<?php
include '../scat.php';
include '../lib/person.php';
$person_id = (int) $_REQUEST['person'];
$person = person_load($db, $person_id);
if (!$person) {
die_jsonp('No such person.');
}
echo jsonp(array('person' => $person));
<?php
include '../scat.php';
include '../lib/txn.php';
$id = (int) $_REQUEST['txn'];
if (!$id) {
die_jsonp("no transaction specified.");
}
if (!txn_apply_discounts($db, $id)) {
die_jsonp("Unable to apply discounts.");
}
$txn = txn_load_full($db, $id);
echo jsonp($txn);
<?php
include '../scat.php';
include '../lib/txn.php';
$txn_id = (int) $_REQUEST['txn'];
$txn = txn_load($db, $txn_id);
if (!$txn['paid']) {
die_jsonp("Can't return an order that hasn't been paid for!");
}
$q = "SELECT 1 + MAX(number) AS number FROM txn WHERE type = 'customer'";
$r = $db->query($q);
if (!$r) {
die_query($db, $q);
}
$row = $r->fetch_assoc();
$q = "INSERT INTO txn\n SET created= NOW(),\n type = 'customer',\n number = {$row['number']},\n returned_from = {$txn_id},\n tax_rate = " . DEFAULT_TAX_RATE;
$r = $db->query($q);
if (!$r) {
die_query($db, $q);
}
$new_txn_id = $db->insert_id;
$q = "INSERT INTO txn_line (txn, item, ordered, allocated, override_name,\n retail_price, discount_type, discount, taxfree)\n SELECT {$new_txn_id} AS txn,\n item,\n -ordered AS ordered,\n -allocated AS allocated,\n override_name,\n retail_price, discount_type, discount,\n taxfree\n FROM txn_line WHERE txn = {$txn_id}";
$r = $db->query($q);
if (!$r) {
die_query($db, $q);
}
echo jsonp(array('txn' => txn_load($db, $new_txn_id), 'items' => txn_load_items($db, $new_txn_id), 'payments' => array(), 'notes' => array()));
$price = 'item.retail_price';
$discount_manual = 0;
} else {
die_jsonp("Did not understand price.");
}
$q = "UPDATE txn_line, item\n SET txn_line.retail_price = {$price},\n txn_line.discount_type = {$discount_type},\n txn_line.discount = {$discount},\n txn_line.discount_manual = {$discount_manual}\n WHERE txn = {$txn_id} AND txn_line.id = {$id} AND txn_line.item = item.id";
$r = $db->query($q) or die_query($db, $q);
}
if (!empty($_REQUEST['quantity'])) {
/* special case: #/# lets us split line with two quantities */
if (preg_match('!^(\\d+)/(\\d+)$!', $_REQUEST['quantity'], $m)) {
$quantity = (int) $m[2] * ($txn['type'] == 'customer' ? -1 : 1);
$q = "INSERT INTO txn_line (txn, item, ordered, override_name,\n retail_price, discount_type, discount,\n discount_manual, taxfree)\n SELECT txn, item, {$quantity}, override_name,\n retail_price, discount_type, discount, discount_manual, taxfree\n FROM txn_line WHERE txn = {$txn_id} AND txn_line.id = {$id}";
$r = $db->query($q) or die_query($db, $q);
$quantity = (int) $m[1];
} else {
$quantity = (int) $_REQUEST['quantity'];
}
$q = "UPDATE txn_line\n SET ordered = -1 * {$quantity}\n WHERE txn = {$txn_id} AND txn_line.id = {$id}";
$r = $db->query($q) or die_query($db, $q);
}
if (isset($_REQUEST['name'])) {
$name = $db->real_escape_string($_REQUEST['name']);
$q = "UPDATE txn_line\n SET override_name = IF('{$name}' = '', NULL, '{$name}')\n WHERE txn = {$txn_id} AND txn_line.id = {$id}";
$r = $db->query($q) or die_query($db, $q);
}
txn_apply_discounts($db, $txn_id) or die_jsonp("Failed to apply discounts.");
$db->commit() or die_query($db, "COMMIT");
$items = txn_load_items($db, $txn_id);
$txn = txn_load($db, $txn_id);
echo jsonp(array('txn' => $txn, 'items' => $items));
<?php
include '../scat.php';
include '../lib/item.php';
$item_id = (int) $_REQUEST['item'];
$item = item_load($db, $item_id);
if (!$item) {
die_jsonp('No such item.');
}
if (!$_REQUEST['code']) {
die_jsonp('No barcode.');
}
$quantity = (int) $_REQUEST['quantity'];
if (!$quantity) {
$quantity = 1;
}
$code = $db->escape($_REQUEST['code']);
$q = "INSERT INTO barcode\n SET item = {$item_id}, code = '{$code}', quantity = {$quantity}\n ON DUPLICATE KEY\n UPDATE quantity = VALUES(quantity)";
$db->query($q) or die_query($db, $q);
$item = item_load($db, $item_id);
echo jsonp(array('item' => $item));
<?php
include '../scat.php';
include '../lib/eps-express.php';
$person = (int) $_REQUEST['person'];
$payment_account_id = $_REQUEST['payment_account_id'];
if (!$person) {
die_jsonp("Person was not specified.");
}
$ReturnURL = ($_SERVER['HTTPS'] ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/cc-attach-finish.php';
$eps = new EPS_Express();
if ($payment_account_id) {
$response = $eps->PaymentAccountUpdateHosted($person, $payment_account_id, $ReturnURL);
} else {
$response = $eps->PaymentAccountCreateHosted($person, $ReturnURL);
}
$payment = $db->escape($response->Transaction->TransactionSetupID);
$valid = $db->escape($response->TransactionSetup->ValidationCode);
$q = "INSERT INTO hostedpayment_txn\n SET txn = {$person},\n hostedpayment = '{$payment}',\n validationcode = '{$valid}',\n created = NOW()";
$db->query($q) or die_query($db, $q);
$url = "https://certtransaction.hostedpayments.com/?TransactionSetupID=" . $response->Transaction->TransactionSetupID;
echo jsonp(array('url' => $url, 'response' => $response));
<?php
include '../scat.php';
include '../lib/txn.php';
include '../lib/eps-express.php';
$id = (int) $_REQUEST['id'];
$amount = $_REQUEST['amount'];
$partial = (int) $_REQUEST['partial'];
if (!$id || !$amount) {
die_jsonp("Either transaction or amount was not specified.");
}
$txn = new Transaction($db, $id);
if (!$txn->canPay('credit', $amount)) {
die_jsonp("Amount is too much.");
}
$ReturnURL = ($_SERVER['HTTPS'] ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/cc-paid.php';
$eps = new EPS_Express();
$response = $eps->CreditCardSaleHosted($id, $amount, $partial, $ReturnURL);
$xml = new SimpleXMLElement($response);
$payment = $db->escape($xml->Response->Transaction->TransactionSetupID);
$valid = $db->escape($xml->Response->TransactionSetup->ValidationCode);
$q = "INSERT INTO hostedpayment_txn\n SET txn = {$id},\n hostedpayment = '{$payment}',\n validationcode = '{$valid}',\n created = NOW()";
$db->query($q) or die_query($db, $q);
$url = "https://certtransaction.hostedpayments.com/?TransactionSetupID=" . $xml->Response->Transaction->TransactionSetupID;
$dom = dom_import_simplexml($xml);
$dom->ownerDocument->preserveWhiteSpace = false;
$dom->ownerDocument->formatOutput = true;
echo jsonp(array('url' => $url, 'xml' => $dom->ownerDocument->saveXML()));
include '../scat.php';
include '../lib/txn.php';
include '../lib/pole.php';
$id = (int) $_REQUEST['txn'];
if (!$id) {
die_jsonp("no transaction specified.");
}
$txn = txn_load($db, $id);
if ($txn['paid']) {
die_jsonp("This order is already paid!");
}
$line = (int) $_REQUEST['line'];
if ($line) {
$q = "UPDATE txn_line SET allocated = ordered WHERE txn = {$id} AND id = {$line}";
$r = $db->query($q) or die_jsonp($db->error);
$lines = $db->affected_rows;
} else {
$q = "UPDATE txn_line SET allocated = ordered WHERE txn = {$id}";
$r = $db->query($q) or die_jsonp($db->error);
$lines = $db->affected_rows;
if ($lines || !$txn['filled']) {
$q = "UPDATE txn SET filled = NOW() WHERE id = {$id}";
$r = $db->query($q) or die_jsonp($db->error);
}
}
$txn = txn_load($db, $id);
if ($txn['total']) {
pole_display_price('Total Due', $txn['total']);
}
echo jsonp(array("success" => "Allocated all lines.", "txn" => $txn, "lines" => $lines, "items" => txn_load_items($db, $id)));
<?php
include '../scat.php';
$name = $_REQUEST['name'];
$company = $_REQUEST['company'];
if (empty($name) && empty($company)) {
die_jsonp("You need to supply at least a name or company.");
}
if ($name) {
$q = "SELECT id\n FROM person\n WHERE name = '" . $db->escape($name) . "'";
$r = $db->query($q) or die_query($db, $q);
if ($r->num_rows) {
die_jsonp("Someone by that name already exists.");
}
}
$list = array();
foreach (array('name', 'company', 'address', 'email', 'phone', 'tax_id') as $field) {
$list[] = "{$field} = '" . $db->real_escape_string($_REQUEST[$field]) . "', ";
}
$fields = join('', $list);
// add payment record
$q = "INSERT INTO person\n SET {$fields}\n active = 1";
$r = $db->query($q) or die_query($db, $q);
echo jsonp(array('person' => $db->insert_id));
<?php
include '../scat.php';
include '../lib/txn.php';
include '../lib/item.php';
$txn_id = (int) $_REQUEST['txn'];
if ($txn_id) {
$txn = txn_load($db, $txn_id);
if ($txn['paid']) {
die_jsonp("This order is already paid!");
}
}
foreach ($_REQUEST['items'] as $item => $qty) {
$q = "INSERT INTO txn_line (txn, item, ordered, retail_price, taxfree)\n SELECT {$txn_id} AS txn, {$item} AS item, {$qty} AS ordered,\n (SELECT net_price\n FROM vendor_item\n WHERE item = {$item} AND vendor = {$txn['person']}), taxfree\n FROM item WHERE id = {$item}";
$r = $db->query($q);
if (!$r) {
die_query($db, $q);
}
}
$txn = txn_load($db, $txn_id);
$items = txn_load_items($db, $txn_id);
echo jsonp(array('txn' => $txn, 'items' => $items));
<?php
include '../scat.php';
include '../lib/txn.php';
$id = (int) $_REQUEST['id'];
if (!$id) {
die_jsonp("No transaction specified.");
}
$note = $_REQUEST['note'];
if (!$note) {
die_jsonp("No note given.");
}
$note = $db->escape($note);
$q = "INSERT INTO txn_note SET entered = NOW(), txn = {$id}, content = '{$note}'";
$db->query($q) or die_query($db, $q);
echo jsonp(array('txn' => txn_load($db, $id), 'notes' => txn_load_notes($db, $id)));
function die_query($db, $query)
{
die_jsonp(array('error' => 'Query failed.', 'explain' => $db->error, 'query' => $query));
}
$db->query($q) or die_query($db, $q);
# Make sure we have all the items
$q = "INSERT IGNORE INTO item (code, brand, name, retail_price, active)\n SELECT item_no AS code,\n {$new_item} AS brand,\n description AS name,\n msrp AS retail_price,\n 1 AS active\n FROM vendor_order\n WHERE msrp > 0 AND IFNULL(unit,'') != 'AS'";
$db->query($q) or die_query($db, $q);
echo "Loaded ", $db->affected_rows, " items from order.<br>";
# Make sure all the items are active and update order with item ids
$q = "UPDATE item, vendor_order\n SET item.active = 1,\n vendor_order.item = item.id\n WHERE item_no = code";
$db->query($q) or die_query($db, $q);
echo "Activated ", $db->affected_rows, " items from order.<br>";
# Make sure we know all the barcodes
$q = "INSERT IGNORE INTO barcode (item, code, quantity)\n SELECT (SELECT id FROM item WHERE item_no = code) AS item,\n REPLACE(REPLACE(barcode, 'E-', ''), 'U-', '') AS code,\n 1 AS quantity\n FROM vendor_order\n WHERE barcode != ''";
$db->query($q) or die_query($db, $q);
echo "Loaded ", $db->affected_rows, " new barcodes from order.<br>";
# Link items to vendor items
$q = "UPDATE vendor_item, vendor_order\n SET vendor_item.item = vendor_order.item\n WHERE vendor_item.code = vendor_order.item_no";
$db->query($q) or die_query($db, $q);
echo "Linked ", $db->affected_rows, " items to vendor items.<br>";
# Add items to order
$q = "INSERT INTO txn_line (txn, item, ordered, allocated, retail_price)\n SELECT {$txn_id} txn, item,\n ordered, shipped, net\n FROM vendor_order\n WHERE (shipped OR backordered) AND item IS NOT NULL";
$db->query($q) or die_query($db, $q);
echo "Loaded ", $db->affected_rows, " rows into purchase order.<br>";
$db->commit() or die_jsonp($db->error);
$q = "SELECT CAST((SUM(shipped) / SUM(ordered)) * 100 AS DECIMAL(9,1))\n FROM vendor_order";
$item_rate = $db->get_one($q);
$q = "SELECT CAST((SUM(shipped > 0) / SUM(ordered > 0)) * 100 AS DECIMAL(9,1))\n FROM vendor_order";
$sku_rate = $db->get_one($q);
echo "Fill rate by item: {$item_rate}%, by SKU: {$sku_rate}%.";
$out = ob_get_contents();
ob_end_clean();
$db->query("INSERT INTO txn_note\n SET txn = {$txn_id},\n entered = NOW(),\n content = '" . $db->escape($out) . "'") or die_jsonp($db->error);
echo jsonp(array("result" => $out));
<?php
include '../scat.php';
include '../lib/txn.php';
$txn_id = (int) $_REQUEST['txn'];
if (!$txn_id) {
die_jsonp("No transaction specified.");
}
$txn = txn_load($db, $txn_id);
$person = (int) $_REQUEST['person'];
if (!$person) {
die_jsonp("No person specified.");
}
$q = "SELECT id FROM person WHERE id = {$person}";
$r = $db->query($q) or die_query($db, $q);
if (!$r->num_rows) {
die_jsonp("No such person.");
}
$q = "UPDATE txn SET person = {$person} WHERE id = {$txn_id}";
$r = $db->query($q) or die_query($db, $q);
$txn = txn_load($db, $txn_id);
$person = person_load($db, $person);
echo jsonp(array("success" => "Updated person.", "txn" => $txn, "person" => $person));
$discount = preg_replace('/^\\$/', '', $_REQUEST['discount']);
$discount = $db->real_escape_string($discount);
if (preg_match('/^(\\d*)(\\/|%)( off)?$/', $discount, $m)) {
$discount = (double) $m[1];
$discount_type = "'percentage'";
} elseif (preg_match('/^(\\d*\\.?\\d*)$/', $discount, $m)) {
$discount = (double) $m[1];
$discount_type = "'fixed'";
} elseif (preg_match('/^\\$?(\\d*\\.?\\d*)( off)?$/', $discount, $m)) {
$discount = (double) $m[1];
$discount_type = "'relative'";
} elseif (preg_match('/^(def|\\.\\.\\.)$/', $discount)) {
$discount = 'NULL';
$discount_type = 'NULL';
} else {
die_jsonp("Did not understand discount.");
}
$q = "UPDATE item\n SET \n discount_type = {$discount_type},\n discount = {$discount} \n WHERE id = {$item_id}";
$r = $db->query($q) or die_query($db, $q);
}
if (isset($_REQUEST['minimum_quantity'])) {
$minimum_quantity = (int) $_REQUEST['minimum_quantity'];
$q = "UPDATE item\n SET minimum_quantity = {$minimum_quantity}\n WHERE id = {$item_id}";
$r = $db->query($q) or die_query($db, $q);
}
if (isset($_REQUEST['active'])) {
$active = (int) $_REQUEST['active'];
$q = "UPDATE item\n SET active = {$active}\n WHERE id = {$item_id}";
$r = $db->query($q) or die_query($db, $q);
}
if (isset($_REQUEST['stock'])) {
<?php
require '../scat.php';
$vendor_id = (int) $_REQUEST['vendor'];
if (!$vendor_id) {
die_jsonp("No vendor specified.");
}
$fn = $_FILES['src']['tmp_name'];
if (!$fn) {
die_jsonp("No file uploaded");
}
$file = fopen($fn, 'r');
$line = fgets($file);
fclose($file);
ob_start();
if (preg_match('/MACITEM.*\\.zip$/i', $_FILES['src']['name'])) {
$q = "CREATE TEMPORARY TABLE macitem (\n item_no VARCHAR(32),\n sku VARCHAR(10),\n name VARCHAR(255),\n retail_price DECIMAL(9,2),\n net_price DECIMAL(9,2),\n promo_price DECIMAL(9,2),\n pending_msrp DECIMAL(9,2),\n pending_date VARCHAR(32),\n pending_net DECIMAL(9,2),\n barcode VARCHAR(32),\n purchase_quantity INT,\n category VARCHAR(64))";
$db->query($q) or die_query($db, $q);
$base = basename($_FILES['src']['name'], '.zip');
$q = "LOAD DATA LOCAL INFILE 'zip://{$fn}#{$base}.txt'\n INTO TABLE macitem\n FIELDS TERMINATED BY '\t'\n IGNORE 1 LINES\n (@changed, @change_date, item_no, sku, name, @unit_of_sale,\n retail_price, net_price, @customer, @product_code_type,\n barcode, @reno, @elgin, @atl, @catalog_code,\n @purchase_unit, purchase_quantity,\n @customer_item_no, pending_msrp, pending_date, pending_net,\n promo_price, @promo_name,\n @abc_flag, @vendor, @group_code, category)";
$r = $db->query($q) or die_query($db, $q);
} elseif (preg_match('/\\.zip$/i', $_FILES['src']['name'])) {
/* Update pricing from Mac */
$q = "CREATE TEMPORARY TABLE macitem (\n item_no VARCHAR(32),\n sku VARCHAR(10),\n name VARCHAR(255),\n retail_price DECIMAL(9,2),\n promo_price DECIMAL(9,2),\n PRIMARY KEY (item_no))";
$db->query($q) or die_query($db, $q);
$base = basename($_FILES['src']['name'], '.zip');
$q = "LOAD DATA LOCAL INFILE 'zip://{$fn}#{$base}.txt'\n INTO TABLE macitem\n FIELDS TERMINATED BY '\t'\n IGNORE 1 LINES\n (item_no, sku, name, @retail_price, @unit,\n @reno, @atlanta,\n @minimum_qty, @sale_discount_pct, @cost_factor, @promo_price)\n SET retail_price = SUBSTRING(@retail_price, 2),\n promo_price = SUBSTRING(@promo_price, 2)";
$r = $db->query($q) or die_query($db, $q);
// Find by barcode
$q = "UPDATE vendor_item, macitem\n SET vendor_item.promo_price = macitem.promo_price\n WHERE vendor = {$vendor_id} AND vendor_item.code = macitem.item_no\n AND macitem.promo_price";
$r = $db->query($q) or die_query($db, $q);
<?php
include '../scat.php';
include '../lib/item.php';
$code = $_REQUEST['code'];
$name = $_REQUEST['name'];
$msrp = $_REQUEST['retail_price'];
if (!$code) {
die_jsonp('Must specify a code.');
}
if (!$name) {
die_jsonp('Must specify a name.');
}
if (!$msrp) {
die_jsonp('Must specify a price.');
}
$code = $db->escape($code);
$name = $db->escape($name);
$msrp = $db->escape($msrp);
$brand = $db->get_one("SELECT id FROM brand WHERE name = 'New Item'");
$q = "INSERT INTO item\n SET code = '{$code}', name = '{$name}', retail_price = '{$msrp}',\n brand = {$brand},\n taxfree = 0, minimum_quantity = 1, active = 1";
$r = $db->query($q) or die_query($db, $q);
$item_id = $db->insert_id;
if ($_REQUEST['barcode']) {
$bar = $db->escape($_REQUEST['barcode']);
$q = "INSERT INTO barcode SET code = '{$bar}', item = {$item_id}, quantity = 1";
$r = $db->query($q) or die_query($db, $q);
}
/* Link to vendor items */
$q = "UPDATE vendor_item\n SET vendor_item.item = {$item_id}\n WHERE vendor_item.code = '{$code}'";
$db->query($q) or die_query($db, $q);
<?php
include '../scat.php';
include '../lib/txn.php';
$txn_id = (int) $_REQUEST['txn'];
$id = (int) $_REQUEST['id'];
$admin = (int) $_REQUEST['admin'];
if (!$txn_id || !$id) {
die_jsonp("No transaction or payment specified.");
}
$txn = new Transaction($db, $txn_id);
try {
$txn->removePayment($id, $admin);
} catch (Exception $e) {
die_jsonp($e->getMessage());
}
echo jsonp(array('txn' => txn_load($db, $txn_id), 'payments' => txn_load_payments($db, $txn_id)));
<?php
include '../scat.php';
include '../lib/txn.php';
$id = (int) $_REQUEST['txn'];
if (!$id) {
die_jsonp("No transaction specified.");
}
$txn = new Transaction($db, $id);
if (!$txn) {
die_jsonp("No such transaction..");
}
if ($txn->hasPayments()) {
die_jsonp("Can't delete transaction with payments.");
}
if ($txn->hasItems()) {
die_jsonp("Can't delete transaction with items.");
}
$q = "DELETE FROM txn WHERE id = {$id}";
$r = $db->query($q) or die_query($db, $q);
echo jsonp(array('message' => 'Transaction deleted.'));
<?php
include '../scat.php';
include '../lib/txn.php';
$id = (int) $_REQUEST['id'];
$type = $_REQUEST['type'];
$number = (int) $_REQUEST['number'];
if (!$id && $type) {
$q = "SELECT id FROM txn\n WHERE type = '" . $db->real_escape_string($type) . "'\n AND number = {$number}";
$r = $db->query($q);
if (!$r->num_rows) {
die_jsonp("No such transaction.");
}
$row = $r->fetch_row();
$id = $row[0];
}
if (!$id) {
die_jsonp("No transaction specified.");
}
echo jsonp(txn_load_full($db, $id));
<?php
include '../scat.php';
include '../lib/txn.php';
$details = array();
$txn_id = (int) $_REQUEST['txn'];
$id = (int) $_REQUEST['id'];
if (!$txn_id || !$id) {
die_jsonp('No transaction or item specified');
}
$txn = txn_load($db, $txn_id);
if ($txn['paid']) {
die_jsonp("This order is already paid!");
}
$q = "DELETE FROM txn_line WHERE txn = {$txn_id} AND id = {$id}";
$r = $db->query($q);
if (!$r) {
die_query($db, $q);
}
if (!$db->affected_rows) {
die_jsonp("Unable to delete line.");
}
// XXX error handling
txn_apply_discounts($db, $txn_id);
$txn = txn_load_full($db, $txn_id);
$txn['removed'] = $id;
echo jsonp($txn);
<?php
include '../scat.php';
include '../lib/item.php';
$id = (int) $_REQUEST['id'];
$code = $_REQUEST['code'];
if (!$id && $code) {
$code = $db->escape($code);
$q = "SELECT id FROM item WHERE code = '{$code}'";
$id = $db->get_one($q);
}
if (!$id) {
die_jsonp("No item specified.");
}
$item = item_load($db, $id);
echo jsonp(array('item' => $item));
<?php
include '../scat.php';
include '../lib/person.php';
include '../lib/eps-express.php';
$person_id = (int) $_REQUEST['person'];
$person = $person_id ? person_load($db, $person_id) : false;
if (!$person_id || !$person || !$person['payment_account_id']) {
die_jsonp("No person specified or no card stored for person.");
}
$eps = new EPS_Express();
$response = $eps->PaymentAccountDelete($person['payment_account_id']);
if ($response->ExpressResponseCode != 0) {
die_jsonp((string) $response->ExpressResponseMessage);
}
// remove payment account info from person
$q = "UPDATE person\n SET payment_account_id = NULL\n WHERE id = {$person_id}";
$r = $db->query($q) or die_query($db, $q);
echo jsonp(array('person' => person_load($db, $person_id), 'response' => $response));
