X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fgl_budget.php;h=2fc74cb4896336b1596c1d20aac798a788c0dbfe;hb=d1b959c4b73664327c2e17d5bb3fb515aabfa449;hp=b503a61c5f3db15fccafdad1cfa6c7ad81796b9c;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git diff --git a/gl/gl_budget.php b/gl/gl_budget.php index b503a61c..2fc74cb4 100644 --- a/gl/gl_budget.php +++ b/gl/gl_budget.php @@ -1,12 +1,21 @@ . +***********************************************************************/ +$page_security = 'SA_BUDGETENTRY'; +$path_to_root = ".."; include($path_to_root . "/includes/session.inc"); add_js_file('budget.js'); -page(_("Budget Entry")); +page(_($help_context = "Budget Entry")); include($path_to_root . "/includes/ui.inc"); include($path_to_root . "/gl/includes/gl_db.inc"); @@ -18,8 +27,9 @@ check_db_has_gl_account_groups(_("There are no account groups defined. Please de function exists_gl_budget($date_, $account, $dimension, $dimension2) { - $sql = "SELECT account FROM ".TB_PREF."budget_trans WHERE account='$account' AND tran_date='$date_' AND - dimension_id=$dimension AND dimension2_id=$dimension2"; + $sql = "SELECT account FROM ".TB_PREF."budget_trans WHERE account=".db_escape($account) + ." AND tran_date='$date_' AND + dimension_id=".db_escape($dimension)." AND dimension2_id=".db_escape($dimension2); $result = db_query($sql, "Cannot retreive a gl transaction"); return (db_num_rows($result) > 0); @@ -28,14 +38,18 @@ function exists_gl_budget($date_, $account, $dimension, $dimension2) function add_update_gl_budget_trans($date_, $account, $dimension, $dimension2, $amount) { $date = date2sql($date_); - + if (exists_gl_budget($date, $account, $dimension, $dimension2)) - $sql = "UPDATE ".TB_PREF."budget_trans SET amount=$amount WHERE account='$account' AND - dimension_id=$dimension AND dimension2_id=$dimension2 AND tran_date='$date'"; + $sql = "UPDATE ".TB_PREF."budget_trans SET amount=".db_escape($amount) + ." WHERE account=".db_escape($account) + ." AND dimension_id=".db_escape($dimension) + ." AND dimension2_id=".db_escape($dimension2) + ." AND tran_date='$date'"; else $sql = "INSERT INTO ".TB_PREF."budget_trans (tran_date, - account, dimension_id, dimension2_id, amount) VALUES ('$date', - '$account', $dimension, $dimension2, $amount)"; + account, dimension_id, dimension2_id, amount, memo_) VALUES ('$date', + ".db_escape($account).", ".db_escape($dimension).", " + .db_escape($dimension2).", ".db_escape($amount).", '')"; db_query($sql, "The GL budget transaction could not be saved"); } @@ -43,21 +57,25 @@ function add_update_gl_budget_trans($date_, $account, $dimension, $dimension2, $ function delete_gl_budget_trans($date_, $account, $dimension, $dimension2) { $date = date2sql($date_); - - $sql = "DELETE FROM ".TB_PREF."budget_trans WHERE account='$account' AND - dimension_id=$dimension AND dimension2_id=$dimension2 AND tran_date='$date'"; + + $sql = "DELETE FROM ".TB_PREF."budget_trans WHERE account=".db_escape($account) + ." AND dimension_id=".db_escape($dimension) + ." AND dimension2_id=".db_escape($dimension2) + ." AND tran_date='$date'"; db_query($sql, "The GL budget transaction could not be deleted"); } -function get_only_budget_trans_from_to($from_date, $to_date, $account, $dimension=0, $dimension2=0) +function get_only_budget_trans_from_to($from_date, $to_date, $account, $dimension=0, $dimension2=0) { $from = date2sql($from_date); $to = date2sql($to_date); - + $sql = "SELECT SUM(amount) FROM ".TB_PREF."budget_trans - WHERE account='$account' AND tran_date >= '$from' AND tran_date <= '$to' - AND dimension_id = $dimension AND dimension2_id = $dimension2"; + WHERE account=".db_escape($account) + ." AND tran_date >= '$from' AND tran_date <= '$to' + AND dimension_id = ".db_escape($dimension) + ." AND dimension2_id = ".db_escape($dimension2); $result = db_query($sql,"No budget accounts were returned"); $row = db_fetch_row($result); @@ -66,28 +84,28 @@ function get_only_budget_trans_from_to($from_date, $to_date, $account, $dimensio //------------------------------------------------------------------------------------- -if (isset($_POST['add']) || isset($_POST['delete'])) +if (isset($_POST['add']) || isset($_POST['delete'])) { begin_transaction(); - + for ($i = 0, $da = $_POST['begin']; date1_greater_date2($_POST['end'], $da); $i++) { if (isset($_POST['add'])) add_update_gl_budget_trans($da, $_POST['account'], $_POST['dim1'], $_POST['dim2'], input_num('amount'.$i)); - else + else delete_gl_budget_trans($da, $_POST['account'], $_POST['dim1'], $_POST['dim2']); $da = add_months($da, 1); } commit_transaction(); - + if (isset($_POST['add'])) display_notification_centered(_("The Budget has been saved.")); - else + else display_notification_centered(_("The Budget has been deleted.")); - - //meta_forward($_SERVER['PHP_SELF']); + + //meta_forward($_SERVER['PHP_SELF']); $Ajax->activate('budget_tbl'); -} +} if (isset($_POST['submit']) || isset($_POST['update'])) $Ajax->activate('budget_tbl'); @@ -95,16 +113,16 @@ if (isset($_POST['submit']) || isset($_POST['update'])) start_form(); -if (db_has_gl_accounts()) +if (db_has_gl_accounts()) { $dim = get_company_pref('use_dimension'); start_table($table_style2); fiscalyears_list_row(_("Fiscal Year:"), 'fyear', null); gl_all_accounts_list_row(_("Account Code:"), 'account', null); - if (!isset($_POST['dim1'])) - $_POST['dim1'] = 0; - if (!isset($_POST['dim2'])) - $_POST['dim2'] = 0; + if (!isset($_POST['dim1'])) + $_POST['dim1'] = 0; + if (!isset($_POST['dim2'])) + $_POST['dim2'] = 0; if ($dim == 2) { dimensions_list_row(_("Dimension")." 1", 'dim1', $_POST['dim1'], true, null, false, 1); @@ -124,16 +142,16 @@ if (db_has_gl_accounts()) end_table(1); div_start('budget_tbl'); start_table($table_style2); - $showdims = (($dim == 1 && $_POST['dim1'] == 0) || + $showdims = (($dim == 1 && $_POST['dim1'] == 0) || ($dim == 2 && $_POST['dim1'] == 0 && $_POST['dim2'] == 0)); - if ($showdims) + if ($showdims) $th = array(_("Period"), _("Amount"), _("Dim. incl."), _("Last Year")); - else + else $th = array(_("Period"), _("Amount"), _("Last Year")); - table_header($th); + table_header($th); $year = $_POST['fyear']; if (get_post('update') == '') { - $sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=$year"; + $sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=".db_escape($year); $result = db_query($sql, "could not get current fiscal year"); @@ -149,16 +167,16 @@ if (db_has_gl_accounts()) start_row(); if (get_post('update') == '') $_POST['amount'.$i] = number_format2(get_only_budget_trans_from_to( - $date_, $date_, $_POST['account'], $_POST['dim1'], $_POST['dim2']), 0); - - label_cell($date_); + $date_, $date_, $_POST['account'], $_POST['dim1'], $_POST['dim2']), 0); + + label_cell($date_); amount_cells(null, 'amount'.$i, null, 15, null, 0); if ($showdims) { $d = get_budget_trans_from_to($date_, $date_, $_POST['account'], $_POST['dim1'], $_POST['dim2']); label_cell(number_format2($d, 0), "nowrap align=right"); $btotal += $d; - } + } $lamount = get_gl_trans_from_to(add_years($date_, -1), add_years(end_month($date_), -1), $_POST['account'], $_POST['dim1'], $_POST['dim2']); $total += input_num('amount'.$i); $ltotal += $lamount; @@ -176,11 +194,11 @@ if (db_has_gl_accounts()) end_table(1); div_end(); submit_center_first('update', _("Update"), '', null); - submit('add', _("Save"), true, '', true); + submit('add', _("Save"), true, '', 'default'); submit_center_last('delete', _("Delete"), '', true); -} +} end_form(); - + end_page(); - + ?>