mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-02-18 14:48:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

XSS clean Items (#39)

Browse Source
This commit is contained in:
FrancescoUK
2016-06-08 21:56:36 +01:00
parent a41a39aa0b
commit 5129ebec0c
1 changed files with 257 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

495
application/controllers/Items.php
View File

@@ -4,17 +4,19 @@ require_once("Secure_Controller.php");
class Items extends Secure_Controller
{
function __construct()
public function __construct()
{
parent::__construct('items');
$this->load->library('item_lib');
}
function index()
public function index()
{
$stock_location = $this->item_lib->get_item_location();
$stock_locations = $this->Stock_location->get_allowed_locations();
$data['table_headers'] = $this->xss_clean(get_items_manage_table_headers());
$data['stock_location'] = $this->xss_clean($this->item_lib->get_item_location());
$data['stock_locations'] = $this->xss_clean($this->Stock_location->get_allowed_locations());
// filters that will be loaded in the multiselect dropdown
$data['filters'] = array('empty_upc' => $this->lang->line('items_empty_upc_items'),
@@ -24,18 +26,13 @@ class Items extends Secure_Controller
'search_custom' => $this->lang->line('items_search_custom_items'),
'is_deleted' => $this->lang->line('items_is_deleted'));
$data['stock_location'] = $stock_location;
$data['stock_locations'] = $stock_locations;
$data['table_headers'] = get_items_manage_table_headers();
$this->load->view('items/manage', $data);
}
/*
Returns Items table data rows. This will be called with AJAX.
*/
function search()
public function search()
{
$search = $this->input->get('search');
$limit = $this->input->get('limit');
@@ -56,32 +53,33 @@ class Items extends Secure_Controller
'is_deleted' => FALSE);
// check if any filter is set in the multiselect dropdown
$filledup = array_fill_keys($this->input->get('filters'), true);
$filledup = array_fill_keys($this->input->get('filters'), TRUE);
$filters = array_merge($filters, $filledup);
$items = $this->Item->search($search, $filters, $limit, $offset, $sort, $order);
$total_rows = $this->Item->get_found_rows($search, $filters);
$total_rows = $this->xss_clean($this->Item->get_found_rows($search, $filters));
$data_rows = array();
foreach($items->result() as $item)
{
$data_rows[] = get_item_data_row($item, $this);
$data_rows[] = $this->xss_clean(get_item_data_row($item, $this));
}
echo json_encode(array('total' => $total_rows, 'rows' => $data_rows));
}
function pic_thumb($pic_id)
public function pic_thumb($pic_id)
{
$this->load->helper('file');
$this->load->library('image_lib');
$base_path = "uploads/item_pics/" . $pic_id ;
$images = glob ($base_path. "*");
if (sizeof($images) > 0)
if(sizeof($images) > 0)
{
$image_path = $images[0];
$ext = pathinfo($image_path, PATHINFO_EXTENSION);
$thumb_path = $base_path . $this->image_lib->thumb_marker.'.'.$ext;
if (sizeof($images) < 2)
$thumb_path = $base_path . $this->image_lib->thumb_marker . '.' . $ext;
if(sizeof($images) < 2)
{
$config['image_library'] = 'gd2';
$config['source_image'] = $image_path;
@@ -101,26 +99,18 @@ class Items extends Secure_Controller
/*
Gives search suggestions based on what is being searched for
*/
function suggest_search()
public function suggest_search()
{
$suggestions = $this->Item->get_search_suggestions($this->input->post_get('term'),
array(
'search_custom' => $this->input->post('search_custom'),
'is_deleted' => $this->input->post('is_deleted') != null
),
FALSE);
$suggestions = $this->xss_clean($this->Item->get_search_suggestions($this->input->post_get('term'),
array('search_custom' => $this->input->post('search_custom'), 'is_deleted' => $this->input->post('is_deleted') != NULL), FALSE));
echo json_encode($suggestions);
}
function suggest()
public function suggest()
{
$suggestions = $this->Item->get_search_suggestions($this->input->post_get('term'),
array(
'search_custom' => FALSE,
'is_deleted' => FALSE
),
TRUE);
$suggestions = $this->xss_clean($this->Item->get_search_suggestions($this->input->post_get('term'),
array('search_custom' => FALSE, 'is_deleted' => FALSE), TRUE));
echo json_encode($suggestions);
}
@@ -128,9 +118,9 @@ class Items extends Secure_Controller
/*
Gives search suggestions based on what is being searched for
*/
function suggest_category()
public function suggest_category()
{
$suggestions = $this->Item->get_category_suggestions($this->input->get('term'));
$suggestions = $this->xss_clean($this->Item->get_category_suggestions($this->input->get('term')));
echo json_encode($suggestions);
}
@@ -138,9 +128,9 @@ class Items extends Secure_Controller
/*
Gives search suggestions based on what is being searched for
*/
function suggest_location()
public function suggest_location()
{
$suggestions = $this->Item->get_location_suggestions($this->input->get('term'));
$suggestions = $this->xss_clean($this->Item->get_location_suggestions($this->input->get('term')));
echo json_encode($suggestions);
}
@@ -148,33 +138,39 @@ class Items extends Secure_Controller
/*
Gives search suggestions based on what is being searched for
*/
function suggest_custom()
public function suggest_custom()
{
$suggestions = $this->Item->get_custom_suggestions($this->input->post('term'), $this->input->post('field_no'));
$suggestions = $this->xss_clean($this->Item->get_custom_suggestions($this->input->post('term'), $this->input->post('field_no')));
echo json_encode($suggestions);
}
function get_row($item_ids)
public function get_row($item_ids)
{
$item_infos = $this->Item->get_multiple_info(explode(":", $item_ids), $this->item_lib->get_item_location());
$result = array();
foreach($item_infos->result() as $item_info)
{
$result[$item_info->item_id] = get_item_data_row($item_info,$this);
$result[$item_info->item_id] = $this->xss_clean(get_item_data_row($item_info, $this));
}
echo json_encode($result);
}
function view($item_id=-1)
public function view($item_id = -1)
{
$item_info = $this->Item->get_info($item_id);
$data['item_tax_info'] = $this->Item_taxes->get_info($item_id);
$data['item_tax_info'] = $this->xss_clean($this->Item_taxes->get_info($item_id));
$data['default_tax_1_rate'] = '';
$data['default_tax_2_rate'] = '';
if($item_id==-1)
$item_info = $this->Item->get_info($item_id);
foreach(get_object_vars($item_info) as $property => $value)
{
$item_info->$property = $this->xss_clean($value);
}
if($item_id == -1)
{
$data['default_tax_1_rate'] = $this->Appconfig->get('default_tax_1_rate');
$data['default_tax_2_rate'] = $this->Appconfig->get('default_tax_2_rate');
@@ -184,11 +180,11 @@ class Items extends Secure_Controller
}
$data['item_info'] = $item_info;
$suppliers = array(''=>$this->lang->line('items_none'));
$suppliers = array('' => $this->lang->line('items_none'));
foreach($this->Supplier->get_all()->result_array() as $row)
{
$suppliers[$row['person_id']] = $row['company_name'];
$suppliers[$this->xss_clean($row['person_id'])] = $this->xss_clean($row['company_name']);
}
$data['suppliers'] = $suppliers;
$data['selected_supplier'] = $item_info->supplier_id;
@@ -197,64 +193,83 @@ class Items extends Secure_Controller
$images = glob("uploads/item_pics/" . $item_info->pic_id . ".*");
$data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : '';
$locations_data = $this->Stock_location->get_undeleted_all()->result_array();
foreach($locations_data as $location)
$stock_locations = $this->Stock_location->get_undeleted_all()->result_array();
foreach($stock_locations as $location)
{
$quantity = $this->Item_quantity->get_item_quantity($item_id,$location['location_id'])->quantity;
$location = $this->xss_clean($location);
$quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity);
$quantity = ($item_id == -1) ? 0 : $quantity;
$location_array[$location['location_id']] = array('location_name'=>$location['location_name'], 'quantity'=>$quantity);
$location_array[$location['location_id']] = array('location_name' => $location['location_name'], 'quantity' => $quantity);
$data['stock_locations'] = $location_array;
}
$this->load->view("items/form", $data);
$this->load->view('items/form', $data);
}
function inventory($item_id=-1)
public function inventory($item_id = -1)
{
$data['item_info'] = $this->Item->get_info($item_id);
$item_info = $this->Item->get_info($item_id);
foreach(get_object_vars($item_info) as $property => $value)
{
$item_info->$property = $this->xss_clean($value);
}
$data['item_info'] = $item_info;
$data['stock_locations'] = array();
$stock_locations = $this->Stock_location->get_undeleted_all()->result_array();
foreach($stock_locations as $location_data)
{
$data['stock_locations'][$location_data['location_id']] = $location_data['location_name'];
$data['item_quantities'][$location_data['location_id']] = $this->Item_quantity->get_item_quantity($item_id,$location_data['location_id'])->quantity;
}
$this->load->view("items/form_inventory", $data);
foreach($stock_locations as $location)
{
$location = $this->xss_clean($location);
$quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity);
$data['stock_locations'][$location['location_id']] = $location['location_name'];
$data['item_quantities'][$location['location_id']] = $quantity;
}
$this->load->view('items/form_inventory', $data);
}
function count_details($item_id=-1)
public function count_details($item_id = -1)
{
$data['item_info'] = $this->Item->get_info($item_id);
$item_info = $this->Item->get_info($item_id);
foreach(get_object_vars($item_info) as $property => $value)
{
$item_info->$property = $this->xss_clean($value);
}
$data['item_info'] = $item_info;
$data['stock_locations'] = array();
$stock_locations = $this->Stock_location->get_undeleted_all()->result_array();
foreach($stock_locations as $location_data)
{
$data['stock_locations'][$location_data['location_id']] = $location_data['location_name'];
$data['item_quantities'][$location_data['location_id']] = $this->Item_quantity->get_item_quantity($item_id,$location_data['location_id'])->quantity;
}
$this->load->view("items/form_count_details", $data);
foreach($stock_locations as $location)
{
$location = $this->xss_clean($location);
$quantity = $this->xss_clean($this->Item_quantity->get_item_quantity($item_id, $location['location_id'])->quantity);
$data['stock_locations'][$location['location_id']] = $location['location_name'];
$data['item_quantities'][$location['location_id']] = $quantity;
}
$this->load->view('items/form_count_details', $data);
}
function generate_barcodes($item_ids)
public function generate_barcodes($item_ids)
{
$this->load->library('barcode_lib');
$result = array();
$item_ids = explode(':', $item_ids);
$result = $this->Item->get_multiple_info($item_ids, $this->item_lib->get_item_location())->result_array();
$config = $this->barcode_lib->get_barcode_config();
$data['barcode_config'] = $config;
// check the list of items to see if any item_number field is empty
foreach($result as &$item)
{
// update the UPC/EAN/ISBN field if empty / null with the newly generated barcode
if (empty($item['item_number']) && $this->Appconfig->get('barcode_generate_if_empty'))
$item = $this->xss_clean($item);
// update the UPC/EAN/ISBN field if empty / NULL with the newly generated barcode
if(empty($item['item_number']) && $this->Appconfig->get('barcode_generate_if_empty'))
{
// get the newly generated barcode
$barcode_instance = Barcode_lib::barcode_instance($item, $config);
@@ -273,66 +288,67 @@ class Items extends Secure_Controller
$data['items'] = $result;
// display barcodes
$this->load->view("barcodes/barcode_sheet", $data);
$this->load->view('barcodes/barcode_sheet', $data);
}
function bulk_edit()
public function bulk_edit()
{
$data = array();
$suppliers = array('' => $this->lang->line('items_none'));
foreach($this->Supplier->get_all()->result_array() as $row)
{
$row = $this->xss_clean($row);
$suppliers[$row['person_id']] = $row['company_name'];
}
$data['suppliers'] = $suppliers;
$data['allow_alt_description_choices'] = array(
''=>$this->lang->line('items_do_nothing'),
1 =>$this->lang->line('items_change_all_to_allow_alt_desc'),
0 =>$this->lang->line('items_change_all_to_not_allow_allow_desc'));
'' => $this->lang->line('items_do_nothing'),
1 => $this->lang->line('items_change_all_to_allow_alt_desc'),
0 => $this->lang->line('items_change_all_to_not_allow_allow_desc'));
$data['serialization_choices'] = array(
''=>$this->lang->line('items_do_nothing'),
1 =>$this->lang->line('items_change_all_to_serialized'),
0 =>$this->lang->line('items_change_all_to_unserialized'));
'' => $this->lang->line('items_do_nothing'),
1 => $this->lang->line('items_change_all_to_serialized'),
0 => $this->lang->line('items_change_all_to_unserialized'));
$this->load->view("items/form_bulk", $data);
$this->load->view('items/form_bulk', $data);
}
function save($item_id=-1)
public function save($item_id = -1)
{
$upload_success = $this->_handle_image_upload();
$upload_data = $this->upload->data();
//Save item data
$item_data = array(
'name'=>$this->input->post('name'),
'description'=>$this->input->post('description'),
'category'=>$this->input->post('category'),
'supplier_id'=>$this->input->post('supplier_id') == '' ? null : $this->input->post('supplier_id'),
'item_number'=>$this->input->post('item_number') == '' ? null : $this->input->post('item_number'),
'cost_price'=>$this->input->post('cost_price'),
'unit_price'=>$this->input->post('unit_price'),
'reorder_level'=>$this->input->post('reorder_level'),
'receiving_quantity'=>$this->input->post('receiving_quantity'),
'allow_alt_description'=>$this->input->post('allow_alt_description') != null,
'is_serialized'=>$this->input->post('is_serialized') != null,
'deleted'=>$this->input->post('is_deleted') != null,
'custom1'=>$this->input->post('custom1') == null ? '' : $this->input->post('custom1'),
'custom2'=>$this->input->post('custom2') == null ? '' : $this->input->post('custom2'),
'custom3'=>$this->input->post('custom3') == null ? '' : $this->input->post('custom3'),
'custom4'=>$this->input->post('custom4') == null ? '' : $this->input->post('custom4'),
'custom5'=>$this->input->post('custom5') == null ? '' : $this->input->post('custom5'),
'custom6'=>$this->input->post('custom6') == null ? '' : $this->input->post('custom6'),
'custom7'=>$this->input->post('custom7') == null ? '' : $this->input->post('custom7'),
'custom8'=>$this->input->post('custom8') == null ? '' : $this->input->post('custom8'),
'custom9'=>$this->input->post('custom9') == null ? '' : $this->input->post('custom9'),
'custom10'=>$this->input->post('custom10') == null ? '' : $this->input->post('custom10')
'name' => $this->input->post('name'),
'description' => $this->input->post('description'),
'category' => $this->input->post('category'),
'supplier_id' => $this->input->post('supplier_id') == '' ? NULL : $this->input->post('supplier_id'),
'item_number' => $this->input->post('item_number') == '' ? NULL : $this->input->post('item_number'),
'cost_price' => $this->input->post('cost_price'),
'unit_price' => $this->input->post('unit_price'),
'reorder_level' => $this->input->post('reorder_level'),
'receiving_quantity' => $this->input->post('receiving_quantity'),
'allow_alt_description' => $this->input->post('allow_alt_description') != NULL,
'is_serialized' => $this->input->post('is_serialized') != NULL,
'deleted' => $this->input->post('is_deleted') != NULL,
'custom1' => $this->input->post('custom1') == NULL ? '' : $this->input->post('custom1'),
'custom2' => $this->input->post('custom2') == NULL ? '' : $this->input->post('custom2'),
'custom3' => $this->input->post('custom3') == NULL ? '' : $this->input->post('custom3'),
'custom4' => $this->input->post('custom4') == NULL ? '' : $this->input->post('custom4'),
'custom5' => $this->input->post('custom5') == NULL ? '' : $this->input->post('custom5'),
'custom6' => $this->input->post('custom6') == NULL ? '' : $this->input->post('custom6'),
'custom7' => $this->input->post('custom7') == NULL ? '' : $this->input->post('custom7'),
'custom8' => $this->input->post('custom8') == NULL ? '' : $this->input->post('custom8'),
'custom9' => $this->input->post('custom9') == NULL ? '' : $this->input->post('custom9'),
'custom10' => $this->input->post('custom10') == NULL ? '' : $this->input->post('custom10')
);
if (!empty($upload_data['orig_name']))
if(!empty($upload_data['orig_name']))
{
// XSS file image sanity check
if ($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
if($this->xss_clean($upload_data['raw_name'], TRUE) === TRUE)
{
$item_data['pic_id'] = $upload_data['raw_name'];
}
@@ -341,12 +357,12 @@ class Items extends Secure_Controller
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
$cur_item_info = $this->Item->get_info($item_id);
if($this->Item->save($item_data,$item_id))
if($this->Item->save($item_data, $item_id))
{
$success = TRUE;
$new_item = FALSE;
//New item
if ($item_id==-1)
if($item_id == -1)
{
$item_id = $item_data['item_id'];
$new_item = TRUE;
@@ -357,62 +373,63 @@ class Items extends Secure_Controller
$tax_percents = $this->input->post('tax_percents');
for($k = 0; $k < count($tax_percents); $k++)
{
if (is_numeric($tax_percents[$k]))
if(is_numeric($tax_percents[$k]))
{
$items_taxes_data[] = array('name'=>$tax_names[$k], 'percent'=>$tax_percents[$k] );
$items_taxes_data[] = array('name' => $tax_names[$k], 'percent' => $tax_percents[$k]);
}
}
$success &= $this->Item_taxes->save($items_taxes_data, $item_id);
//Save item quantity
$stock_locations = $this->Stock_location->get_undeleted_all()->result_array();
foreach($stock_locations as $location_data)
foreach($stock_locations as $location)
{
$updated_quantity = $this->input->post('quantity_' . $location_data['location_id']);
$location_detail = array('item_id'=>$item_id,
'location_id'=>$location_data['location_id'],
'quantity'=>$updated_quantity);
$item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location_data['location_id']);
if ($item_quantity->quantity != $updated_quantity || $new_item)
$updated_quantity = $this->input->post('quantity_' . $location['location_id']);
$location_detail = array('item_id' => $item_id,
'location_id' => $location['location_id'],
'quantity' => $updated_quantity);
$item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location['location_id']);
if($item_quantity->quantity != $updated_quantity || $new_item)
{
$success &= $this->Item_quantity->save($location_detail, $item_id, $location_data['location_id']);
$success &= $this->Item_quantity->save($location_detail, $item_id, $location['location_id']);
$inv_data = array(
'trans_date'=>date('Y-m-d H:i:s'),
'trans_items'=>$item_id,
'trans_user'=>$employee_id,
'trans_location'=>$location_data['location_id'],
'trans_comment'=>$this->lang->line('items_manually_editing_of_quantity'),
'trans_inventory'=>$updated_quantity - $item_quantity->quantity
'trans_date' => date('Y-m-d H:i:s'),
'trans_items' => $item_id,
'trans_user' => $employee_id,
'trans_location' => $location['location_id'],
'trans_comment' => $this->lang->line('items_manually_editing_of_quantity'),
'trans_inventory' => $updated_quantity - $item_quantity->quantity
);
$success &= $this->Inventory->insert($inv_data);
}
}
if($success && $upload_success)
{
$success_message = $this->lang->line('items_successful_' . ($new_item ? 'adding' : 'updating')) .' '. $item_data['name'];
$message = $this->xss_clean($this->lang->line('items_successful_' . ($new_item ? 'adding' : 'updating')) . ' ' . $item_data['name']);
echo json_encode(array('success'=>true, 'message'=>$success_message, 'id'=>$item_id));
echo json_encode(array('success' => TRUE, 'message' => $message, 'id' => $item_id));
}
else
{
$error_message = $upload_success ?
$this->lang->line('items_error_adding_updating') .' '. $item_data['name'] :
$this->upload->display_errors();
$message = $this->xss_clean($upload_success ? $this->lang->line('items_error_adding_updating') . ' ' . $item_data['name'] : $this->upload->display_errors());
echo json_encode(array('success'=>false, 'message'=>$error_message, 'id'=>$item_id));
echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => $item_id));
}
}
else//failure
{
echo json_encode(array('success'=>false, 'message'=>$this->lang->line('items_error_adding_updating').' '.$item_data['name'], 'id'=>-1));
$message = $this->xss_clean($this->lang->line('items_error_adding_updating') . ' ' . $item_data['name']);
echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => -1));
}
}
function check_item_number()
public function check_item_number()
{
$exists = $this->Item->item_number_exists($this->input->post('item_number'),$this->input->post('item_id'));
$exists = $this->Item->item_number_exists($this->input->post('item_number'), $this->input->post('item_id'));
echo !$exists ? 'true' : 'false';
}
@@ -424,11 +441,12 @@ class Items extends Secure_Controller
// load upload library
$config = array('upload_path' => './uploads/item_pics/',
'allowed_types' => 'gif|jpg|png',
'max_size' => '100',
'max_width' => '640',
'max_height' => '480',
'file_name' => sizeof($map) + 1);
'allowed_types' => 'gif|jpg|png',
'max_size' => '100',
'max_width' => '640',
'max_height' => '480',
'file_name' => sizeof($map) + 1
);
$this->load->library('upload', $config);
$this->upload->do_upload('item_image');
@@ -437,54 +455,56 @@ class Items extends Secure_Controller
public function remove_logo($item_id)
{
$item_data = array('pic_id' => null);
$item_data = array('pic_id' => NULL);
$result = $this->Item->save($item_data, $item_id);
echo json_encode(array('success' => $result));
}
function save_inventory($item_id=-1)
public function save_inventory($item_id = -1)
{
$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
$cur_item_info = $this->Item->get_info($item_id);
$location_id = $this->input->post('stock_location');
$inv_data = array(
'trans_date'=>date('Y-m-d H:i:s'),
'trans_items'=>$item_id,
'trans_user'=>$employee_id,
'trans_location'=>$location_id,
'trans_comment'=>$this->input->post('trans_comment'),
'trans_inventory'=>$this->input->post('newquantity')
'trans_date' => date('Y-m-d H:i:s'),
'trans_items' => $item_id,
'trans_user' => $employee_id,
'trans_location' => $location_id,
'trans_comment' => $this->input->post('trans_comment'),
'trans_inventory' => $this->input->post('newquantity')
);
$this->Inventory->insert($inv_data);
//Update stock quantity
$item_quantity= $this->Item_quantity->get_item_quantity($item_id,$location_id);
$item_quantity = $this->Item_quantity->get_item_quantity($item_id, $location_id);
$item_quantity_data = array(
'item_id'=>$item_id,
'location_id'=>$location_id,
'quantity'=>$item_quantity->quantity + $this->input->post('newquantity')
'item_id' => $item_id,
'location_id' => $location_id,
'quantity' => $item_quantity->quantity + $this->input->post('newquantity')
);
if($this->Item_quantity->save($item_quantity_data,$item_id,$location_id))
{
echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_updating').' '.
$cur_item_info->name,'id'=>$item_id));
if($this->Item_quantity->save($item_quantity_data, $item_id, $location_id))
{
$message = $this->xss_clean($this->lang->line('items_successful_updating') . ' ' . $cur_item_info->name);
echo json_encode(array('success' => TRUE, 'message' => $message, 'id' => $item_id));
}
else//failure
{
echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_error_adding_updating').' '.
$cur_item_info->name,'id'=>-1));
{
$message = $this->xss_clean($this->lang->line('items_error_adding_updating') . ' ' . $cur_item_info->name);
echo json_encode(array('success' => FALSE, 'message' => $message, 'id' => -1));
}
}
function bulk_update()
public function bulk_update()
{
$items_to_update=$this->input->post('item_ids');
$items_to_update = $this->input->post('item_ids');
$item_data = array();
foreach($_POST as $key=>$value)
foreach($_POST as $key => $value)
{
//This field is nullable, so treat it differently
if($key == 'supplier_id' && $value != '')
@@ -503,15 +523,15 @@ class Items extends Secure_Controller
$items_taxes_data = array();
$tax_names = $this->input->post('tax_names');
$tax_percents = $this->input->post('tax_percents');
$tax_updated = false;
$tax_updated = FALSE;
for($k = 0; $k < count($tax_percents); $k++)
{
if( !empty($tax_names[$k]) && is_numeric($tax_percents[$k]))
if(!empty($tax_names[$k]) && is_numeric($tax_percents[$k]))
{
$tax_updated = true;
$tax_updated = TRUE;
$items_taxes_data[] = array('name'=>$tax_names[$k], 'percent'=>$tax_percents[$k]);
$items_taxes_data[] = array('name' => $tax_names[$k], 'percent' => $tax_percents[$k]);
}
}
@@ -520,92 +540,91 @@ class Items extends Secure_Controller
$this->Item_taxes->save_multiple($items_taxes_data, $items_to_update);
}
echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_bulk_edit'), 'id'=>$items_to_update));
echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('items_successful_bulk_edit'), 'id' => $this->xss_clean($items_to_update)));
}
else
{
echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_error_updating_multiple')));
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_error_updating_multiple')));
}
}
function delete()
public function delete()
{
$items_to_delete = $this->input->post('ids');
if($this->Item->delete_list($items_to_delete))
{
echo json_encode(array('success'=>true,'message'=>$this->lang->line('items_successful_deleted').' '.
count($items_to_delete).' '.$this->lang->line('items_one_or_multiple')));
$message = $this->lang->line('items_successful_deleted') . ' ' . count($items_to_delete) . ' ' . $this->lang->line('items_one_or_multiple');
echo json_encode(array('success' => TRUE, 'message' => $message));
}
else
{
echo json_encode(array('success'=>false,'message'=>$this->lang->line('items_cannot_be_deleted')));
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_cannot_be_deleted')));
}
}
function excel()
public function excel()
{
$data = file_get_contents("import_items.csv");
$name = 'import_items.csv';
$data = file_get_contents($name);
force_download($name, $data);
}
function excel_import()
public function excel_import()
{
$this->load->view("items/form_excel_import", null);
$this->load->view('items/form_excel_import', NULL);
}
function do_excel_import()
public function do_excel_import()
{
$msg = 'do_excel_import';
$message = 'do_excel_import';
$failCodes = array();
if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK)
if($_FILES['file_path']['error'] != UPLOAD_ERR_OK)
{
$msg = $this->lang->line('items_excel_import_failed');
echo json_encode( array('success'=>false, 'message'=>$msg) );
echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('items_excel_import_failed')));
return;
}
else
{
if (($handle = fopen($_FILES['file_path']['tmp_name'], "r")) !== FALSE)
if(($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== FALSE)
{
// Skip the first row as it's the table description
fgetcsv($handle);
$i=1;
while (($data = fgetcsv($handle)) !== FALSE)
$i = 1;
while(($data = fgetcsv($handle)) !== FALSE)
{
// XSS file data sanity check
$data = $this->xss_clean($data);
if (sizeof($data) >= 23)
if(sizeof($data) >= 23)
{
$item_data = array(
'name' => $data[1],
'description' => $data[11],
'category' => $data[2],
'cost_price' => $data[4],
'unit_price' => $data[5],
'reorder_level' => $data[10],
'supplier_id' => $this->Supplier->exists($data[3]) ? $data[3] : null,
'allow_alt_description' => $data[12] != '' ? '1' : '0',
'is_serialized' => $data[13] != '' ? '1' : '0',
'custom1' => $data[14],
'custom2' => $data[15],
'custom3' => $data[16],
'custom4' => $data[17],
'custom5' => $data[18],
'custom6' => $data[19],
'custom7' => $data[20],
'custom8' => $data[21],
'custom9' => $data[22],
'custom10' => $data[23]
'name' => $data[1],
'description' => $data[11],
'category' => $data[2],
'cost_price' => $data[4],
'unit_price' => $data[5],
'reorder_level' => $data[10],
'supplier_id' => $this->Supplier->exists($data[3]) ? $data[3] : NULL,
'allow_alt_description' => $data[12] != '' ? '1' : '0',
'is_serialized' => $data[13] != '' ? '1' : '0',
'custom1' => $data[14],
'custom2' => $data[15],
'custom3' => $data[16],
'custom4' => $data[17],
'custom5' => $data[18],
'custom6' => $data[19],
'custom7' => $data[20],
'custom8' => $data[21],
'custom9' => $data[22],
'custom10' => $data[23]
);
$item_number = $data[0];
$invalidated = false;
if ($item_number != "")
$invalidated = FALSE;
if($item_number != '')
{
$item_data['item_number'] = $item_number;
$invalidated = $this->Item->item_number_exists($item_number);
@@ -613,22 +632,22 @@ class Items extends Secure_Controller
}
else
{
$invalidated = true;
$invalidated = TRUE;
}
if(!$invalidated && $this->Item->save($item_data))
{
$items_taxes_data = null;
$items_taxes_data = NULL;
//tax 1
if( is_numeric($data[7]) && $data[6]!='' )
if(is_numeric($data[7]) && $data[6] != '')
{
$items_taxes_data[] = array('name'=>$data[6], 'percent'=>$data[7] );
$items_taxes_data[] = array('name' => $data[6], 'percent' => $data[7] );
}
//tax 2
if( is_numeric($data[9]) && $data[8]!='' )
if(is_numeric($data[9]) && $data[8] != '')
{
$items_taxes_data[] = array('name'=>$data[8], 'percent'=>$data[9] );
$items_taxes_data[] = array('name' => $data[8], 'percent' => $data[9] );
}
// save tax values
@@ -638,20 +657,20 @@ class Items extends Secure_Controller
}
// quantities & inventory Info
$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
$emp_info=$this->Employee->get_info($employee_id);
$employee_id = $this->Employee->get_logged_in_employee_info()->person_id;
$emp_info = $this->Employee->get_info($employee_id);
$comment ='Qty CSV Imported';
$cols = count($data);
// array to store information if location got a quantity
$allowed_locations = $this->Stock_location->get_allowed_locations();
for ($col = 24; $col < $cols; $col = $col + 2)
for($col = 24; $col < $cols; $col = $col + 2)
{
$location_id = $data[$col];
if (array_key_exists($location_id, $allowed_locations))
if(array_key_exists($location_id, $allowed_locations))
{
$item_quantity_data = array (
$item_quantity_data = array(
'item_id' => $item_data['item_id'],
'location_id' => $location_id,
'quantity' => $data[$col + 1],
@@ -659,11 +678,11 @@ class Items extends Secure_Controller
$this->Item_quantity->save($item_quantity_data, $item_data['item_id'], $location_id);
$excel_data = array(
'trans_items'=>$item_data['item_id'],
'trans_user'=>$employee_id,
'trans_comment'=>$comment,
'trans_location'=>$data[$col],
'trans_inventory'=>$data[$col + 1]
'trans_items' => $item_data['item_id'],
'trans_user' => $employee_id,
'trans_comment' => $comment,
'trans_location' => $data[$col],
'trans_inventory' => $data[$col + 1]
);
$this->Inventory->insert($excel_data);
@@ -686,11 +705,11 @@ class Items extends Secure_Controller
$this->Item_quantity->save($item_quantity_data, $item_data['item_id'], $data[$col]);
$excel_data = array(
'trans_items'=>$item_data['item_id'],
'trans_user'=>$employee_id,
'trans_comment'=>$comment,
'trans_location'=>$location_id,
'trans_inventory'=>0
'trans_items' => $item_data['item_id'],
'trans_user' => $employee_id,
'trans_comment' => $comment,
'trans_location' => $location_id,
'trans_inventory' => 0
);
$this->Inventory->insert($excel_data);
@@ -706,24 +725,24 @@ class Items extends Secure_Controller
}
else
{
echo json_encode( array('success'=>false, 'message'=>'Your uploaded file has no data or wrong format') );
echo json_encode(array('success' => FALSE, 'message' => 'Your uploaded file has no data or wrong format'));
return;
}
}
$success = true;
$success = TRUE;
if(count($failCodes) > 0)
{
$msg = "Most items imported. But some were not, here is list of their CODE (" . count($failCodes) ."): ". implode(", ", $failCodes);
$success = false;
$message = 'Most items imported. But some were not, here is list of their codes (' . count($failCodes) . '): ' . implode(', ', $failCodes);
$success = FALSE;
}
else
{
$msg = "Import of Items successful";
$message = 'Import of Items successful';
}
echo json_encode( array('success'=>$success, 'message'=>$msg) );
echo json_encode(array('success' => $success, 'message' => $message));
}
}
?>