X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fshipping_companies.php;h=19f034b7408fc343c300539fb0a8d1b0052786d9;hb=081465f30442afc4f008a1c7038bef320466a730;hp=720c526476affa2efaa25b48e671a591836e9371;hpb=0b253e5e0d23400838d3bfb4f27fb3fb2637b3ab;p=fa-stable.git

diff --git a/admin/shipping_companies.php b/admin/shipping_companies.php
index 720c5264..19f034b7 100644
--- a/admin/shipping_companies.php
+++ b/admin/shipping_companies.php
@@ -9,10 +9,10 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 14;
+$page_security = 'SA_SHIPPING';
 $path_to_root="..";
 include($path_to_root . "/includes/session.inc");
-page(_("Shipping Company"));
+page(_($help_context = "Shipping Company"));
 include($path_to_root . "/includes/ui.inc");
 
 simple_page_mode(true);
@@ -33,10 +33,11 @@ function can_process()
 if ($Mode=='ADD_ITEM' && can_process()) 
 {
 
-	$sql = "INSERT INTO ".TB_PREF."shippers (shipper_name, contact, phone, address)
+	$sql = "INSERT INTO ".TB_PREF."shippers (shipper_name, contact, phone, phone2, address)
 		VALUES (" . db_escape($_POST['shipper_name']) . ", " .
 		db_escape($_POST['contact']). ", " .
 		db_escape($_POST['phone']). ", " .
+		db_escape($_POST['phone2']). ", " .
 		db_escape($_POST['address']) . ")";
 
 	db_query($sql,"The Shipping Company could not be added");
@@ -52,8 +53,9 @@ if ($Mode=='UPDATE_ITEM' && can_process())
 	$sql = "UPDATE ".TB_PREF."shippers SET shipper_name=" . db_escape($_POST['shipper_name']). " ,
 		contact =" . db_escape($_POST['contact']). " ,
 		phone =" . db_escape($_POST['phone']). " ,
+		phone2 =" . db_escape($_POST['phone2']). " ,
 		address =" . db_escape($_POST['address']). "
-		WHERE shipper_id = $selected_id";
+		WHERE shipper_id = ".db_escape($selected_id);
 
 	db_query($sql,"The shipping company could not be updated");
 	display_notification(_('Selected shipping company has been updated'));
@@ -66,7 +68,7 @@ if ($Mode == 'Delete')
 {
 // PREVENT DELETES IF DEPENDENT RECORDS IN 'sales_orders'
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via='$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE ship_via=".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -78,7 +80,7 @@ if ($Mode == 'Delete')
 	{
 		// PREVENT DELETES IF DEPENDENT RECORDS IN 'debtor_trans'
 
-		$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via='$selected_id'";
+		$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE ship_via=".db_escape($selected_id);
 		$result = db_query($sql,"check failed");
 		$myrow = db_fetch_row($result);
 		if ($myrow[0] > 0) 
@@ -88,7 +90,7 @@ if ($Mode == 'Delete')
 		} 
 		else 
 		{
-			$sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+			$sql="DELETE FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
 			db_query($sql,"could not delete shipper");
 			display_notification(_('Selected shipping company has been deleted'));
 		}
@@ -112,7 +114,7 @@ $result = db_query($sql,"could not get shippers");
 
 start_form();
 start_table($table_style);
-$th = array(_("Name"), _("Contact Person"), _("Phone Number"), _("Address"), "", "");
+$th = array(_("Name"), _("Contact Person"), _("Phone Number"), _("Secondary Phone"), _("Address"), "", "");
 inactive_control_column($th);
 table_header($th);
 
@@ -124,6 +126,7 @@ while ($myrow = db_fetch($result))
 	label_cell($myrow["shipper_name"]);
 	label_cell($myrow["contact"]);
 	label_cell($myrow["phone"]);
+	label_cell($myrow["phone2"]);
 	label_cell($myrow["address"]);
 	inactive_control_cell($myrow["shipper_id"], $myrow["inactive"], 'shippers', 'shipper_id');
  	edit_button_cell("Edit".$myrow["shipper_id"], _("Edit"));
@@ -143,7 +146,7 @@ if ($selected_id != -1)
  	if ($Mode == 'Edit') {
 		//editing an existing Shipper
 
-		$sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=$selected_id";
+		$sql = "SELECT * FROM ".TB_PREF."shippers WHERE shipper_id=".db_escape($selected_id);
 
 		$result = db_query($sql, "could not get shipper");
 		$myrow = db_fetch($result);
@@ -151,6 +154,7 @@ if ($selected_id != -1)
 		$_POST['shipper_name']	= $myrow["shipper_name"];
 		$_POST['contact']	= $myrow["contact"];
 		$_POST['phone']	= $myrow["phone"];
+		$_POST['phone2']	= $myrow["phone2"];
 		$_POST['address'] = $myrow["address"];
 	}
 	hidden('selected_id', $selected_id);
@@ -160,7 +164,9 @@ text_row_ex(_("Name:"), 'shipper_name', 40);
 
 text_row_ex(_("Contact Person:"), 'contact', 30);
 
-text_row_ex(_("Phone Number:"), 'phone', 20);
+text_row_ex(_("Phone Number:"), 'phone', 32, 30);
+
+text_row_ex(_("Secondary Phone Number:"), 'phone2', 32, 30);
 
 text_row_ex(_("Address:"), 'address', 50);