Switch to new access levels system

[fa-stable.git] / sales / manage / sales_areas.php
diff --git a/sales/manage/sales_areas.php b/sales/manage/sales_areas.php

index 7aed3e6e04f0203cbc0ee85feedd41f709b9e09f..3fd37dd23c1aed87d1965463e9faf8f18b16ddbf 100644 (file)
--- a/sales/manage/sales_areas.php
+++ b/sales/manage/sales_areas.php
@@ -1,24 +1,25 @@
  <?php
-
-
-$page_security = 3;
-$path_to_root="../..";
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+$page_security = 'SA_SALESAREA';
+$path_to_root = "../..";
  include($path_to_root . "/includes/session.inc");
  
  page(_("Sales Areas"));
  
  include($path_to_root . "/includes/ui.inc");
  
-if (isset($_GET['selected_id']))
-{
-       $selected_id = strtoupper($_GET['selected_id']);
-} 
-elseif (isset($_POST['selected_id']))
-{
-       $selected_id = strtoupper($_POST['selected_id']);
-}
+simple_page_mode(true);
  
-if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM'])) 
+if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
  {
  
         $input_error = 0;
@@ -27,27 +28,29 @@ if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
         {
                 $input_error = 1;
                 display_error(_("The area description cannot be empty."));
+               set_focus('description');
         }
  
         if ($input_error != 1)
         {
-       if (isset($selected_id)) 
+       if ($selected_id != -1) 
         {
-               $sql = "UPDATE ".TB_PREF."areas SET description='" . $_POST['description'] . "' WHERE area_code = '$selected_id'";
+               $sql = "UPDATE ".TB_PREF."areas SET description=".db_escape($_POST['description'])." WHERE area_code = '$selected_id'";
+                       $note = _('Selected sales area has been updated');
         } 
         else 
         {
-    
-               $sql = "INSERT INTO ".TB_PREF."areas (description) VALUES ('" . $_POST['description'] . "')";
+               $sql = "INSERT INTO ".TB_PREF."areas (description) VALUES (".db_escape($_POST['description']) . ")";
+                       $note = _('New sales area has been added');
         }
      
         db_query($sql,"The sales area could not be updated or added");
-       
-               meta_forward($_SERVER['PHP_SELF']);                     
+               display_notification($note);            
+               $Mode = 'RESET';
         }
  } 
  
-if (isset($_GET['delete'])) 
+if ($Mode == 'Delete')
  {
  
         $cancel_delete = 0;
@@ -67,17 +70,31 @@ if (isset($_GET['delete']))
                 $sql="DELETE FROM ".TB_PREF."areas WHERE area_code='" . $selected_id . "'";
                 db_query($sql,"could not delete sales area");
  
-               meta_forward($_SERVER['PHP_SELF']);                     
+               display_notification(_('Selected sales area has been deleted'));
         } //end if Delete area
+       $Mode = 'RESET';
  } 
  
+if ($Mode == 'RESET')
+{
+       $selected_id = -1;
+       $sav = get_post('show_inactive');
+       unset($_POST);
+       $_POST['show_inactive'] = $sav;
+}
+
  //-------------------------------------------------------------------------------------------------
  
  $sql = "SELECT * FROM ".TB_PREF."areas";
+if (!check_value('show_inactive')) $sql .= " WHERE !inactive";
  $result = db_query($sql,"could not get areas");
  
-start_table("$table_style width=40%");
+start_form();
+start_table("$table_style width=30%");
+
  $th = array(_("Area Name"), "", "");
+inactive_control_column($th);
+
  table_header($th);
  $k = 0; 
  
@@ -87,30 +104,33 @@ while ($myrow = db_fetch($result))
         alt_table_row_color($k);
                 
         label_cell($myrow["description"]);
-       edit_link_cell("selected_id=" . $myrow["area_code"]);
-       delete_link_cell("selected_id=" . $myrow["area_code"]. "&delete=1");
+       
+       inactive_control_cell($myrow["area_code"], $myrow["inactive"], 'areas', 'area_code');
+
+       edit_button_cell("Edit".$myrow["area_code"], _("Edit"));
+       delete_button_cell("Delete".$myrow["area_code"], _("Delete"));
         end_row();
  }
-
-
+       
+inactive_control_row($th);
  end_table();
-hyperlink_no_params($_SERVER['PHP_SELF'], _("New Sales Area"));
+echo '<br>';
  
  //-------------------------------------------------------------------------------------------------
  
-start_form();
+start_table($table_style2);
  
-start_table("$table_style2 width=40%");
-
-if (isset($selected_id)) 
+if ($selected_id != -1) 
  {
-       //editing an existing area
-       $sql = "SELECT * FROM ".TB_PREF."areas WHERE area_code='$selected_id'";
+       if ($Mode == 'Edit') {
+               //editing an existing area
+               $sql = "SELECT * FROM ".TB_PREF."areas WHERE area_code='$selected_id'";
  
-       $result = db_query($sql,"could not get area");
-       $myrow = db_fetch($result);
+               $result = db_query($sql,"could not get area");
+               $myrow = db_fetch($result);
  
-       $_POST['description']  = $myrow["description"];
+               $_POST['description']  = $myrow["description"];
+       }
         hidden("selected_id", $selected_id);
  } 
  
@@ -118,7 +138,7 @@ text_row_ex(_("Area Name:"), 'description', 30);
  
  end_table(1);
  
-submit_add_or_update_center(!isset($selected_id));
+submit_add_or_update_center($selected_id == -1, '', 'both');
  
  end_form();