function credit_form_details_process($type, $mode, $returnpage_error, $returnpage_success)
{
log_debug("inc_credits_forms", "Executing credit_form_details_process({$type}, {$mode}, {$returnpage_error}, {$returnpage_success})");
// TODO: it seems this function requests the $mode, but then works it out itself anyway.
// check out what is going on here.
/*
Start the credit
*/
$credit = new credit();
$credit->type = $type;
/*
Fetch all form data
*/
// get the ID for an edit
if ($mode == "edit") {
$credit->id = @security_form_input_predefined("int", "id_credit", 1, "");
}
// general details
if ($type == "ap_credit") {
$credit->data["vendorid"] = @security_form_input_predefined("int", "vendorid", 1, "");
} else {
$credit->data["customerid"] = @security_form_input_predefined("int", "customerid", 1, "");
}
$credit->data["invoiceid"] = @security_form_input_predefined("int", "invoiceid", 1, "");
$credit->data["employeeid"] = @security_form_input_predefined("int", "employeeid", 1, "");
$credit->data["notes"] = @security_form_input_predefined("any", "notes", 0, "");
$credit->data["code_ordernumber"] = @security_form_input_predefined("any", "code_ordernumber", 0, "");
$credit->data["code_ponumber"] = @security_form_input_predefined("any", "code_ponumber", 0, "");
$credit->data["date_trans"] = @security_form_input_predefined("date", "date_trans", 1, "");
// other
$credit->data["dest_account"] = @security_form_input_predefined("int", "dest_account", 1, "");
// are we editing an existing credit or adding a new one?
if ($credit->id) {
$mode = "edit";
// make sure the credit actually exists
if (!$credit->verify_credit()) {
log_write("error", "process", "The credit you have attempted to edit - " . $credit->id . " - does not exist in this system.");
}
// check if credit is locked or not
if ($credit->check_lock()) {
log_write("error", "process", "The credit can not be edited because it is locked.");
}
} else {
$mode = "add";
}
// credit must be provided by edit page, but not by add credit, since we can just generate a new one
if ($mode == "add") {
$credit->data["code_credit"] = @security_form_input_predefined("any", "code_credit", 0, "");
} else {
$credit->data["code_credit"] = @security_form_input_predefined("any", "code_credit", 1, "");
}
//// ERROR CHECKING ///////////////////////
// make sure we don't choose a credit credit number that is already in use
if ($credit->data["code_credit"]) {
$credit->prepare_code_credit($credit->data["code_credit"]);
}
/// if there was an error, go back to the entry page
if ($_SESSION["error"]["message"]) {
$_SESSION["error"]["form"][$type . "_credit_" . $mode] = "failed";
header("Location: ../../index.php?page={$returnpage_error}&id=" . $credit->id . "");
exit(0);
} else {
// GENERATE INVOICE ID
// if no credit ID has been supplied, we now need to generate a unique credit id
if (!$credit->data["code_credit"]) {
$credit->prepare_code_credit();
config_generate_uniqueid("ACCOUNTS_CREDIT_NUM", "SELECT id FROM account_" . $credit->type . " WHERE code_credit='VALUE'");
}
// APPLY GENERAL OPTIONS
if ($mode == "add") {
// create a new credit
if ($credit->action_create()) {
log_write("process", "notification", "Credit note successfully created");
journal_quickadd_event("account_" . $credit->type . "", $credit->id, "Credit Note successfully created");
} else {
log_write("process", "error", "An unexpected fault occured whilst attempting to create the credit note");
}
// display items page
$returnpage_success = str_replace("view", "items", $returnpage_success);
header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id . "");
} else {
// update an existing credit
if ($credit->action_update()) {
log_write("process", "notification", "Credit note successfully updated.");
journal_quickadd_event("account_" . $credit->type . "", $credit->id, "Credit note successfully updated");
} else {
log_write("process", "error", "An unexpected fault occured whilst attempting to update the credit note");
}
// display updated details
header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id . "");
}
exit(0);
}
// end if passed tests
}
function prepare_code_invoice($code_invoice = NULL)
{
log_debug("invoice", "Executing prepare_code_invoice({$code_invoice})");
if ($code_invoice) {
// user has provided a code_invoice
// we need to verify that it is not already in use by any other invoice.
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM account_" . $this->type . " WHERE code_invoice='" . $code_invoice . "'";
if ($this->data["id"]) {
$sql_obj->string .= " AND id!='" . $this->data["id"] . "'";
}
// for AP invoices, the ID only need to be unique for the particular vendor we are working with, since
// it's almost guaranteed that different vendors will use the same numbering scheme for their invoices
if ($this->type == "ap") {
$sql_obj->string .= " AND vendorid='" . $data["vendorid"] . "'";
}
$sql_obj->execute();
if ($sql_obj->num_rows()) {
log_debug("invoice", "Warning: The requested invoice code is already in use by another invoice");
return 0;
}
unset($sql_obj);
// save code_invoice
$this->data["code_invoice"] = $code_invoice;
} else {
// generate an invoice ID using the database
$type_uc = strtoupper($this->type);
$this->data["code_invoice"] = config_generate_uniqueid("ACCOUNTS_" . $type_uc . "_INVOICENUM", "SELECT id FROM account_" . $this->type . " WHERE code_invoice='VALUE'");
}
return 1;
}
<?php
/*
projects/ajax/insert_new_project.php
Inserts a new project.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
$name_project = @security_script_input_predefined("any", $_GET['name_project']);
$code_project = config_generate_uniqueid("code_project", "SELECT id FROM projects WHERE code_project='VALUE'");
$sql_obj = new sql_query();
$sql_obj->string = "INSERT INTO projects (name_project, code_project) VALUES (\"" . $name_project . "\", \"" . $code_project . "\")";
$sql_obj->execute();
$projectid = $sql_obj->fetch_insert_id();
echo $projectid;
exit(0);
}
header("Location: ../index.php?page=projects/view.php&id={$id}");
exit(0);
} else {
$_SESSION["error"]["form"]["project_add"] = "failed";
header("Location: ../index.php?page=projects/add.php");
exit(0);
}
} else {
/*
Start Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
// set a default code
if (!$data["code_project"]) {
$data["code_project"] = config_generate_uniqueid("CODE_PROJECT", "SELECT id FROM projects WHERE code_project='VALUE'");
}
/*
Create a new project (if required)
*/
if ($mode == "add") {
// create a new entry in the DB
$sql_obj->string = "INSERT INTO `projects` (name_project) VALUES ('" . $data["name_project"] . "')";
$sql_obj->execute();
$id = $sql_obj->fetch_insert_id();
}
/*
Update project details
*/
if ($id) {
// update project details
function action_update()
{
log_debug("inc_vendors", "Executing action_update()");
// transaction start
$sql_obj = new sql_query();
$sql_obj->trans_begin();
// if no ID exists, create a new vendor first
if (!$this->id) {
$mode = "create";
if (!$this->action_create()) {
return 0;
}
} else {
$mode = "update";
}
// create a unique vendor code if none already exist
if (!$this->data["code_vendor"]) {
$this->data["code_vendor"] = config_generate_uniqueid("CODE_VENDOR", "SELECT id FROM vendors WHERE code_vendor='VALUE' LIMIT 1");
}
// update
$sql_obj->string = "UPDATE `vendors` SET " . "code_vendor='" . $this->data["code_vendor"] . "', " . "name_vendor='" . $this->data["name_vendor"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "', " . "tax_number='" . $this->data["tax_number"] . "', " . "tax_default='" . $this->data["tax_default"] . "', " . "address1_street='" . $this->data["address1_street"] . "', " . "address1_city='" . $this->data["address1_city"] . "', " . "address1_state='" . $this->data["address1_state"] . "', " . "address1_country='" . $this->data["address1_country"] . "', " . "address1_zipcode='" . $this->data["address1_zipcode"] . "', " . "address2_street='" . $this->data["address2_street"] . "', " . "address2_city='" . $this->data["address2_city"] . "', " . "address2_state='" . $this->data["address2_state"] . "', " . "address2_country='" . $this->data["address2_country"] . "', " . "address2_zipcode='" . $this->data["address2_zipcode"] . "', " . "discount='" . $this->data["discount"] . "' " . "WHERE id='" . $this->id . "'";
if (!$sql_obj->execute()) {
log_write("error", "inc_vendors", "Unable to update vendor information");
}
for ($i = 0; $i < $this->data["num_contacts"]; $i++) {
if (empty($this->data["contacts"][$i]["contact_id"]) && $this->data["contacts"][$i]["delete_contact"] == "false" && !empty($this->data["contacts"][$i]["contact"])) {
// create new contact
$this->action_create_contact($i);
} else {
if ($this->data["contacts"][$i]["delete_contact"] == "true") {
// delete contact
$this->action_delete_contact($i);
} else {
// update contact
$this->action_update_contact($i);
}
}
}
// add journal entry
if ($mode == "update") {
journal_quickadd_event("vendors", $this->id, "Vendor details updated.");
} else {
journal_quickadd_event("vendors", $this->id, "Initial Vendor Creation.");
}
// commit
if (error_check()) {
// failure
$sql_obj->trans_rollback();
log_write("error", "inc_vendors", "An error occured whilst saving vendor details, no changes have been made.");
return 0;
} else {
// success
$sql_obj->trans_commit();
if ($mode == "update") {
log_write("notification", "inc_vendors", "Vendor details successfully updated.");
} else {
log_write("notification", "inc_vendors", "Vendor successfully created.");
}
return $this->id;
}
}
function quotes_form_convert_process($returnpage_error, $returnpage_success)
{
log_debug("inc_quotes_forms", "Executing quotes_form_convert_process({$mode}, {$returnpage_error}, {$returnpage_success})");
/*
Fetch all form data
*/
$id = @security_form_input_predefined("int", "id_quote", 1, "");
// general data
$data["code_invoice"] = @security_form_input_predefined("any", "code_invoice", 0, "");
$data["code_ordernumber"] = @security_form_input_predefined("any", "code_ordernumber", 0, "");
$data["code_ponumber"] = @security_form_input_predefined("any", "code_ponumber", 0, "");
$data["date_trans"] = @security_form_input_predefined("date", "date_trans", 1, "");
$data["date_due"] = @security_form_input_predefined("date", "date_due", 1, "");
// other
$data["dest_account"] = @security_form_input_predefined("int", "dest_account", 1, "");
//// ERROR CHECKING ///////////////////////
// make sure the quote actually exists, and fetch various fields that we need to create the invoice.
$sql_quote_obj = new sql_query();
$sql_quote_obj->string = "SELECT id, employeeid, customerid, amount_total, amount_tax, amount, notes FROM `account_quotes` WHERE id='{$id}' LIMIT 1";
$sql_quote_obj->execute();
if (!$sql_quote_obj->num_rows()) {
$_SESSION["error"]["message"][] = "The quote you have attempted to edit - {$id} - does not exist in this system.";
} else {
$sql_quote_obj->fetch_array();
}
/// if there was an error, go back to the entry page
if ($_SESSION["error"]["message"]) {
$_SESSION["error"]["form"]["quote_convert"] = "failed";
header("Location: ../../index.php?page={$returnpage_error}&id={$id}");
exit(0);
} else {
/*
Start SQL Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
// make an invoice ID if one is not supplied by the user
if (!$data["code_invoice"]) {
$data["code_invoice"] = config_generate_uniqueid("ACCOUNTS_AR_INVOICENUM", "SELECT id FROM account_ar WHERE code_invoice='VALUE'");
}
/*
Create new invoice
*/
$sql_obj->string = "INSERT INTO `account_ar` (code_invoice, date_create) VALUES ('" . $data["code_invoice"] . "', '" . date("Y-m-d") . "')";
$sql_obj->execute();
$invoiceid = $sql_obj->fetch_insert_id();
if ($invoiceid) {
/*
Update general invoice details
*/
$sql_obj->string = "UPDATE `account_ar` SET " . "customerid='" . $sql_quote_obj->data[0]["customerid"] . "', " . "employeeid='" . $sql_quote_obj->data[0]["employeeid"] . "', " . "notes='" . $sql_quote_obj->data[0]["notes"] . "', " . "code_invoice='" . $data["code_invoice"] . "', " . "code_ordernumber='" . $data["code_ordernumber"] . "', " . "code_ponumber='" . $data["code_ponumber"] . "', " . "date_trans='" . $data["date_trans"] . "', " . "date_due='" . $data["date_due"] . "', " . "dest_account='" . $data["dest_account"] . "', " . "amount='" . $sql_quote_obj->data[0]["amount"] . "', " . "amount_tax='" . $sql_quote_obj->data[0]["amount_tax"] . "', " . "amount_total='" . $sql_quote_obj->data[0]["amount_total"] . "' " . "WHERE id='{$invoiceid}' LIMIT 1";
$sql_obj->execute();
/*
Migrate all the items from the quote to the invoice
*/
$sql_obj->string = "UPDATE account_items SET invoiceid='{$invoiceid}', invoicetype='ar' WHERE invoiceid='{$id}' AND invoicetype='quotes'";
$sql_obj->execute();
/*
Call functions to create transaction entries for all the items.
(remember that the quote had nothing in account_trans for the items)
*/
$invoice_item = new invoice_items();
$invoice_item->id_invoice = $invoiceid;
$invoice_item->type_invoice = "ar";
$invoice_item->action_update_ledger();
unset($invoice_item);
/*
Migrate the journal
*/
$sql_obj->string = "UPDATE journal SET customid='{$invoiceid}', journalname='account_ar' WHERE customid='{$id}' AND journalname='account_quotes'";
$sql_obj->execute();
/*
Delete the quote
*/
$sql_obj->string = "DELETE FROM account_quotes WHERE id='{$id}' LIMIT 1";
$sql_obj->execute();
}
/*
Update the Journal
*/
journal_quickadd_event("account_ar", $invoiceid, "Converted quotation into invoice");
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
log_write("error", "inc_quotes_forms", "An error occured whilst attempting to convert the quote into an invoice. No changes have been made.");
$_SESSION["error"]["form"]["quote_convert"] = "failed";
header("Location: ../../index.php?page={$returnpage_error}&id={$id}");
exit(0);
} else {
$sql_obj->trans_commit();
log_write("notification", "inc_quotes_forms", "Quotation has been converted to an invoice successfully.");
header("Location: ../../index.php?page={$returnpage_success}&id={$invoiceid}");
exit(0);
}
}
// end if passed tests
}
function action_update()
{
log_debug("inc_staff", "Executing action_update()");
/*
Start the transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
If no ID exists, create a new employee first
*/
if (!$this->id) {
$mode = "create";
if (!$this->action_create()) {
return 0;
}
} else {
$mode = "update";
}
// All staff require a staff_code value. If one has not been provided, automatically generate one
if (!$this->data["staff_code"]) {
$this->data["staff_code"] = config_generate_uniqueid("CODE_STAFF", "SELECT id FROM staff WHERE staff_code='VALUE'");
}
/*
Update Employee
*/
$sql_obj->string = "UPDATE `staff` SET " . "name_staff='" . $this->data["name_staff"] . "', " . "staff_code='" . $this->data["staff_code"] . "', " . "staff_position='" . $this->data["staff_position"] . "', " . "contact_phone='" . $this->data["contact_phone"] . "', " . "contact_email='" . $this->data["contact_email"] . "', " . "contact_fax='" . $this->data["contact_fax"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
/*
Update the Journal
*/
if ($mode == "update") {
journal_quickadd_event("staff", $this->id, "Employee successfully adjusted.");
} else {
journal_quickadd_event("staff", $this->id, "Employee successfully created.");
}
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
log_write("error", "process", "An error occured whilst updating employee details. No changes were made.");
return 0;
} else {
$sql_obj->trans_commit();
if ($mode == "update") {
log_write("notification", "inc_staff", "Employee successfully adjusted.");
} else {
log_write("notification", "inc_staff", "Employee successfully created.");
}
// success
return $this->id;
}
}
function action_update_details()
{
log_debug("inc_charts", "Executing action_update()");
/*
Start Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
If no ID exists, create a new account first
(Note: if this function has been called by the action_update() wrapper function
this step will already have been performed and we can just ignore it)
*/
if (!$this->id) {
if (!$this->action_create()) {
return 0;
}
}
/*
All charts require a code_chart value. If one has not been provided, automatically
generate one
*/
if (!$this->data["code_chart"]) {
$this->data["code_chart"] = config_generate_uniqueid("CODE_ACCOUNT", "SELECT id FROM account_charts WHERE code_chart='VALUE'");
}
/*
Update chart details
*/
$sql_obj->string = "UPDATE `account_charts` SET " . "code_chart='" . $this->data["code_chart"] . "', " . "description='" . $this->data["description"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
return 0;
} else {
$sql_obj->trans_commit();
return $this->id;
}
}
function action_update()
{
log_debug("inc_customers", "Executing action_update()");
/*
Start Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
If no ID supplied, create a new customer first
*/
if (!$this->id) {
$mode = "create";
if (!$this->action_create()) {
return 0;
}
} else {
$mode = "update";
}
// create a unique customer code if none already exist
if (!$this->data["code_customer"]) {
$this->data["code_customer"] = config_generate_uniqueid("CODE_CUSTOMER", "SELECT id FROM customers WHERE code_customer='VALUE'");
}
/*
Update Customer Details
*/
$sql_obj->string = "UPDATE `customers` SET " . "code_customer='" . $this->data["code_customer"] . "', " . "name_customer='" . $this->data["name_customer"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "', " . "tax_number='" . $this->data["tax_number"] . "', " . "tax_default='" . $this->data["tax_default"] . "', " . "address1_street='" . $this->data["address1_street"] . "', " . "address1_city='" . $this->data["address1_city"] . "', " . "address1_state='" . $this->data["address1_state"] . "', " . "address1_country='" . $this->data["address1_country"] . "', " . "address1_zipcode='" . $this->data["address1_zipcode"] . "', " . "address2_street='" . $this->data["address2_street"] . "', " . "address2_city='" . $this->data["address2_city"] . "', " . "address2_state='" . $this->data["address2_state"] . "', " . "address2_country='" . $this->data["address2_country"] . "', " . "address2_zipcode='" . $this->data["address2_zipcode"] . "', " . "reseller_customer='" . $this->data["reseller_customer"] . "', " . "reseller_id='" . $this->data["reseller_id"] . "', " . "billing_method='" . $this->data["billing_method"] . "', " . "billing_direct_debit='" . $this->data["billing_direct_debit"] . "', " . "discount='" . $this->data["discount"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
for ($i = 0; $i < $this->data["num_contacts"]; $i++) {
if (empty($this->data["contacts"][$i]["contact_id"]) && $this->data["contacts"][$i]["delete_contact"] == "false" && !empty($this->data["contacts"][$i]["contact"])) {
// create new contact
$this->action_create_contact($i);
} else {
if ($this->data["contacts"][$i]["delete_contact"] == "true") {
// delete contact
$this->action_delete_contact($i);
} else {
// update contact
$this->action_update_contact($i);
}
}
}
/*
Update the journal
*/
if ($mode == "update") {
journal_quickadd_event("customers", $this->id, "Customer details updated.");
} else {
journal_quickadd_event("customers", $this->id, "Initial Account Creation.");
}
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
log_write("error", "inc_customers", "An error occurred when updating customer details.");
return 0;
} else {
$sql_obj->trans_commit();
if ($mode == "update") {
log_write("notification", "inc_customers", "Customer details successfully updated.");
} else {
log_write("notification", "inc_customers", "Customer successfully created.");
}
return $this->id;
}
}