diff --git a/application/controllers/Items.php b/application/controllers/Items.php index a1ac22dac..431edb1e2 100644 --- a/application/controllers/Items.php +++ b/application/controllers/Items.php @@ -4,17 +4,19 @@ require_once("Secure_Controller.php"); class Items extends Secure_Controller { - function __construct() + public function __construct() { parent::__construct('items'); $this->load->library('item_lib'); } - function index() + public function index() { - $stock_location = $this->item_lib->get_item_location(); - $stock_locations = $this->Stock_location->get_allowed_locations(); + $data['table_headers'] = $this->xss_clean(get_items_manage_table_headers()); + + $data['stock_location'] = $this->xss_clean($this->item_lib->get_item_location()); + $data['stock_locations'] = $this->xss_clean($this->Stock_location->get_allowed_locations()); // filters that will be loaded in the multiselect dropdown $data['filters'] = array('empty_upc' => $this->lang->line('items_empty_upc_items'), @@ -24,18 +26,13 @@ class Items extends Secure_Controller 'search_custom' => $this->lang->line('items_search_custom_items'), 'is_deleted' => $this->lang->line('items_is_deleted')); - $data['stock_location'] = $stock_location; - $data['stock_locations'] = $stock_locations; - - $data['table_headers'] = get_items_manage_table_headers(); - $this->load->view('items/manage', $data); } /* Returns Items table data rows. This will be called with AJAX. */ - function search() + public function search() { $search = $this->input->get('search'); $limit = $this->input->get('limit'); @@ -56,32 +53,33 @@ class Items extends Secure_Controller 'is_deleted' => FALSE); // check if any filter is set in the multiselect dropdown - $filledup = array_fill_keys($this->input->get('filters'), true); + $filledup = array_fill_keys($this->input->get('filters'), TRUE); $filters = array_merge($filters, $filledup); $items = $this->Item->search($search, $filters, $limit, $offset, $sort, $order); - $total_rows = $this->Item->get_found_rows($search, $filters); + $total_rows = $this->xss_clean($this->Item->get_found_rows($search, $filters)); $data_rows = array(); foreach($items->result() as $item) { - $data_rows[] = get_item_data_row($item, $this); + $data_rows[] = $this->xss_clean(get_item_data_row($item, $this)); } + echo json_encode(array('total' => $total_rows, 'rows' => $data_rows)); } - function pic_thumb($pic_id) + public function pic_thumb($pic_id) { $this->load->helper('file'); $this->load->library('image_lib'); $base_path = "uploads/item_pics/" . $pic_id ; $images = glob ($base_path. "*"); - if (sizeof($images) > 0) + if(sizeof($images) > 0) { $image_path = $images[0]; $ext = pathinfo($image_path, PATHINFO_EXTENSION); - $thumb_path = $base_path . $this->image_lib->thumb_marker.'.'.$ext; - if (sizeof($images) < 2) + $thumb_path = $base_path . $this->image_lib->thumb_marker . '.' . $ext; + if(sizeof($images) < 2) { $config['image_library'] = 'gd2'; $config['source_image'] = $image_path; @@ -101,26 +99,18 @@ class Items extends Secure_Controller /* Gives search suggestions based on what is being searched for */ - function suggest_search() + public function suggest_search() { - $suggestions = $this->Item->get_search_suggestions($this->input->post_get('term'), - array( - 'search_custom' => $this->input->post('search_custom'), - 'is_deleted' => $this->input->post('is_deleted') != null - ), - FALSE); + $suggestions = $this->xss_clean($this->Item->get_search_suggestions($this->input->post_get('term'), + array('search_custom' => $this->input->post('search_custom'), 'is_deleted' => $this->input->post('is_deleted') != NULL), FALSE)); echo json_encode($suggestions); } - function suggest() + public function suggest() { - $suggestions = $this->Item->get_search_suggestions($this->input->post_get('term'), - array( - 'search_custom' => FALSE, - 'is_deleted' => FALSE - ), - TRUE); + $suggestions = $this->xss_clean($this->Item->get_search_suggestions($this->input->post_get('term'), + array('search_custom' => FALSE, 'is_deleted' => FALSE), TRUE)); echo json_encode($suggestions); } @@ -128,9 +118,9 @@ class Items extends Secure_Controller /* Gives search suggestions based on what is being searched for */ - function suggest_category() + public function suggest_category() { - $suggestions = $this->Item->get_category_suggestions($this->input->get('term')); + $suggestions = $this->xss_clean($this->Item->get_category_suggestions($this->input->get('term'))); echo json_encode($suggestions); } @@ -138,9 +128,9 @@ class Items extends Secure_Controller /* Gives search suggestions based on what is being searched for */ - function suggest_location() + public function suggest_location() { - $suggestions = $this->Item->get_location_suggestions($this->input->get('term')); + $suggestions = $this->xss_clean($this->Item->get_location_suggestions($this->input->get('term'))); echo json_encode($suggestions); } @@ -148,33 +138,39 @@ class Items extends Secure_Controller /* Gives search suggestions based on what is being searched for */ - function suggest_custom() + public function suggest_custom() { - $suggestions = $this->Item->get_custom_suggestions($this->input->post('term'), $this->input->post('field_no')); + $suggestions = $this->xss_clean($this->Item->get_custom_suggestions($this->input->post('term'), $this->input->post('field_no'))); echo json_encode($suggestions); } - function get_row($item_ids) + public function get_row($item_ids) { $item_infos = $this->Item->get_multiple_info(explode(":", $item_ids), $this->item_lib->get_item_location()); + $result = array(); foreach($item_infos->result() as $item_info) { - $result[$item_info->item_id] = get_item_data_row($item_info,$this); + $result[$item_info->item_id] = $this->xss_clean(get_item_data_row($item_info, $this)); } + echo json_encode($result); } - function view($item_id=-1) + public function view($item_id = -1) { - $item_info = $this->Item->get_info($item_id); - - $data['item_tax_info'] = $this->Item_taxes->get_info($item_id); + $data['item_tax_info'] = $this->xss_clean($this->Item_taxes->get_info($item_id)); $data['default_tax_1_rate'] = ''; $data['default_tax_2_rate'] = ''; - if($item_id==-1) + $item_info = $this->Item->get_info($item_id); + foreach(get_object_vars($item_info) as $property => $value) + { + $item_info->$property = $this->xss_clean($value); + } + + if($item_id == -1) { $data['default_tax_1_rate'] = $this->Appconfig->get('default_tax_1_rate'); $data['default_tax_2_rate'] = $this->Appconfig->get('default_tax_2_rate'); @@ -184,11 +180,11 @@ class Items extends Secure_Controller } $data['item_info'] = $item_info; - - $suppliers = array(''=>$this->lang->line('items_none')); + + $suppliers = array('' => $this->lang->line('items_none')); foreach($this->Supplier->get_all()->result_array() as $row) { - $suppliers[$row['person_id']] = $row['company_name']; + $suppliers[$this->xss_clean($row['person_id'])] = $this->xss_clean($row['company_name']); } $data['suppliers'] = $suppliers; $data['selected_supplier'] = $item_info->supplier_id; @@ -197,64 +193,83 @@ class Items extends Secure_Controller $images = glob("uploads/item_pics/" . $item_info->pic_id . ".*"); $data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : ''; - $locations_data = $this->Stock_location->get_undeleted_all()->result_array(); - foreach($locations_data as $location) + $stock_locations = $this->Stock_location->get_undeleted_all()->result_array(); + foreach($stock_locations as $location) { - $quantity = $this->Item_quantity->get_item_quantity($item_id,$location['location_id'])->quantity; + $location = $this->xss_clean($location); + + $quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity); $quantity = ($item_id == -1) ? 0 : $quantity; - $location_array[$location['location_id']] = array('location_name'=>$location['location_name'], 'quantity'=>$quantity); + $location_array[$location['location_id']] = array('location_name' => $location['location_name'], 'quantity' => $quantity); $data['stock_locations'] = $location_array; } - $this->load->view("items/form", $data); + $this->load->view('items/form', $data); } - function inventory($item_id=-1) + public function inventory($item_id = -1) { - $data['item_info'] = $this->Item->get_info($item_id); - + $item_info = $this->Item->get_info($item_id); + foreach(get_object_vars($item_info) as $property => $value) + { + $item_info->$property = $this->xss_clean($value); + } + $data['item_info'] = $item_info; + $data['stock_locations'] = array(); $stock_locations = $this->Stock_location->get_undeleted_all()->result_array(); - foreach($stock_locations as $location_data) - { - $data['stock_locations'][$location_data['location_id']] = $location_data['location_name']; - $data['item_quantities'][$location_data['location_id']] = $this->Item_quantity->get_item_quantity($item_id,$location_data['location_id'])->quantity; - } - - $this->load->view("items/form_inventory", $data); + foreach($stock_locations as $location) + { + $location = $this->xss_clean($location); + $quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity); + + $data['stock_locations'][$location['location_id']] = $location['location_name']; + $data['item_quantities'][$location['location_id']] = $quantity; + } + + $this->load->view('items/form_inventory', $data); } - function count_details($item_id=-1) + public function count_details($item_id = -1) { - $data['item_info'] = $this->Item->get_info($item_id); - + $item_info = $this->Item->get_info($item_id); + foreach(get_object_vars($item_info) as $property => $value) + { + $item_info->$property = $this->xss_clean($value); + } + $data['item_info'] = $item_info; + $data['stock_locations'] = array(); $stock_locations = $this->Stock_location->get_undeleted_all()->result_array(); - foreach($stock_locations as $location_data) - { - $data['stock_locations'][$location_data['location_id']] = $location_data['location_name']; - $data['item_quantities'][$location_data['location_id']] = $this->Item_quantity->get_item_quantity($item_id,$location_data['location_id'])->quantity; - } - - $this->load->view("items/form_count_details", $data); + foreach($stock_locations as $location) + { + $location = $this->xss_clean($location); + $quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity); + + $data['stock_locations'][$location['location_id']] = $location['location_name']; + $data['item_quantities'][$location['location_id']] = $quantity; + } + + $this->load->view('items/form_count_details', $data); } - function generate_barcodes($item_ids) + public function generate_barcodes($item_ids) { $this->load->library('barcode_lib'); - $result = array(); $item_ids = explode(':', $item_ids); $result = $this->Item->get_multiple_info($item_ids, $this->item_lib->get_item_location())->result_array(); $config = $this->barcode_lib->get_barcode_config(); $data['barcode_config'] = $config; - + // check the list of items to see if any item_number field is empty foreach($result as &$item) { - // update the UPC/EAN/ISBN field if empty / null with the newly generated barcode - if (empty($item['item_number']) && $this->Appconfig->get('barcode_generate_if_empty')) + $item = $this->xss_clean($item); + + // update the UPC/EAN/ISBN field if empty / NULL with the newly generated barcode + if(empty($item['item_number']) && $this->Appconfig->get('barcode_generate_if_empty')) { // get the newly generated barcode $barcode_instance = Barcode_lib::barcode_instance($item, $config); @@ -273,66 +288,67 @@ class Items extends Secure_Controller $data['items'] = $result; // display barcodes - $this->load->view("barcodes/barcode_sheet", $data); + $this->load->view('barcodes/barcode_sheet', $data); } - function bulk_edit() + public function bulk_edit() { - $data = array(); $suppliers = array('' => $this->lang->line('items_none')); foreach($this->Supplier->get_all()->result_array() as $row) { + $row = $this->xss_clean($row); + $suppliers[$row['person_id']] = $row['company_name']; } $data['suppliers'] = $suppliers; $data['allow_alt_description_choices'] = array( - ''=>$this->lang->line('items_do_nothing'), - 1 =>$this->lang->line('items_change_all_to_allow_alt_desc'), - 0 =>$this->lang->line('items_change_all_to_not_allow_allow_desc')); + '' => $this->lang->line('items_do_nothing'), + 1 => $this->lang->line('items_change_all_to_allow_alt_desc'), + 0 => $this->lang->line('items_change_all_to_not_allow_allow_desc')); $data['serialization_choices'] = array( - ''=>$this->lang->line('items_do_nothing'), - 1 =>$this->lang->line('items_change_all_to_serialized'), - 0 =>$this->lang->line('items_change_all_to_unserialized')); + '' => $this->lang->line('items_do_nothing'), + 1 => $this->lang->line('items_change_all_to_serialized'), + 0 => $this->lang->line('items_change_all_to_unserialized')); - $this->load->view("items/form_bulk", $data); + $this->load->view('items/form_bulk', $data); } - function save($item_id=-1) + public function save($item_id = -1) { $upload_success = $this->_handle_image_upload(); $upload_data = $this->upload->data(); //Save item data $item_data = array( - 'name'=>$this->input->post('name'), - 'description'=>$this->input->post('description'), - 'category'=>$this->input->post('category'), - 'supplier_id'=>$this->input->post('supplier_id') == '' ? null : $this->input->post('supplier_id'), - 'item_number'=>$this->input->post('item_number') == '' ? null : $this->input->post('item_number'), - 'cost_price'=>$this->input->post('cost_price'), - 'unit_price'=>$this->input->post('unit_price'), - 'reorder_level'=>$this->input->post('reorder_level'), - 'receiving_quantity'=>$this->input->post('receiving_quantity'), - 'allow_alt_description'=>$this->input->post('allow_alt_description') != null, - 'is_serialized'=>$this->input->post('is_serialized') != null, - 'deleted'=>$this->input->post('is_deleted') != null, - 'custom1'=>$this->input->post('custom1') == null ? '' : $this->input->post('custom1'), - 'custom2'=>$this->input->post('custom2') == null ? '' : $this->input->post('custom2'), - 'custom3'=>$this->input->post('custom3') == null ? '' : $this->input->post('custom3'), - 'custom4'=>$this->input->post('custom4') == null ? '' : $this->input->post('custom4'), - 'custom5'=>$this->input->post('custom5') == null ? '' : $this->input->post('custom5'), - 'custom6'=>$this->input->post('custom6') == null ? '' : $this->input->post('custom6'), - 'custom7'=>$this->input->post('custom7') == null ? '' : $this->input->post('custom7'), - 'custom8'=>$this->input->post('custom8') == null ? '' : $this->input->post('custom8'), - 'custom9'=>$this->input->post('custom9') == null ? '' : $this->input->post('custom9'), - 'custom10'=>$this->input->post('custom10') == null ? '' : $this->input->post('custom10') + 'name' => $this->input->post('name'), + 'description' => $this->input->post('description'), + 'category' => $this->input->post('category'), + 'supplier_id' => $this->input->post('supplier_id') == '' ? NULL : $this->input->post('supplier_id'), + 'item_number' => $this->input->post('item_number') == '' ? NULL : $this->input->post('item_number'), + 'cost_price' => $this->input->post('cost_price'), + 'unit_price' => $this->input->post('unit_price'), + 'reorder_level' => $this->input->post('reorder_level'), + 'receiving_quantity' => $this->input->post('receiving_quantity'), + 'allow_alt_description' => $this->input->post('allow_alt_description') != NULL, + 'is_serialized' => $this->input->post('is_serialized') != NULL, + 'deleted' => $this->input->post('is_deleted') != NULL, + 'custom1' => $this->input->post('custom1') == NULL ? '' : $this->input->post('custom1'), + 'custom2' => $this->input->post('custom2') == NULL ? '' : $this->input->post('custom2'), + 'custom3' => $this->input->post('custom3') == NULL ? '' : $this->input->post('custom3'), + 'custom4' => $this->input->post('custom4') == NULL ? '' : $this->input->post('custom4'), + 'custom5' => $this->input->post('custom5') == NULL ? '' : $this->input->post('custom5'), + 'custom6' => $this->input->post('custom6') == NULL ? '' : $this->input->post('custom6'), + 'custom7' => $this->input->post('custom7') == NULL ? '' : $this->input->post('custom7'), + 'custom8' => $this->input->post('custom8') == NULL ? '' : $this->input->post('custom8'), + 'custom9' => $this->input->post('custom9') == NULL ? '' : $this->input->post('custom9'), + 'custom10' => $this->input->post('custom10') == NULL ? '' : $this->input->post('custom10') ); - if (!empty($upload_data['orig_name'])) + if(!empty($upload_data['orig_name'])) { // XSS file image sanity check - if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE) + if($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE) { $item_data['pic_id'] = $upload_data['raw_name']; } @@ -341,12 +357,12 @@ class Items extends Secure_Controller $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; $cur_item_info = $this->Item->get_info($item_id); - if($this->Item->save($item_data,$item_id)) + if($this->Item->save($item_data, $item_id)) { $success = TRUE; $new_item = FALSE; //New item - if ($item_id==-1) + if($item_id == -1) { $item_id = $item_data['item_id']; $new_item = TRUE; @@ -357,62 +373,63 @@ class Items extends Secure_Controller $tax_percents = $this->input->post('tax_percents'); for($k = 0; $k < count($tax_percents); $k++) { - if (is_numeric($tax_percents[$k])) + if(is_numeric($tax_percents[$k])) { - $items_taxes_data[] = array('name'=>$tax_names[$k], 'percent'=>$tax_percents[$k] ); + $items_taxes_data[] = array('name' => $tax_names[$k], 'percent' => $tax_percents[$k]); } } $success &= $this->Item_taxes->save($items_taxes_data, $item_id); //Save item quantity $stock_locations = $this->Stock_location->get_undeleted_all()->result_array(); - foreach($stock_locations as $location_data) + foreach($stock_locations as $location) { - $updated_quantity = $this->input->post('quantity_' . $location_data['location_id']); - $location_detail = array('item_id'=>$item_id, - 'location_id'=>$location_data['location_id'], - 'quantity'=>$updated_quantity); - $item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location_data['location_id']); - if ($item_quantity->quantity != $updated_quantity || $new_item) + $updated_quantity = $this->input->post('quantity_' . $location['location_id']); + $location_detail = array('item_id' => $item_id, + 'location_id' => $location['location_id'], + 'quantity' => $updated_quantity); + $item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location['location_id']); + if($item_quantity->quantity != $updated_quantity || $new_item) { - $success &= $this->Item_quantity->save($location_detail, $item_id, $location_data['location_id']); + $success &= $this->Item_quantity->save($location_detail, $item_id, $location['location_id']); $inv_data = array( - 'trans_date'=>date('Y-m-d H:i:s'), - 'trans_items'=>$item_id, - 'trans_user'=>$employee_id, - 'trans_location'=>$location_data['location_id'], - 'trans_comment'=>$this->lang->line('items_manually_editing_of_quantity'), - 'trans_inventory'=>$updated_quantity - $item_quantity->quantity + 'trans_date' => date('Y-m-d H:i:s'), + 'trans_items' => $item_id, + 'trans_user' => $employee_id, + 'trans_location' => $location['location_id'], + 'trans_comment' => $this->lang->line('items_manually_editing_of_quantity'), + 'trans_inventory' => $updated_quantity - $item_quantity->quantity ); $success &= $this->Inventory->insert($inv_data); } } + if($success && $upload_success) { - $success_message = $this->lang->line('items_successful_' . ($new_item ? 'adding' : 'updating')) .' '. $item_data['name']; + $message = $this->xss_clean($this->lang->line('items_successful_' . ($new_item ? 'adding' : 'updating')) . ' ' . $item_data['name']); - echo json_encode(array('success'=>true, 'message'=>$success_message, 'id'=>$item_id)); + echo json_encode(array('success' => TRUE, 'message' => $message, 'id' => $item_id)); } else { - $error_message = $upload_success ? - $this->lang->line('items_error_adding_updating') .' '. $item_data['name'] : - $this->upload->display_errors(); + $message = $this->xss_clean($upload_success ? $this->lang->line('items_error_adding_updating') . ' ' . $item_data['name'] : $this->upload->display_errors()); - echo json_encode(array('success'=>false, 'message'=>$error_message, 'id'=>$item_id)); + echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => $item_id)); } } else//failure { - echo json_encode(array('success'=>false, 'message'=>$this->lang->line('items_error_adding_updating').' '.$item_data['name'], 'id'=>-1)); + $message = $this->xss_clean($this->lang->line('items_error_adding_updating') . ' ' . $item_data['name']); + + echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => -1)); } } - function check_item_number() + public function check_item_number() { - $exists = $this->Item->item_number_exists($this->input->post('item_number'),$this->input->post('item_id')); + $exists = $this->Item->item_number_exists($this->input->post('item_number'), $this->input->post('item_id')); echo !$exists ? 'true' : 'false'; } @@ -424,11 +441,12 @@ class Items extends Secure_Controller // load upload library $config = array('upload_path' => './uploads/item_pics/', - 'allowed_types' => 'gif|jpg|png', - 'max_size' => '100', - 'max_width' => '640', - 'max_height' => '480', - 'file_name' => sizeof($map) + 1); + 'allowed_types' => 'gif|jpg|png', + 'max_size' => '100', + 'max_width' => '640', + 'max_height' => '480', + 'file_name' => sizeof($map) + 1 + ); $this->load->library('upload', $config); $this->upload->do_upload('item_image'); @@ -437,54 +455,56 @@ class Items extends Secure_Controller public function remove_logo($item_id) { - $item_data = array('pic_id' => null); + $item_data = array('pic_id' => NULL); $result = $this->Item->save($item_data, $item_id); echo json_encode(array('success' => $result)); } - function save_inventory($item_id=-1) + public function save_inventory($item_id = -1) { - $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; + $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; $cur_item_info = $this->Item->get_info($item_id); $location_id = $this->input->post('stock_location'); $inv_data = array( - 'trans_date'=>date('Y-m-d H:i:s'), - 'trans_items'=>$item_id, - 'trans_user'=>$employee_id, - 'trans_location'=>$location_id, - 'trans_comment'=>$this->input->post('trans_comment'), - 'trans_inventory'=>$this->input->post('newquantity') + 'trans_date' => date('Y-m-d H:i:s'), + 'trans_items' => $item_id, + 'trans_user' => $employee_id, + 'trans_location' => $location_id, + 'trans_comment' => $this->input->post('trans_comment'), + 'trans_inventory' => $this->input->post('newquantity') ); $this->Inventory->insert($inv_data); //Update stock quantity - $item_quantity= $this->Item_quantity->get_item_quantity($item_id,$location_id); + $item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location_id); $item_quantity_data = array( - 'item_id'=>$item_id, - 'location_id'=>$location_id, - 'quantity'=>$item_quantity->quantity + $this->input->post('newquantity') + 'item_id' => $item_id, + 'location_id' => $location_id, + 'quantity' => $item_quantity->quantity + $this->input->post('newquantity') ); - if($this->Item_quantity->save($item_quantity_data,$item_id,$location_id)) - { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_updating').' '. - $cur_item_info->name,'id'=>$item_id)); + if($this->Item_quantity->save($item_quantity_data, $item_id, $location_id)) + { + $message = $this->xss_clean($this->lang->line('items_successful_updating') . ' ' . $cur_item_info->name); + + echo json_encode(array('success' => TRUE, 'message' => $message, 'id' => $item_id)); } else//failure - { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_error_adding_updating').' '. - $cur_item_info->name,'id'=>-1)); + { + $message = $this->xss_clean($this->lang->line('items_error_adding_updating') . ' ' . $cur_item_info->name); + + echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => -1)); } } - function bulk_update() + public function bulk_update() { - $items_to_update=$this->input->post('item_ids'); + $items_to_update = $this->input->post('item_ids'); $item_data = array(); - foreach($_POST as $key=>$value) + foreach($_POST as $key => $value) { //This field is nullable, so treat it differently if($key == 'supplier_id' && $value != '') @@ -503,15 +523,15 @@ class Items extends Secure_Controller $items_taxes_data = array(); $tax_names = $this->input->post('tax_names'); $tax_percents = $this->input->post('tax_percents'); - $tax_updated = false; + $tax_updated = FALSE; for($k = 0; $k < count($tax_percents); $k++) { - if( !empty($tax_names[$k]) && is_numeric($tax_percents[$k])) + if(!empty($tax_names[$k]) && is_numeric($tax_percents[$k])) { - $tax_updated = true; + $tax_updated = TRUE; - $items_taxes_data[] = array('name'=>$tax_names[$k], 'percent'=>$tax_percents[$k]); + $items_taxes_data[] = array('name' => $tax_names[$k], 'percent' => $tax_percents[$k]); } } @@ -520,92 +540,91 @@ class Items extends Secure_Controller $this->Item_taxes->save_multiple($items_taxes_data, $items_to_update); } - echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_bulk_edit'), 'id'=>$items_to_update)); + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('items_successful_bulk_edit'), 'id' => $this->xss_clean($items_to_update))); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_error_updating_multiple'))); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_error_updating_multiple'))); } } - function delete() + public function delete() { $items_to_delete = $this->input->post('ids'); if($this->Item->delete_list($items_to_delete)) { - echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_deleted').' '. - count($items_to_delete).' '.$this->lang->line('items_one_or_multiple'))); + $message = $this->lang->line('items_successful_deleted') . ' ' . count($items_to_delete) . ' ' . $this->lang->line('items_one_or_multiple'); + echo json_encode(array('success' => TRUE, 'message' => $message)); } else { - echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_cannot_be_deleted'))); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_cannot_be_deleted'))); } } - function excel() + public function excel() { - $data = file_get_contents("import_items.csv"); $name = 'import_items.csv'; + $data = file_get_contents($name); force_download($name, $data); } - function excel_import() + public function excel_import() { - $this->load->view("items/form_excel_import", null); + $this->load->view('items/form_excel_import', NULL); } - function do_excel_import() + public function do_excel_import() { - $msg = 'do_excel_import'; + $message = 'do_excel_import'; $failCodes = array(); - if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) + if($_FILES['file_path']['error'] != UPLOAD_ERR_OK) { - $msg = $this->lang->line('items_excel_import_failed'); - echo json_encode( array('success'=>false, 'message'=>$msg) ); + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_excel_import_failed'))); return; } else { - if (($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE) + if(($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== FALSE) { // Skip the first row as it's the table description fgetcsv($handle); - $i=1; - while (($data = fgetcsv($handle)) !== FALSE) + $i = 1; + while(($data = fgetcsv($handle)) !== FALSE) { // XSS file data sanity check $data = $this->xss_clean($data); - if (sizeof($data) >= 23) + if(sizeof($data) >= 23) { $item_data = array( - 'name' => $data[1], - 'description' => $data[11], - 'category' => $data[2], - 'cost_price' => $data[4], - 'unit_price' => $data[5], - 'reorder_level' => $data[10], - 'supplier_id' => $this->Supplier->exists($data[3]) ? $data[3] : null, - 'allow_alt_description' => $data[12] != '' ? '1' : '0', - 'is_serialized' => $data[13] != '' ? '1' : '0', - 'custom1' => $data[14], - 'custom2' => $data[15], - 'custom3' => $data[16], - 'custom4' => $data[17], - 'custom5' => $data[18], - 'custom6' => $data[19], - 'custom7' => $data[20], - 'custom8' => $data[21], - 'custom9' => $data[22], - 'custom10' => $data[23] + 'name' => $data[1], + 'description' => $data[11], + 'category' => $data[2], + 'cost_price' => $data[4], + 'unit_price' => $data[5], + 'reorder_level' => $data[10], + 'supplier_id' => $this->Supplier->exists($data[3]) ? $data[3] : NULL, + 'allow_alt_description' => $data[12] != '' ? '1' : '0', + 'is_serialized' => $data[13] != '' ? '1' : '0', + 'custom1' => $data[14], + 'custom2' => $data[15], + 'custom3' => $data[16], + 'custom4' => $data[17], + 'custom5' => $data[18], + 'custom6' => $data[19], + 'custom7' => $data[20], + 'custom8' => $data[21], + 'custom9' => $data[22], + 'custom10' => $data[23] ); $item_number = $data[0]; - $invalidated = false; - if ($item_number != "") + $invalidated = FALSE; + if($item_number != '') { $item_data['item_number'] = $item_number; $invalidated = $this->Item->item_number_exists($item_number); @@ -613,22 +632,22 @@ class Items extends Secure_Controller } else { - $invalidated = true; + $invalidated = TRUE; } if(!$invalidated && $this->Item->save($item_data)) { - $items_taxes_data = null; + $items_taxes_data = NULL; //tax 1 - if( is_numeric($data[7]) && $data[6]!='' ) + if(is_numeric($data[7]) && $data[6] != '') { - $items_taxes_data[] = array('name'=>$data[6], 'percent'=>$data[7] ); + $items_taxes_data[] = array('name' => $data[6], 'percent' => $data[7] ); } //tax 2 - if( is_numeric($data[9]) && $data[8]!='' ) + if(is_numeric($data[9]) && $data[8] != '') { - $items_taxes_data[] = array('name'=>$data[8], 'percent'=>$data[9] ); + $items_taxes_data[] = array('name' => $data[8], 'percent' => $data[9] ); } // save tax values @@ -638,20 +657,20 @@ class Items extends Secure_Controller } // quantities & inventory Info - $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; - $emp_info=$this->Employee->get_info($employee_id); + $employee_id = $this->Employee->get_logged_in_employee_info()->person_id; + $emp_info = $this->Employee->get_info($employee_id); $comment ='Qty CSV Imported'; $cols = count($data); // array to store information if location got a quantity $allowed_locations = $this->Stock_location->get_allowed_locations(); - for ($col = 24; $col < $cols; $col = $col + 2) + for($col = 24; $col < $cols; $col = $col + 2) { $location_id = $data[$col]; - if (array_key_exists($location_id, $allowed_locations)) + if(array_key_exists($location_id, $allowed_locations)) { - $item_quantity_data = array ( + $item_quantity_data = array( 'item_id' => $item_data['item_id'], 'location_id' => $location_id, 'quantity' => $data[$col + 1], @@ -659,11 +678,11 @@ class Items extends Secure_Controller $this->Item_quantity->save($item_quantity_data, $item_data['item_id'], $location_id); $excel_data = array( - 'trans_items'=>$item_data['item_id'], - 'trans_user'=>$employee_id, - 'trans_comment'=>$comment, - 'trans_location'=>$data[$col], - 'trans_inventory'=>$data[$col + 1] + 'trans_items' => $item_data['item_id'], + 'trans_user' => $employee_id, + 'trans_comment' => $comment, + 'trans_location' => $data[$col], + 'trans_inventory' => $data[$col + 1] ); $this->Inventory->insert($excel_data); @@ -686,11 +705,11 @@ class Items extends Secure_Controller $this->Item_quantity->save($item_quantity_data, $item_data['item_id'], $data[$col]); $excel_data = array( - 'trans_items'=>$item_data['item_id'], - 'trans_user'=>$employee_id, - 'trans_comment'=>$comment, - 'trans_location'=>$location_id, - 'trans_inventory'=>0 + 'trans_items' => $item_data['item_id'], + 'trans_user' => $employee_id, + 'trans_comment' => $comment, + 'trans_location' => $location_id, + 'trans_inventory' => 0 ); $this->Inventory->insert($excel_data); @@ -706,24 +725,24 @@ class Items extends Secure_Controller } else { - echo json_encode( array('success'=>false, 'message'=>'Your uploaded file has no data or wrong format') ); + echo json_encode(array('success' => FALSE, 'message' => 'Your uploaded file has no data or wrong format')); return; } } - $success = true; + $success = TRUE; if(count($failCodes) > 0) { - $msg = "Most items imported. But some were not, here is list of their CODE (" . count($failCodes) ."): ". implode(", ", $failCodes); - $success = false; + $message = 'Most items imported. But some were not, here is list of their codes (' . count($failCodes) . '): ' . implode(', ', $failCodes); + $success = FALSE; } else { - $msg = "Import of Items successful"; + $message = 'Import of Items successful'; } - echo json_encode( array('success'=>$success, 'message'=>$msg) ); + echo json_encode(array('success' => $success, 'message' => $message)); } } ?>