X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=gl%2Fbank_account_reconcile.php;h=d1dbba01c40d8d50af6ef9bd79f42dace4ce464d;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=2920af3a2c2d845d961cc3f9b19000387ad4a5e0;hpb=795cb201893b54ea61d93b74b20fa09df515c310;p=fa-stable.git

diff --git a/gl/bank_account_reconcile.php b/gl/bank_account_reconcile.php
index 2920af3a..d1dbba01 100644
--- a/gl/bank_account_reconcile.php
+++ b/gl/bank_account_reconcile.php
@@ -1,17 +1,17 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-	Released under the terms of the GNU Affero General Public License,
-	AGPL, as published by the Free Software Foundation, either version 
-	3 of the License, or (at your option) any later version.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 /* Author Rob Mallon */
-$page_security = 8;
-$path_to_root="..";
+$page_security = 'SA_RECONCILE';
+$path_to_root = "..";
 include($path_to_root . "/includes/db_pager.inc");
 include_once($path_to_root . "/includes/session.inc");
 
@@ -59,7 +59,9 @@ function rec_checkbox($row)
 
 function systype_name($dummy, $type)
 {
-	return systypes::name($type);
+	global $systypes_array;
+	
+	return $systypes_array[$type];
 }
 
 function trans_view($trans)
@@ -86,7 +88,7 @@ function fmt_credit($row)
 
 function fmt_person($row)
 {
-	return payment_person_types::person_name($row["person_type_id"],$row["person_id"]);
+	return payment_person_name($row["person_type_id"],$row["person_id"]);
 }
 
 $update_pager = false;
@@ -115,14 +117,15 @@ function change_tpl_flag($reconcile_id)
 	$_POST['bank_date'] = date2sql(get_post('reconcile_date'));
 	$reconcile_value = check_value("rec_".$reconcile_id) 
 						? ("'".$_POST['bank_date'] ."'") : 'NULL';
-	$sql = "UPDATE ".TB_PREF."bank_trans SET reconciled=$reconcile_value WHERE id=$reconcile_id";
+	$sql = "UPDATE ".TB_PREF."bank_trans SET reconciled=".db_escape($reconcile_value)
+	." WHERE id=".db_escape($reconcile_id);
 
   	db_query($sql, "Can't change reconciliation status");
 	// save last reconcilation status (date, end balance)
     $sql2="UPDATE ".TB_PREF."bank_accounts SET last_reconciled_date='"
 			.date2sql($_POST["reconcile_date"])."',
     	    ending_reconcile_balance=".input_num("end_balance")
-			." WHERE id=".$_POST["bank_account"];
+			." WHERE id=".db_escape($_POST["bank_account"]);
 
 	$result = db_query($sql2,"Error updating reconciliation information");
 	$Ajax->activate('reconciled');
@@ -131,7 +134,7 @@ function change_tpl_flag($reconcile_id)
 }
 
 if (!isset($_POST['reconcile_date'])) { // init page
-	$_POST['reconcile_date'] = Today();
+	$_POST['reconcile_date'] = new_doc_date();
 //	$_POST['bank_date'] = date2sql(Today());
 }
 
@@ -180,7 +183,7 @@ $sql = "SELECT MAX(reconciled) as last_date,
 		 SUM(IF(reconciled<'$date', amount, 0)) as beg_balance,
 		 SUM(amount) as total
 	FROM ".TB_PREF."bank_trans trans
-	WHERE bank_act=".$_POST['bank_account'];
+	WHERE bank_act=".db_escape($_POST['bank_account']);
 //	." AND trans.reconciled IS NOT NULL";
 
 $result = db_query($sql,"Cannot retrieve reconciliation data");
@@ -195,8 +198,8 @@ if ($row = db_fetch($result)) {
 		if (get_post('bank_date')) {
 			// if it is the last updated bank statement retrieve ending balance
 			$sql = "SELECT ending_reconcile_balance
-				FROM ".TB_PREF."bank_accounts WHERE id=".$_POST['bank_account']
-				. " AND last_reconciled_date='".$_POST['bank_date']."'";
+				FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($_POST['bank_account'])
+				. " AND last_reconciled_date=".db_escape($_POST['bank_date']);
 			$result = db_query($sql,"Cannot retrieve last reconciliation");
 			$row = db_fetch($result);
 			if($row) {
@@ -217,7 +220,7 @@ table_header($th);
 start_row();
 
 date_cells("", "reconcile_date", _('Date of bank statement to reconcile'), 
-	null, 0, 0, 0, null, true);
+	get_post('bank_date')=='', 0, 0, 0, null, true);
 
 amount_cells_ex("", "beg_balance", 15);
 
@@ -242,7 +245,7 @@ if (!isset($_POST['bank_account']))
 $sql = "SELECT	type, trans_no, ref, trans_date, 
 				amount,	person_id, person_type_id, reconciled, id
 		FROM ".TB_PREF."bank_trans
-		WHERE ".TB_PREF."bank_trans.bank_act = '" . $_POST['bank_account'] . "'
+		WHERE ".TB_PREF."bank_trans.bank_act = ".db_escape($_POST['bank_account']) . "
 			AND (reconciled IS NULL OR reconciled='". $date ."')
 		ORDER BY trans_date,".TB_PREF."bank_trans.id";
 // or	ORDER BY reconciled desc, trans_date,".TB_PREF."bank_trans.id";
@@ -263,10 +266,7 @@ display_heading($act['bank_account_name']." - ".$act['bank_curr_code']);
 		"X"=>array('insert'=>true, 'fun'=>'rec_checkbox')
 	   );
 	$table =& new_db_pager('trans_tbl', $sql, $cols);
-	if ($update_pager) {
-		$table->set_sql($sql);
-		$table->set_columns($cols);
-	}
+
 	$table->width = "60%";
 	display_db_pager($table);