array('prices_dec', 'qty_dec', 'rates_dec', 'percent_dec',
'date_format', 'date_sep', 'tho_sep', 'dec_sep', 'print_profile',
'theme', 'page_size', 'language', 'startup_tab',
- 'show_gl' => 0, 'show_codes'=> 0, 'show_hints' => 0,
- 'rep_popup' => 0, 'graphic_links' => 0, 'sticky_doc_date' => 0,
'query_size' => 10.0, 'transaction_days' => 30, 'save_report_selections' => 0,
- 'use_date_picker' => 0, 'def_print_destination' => 0, 'def_print_orientation' => 0)));
+ 'def_print_destination' => 0, 'def_print_orientation' => 0)));
+
+ set_user_prefs(check_value(
+ array( 'show_gl', 'show_codes', 'show_hints', 'rep_popup',
+ 'graphic_links', 'sticky_doc_date', 'use_date_picker')));
if ($chg_lang)
$_SESSION['language']->set_language($_POST['language']);
list($day, $month, $year) = explode($sep, $date_);
else // $how == 2 || $how == 5, YYYYMMDD or YYYYMmmDD
list($year, $month, $day) = explode($sep, $date_);
- if ($how > 2)
- {
- global $tmonths;
- $month = array_search($month, $tmonths);
- }
-//to modify assumption in 2030
- if ($SysPrefs->date_system == 0 || $SysPrefs->date_system == 3)
- {
- if ((int)$year < 60)
+
+ if ($year+$day+$month) {
+ if ($how > 2)
{
- $year = "20".$year;
- }
- elseif ((int)$year > 59 && (int)$year < 100)
+ global $tmonths;
+ $month = array_search($month, $tmonths);
+ }
+ //to modify assumption in 2030
+ if ($SysPrefs->date_system == 0 || $SysPrefs->date_system == 3)
{
- $year = "19".$year;
+ if ((int)$year < 60)
+ {
+ $year = "20".$year;
+ }
+ elseif ((int)$year > 59 && (int)$year < 100)
+ {
+ $year = "19".$year;
+ }
}
- }
- if ((int)$year > 9999)
- {
- return 0;
+ if ((int)$year > 9999)
+ {
+ return 0;
+ }
+ if ($SysPrefs->date_system == 1)
+ list($year, $month, $day) = jalali_to_gregorian($year, $month, $day);
+ elseif ($SysPrefs->date_system == 2)
+ list($year, $month, $day) = islamic_to_gregorian($year, $month, $day);
}
- if ($SysPrefs->date_system == 1)
- list($year, $month, $day) = jalali_to_gregorian($year, $month, $day);
- elseif ($SysPrefs->date_system == 2)
- list($year, $month, $day) = islamic_to_gregorian($year, $month, $day);
-
return sprintf("%04d-%02d-%02d", $year, $month, $day);
}// end of function
function find_refline_id($reference, $type, $fallback=true)
{
$sql = "SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)
- ." AND CHAR_LENGTH(`prefix`) AND LEFT('$reference', CHAR_LENGTH(`prefix`)) = `prefix`";
+ ." AND CHAR_LENGTH(`prefix`) AND LEFT(".db_escape($reference).", CHAR_LENGTH(`prefix`)) = `prefix`";
if ($fallback) // if not found return refline with empty prefix
$sql .= " UNION SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)." AND `prefix`=''";
$ret = db_query($sql, "cannot check reference line id");
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
function set_global_connection($company=-1)
{
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
$db_last_inserted_id = 0;
return user_numeric($value);
case 'percent':
return user_numeric($value)/100;
+ case 'check':
+ return isset($value) ? 1 : 0;
case 'text':
case 'date':
default:
return number_format2($value);
case 'percent':
return percent_format($value*100);
+ case 'check':
+ return !empty($value);
case 'stock':
$this->dec = get_qty_dec($value); // retrieve dec for use in following qty fields
case 'text':
$value = isset($this->data->$fld) ? $this->data->$fld : @$fmt['dflt'];
else
$value = isset($this->data[$fld]) ? $this->data[$fld] : @$fmt['dflt'];
- if(isset($value))
+
+ if (isset($value))
$output[$post] = $this->_format_output($value, @$fmt['fmt']);
}
}
$post = isset($fmt['post']) ? $fmt['post'] : $name; // input name (default to field name)
$fld = isset($fmt['fld']) ? $fmt['fld'] : $name; // input value (default to field name)
+
// if ($all || array_key_exists($post, $input))
// {
- $value = $this->_format_input(@$input[$post], @$fmt['fmt']);
+ if (@$fmt['fmt'] == 'check')
+ $value = @$input[$post] ? 1 : 0;
+ else
+ $value = $this->_format_input(@$input[$post], @$fmt['fmt']);
// if (is_array($data))
if ($all || isset($value))
'description',
'trans_type',
'pattern',
- 'default',
+ 'default' => 'check',
);
}
label_row(_("Reference Pattern:"), $prefix . text_input($this->name.'pattern', null, 30, 60));
if (get_post($this->name.'default'))
- label_row(_("Default for This Type:"), _("Yes"));
+ { label_row(_("Default for This Type:"), _("Yes")); hidden($this->name.'default', 1); }
else
check_row(_("Set as Default for This Type:"), $this->name.'default');
function check_value($name)
{
- return (empty($_POST[$name]) ? 0 : 1);
+ if (is_array($name)) {
+ $ret = array();
+ foreach($name as $key)
+ $ret[$key] = check_value($key);
+ return $ret;
+ } else
+ return (empty($_POST[$name]) ? 0 : 1);
}
function checkbox($label, $name, $value=null, $submit_on_change=false, $title=false)
function _vl($mixed, $title = '', $exit = false)
{
- error_log((!empty($title) ? ($title .':') : '') . var_export($mixed, true));
+ error_log((!empty($title) ? ($title .':') : '') . print_r($mixed, true));
if ($exit)
exit;
}
if ($mb_flag != '')
$sql .= ", mb_flag=".db_escape($mb_flag);
- if ($depreciation_start != '') {
+ if (isset($depreciation_start)) {
$sql .= ", depreciation_start='".date2sql($depreciation_start)."'"
.", depreciation_date='".date2sql($depreciation_start)."'";
}
$sql = "INSERT INTO ".TB_PREF."stock_master (stock_id, description, long_description, category_id,
tax_type_id, units, mb_flag, sales_account, inventory_account, cogs_account,
adjustment_account, wip_account, dimension_id, dimension2_id, no_sale, no_purchase, editable,
- depreciation_method, depreciation_rate, depreciation_factor, depreciation_start, depreciation_date, fa_class_id)
- VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
+ depreciation_method, depreciation_rate, depreciation_factor"
+ .(isset($depreciation_start) ? ", depreciation_start, depreciation_date, fa_class_id" : "")
+ .") VALUES (".db_escape($stock_id).", ".db_escape($description).", ".db_escape($long_description).",
".db_escape($category_id).", ".db_escape($tax_type_id).", "
.db_escape($units).", ".db_escape($mb_flag).",
".db_escape($sales_account).", ".db_escape($inventory_account)
.db_escape($no_sale).","
.db_escape($no_purchase).","
.db_escape($editable).","
- .db_escape($depreciation_method).",".db_escape($depreciation_rate).",".db_escape($depreciation_factor).",'"
- .date2sql($depreciation_start)."','".date2sql($depreciation_start)."',"
- .db_escape($fa_class_id).")";
+ .db_escape($depreciation_method).",".db_escape($depreciation_rate).",".db_escape($depreciation_factor)
+ .(isset($depreciation_start) ? ",'".date2sql($depreciation_start)."','".date2sql($depreciation_start)."',".db_escape($fa_class_id) : "")
+ .")";
db_query($sql, "The item could not be added");
$_POST['adjustment_account'], $_POST['wip_account'],
$_POST['dimension_id'], $_POST['dimension2_id'],
check_value('no_sale'), check_value('editable'), check_value('no_purchase'),
- get_post('depreciation_method'), input_num('depreciation_rate'), input_num('depreciation_factor'), get_post('depreciation_start'),
+ get_post('depreciation_method'), input_num('depreciation_rate'), input_num('depreciation_factor'), get_post('depreciation_start', null),
get_post('fa_class_id'));
update_record_status($_POST['NewStockID'], $_POST['inactive'],
$_POST['adjustment_account'], $_POST['wip_account'],
$_POST['dimension_id'], $_POST['dimension2_id'],
check_value('no_sale'), check_value('editable'), check_value('no_purchase'),
- get_post('depreciation_method'), input_num('depreciation_rate'), input_num('depreciation_factor'), get_post('depreciation_start'),
+ get_post('depreciation_method'), input_num('depreciation_rate'), input_num('depreciation_factor'), get_post('depreciation_start', null),
get_post('fa_class_id'));
display_notification(_("A new item has been added."));
gl_all_accounts_list_row(_("Depreciation cost account:"), 'cogs_account', $_POST['cogs_account']);
gl_all_accounts_list_row(_("Depreciation/Disposal account:"), 'adjustment_account', $_POST['adjustment_account']);
}
- elseif (!is_service($_POST['mb_flag']))
+ elseif (!is_service(get_post('mb_flag')))
{
gl_all_accounts_list_row(_("Inventory Account:"), 'inventory_account', $_POST['inventory_account']);
gl_all_accounts_list_row(_("C.O.G.S. Account:"), 'cogs_account', $_POST['cogs_account']);
}
- if (is_manufactured($_POST['mb_flag']))
+ if (is_manufactured(get_post('mb_flag')))
gl_all_accounts_list_row(_("WIP Account:"), 'wip_account', $_POST['wip_account']);
else
hidden('wip_account', $_POST['wip_account']);
{
update_item_location($selected_id, $_POST['location_name'], $_POST['delivery_address'],
- $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact'], $_POST['fixed_asset']);
+ $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact'], check_value('fixed_asset'));
display_notification(_('Selected location has been updated'));
}
else
/*selected_id is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Location form */
add_item_location($_POST['loc_code'], $_POST['location_name'], $_POST['delivery_address'],
- $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact'], $_POST['fixed_asset']);
+ $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['contact'], check_value('fixed_asset'));
display_notification(_('New location has been added'));
}
$_POST['website'], $_POST['supp_account_no'], $_POST['bank_account'],
input_num('credit_limit', 0), $_POST['dimension_id'], $_POST['dimension2_id'], $_POST['curr_code'],
$_POST['payment_terms'], $_POST['payable_account'], $_POST['purchase_account'], $_POST['payment_discount_account'],
- $_POST['notes'], $_POST['tax_group_id'], get_post('tax_included', 0));
+ $_POST['notes'], $_POST['tax_group_id'], check_value('tax_included'));
update_record_status($_POST['supplier_id'], $_POST['inactive'],
'suppliers', 'supplier_id');
var $payment_terms; // cached payment terms
var $credit;
// prepayment mode:
- var $prepaid; // true for documents issued in prepayment mode
- var $prep_amount; // prepayment required for SO, invoiced amount for prepaiament invoice
+ var $prepaid=false; // true for documents issued in prepayment mode
+ var $prep_amount=0; // prepayment required for SO, invoiced amount for prepaiament invoice
var $sum_paid; // sum of all allocated prepayments both to order and related invoices
var $alloc; // sum of payments allocated to this document
var $prepayments = array(); // allocation records for this document
projects / fa-stable.git / commitdiff