diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..49ce3c1
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1 @@
+/vendor
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 4c49bd7..c175506 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 .env
+/vendor
+.env
+!sample.env
\ No newline at end of file
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..01f5aeb
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,6 @@
+{
+    "require-dev": {
+        "squizlabs/php_codesniffer": "^3.13",
+        "phpcompatibility/php-compatibility": "^9.3"
+    }
+}
diff --git a/composer.lock b/composer.lock
new file mode 100644
index 0000000..6b96b3d
--- /dev/null
+++ b/composer.lock
@@ -0,0 +1,165 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "f03d8dad71a57fab074127fb70cae2df",
+    "packages": [],
+    "packages-dev": [
+        {
+            "name": "phpcompatibility/php-compatibility",
+            "version": "9.3.5",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/PHPCompatibility/PHPCompatibility.git",
+                "reference": "9fb324479acf6f39452e0655d2429cc0d3914243"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/PHPCompatibility/PHPCompatibility/zipball/9fb324479acf6f39452e0655d2429cc0d3914243",
+                "reference": "9fb324479acf6f39452e0655d2429cc0d3914243",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3",
+                "squizlabs/php_codesniffer": "^2.3 || ^3.0.2"
+            },
+            "conflict": {
+                "squizlabs/php_codesniffer": "2.6.2"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "~4.5 || ^5.0 || ^6.0 || ^7.0"
+            },
+            "suggest": {
+                "dealerdirect/phpcodesniffer-composer-installer": "^0.5 || This Composer plugin will sort out the PHPCS 'installed_paths' automatically.",
+                "roave/security-advisories": "dev-master || Helps prevent installing dependencies with known security issues."
+            },
+            "type": "phpcodesniffer-standard",
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPL-3.0-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "Wim Godden",
+                    "homepage": "https://github.com/wimg",
+                    "role": "lead"
+                },
+                {
+                    "name": "Juliette Reinders Folmer",
+                    "homepage": "https://github.com/jrfnl",
+                    "role": "lead"
+                },
+                {
+                    "name": "Contributors",
+                    "homepage": "https://github.com/PHPCompatibility/PHPCompatibility/graphs/contributors"
+                }
+            ],
+            "description": "A set of sniffs for PHP_CodeSniffer that checks for PHP cross-version compatibility.",
+            "homepage": "http://techblog.wimgodden.be/tag/codesniffer/",
+            "keywords": [
+                "compatibility",
+                "phpcs",
+                "standards"
+            ],
+            "support": {
+                "issues": "https://github.com/PHPCompatibility/PHPCompatibility/issues",
+                "source": "https://github.com/PHPCompatibility/PHPCompatibility"
+            },
+            "time": "2019-12-27T09:44:58+00:00"
+        },
+        {
+            "name": "squizlabs/php_codesniffer",
+            "version": "3.13.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
+                "reference": "5b5e3821314f947dd040c70f7992a64eac89025c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/5b5e3821314f947dd040c70f7992a64eac89025c",
+                "reference": "5b5e3821314f947dd040c70f7992a64eac89025c",
+                "shasum": ""
+            },
+            "require": {
+                "ext-simplexml": "*",
+                "ext-tokenizer": "*",
+                "ext-xmlwriter": "*",
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.3.4"
+            },
+            "bin": [
+                "bin/phpcbf",
+                "bin/phpcs"
+            ],
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "3.x-dev"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Greg Sherwood",
+                    "role": "Former lead"
+                },
+                {
+                    "name": "Juliette Reinders Folmer",
+                    "role": "Current lead"
+                },
+                {
+                    "name": "Contributors",
+                    "homepage": "https://github.com/PHPCSStandards/PHP_CodeSniffer/graphs/contributors"
+                }
+            ],
+            "description": "PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.",
+            "homepage": "https://github.com/PHPCSStandards/PHP_CodeSniffer",
+            "keywords": [
+                "phpcs",
+                "standards",
+                "static analysis"
+            ],
+            "support": {
+                "issues": "https://github.com/PHPCSStandards/PHP_CodeSniffer/issues",
+                "security": "https://github.com/PHPCSStandards/PHP_CodeSniffer/security/policy",
+                "source": "https://github.com/PHPCSStandards/PHP_CodeSniffer",
+                "wiki": "https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/PHPCSStandards",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/jrfnl",
+                    "type": "github"
+                },
+                {
+                    "url": "https://opencollective.com/php_codesniffer",
+                    "type": "open_collective"
+                },
+                {
+                    "url": "https://thanks.dev/u/gh/phpcsstandards",
+                    "type": "thanks_dev"
+                }
+            ],
+            "time": "2025-06-17T22:17:01+00:00"
+        }
+    ],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": [],
+    "platform-dev": [],
+    "plugin-api-version": "2.6.0"
+}
diff --git a/config.php b/config.php
new file mode 100644
index 0000000..4cba731
--- /dev/null
+++ b/config.php
@@ -0,0 +1,86 @@
+<?php
+/*
+ |--------------------------------------------------------------
+ | Application Configuration
+ |--------------------------------------------------------------
+ | This file is intended to be committed to the repository. 
+ | Sensitive values are read from environment variables (set via Docker, .env, or 
+ | server configuration). 
+ | If an environment variable is missing, a default value is used instead.
+ |
+ | Update environment variables rather than editing this file
+ | whenever possible.
+ */
+
+// Helper to fetch env var with optional fallback
+function env_or_default(string $key, $default = '') {
+    $val = getenv($key);
+    return $val === false ? $default : $val;
+}
+
+// -----------------------------------------------------------------------------
+// Core constants (populate from ENV with fallback)
+// -----------------------------------------------------------------------------
+
+define('DEBUG', filter_var(env_or_default('DEBUG', 'false'), FILTER_VALIDATE_BOOLEAN));
+
+define('SUMASERVER_URL', env_or_default('SUMASERVER_URL', ''));
+
+define('SUMA_REPORTS_URL', env_or_default('SUMA_REPORTS_URL', ''));
+
+define('MYSQL_HOST', env_or_default('MYSQL_HOST', 'localhost'));
+
+define('MYSQL_DATABASE', env_or_default('MYSQL_DATABASE', 'suma'));
+
+define('MYSQL_USER', env_or_default('MYSQL_USER', 'suma_user'));
+
+define('MYSQL_PASSWORD', env_or_default('MYSQL_PASSWORD', 'suma_pass'));
+
+// -----------------------------------------------------------------------------
+// UI settings (leave these as-is or override via ENV if desired)
+// -----------------------------------------------------------------------------
+
+// Available JQuery UI themes: cupertino, flick, hot-sneaks, humanity, overcast,
+// pepper-grinder, redmond, smoothness, south-street, start, sunny, ui-lightness
+$ui_theme = env_or_default('UI_THEME', 'pepper-grinder');
+
+$default_init      = env_or_default('DEFAULT_INIT', '');
+$entries_per_page  = intval(env_or_default('ENTRIES_PER_PAGE', 100));
+
+// If true, the datepicker will not allow future dates
+$prevent_datepicker_future = filter_var(env_or_default('PREVENT_DATEPICKER_FUTURE', 'true'), FILTER_VALIDATE_BOOLEAN);
+
+/*
+ | If an initiative usually only has one count per hour, include it in the array
+ | below (by ID) to allow searching for hours with multiple entries.
+ | Example: $one_per_hour_inits = array(1,4);
+ */
+$one_per_hour_inits = array();
+
+/*
+  You can use Suma Session Manager to adjust the time of previously-entered
+  sessions. The following array controls what options you are given for 
+  adjusting the time. You may add, delete or comment-out lines as you wish.
+  
+  The array values (e.g. "subtime 04:00:00" are given as arguments sent to
+  MySQL and are formatted to give a MySQL command. The amount of time to be
+  changed is given in HH:MM:SS format. 
+  
+  Time-adjustment shortcuts for the Suma Session Manager UI.
+  Keys are the display labels and values are the MySQL time commands.
+ */
+$adjust_time_options = array(
+    '-4 hrs'  => 'subtime 04:00:00',
+    '-3 hrs'  => 'subtime 03:00:00',
+    '-2 hrs'  => 'subtime 02:00:00',
+    '-60 min' => 'subtime 01:00:00',
+    '-30 min' => 'subtime 00:30:00',
+    '-15 min' => 'subtime 00:15:00',
+    '-10 min' => 'subtime 00:10:00',
+    '-5 min'  => 'subtime 00:05:00',
+    '+5 min'  => 'addtime 00:05:00',
+    '+10 min' => 'addtime 00:10:00',
+    '+15 min' => 'addtime 00:15:00',
+    '+30 min' => 'addtime 00:30:00',
+    '+60 min' => 'addtime 01:00:00',
+);
diff --git a/index.php b/index.php
index 67aaf9d..305f09c 100644
--- a/index.php
+++ b/index.php
@@ -5,11 +5,10 @@
 include ("scripts.php");
 
 if (DEBUG === true) {
-  error_reporting(E_WARN);
-  ini_set("display_errors", true);
-
+    error_reporting(E_WARNING);
+    ini_set("display_errors", true);
     var_dump($_REQUEST);
-        print "<p></p>".PHP_EOL;
+    print "<p></p>".PHP_EOL;
 }
 
 if (isset($_REQUEST['set_init'])) {
@@ -99,6 +98,10 @@
 
 $offset = (isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0);
 
+// Initialize optional query helpers to prevent undefined-variable notices
+$and_where = null;
+$hour_focus = isset($_REQUEST['hour_focus']) ? $_REQUEST['hour_focus'] : "";
+
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == "move_session") {
     MoveSession($_REQUEST['session_id'], $_REQUEST['transaction_id'], $_REQUEST['time_shift']);
     print '<hr>';
@@ -107,7 +110,7 @@
     DeleteUndelete("delete",$_REQUEST['session_id']);
     print '<hr>';
 }
-elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == "undelete_session") {
+if (isset($_REQUEST['action']) && $_REQUEST['action'] == "undelete_session") {
     DeleteUndelete("undelete",$_REQUEST['session_id']);
     print '<hr>';
 }
diff --git a/sample.env b/sample.env
new file mode 100644
index 0000000..678e186
--- /dev/null
+++ b/sample.env
@@ -0,0 +1,26 @@
+# ------------------------------------------------------------------------------
+# Sample environment file for Suma Session Manager
+# ------------------------------------------------------------------------------
+# Duplicate this file to ".env" and adjust values as needed before running
+# `docker compose up` so Docker can inject these into the containers.
+# ------------------------------------------------------------------------------
+
+# -------------------- Application settings ------------------------------------
+DEBUG=false
+
+# Base URLs (no trailing slash)
+SUMASERVER_URL=
+SUMA_REPORTS_URL=
+
+# UI configuration
+UI_THEME=pepper-grinder
+DEFAULT_INIT=
+ENTRIES_PER_PAGE=100
+PREVENT_DATEPICKER_FUTURE=true
+
+# -------------------- Database settings ---------------------------------------
+MYSQL_HOST=db
+MYSQL_DATABASE=suma
+MYSQL_USER=suma_user
+MYSQL_PASSWORD=
+MYSQL_ROOT_PASSWORD=
diff --git a/scripts.php b/scripts.php
index 1403451..02b2ba3 100644
--- a/scripts.php
+++ b/scripts.php
@@ -1,8 +1,19 @@
 <?php
-function ConnectPDO () {
-    $db = new PDO('mysql:host='.MYSQL_HOST.';port='.MYSQL_PORT.';dbname='.MYSQL_DATABASE.';charset=utf8', MYSQL_USER, MYSQL_PASSWORD);
-    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-    return $db;
+function ConnectPDO () : PDO {
+    // Build DSN using configuration constants defined in config.php
+    $dsn = 'mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DATABASE . ';charset=utf8mb4';
+
+    try {
+        $db = new PDO($dsn, MYSQL_USER, MYSQL_PASSWORD, [
+            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]);
+        return $db;
+    } catch (PDOException $e) {
+        // Reuse existing helper for consistent error display/logging
+        HandleExceptionPDO($e);
+        throw $e; // re-throw so callers can handle if needed
+    }
 }
 function HandleExceptionPDO($e) {
     print '<div class="alert">'.PHP_EOL;
@@ -11,7 +22,7 @@ function HandleExceptionPDO($e) {
     print '</div>'.PHP_EOL;
 }
 
-function ShowEntries ($init, $offset=0, $entries_per_page=60, $and_where="", $hour_focus="") {
+function ShowEntries ($init, $offset=0, $entries_per_page=60, $and_where = null, $hour_focus="") { 
 
     if (is_object($and_where)) {
         $and_where_string = $and_where->AndWhereString();
@@ -123,7 +134,7 @@ function HiddenFieldsForDateSearch() { //used by ShowEntries
 }
 
 function MoveSession($session_id, $transaction_id, $time_shift) {
-    list($action, $hms) = split(" ", $time_shift);
+    list($action, $hms) = preg_split(" ", $time_shift);
     try {
         $db = ConnectPDO();
         
@@ -229,7 +240,7 @@ function SelectInitiative($default_init) {
 return ($select);
 } //end if good response
 else {
-return '<div class="alert"><h3>Unable to connect to Suma Server</h3><p>Unable to connect to the Suma Server using the url defined as <strong>$sumaserver_url = '.$sumaserver_url.'</strong> in the <strong>config.php</strong> file. Please check this url.</p> <p>A useful test of correctness is this: if you can add <strong>/clientinit</strong> to the url, you should get a list of your suma initiatives, e.g. <a href="'.$url.'">'.$url.'</a>.' . PHP_EOL;
+return '<div class="alert"><h3>Unable to connect to Suma Server</h3><p>Unable to connect to the Suma Server using the url defined as <strong>$sumaserver_url = '.SUMASERVER_URL.'</strong> in the <strong>config.php</strong> file. Please check this url.</p> <p>A useful test of correctness is this: if you can add <strong>/clientinit</strong> to the url, you should get a list of your suma initiatives, e.g. <a href="'.$url.'">'.$url.'</a>.' . PHP_EOL;
 } //end if unable to reach sumaserver
 } //end function SelectInitiative
 
diff --git a/version.php b/version.php
index a5ae057..2efc4ab 100644
--- a/version.php
+++ b/version.php
@@ -1,3 +1,3 @@
 <?php
-$sessionmanager_version = "0.2.3";
+$sessionmanager_version = "0.3.0";
 ?>
\ No newline at end of file