function credit_form_details_process($type, $mode, $returnpage_error, $returnpage_success)
{
    log_debug("inc_credits_forms", "Executing credit_form_details_process({$type}, {$mode}, {$returnpage_error}, {$returnpage_success})");
    // TODO: it seems this function requests the $mode, but then works it out itself anyway.
    // check out what is going on here.
    /*
    	Start the credit
    */
    $credit = new credit();
    $credit->type = $type;
    /*
    	Fetch all form data
    */
    // get the ID for an edit
    if ($mode == "edit") {
        $credit->id = @security_form_input_predefined("int", "id_credit", 1, "");
    }
    // general details
    if ($type == "ap_credit") {
        $credit->data["vendorid"] = @security_form_input_predefined("int", "vendorid", 1, "");
    } else {
        $credit->data["customerid"] = @security_form_input_predefined("int", "customerid", 1, "");
    }
    $credit->data["invoiceid"] = @security_form_input_predefined("int", "invoiceid", 1, "");
    $credit->data["employeeid"] = @security_form_input_predefined("int", "employeeid", 1, "");
    $credit->data["notes"] = @security_form_input_predefined("any", "notes", 0, "");
    $credit->data["code_ordernumber"] = @security_form_input_predefined("any", "code_ordernumber", 0, "");
    $credit->data["code_ponumber"] = @security_form_input_predefined("any", "code_ponumber", 0, "");
    $credit->data["date_trans"] = @security_form_input_predefined("date", "date_trans", 1, "");
    // other
    $credit->data["dest_account"] = @security_form_input_predefined("int", "dest_account", 1, "");
    // are we editing an existing credit or adding a new one?
    if ($credit->id) {
        $mode = "edit";
        // make sure the credit actually exists
        if (!$credit->verify_credit()) {
            log_write("error", "process", "The credit you have attempted to edit - " . $credit->id . " - does not exist in this system.");
        }
        // check if credit is locked or not
        if ($credit->check_lock()) {
            log_write("error", "process", "The credit can not be edited because it is locked.");
        }
    } else {
        $mode = "add";
    }
    // credit must be provided by edit page, but not by add credit, since we can just generate a new one
    if ($mode == "add") {
        $credit->data["code_credit"] = @security_form_input_predefined("any", "code_credit", 0, "");
    } else {
        $credit->data["code_credit"] = @security_form_input_predefined("any", "code_credit", 1, "");
    }
    //// ERROR CHECKING ///////////////////////
    // make sure we don't choose a credit credit number that is already in use
    if ($credit->data["code_credit"]) {
        $credit->prepare_code_credit($credit->data["code_credit"]);
    }
    /// if there was an error, go back to the entry page
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"][$type . "_credit_" . $mode] = "failed";
        header("Location: ../../index.php?page={$returnpage_error}&id=" . $credit->id . "");
        exit(0);
    } else {
        // GENERATE INVOICE ID
        // if no credit ID has been supplied, we now need to generate a unique credit id
        if (!$credit->data["code_credit"]) {
            $credit->prepare_code_credit();
            config_generate_uniqueid("ACCOUNTS_CREDIT_NUM", "SELECT id FROM account_" . $credit->type . " WHERE code_credit='VALUE'");
        }
        // APPLY GENERAL OPTIONS
        if ($mode == "add") {
            // create a new credit
            if ($credit->action_create()) {
                log_write("process", "notification", "Credit note successfully created");
                journal_quickadd_event("account_" . $credit->type . "", $credit->id, "Credit Note successfully created");
            } else {
                log_write("process", "error", "An unexpected fault occured whilst attempting to create the credit note");
            }
            // display items page
            $returnpage_success = str_replace("view", "items", $returnpage_success);
            header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id . "");
        } else {
            // update an existing credit
            if ($credit->action_update()) {
                log_write("process", "notification", "Credit note successfully updated.");
                journal_quickadd_event("account_" . $credit->type . "", $credit->id, "Credit note successfully updated");
            } else {
                log_write("process", "error", "An unexpected fault occured whilst attempting to update the credit note");
            }
            // display updated details
            header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id . "");
        }
        exit(0);
    }
    // end if passed tests
}
 function prepare_code_invoice($code_invoice = NULL)
 {
     log_debug("invoice", "Executing prepare_code_invoice({$code_invoice})");
     if ($code_invoice) {
         // user has provided a code_invoice
         // we need to verify that it is not already in use by any other invoice.
         $sql_obj = new sql_query();
         $sql_obj->string = "SELECT id FROM account_" . $this->type . " WHERE code_invoice='" . $code_invoice . "'";
         if ($this->data["id"]) {
             $sql_obj->string .= " AND id!='" . $this->data["id"] . "'";
         }
         // for AP invoices, the ID only need to be unique for the particular vendor we are working with, since
         // it's almost guaranteed that different vendors will use the same numbering scheme for their invoices
         if ($this->type == "ap") {
             $sql_obj->string .= " AND vendorid='" . $data["vendorid"] . "'";
         }
         $sql_obj->execute();
         if ($sql_obj->num_rows()) {
             log_debug("invoice", "Warning: The requested invoice code is already in use by another invoice");
             return 0;
         }
         unset($sql_obj);
         // save code_invoice
         $this->data["code_invoice"] = $code_invoice;
     } else {
         // generate an invoice ID using the database
         $type_uc = strtoupper($this->type);
         $this->data["code_invoice"] = config_generate_uniqueid("ACCOUNTS_" . $type_uc . "_INVOICENUM", "SELECT id FROM account_" . $this->type . " WHERE code_invoice='VALUE'");
     }
     return 1;
 }
<?php

/*
	projects/ajax/insert_new_project.php

	Inserts a new project.
*/
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
    $name_project = @security_script_input_predefined("any", $_GET['name_project']);
    $code_project = config_generate_uniqueid("code_project", "SELECT id FROM projects WHERE code_project='VALUE'");
    $sql_obj = new sql_query();
    $sql_obj->string = "INSERT INTO projects (name_project, code_project) VALUES (\"" . $name_project . "\", \"" . $code_project . "\")";
    $sql_obj->execute();
    $projectid = $sql_obj->fetch_insert_id();
    echo $projectid;
    exit(0);
}
         header("Location: ../index.php?page=projects/view.php&id={$id}");
         exit(0);
     } else {
         $_SESSION["error"]["form"]["project_add"] = "failed";
         header("Location: ../index.php?page=projects/add.php");
         exit(0);
     }
 } else {
     /*
     	Start Transaction
     */
     $sql_obj = new sql_query();
     $sql_obj->trans_begin();
     // set a default code
     if (!$data["code_project"]) {
         $data["code_project"] = config_generate_uniqueid("CODE_PROJECT", "SELECT id FROM projects WHERE code_project='VALUE'");
     }
     /*
     	Create a new project (if required)
     */
     if ($mode == "add") {
         // create a new entry in the DB
         $sql_obj->string = "INSERT INTO `projects` (name_project) VALUES ('" . $data["name_project"] . "')";
         $sql_obj->execute();
         $id = $sql_obj->fetch_insert_id();
     }
     /*
     	Update project details
     */
     if ($id) {
         // update project details
 function action_update()
 {
     log_debug("inc_vendors", "Executing action_update()");
     // transaction start
     $sql_obj = new sql_query();
     $sql_obj->trans_begin();
     // if no ID exists, create a new vendor first
     if (!$this->id) {
         $mode = "create";
         if (!$this->action_create()) {
             return 0;
         }
     } else {
         $mode = "update";
     }
     // create a unique vendor code if none already exist
     if (!$this->data["code_vendor"]) {
         $this->data["code_vendor"] = config_generate_uniqueid("CODE_VENDOR", "SELECT id FROM vendors WHERE code_vendor='VALUE' LIMIT 1");
     }
     // update
     $sql_obj->string = "UPDATE `vendors` SET " . "code_vendor='" . $this->data["code_vendor"] . "', " . "name_vendor='" . $this->data["name_vendor"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "', " . "tax_number='" . $this->data["tax_number"] . "', " . "tax_default='" . $this->data["tax_default"] . "', " . "address1_street='" . $this->data["address1_street"] . "', " . "address1_city='" . $this->data["address1_city"] . "', " . "address1_state='" . $this->data["address1_state"] . "', " . "address1_country='" . $this->data["address1_country"] . "', " . "address1_zipcode='" . $this->data["address1_zipcode"] . "', " . "address2_street='" . $this->data["address2_street"] . "', " . "address2_city='" . $this->data["address2_city"] . "', " . "address2_state='" . $this->data["address2_state"] . "', " . "address2_country='" . $this->data["address2_country"] . "', " . "address2_zipcode='" . $this->data["address2_zipcode"] . "', " . "discount='" . $this->data["discount"] . "' " . "WHERE id='" . $this->id . "'";
     if (!$sql_obj->execute()) {
         log_write("error", "inc_vendors", "Unable to update vendor information");
     }
     for ($i = 0; $i < $this->data["num_contacts"]; $i++) {
         if (empty($this->data["contacts"][$i]["contact_id"]) && $this->data["contacts"][$i]["delete_contact"] == "false" && !empty($this->data["contacts"][$i]["contact"])) {
             // create new contact
             $this->action_create_contact($i);
         } else {
             if ($this->data["contacts"][$i]["delete_contact"] == "true") {
                 // delete contact
                 $this->action_delete_contact($i);
             } else {
                 // update contact
                 $this->action_update_contact($i);
             }
         }
     }
     // add journal entry
     if ($mode == "update") {
         journal_quickadd_event("vendors", $this->id, "Vendor details updated.");
     } else {
         journal_quickadd_event("vendors", $this->id, "Initial Vendor Creation.");
     }
     // commit
     if (error_check()) {
         // failure
         $sql_obj->trans_rollback();
         log_write("error", "inc_vendors", "An error occured whilst saving vendor details, no changes have been made.");
         return 0;
     } else {
         // success
         $sql_obj->trans_commit();
         if ($mode == "update") {
             log_write("notification", "inc_vendors", "Vendor details successfully updated.");
         } else {
             log_write("notification", "inc_vendors", "Vendor successfully created.");
         }
         return $this->id;
     }
 }
function quotes_form_convert_process($returnpage_error, $returnpage_success)
{
    log_debug("inc_quotes_forms", "Executing quotes_form_convert_process({$mode}, {$returnpage_error}, {$returnpage_success})");
    /*
    	Fetch all form data
    */
    $id = @security_form_input_predefined("int", "id_quote", 1, "");
    // general data
    $data["code_invoice"] = @security_form_input_predefined("any", "code_invoice", 0, "");
    $data["code_ordernumber"] = @security_form_input_predefined("any", "code_ordernumber", 0, "");
    $data["code_ponumber"] = @security_form_input_predefined("any", "code_ponumber", 0, "");
    $data["date_trans"] = @security_form_input_predefined("date", "date_trans", 1, "");
    $data["date_due"] = @security_form_input_predefined("date", "date_due", 1, "");
    // other
    $data["dest_account"] = @security_form_input_predefined("int", "dest_account", 1, "");
    //// ERROR CHECKING ///////////////////////
    // make sure the quote actually exists, and fetch various fields that we need to create the invoice.
    $sql_quote_obj = new sql_query();
    $sql_quote_obj->string = "SELECT id, employeeid, customerid, amount_total, amount_tax, amount, notes FROM `account_quotes` WHERE id='{$id}' LIMIT 1";
    $sql_quote_obj->execute();
    if (!$sql_quote_obj->num_rows()) {
        $_SESSION["error"]["message"][] = "The quote you have attempted to edit - {$id} - does not exist in this system.";
    } else {
        $sql_quote_obj->fetch_array();
    }
    /// if there was an error, go back to the entry page
    if ($_SESSION["error"]["message"]) {
        $_SESSION["error"]["form"]["quote_convert"] = "failed";
        header("Location: ../../index.php?page={$returnpage_error}&id={$id}");
        exit(0);
    } else {
        /*
        	Start SQL Transaction
        */
        $sql_obj = new sql_query();
        $sql_obj->trans_begin();
        // make an invoice ID if one is not supplied by the user
        if (!$data["code_invoice"]) {
            $data["code_invoice"] = config_generate_uniqueid("ACCOUNTS_AR_INVOICENUM", "SELECT id FROM account_ar WHERE code_invoice='VALUE'");
        }
        /*
        	Create new invoice
        */
        $sql_obj->string = "INSERT INTO `account_ar` (code_invoice, date_create) VALUES ('" . $data["code_invoice"] . "', '" . date("Y-m-d") . "')";
        $sql_obj->execute();
        $invoiceid = $sql_obj->fetch_insert_id();
        if ($invoiceid) {
            /*
            	Update general invoice details
            */
            $sql_obj->string = "UPDATE `account_ar` SET " . "customerid='" . $sql_quote_obj->data[0]["customerid"] . "', " . "employeeid='" . $sql_quote_obj->data[0]["employeeid"] . "', " . "notes='" . $sql_quote_obj->data[0]["notes"] . "', " . "code_invoice='" . $data["code_invoice"] . "', " . "code_ordernumber='" . $data["code_ordernumber"] . "', " . "code_ponumber='" . $data["code_ponumber"] . "', " . "date_trans='" . $data["date_trans"] . "', " . "date_due='" . $data["date_due"] . "', " . "dest_account='" . $data["dest_account"] . "', " . "amount='" . $sql_quote_obj->data[0]["amount"] . "', " . "amount_tax='" . $sql_quote_obj->data[0]["amount_tax"] . "', " . "amount_total='" . $sql_quote_obj->data[0]["amount_total"] . "' " . "WHERE id='{$invoiceid}' LIMIT 1";
            $sql_obj->execute();
            /*
            	Migrate all the items from the quote to the invoice
            */
            $sql_obj->string = "UPDATE account_items SET invoiceid='{$invoiceid}', invoicetype='ar' WHERE invoiceid='{$id}' AND invoicetype='quotes'";
            $sql_obj->execute();
            /*
            	Call functions to create transaction entries for all the items.
            	(remember that the quote had nothing in account_trans for the items)
            */
            $invoice_item = new invoice_items();
            $invoice_item->id_invoice = $invoiceid;
            $invoice_item->type_invoice = "ar";
            $invoice_item->action_update_ledger();
            unset($invoice_item);
            /*
            	Migrate the journal
            */
            $sql_obj->string = "UPDATE journal SET customid='{$invoiceid}', journalname='account_ar' WHERE customid='{$id}' AND journalname='account_quotes'";
            $sql_obj->execute();
            /*
            	Delete the quote
            */
            $sql_obj->string = "DELETE FROM account_quotes WHERE id='{$id}' LIMIT 1";
            $sql_obj->execute();
        }
        /*
        	Update the Journal
        */
        journal_quickadd_event("account_ar", $invoiceid, "Converted quotation into invoice");
        /*
        	Commit
        */
        if (error_check()) {
            $sql_obj->trans_rollback();
            log_write("error", "inc_quotes_forms", "An error occured whilst attempting to convert the quote into an invoice. No changes have been made.");
            $_SESSION["error"]["form"]["quote_convert"] = "failed";
            header("Location: ../../index.php?page={$returnpage_error}&id={$id}");
            exit(0);
        } else {
            $sql_obj->trans_commit();
            log_write("notification", "inc_quotes_forms", "Quotation has been converted to an invoice successfully.");
            header("Location: ../../index.php?page={$returnpage_success}&id={$invoiceid}");
            exit(0);
        }
    }
    // end if passed tests
}
 function action_update()
 {
     log_debug("inc_staff", "Executing action_update()");
     /*
     	Start the transaction
     */
     $sql_obj = new sql_query();
     $sql_obj->trans_begin();
     /*
     	If no ID exists, create a new employee first
     */
     if (!$this->id) {
         $mode = "create";
         if (!$this->action_create()) {
             return 0;
         }
     } else {
         $mode = "update";
     }
     // All staff require a staff_code value. If one has not been provided, automatically generate one
     if (!$this->data["staff_code"]) {
         $this->data["staff_code"] = config_generate_uniqueid("CODE_STAFF", "SELECT id FROM staff WHERE staff_code='VALUE'");
     }
     /*
     	Update Employee
     */
     $sql_obj->string = "UPDATE `staff` SET " . "name_staff='" . $this->data["name_staff"] . "', " . "staff_code='" . $this->data["staff_code"] . "', " . "staff_position='" . $this->data["staff_position"] . "', " . "contact_phone='" . $this->data["contact_phone"] . "', " . "contact_email='" . $this->data["contact_email"] . "', " . "contact_fax='" . $this->data["contact_fax"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
     $sql_obj->execute();
     /*
     	Update the Journal
     */
     if ($mode == "update") {
         journal_quickadd_event("staff", $this->id, "Employee successfully adjusted.");
     } else {
         journal_quickadd_event("staff", $this->id, "Employee successfully created.");
     }
     /*
     	Commit
     */
     if (error_check()) {
         $sql_obj->trans_rollback();
         log_write("error", "process", "An error occured whilst updating employee details. No changes were made.");
         return 0;
     } else {
         $sql_obj->trans_commit();
         if ($mode == "update") {
             log_write("notification", "inc_staff", "Employee successfully adjusted.");
         } else {
             log_write("notification", "inc_staff", "Employee successfully created.");
         }
         // success
         return $this->id;
     }
 }
 function action_update_details()
 {
     log_debug("inc_charts", "Executing action_update()");
     /*
     	Start Transaction
     */
     $sql_obj = new sql_query();
     $sql_obj->trans_begin();
     /*
     	If no ID exists, create a new account first
     
     	(Note: if this function has been called by the action_update() wrapper function
     	this step will already have been performed and we can just ignore it)
     */
     if (!$this->id) {
         if (!$this->action_create()) {
             return 0;
         }
     }
     /*
     	All charts require a code_chart value. If one has not been provided, automatically
     	generate one
     */
     if (!$this->data["code_chart"]) {
         $this->data["code_chart"] = config_generate_uniqueid("CODE_ACCOUNT", "SELECT id FROM account_charts WHERE code_chart='VALUE'");
     }
     /*
     	Update chart details
     */
     $sql_obj->string = "UPDATE `account_charts` SET " . "code_chart='" . $this->data["code_chart"] . "', " . "description='" . $this->data["description"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
     $sql_obj->execute();
     /*
     	Commit
     */
     if (error_check()) {
         $sql_obj->trans_rollback();
         return 0;
     } else {
         $sql_obj->trans_commit();
         return $this->id;
     }
 }
 function action_update()
 {
     log_debug("inc_customers", "Executing action_update()");
     /*
     	Start Transaction
     */
     $sql_obj = new sql_query();
     $sql_obj->trans_begin();
     /*
     	If no ID supplied, create a new customer first
     */
     if (!$this->id) {
         $mode = "create";
         if (!$this->action_create()) {
             return 0;
         }
     } else {
         $mode = "update";
     }
     // create a unique customer code if none already exist
     if (!$this->data["code_customer"]) {
         $this->data["code_customer"] = config_generate_uniqueid("CODE_CUSTOMER", "SELECT id FROM customers WHERE code_customer='VALUE'");
     }
     /*
     	Update Customer Details
     */
     $sql_obj->string = "UPDATE `customers` SET " . "code_customer='" . $this->data["code_customer"] . "', " . "name_customer='" . $this->data["name_customer"] . "', " . "date_start='" . $this->data["date_start"] . "', " . "date_end='" . $this->data["date_end"] . "', " . "tax_number='" . $this->data["tax_number"] . "', " . "tax_default='" . $this->data["tax_default"] . "', " . "address1_street='" . $this->data["address1_street"] . "', " . "address1_city='" . $this->data["address1_city"] . "', " . "address1_state='" . $this->data["address1_state"] . "', " . "address1_country='" . $this->data["address1_country"] . "', " . "address1_zipcode='" . $this->data["address1_zipcode"] . "', " . "address2_street='" . $this->data["address2_street"] . "', " . "address2_city='" . $this->data["address2_city"] . "', " . "address2_state='" . $this->data["address2_state"] . "', " . "address2_country='" . $this->data["address2_country"] . "', " . "address2_zipcode='" . $this->data["address2_zipcode"] . "', " . "reseller_customer='" . $this->data["reseller_customer"] . "', " . "reseller_id='" . $this->data["reseller_id"] . "', " . "billing_method='" . $this->data["billing_method"] . "', " . "billing_direct_debit='" . $this->data["billing_direct_debit"] . "', " . "discount='" . $this->data["discount"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
     $sql_obj->execute();
     for ($i = 0; $i < $this->data["num_contacts"]; $i++) {
         if (empty($this->data["contacts"][$i]["contact_id"]) && $this->data["contacts"][$i]["delete_contact"] == "false" && !empty($this->data["contacts"][$i]["contact"])) {
             // create new contact
             $this->action_create_contact($i);
         } else {
             if ($this->data["contacts"][$i]["delete_contact"] == "true") {
                 // delete contact
                 $this->action_delete_contact($i);
             } else {
                 // update contact
                 $this->action_update_contact($i);
             }
         }
     }
     /*
     	Update the journal
     */
     if ($mode == "update") {
         journal_quickadd_event("customers", $this->id, "Customer details updated.");
     } else {
         journal_quickadd_event("customers", $this->id, "Initial Account Creation.");
     }
     /*
     	Commit
     */
     if (error_check()) {
         $sql_obj->trans_rollback();
         log_write("error", "inc_customers", "An error occurred when updating customer details.");
         return 0;
     } else {
         $sql_obj->trans_commit();
         if ($mode == "update") {
             log_write("notification", "inc_customers", "Customer details successfully updated.");
         } else {
             log_write("notification", "inc_customers", "Customer successfully created.");
         }
         return $this->id;
     }
 }