/**
* Craete new customer
*
* @since 1.0
*
* @return json
*/
public function create_customer()
{
$this->verify_nonce('wp-erp-crm-customer-nonce');
// @TODO: check permission
unset($_POST['_wp_http_referer']);
unset($_POST['_wpnonce']);
unset($_POST['action']);
$posted = array_map('strip_tags_deep', $_POST);
$customer_id = erp_insert_people($posted);
if (is_wp_error($customer_id)) {
$this->send_error($customer_id->get_error_message());
}
$customer = new Contact(intval($customer_id));
if ($posted['photo_id']) {
$customer->update_meta('photo_id', $posted['photo_id']);
}
if ($posted['life_stage']) {
$customer->update_meta('life_stage', $posted['life_stage']);
}
if (isset($posted['social'])) {
foreach ($posted['social'] as $field => $value) {
$customer->update_meta($field, $value);
}
}
$data = $customer->to_array();
$this->send_success($data);
}
/**
* Handle the customer new and edit form
*
* @return void
*/
public function handle_customer_form()
{
if (!isset($_POST['submit_erp_ac_customer'])) {
return;
}
if (!wp_verify_nonce($_POST['_wpnonce'], 'erp-ac-customer')) {
die(__('Are you cheating?', 'erp-accounting'));
}
if (!current_user_can('read')) {
wp_die(__('Permission Denied!', 'erp-accounting'));
}
$message = 'new';
$errors = array();
$field_id = isset($_POST['field_id']) ? intval($_POST['field_id']) : 0;
$first_name = isset($_POST['first_name']) ? sanitize_text_field($_POST['first_name']) : '';
$last_name = isset($_POST['last_name']) ? sanitize_text_field($_POST['last_name']) : '';
$email = isset($_POST['email']) ? sanitize_text_field($_POST['email']) : '';
$company = isset($_POST['company']) ? sanitize_text_field($_POST['company']) : '';
$phone = isset($_POST['phone']) ? sanitize_text_field($_POST['phone']) : '';
$mobile = isset($_POST['mobile']) ? sanitize_text_field($_POST['mobile']) : '';
$other = isset($_POST['other']) ? sanitize_text_field($_POST['other']) : '';
$website = isset($_POST['website']) ? sanitize_text_field($_POST['website']) : '';
$fax = isset($_POST['fax']) ? sanitize_text_field($_POST['fax']) : '';
$notes = isset($_POST['notes']) ? wp_kses_post($_POST['notes']) : '';
$street_1 = isset($_POST['street_1']) ? sanitize_text_field($_POST['street_1']) : '';
$city = isset($_POST['city']) ? sanitize_text_field($_POST['city']) : '';
$state = isset($_POST['state']) ? sanitize_text_field($_POST['state']) : '';
$postal_code = isset($_POST['postal_code']) ? sanitize_text_field($_POST['postal_code']) : '';
$country = isset($_POST['country']) ? sanitize_text_field($_POST['country']) : '';
$currency = isset($_POST['currency']) ? sanitize_text_field($_POST['currency']) : '';
$type = isset($_POST['type']) ? sanitize_text_field($_POST['type']) : 'customer';
if ($type == 'customer') {
$page_url = admin_url('admin.php?page=erp-accounting-customers');
} else {
$page_url = admin_url('admin.php?page=erp-accounting-vendors');
}
// some basic validation
if (!$first_name) {
$errors[] = __('Error: First Name is required', 'erp-accounting');
}
if (!$last_name) {
$errors[] = __('Error: Last Name is required', 'erp-accounting');
}
// bail out if error found
if ($errors) {
$first_error = reset($errors);
$redirect_to = add_query_arg(array('error' => $first_error), $page_url);
wp_safe_redirect($redirect_to);
exit;
}
$fields = array('first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'company' => $company, 'phone' => $phone, 'mobile' => $mobile, 'other' => $other, 'website' => $website, 'fax' => $fax, 'notes' => $notes, 'street_1' => $street_1, 'city' => $city, 'state' => $state, 'postal_code' => $postal_code, 'country' => $country, 'currency' => $currency, 'type' => $type);
// New or edit?
if (!$field_id) {
$insert_id = erp_insert_people($fields);
} else {
$fields['id'] = $field_id;
$message = 'update';
$insert_id = erp_insert_people($fields);
}
if (is_wp_error($insert_id)) {
$redirect_to = add_query_arg(array('msg' => 'error'), $page_url);
} else {
$redirect_to = add_query_arg(array('msg' => $message), $page_url);
}
wp_safe_redirect($redirect_to);
exit;
}