From 15fd832705b5f6512b1f3d98a24bcc4712e2b610 Mon Sep 17 00:00:00 2001 From: FrancescoUK Date: Mon, 20 Jun 2016 22:17:55 +0100 Subject: [PATCH] XSS clean Receiving (#39) code refactoring and various issues fixing --- application/controllers/Receivings.php | 438 ++++++++++-------- application/controllers/Reports.php | 5 +- application/controllers/Sales.php | 27 +- .../language/de-CH/receivings_lang.php | 9 +- application/language/en/receivings_lang.php | 9 +- application/language/es/receivings_lang.php | 9 +- application/language/fr/receivings_lang.php | 9 +- .../language/hr-HR/receivings_lang.php | 9 +- .../language/hu-HU/receivings_lang.php | 9 +- application/language/id/receivings_lang.php | 9 +- .../language/nl-BE/receivings_lang.php | 9 +- .../language/pt-BR/receivings_lang.php | 9 +- application/language/ru/receivings_lang.php | 9 +- application/language/th/receivings_lang.php | 9 +- application/language/tr/receivings_lang.php | 9 +- application/language/zh/receivings_lang.php | 9 +- application/libraries/Receiving_lib.php | 8 +- application/models/Receiving.php | 79 ++-- .../models/reports/Detailed_receivings.php | 6 +- application/views/receivings/receipt.php | 4 +- application/views/receivings/receiving.php | 61 ++- translations/receivings_lang.csv | 9 +- 22 files changed, 455 insertions(+), 299 deletions(-) diff --git a/application/controllers/Receivings.php b/application/controllers/Receivings.php index 756ef3a28..8f9188efb 100644 --- a/application/controllers/Receivings.php +++ b/application/controllers/Receivings.php @@ -4,7 +4,7 @@ require_once("Secure_Controller.php"); class Receivings extends Secure_Controller { - function __construct() + public function __construct() { parent::__construct('receivings'); @@ -12,108 +12,114 @@ class Receivings extends Secure_Controller $this->load->library('barcode_lib'); } - function index() + public function index() { $this->_reload(); } - function item_search() + public function item_search() { - $suggestions = $this->Item->get_search_suggestions($this->input->get('term'), array( - 'search_custom' => FALSE, 'is_deleted' => FALSE - ), TRUE); + $suggestions = $this->Item->get_search_suggestions($this->input->get('term'), array('search_custom' => FALSE, 'is_deleted' => FALSE), TRUE); $suggestions = array_merge($suggestions, $this->Item_kit->get_search_suggestions($this->input->get('term'))); + + $suggestions = $this->xss_clean($suggestions); + echo json_encode($suggestions); } - function select_supplier() + public function select_supplier() { $supplier_id = $this->input->post('supplier'); - if ($this->Supplier->exists($supplier_id)) + if($this->Supplier->exists($supplier_id)) { $this->receiving_lib->set_supplier($supplier_id); } + $this->_reload(); } - function change_mode() + public function change_mode() { $stock_destination = $this->input->post('stock_destination'); $stock_source = $this->input->post('stock_source'); - if ((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) && + + if((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) && (!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())) { $this->receiving_lib->clear_invoice_number(); $mode = $this->input->post('mode'); $this->receiving_lib->set_mode($mode); } - else if ($this->Stock_location->is_allowed_location($stock_source, 'receivings')) + else if($this->Stock_location->is_allowed_location($stock_source, 'receivings')) { $this->receiving_lib->set_stock_source($stock_source); $this->receiving_lib->set_stock_destination($stock_destination); } + $this->_reload(); } - function set_comment() + public function set_comment() { $this->receiving_lib->set_comment($this->input->post('comment')); } - function set_invoice_number_enabled() + public function set_invoice_number_enabled() { $this->receiving_lib->set_invoice_number_enabled($this->input->post('recv_invoice_number_enabled')); } - function set_print_after_sale() + public function set_print_after_sale() { $this->receiving_lib->set_print_after_sale($this->input->post('recv_print_after_sale')); } - function set_invoice_number() + public function set_invoice_number() { $this->receiving_lib->set_invoice_number($this->input->post('recv_invoice_number')); } - function add() + public function add() { - $data=array(); + $data = array(); + $mode = $this->receiving_lib->get_mode(); $item_id_or_number_or_item_kit_or_receipt = $this->input->post('item'); - $quantity = ($mode=="receive" or $mode=="requisition") ? 1 : -1; + $quantity = ($mode == 'receive' || $mode == 'requisition') ? 1 : -1; $item_location = $this->receiving_lib->get_stock_source(); - if($mode=='return' && $this->receiving_lib->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) + + if($mode == 'return' && $this->receiving_lib->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) { $this->receiving_lib->return_entire_receiving($item_id_or_number_or_item_kit_or_receipt); } - elseif($this->receiving_lib->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) + else if($this->receiving_lib->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) { - $this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt,$item_location); + $this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt, $item_location); } - else + else if(!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location)) { - if(!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt,$quantity,$item_location)) - $data['error']=$this->lang->line('recvs_unable_to_add_item'); + $data['error'] = $this->lang->line('recvs_unable_to_add_item'); } + $this->_reload($data); } - function edit_item($item_id) + public function edit_item($item_id) { - $data= array(); + $data = array(); $this->form_validation->set_rules('price', 'lang:items_price', 'required|numeric'); $this->form_validation->set_rules('quantity', 'lang:items_quantity', 'required|numeric'); $this->form_validation->set_rules('discount', 'lang:items_discount', 'required|numeric'); - $description = $this->input->post('description'); - $serialnumber = $this->input->post('serialnumber'); + $description = $this->input->post('description'); + $serialnumber = $this->input->post('serialnumber'); $price = $this->input->post('price'); $quantity = $this->input->post('quantity'); $discount = $this->input->post('discount'); $item_location = $this->input->post('location'); - if ($this->form_validation->run() != FALSE) + if($this->form_validation->run() != FALSE) { $this->receiving_lib->edit_item($item_id, $description, $serialnumber, $quantity, $discount, $price); } @@ -125,107 +131,132 @@ class Receivings extends Secure_Controller $this->_reload($data); } - function edit($receiving_id) + public function edit($receiving_id) { $data = array(); - + $data['suppliers'] = array('' => 'No Supplier'); - foreach ($this->Supplier->get_all()->result() as $supplier) + foreach($this->Supplier->get_all()->result() as $supplier) { - $data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name; + $data['suppliers'][$supplier->person_id] = $this->xss_clean($supplier->first_name . ' ' . $supplier->last_name); } $data['employees'] = array(); foreach ($this->Employee->get_all()->result() as $employee) { - $data['employees'][$employee->person_id] = $employee->first_name . ' '. $employee->last_name; + $data['employees'][$employee->person_id] = $this->xss_clean($employee->first_name . ' '. $employee->last_name); } - $receiving_info = $this->Receiving->get_info($receiving_id)->row_array(); - $person_name = $receiving_info['first_name'] . " " . $receiving_info['last_name']; - $data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $person_name : ""; + $receiving_info = $this->xss_clean($this->Receiving->get_info($receiving_id)->row_array()); + $data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : ''; $data['selected_supplier_id'] = $receiving_info['supplier_id']; $data['receiving_info'] = $receiving_info; $this->load->view('receivings/form', $data); } - function delete_item($item_number) + public function delete_item($item_number) { $this->receiving_lib->delete_item($item_number); + $this->_reload(); } - function delete($receiving_id = -1, $update_inventory=TRUE) + public function delete($receiving_id = -1, $update_inventory = TRUE) { - $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; - $receiving_ids=$receiving_id == -1 ? $this->input->post('ids') : array($receiving_id); + $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; + $receiving_ids = $receiving_id == -1 ? $this->input->post('ids') : array($receiving_id); if($this->Receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('recvs_successfully_deleted').' '. - count($receiving_ids).' '.$this->lang->line('recvs_one_or_multiple'),'ids'=>$receiving_ids)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('recvs_successfully_deleted') . ' ' . + count($receiving_ids) . ' ' . $this->lang->line('recvs_one_or_multiple'), 'ids' => $receiving_ids)); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('recvs_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('recvs_cannot_be_deleted'))); } } - function delete_supplier() + public function remove_supplier() { $this->receiving_lib->clear_invoice_number(); - $this->receiving_lib->delete_supplier(); + $this->receiving_lib->remove_supplier(); + $this->_reload(); } - function complete() + public function complete() { - $data['cart']=$this->receiving_lib->get_cart(); - $data['total']=$this->receiving_lib->get_total(); - $data['receipt_title']=$this->lang->line('recvs_receipt'); - $data['transaction_time']= date($this->config->item('dateformat').' '.$this->config->item('timeformat')); - $data['mode']=$this->receiving_lib->get_mode(); - $data['show_stock_locations']=$this->Stock_location->show_locations('receivings'); - $supplier_id=$this->receiving_lib->get_supplier(); - $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; - $comment = $this->input->post('comment'); - $emp_info=$this->Employee->get_info($employee_id); - $payment_type=$this->input->post('payment_type'); - $data['stock_location']=$this->receiving_lib->get_stock_source(); - if ( $this->input->post('amount_tendered') != null ) + $data = array(); + + $data['cart'] = $this->receiving_lib->get_cart(); + $data['total'] = $this->receiving_lib->get_total(); + $data['receipt_title'] = $this->lang->line('recvs_receipt'); + $data['transaction_time'] = date($this->config->item('dateformat') . ' ' . $this->config->item('timeformat')); + $data['mode'] = $this->receiving_lib->get_mode(); + $data['comment'] = $this->input->post('comment'); + $data['payment_type'] = $this->input->post('payment_type'); + $data['show_stock_locations'] = $this->Stock_location->show_locations('receivings'); + $data['stock_location'] = $this->receiving_lib->get_stock_source(); + if($this->input->post('amount_tendered') != NULL) { $data['amount_tendered'] = $this->input->post('amount_tendered'); $data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']); } - $data['employee']=$emp_info->first_name.' '.$emp_info->last_name; - $suppl_info =''; - if($supplier_id!=-1) + + $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; + $employee_info = $this->Employee->get_info($employee_id); + $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name; + + $supplier_info = ''; + $supplier_id = $this->receiving_lib->get_supplier(); + if($supplier_id != -1) { - $suppl_info=$this->Supplier->get_info($supplier_id); - $data['supplier']=$suppl_info->company_name; // first_name.' '.$suppl_info->last_name; + $supplier_info = $this->Supplier->get_info($supplier_id); + $data['supplier'] = $supplier_info->company_name; + $data['first_name'] = $supplier_info->first_name; + $data['last_name'] = $supplier_info->last_name; + $data['supplier_email'] = $supplier_info->email; + $data['supplier_address'] = $supplier_info->address_1; + if(!empty($supplier_info->zip) or !empty($supplier_info->city)) + { + $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city; + } + else + { + $data['supplier_location'] = ''; + } } - $invoice_number=$this->_substitute_invoice_number($suppl_info); - if ($this->receiving_lib->is_invoice_number_enabled() && $this->Receiving->invoice_number_exists($invoice_number)) + $invoice_number = $this->_substitute_invoice_number($supplier_info); + if($this->receiving_lib->is_invoice_number_enabled() && $this->Receiving->invoice_number_exists($invoice_number)) { - $data['error']=$this->lang->line('recvs_invoice_number_duplicate'); + $data['error'] = $this->lang->line('recvs_invoice_number_duplicate'); + $this->_reload($data); } else { - $invoice_number = $this->receiving_lib->is_invoice_number_enabled() ? $invoice_number : null; - $data['invoice_number']=$invoice_number; - $data['payment_type']=$this->input->post('payment_type'); + $invoice_number = $this->receiving_lib->is_invoice_number_enabled() ? $invoice_number : NULL; + $data['invoice_number'] = $invoice_number; //SAVE receiving to database - $data['receiving_id']='RECV '.$this->Receiving->save($data['cart'], $supplier_id,$employee_id,$comment,$invoice_number,$payment_type,$data['stock_location']); - - if ($data['receiving_id'] == 'RECV -1') + $data['receiving_id'] = 'RECV ' . $this->Receiving->save($data['cart'], $supplier_id, $employee_id, $data['comment'], $invoice_number, $data['payment_type'], $data['stock_location']); + + $data = $this->xss_clean($data); + + if($data['receiving_id'] == 'RECV -1') { - $data['error_message'] = $this->lang->line('receivings_transaction_failed'); + $data['error_message'] = $this->lang->line('recvs_transaction_failed'); } - $data['barcode']=$this->barcode_lib->generate_receipt_barcode($data['receiving_id']); + else + { + $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']); + } + $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale(); + $this->load->view("receivings/receipt",$data); + $this->receiving_lib->clear_all(); } } @@ -233,177 +264,202 @@ class Receivings extends Secure_Controller private function _substitute_variable($text, $variable, $object, $function) { // don't query if this variable isn't used - if (strstr($text, $variable)) + if(strstr($text, $variable)) { $value = call_user_func(array($object, $function)); $text = str_replace($variable, $value, $text); } + return $text; } - private function _substitute_variables($text,$supplier_info) + private function _substitute_variables($text, $supplier_info) { - $text=$this->_substitute_variable($text, '$YCO', $this->Receiving, 'get_invoice_number_for_year'); - $text=$this->_substitute_variable($text, '$CO', $this->Receiving , 'get_invoice_count'); - $text=strftime($text); - $text=$this->_substitute_supplier($text, $supplier_info); + $text = $this->_substitute_variable($text, '$YCO', $this->Receiving, 'get_invoice_number_for_year'); + $text = $this->_substitute_variable($text, '$CO', $this->Receiving, 'get_invoice_count'); + $text = strftime($text); + $text = $this->_substitute_supplier($text, $supplier_info); + return $text; } - private function _substitute_supplier($text,$supplier_info) + private function _substitute_supplier($text, $supplier_info) { - $supplier_id=$this->receiving_lib->get_supplier(); - if($supplier_id!=-1) + $supplier_id = $this->receiving_lib->get_supplier(); + if($supplier_id != -1) { - $text=str_replace('$SU',$supplier_info->company_name,$text); + $text = str_replace('$SU', $supplier_info->company_name,$text); $words = preg_split("/\s+/", trim($supplier_info->company_name)); - $acronym = ""; - foreach ($words as $w) { + $acronym = ''; + foreach($words as $w) + { $acronym .= $w[0]; } - $text=str_replace('$SI',$acronym,$text); + $text = str_replace('$SI', $acronym, $text); } + return $text; } - private function _substitute_invoice_number($supplier_info='') + private function _substitute_invoice_number($supplier_info = '') { - $invoice_number=$this->config->config['recv_invoice_format']; - $invoice_number = $this->_substitute_variables($invoice_number,$supplier_info); + $invoice_number = $this->config->config['recv_invoice_format']; + $invoice_number = $this->_substitute_variables($invoice_number, $supplier_info); $this->receiving_lib->set_invoice_number($invoice_number, TRUE); + return $this->receiving_lib->get_invoice_number(); } - function requisition_complete() - { - if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) - { - foreach($this->receiving_lib->get_cart() as $item) - { - $this->receiving_lib->delete_item($item['line']); - $this->receiving_lib->add_item($item['item_id'],$item['quantity'],$this->receiving_lib->get_stock_destination()); - $this->receiving_lib->add_item($item['item_id'],-$item['quantity'],$this->receiving_lib->get_stock_source()); - } - + public function requisition_complete() + { + if($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) + { + foreach($this->receiving_lib->get_cart() as $item) + { + $this->receiving_lib->delete_item($item['line']); + $this->receiving_lib->add_item($item['item_id'], $item['quantity'], $this->receiving_lib->get_stock_destination()); + $this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source()); + } + $this->complete(); - } - else - { - $data['error']=$this->lang->line('recvs_error_requisition'); - $this->_reload($data); - } - } - - function receipt($receiving_id) + } + else + { + $data['error'] = $this->lang->line('recvs_error_requisition'); + + $this->_reload($data); + } + } + + public function receipt($receiving_id) { $receiving_info = $this->Receiving->get_info($receiving_id)->row_array(); $this->receiving_lib->copy_entire_receiving($receiving_id); - $data['cart']=$this->receiving_lib->get_cart(); - $data['total']=$this->receiving_lib->get_total(); - $data['mode']=$this->receiving_lib->get_mode(); - $data['receipt_title']=$this->lang->line('recvs_receipt'); - $data['transaction_time']= date($this->config->item('dateformat').' '.$this->config->item('timeformat'), strtotime($receiving_info['receiving_time'])); - $data['show_stock_locations']=$this->Stock_location->show_locations('receivings'); - $supplier_id=$this->receiving_lib->get_supplier(); - $emp_info=$this->Employee->get_info($receiving_info['employee_id']); - $data['payment_type']=$receiving_info['payment_type']; - $data['invoice_number']=$this->receiving_lib->get_invoice_number(); - $data['receiving_id']='RECV '.$receiving_id; - $data['barcode']=$this->barcode_lib->generate_receipt_barcode($data['receiving_id']); - $data['employee']=$emp_info->first_name.' '.$emp_info->last_name; + $data['cart'] = $this->receiving_lib->get_cart(); + $data['total'] = $this->receiving_lib->get_total(); + $data['mode'] = $this->receiving_lib->get_mode(); + $data['receipt_title'] = $this->lang->line('recvs_receipt'); + $data['transaction_time'] = date($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), strtotime($receiving_info['receiving_time'])); + $data['show_stock_locations'] = $this->Stock_location->show_locations('receivings'); + $data['payment_type'] = $receiving_info['payment_type']; + $data['invoice_number'] = $this->receiving_lib->get_invoice_number(); + $data['receiving_id'] = 'RECV ' . $receiving_id; + $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']); + $employee_info = $this->Employee->get_info($receiving_info['employee_id']); + $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name; - if($supplier_id!=-1) + $supplier_id = $this->receiving_lib->get_supplier(); + if($supplier_id != -1) { - $supplier_info=$this->Supplier->get_info($supplier_id); - $data['supplier']=$supplier_info->first_name.' '.$supplier_info->last_name; + $supplier_info = $this->Supplier->get_info($supplier_id); + $data['supplier'] = $supplier_info->company_name; + $data['first_name'] = $supplier_info->first_name; + $data['last_name'] = $supplier_info->last_name; + $data['supplier_email'] = $supplier_info->email; + $data['supplier_address'] = $supplier_info->address_1; + if(!empty($supplier_info->zip) or !empty($supplier_info->city)) + { + $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city; + } + else + { + $data['supplier_location'] = ''; + } } $data['print_after_sale'] = FALSE; - $this->load->view("receivings/receipt",$data); + + $data = $this->xss_clean($data); + + $this->load->view("receivings/receipt", $data); + $this->receiving_lib->clear_all(); } - private function _reload($data=array()) + private function _reload($data = array()) { - $person_info = $this->Employee->get_logged_in_employee_info(); - $data['cart']=$this->receiving_lib->get_cart(); - $data['modes']=array('receive'=>$this->lang->line('recvs_receiving'),'return'=>$this->lang->line('recvs_return')); - $data['mode']=$this->receiving_lib->get_mode(); - - $data['stock_locations']=$this->Stock_location->get_allowed_locations('receivings'); - $show_stock_locations = count($data['stock_locations']) > 1; - if ($show_stock_locations) - { - $data['modes']['requisition']=$this->lang->line('recvs_requisition'); - $data['stock_source']=$this->receiving_lib->get_stock_source(); - $data['stock_destination']=$this->receiving_lib->get_stock_destination(); - } - $data['show_stock_locations']=$show_stock_locations; - - $data['total']=$this->receiving_lib->get_total(); - $data['items_module_allowed']=$this->Employee->has_grant('items',$person_info->person_id); - $data['comment']=$this->receiving_lib->get_comment(); - $data['payment_options']=array( - $this->lang->line('sales_cash') => $this->lang->line('sales_cash'), - $this->lang->line('sales_check') => $this->lang->line('sales_check'), - $this->lang->line('sales_debit') => $this->lang->line('sales_debit'), - $this->lang->line('sales_credit') => $this->lang->line('sales_credit') - ); - - $supplier_id=$this->receiving_lib->get_supplier(); - $suppl_info=''; - if($supplier_id!=-1) + $data['cart'] = $this->receiving_lib->get_cart(); + $data['modes'] = array('receive' => $this->lang->line('recvs_receiving'), 'return' => $this->lang->line('recvs_return')); + $data['mode'] = $this->receiving_lib->get_mode(); + $data['stock_locations'] = $this->Stock_location->get_allowed_locations('receivings'); + $data['show_stock_locations'] = count($data['stock_locations']) > 1; + if($data['show_stock_locations']) { - $suppl_info=$this->Supplier->get_info($supplier_id); - $data['supplier']=$suppl_info->company_name; // first_name.' '.$info->last_name; + $data['modes']['requisition'] = $this->lang->line('recvs_requisition'); + $data['stock_source'] = $this->receiving_lib->get_stock_source(); + $data['stock_destination'] = $this->receiving_lib->get_stock_destination(); } - $data['invoice_number']=$this->_substitute_invoice_number($suppl_info); - $data['invoice_number_enabled']=$this->receiving_lib->is_invoice_number_enabled(); - $data['print_after_sale']=$this->receiving_lib->is_print_after_sale(); - $this->load->view("receivings/receiving",$data); + + $data['total'] = $this->receiving_lib->get_total(); + $data['items_module_allowed'] = $this->Employee->has_grant('items', $this->Employee->get_logged_in_employee_info()->person_id); + $data['comment'] = $this->receiving_lib->get_comment(); + $data['payment_options'] = $this->Receiving->get_payment_options(); + + $supplier_id = $this->receiving_lib->get_supplier(); + $supplier_info = ''; + if($supplier_id != -1) + { + $supplier_info = $this->Supplier->get_info($supplier_id); + $data['supplier'] = $supplier_info->company_name; + $data['first_name'] = $supplier_info->first_name; + $data['last_name'] = $supplier_info->last_name; + $data['supplier_email'] = $supplier_info->email; + $data['supplier_address'] = $supplier_info->address_1; + if(!empty($supplier_info->zip) or !empty($supplier_info->city)) + { + $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city; + } + else + { + $data['supplier_location'] = ''; + } + } + $data['invoice_number'] = $this->_substitute_invoice_number($supplier_info); + $data['invoice_number_enabled'] = $this->receiving_lib->is_invoice_number_enabled(); + $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale(); + + $data = $this->xss_clean($data); + + $this->load->view("receivings/receiving", $data); } - function save($receiving_id = -1) + public function save($receiving_id = -1) { - $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $this->input->post('date')); + $newdate = $this->input->post('date'); + + $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $newdate); $receiving_data = array( 'receiving_time' => $date_formatter->format('Y-m-d H:i:s'), - 'supplier_id' => $this->input->post('supplier_id') ? $this->input->post('supplier_id') : null, + 'supplier_id' => $this->input->post('supplier_id') ? $this->input->post('supplier_id') : NULL, 'employee_id' => $this->input->post('employee_id'), 'comment' => $this->input->post('comment'), - 'invoice_number' => $this->input->post('invoice_number') + 'invoice_number' => $this->input->post('invoice_number') != '' ? $this->input->post('invoice_number') : NULL ); - if ($this->Receiving->update($receiving_data, $receiving_id)) + if($this->Receiving->update($receiving_data, $receiving_id)) { - echo json_encode(array( - 'success'=>true, - 'message'=>$this->lang->line('recvs_successfully_updated'), - 'id'=>$receiving_id) - ); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('recvs_successfully_updated'), 'id' => $receiving_id)); } else { - echo json_encode(array( - 'success'=>false, - 'message'=>$this->lang->line('recvs_unsuccessfully_updated'), - 'id'=>$receiving_id) - ); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('recvs_unsuccessfully_updated'), 'id' => $receiving_id)); } } - function cancel_receiving() - { - $this->receiving_lib->clear_all(); - $this->_reload(); - } - - function check_invoice_number() - { - $receiving_id=$this->input->post('receiving_id'); - $invoice_number=$this->input->post('invoice_number'); - $exists=!empty($invoice_number) && $this->Receiving->invoice_number_exists($invoice_number, $receiving_id); + public function cancel_receiving() + { + $this->receiving_lib->clear_all(); + + $this->_reload(); + } + + public function check_invoice_number() + { + $receiving_id = $this->input->post('receiving_id'); + $invoice_number = $this->input->post('invoice_number'); + $exists =! empty($invoice_number) && $this->Receiving->invoice_number_exists($invoice_number, $receiving_id); + echo !$exists ? 'true' : 'false'; - } + } } ?> diff --git a/application/controllers/Reports.php b/application/controllers/Reports.php index 00bc8e114..f715a613d 100644 --- a/application/controllers/Reports.php +++ b/application/controllers/Reports.php @@ -920,13 +920,14 @@ class Reports extends Secure_Controller 'id' => $row['receiving_id'], 'receiving_date' => $row['receiving_date'], 'quantity' => to_quantity_decimals($row['items_purchased']), - 'employee' => $row['employee_name'], $row['supplier_name'], + 'employee' => $row['employee_name'], + 'supplier' => $row['supplier_name'], 'total' => to_currency($row['total']), 'payment_type' => $row['payment_type'], 'invoice_number' => $row['invoice_number'], 'comment' => $row['comment'], 'edit' => anchor("receivings/edit/" . $row['receiving_id'], '', - array('class' => "modal-dlg modal-btn-delete modal-btn-submit print_hide", 'title' => $this->lang->line('receivings_update')) + array('class' => "modal-dlg modal-btn-delete modal-btn-submit print_hide", 'title' => $this->lang->line('recvs_update')) ) )); diff --git a/application/controllers/Sales.php b/application/controllers/Sales.php index 134fd2a9c..53f973409 100644 --- a/application/controllers/Sales.php +++ b/application/controllers/Sales.php @@ -245,7 +245,7 @@ class Sales extends Secure_Controller $mode = $this->sale_lib->get_mode(); $item_id_or_number_or_item_kit_or_receipt = $this->input->post('item'); - $quantity = ($mode == "return") ? -1 : 1; + $quantity = ($mode == 'return') ? -1 : 1; $item_location = $this->sale_lib->get_sale_location(); $discount = 0; @@ -282,7 +282,7 @@ class Sales extends Secure_Controller $this->_reload($data); } - public function edit_item($line) + public function edit_item($item_id) { $data = array(); @@ -299,14 +299,14 @@ class Sales extends Secure_Controller if($this->form_validation->run() != FALSE) { - $this->sale_lib->edit_item($line, $description, $serialnumber, $quantity, $discount, $price); + $this->sale_lib->edit_item($item_id, $description, $serialnumber, $quantity, $discount, $price); } else { $data['error'] = $this->lang->line('sales_error_editing_item'); } - $data['warning'] = $this->sale_lib->out_of_stock($this->sale_lib->get_item_id($line), $item_location); + $data['warning'] = $this->sale_lib->out_of_stock($this->sale_lib->get_item_id($item_id), $item_location); $this->_reload($data); } @@ -350,9 +350,9 @@ class Sales extends Secure_Controller $employee_info = $this->Employee->get_info($employee_id); $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name; $data['company_info'] = implode("\n", array( - $this->config->item('address'), - $this->config->item('phone'), - $this->config->item('account_number') + $this->config->item('address'), + $this->config->item('phone'), + $this->config->item('account_number') )); $customer_id = $this->sale_lib->get_customer(); $customer_info = $this->_load_customer_data($customer_id, $data); @@ -687,6 +687,7 @@ class Sales extends Secure_Controller public function edit($sale_id) { $data = array(); + $data['employees'] = array(); foreach($this->Employee->get_all()->result() as $employee) { @@ -695,13 +696,13 @@ class Sales extends Secure_Controller $employee->$property = $this->xss_clean($value); } - $data['employees'][$employee->person_id] = $employee->first_name . ' '. $employee->last_name; + $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name; } $this->Sale->create_sales_items_temp_table(); $sale_info = $this->xss_clean($this->Sale->get_info($sale_id)->row_array()); - $person_name = $sale_info['first_name'] . " " . $sale_info['last_name']; + $person_name = $sale_info['first_name'] . ' ' . $sale_info['last_name']; $data['selected_customer_name'] = !empty($sale_info['customer_id']) ? $person_name : ''; $data['selected_customer_id'] = $sale_info['customer_id']; $data['sale_info'] = $sale_info; @@ -730,8 +731,8 @@ class Sales extends Secure_Controller if($this->Sale->delete_list($sale_ids, $employee_id, $update_inventory)) { - echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('sales_successfully_deleted').' '. - count($sale_ids).' '.$this->lang->line('sales_one_or_multiple'), 'ids' => $sale_ids)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('sales_successfully_deleted') . ' ' . + count($sale_ids) . ' ' . $this->lang->line('sales_one_or_multiple'), 'ids' => $sale_ids)); } else { @@ -743,10 +744,10 @@ class Sales extends Secure_Controller { $newdate = $this->input->post('date'); - $start_date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $newdate); + $date_formatter = date_create_from_format($this->config->item('dateformat') . ' ' . $this->config->item('timeformat'), $newdate); $sale_data = array( - 'sale_time' => $start_date_formatter->format('Y-m-d H:i:s'), + 'sale_time' => $date_formatter->format('Y-m-d H:i:s'), 'customer_id' => $this->input->post('customer_id') != '' ? $this->input->post('customer_id') : NULL, 'employee_id' => $this->input->post('employee_id'), 'comment' => $this->input->post('comment'), diff --git a/application/language/de-CH/receivings_lang.php b/application/language/de-CH/receivings_lang.php index 592f7bda7..cbc7231d1 100644 --- a/application/language/de-CH/receivings_lang.php +++ b/application/language/de-CH/receivings_lang.php @@ -1,6 +1,6 @@ empty_cart(); - $this->delete_supplier(); + $this->remove_supplier(); $this->clear_comment(); foreach($this->CI->Receiving->get_receiving_items($receiving_id)->result() as $row) @@ -318,7 +318,7 @@ class Receiving_lib function copy_entire_receiving($receiving_id) { $this->empty_cart(); - $this->delete_supplier(); + $this->remove_supplier(); foreach($this->CI->Receiving->get_receiving_items($receiving_id)->result() as $row) { @@ -341,7 +341,7 @@ class Receiving_lib $this->CI->session->unset_userdata('cartRecv'); } - function delete_supplier() + function remove_supplier() { $this->CI->session->unset_userdata('supplier'); } @@ -356,7 +356,7 @@ class Receiving_lib $this->set_invoice_number_enabled(FALSE); $this->clear_mode(); $this->empty_cart(); - $this->delete_supplier(); + $this->remove_supplier(); $this->clear_comment(); $this->clear_invoice_number(); } diff --git a/application/models/Receiving.php b/application/models/Receiving.php index 7c03909f5..b586dfbca 100644 --- a/application/models/Receiving.php +++ b/application/models/Receiving.php @@ -2,9 +2,10 @@ class Receiving extends CI_Model { public function get_info($receiving_id) - { + { $this->db->from('receivings'); $this->db->join('people', 'people.person_id = receivings.supplier_id', 'LEFT'); + $this->db->join('suppliers', 'suppliers.person_id = receivings.supplier_id', 'LEFT'); $this->db->where('receiving_id', $receiving_id); return $this->db->get(); @@ -64,7 +65,7 @@ class Receiving extends CI_Model } $receivings_data = array( - 'supplier_id' => $this->Supplier->exists($supplier_id) ? $supplier_id : null, + 'supplier_id' => $this->Supplier->exists($supplier_id) ? $supplier_id : NULL, 'employee_id' => $employee_id, 'payment_type' => $payment_type, 'comment' => $comment, @@ -82,17 +83,17 @@ class Receiving extends CI_Model $cur_item_info = $this->Item->get_info($item['item_id']); $receivings_items_data = array( - 'receiving_id'=>$receiving_id, - 'item_id'=>$item['item_id'], - 'line'=>$item['line'], - 'description'=>$item['description'], - 'serialnumber'=>$item['serialnumber'], - 'quantity_purchased'=>$item['quantity'], - 'receiving_quantity'=>$item['receiving_quantity'], - 'discount_percent'=>$item['discount'], + 'receiving_id' => $receiving_id, + 'item_id' => $item['item_id'], + 'line' => $item['line'], + 'description' => $item['description'], + 'serialnumber' => $item['serialnumber'], + 'quantity_purchased' => $item['quantity'], + 'receiving_quantity' => $item['receiving_quantity'], + 'discount_percent' => $item['discount'], 'item_cost_price' => $cur_item_info->cost_price, - 'item_unit_price'=>$item['price'], - 'item_location'=>$item['item_location'] + 'item_unit_price' => $item['price'], + 'item_location' => $item['item_location'] ); $this->db->insert('receivings_items', $receivings_items_data); @@ -100,28 +101,24 @@ class Receiving extends CI_Model $items_received = $item['receiving_quantity'] != 0 ? $item['quantity'] * $item['receiving_quantity'] : $item['quantity']; // update cost price, if changed AND is set in config as wanted - if($cur_item_info->cost_price != $item['price'] AND $this->config->item('receiving_calculate_average_price') != FALSE) + if($cur_item_info->cost_price != $item['price'] && $this->config->item('receiving_calculate_average_price') != FALSE) { - $this->Item->change_cost_price($item['item_id'], - $items_received, - $item['price'], - $cur_item_info->cost_price); + $this->Item->change_cost_price($item['item_id'], $items_received, $item['price'], $cur_item_info->cost_price); } //Update stock quantity $item_quantity = $this->Item_quantity->get_item_quantity($item['item_id'], $item['item_location']); - $this->Item_quantity->save(array('quantity'=>$item_quantity->quantity + $items_received, - 'item_id'=>$item['item_id'], - 'location_id'=>$item['item_location']), $item['item_id'], $item['item_location']); + $this->Item_quantity->save(array('quantity' => $item_quantity->quantity + $items_received, 'item_id' => $item['item_id'], + 'location_id' => $item['item_location']), $item['item_id'], $item['item_location']); - $recv_remarks ='RECV '.$receiving_id; + $recv_remarks = 'RECV ' . $receiving_id; $inv_data = array( - 'trans_date'=>date('Y-m-d H:i:s'), - 'trans_items'=>$item['item_id'], - 'trans_user'=>$employee_id, - 'trans_location'=>$item['item_location'], - 'trans_comment'=>$recv_remarks, - 'trans_inventory'=>$items_received + 'trans_date' => date('Y-m-d H:i:s'), + 'trans_items' => $item['item_id'], + 'trans_user' => $employee_id, + 'trans_location' => $item['item_location'], + 'trans_comment' => $recv_remarks, + 'trans_inventory' => $items_received ); $this->Inventory->insert($inv_data); @@ -173,20 +170,18 @@ class Receiving extends CI_Model { // create query to update inventory tracking $inv_data = array( - 'trans_date'=>date('Y-m-d H:i:s'), - 'trans_items'=>$item['item_id'], - 'trans_user'=>$employee_id, - 'trans_comment'=>'Deleting receiving ' . $receiving_id, - 'trans_location'=>$item['item_location'], - 'trans_inventory'=>$item['quantity_purchased']*-1 + 'trans_date' => date('Y-m-d H:i:s'), + 'trans_items' => $item['item_id'], + 'trans_user' => $employee_id, + 'trans_comment' => 'Deleting receiving ' . $receiving_id, + 'trans_location' => $item['item_location'], + 'trans_inventory' => $item['quantity_purchased'] * -1 ); // update inventory $this->Inventory->insert($inv_data); // update quantities - $this->Item_quantity->change_quantity($item['item_id'], - $item['item_location'], - $item['quantity_purchased']*-1); + $this->Item_quantity->change_quantity($item['item_id'], $item['item_location'], $item['quantity_purchased'] * -1); } } @@ -229,7 +224,17 @@ class Receiving extends CI_Model return ($query->num_rows() == 1); } - + + public function get_payment_options() + { + return array( + $this->lang->line('sales_cash') => $this->lang->line('sales_cash'), + $this->lang->line('sales_check') => $this->lang->line('sales_check'), + $this->lang->line('sales_debit') => $this->lang->line('sales_debit'), + $this->lang->line('sales_credit') => $this->lang->line('sales_credit') + ); + } + /* We create a temp table that allows us to do easy report/receiving queries */ diff --git a/application/models/reports/Detailed_receivings.php b/application/models/reports/Detailed_receivings.php index ce9df2327..be5aa9d9f 100644 --- a/application/models/reports/Detailed_receivings.php +++ b/application/models/reports/Detailed_receivings.php @@ -42,7 +42,7 @@ class Detailed_receivings extends Report $this->db->select('receiving_id, DATE_FORMAT(receiving_date, "%d-%m-%Y") AS receiving_date, SUM(quantity_purchased) AS items_purchased, CONCAT(employee.first_name, " ", employee.last_name) AS employee_name, suppliers.company_name AS supplier_name, SUM(subtotal) AS subtotal, SUM(total) AS total, SUM(profit) AS profit, payment_type, comment, invoice_number'); $this->db->from('receivings_items_temp'); $this->db->join('people AS employee', 'receivings_items_temp.employee_id = employee.person_id'); - $this->db->join('suppliers AS suppliers', 'receivings_items_temp.supplier_id = suppliers.person_id', 'left'); + $this->db->join('suppliers AS supplier', 'receivings_items_temp.supplier_id = supplier.person_id', 'left'); $this->db->where('receiving_id', $receiving_id); return $this->db->get()->row_array(); @@ -50,10 +50,10 @@ class Detailed_receivings extends Report public function getData(array $inputs) { - $this->db->select('receiving_id, receiving_date, SUM(quantity_purchased) AS items_purchased, CONCAT(employee.first_name," ",employee.last_name) AS employee_name, CONCAT(supplier.first_name," ",supplier.last_name) AS supplier_name, SUM(total) AS total, SUM(profit) AS profit, payment_type, comment, invoice_number'); + $this->db->select('receiving_id, receiving_date, SUM(quantity_purchased) AS items_purchased, CONCAT(employee.first_name," ",employee.last_name) AS employee_name, supplier.company_name AS supplier_name, SUM(total) AS total, SUM(profit) AS profit, payment_type, comment, invoice_number'); $this->db->from('receivings_items_temp'); $this->db->join('people AS employee', 'receivings_items_temp.employee_id = employee.person_id'); - $this->db->join('people AS supplier', 'receivings_items_temp.supplier_id = supplier.person_id', 'left'); + $this->db->join('suppliers AS supplier', 'receivings_items_temp.supplier_id = supplier.person_id', 'left'); $this->db->where('receiving_date BETWEEN '. $this->db->escape($inputs['start_date']). ' AND '. $this->db->escape($inputs['end_date'])); if ($inputs['location_id'] != 'all') diff --git a/application/views/receivings/receipt.php b/application/views/receivings/receipt.php index f1282c1e8..e0b4ad04c 100644 --- a/application/views/receivings/receipt.php +++ b/application/views/receivings/receipt.php @@ -11,8 +11,8 @@ if (isset($error_message)) load->view('partial/print_receipt', array('print_after_sale', $print_after_sale, 'selected_printer'=>'receipt_printer')); ?>
diff --git a/application/views/receivings/receiving.php b/application/views/receivings/receiving.php index 7db42ad01..ffb4eff41 100644 --- a/application/views/receivings/receiving.php +++ b/application/views/receivings/receiving.php @@ -5,6 +5,16 @@ if (isset($error)) { echo "
".$error."
"; } + +if (!empty($warning)) +{ + echo "
".$warning."
"; +} + +if (isset($success)) +{ + echo "
".$success."
"; +} ?>
@@ -96,7 +106,7 @@ if (isset($error)) lang->line('recvs_discount'); ?> lang->line('recvs_total'); ?> - lang->line('receivings_update'); ?> + lang->line('recvs_update'); ?> @@ -175,7 +185,7 @@ if (isset($error)) } ?> - lang->line('receivings_update')?> > + lang->line('recvs_update')?> > lang->line("recvs_supplier").': '.$supplier. '
'; - echo anchor($controller_name."/delete_supplier", ' ' . $this->lang->line('common_remove').' '.$this->lang->line('suppliers_supplier'), - array('class'=>'btn btn-danger btn-sm', 'id'=>'remove_supplier_button', 'title'=>$this->lang->line('common_remove').' '.$this->lang->line('suppliers_supplier'))); + ?> + + + + + + + + + + + + + + + + + + + + + + + +
lang->line("recvs_supplier"); ?>
lang->line("recvs_supplier_email"); ?>
lang->line("recvs_supplier_address"); ?>
lang->line("recvs_supplier_location"); ?>
+ +  ' . $this->lang->line('common_remove').' '.$this->lang->line('suppliers_supplier'), + array('class'=>'btn btn-danger btn-sm', 'id'=>'remove_supplier_button', 'title'=>$this->lang->line('common_remove').' '.$this->lang->line('suppliers_supplier'))); ?> +