# CLAUDE.md ## Project Overview Crop Management Platform (CMS -> PHP migration) - Purpose: Centralize records for irrigation, weather, and soil moisture; supports real-time monitoring for Australian conditions. - Current stack: PHP 8.4, MySQL; originally built on modX CMS (template tags and resource IDs present). - Repository root: `f:\GIT_REPO\crop_monitor` ## Identified Modules & Paths - Front controllers: `index.php`, `post.php`, `newClientDetails.php` - API: `api/api.php`, `api/Rest.inc.php`, `api/updateweatherstation.php` - Dashboard UI: `dashboard/*.php`, in particular `dashboard/crop-analysis/*` for soil analysis reports - Login management: `login/*.php` - Static assets: `client-assets/`, `books/`, `uploads/`, etc. ## Database and Security Notes - Database connection uses `mysqli_connect` with hard-coded credentials in multiple files (e.g., `soil-analysis-pdf.php`). - Input parameters used from `$_GET` not sanitized/validated before SQL, exposing SQL injection risk. - Existing user auth and sessions likely in `login` and `dashboard` modules; verify consistent session controls. ## modX remnants to refactor - Template markers like `[[*longtitle]]`, `[[++site_name]]`, `[[!++site_url]]` need replacement with PHP-based logic. - Resource URL helpers such as `[[~41~]]` from modX should resolve to real PHP route URLs in migrated implementation. - Includes like `[[!Profile]]` are modX snippets; replace with traditional include/require and controller logic. ## Immediate Actions (High Priority) 1. Inventory all modX markers across `.php` files (grep for `\[\[.*\]\]`) and catalog them. 2. Implement configuration layer for DB credentials, environment-based. 3. Replace direct `mysqli_*` calls with PDO (prepared statements) for security and maintainability. 4. Build PHP routing (`index.php` + `GET`/`POST` handling) and template system (Twig/Blade/manual) for consistent page output. 5. Migrate each page one-by-one preserving functionality: login, dashboard, soil analysis, reports. ## File-specific findings (example in `dashboard/crop-analysis/soil-analysis-pdf.php`) - Uses `$_GET` keys `cid`, `rid`, `rand`, `stid` and query, but no sanitization. - Performs `SELECT * FROM soil_records WHERE id = '$record_id' AND rand = '$rand_id'`. - Uses a modX resource reference mechanism for flow buttons; in pure PHP, build URLs manually. - Styles and assets loaded via `` tags; safe to reuse. ## Migration strategy recommendations - Step 1: Set up a global config `config.php` with database credentials and site constants. - Step 2: Create `lib/db.php` for database operations (PDO). Add `catch` error logging. - Step 3: Add `lib/helper.php` for URL generation, escaping, and date formatting. - Step 4: Create test data and verify with `phpunit` (?) if tests added later. ## Next file audits planned - `dashboard/crop-analysis/soil-analysis.php` - `dashboard/crop-analysis/soil-report.php`, `soil-report-pdf.php` - `login/login.php`, `login/register.php`, `login/change-password.php` - `api/api.php` and REST API endpoints ## Questions for you - Do you prefer retaining the current page structure (`dashboard/crop-analysis/*`) or migrating to a MVC-style folder layout? - Are we required to keep URL slugs like existing modX IDs (e.g., page 41, 66, 37) for compatibility with external links? - Do you have existing MySQL schema docs or dumps to validate field mappings? --- *Generated on 2026-03-27*