X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fmanage%2Fcustomers.php;h=0f101574c17c033ef101dc59e8eae0e2f5f25302;hb=59233fde6a6ea38e17c1ce5b089cb0b798a98e2d;hp=5a57732f8328ef12f6b182717b07021c39a5d873;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git diff --git a/sales/manage/customers.php b/sales/manage/customers.php index 5a57732f..0f101574 100644 --- a/sales/manage/customers.php +++ b/sales/manage/customers.php @@ -9,7 +9,6 @@ page(_("Customers")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/banking.inc"); include_once($path_to_root . "/includes/ui.inc"); -include_once($path_to_root . "/includes/data_checks.inc"); if (isset($_GET['New']) || !isset($_POST['customer_id']) || $_POST['customer_id'] == "") { @@ -31,42 +30,24 @@ function can_process() return false; } - if (!is_numeric( $_POST['credit_limit'])) + if (!check_num('credit_limit', 0)) { - display_error(_("The credit limit must be numeric.")); + display_error(_("The credit limit must be numeric and not less than zero.")); return false; } - if (!is_numeric( $_POST['pymt_discount'])) + if (!check_num('pymt_discount', 0, 100)) { - display_error(_("The payment discount must be numeric.")); + display_error(_("The payment discount must be numeric and is expected to be less than 100% and greater than or equal to 0.")); return false; } - if (!is_numeric( $_POST['discount'])) + if (!check_num('discount', 0, 100)) { - display_error(_("The discount percentage must be numeric.")); + display_error(_("The discount percentage must be numeric and is expected to be less than 100% and greater than or equal to 0.")); return false; } - - if ($_POST['credit_limit'] < 0) - { - display_error(_("The credit limit must be a positive number.")); - return false; - } - - if (($_POST['pymt_discount'] >= 100) || ($_POST['pymt_discount'] < 0)) - { - display_error(_("The payment discount is expected to be less than 100% and greater than or equal to 0.")); - return false; - } - - if (($_POST['discount'] >= 100) || ($_POST['discount'] < 0)) - { - display_error(_("The discount percent is expected to be less than 100 and greater than or equal to 0.")); - return false; - } - + return true; } @@ -81,21 +62,20 @@ function handle_submit() if (!isset($_POST['New'])) { - // Sherifoz 22.06.03 convert percent to fraction - $sql = "UPDATE ".TB_PREF."debtors_master SET name='" . $_POST['CustName'] . "', - address='" . $_POST['address'] . "', - tax_id='" . $_POST['tax_id'] . "', - curr_code='" . $_POST['curr_code'] . "', - email='" . $_POST['email'] . "', - dimension_id=" . $_POST['dimension_id'] . ", - dimension2_id=" . $_POST['dimension2_id'] . ", - credit_status='" . $_POST['credit_status'] . "', - payment_terms='" . $_POST['payment_terms'] . "', - discount=" . ($_POST['discount']) / 100 . ", - pymt_discount=" . ($_POST['pymt_discount']) / 100 . ", - credit_limit=" . $_POST['credit_limit'] . ", - sales_type = '" . $_POST['sales_type'] . "' - WHERE debtor_no = '" . $_POST['customer_id'] . "'"; + $sql = "UPDATE ".TB_PREF."debtors_master SET name=" . db_escape($_POST['CustName']) . ", + address=".db_escape($_POST['address']) . ", + tax_id=".db_escape($_POST['tax_id']) . ", + curr_code=".db_escape($_POST['curr_code']) . ", + email=".db_escape($_POST['email']) . ", + dimension_id=".db_escape($_POST['dimension_id']) . ", + dimension2_id=".db_escape($_POST['dimension2_id']) . ", + credit_status=".db_escape($_POST['credit_status']) . ", + payment_terms=".db_escape($_POST['payment_terms']) . ", + discount=" . input_num('discount') / 100 . ", + pymt_discount=" . input_num('pymt_discount') / 100 . ", + credit_limit=" . input_num('credit_limit') . ", + sales_type = ".db_escape($_POST['sales_type']) . " + WHERE debtor_no = '". $_POST['customer_id'] . "'"; db_query($sql,"The customer could not be updated"); display_notification(_("Customer has been updated.")); @@ -109,10 +89,12 @@ function handle_submit() $sql = "INSERT INTO ".TB_PREF."debtors_master (name, address, tax_id, email, dimension_id, dimension2_id, curr_code, credit_status, payment_terms, discount, pymt_discount,credit_limit, - sales_type) VALUES ('" . $_POST['CustName'] ."', '" . $_POST['address'] . "', '" . $_POST['tax_id'] . "', - '" . $_POST['email'] . "', " . $_POST['dimension_id'] . ", " . $_POST['dimension2_id'] . ", '" . $_POST['curr_code'] . "', - " . $_POST['credit_status'] . ", '" . $_POST['payment_terms'] . "', " . ($_POST['discount'])/100 . ", - " . ($_POST['pymt_discount'])/100 . ", " . $_POST['credit_limit'] . ", '" . $_POST['sales_type'] . "')"; + sales_type) VALUES (".db_escape($_POST['CustName']) .", " + .db_escape($_POST['address']) . ", " . db_escape($_POST['tax_id']) . "," + .db_escape($_POST['email']) . ", ".db_escape($_POST['dimension_id']) . ", " + .db_escape($_POST['dimension2_id']) . ", ".db_escape($_POST['curr_code']) . ", + " . db_escape($_POST['credit_status']) . ", ".db_escape($_POST['payment_terms']) . ", " . input_num('discount')/100 . ", + " . input_num('pymt_discount')/100 . ", " . input_num('credit_limit') . ", ".db_escape($_POST['sales_type']) . ")"; db_query($sql,"The customer could not be added"); @@ -244,8 +226,8 @@ if (isset($_POST['New'])) $_POST['curr_code'] = get_company_currency(); $_POST['credit_status'] = -1; $_POST['payment_terms'] = ''; - $_POST['discount'] = $_POST['pymt_discount'] = 0; - $_POST['credit_limit'] = sys_prefs::default_credit_limit(); + $_POST['discount'] = $_POST['pymt_discount'] = percent_format(0); + $_POST['credit_limit'] = price_format(sys_prefs::default_credit_limit()); } else { @@ -265,9 +247,9 @@ else $_POST['curr_code'] = $myrow["curr_code"]; $_POST['credit_status'] = $myrow["credit_status"]; $_POST['payment_terms'] = $myrow["payment_terms"]; - $_POST['discount'] = $myrow["discount"] * 100; // Sherifoz 21.6.03 convert to displayable percentage - $_POST['pymt_discount'] = $myrow["pymt_discount"] * 100; // Sherifoz 21.6.03 convert to displayable percentage - $_POST['credit_limit'] = $myrow["credit_limit"]; + $_POST['discount'] = percent_format($myrow["discount"] * 100); + $_POST['pymt_discount'] = percent_format($myrow["pymt_discount"] * 100); + $_POST['credit_limit'] = price_format($myrow["credit_limit"]); } text_row(_("Customer Name:"), 'CustName', $_POST['CustName'], 40, 40); @@ -304,9 +286,9 @@ if ($dim < 1) if ($dim < 2) hidden('dimension2_id', 0); -text_row(_("Discount Percent:"), 'discount', $_POST['discount'], 5, 4); -text_row(_("Prompt Payment Discount Percent:"), 'pymt_discount', $_POST['pymt_discount'], 5, 4); -text_row(_("Credit Limit:"), 'credit_limit', $_POST['credit_limit'], 16, 14); +percent_row(_("Discount Percent:"), 'discount', $_POST['discount']); +percent_row(_("Prompt Payment Discount Percent:"), 'pymt_discount', $_POST['pymt_discount']); +amount_row(_("Credit Limit:"), 'credit_limit', $_POST['credit_limit']); payment_terms_list_row(_("Payment Terms:"), 'payment_terms', $_POST['payment_terms']); credit_status_list_row(_("Credit Status:"), 'credit_status', $_POST['credit_status']);