X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=purchasing%2Fmanage%2Fsuppliers.php;h=f5f9445ee1c0ed433ef495547d84516b3f1f5b87;hb=7286bbfc939360b0fcb573ae075b2b8e899d96c8;hp=be2f1a7dc749f6e9ccfdf7908130e8429bbd22b8;hpb=e06cb420675cec10063b341bc402034cfedb7a8c;p=fa-stable.git diff --git a/purchasing/manage/suppliers.php b/purchasing/manage/suppliers.php index be2f1a7d..f5f9445e 100644 --- a/purchasing/manage/suppliers.php +++ b/purchasing/manage/suppliers.php @@ -9,11 +9,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security=5; -$path_to_root="../.."; +$page_security = 'SA_SUPPLIER'; +$path_to_root = "../.."; include($path_to_root . "/includes/session.inc"); -page(_("Suppliers"), @$_REQUEST['popup']); +page(_($help_context = "Suppliers"), @$_REQUEST['popup']); //include($path_to_root . "/includes/date_functions.inc"); @@ -57,31 +57,12 @@ if (isset($_POST['submit'])) if (!$new_supplier) { - - $sql = "UPDATE ".TB_PREF."suppliers SET supp_name=".db_escape($_POST['supp_name']) . ", - supp_ref=".db_escape($_POST['supp_ref']) . ", - address=".db_escape($_POST['address']) . ", - supp_address=".db_escape($_POST['supp_address']) . ", - phone=".db_escape($_POST['phone']) . ", - fax=".db_escape($_POST['fax']) . ", - gst_no=".db_escape($_POST['gst_no']) . ", - email=".db_escape($_POST['email']) . ", - website=".db_escape($_POST['website']) . ", - contact=".db_escape($_POST['contact']) . ", - supp_account_no=".db_escape($_POST['supp_account_no']) . ", - bank_account=".db_escape($_POST['bank_account']) . ", - credit_limit=".input_num('credit_limit', 0) . ", - dimension_id=".db_escape($_POST['dimension_id']) . ", - dimension2_id=".db_escape($_POST['dimension2_id']) . ", - curr_code=".db_escape($_POST['curr_code']).", - payment_terms=".db_escape($_POST['payment_terms']) . ", - payable_account=".db_escape($_POST['payable_account']) . ", - purchase_account=".db_escape($_POST['purchase_account']) . ", - payment_discount_account=".db_escape($_POST['payment_discount_account']) . ", - notes=".db_escape($_POST['notes']) . ", - tax_group_id=".db_escape($_POST['tax_group_id']) . " WHERE supplier_id = '" . $_POST['supplier_id'] . "'"; - - db_query($sql,"The supplier could not be updated"); + update_supplier($_POST['supplier_id'], $_POST['supp_name'], $_POST['supp_ref'], $_POST['address'], + $_POST['supp_address'], $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['gst_no'], + $_POST['email'], $_POST['website'], $_POST['contact'], $_POST['supp_account_no'], $_POST['bank_account'], + input_num('credit_limit', 0), $_POST['dimension_id'], $_POST['dimension2_id'], $_POST['curr_code'], + $_POST['payment_terms'], $_POST['payable_account'], $_POST['purchase_account'], $_POST['payment_discount_account'], + $_POST['notes'], $_POST['tax_group_id']); update_record_status($_POST['supplier_id'], $_POST['inactive'], 'suppliers', 'supplier_id'); @@ -90,34 +71,13 @@ if (isset($_POST['submit'])) } else { + add_supplier($_POST['supp_name'], $_POST['supp_ref'], $_POST['address'], $_POST['supp_address'], + $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['gst_no'], $_POST['email'], + $_POST['website'], $_POST['contact'], $_POST['supp_account_no'], $_POST['bank_account'], + input_num('credit_limit',0), $_POST['dimension_id'], $_POST['dimension2_id'], + $_POST['curr_code'], $_POST['payment_terms'], $_POST['payable_account'], $_POST['purchase_account'], + $_POST['payment_discount_account'], $_POST['notes'], $_POST['tax_group_id']); - $sql = "INSERT INTO ".TB_PREF."suppliers (supp_name, supp_ref, address, supp_address, phone, fax, gst_no, email, website, - contact, supp_account_no, bank_account, credit_limit, dimension_id, dimension2_id, curr_code, - payment_terms, payable_account, purchase_account, payment_discount_account, notes, tax_group_id) - VALUES (".db_escape($_POST['supp_name']). ", " - .db_escape($_POST['supp_ref']). ", " - .db_escape($_POST['address']) . ", " - .db_escape($_POST['supp_address']) . ", " - .db_escape($_POST['phone']). ", " - .db_escape($_POST['fax']). ", " - .db_escape($_POST['gst_no']). ", " - .db_escape($_POST['email']). ", " - .db_escape($_POST['website']). ", " - .db_escape($_POST['contact']). ", " - .db_escape($_POST['supp_account_no']). ", " - .db_escape($_POST['bank_account']). ", " - .input_num('credit_limit',0). ", " - .db_escape($_POST['dimension_id']). ", " - .db_escape($_POST['dimension2_id']). ", " - .db_escape($_POST['curr_code']). ", " - .db_escape($_POST['payment_terms']). ", " - .db_escape($_POST['payable_account']). ", " - .db_escape($_POST['purchase_account']). ", " - .db_escape($_POST['payment_discount_account']). ", " - .db_escape($_POST['notes']). ", " - .db_escape($_POST['tax_group_id']). ")"; - - db_query($sql,"The supplier could not be added"); $_POST['supplier_id'] = db_insert_id(); $new_supplier = false; display_notification(_("A new supplier has been added.")); @@ -134,10 +94,7 @@ elseif (isset($_POST['delete']) && $_POST['delete'] != "") // PREVENT DELETES IF DEPENDENT RECORDS IN 'supp_trans' , purch_orders - $sql= "SELECT COUNT(*) FROM ".TB_PREF."supp_trans WHERE supplier_id='" . $_POST['supplier_id'] . "'"; - $result = db_query($sql,"check failed"); - $myrow = db_fetch_row($result); - if ($myrow[0] > 0) + if (key_in_foreign_table($_POST['supplier_id'], 'supp_trans', 'supplier_id')) { $cancel_delete = 1; display_error(_("Cannot delete this supplier because there are transactions that refer to this supplier.")); @@ -145,10 +102,7 @@ elseif (isset($_POST['delete']) && $_POST['delete'] != "") } else { - $sql= "SELECT COUNT(*) FROM ".TB_PREF."purch_orders WHERE supplier_id='" . $_POST['supplier_id'] . "'"; - $result = db_query($sql,"check failed"); - $myrow = db_fetch_row($result); - if ($myrow[0] > 0) + if (key_in_foreign_table($_POST['supplier_id'], 'purch_orders', 'supplier_id')) { $cancel_delete = 1; display_error(_("Cannot delete the supplier record because purchase orders have been created against this supplier.")); @@ -157,8 +111,7 @@ elseif (isset($_POST['delete']) && $_POST['delete'] != "") } if ($cancel_delete == 0) { - $sql="DELETE FROM ".TB_PREF."suppliers WHERE supplier_id='" . $_POST['supplier_id']. "'"; - db_query($sql,"check failed"); + delete_supplier($_POST['supplier_id']); unset($_SESSION['supplier_id']); $new_supplier = true; @@ -202,6 +155,7 @@ if (!$new_supplier) $_POST['address'] = $myrow["address"]; $_POST['supp_address'] = $myrow["supp_address"]; $_POST['phone'] = $myrow["phone"]; + $_POST['phone2'] = $myrow["phone2"]; $_POST['fax'] = $myrow["fax"]; $_POST['gst_no'] = $myrow["gst_no"]; $_POST['email'] = $myrow["email"]; @@ -223,12 +177,13 @@ if (!$new_supplier) } else { - $_POST['supp_name'] = $_POST['supp_ref'] = $_POST['address'] = $_POST['supp_address'] = $_POST['tax_group_id'] = - $_POST['website'] = $_POST['supp_account_no'] = $_POST['notes'] = ''; + $_POST['supp_name'] = $_POST['supp_ref'] = $_POST['address'] = $_POST['supp_address'] = + $_POST['tax_group_id'] = $_POST['website'] = $_POST['supp_account_no'] = $_POST['notes'] = ''; $_POST['dimension_id'] = 0; $_POST['dimension2_id'] = 0; $_POST['sales_type'] = -1; - $_POST['email'] = $_POST['phone'] = $_POST['fax'] = $_POST['gst_no'] = $_POST['contact'] = $_POST['bank_account'] = ''; + $_POST['email'] = $_POST['phone'] = $_POST['phone2'] = $_POST['fax'] = + $_POST['gst_no'] = $_POST['contact'] = $_POST['bank_account'] = ''; $_POST['payment_terms'] = ''; $_POST['credit_limit'] = price_format(0); @@ -246,8 +201,9 @@ text_row(_("Supplier Name:"), 'supp_name', null, 42, 40); text_row(_("Supplier Short Name:"), 'supp_ref', null, 30, 30); text_row(_("Contact Person:"), 'contact', null, 42, 40); -text_row(_("Phone Number:"), 'phone', null, 42, 40); -text_row(_("Fax Number:"), 'fax', null, 42, 40); +text_row(_("Phone Number:"), 'phone', null, 32, 30); +text_row(_("Secondary Phone Number:"), 'phone2', null, 32, 30); +text_row(_("Fax Number:"), 'fax', null, 32, 30); email_row(_("E-mail:"), 'email', null, 35, 55); link_row(_("Website:"), 'website', null, 35, 55);