MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 11;
-$path_to_root="../..";
+$page_security = 'SA_INVENTORYLOCATION';
+$path_to_root = "../..";
include($path_to_root . "/includes/session.inc");
page(_("Inventory Locations"));
//first off validate inputs sensible
$_POST['loc_code'] = strtoupper($_POST['loc_code']);
- if (strlen($_POST['loc_code']) > 5)
+ if (strlen(db_escape($_POST['loc_code'])) > 7) //check length after conversion
{
$input_error = 1;
- display_error( _("The location code must be five characters or less long."));
+ display_error( _("The location code must be five characters or less long (including converted special chars)."));
set_focus('loc_code');
}
elseif (strlen($_POST['location_name']) == 0)
{
update_item_location($selected_id, $_POST['location_name'], $_POST['delivery_address'],
- $_POST['phone'], $_POST['fax'], $_POST['email'], $_POST['contact']);
+ $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact']);
display_notification(_('Selected location has been updated'));
}
else
/*selected_id is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Location form */
add_item_location($_POST['loc_code'], $_POST['location_name'], $_POST['delivery_address'],
- $_POST['phone'], $_POST['fax'], $_POST['email'], $_POST['contact']);
+ $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact']);
display_notification(_('New location has been added'));
}
function can_delete($selected_id)
{
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_moves WHERE loc_code='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."stock_moves WHERE loc_code=".db_escape($selected_id);
$result = db_query($sql, "could not query stock moves");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
return false;
}
- $sql= "SELECT COUNT(*) FROM ".TB_PREF."workorders WHERE loc_code='$selected_id'";
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."workorders WHERE loc_code=".db_escape($selected_id);
$result = db_query($sql, "could not query work orders");
$myrow = db_fetch_row($result);
if ($myrow[0] > 0)
return false;
}
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."bom WHERE loc_code=".db_escape($selected_id);
+ $result = db_query($sql, "could not query bom");
+ $myrow = db_fetch_row($result);
+ if ($myrow[0] > 0)
+ {
+ display_error(_("Cannot delete this location because it is used by some related records in other tables."));
+ return false;
+ }
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."grn_batch WHERE loc_code=".db_escape($selected_id);
+ $result = db_query($sql, "could not query grn batch");
+ $myrow = db_fetch_row($result);
+ if ($myrow[0] > 0)
+ {
+ display_error(_("Cannot delete this location because it is used by some related records in other tables."));
+ return false;
+ }
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."purch_orders WHERE into_stock_location=".db_escape($selected_id);
+ $result = db_query($sql, "could not query purch orders");
+ $myrow = db_fetch_row($result);
+ if ($myrow[0] > 0)
+ {
+ display_error(_("Cannot delete this location because it is used by some related records in other tables."));
+ return false;
+ }
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE from_stk_loc=".db_escape($selected_id);
+ $result = db_query($sql, "could not query sales orders");
+ $myrow = db_fetch_row($result);
+ if ($myrow[0] > 0)
+ {
+ display_error(_("Cannot delete this location because it is used by some related records in other tables."));
+ return false;
+ }
+ $sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_pos WHERE pos_location=".db_escape($selected_id);
+ $result = db_query($sql, "could not query sales pos");
+ $myrow = db_fetch_row($result);
+ if ($myrow[0] > 0)
+ {
+ display_error(_("Cannot delete this location because it is used by some related records in other tables."));
+ return false;
+ }
return true;
}
$result = db_query($sql, "could not query locations");;
start_form();
-start_table("$table_style width=30%");
-$th = array(_("Location Code"), _("Location Name"), _("Address"), _("Phone"), "", "");
+start_table($table_style);
+$th = array(_("Location Code"), _("Location Name"), _("Address"), _("Phone"), _("Secondary Phone"), "", "");
inactive_control_column($th);
table_header($th);
$k = 0; //row colour counter
label_cell($myrow["location_name"]);
label_cell($myrow["delivery_address"]);
label_cell($myrow["phone"]);
+ label_cell($myrow["phone2"]);
inactive_control_cell($myrow["loc_code"], $myrow["inactive"], 'locations', 'loc_code');
edit_button_cell("Edit".$myrow["loc_code"], _("Edit"));
delete_button_cell("Delete".$myrow["loc_code"], _("Delete"));
$_POST['delivery_address'] = $myrow["delivery_address"];
$_POST['contact'] = $myrow["contact"];
$_POST['phone'] = $myrow["phone"];
+ $_POST['phone2'] = $myrow["phone2"];
$_POST['fax'] = $myrow["fax"];
$_POST['email'] = $myrow["email"];
}
textarea_row(_("Address:"), 'delivery_address', null, 35, 5);
-text_row_ex(_("Telephone No:"), 'phone', 30, 30);
-text_row_ex(_("Facsimile No:"), 'fax', 30, 30);
+text_row_ex(_("Telephone No:"), 'phone', 32, 30);
+text_row_ex(_("Secondary Phone Number:"), 'phone2', 32, 30);
+text_row_ex(_("Facsimile No:"), 'fax', 32, 30);
email_row_ex(_("E-mail:"), 'email', 30);
end_table(1);