From 1b9351ae81a67726e757eba55895a4f059c7f128 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Sat, 27 Dec 2014 16:41:30 +0100 Subject: [PATCH] Cleanup: removed _GET/_POST references from business logic model. --- dimensions/includes/dimensions_db.inc | 26 ++++----- dimensions/inquiry/search_dimensions.php | 3 +- gl/includes/db/gl_db_rates.inc | 4 +- gl/manage/exchange_rates.php | 2 +- includes/lang/language.inc | 2 +- manufacturing/includes/db/work_orders_db.inc | 32 +++++------ manufacturing/inquiry/where_used_inquiry.php | 2 +- manufacturing/search_work_orders.php | 3 +- manufacturing/work_order_entry.php | 5 +- purchasing/includes/db/po_db.inc | 34 ++++++------ purchasing/includes/db/suppalloc_db.inc | 23 ++++---- purchasing/includes/db/suppliers_db.inc | 2 +- purchasing/inquiry/po_search.php | 13 +---- purchasing/inquiry/po_search_completed.php | 21 ++------ .../inquiry/supplier_allocation_inquiry.php | 3 +- sales/credit_note_entry.php | 2 +- sales/customer_credit_invoice.php | 2 +- sales/customer_delivery.php | 2 +- sales/customer_invoice.php | 2 +- sales/includes/db/branches_db.inc | 4 +- sales/includes/db/cust_trans_db.inc | 53 +++++++++---------- sales/includes/sales_ui.inc | 4 +- sales/inquiry/customer_inquiry.php | 3 +- sales/inquiry/sales_deliveries_view.php | 20 ++----- sales/manage/customer_branches.php | 4 +- sales/sales_order_entry.php | 2 +- 26 files changed, 118 insertions(+), 155 deletions(-) diff --git a/dimensions/includes/dimensions_db.inc b/dimensions/includes/dimensions_db.inc index 3bd30f3c..7331cc02 100644 --- a/dimensions/includes/dimensions_db.inc +++ b/dimensions/includes/dimensions_db.inc @@ -181,8 +181,8 @@ function get_dimension_balance($id, $from, $to) //-------------------------------------------------------------------------------------- -function get_sql_for_search_dimensions($dim) -{ +function get_sql_for_search_dimensions($dim, $from, $to, $order='', $type = -1, $open=false, $overdue = false) +{ $sql = "SELECT dim.id, dim.reference, dim.name, @@ -192,34 +192,30 @@ function get_sql_for_search_dimensions($dim) dim.closed FROM ".TB_PREF."dimensions as dim WHERE id > 0"; - if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "") + if ($order) { - $sql .= " AND reference LIKE ".db_escape("%". $_POST['OrderNumber'] . "%"); + $sql .= " AND reference LIKE ".db_escape("%". $order . "%"); } else { if ($dim == 1) $sql .= " AND type_=1"; - if (isset($_POST['OpenOnly'])) - { + if ($open) $sql .= " AND closed=0"; - } - if (isset($_POST['type_']) && ($_POST['type_'] > 0)) - { - $sql .= " AND type_=".db_escape($_POST['type_']); - } + if ($type > 0) + $sql .= " AND type_=".db_escape($type); - if (isset($_POST['OverdueOnly'])) + if ($overdue) { $today = date2sql(Today()); $sql .= " AND due_date < '$today'"; } - $sql .= " AND date_ >= '" . date2sql($_POST['FromDate']) . "' - AND date_ <= '" . date2sql($_POST['ToDate']) . "'"; + $sql .= " AND date_ >= '" . date2sql($from) . "' + AND date_ <= '" . date2sql($to) . "'"; } return $sql; -} +} ?> \ No newline at end of file diff --git a/dimensions/inquiry/search_dimensions.php b/dimensions/inquiry/search_dimensions.php index 8a333046..abca1200 100644 --- a/dimensions/inquiry/search_dimensions.php +++ b/dimensions/inquiry/search_dimensions.php @@ -121,7 +121,8 @@ function edit_link($row) "/dimensions/dimension_entry.php?trans_no=" . $row["id"], ICON_EDIT); } -$sql = get_sql_for_search_dimensions($dim); +$sql = get_sql_for_search_dimensions($dim, $_POST['FromDate'], $_POST['ToDate'], + $_POST['OrderNumber'], $_POST['type_'], $_POST['OpenOnly'], $_POST['OverdueOnly']); $cols = array( _("#") => array('fun'=>'view_link'), diff --git a/gl/includes/db/gl_db_rates.inc b/gl/includes/db/gl_db_rates.inc index 70ab230a..c37eaa03 100644 --- a/gl/includes/db/gl_db_rates.inc +++ b/gl/includes/db/gl_db_rates.inc @@ -218,11 +218,11 @@ function get_extern_rate($curr_b, $provider = 'ECB', $date) //----------------------------------------------------------------------------- -function get_sql_for_exchange_rates() +function get_sql_for_exchange_rates($curr) { $sql = "SELECT date_, rate_buy, id FROM " .TB_PREF."exchange_rates " - ."WHERE curr_code=".db_escape($_POST['curr_abrev'])." + ."WHERE curr_code=".db_escape($curr)." ORDER BY date_ DESC"; return $sql; } diff --git a/gl/manage/exchange_rates.php b/gl/manage/exchange_rates.php index 4ce1673c..fab38033 100644 --- a/gl/manage/exchange_rates.php +++ b/gl/manage/exchange_rates.php @@ -189,7 +189,7 @@ if ($_POST['curr_abrev'] != get_global_curr_code()) set_global_curr_code($_POST['curr_abrev']); -$sql = get_sql_for_exchange_rates(); +$sql = get_sql_for_exchange_rates($_POST['curr_abrev']); $cols = array( _("Date to Use From") => 'date', diff --git a/includes/lang/language.inc b/includes/lang/language.inc index 752c7e44..4bc98df5 100644 --- a/includes/lang/language.inc +++ b/includes/lang/language.inc @@ -13,7 +13,7 @@ if (isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) die("Restricted access"); @include_once($path_to_root . "/lang/installed_languages.inc"); -include_once($path_to_root . "/includes/lang/gettext.php"); +include_once($path_to_root . "/includes/lang/gettext.inc"); class language { diff --git a/manufacturing/includes/db/work_orders_db.inc b/manufacturing/includes/db/work_orders_db.inc index 24bf6e94..a2c302b6 100644 --- a/manufacturing/includes/db/work_orders_db.inc +++ b/manufacturing/includes/db/work_orders_db.inc @@ -53,7 +53,7 @@ function add_work_order($wo_ref, $loc_code, $units_reqd, $stock_id, //-------------------------------------------------------------------------------------- function update_work_order($woid, $loc_code, $units_reqd, $stock_id, - $date_, $required_by, $memo_) + $date_, $required_by, $memo_, $old_stock_id, $old_qty) { begin_transaction(); $args = func_get_args(); @@ -61,7 +61,7 @@ function update_work_order($woid, $loc_code, $units_reqd, $stock_id, 'date_', 'required_by', 'memo_'), $args); hook_db_prewrite($args, ST_WORKORDER); - add_material_cost($_POST['old_stk_id'], -$_POST['old_qty'], $date_); + add_material_cost($old_stock_id, -$old_qty, $date_); add_material_cost($stock_id, $units_reqd, $date_); $date = date2sql($date_); @@ -82,12 +82,12 @@ function update_work_order($woid, $loc_code, $units_reqd, $stock_id, commit_transaction(); } -function delete_work_order($woid) +function delete_work_order($woid, $stock_id, $qty, $date) { begin_transaction(); hook_db_prevoid(ST_WORKORDER, $woid); - add_material_cost($_POST['stock_id'], -$_POST['quantity'], $_POST['date_']); + add_material_cost($stock_id, -$qty, $date); // delete the work order requirements delete_wo_requirements($woid); @@ -97,7 +97,7 @@ function delete_work_order($woid) db_query($sql,"The work order could not be deleted"); delete_comments(ST_WORKORDER, $woid); - add_audit_trail(ST_WORKORDER, $woid, $_POST['date_'], _("Canceled.")); + add_audit_trail(ST_WORKORDER, $woid, $date, _("Canceled.")); commit_transaction(); } @@ -297,7 +297,7 @@ function void_work_order($woid) commit_transaction(); } -function get_sql_for_work_orders($outstanding_only, $all_items) +function get_sql_for_work_orders($outstanding_only, $stock_id, $location = ALL_TEXT, $order = '', $overdue = false) { $sql = "SELECT workorder.id, @@ -327,22 +327,22 @@ function get_sql_for_work_orders($outstanding_only, $all_items) $sql .= " AND workorder.closed=0"; } - if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items) + if ($location != ALL_TEXT) { - $sql .= " AND workorder.loc_code=".db_escape($_POST['StockLocation']); + $sql .= " AND workorder.loc_code=".db_escape($location); } - if (isset($_POST['OrderNumber']) && $_POST['OrderNumber'] != "") + if ($order != '') { - $sql .= " AND workorder.wo_ref LIKE ".db_escape('%'.$_POST['OrderNumber'].'%'); + $sql .= " AND workorder.wo_ref LIKE ".db_escape('%'.$order.'%'); } - if (isset($_POST['SelectedStockItem']) && $_POST['SelectedStockItem'] != $all_items) + if ($stock_id != '') { - $sql .= " AND workorder.stock_id=".db_escape($_POST['SelectedStockItem']); + $sql .= " AND workorder.stock_id=".db_escape($stock_id); } - if (check_value('OverdueOnly')) + if ($overdue) { $Today = date2sql(Today()); @@ -351,7 +351,7 @@ function get_sql_for_work_orders($outstanding_only, $all_items) return $sql; } -function get_sql_for_where_used() +function get_sql_for_where_used($stock_id) { $sql = "SELECT bom.parent, @@ -366,8 +366,8 @@ function get_sql_for_where_used() WHERE bom.parent = parent.stock_id AND bom.workcentre_added = workcentre.id AND bom.loc_code = location.loc_code - AND bom.component=".db_escape($_POST['stock_id']); - return $sql; + AND bom.component=".db_escape($stock_id); + return $sql; } //-------------------------------------------------------------------------------------- function get_gl_wo_cost($woid, $cost_type) diff --git a/manufacturing/inquiry/where_used_inquiry.php b/manufacturing/inquiry/where_used_inquiry.php index 10fce898..dc510cec 100644 --- a/manufacturing/inquiry/where_used_inquiry.php +++ b/manufacturing/inquiry/where_used_inquiry.php @@ -37,7 +37,7 @@ function select_link($row) "/manufacturing/manage/bom_edit.php?stock_id=" . $row["parent"]); } -$sql = get_sql_for_where_used(); +$sql = get_sql_for_where_used($_POST['stock_id']); $cols = array( _("Parent Item") => array('fun'=>'select_link'), diff --git a/manufacturing/search_work_orders.php b/manufacturing/search_work_orders.php index 7610a1cb..e276261f 100644 --- a/manufacturing/search_work_orders.php +++ b/manufacturing/search_work_orders.php @@ -153,7 +153,8 @@ function dec_amount($row, $amount) return number_format2($amount, $row['decimals']); } -$sql = get_sql_for_work_orders($outstanding_only, $all_items); +$sql = get_sql_for_work_orders($outstanding_only, $_POST['SelectedStockItem'], $_POST['StockLocation'], + $_POST['OrderNumber'], check_value('OverdueOnly')); $cols = array( _("#") => array('fun'=>'view_link', 'ord'=>''), diff --git a/manufacturing/work_order_entry.php b/manufacturing/work_order_entry.php index 5c27369b..b9cfcba0 100644 --- a/manufacturing/work_order_entry.php +++ b/manufacturing/work_order_entry.php @@ -275,7 +275,8 @@ if (isset($_POST['UPDATE_ITEM']) && can_process()) { update_work_order($selected_id, $_POST['StockLocation'], input_num('quantity'), - $_POST['stock_id'], $_POST['date_'], $_POST['RequDate'], $_POST['memo_']); + $_POST['stock_id'], $_POST['date_'], $_POST['RequDate'], $_POST['memo_'], + $_POST['old_stk_id'], $_POST['old_qty']); new_doc_date($_POST['date_']); meta_forward($_SERVER['PHP_SELF'], "UpdatedID=$selected_id"); } @@ -301,7 +302,7 @@ if (isset($_POST['delete'])) { //ie not cancelled the delete as a result of above tests // delete the actual work order - delete_work_order($selected_id); + delete_work_order($selected_id, $_POST['stock_id'], $_POST['quantity'], $_POST['date_']); meta_forward($_SERVER['PHP_SELF'], "DeletedID=$selected_id"); } } diff --git a/purchasing/includes/db/po_db.inc b/purchasing/includes/db/po_db.inc index a097db46..b33a2fa0 100644 --- a/purchasing/includes/db/po_db.inc +++ b/purchasing/includes/db/po_db.inc @@ -258,9 +258,9 @@ function get_short_info($stock_id) return db_query($sql,"The stock details for " . $stock_id . " could not be retrieved"); } -function get_sql_for_po_search_completed($supplier_id=ALL_TEXT) +function get_sql_for_po_search_completed($from, $to, $supplier_id=ALL_TEXT, $location=ALL_TEXT, + $order_number = '', $stock_id = '') { - global $order_number, $selected_stock_item;; $sql = "SELECT porder.order_no, @@ -280,8 +280,8 @@ function get_sql_for_po_search_completed($supplier_id=ALL_TEXT) AND porder.supplier_id = supplier.supplier_id AND location.loc_code = porder.into_stock_location "; - if (isset($_GET['supplier_id'])) - $sql .= "AND supplier.supplier_id=".@$_GET['supplier_id']." "; + if ($supplier_id != ALL_TEXT) + $sql .= "AND supplier.supplier_id=".$supplier_id." "; if (isset($order_number) && $order_number != "") { $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%'); @@ -289,30 +289,30 @@ function get_sql_for_po_search_completed($supplier_id=ALL_TEXT) else { - $data_after = date2sql($_POST['OrdersAfterDate']); - $date_before = date2sql($_POST['OrdersToDate']); + $data_after = date2sql($from); + $date_before = date2sql($to); $sql .= " AND porder.ord_date >= '$data_after'"; $sql .= " AND porder.ord_date <= '$date_before'"; - if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT) + if ($location != ALL_TEXT) { - $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']); + $sql .= " AND porder.into_stock_location = ".db_escape($location); } if (isset($selected_stock_item)) { - $sql .= " AND line.item_code=".db_escape($selected_stock_item); + $sql .= " AND line.item_code=".db_escape($stock_id); } if ($supplier_id != ALL_TEXT) $sql .= " AND supplier.supplier_id=".db_escape($supplier_id); - - } //end not order number selected + + } $sql .= " GROUP BY porder.order_no"; return $sql; -} +} -function get_sql_for_po_search($supplier_id=ALL_TEXT) +function get_sql_for_po_search($from, $to, $supplier_id=ALL_TEXT, $location=ALL_TEXT) { global $all_items, $order_number, $selected_stock_item;; @@ -343,15 +343,15 @@ function get_sql_for_po_search($supplier_id=ALL_TEXT) } else { - $data_after = date2sql($_POST['OrdersAfterDate']); - $data_before = date2sql($_POST['OrdersToDate']); + $data_after = date2sql($from); + $data_before = date2sql($to); $sql .= " AND porder.ord_date >= '$data_after'"; $sql .= " AND porder.ord_date <= '$data_before'"; - if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items) + if ($location != ALL_TEXT) { - $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']); + $sql .= " AND porder.into_stock_location = ".db_escape($location); } if (isset($selected_stock_item)) diff --git a/purchasing/includes/db/suppalloc_db.inc b/purchasing/includes/db/suppalloc_db.inc index dc7119db..b095de77 100644 --- a/purchasing/includes/db/suppalloc_db.inc +++ b/purchasing/includes/db/suppalloc_db.inc @@ -252,10 +252,10 @@ function get_allocatable_from_supp_transactions($supplier_id, $trans_no=null, $t } -function get_sql_for_supplier_allocation_inquiry() +function get_sql_for_supplier_allocation_inquiry($from, $to, $filter, $supplier_id, $all=false) { - $date_after = date2sql($_POST['TransAfterDate']); - $date_to = date2sql($_POST['TransToDate']); + $date_after = date2sql($from); + $date_to = date2sql($to); $sql = "SELECT trans.type, @@ -277,31 +277,32 @@ function get_sql_for_supplier_allocation_inquiry() AND trans.tran_date >= '$date_after' AND trans.tran_date <= '$date_to'"; - if ($_POST['supplier_id'] != ALL_TEXT) - $sql .= " AND trans.supplier_id = ".db_escape($_POST['supplier_id']); - if (isset($_POST['filterType']) && $_POST['filterType'] != ALL_TEXT) + if ($supplier_id != ALL_TEXT) + $sql .= " AND trans.supplier_id = ".db_escape($supplier_id); + + if ($filter != ALL_TEXT) { - if (($_POST['filterType'] == '1') || ($_POST['filterType'] == '2')) + if (($filter == '1') || ($filter == '2')) { $sql .= " AND trans.type = ".ST_SUPPINVOICE." "; } - elseif ($_POST['filterType'] == '3') + elseif ($filter == '3') { $sql .= " AND trans.type = ".ST_SUPPAYMENT." "; } - elseif (($_POST['filterType'] == '4') || ($_POST['filterType'] == '5')) + elseif (($filter == '4') || ($filter == '5')) { $sql .= " AND trans.type = ".ST_SUPPCREDIT." "; } - if (($_POST['filterType'] == '2') || ($_POST['filterType'] == '5')) + if (($filter == '2') || ($filter == '5')) { $today = date2sql(Today()); $sql .= " AND trans.due_date < '$today' "; } } - if (!check_value('showSettled')) + if (!$all) { $sql .= " AND (round(abs(ov_amount + ov_gst + ov_discount) - alloc,6) != 0) "; } diff --git a/purchasing/includes/db/suppliers_db.inc b/purchasing/includes/db/suppliers_db.inc index 61cf2bdc..cab8eace 100644 --- a/purchasing/includes/db/suppliers_db.inc +++ b/purchasing/includes/db/suppliers_db.inc @@ -19,7 +19,7 @@ function add_supplier($supp_name, $supp_ref, $address, $supp_address, $gst_no, supp_account_no, bank_account, credit_limit, dimension_id, dimension2_id, curr_code, payment_terms, payable_account, purchase_account, payment_discount_account, notes, tax_group_id, tax_included, tax_algorithm) - VALUES (".db_escape($_POST['supp_name']). ", " + VALUES (".db_escape($supp_name). ", " .db_escape($supp_ref). ", " .db_escape($address) . ", " .db_escape($supp_address) . ", " diff --git a/purchasing/inquiry/po_search.php b/purchasing/inquiry/po_search.php index 399e3e86..cf9a80b6 100644 --- a/purchasing/inquiry/po_search.php +++ b/purchasing/inquiry/po_search.php @@ -112,18 +112,9 @@ if (isset($_POST['order_number']) && ($_POST['order_number'] != "")) $order_number = $_POST['order_number']; } -if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") && - ($_POST['SelectStockFromList'] != $all_items)) -{ - $selected_stock_item = $_POST['SelectStockFromList']; -} -else -{ - unset($selected_stock_item); -} - //figure out the sql required from the inputs available -$sql = get_sql_for_po_search($_POST['supplier_id']); +$sql = get_sql_for_po_search($_POST['OrdersAfterDate'], $_POST['OrdersToDate'], $_POST['supplier_id'], + $_POST['StockLocation']); //$result = db_query($sql,"No orders were returned"); diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php index 31c77426..6a40d9e7 100644 --- a/purchasing/inquiry/po_search_completed.php +++ b/purchasing/inquiry/po_search_completed.php @@ -25,7 +25,7 @@ page(_($help_context = "Search Purchase Orders"), false, false, "", $js); if (isset($_GET['order_number'])) { - $order_number = $_GET['order_number']; + $_POST['order_number'] = $_GET['order_number']; } //----------------------------------------------------------------------------------- @@ -78,22 +78,7 @@ submit_cells('SearchOrders', _("Search"),'',_('Select documents'), 'default'); end_row(); end_table(1); //--------------------------------------------------------------------------------------------- -if (isset($_POST['order_number'])) -{ - $order_number = $_POST['order_number']; -} - -if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") && - ($_POST['SelectStockFromList'] != ALL_TEXT)) -{ - $selected_stock_item = $_POST['SelectStockFromList']; -} -else -{ - unset($selected_stock_item); -} -//--------------------------------------------------------------------------------------------- function trans_view($trans) { return get_trans_view_str(ST_PURCHORDER, $trans["order_no"]); @@ -117,7 +102,9 @@ function prt_link($row) //--------------------------------------------------------------------------------------------- -$sql = get_sql_for_po_search_completed(!@$_GET['popup'] ? $_POST['supplier_id'] : ALL_TEXT); +$sql = get_sql_for_po_search_completed(get_post('OrdersAfterDate'), get_post('OrdersToDate'), + @$_GET['popup'] ? ALL_TEXT : get_post('supplier_id'), + get_post('StockLocation'), get_post('order_number'), get_post('SelectStockFromList')); $cols = array( _("#") => array('fun'=>'trans_view', 'ord'=>''), diff --git a/purchasing/inquiry/supplier_allocation_inquiry.php b/purchasing/inquiry/supplier_allocation_inquiry.php index 6e4bcf88..eea7418d 100644 --- a/purchasing/inquiry/supplier_allocation_inquiry.php +++ b/purchasing/inquiry/supplier_allocation_inquiry.php @@ -120,7 +120,8 @@ function fmt_credit($row) } //------------------------------------------------------------------------------------------------ -$sql = get_sql_for_supplier_allocation_inquiry(); +$sql = get_sql_for_supplier_allocation_inquiry($_POST['TransAfterDate'],$_POST['TransToDate'], + $_POST['filterType'], $_POST['supplier_id'], check_value('showSettled')); $cols = array( _("Type") => array('fun'=>'systype_name'), diff --git a/sales/credit_note_entry.php b/sales/credit_note_entry.php index 5fa56cc3..7ef6ea74 100644 --- a/sales/credit_note_entry.php +++ b/sales/credit_note_entry.php @@ -78,7 +78,7 @@ if (isset($_GET['AddedID'])) { display_footer_exit(); } else - check_edit_conflicts(); + check_edit_conflicts(get_post('cart_id')); //-------------------------------------------------------------------------------- diff --git a/sales/customer_credit_invoice.php b/sales/customer_credit_invoice.php index 2b31654a..2bb122dd 100644 --- a/sales/customer_credit_invoice.php +++ b/sales/customer_credit_invoice.php @@ -78,7 +78,7 @@ if (isset($_GET['AddedID'])) { display_footer_exit(); } else - check_edit_conflicts(); + check_edit_conflicts(get_post('cart_id')); //----------------------------------------------------------------------------- diff --git a/sales/customer_delivery.php b/sales/customer_delivery.php index fa7fc581..605df691 100644 --- a/sales/customer_delivery.php +++ b/sales/customer_delivery.php @@ -138,7 +138,7 @@ if (isset($_GET['OrderNumber']) && $_GET['OrderNumber'] > 0) { exit; } else { - check_edit_conflicts(); + check_edit_conflicts(get_post('cart_id')); if (!check_quantities()) { display_error(_("Selected quantity cannot be less than quantity invoiced nor more than quantity not dispatched on sales order.")); diff --git a/sales/customer_invoice.php b/sales/customer_invoice.php index 66f676e6..945ce9f1 100644 --- a/sales/customer_invoice.php +++ b/sales/customer_invoice.php @@ -48,7 +48,7 @@ page($_SESSION['page_title'], false, false, "", $js); //----------------------------------------------------------------------------- -check_edit_conflicts(); +check_edit_conflicts(get_post('cart_id')); if (isset($_GET['AddedID'])) { diff --git a/sales/includes/db/branches_db.inc b/sales/includes/db/branches_db.inc index 09b1fbe4..c0da80db 100644 --- a/sales/includes/db/branches_db.inc +++ b/sales/includes/db/branches_db.inc @@ -139,7 +139,7 @@ function get_default_info_for_branch($customer_id) return db_fetch($result); } -function get_sql_for_customer_branches() +function get_sql_for_customer_branches($customer_id) { $sql = "SELECT " ."b.branch_code, " @@ -163,7 +163,7 @@ function get_sql_for_customer_branches() WHERE b.tax_group_id=t.id AND b.area=a.area_code AND b.salesman=s.salesman_code - AND b.debtor_no = ".db_escape($_POST['customer_id']); + AND b.debtor_no = ".db_escape($customer_id); if (!get_post('show_inactive')) $sql .= " AND !b.inactive"; $sql .= " GROUP BY b.branch_code ORDER BY branch_ref"; diff --git a/sales/includes/db/cust_trans_db.inc b/sales/includes/db/cust_trans_db.inc index b63ff123..fd52d9ce 100644 --- a/sales/includes/db/cust_trans_db.inc +++ b/sales/includes/db/cust_trans_db.inc @@ -285,11 +285,10 @@ function post_void_customer_trans($type, $type_no) } //---------------------------------------------------------------------------------------- - -function get_sql_for_customer_inquiry() +function get_sql_for_customer_inquiry($from, $to, $cust_id = ALL_TEXT, $filter = ALL_TEXT) { - $date_after = date2sql($_POST['TransAfterDate']); - $date_to = date2sql($_POST['TransToDate']); + $date_after = date2sql($from); + $date_to = date2sql($to); $sql = "SELECT trans.type, @@ -303,7 +302,7 @@ function get_sql_for_customer_inquiry() debtor.curr_code, (trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount) AS TotalAmount, "; - if ($_POST['filterType'] != ALL_TEXT) + if ($filter != ALL_TEXT) $sql .= "@bal := @bal+(trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount), "; // else @@ -325,34 +324,34 @@ function get_sql_for_customer_inquiry() AND trans.tran_date <= '$date_to' AND trans.branch_code = branch.branch_code"; - if ($_POST['customer_id'] != ALL_TEXT) - $sql .= " AND trans.debtor_no = ".db_escape($_POST['customer_id']); + if ($cust_id != ALL_TEXT) + $sql .= " AND trans.debtor_no = ".db_escape($cust_id); - if ($_POST['filterType'] != ALL_TEXT) + if ($filter != ALL_TEXT) { - if ($_POST['filterType'] == '1') + if ($filter == '1') { $sql .= " AND (trans.type = ".ST_SALESINVOICE.") "; } - elseif ($_POST['filterType'] == '2') + elseif ($filter == '2') { $sql .= " AND (trans.type = ".ST_SALESINVOICE.") "; } - elseif ($_POST['filterType'] == '3') + elseif ($filter == '3') { $sql .= " AND (trans.type = " . ST_CUSTPAYMENT ." OR trans.type = ".ST_BANKDEPOSIT." OR trans.type = ".ST_BANKPAYMENT.") "; } - elseif ($_POST['filterType'] == '4') + elseif ($filter == '4') { $sql .= " AND trans.type = ".ST_CUSTCREDIT." "; } - elseif ($_POST['filterType'] == '5') + elseif ($filter == '5') { $sql .= " AND trans.type = ".ST_CUSTDELIVERY." "; } - if ($_POST['filterType'] == '2') + if ($filter == '2') { $today = date2sql(Today()); $sql .= " AND trans.due_date < '$today' @@ -365,7 +364,7 @@ function get_sql_for_customer_inquiry() return $sql; } -function get_sql_for_sales_deliveries_view($selected_customer, $selected_stock_item=null, $customer_id=ALL_TEXT) +function get_sql_for_sales_deliveries_view($from, $to, $customer_id, $stock_item, $location, $delivery, $outstanding=false) { $sql = "SELECT trans.trans_no, debtor.name, @@ -395,33 +394,29 @@ function get_sql_for_sales_deliveries_view($selected_customer, $selected_stock_i AND trans.branch_code = branch.branch_code AND trans.debtor_no = branch.debtor_no "; - if ($_POST['OutstandingOnly'] == true) { + if ($outstanding == true) { $sql .= " AND line.qty_done < line.quantity "; } //figure out the sql required from the inputs available - if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "") + if ($delivery) { - $delivery = "%".$_POST['DeliveryNumber']; - $sql .= " AND trans.trans_no LIKE ".db_escape($delivery); + $sql .= " AND trans.trans_no LIKE %".db_escape($delivery); $sql .= " GROUP BY trans.trans_no"; } else { - $sql .= " AND trans.tran_date >= '".date2sql($_POST['DeliveryAfterDate'])."'"; - $sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'"; + $sql .= " AND trans.tran_date >= '".date2sql($from)."'"; + $sql .= " AND trans.tran_date <= '".date2sql($to)."'"; - if ($selected_customer != -1) - $sql .= " AND trans.debtor_no=".db_escape($selected_customer)." "; + if ($stock_item) + $sql .= " AND line.stock_id=".db_escape($stock_item)." "; - if (isset($selected_stock_item)) - $sql .= " AND line.stock_id=".db_escape($selected_stock_item)." "; + if ($location != ALL_TEXT) + $sql .= " AND sorder.from_stk_loc = ".db_escape($location)." "; - if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT) - $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." "; - if ($customer_id != ALL_TEXT) - $sql .= " AND trans.debtor_no = ".db_escape($customer_id); + $sql .= " AND trans.debtor_no = ".db_escape($customer_id); $sql .= " GROUP BY trans.trans_no "; diff --git a/sales/includes/sales_ui.inc b/sales/includes/sales_ui.inc index 8c56d4d3..9a5cc403 100644 --- a/sales/includes/sales_ui.inc +++ b/sales/includes/sales_ui.inc @@ -42,11 +42,11 @@ function processing_active() Check if the cart was not destroyed during opening the edition page in another browser tab. */ -function check_edit_conflicts($cartname='Items') +function check_edit_conflicts($cart_id, $cartname='Items') { global $Ajax, $no_check_edit_conflicts; - if ((!isset($no_check_edit_conflicts) || $no_check_edit_conflicts==0) && get_post('cart_id') && $_POST['cart_id'] != $_SESSION[$cartname]->cart_id) { + if ((!isset($no_check_edit_conflicts) || $no_check_edit_conflicts==0) && get_post('cart_id') && $cart_id != $_SESSION[$cartname]->cart_id) { display_error(_('This edit session has been abandoned by opening sales document in another browser tab. You cannot edit more than one sales document at once.')); $Ajax->activate('_page_body'); display_footer_exit(); diff --git a/sales/inquiry/customer_inquiry.php b/sales/inquiry/customer_inquiry.php index 43561213..5687d0fc 100644 --- a/sales/inquiry/customer_inquiry.php +++ b/sales/inquiry/customer_inquiry.php @@ -191,7 +191,8 @@ function check_overdue($row) && floatcmp($row["TotalAmount"], $row["Allocated"]) != 0; } //------------------------------------------------------------------------------------------------ -$sql = get_sql_for_customer_inquiry(); +$sql = get_sql_for_customer_inquiry(get_post('TransAfterDate'), get_post('TransToDate'), + get_post('customer_id'), get_post('filterType')); //------------------------------------------------------------------------------------------------ db_query("set @bal:=0"); diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php index 91787385..b4d9924b 100644 --- a/sales/inquiry/sales_deliveries_view.php +++ b/sales/inquiry/sales_deliveries_view.php @@ -36,14 +36,12 @@ else if (isset($_GET['selected_customer'])) { - $selected_customer = $_GET['selected_customer']; + $_POST['customer_id'] = $_GET['selected_customer']; } elseif (isset($_POST['selected_customer'])) { - $selected_customer = $_POST['selected_customer']; + $_POST['customer_id'] = $_POST['selected_customer']; } -else - $selected_customer = -1; if (isset($_POST['BatchInvoice'])) { @@ -124,17 +122,6 @@ end_row(); end_table(1); //--------------------------------------------------------------------------------------------- -if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") && - ($_POST['SelectStockFromList'] != ALL_TEXT)) -{ - $selected_stock_item = $_POST['SelectStockFromList']; -} -else -{ - $selected_stock_item = null; -} - -//--------------------------------------------------------------------------------------------- function trans_view($trans, $trans_no) { return get_customer_trans_view_str(ST_CUSTDELIVERY, $trans['trans_no']); @@ -175,7 +162,8 @@ function check_overdue($row) $row["Outstanding"]!=0; } //------------------------------------------------------------------------------------------------ -$sql = get_sql_for_sales_deliveries_view($selected_customer, $selected_stock_item, $_POST['customer_id']); +$sql = get_sql_for_sales_deliveries_view(get_post('DeliveryAfterDate'), get_post('DeliveryToDate'), get_post('customer_id'), + get_post('SelectStockFromList'), get_post('StockLocation'), get_post('DeliveryNumber'), get_post('OutstandingOnly')); $cols = array( _("Delivery #") => array('fun'=>'trans_view'), diff --git a/sales/manage/customer_branches.php b/sales/manage/customer_branches.php index 374d2f57..d11915c6 100644 --- a/sales/manage/customer_branches.php +++ b/sales/manage/customer_branches.php @@ -283,9 +283,9 @@ echo "
" . _("Select a customer: ") . "  "; echo customer_list('customer_id', null, false, true); echo "

"; -$num_branches = db_customer_has_branches($_POST['customer_id']); +$num_branches = db_customer_has_branches(get_post('customer_id')); -$sql = get_sql_for_customer_branches(); +$sql = get_sql_for_customer_branches(get_post('customer_id')); //------------------------------------------------------------------------------------------------ if ($num_branches) diff --git a/sales/sales_order_entry.php b/sales/sales_order_entry.php index ecca77d0..f74d4ead 100644 --- a/sales/sales_order_entry.php +++ b/sales/sales_order_entry.php @@ -244,7 +244,7 @@ if (isset($_GET['AddedID'])) { display_footer_exit(); } else - check_edit_conflicts(); + check_edit_conflicts(get_post('cart_id')); //----------------------------------------------------------------------------- function copy_to_cart() -- 2.30.2