<?php
/**********************************************************************
Copyright (C) FrontAccounting, LLC.
- Released under the terms of the GNU Affero General Public License,
- AGPL, as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 4;
-$path_to_root="..";
+$page_security = 'SA_PURCHASEPRICING';
+$path_to_root = "..";
include_once($path_to_root . "/includes/session.inc");
page(_("Supplier Purchasing Data"));
check_db_has_suppliers(_("There are no suppliers defined in the system."));
//----------------------------------------------------------------------------------------
-if ($ret = context_restore()) {
- if(isset($ret['supplier_id']))
- $_POST['supplier_id'] = $ret['supplier_id'];
-}
-if (isset($_POST['_supplier_id_editor'])) {
- context_call($path_to_root.'/purchasing/manage/suppliers.php?supplier_id='.$_POST['supplier_id'],
- array( 'supplier_id', 'stock_id','_stock_id_edit', 'price',
- 'suppliers_uom', 'supplier_description','conversion_factor'));
-}
simple_page_mode(true);
+
//--------------------------------------------------------------------------------------------------
if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
conversion_factor, supplier_description) VALUES (";
- $sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
- input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
- input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+ $sql .= db_escape($_POST['supplier_id']).", ".db_escape($_POST['stock_id']). ", "
+ .input_num('price',0) . ", ".db_escape( $_POST['suppliers_uom'] ). ", "
+ .input_num('conversion_factor') . ", "
+ .db_escape($_POST['supplier_description']) . ")";
db_query($sql,"The supplier purchasing details could not be added");
display_notification(_("This supplier purchasing data has been added."));
} else
{
- $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
- suppliers_uom='" . $_POST['suppliers_uom'] . "',
+ $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
+ suppliers_uom=".db_escape($_POST['suppliers_uom']) . ",
conversion_factor=" . input_num('conversion_factor') . ",
- supplier_description='" . $_POST['supplier_description'] . "'
- WHERE stock_id='" . $_POST['stock_id'] . "' AND
- supplier_id='$selected_id'";
+ supplier_description=" . db_escape($_POST['supplier_description']) . "
+ WHERE stock_id=".db_escape($_POST['stock_id']) . " AND
+ supplier_id=".db_escape($selected_id);
db_query($sql,"The supplier purchasing details could not be updated");
display_notification(_("Supplier purchasing data has been updated."));
if ($Mode == 'Delete')
{
- $sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id='$selected_id'
- AND stock_id='" . $_POST['stock_id'] . "'";
+ $sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id=".db_escape($selected_id)."
+ AND stock_id=".db_escape($_POST['stock_id']);
db_query($sql,"could not delete purchasing data");
display_notification(_("The purchasing data item has been sucessfully deleted."));
$Ajax->activate('price_table');
//--------------------------------------------------------------------------------------------------
-start_form(false, true);
+start_form();
if (!isset($_POST['stock_id']))
$_POST['stock_id'] = get_global_stock_item();
else
{
- $sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name,".TB_PREF."suppliers.curr_code
+ $sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name,"
+ .TB_PREF."suppliers.curr_code
FROM ".TB_PREF."purch_data INNER JOIN ".TB_PREF."suppliers
ON ".TB_PREF."purch_data.supplier_id=".TB_PREF."suppliers.supplier_id
- WHERE stock_id = '" . $_POST['stock_id'] . "'";
+ WHERE stock_id = ".db_escape($_POST['stock_id']);
$result = db_query($sql, "The supplier purchasing details for the selected part could not be retrieved");
div_start('price_table');
}
else
{
- start_table("$table_style width=60%");
+ start_table("$table_style width=65%");
$th = array(_("Supplier"), _("Price"), _("Currency"),
- _("Supplier's Unit"), _("Supplier's Description"), "", "");
+ _("Supplier's Unit"), _("Conversion Factor"), _("Supplier's Description"), "", "");
table_header($th);
alt_table_row_color($k);
label_cell($myrow["supp_name"]);
- amount_cell($myrow["price"]);
+ amount_decimal_cell($myrow["price"]);
label_cell($myrow["curr_code"]);
label_cell($myrow["suppliers_uom"]);
+ qty_cell($myrow['conversion_factor'], false, user_exrate_dec());
label_cell($myrow["supplier_description"]);
edit_button_cell("Edit".$myrow['supplier_id'], _("Edit"));
delete_button_cell("Delete".$myrow['supplier_id'], _("Delete"));
//-----------------------------------------------------------------------------------------------
+$dec2 = 6;
if ($Mode =='Edit')
{
$sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name FROM ".TB_PREF."purch_data
INNER JOIN ".TB_PREF."suppliers ON ".TB_PREF."purch_data.supplier_id=".TB_PREF."suppliers.supplier_id
- WHERE ".TB_PREF."purch_data.supplier_id='$selected_id'
- AND ".TB_PREF."purch_data.stock_id='" . $_POST['stock_id'] . "'";
+ WHERE ".TB_PREF."purch_data.supplier_id=".db_escape($selected_id)."
+ AND ".TB_PREF."purch_data.stock_id=".db_escape($_POST['stock_id']);
$result = db_query($sql, "The supplier purchasing details for the selected supplier and item could not be retrieved");
$myrow = db_fetch($result);
$supp_name = $myrow["supp_name"];
- $_POST['price'] = price_format($myrow["price"]);
+ $_POST['price'] = price_decimal_format($myrow["price"], $dec2);
$_POST['suppliers_uom'] = $myrow["suppliers_uom"];
$_POST['supplier_description'] = $myrow["supplier_description"];
$_POST['conversion_factor'] = exrate_format($myrow["conversion_factor"]);
}
-echo "<br>";
+br();
hidden('selected_id', $selected_id);
start_table($table_style2);
else
{
supplier_list_row(_("Supplier:"), 'supplier_id', null, false, true);
+ $_POST['price'] = $_POST['suppliers_uom'] = $_POST['conversion_factor'] = $_POST['supplier_description'] = "";
}
-amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id));
+amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id), $dec2);
text_row(_("Suppliers Unit of Measure:"), 'suppliers_uom', null, 50, 51);
if (!isset($_POST['conversion_factor']) || $_POST['conversion_factor'] == "")
end_table(1);
-submit_add_or_update_center($selected_id == -1, '', true);
+submit_add_or_update_center($selected_id == -1, '', 'both');
end_form();
end_page();