projects / fa-stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Sealing against XSS atacks: purchasing,sales,install,admin,taxes
[fa-stable.git] / sales / manage / sales_people.php
1 <?php
2
3 $page_security = 3;
4 $path_to_root="../..";
5 include($path_to_root . "/includes/session.inc");
6
7 page(_("Sales Persons"));
8
9 include($path_to_root . "/includes/ui.inc");
10
11 if (isset($_GET['selected_id']))
12 {
13         $selected_id = strtoupper($_GET['selected_id']);
14 }
15 elseif (isset($_POST['selected_id']))
16 {
17         $selected_id = strtoupper($_POST['selected_id']);
18 }
19
20 //------------------------------------------------------------------------------------------------
21
22 if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
23 {
24
25         //initialise no input errors assumed initially before we test
26         $input_error = 0;
27
28         if (strlen($_POST['salesman_name']) == 0)
29         {
30                 $input_error = 1;
31                 display_error(_("The sales person name cannot be empty."));
32         }
33         $pr1 = check_num('provision', 0,100);
34         if (!$pr1 || !check_num('provision2', 0, 100)) {
35                 $input_error = 1;
36                 display_error( _("Salesman provision cannot be less than 0 or more than 100%."));
37                 set_focus(!$pr1 ? 'provision' : 'provision2');
38         }
39         if (!check_num('break_pt', 0)) {
40                 $input_error = 1;
41                 display_error( _("Salesman provision breakpoint must be numeric and not less than 0."));
42                 set_focus('break_pt');
43         }
44         if ($input_error != 1)
45         {
46         if (isset($selected_id))
47         {
48                 /*selected_id could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
49
50                 $sql = "UPDATE ".TB_PREF."salesman SET salesman_name=".db_escape($_POST['salesman_name']) . ",
51                         salesman_phone=".db_escape($_POST['salesman_phone']) . ",
52                         salesman_fax=".db_escape($_POST['salesman_fax']) . ",
53                         salesman_email=".db_escape($_POST['salesman_email']) . ",
54                         provision=".input_num('provision').",
55                         break_pt=".input_num('break_pt').",
56                         provision2=".input_num('provision2')."
57                         WHERE salesman_code = '$selected_id'";
58         }
59         else
60         {
61                 /*Selected group is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Sales-person form */
62                 $sql = "INSERT INTO ".TB_PREF."salesman (salesman_name, salesman_phone, salesman_fax, salesman_email,
63                         provision, break_pt, provision2)
64                         VALUES (".db_escape($_POST['salesman_name']) . ", "
65                                   .db_escape($_POST['salesman_phone']) . ", "
66                                   .db_escape($_POST['salesman_fax']) . ", "
67                                   .db_escape($_POST['salesman_email']) . ", ".
68                         input_num('provision').", ".input_num('break_pt').", "
69                                 .input_num('provision2').")";
70         }
71
72         //run the sql from either of the above possibilites
73         db_query($sql,"The insert or update of the salesperson failed");
74
75                 meta_forward($_SERVER['PHP_SELF']);
76         }
77 }
78 if (isset($_GET['delete']))
79 {
80         //the link to delete a selected record was clicked instead of the submit button
81
82         // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtors_master'
83
84         $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE salesman='$selected_id'";
85         $result = db_query($sql,"check failed");
86         $myrow = db_fetch_row($result);
87         if ($myrow[0] > 0)
88         {
89                 display_error("Cannot delete this sales-person because branches are set up referring to this sales-person - first alter the branches concerned.");
90         }
91         else
92         {
93                 $sql="DELETE FROM ".TB_PREF."salesman WHERE salesman_code='$selected_id'";
94                 db_query($sql,"The sales-person could not be deleted");
95
96                 meta_forward($_SERVER['PHP_SELF']);
97         }
98 }
99
100 //------------------------------------------------------------------------------------------------
101
102 $sql = "SELECT * FROM ".TB_PREF."salesman";
103 $result = db_query($sql,"could not get sales persons");
104
105 start_table("$table_style width=60%");
106 $th = array(_("Name"), _("Phone"), _("Fax"), _("Email"), _("Provision"), _("Break Pt."), _("Provision")." 2", "", "");
107 table_header($th);
108
109 $k = 0;
110
111 while ($myrow = db_fetch($result))
112 {
113
114         alt_table_row_color($k);
115
116     label_cell($myrow["salesman_name"]);
117         label_cell($myrow["salesman_phone"]);
118         label_cell($myrow["salesman_fax"]);
119         label_cell($myrow["salesman_email"]);
120         label_cell(percent_format($myrow["provision"])." %", "nowrap align=right");
121         amount_cell($myrow["break_pt"]);
122         label_cell(percent_format($myrow["provision2"])." %", "nowrap align=right");
123         edit_link_cell(SID . "selected_id=" . $myrow["salesman_code"]);
124         delete_link_cell(SID . "selected_id=" . $myrow["salesman_code"]. "&delete=1");
125         end_row();
126
127 } //END WHILE LIST LOOP
128
129 end_table();
130
131 //------------------------------------------------------------------------------------------------
132
133 hyperlink_no_params($_SERVER['PHP_SELF'], _("New Sales Person"));
134
135 //------------------------------------------------------------------------------------------------
136
137 start_form();
138
139 if (isset($selected_id))
140 {
141         //editing an existing Sales-person
142         $sql = "SELECT *  FROM ".TB_PREF."salesman WHERE salesman_code='$selected_id'";
143
144         $result = db_query($sql,"could not get sales person");
145         $myrow = db_fetch($result);
146
147         $_POST['salesman_name'] = $myrow["salesman_name"];
148         $_POST['salesman_phone'] = $myrow["salesman_phone"];
149         $_POST['salesman_fax'] = $myrow["salesman_fax"];
150         $_POST['salesman_email'] = $myrow["salesman_email"];
151         $_POST['provision'] = percent_format($myrow["provision"]);
152         $_POST['break_pt'] = price_format($myrow["break_pt"]);
153         $_POST['provision2'] = percent_format($myrow["provision2"]);
154
155         hidden('selected_id', $selected_id);
156 }
157
158 start_table("$table_style2 width=60%");
159
160 text_row_ex(_("Sales person name:"), 'salesman_name', 30);
161 text_row_ex(_("Telephone number:"), 'salesman_phone', 20);
162 text_row_ex(_("Fax number:"), 'salesman_fax', 20);
163 text_row_ex(_("Email:"), 'salesman_email', 40);
164 percent_row(_("Provision"), 'provision');
165 amount_row(_("Break Pt.:"), 'break_pt');
166 percent_row(_("Provision")." 2", 'provision2');
167 end_table(1);
168
169 submit_add_or_update_center(!isset($selected_id));
170
171 end_form();
172
173 end_page();
174
175 ?>
FrontAccounting stable branch