projects / fa-stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security statements update against sql injection attacks.
[fa-stable.git] / purchasing / includes / db / grn_db.inc
1 <?php
2 /**********************************************************************
3     Copyright (C) FrontAccounting, LLC.
4         Released under the terms of the GNU General Public License, GPL, 
5         as published by the Free Software Foundation, either version 3 
6         of the License, or (at your option) any later version.
7     This program is distributed in the hope that it will be useful,
8     but WITHOUT ANY WARRANTY; without even the implied warranty of
9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
12 //------------------- update average material cost ------------------------------------------ Joe Hunt Mar-03-2008
13
14 function update_average_material_cost($supplier, $stock_id, $price, $qty, $date, $adj_only=false)
15 {
16         if ($supplier != null)
17                 $currency = get_supplier_currency($supplier);
18         else
19                 $currency = null;
20         if ($currency != null)
21                 $price_in_home_currency = to_home_currency($price, $currency, $date);
22         else
23                 $price_in_home_currency = $price;
24         $sql = "SELECT material_cost FROM ".TB_PREF."stock_master WHERE stock_id=".db_escape($stock_id);
25         $result = db_query($sql);
26         $myrow = db_fetch($result);
27         $material_cost = $myrow['material_cost'];
28         if ($adj_only)
29                 $exclude = 13;
30         else
31                 $exclude = 0;
32         $qoh = get_qoh_on_date($stock_id, null, $date, $exclude);
33
34         if ($adj_only)
35         {
36                 if ($qoh <= 0)
37                         $material_cost = 0;
38                 else
39                         $material_cost = ($qoh * $material_cost + $qty * $price_in_home_currency) /     $qoh;
40         }
41         elseif ($qoh + $qty <= 0)
42                 $material_cost = 0;
43         else
44                 $material_cost = ($qoh * $material_cost + $qty * $price_in_home_currency) /     ($qoh + $qty);
45
46         $sql = "UPDATE ".TB_PREF."stock_master SET material_cost=".db_escape($material_cost)."
47                 WHERE stock_id=".db_escape($stock_id);
48         db_query($sql,"The cost details for the inventory item could not be updated");
49         return $material_cost;
50 }
51
52 //-------------------------------------------------------------------------------------------------------------
53
54 function add_grn(&$po, $date_, $reference, $location)
55 {
56         begin_transaction();
57
58         $grn = add_grn_batch($po->order_no, $po->supplier_id, $reference, $location, $date_);
59
60         foreach ($po->line_items as $order_line)
61         {
62
63                 if ($order_line->receive_qty != 0 && $order_line->receive_qty != "" && isset($order_line->receive_qty))
64                 {
65
66                         /*Update sales_order_details for the new quantity received and the standard cost used for postings to GL and recorded in the stock movements for FIFO/LIFO stocks valuations*/
67
68                         //------------------- update average material cost ------------------------------------------ Joe Hunt Mar-03-2008
69                         update_average_material_cost($po->supplier_id, $order_line->stock_id, $order_line->price,
70                                 $order_line->receive_qty, $date_);
71                         //----------------------------------------------------------------------------------------------------------------
72                         if ($order_line->qty_received == 0)
73                         {
74                                 /*This must be the first receipt of goods against this line */
75                                 /*Need to get the standard cost as it is now so we can process GL jorunals later*/
76                                 $order_line->standard_cost = get_standard_cost($order_line->stock_id);
77                         }
78                         // added 2008-12-08 Joe Hunt. Update the purchase data table
79                         add_or_update_purchase_data($po->supplier_id, $order_line->stock_id, $order_line->price, 
80                                 $order_line->item_description); 
81
82                         /*Need to insert a grn item */
83
84                         $grn_item = add_grn_detail_item($grn, $order_line->po_detail_rec,
85                                 $order_line->stock_id, $order_line->item_description,
86                                 $order_line->standard_cost,     $order_line->receive_qty, $order_line->price);
87
88                         /* Update location stock records - NB  a po cannot be entered for a service/kit parts */
89             add_stock_move(25, $order_line->stock_id, $grn, $location, $date_, "",
90                 $order_line->receive_qty, $order_line->standard_cost,
91                 $po->supplier_id, 1, $order_line->price);
92
93                 } /*quantity received is != 0 */
94         } /*end of order_line loop */
95
96         references::save_last($reference, 25);
97
98         commit_transaction();
99
100         return $grn;
101 }
102
103 //----------------------------------------------------------------------------------------
104
105 function add_grn_batch($po_number, $supplier_id, $reference, $location, $date_)
106 {
107         $date = date2sql($date_);
108
109         $sql = "INSERT INTO ".TB_PREF."grn_batch (purch_order_no, delivery_date, supplier_id, reference, loc_code)
110                         VALUES (".db_escape($po_number).", ".db_escape($date).", "
111                         .db_escape($supplier_id).", ".db_escape($reference).", ".db_escape($location).")";
112
113         db_query($sql, "A grn batch record could not be inserted.");
114
115         return db_insert_id();
116 }
117
118 //-------------------------------------------------------------------------------------------------------------
119
120 function add_grn_detail_item($grn_batch_id, $po_detail_item, $item_code, $description, $standard_unit_cost,
121         $quantity_received, $price)
122 {
123         $sql = "UPDATE ".TB_PREF."purch_order_details
124         SET quantity_received = quantity_received + ".db_escape($quantity_received).",
125         std_cost_unit=".db_escape($standard_unit_cost).",
126         act_price=".db_escape($price)."
127         WHERE po_detail_item = ".db_escape($po_detail_item);
128
129         db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
130
131         $sql = "INSERT INTO ".TB_PREF."grn_items (grn_batch_id, po_detail_item, item_code, description, qty_recd)
132                 VALUES (".db_escape($grn_batch_id).", "
133                 .db_escape($po_detail_item).", ".db_escape($item_code).", ".db_escape($description)
134                 .", ".db_escape($quantity_received).")";
135
136         db_query($sql, "A GRN detail item could not be inserted.");
137
138         return db_insert_id();
139 }
140
141 //----------------------------------------------------------------------------------------
142 function get_grn_batch_from_item($item)
143 {
144         $sql = "SELECT grn_batch_id FROM ".TB_PREF."grn_items WHERE id=".db_escape($item);
145         $result = db_query($sql, "Could not retreive GRN batch id");
146         $row = db_fetch_row($result);
147         return $row[0];
148 }
149
150 function get_grn_batch($grn)
151 {
152         $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn);
153         $result = db_query($sql, "Could not retreive GRN batch id");
154         return db_fetch($result);
155 }
156
157 function set_grn_item_credited(&$entered_grn, $supplier, $transno, $date)
158 {
159         $mcost = update_average_material_cost($supplier, $entered_grn->item_code,
160                 $entered_grn->chg_price, $entered_grn->this_quantity_inv, $date);
161
162         $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*
163         FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items
164         WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
165                 AND ".TB_PREF."grn_items.id=".db_escape($entered_grn->id)."
166         AND ".TB_PREF."grn_items.item_code=".db_escape($entered_grn->item_code);
167         $result = db_query($sql, "Could not retreive GRNS");
168         $myrow = db_fetch($result);
169
170         $sql = "UPDATE ".TB_PREF."purch_order_details
171         SET quantity_received = quantity_received + "
172                 .db_escape($entered_grn->this_quantity_inv).",
173         quantity_ordered = quantity_ordered + "
174         .db_escape($entered_grn->this_quantity_inv).",
175         qty_invoiced = qty_invoiced + ".db_escape($entered_grn->this_quantity_inv).",
176         std_cost_unit=".db_escape($mcost).",
177         act_price=".db_escape($entered_grn->chg_price)."
178         WHERE po_detail_item = ".$myrow["po_detail_item"];
179         db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
180
181         //$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0 WHERE id=$entered_grn->id";
182         $sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=qty_recd+".db_escape($entered_grn->this_quantity_inv)
183         .",quantity_inv=quantity_inv+".db_escape($entered_grn->this_quantity_inv)
184         ." WHERE id=".db_escape($entered_grn->id);
185         db_query($sql);
186
187     add_stock_move(21, $entered_grn->item_code, $transno, $myrow['loc_code'], $date, "",
188         $entered_grn->this_quantity_inv, $mcost, $supplier, 1, $entered_grn->chg_price);
189 }
190
191 function get_grn_items($grn_batch_id=0, $supplier_id="", $outstanding_only=false,
192         $is_invoiced_only=false, $invoice_no=0, $begin="", $end="")
193 {
194     $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*, "
195         .TB_PREF."purch_order_details.unit_price,
196                 ".TB_PREF."purch_order_details.std_cost_unit, units
197         FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items, "
198         .TB_PREF."purch_order_details, ".TB_PREF."stock_master";
199     if ($invoice_no != 0)
200         $sql .= ", ".TB_PREF."supp_invoice_items";
201     $sql .= " WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
202                 AND ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item";
203         if ($invoice_no != 0)
204                 $sql .= " AND ".TB_PREF."supp_invoice_items.supp_trans_type=20 AND 
205                         ".TB_PREF."supp_invoice_items.supp_trans_no=$invoice_no AND
206                         ".TB_PREF."grn_items.id=".TB_PREF."supp_invoice_items.grn_item_id";
207         $sql .= " AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code ";
208
209         if ($begin != "")
210                 $sql .= " AND ".TB_PREF."grn_batch.delivery_date>='".date2sql($begin)."'";
211         if ($end != "")
212                 $sql .= " AND ".TB_PREF."grn_batch.delivery_date<='".date2sql($end)."'";
213         if ($grn_batch_id != 0)
214                 $sql .= " AND ".TB_PREF."grn_batch.id=".db_escape($grn_batch_id)
215                         ." AND ".TB_PREF."grn_items.grn_batch_id=".db_escape($grn_batch_id);
216
217         if ($is_invoiced_only)
218                 $sql .= " AND ".TB_PREF."grn_items.quantity_inv > 0";
219
220         if ($outstanding_only)
221         $sql .= " AND ".TB_PREF."grn_items.qty_recd - ".TB_PREF."grn_items.quantity_inv > 0";
222
223         if ($supplier_id != "")
224                 $sql .= " AND ".TB_PREF."grn_batch.supplier_id =".db_escape($supplier_id);
225
226         $sql .= " ORDER BY ".TB_PREF."grn_batch.delivery_date, ".TB_PREF."grn_batch.id, ".TB_PREF."grn_items.id";
227
228         return db_query($sql, "Could not retreive GRNS");
229 }
230
231 //----------------------------------------------------------------------------------------
232
233 // get the details for a given grn item
234
235 function get_grn_item_detail($grn_item_no)
236 {
237         $sql = "SELECT ".TB_PREF."grn_items.*, ".TB_PREF."purch_order_details.unit_price,
238         ".TB_PREF."grn_items.qty_recd - ".TB_PREF."grn_items.quantity_inv AS QtyOstdg,
239         ".TB_PREF."purch_order_details.std_cost_unit
240                 FROM ".TB_PREF."grn_items, ".TB_PREF."purch_order_details, ".TB_PREF."stock_master
241                 WHERE ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item
242                         AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code
243                         AND ".TB_PREF."grn_items.id=".db_escape($grn_item_no);
244
245         $result = db_query($sql, "could not retreive grn item details");
246         return db_fetch($result);
247 }
248
249 //----------------------------------------------------------------------------------------
250
251 function read_grn_items_to_order($grn_batch, &$order)
252 {
253         $result = get_grn_items($grn_batch);
254
255         if (db_num_rows($result) > 0)
256         {
257
258                 while ($myrow = db_fetch($result))
259                 {
260
261                         if (is_null($myrow["units"]))
262                         {
263                                 $units = "";
264                         }
265                         else
266                         {
267                                 $units = $myrow["units"];
268                         }
269
270                         $order->add_to_order($order->lines_on_order+1, $myrow["item_code"],
271                                 1,$myrow["description"], $myrow["unit_price"],$units,
272                                 sql2date($myrow["delivery_date"]), $myrow["quantity_inv"],
273                                 $myrow["qty_recd"]);
274
275                         $order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"];
276                 } /* line po from purchase order details */
277         } //end of checks on returned data set
278 }
279
280 //----------------------------------------------------------------------------------------
281
282 // read a grn into an order class
283
284 function read_grn($grn_batch, &$order)
285 {
286         $sql= "SELECT * FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
287
288         $result = db_query($sql, "The grn sent is not valid");
289
290         $row = db_fetch($result);
291         $po_number = $row["purch_order_no"];
292
293         $result = read_po_header($po_number, $order);
294
295         if ($result)
296         {
297
298                 $order->orig_order_date = sql2date($row["delivery_date"]);
299                 $order->location = $row["loc_code"];
300                 $order->reference = $row["reference"];
301
302                 read_grn_items_to_order($grn_batch, $order);
303         }
304 }
305
306 //----------------------------------------------------------------------------------------------------------
307
308 // get the GRNs (batch info not details) for a given po number
309
310 function get_po_grns($po_number)
311 {
312     $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE purch_order_no=".db_escape($po_number);
313
314         return db_query($sql, "The grns for the po $po_number could not be retreived");
315 }
316
317 //----------------------------------------------------------------------------------------------------------
318
319 function exists_grn($grn_batch)
320 {
321         $sql = "SELECT id FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
322         $result = db_query($sql, "Cannot retreive a grn");
323
324     return (db_num_rows($result) > 0);
325 }
326
327 //----------------------------------------------------------------------------------------------------------
328
329 function exists_grn_on_invoices($grn_batch)
330 {
331         $sql = "SELECT ".TB_PREF."supp_invoice_items.id FROM ".TB_PREF."supp_invoice_items,".TB_PREF."grn_items
332                 WHERE ".TB_PREF."supp_invoice_items.grn_item_id=".TB_PREF."grn_items.id
333                 AND quantity != 0
334                 AND grn_batch_id=".db_escape($grn_batch);
335         $result = db_query($sql, "Cannot query GRNs");
336
337     return (db_num_rows($result) > 0);
338 }
339
340 //----------------------------------------------------------------------------------------------------------
341
342 function void_grn($grn_batch)
343 {
344         // if this grn is references on any invoices/credit notes, then it
345         // can't be voided
346         if (exists_grn_on_invoices($grn_batch))
347                 return false;
348
349         begin_transaction();
350
351         void_bank_trans(25, $grn_batch, true);
352         void_gl_trans(25, $grn_batch, true);
353
354         // clear the quantities of the grn items in the POs and invoices
355         $result = get_grn_items($grn_batch);
356
357     if (db_num_rows($result) > 0)
358     {
359
360         while ($myrow = db_fetch($result))
361         {
362
363                 $sql = "UPDATE ".TB_PREF."purch_order_details
364                 SET quantity_received = quantity_received - " . $myrow["qty_recd"] . "
365                 WHERE po_detail_item = " . $myrow["po_detail_item"];
366
367                 db_query($sql, "a purchase order details record could not be voided.");
368         }
369     }
370
371         // clear the quantities in the grn items
372         $sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0
373                 WHERE grn_batch_id=".db_escape($grn_batch);
374
375         db_query($sql, "A grn detail item could not be voided.");
376
377     // clear the stock move items
378     void_stock_move(25, $grn_batch);
379
380         commit_transaction();
381
382         return true;
383 }
384
385 //----------------------------------------------------------------------------------------------------------
386
387 ?>
FrontAccounting stable branch