X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fpurchasing_data.php;h=1970481ac52cce36506c54187bf2ce46fe0f6410;hb=cceb107ab3e8db0b400aeb7b98d0360e06ba8dae;hp=4371c8290d8bf567b3d69427249c6b65c83e8dcf;hpb=e8ae3516539a520338117f25d401c0fc234973a4;p=fa-stable.git

diff --git a/inventory/purchasing_data.php b/inventory/purchasing_data.php
index 4371c829..1970481a 100644
--- a/inventory/purchasing_data.php
+++ b/inventory/purchasing_data.php
@@ -9,11 +9,11 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 4;
-$path_to_root="..";
+$page_security = 'SA_PURCHASEPRICING';
+$path_to_root = "..";
 include_once($path_to_root . "/includes/session.inc");
 
-page(_("Supplier Purchasing Data"));
+page(_($help_context = "Supplier Purchasing Data"));
 
 include_once($path_to_root . "/includes/date_functions.inc");
 include_once($path_to_root . "/includes/ui.inc");
@@ -24,16 +24,8 @@ check_db_has_purchasable_items(_("There are no purchasable inventory items defin
 check_db_has_suppliers(_("There are no suppliers defined in the system."));
 
 //----------------------------------------------------------------------------------------
-if ($ret = context_restore()) {
-	if(isset($ret['supplier_id']))
-		$_POST['supplier_id'] = $ret['supplier_id'];
-}
-if (isset($_POST['_supplier_id_editor'])) {
-	context_call($path_to_root.'/purchasing/manage/suppliers.php?supplier_id='.$_POST['supplier_id'], 
-		array( 'supplier_id', 'stock_id','_stock_id_edit', 'price', 
-			'suppliers_uom', 'supplier_description','conversion_factor'));
-}
 simple_page_mode(true);
+
 //--------------------------------------------------------------------------------------------------
 
 if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
@@ -66,20 +58,21 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
     		$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
     			conversion_factor, supplier_description) VALUES (";
-    		$sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
-		    input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
-    			input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+    		$sql .= db_escape($_POST['supplier_id']).", ".db_escape($_POST['stock_id']). ", "
+		    	.input_num('price',0) . ", ".db_escape( $_POST['suppliers_uom'] ). ", "
+    			.input_num('conversion_factor') . ", "
+    			.db_escape($_POST['supplier_description']) . ")";
 
     		db_query($sql,"The supplier purchasing details could not be added");
     		display_notification(_("This supplier purchasing data has been added."));
        	} else
        	{
-          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
-				suppliers_uom='" . $_POST['suppliers_uom'] . "',
+          	$sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
+				suppliers_uom=".db_escape($_POST['suppliers_uom']) . ",
 				conversion_factor=" . input_num('conversion_factor') . ",
-				supplier_description='" . $_POST['supplier_description'] . "'
-				WHERE stock_id='" . $_POST['stock_id'] . "' AND
-				supplier_id='$selected_id'";
+				supplier_description=" . db_escape($_POST['supplier_description']) . "
+				WHERE stock_id=".db_escape($_POST['stock_id']) . " AND
+				supplier_id=".db_escape($selected_id);
           	db_query($sql,"The supplier purchasing details could not be updated");
 
     	  	display_notification(_("Supplier purchasing data has been updated."));
@@ -93,8 +86,8 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 if ($Mode == 'Delete')
 {
 
-	$sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id='$selected_id'
-		AND stock_id='" . $_POST['stock_id'] . "'";
+	$sql = "DELETE FROM ".TB_PREF."purch_data WHERE supplier_id=".db_escape($selected_id)."
+		AND stock_id=".db_escape($_POST['stock_id']);
 	db_query($sql,"could not delete purchasing data");
 
 	display_notification(_("The purchasing data item has been sucessfully deleted."));
@@ -138,10 +131,11 @@ if ($mb_flag == -1)
 else
 {
 
-    $sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name,".TB_PREF."suppliers.curr_code
+    $sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name,"
+    	.TB_PREF."suppliers.curr_code
 		FROM ".TB_PREF."purch_data INNER JOIN ".TB_PREF."suppliers
 		ON ".TB_PREF."purch_data.supplier_id=".TB_PREF."suppliers.supplier_id
-		WHERE stock_id = '" . $_POST['stock_id'] . "'";
+		WHERE stock_id = ".db_escape($_POST['stock_id']);
 
     $result = db_query($sql, "The supplier purchasing details for the selected part could not be retrieved");
   div_start('price_table');
@@ -151,10 +145,10 @@ else
     }
     else
     {
-        start_table("$table_style width=60%");
+        start_table("$table_style width=65%");
 
 		$th = array(_("Supplier"), _("Price"), _("Currency"),
-			_("Supplier's Unit"), _("Supplier's Description"), "", "");
+			_("Supplier's Unit"), _("Conversion Factor"), _("Supplier's Description"), "", "");
 
         table_header($th);
 
@@ -165,9 +159,10 @@ else
 			alt_table_row_color($k);
 
             label_cell($myrow["supp_name"]);
-            amount_cell($myrow["price"]);
+            amount_decimal_cell($myrow["price"]);
             label_cell($myrow["curr_code"]);
             label_cell($myrow["suppliers_uom"]);
+            qty_cell($myrow['conversion_factor'], false, user_exrate_dec());
             label_cell($myrow["supplier_description"]);
 		 	edit_button_cell("Edit".$myrow['supplier_id'], _("Edit"));
 		 	delete_button_cell("Delete".$myrow['supplier_id'], _("Delete"));
@@ -188,26 +183,27 @@ else
 
 //-----------------------------------------------------------------------------------------------
 
+$dec2 = 6;
 if ($Mode =='Edit')
 {
 
 	$sql = "SELECT ".TB_PREF."purch_data.*,".TB_PREF."suppliers.supp_name FROM ".TB_PREF."purch_data
 		INNER JOIN ".TB_PREF."suppliers ON ".TB_PREF."purch_data.supplier_id=".TB_PREF."suppliers.supplier_id
-		WHERE ".TB_PREF."purch_data.supplier_id='$selected_id'
-		AND ".TB_PREF."purch_data.stock_id='" . $_POST['stock_id'] . "'";
+		WHERE ".TB_PREF."purch_data.supplier_id=".db_escape($selected_id)."
+		AND ".TB_PREF."purch_data.stock_id=".db_escape($_POST['stock_id']);
 
 	$result = db_query($sql, "The supplier purchasing details for the selected supplier and item could not be retrieved");
 
 	$myrow = db_fetch($result);
 
     $supp_name = $myrow["supp_name"];
-    $_POST['price'] = price_format($myrow["price"]);
+    $_POST['price'] = price_decimal_format($myrow["price"], $dec2);
     $_POST['suppliers_uom'] = $myrow["suppliers_uom"];
     $_POST['supplier_description'] = $myrow["supplier_description"];
     $_POST['conversion_factor'] = exrate_format($myrow["conversion_factor"]);
 }
 
-echo "<br>";
+br();
 hidden('selected_id', $selected_id);
 start_table($table_style2);
 
@@ -219,8 +215,9 @@ if ($Mode == 'Edit')
 else
 {
 	supplier_list_row(_("Supplier:"), 'supplier_id', null, false, true);
+	$_POST['price'] = $_POST['suppliers_uom'] = $_POST['conversion_factor'] = $_POST['supplier_description'] = "";
 }
-amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id));
+amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id), $dec2);
 text_row(_("Suppliers Unit of Measure:"), 'suppliers_uom', null, 50, 51);
 
 if (!isset($_POST['conversion_factor']) || $_POST['conversion_factor'] == "")
@@ -233,7 +230,7 @@ text_row(_("Supplier's Code or Description:"), 'supplier_description', null, 50,
 
 end_table(1);
 
-submit_add_or_update_center($selected_id == -1, '', true);
+submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();