Deprixa Pro — PHP Courier & Logistics Platform | Shipping, Tracking, WhatsApp API

Revolutionize your courier and logistics business with DEPRIXA PRO! Streamline your operations, save time and resources, and elevate your business to the next level with our powerful tool. Automate processes, track shipments in real-time, and ensure maximum security at every stage of the logistics chain. Customizable, intuitive, and easy to use, Deprixa Pro is the smart choice for businesses of all sizes. Don’t settle for outdated systems—get Deprixa Pro now and transform your business. The future starts today!

Payment Gateways

In this new module, you’ll find the most popular payment APIs such as STRIPE, PAYPAL, and PAYSTACK, allowing seamless transactions from the online shopping module. Whenever you purchase an item on platforms like eBay, Amazon, or other stores, you can pre-alert and then pay for your shipments with credit cards.

Requirements

• PHP 8.4 (Recommended)
• MySQL 8.x
• PDO PHP Extension
• Curl PHP Extension
• Openssl PHP Extension
• ION CUBE LOADER Extension

Need Assistance?

Please note that response times may be up to 2 business days.

v8.5.2 – Apr-03-[2026] Security · UI · Bug Fixes

NEW ADDED:
-Public Shipping Rate Calculator (cotizar.php): New standalone public page — no login required. Cascading dropdowns for origin/destination country → state → city. Shipping service selector, weight input, volumetric dimensions (L × W × H), real-time chargeable weight calculation (real vs volumetric), and instant rate from the tariff table. Result panel shows total, rate/lb, chargeable weight, service name, and currency symbol.
-Auto-Notification System (helpers/auto_notify.php): New cdp_autoNotifyShipmentStatus() function automatically sends Email / WhatsApp / SMS notifications when a shipment tracking status is updated. Each channel is wrapped in an independent try/catch. Integrated into add_courier_tracking.php and courier_update_multiple_ajax.php.
-CSRF Global Protection: csrf_init.js now uses $(document).ajaxSend() to inject X-CSRF-TOKEN header on every jQuery POST — including calls that define their own beforeSend. ajax_guard.php added to loader.php so csrf_token() is available on all panel pages and the CSRF meta tag renders correctly.
UI REDESIGNS:
-login.php: Fully rewritten with Bootstrap 5.2.1 (local assets) + Bootstrap Icons. Two-column layout: form panel left, hero gradient right. Quick-access buttons for “Get a Quote” and “Track Shipment”. No CDN dependencies.
-views/auth/sign-up.php: Redesigned with Bootstrap 5. Sectioned form (Personal Information, Contact, Address, Account Credentials) with Bootstrap Icons. Consistent with the login visual style. Select2, intlTelInput, and SweetAlert2 preserved.
-views/auth/forgot-password.php: Redesigned with Bootstrap 5 matching the login/signup visual language. Shield-lock badge, envelope input, gradient send button, and hero right panel.
-views/tracking.php (search page): Full redesign — consistent navbar, gradient hero, floating search card with visual toggle (Shipment / Online Shopping), feature pills.
-views/track.php (result page): Full redesign — Status Hero banner with colored badge, 4-step visual progress stepper (auto-detects current step from status name), route strip origin → destination, Sender and Recipient cards, info grids with Bootstrap Icons, sticky vertical timeline with colored dots per event, and file attachments table.
FIXED:
-Batch CSRF injection residue — ?>?> (98 files): Previous automation script appended a stray ?> to JSON AJAX responses, corrupting JSON and causing jQuery to fire the error callback on every Settings and tools module. Fixed by removing duplicate closing tags.
-Batch CSRF injection residue — (28 files): Duplicate closing brace pattern left in dashboard AJAX files caused PHP “Unmatched }” fatal error on the Dashboard page.
-Batch CSRF injection residue — \$lang literal backslash in left_sidebar.php: PHP Parse error on line 205 caused the panel loader to fail (infinite spinner on login).
-ajax/public_quote_ajax.php — Fatal error on submit: Missing require_once(‘helpers/querys.php’) caused “Call to undefined function cdp_getSettingsCourier()”. Calculator returned “Server error” on every request.
-ajax/public_quote_ajax.php — No tariff found for existing routes: Tariff lookup incorrectly filtered by client_id = 0 OR client_id IS NULL, excluding tariffs assigned to specific clients. Filter removed; ORDER BY now prioritizes generic tariffs (client_id=0) over client-specific ones.
-views/print/print_inv_ship.php — Wrong invoice total: The print view recalculated the total from value_weight (base tariff per lb) instead of reading total_order (the stored calculated total), showing ~6 instead of the real value.
-Notification badge persistent unread count: load_notifications.php for Admin (userlevel=9) had no user_id filter, counting unread notifications from all users. Fixed: badge always filtered by user_id = $_SESSION[‘userid’]. 90+ orphan rows with user_id=0 are now cleared when admin clicks “Mark all read”.
-XSS escaping: Applied h() / htmlspecialchars() to all DB-sourced echo values in courier_view.php, courier_edit.php, courier_accept.php, courier_add.php, customers_edit.php, and AJAX list files.
-SQL injection hardening (Reports module): Date range parameters in ajax/reports/*.php (27 files) migrated from string concatenation to PDO named parameters. Row ID concatenations replaced with intval() casts.
IMPORTANT NOTES:
-Bootstrap 5.2.1 local assets are now used for all public-facing pages (login, sign-up, forgot-password, tracking, cotizar). No CDN dependencies on these pages.
-The loader.php now unconditionally includes helpers/ajax_guard.php — this makes csrf_token() and require_csrf() available on every panel page. No additional changes needed in individual views.