X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_rates.inc;h=5db9ba2443568970e8dd473c7a37321bd14d3431;hb=edbff365515fbb3a2899ff0b9717c1596496aff0;hp=fa5926b6559fa04a67d548c1eefc4f6302f18405;hpb=f4737ea725de62440c8bf58a7b4d7b187268fe93;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_rates.inc b/gl/includes/db/gl_db_rates.inc
index fa5926b6..5db9ba24 100644
--- a/gl/includes/db/gl_db_rates.inc
+++ b/gl/includes/db/gl_db_rates.inc
@@ -12,7 +12,7 @@
 //---------------------------------------------------------------------------------------------
 function get_exchange_rate($rate_id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."exchange_rates WHERE id=$rate_id";
+	$sql = "SELECT * FROM ".TB_PREF."exchange_rates WHERE id=".db_escape($rate_id);
 	$result = db_query($sql, "could not get exchange rate for $rate_id");	
 
 	return db_fetch($result);
@@ -22,8 +22,8 @@ function get_exchange_rate($rate_id)
 function get_date_exchange_rate($curr_code, $date_)
 {
 	$date = date2sql($date_);
-	$sql = "SELECT rate_buy FROM ".TB_PREF."exchange_rates WHERE curr_code='$curr_code' 
-		AND date_='$date'";
+	$sql = "SELECT rate_buy FROM ".TB_PREF."exchange_rates WHERE curr_code=".db_escape($curr_code)
+	." AND date_='$date'";
 	$result = db_query($sql, "could not get exchange rate for $curr_code - $date_");	
 
 	if(db_num_rows($result) == 0) 
@@ -41,8 +41,8 @@ function update_exchange_rate($curr_code, $date_, $buy_rate, $sell_rate)
 			
 	$date = date2sql($date_);
 		
-	$sql = "UPDATE ".TB_PREF."exchange_rates SET rate_buy=$buy_rate, rate_sell=$sell_rate
-		WHERE curr_code='$curr_code' AND date_='$date'";
+	$sql = "UPDATE ".TB_PREF."exchange_rates SET rate_buy=$buy_rate, rate_sell=".db_escape($sell_rate)
+	." WHERE curr_code=".db_escape($curr_code)." AND date_='$date'";
 				
 	db_query($sql, "could not add exchange rate for $curr_code");				
 }
@@ -57,7 +57,8 @@ function add_exchange_rate($curr_code, $date_, $buy_rate, $sell_rate)
 	$date = date2sql($date_);
 		
 	$sql = "INSERT INTO ".TB_PREF."exchange_rates (curr_code, date_, rate_buy, rate_sell)
-		VALUES ('$curr_code', '$date', $buy_rate, $sell_rate)";
+		VALUES (".db_escape($curr_code).", '$date', ".db_escape($buy_rate)
+		.", ".db_escape($sell_rate).")";
 	db_query($sql, "could not add exchange rate for $curr_code");				
 }
 
@@ -65,7 +66,7 @@ function add_exchange_rate($curr_code, $date_, $buy_rate, $sell_rate)
 
 function delete_exchange_rate($rate_id)
 {
-	$sql = "DELETE FROM ".TB_PREF."exchange_rates WHERE id=$rate_id";
+	$sql = "DELETE FROM ".TB_PREF."exchange_rates WHERE id=".db_escape($rate_id);
 	db_query($sql, "could not delete exchange rate $rate_id");		
 }
 
@@ -79,15 +80,28 @@ function retrieve_exrate($curr_b, $date)
 	if (method_exists($Hooks, 'retrieve_exrate'))
 		return $Hooks->retrieve_exrate($curr_b, $date);
 	else
-		return get_ecb_rate($curr_b);
+		return get_extern_rate($curr_b, 'ECB', $date);
 }
 //-----------------------------------------------------------------------------
 
-function get_ecb_rate($curr_b) 
+function get_extern_rate($curr_b, $provider = 'ECB', $date) 
 {
 	$curr_a = get_company_pref('curr_default');
-	$ecb_filename = '/stats/eurofxref/eurofxref-daily.xml';
-	$ecb_site = 'www.ecb.int';
+	if ($provider == 'ECB')
+	{
+		$filename = "/stats/eurofxref/eurofxref-daily.xml";
+		$site = "www.ecb.int";
+	}
+	elseif ($provider == 'YAHOO')
+	{
+		$filename = "/q?s={$curr_a}{$curr_b}=X";
+		$site = "finance.yahoo.com";
+	}
+	elseif ($provider == 'GOOGLE')
+	{
+		$filename = "/finance/converter?a=1&from={$curr_a}&to={$curr_b}";
+		$site = "finance.google.com";
+	}
 	$contents = '';
 
 	if (function_exists('curl_init'))
@@ -95,7 +109,7 @@ function get_ecb_rate($curr_b)
 		$retry = 1;
 	 	do {
 	       $ch = curl_init();
-    	   curl_setopt ($ch, CURLOPT_URL, 'http://'.$ecb_site.$ecb_filename);
+    	   curl_setopt ($ch, CURLOPT_URL, 'http://'.$site.$filename);
 	       curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
     	   curl_setopt ($ch, CURLOPT_HEADER, 0);
 	       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -105,11 +119,11 @@ function get_ecb_rate($curr_b)
 	       curl_close($ch);
 			// due to resolver bug in some curl versions (e.g. 7.15.5) 
 			// try again for constant IP.
-		   $ecb_site="195.128.2.97";
+		   $site="195.128.2.97";
 	   } while( ($contents == '') && $retry--);
 	   
 	} else {
-		$handle = @fopen("http://".$ecb_site.$ecb_filename, 'rb');
+		$handle = @fopen("http://".$site.$filename, 'rb');
 		if ($handle) {
 			do 
 			{
@@ -123,26 +137,61 @@ function get_ecb_rate($curr_b)
 		} // end handle
 	}
 	if (!$contents) {
-		display_warning(_('Cannot retrieve currency rate from ECB page. Please set the rate manually.'));
+		display_warning(_("Cannot retrieve currency rate from $provider page. Please set the rate manually."));
 	}
-	$contents = str_replace ("<Cube currency='USD'", " <Cube currency='EUR' rate='1'/> <Cube currency='USD'", $contents);
-	$from_mask = "|<Cube\s*currency=\'" . $curr_a . "\'\s*rate=\'([\d.,]*)\'\s*/>|i";
-	preg_match ( $from_mask, $contents, $out );
-	$val_a = isset($out[1]) ? $out[1] : 0;
-	$val_a = str_replace ( ',', '', $val_a );
-	$to_mask = "|<Cube\s*currency=\'" . $curr_b . "\'\s*rate=\'([\d.,]*)\'\s*/>|i";
-	preg_match ( $to_mask, $contents, $out );
-	$val_b = isset($out[1]) ? $out[1] : 0;
-	$val_b = str_replace ( ',', '', $val_b );
-	if ($val_b) 
+	if ($provider == 'ECB')
 	{
-		$val = $val_a / $val_b;
-	} 
-	else 
+		$contents = str_replace ("<Cube currency='USD'", " <Cube currency='EUR' rate='1'/> <Cube currency='USD'", $contents);
+		$from_mask = "|<Cube\s*currency=\'" . $curr_a . "\'\s*rate=\'([\d.,]*)\'\s*/>|i";
+		preg_match ( $from_mask, $contents, $out );
+		$val_a = isset($out[1]) ? $out[1] : 0;
+		$val_a = str_replace ( ',', '', $val_a );
+		$to_mask = "|<Cube\s*currency=\'" . $curr_b . "\'\s*rate=\'([\d.,]*)\'\s*/>|i";
+		preg_match ( $to_mask, $contents, $out );
+		$val_b = isset($out[1]) ? $out[1] : 0;
+		$val_b = str_replace ( ',', '', $val_b );
+		if ($val_b) 
+		{
+			$val = $val_a / $val_b;
+		} 
+		else 
+		{
+			$val = 0;
+		}
+	}
+	elseif ($provider == 'YAHOO')
 	{
-		$val = 0;
+		$val = '';
+		if (preg_match('/Last\sTrade:(.*?)Trade\sTime/s', $contents, $matches)) {
+			$val = strip_tags($matches[1]);
+			$val = str_replace(',', '', $val);
+			if ($val != 0)
+				$val = 1 / $val;
+		}
 	}
+	elseif ($provider == 'GOOGLE')
+	{
+		$val = '';
+		$regexp = "%([\d|.]+)\s+{$curr_a}\s+=\s+<span\sclass=(.*)>([\d|.]+)\s+{$curr_b}\s*</span>%s";
+		if (preg_match($regexp, $contents, $matches)) 
+		{
+			$val = $matches[3];
+			$val = str_replace(',', '', $val);
+			if ($val != 0)
+				$val = 1 / $val;
+		}
+    }    
 	return $val;
-}  // end function get_ecb_rate
+}  /* end function get_extern_rate */
+
+//-----------------------------------------------------------------------------
 
+function get_sql_for_exchange_rates()
+{
+	$sql = "SELECT date_, rate_buy, id FROM "
+		.TB_PREF."exchange_rates "
+		."WHERE curr_code=".db_escape($_POST['curr_abrev'])."
+		 ORDER BY date_ DESC";
+	return $sql;	 
+}
 ?>
\ No newline at end of file