg/Ha</div>
+        </div>";
+
+    } catch (PDOException $e) {
+        error_log("Database error in soilProgramCalcs: " . $e->getMessage());
+    }
+}
+
+/**
+ * Calculate and display soil analysis report for a specific element
+ *
+ * @param string $symbol Element symbol (e.g., 'Ca', 'Mg', 'K')
+ * @param string $element Database column name for the element
+ * @param string $min Min value column (empty string uses element column)
+ * @param string $max Max value column (empty string uses element column)
+ * @param string $nutrient Full nutrient name
+ * @param string $type Measurement type (e.g., 'kg', 'ppm', '%')
+ * @param string $class CSS class for styling
+ * @param int $record_id Soil record ID
+ * @param float $rand_id Random ID for verification
+ * @return string HTML output for the analysis row
+ */
+function soilAnalysisReportCalcs($symbol, $element, $min, $max, $nutrient, $type, $class, $record_id, $rand_id) {
+    try {
+        $pdo = getDBConnection();
+
+        // Determine which table to use for min/max values
+        if (empty($min)) {
+            $element_min = $element;
+            $dbtable_min = "soil_specifications.";
+        } else {
+            $element_min = $min;
+            $dbtable_min = "soil_records.";
+        }
+
+        if (empty($max)) {
+            $element_max = $element;
+            $dbtable_max = "soil_specifications.";
+        } else {
+            $element_max = $max;
+            $dbtable_max = "soil_records.";
+        }
+
+        // Prepare and execute query
+        $stmt = $pdo->prepare("
+            SELECT soil_records.{$element},
+                   {$dbtable_min}{$element_min} AS soilMin,
+                   {$dbtable_max}{$element_max} AS soilMax
+            FROM soil_records
+            INNER JOIN soil_specifications ON soil_records.soil_type = soil_specifications.soil_type
+            WHERE soil_records.id = ? AND soil_records.rand = ?
+        ");
+
+        $stmt->execute([$record_id, $rand_id]);
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!$row) {
+            return "<div class='{$class}'>{$nutrient}: N/A</div>";
+        }
+
+        $value = (float) $row[$element];
+        $min_val = (float) $row['soilMin'];
+        $max_val = (float) $row['soilMax'];
+
+        $measurement = empty($type) ? "" : $type;
+        $value_p = floatval($value);
+
+        // Calculate recommended amount (median between min and max)
+        $recommended = ($min_val + $max_val) / 2;
+
+        // Convert acres to hectares (kg/Ac to kg/ha)
+        $acHa = 2.4710559990832394739; // Acres to Hectares
+        $value_converted = ($recommended - $value_p) * $acHa;
+
+        // Show 0 if value is negative, otherwise round to 2 decimal places
+        if ($value_converted < 0) {
+            $value_converted = 0;
+        } else {
+            $value_converted = round($value_converted, 2);
+        }
+
+        $result = $value_converted . " " . $measurement;
+
+        // Return HTML div
+        return "<div class='{$class}'>{$nutrient}: {$result}</div>";
+
+    } catch (PDOException $e) {
+        error_log("Database error in soilAnalysisReportCalcs: " . $e->getMessage());
+        return "<div class='{$class}'>{$nutrient}: Error</div>";
+    }
+}
+?>

lib/validation.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * lib/validation.php
+ *
+ * Input validation helper functions.
+ */
+
+/**
+ * Sanitize string input
+ */
+function sanitizeString(?string $value, int $maxLength = 255): string
+{
+    if ($value === null) return '';
+    $sanitized = trim($value);
+    $sanitized = filter_var($sanitized, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+    return substr($sanitized, 0, $maxLength);
+}
+
+/**
+ * Validate numeric input
+ */
+function validateNumeric(?string $value, float $min = null, float $max = null): ?float
+{
+    if ($value === '' || $value === null) return null;
+
+    $numeric = filter_var($value, FILTER_VALIDATE_FLOAT);
+    if ($numeric === false) {
+        throw new ValidationException('Invalid numeric value: ' . $value);
+    }
+
+    if ($min !== null && $numeric < $min) {
+        throw new ValidationException('Value below minimum: ' . $numeric);
+    }
+
+    if ($max !== null && $numeric > $max) {
+        throw new ValidationException('Value above maximum: ' . $numeric);
+    }
+
+    return $numeric;
+}
+
+/**
+ * Custom exception for validation errors
+ */
+class ValidationException extends Exception {}
+?>