mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-28 10:15:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:apply-ci4-coding-standards
Branches Tags
mirror:master mirror:fix/4554-encryption-docker-issue mirror:fix-tax-input-locale mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2
..
compare: mirror:feature/travis-to-github-actions
Branches Tags
mirror:fix/4554-encryption-docker-issue mirror:fix-tax-input-locale mirror:master mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2

109 Commits
apply-ci4- ... feature/tr

Author SHA1 Message Date
Ollama
80fdf2b7b5 fix: add autoload-dev for Tests namespace and fix UrlHelperTest namespace 
- Add autoload-dev section to composer.json for Tests namespace
- Rename tests/helpers to tests/Helpers for PSR-4 compliance
- Add proper namespace to UrlHelperTest.php
- This fixes PHPUnit test discovery - previously only 6 tests were running
 2026-04-01 21:18:52 +00:00
Ollama
6d02eb12c2 fix: remove duplicate phpunit.xml that prevented tests from running 
The tests/phpunit.xml was incomplete - it only configured helpers and
Libraries testsuites, while phpunit.xml.dist at root contains all tests.
PHPUnit was likely using the incomplete config, resulting in empty test
results.
 2026-03-27 07:54:37 +00:00
Ollama
0c3574423c refactor: optimize Docker image size 
- Combine RUN commands to reduce layers
- Add --no-install-recommends and clean apt cache
- Use COPY --chown to set ownership during copy
- Update .dockerignore to exclude dev files and build configs

Saves ~260MB (21%) in image size
 2026-03-24 08:00:56 +00:00
Ollama
6fea9c3abd refactor: remove build-database gulp task (#4447) 
The build-database task previously concatenated tables.sql and constraints.sql
into database.sql. Since we now use initial_schema.sql directly in migrations,
this task is no longer needed.

- Remove gulp task 'build-database'
- Keep all other build tasks intact
 2026-03-20 19:36:11 +00:00
Ollama
0547d3ba60 refactor: remove tables.sql and constraints.sql (#4447) 
These files have been replaced by initial_schema.sql which is now the
authoritative source for the database schema. The initial migration
loads this schema on fresh installs.

- Remove app/Database/tables.sql
- Remove app/Database/constraints.sql
- Schema is frozen in app/Database/Migrations/sqlscripts/initial_schema.sql
 2026-03-20 19:33:13 +00:00
Ollama
a18dde4bbe feat: migrate CI from Travis to GitHub Actions with enhancements 
- Convert Travis CI configuration to GitHub Actions workflows
- Add multi-arch Docker builds (amd64/arm64)
- Implement initial schema migration for fresh database installs
- Add multi-attribute search with AND logic and sort by attribute columns
- Address various PR review feedback and formatting fixes
 2026-03-19 21:34:12 +00:00
dependabot[bot]
e4b92b58c3 Bump jspdf from 4.2.0 to 4.2.1 
Bumps [jspdf](https://github.com/parallax/jsPDF) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 4.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-17 19:06:05 +00:00
Ollama
dc1e448bc3 Fix review comments: remove redundant loop and add XSS escaping 
- Remove redundant property assignment loop in Expenses.php
- Add esc() to employee name values to prevent XSS vulnerabilities
 2026-03-17 15:32:16 +00:00
Ollama
24b2825b31 Fix: Restrict employee selection in expenses and receivings forms 
Users without the 'employees' permission can no longer impersonate other
employees when creating or editing expenses and receivings. The employee
field is now restricted to the current user for new records and shows the
stored employee for existing records.

Changes:
- Expenses controller: Add permission check in getView() and postSave()
- Receivings controller: Add permission check in getEdit() and postSave()
- Form views: Conditionally display dropdown or read-only field

Fixes #3616
 2026-03-17 15:32:16 +00:00
Ollama
38d672592b Add seed data to tests for proper integration testing 
- Add setUp() to seed test data: items, sales, sales_items, sales_items_taxes
- Add tearDown() to clean up seeded data after tests
- Remove skip conditions since we now have guaranteed test data
- Add testTaxDataIsGroupedByTaxNameAndPercent to verify grouping
- Use narrow date range to isolate seeded data
 2026-03-16 18:36:31 +00:00
Ollama
6f7e06e986 Rewrite tests to use database integration testing 
Tests now:
- Use DatabaseTestTrait for real database integration
- Actually call getData() and getSummaryData() methods
- Verify row totals (subtotal + tax = total) from real queries
- Verify summary data matches sum of rows
- Test getDataColumns() returns expected structure
- Use assertEqualsWithDelta for float comparisons with tolerance

These tests exercise the actual SQL queries and verify the
mathematical consistency of the calculations returned.
 2026-03-16 18:36:31 +00:00
Ollama
fda40d9340 Fix rounding consistency and update tests per review feedback 
- Ensure total = subtotal + tax by deriving total from rounded components
- Use assertEqualsWithDelta for float comparisons in tests
- Add defensive null coalescing in calculateSummary helper
- Add missing 'count' key to test data rows
- Add testRoundingAtBoundary test case
 2026-03-16 18:36:31 +00:00
Ollama
b49186ec7c Add unit tests for Taxes Summary Report calculations 
Tests verify:
- Row totals add up (subtotal + tax = total)
- Summary totals match sum of row values
- Tax-included and tax-not-included modes calculate correctly
- Rounding consistency across calculations
- Negative values (returns) are handled correctly
- Zero tax rows are handled correctly
 2026-03-16 18:36:31 +00:00
Ollama
8b56f61b8a Fix Taxes Summary Report totals not matching row values 
The report had calculation inconsistencies where:
1. Per-line totals (subtotal + tax) didn't equal the total column
2. Column totals didn't match the sum of individual rows

Root cause: subtotal, tax, and total were calculated independently
using different formulas and rounding at different stages, leading to
cumulative rounding errors.

Fix:
- Use item_tax_amount from database as the source of truth for tax
- Derive subtotal from sale_amount (handling both tax_included and
  tax_not_included modes correctly)
- Calculate total = subtotal + tax consistently for each line
- Override getSummaryData() to sum values from getData() rows,
  ensuring summary totals match the sum of displayed rows

Fixes #4112
 2026-03-16 18:36:31 +00:00
Ollama
9820beb0e1 Fix: Add Debit Card filter to Daily Sales and Takings 
Add 'only_debit' filter to Daily Sales and Takings dropdown. Reuses
existing 'Sales.debit' language string for the filter label. Includes
filter default initialization in getSearch() to prevent PHP warnings.

Fixes #4439
 2026-03-16 18:06:00 +00:00
Ollama
e01dad728f Add AGENTS.md with coding guidelines for AI agents 2026-03-16 18:02:50 +00:00
Ollama
234f930079 Fix strftime directives handling and tighten test assertions 
- Remove incorrect %C mapping (was mapping century to full year)
- Add special handling for %C (century), %c (datetime), %n (newline), %t (tab), %x (date)
- Add %h mapping (same as %b for abbreviated month)
- Tighten edge-case test assertions to use assertSame/assertMatchesRegularExpression
- Add tests for new directives: %C, %c, %n, %t, %x, %h
 2026-03-14 23:08:39 +00:00
Ollama
3001dc0e17 Fix: Pass parameter to generate() and add composite format tests 
- Fixed bug where render() was not passing caller-supplied  to
  generate(), causing ad-hoc tokens to be ignored
- Added %F (yyyy-MM-dd) and %D (MM/dd/yy) composite date formats to
  the IntlDateFormatter pattern map
- Added test coverage for composite date format directives (%F, %D, %T, %R)
 2026-03-14 23:08:39 +00:00
Ollama
3ba207e8b9 Use CIUnitTestCase for consistency with other tests 2026-03-14 23:08:39 +00:00
Ollama
d684c49ebd Fix Token_lib::render() for PHP 8.4 compatibility 
- Replaced deprecated strftime() with IntlDateFormatter
- Added proper handling for edge cases:
  - Strings with '%' not in date format (e.g., 'Discount: 50%')
  - Invalid date formats (e.g., '%-%-%', '%Y-%q-%bad')
  - Very long strings
- Added comprehensive unit tests for Token_lib
- All date format specifiers now mapped to IntlDateFormatter patterns
 2026-03-14 23:08:39 +00:00
Ollama
071e641f95 Fix stored XSS via stock location name 
Add esc() to stock_name output in sales/register.php and receivings/receiving.php

GHSA-vmm7-g33q-qqr2
 2026-03-14 15:35:32 +00:00
Ollama
48af67bd00 Fix stored XSS in gcaptcha_site_key on login page 2026-03-14 15:35:16 +00:00
Ollama
7cb1d95da7 Fix: Host Header Injection vulnerability (GHSA-jchf-7hr6-h4f3) 
Security: Prevent Host Header Injection attacks by validating HTTP_HOST
against a whitelist of allowed hostnames before constructing the baseURL.

Changes:
- Add getValidHost() method to validate HTTP_HOST against allowedHostnames
- If allowedHostnames is empty, log warning and fall back to 'localhost'
- If host not in whitelist, log warning and use first allowed hostname
- Update .env.example with allowedHostnames documentation
- Add security configuration section to INSTALL.md
- Add unit tests for host validation

This addresses the security advisory where the application constructed
baseURL from the attacker-controllable HTTP_HOST header, allowing:
- Login form phishing via manipulated form actions
- Cache poisoning via poisoned asset URLs

Fixes GHSA-jchf-7hr6-h4f3
 2026-03-14 15:34:21 +00:00
jekkos
bafe3ddf1b Fix stored XSS vulnerability in Attribute Definitions (GHSA-rvfg-ww4r-rwqf) (#4429) 
* Fix stored XSS vulnerability in Attribute Definitions

GHSA-rvfg-ww4r-rwqf: Stored XSS via Attribute Definition Name

Security Impact:
- Authenticated users with attribute management permission can inject XSS payloads
- Payloads execute when viewing/editing attributes in admin panel
- Can steal session cookies, perform CSRF attacks, or compromise admin operations

Root Cause:
1. Input: Attributes.php postSaveDefinition() accepts definition_name without sanitization
2. Output: Views echo definition_name without proper escaping

Fix Applied:
- Input sanitization: Added FILTER_SANITIZE_FULL_SPECIAL_CHARS to definition_name and definition_unit
- Output escaping: Added esc() wrapper when displaying definition_name in views
- Defense-in-depth: htmlspecialchars on attribute values saved to database

Files Changed:
- app/Controllers/Attributes.php - Sanitize inputs on save
- app/Views/attributes/form.php - Escape output on display
- app/Views/attributes/item.php - Escape output on display

* Remove input sanitization, keep output escaping only

Use escaping on output (esc() in views) as the sole XSS prevention
measure instead of sanitizing on input. This preserves the original
data in the database while still protecting against XSS attacks.

* Add validation for definition_fk foreign key in attribute definitions

Validate definition_group input before saving:
- Must be a positive integer (> 0)
- Must exist in attribute_definitions table
- Must be of type GROUP to ensure data integrity

Also add translation for definition_invalid_group error message
in all 45 language files (English placeholder for translations).

* Refactor definition_fk validation into single conditional statement

* Add esc() to attribute value outputs for XSS protection

- Add esc() to TEXT input value in item.php
- Add esc() to definition_unit in form.php

These fields display user-provided content and need output escaping
to prevent stored XSS attacks.

* Refactor definition_group validation into separate method

Extract validation logic for definition_fk into validateDefinitionGroup()
private method to improve code readability and reduce method complexity.

Returns:
- null if input is empty (no group selected)
- false if validation fails (invalid group)
- integer ID if valid

* Add translations for definition_invalid_group in all languages

- Added proper translations for 28 languages (de, es, fr, it, nl, pl, pt-BR, ru, tr, uk, th, zh-Hans, zh-Hant, ro, sv, vi, id, el, he, fa, hu, da, sw-KE, sw-TZ, ar-LB, ar-EG)
- Set empty string for 14 languages to fallback to English (cs, hr-HR, bg, bs, ckb, hy, km, lo, ml, nb, ta, tl, ur, az)

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-14 15:33:58 +00:00
jekkos
c482e75304 Fix DECIMAL attribute not respecting locale format (#4422) 
* Fix DECIMAL attribute not respecting locale format

Issue: DECIMAL attribute values were displayed as raw database values
instead of being formatted according to the user's locale settings.

Fix:
1. Modified Attribute::get_definitions_by_flags() to optionally return
   definition types along with names (new $include_types parameter)
2. Updated expand_attribute_values() in tabular_helper.php to detect
   DECIMAL attributes and apply to_decimals() locale formatting
3. Updated callers (Reports, Items table) to pass include_types=true
   where attributes are displayed

The DECIMAL values in table views (items, sales reports, receiving reports)
now respect the configured locale number format, matching DATE attributes
which already use locale-based formatting.

* Apply PSR-12 camelCase naming to new variables

Response to PR review comments:
- Rename  to
- Rename  to
- Rename  to

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 21:23:52 +00:00
jekkos
afc2f82dc6 Fix PHPUnit environment variables not being set (#4434) 
PHPUnit 10+/11+ requires force="true" attribute on <env> elements
to properly set environment variables. Without this attribute, the
database connection env vars were not being set during test bootstrap,
causing tests to fail silently with empty junit.xml output.

This fix adds force="true" to all <env> elements in phpunit.xml.dist.

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 18:54:29 +00:00
jekkos
ce411707b4 Fix SQL injection in suggestions column configuration (#4421) 
* Fix SQL injection in suggestions column configuration

The suggestions_first_column, suggestions_second_column, and
suggestions_third_column configuration values were concatenated
directly into SQL SELECT statements without validation, allowing
SQL injection attacks through the item search suggestions.

Changes:
- Add whitelist validation in Config controller to only allow
  valid column names (name, item_number, description, cost_price,
  unit_price)
- Add defensive validation in Item model's get_search_suggestion_format()
  and get_search_suggestion_label() methods
- Default invalid values to 'name' column for safety
- Add unit tests to verify malicious inputs are rejected

This is a critical security fix as attackers with config permissions
could inject arbitrary SQL through these configuration fields.

Vulnerability reported as additional injection point in bug report.

* Refactor: Move allowed suggestions columns to Item model constants

Extract the list of valid suggestion columns into two constants in the Item model for better cohesion:
- ALLOWED_SUGGESTIONS_COLUMNS: valid column names
- ALLOWED_SUGGESTIONS_COLUMNS_WITH_EMPTY: includes empty string for config validation

This consolidates the validation logic in one place and makes it reusable across Config controller and Item model.

* Address PR review comments: improve validation and code quality

Changes:
- Use camelCase naming for validateSuggestionsColumn() method (PSR-12)
- Add field-aware validation with different fallbacks for first vs other columns
- Handle non-string POST input by checking is_string() before validation
- Refactor duplicate validation logic into suggestionColumnIsAllowed() helper
- Use consistent camelCase variable names ($suggestionsFirstColumn)
- Update tests to validate constants and behavior rather than implementation
- Tests now focus on security properties of the allowlist itself

The validation now properly handles:
- First column: defaults to 'name' when invalid
- Second/Third columns: defaults to '' (empty) when invalid
- Non-string inputs: treated as invalid with appropriate fallback

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 18:13:54 +00:00
jekkos
37c6e22fc4 Update SECURITY.md with published security advisories (#4431) 
- Add Security Advisories section with 4 published CVEs
- Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits
- Update supported versions table to reflect current state (>= 3.4.2)
- Add link to GitHub Security Advisories page for complete list

CVEs added:
- CVE-2025-68434: CSRF leading to Admin Creation (8.8)
- CVE-2025-68147: Stored XSS in Return Policy (8.1)
- CVE-2025-66924: Stored XSS in Item Kits (7.2)
- CVE-2025-68658: Stored XSS in Company Name (4.3)

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 17:53:32 +00:00
jekkos
3c7ece5c33 Fix permission bypass in Sales.getManage() access control (#4428) 
The redirect() in getManage() returned a RedirectResponse that was never
executed, allowing unauthorized access to reports_sales. Updated method
signature to return ResponseInterface|string and properly return the
redirect response.

Refs: GHSA-94jm-c32g-48r5

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 17:52:07 +00:00
jekkos
02fccaf43f Fix XSS vulnerability in tax invoice view (#4432) 
Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 16:09:04 +00:00
jekkos
ee4d44ed39 Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch) (#4427) 
* Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch)

The previous authorization check using can_modify_employee() was too
permissive - it allowed non-admin users to change other non-admin users'
passwords. For password changes, users should only be able to change
their own password. Only admins should be able to change any user's
password.

This fix replaces the can_modify_employee() check with a stricter
authorization that only allows:
- Users to change their own password
- Admins to change any user's password

Affected endpoints:
- GET /home/changePassword/{employee_id}
- POST /home/save/{employee_id}

Added tests to verify non-admin users cannot access or change other
non-admin users' passwords.

* Address PR review feedback

- Replace header/exit redirect with proper 403 response in getChangePassword
- Refactor createNonAdminEmployee helper to accept overrides array
- Simplify tests by reusing the helper
- Update tests to expect 403 response instead of redirect

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 12:13:21 +01:00
jekkos
fa3f257e7b Fix PHPUnit test configuration for database connectivity (#4430) 
- Add database.tests.* environment variables to phpunit.xml.dist
- Set hostname to 127.0.0.1 to match CI MariaDB container
- Add MYSQL_* env vars for Database.php compatibility
- Tests were not running because database connection failed silently

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 10:38:37 +01:00
jekkos
431a9951e9 Fix filter persistence javascript issues (#4400) 2026-03-11 23:03:21 +01:00
jekkos
f7e8d6e427 Add filter persistence for table views via URL query string (#4400) 
This commit adds URL-based filter persistence for table views, allowing
users to navigate away from a filtered view (e.g., clicking into sale
details) and return without losing their filter settings.

The solution uses history.replaceState() to update the URL without
triggering a page reload, providing a seamless user experience while
maintaining shareable/bookmarkable URLs.

Fixes navigation issue where filters are lost when viewing details or
navigating away from table views.

* Move filter restoration to server-side for cleaner architecture

Changes:
- Controllers now restore filters from URL query string on initial page load:
  * Sales.php: Reads start_date, end_date, and filters[] from GET
  * Items.php: Reads start_date, end_date, filters[], and stock_location
  * Expenses.php: Reads start_date, end_date, and filters[]
  * Cashups.php: Reads start_date, end_date, and filters[]

- Views now receive restored filter values from controllers:
  * Server-side date override via JavaScript variables
  * form_multiselect() receives $selected_filters from controller
  * Removed setTimeout hack from table_filter_persistence.php

- Simplified table_filter_persistence.php:
  * Now only handles URL updates on filter changes
  * No longer responsible for restoring state
  * Cleaner, single responsibility (client-side URL management)

Benefits:
- Works without JavaScript for initial render
- Cleaner architecture (server controls initial state)
- Client-side JS only handles "live" filter updates
- Filters persist across navigation via URL query string
- Shareable/bookmarkable URLs

How it works:
1. User visits /sales/manage?start_date=2024-01-01&filters[]=only_cash
2. Controller reads GET params and passes to view
3. View renders with correct initial filter values
4. User changes filter → JavaScript updates URL via replaceState()
5. User navigates away and back → Controller restores from URL again

* Refactor filter restoration into helper function and use PSR-12 naming

* Use array_merge with helper to reduce code duplication

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-11 20:11:00 +01:00
dependabot[bot]
85889b6e65 Bump jspdf from 4.1.0 to 4.2.0 (#4383) 
Bumps [jspdf](https://github.com/parallax/jsPDF) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 4.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: objecttothis <17935339+objecttothis@users.noreply.github.com>
 2026-03-11 16:36:53 +04:00
Ollama
6818f02ef9 Update SECURITY.md with published security advisories 
- Add Security Advisories section with 4 published CVEs
- Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits
- Update supported versions table to reflect current state (>= 3.4.2)
- Add link to GitHub Security Advisories page for complete list

CVEs added:
- CVE-2025-68434: CSRF leading to Admin Creation (8.8)
- CVE-2025-68147: Stored XSS in Return Policy (8.1)
- CVE-2025-66924: Stored XSS in Item Kits (7.2)
- CVE-2025-68658: Stored XSS in Company Name (4.3)
 2026-03-10 22:28:09 +01:00
Ollama
436696b11b Add workflow to auto-update issue templates with releases 
Adds a GitHub Actions workflow that automatically updates the
OpensourcePOS Version dropdown in bug report and feature request
templates when new releases are published.

Fixes #4317
 2026-03-10 22:26:49 +01:00
Ollama
9a2b308647 Sync language files (#3468) 
- Add csv_import_invalid_location to Items.php for CSV import validation
- Add error_deleting_admin and error_updating_admin to Employees.php for admin protection messages

Strings added with empty values so they fallback to English and show as untranslated in Weblate.
 2026-03-09 07:45:19 +01:00
Ollama
1f55d96580 Fix mass assignment vulnerability in bulk edit (GHSA-49mq-h2g4-grr9) 
The bulk edit function iterated over all $_POST keys without a whitelist,
allowing authenticated users to inject arbitrary database columns (e.g.,
cost_price, deleted, item_type) into the update query. This bypassed
CodeIgniter 4's $allowedFields protection since Query Builder was used
directly.

Fix: Add ALLOWED_BULK_EDIT_FIELDS constant to Item model defining the
explicit whitelist of fields that can be bulk-updated. Use this constant
in the controller instead of iterating over $_POST directly.

Fields allowed: name, category, supplier_id, cost_price, unit_price,
reorder_level, description, allow_alt_description, is_serialized

Security impact: High (CVSS 8.1) - Could allow price manipulation and
data integrity violations.
 2026-03-08 22:49:12 +01:00
Ollama
b2fadea44a Fix broken SQL injection fix - use havingLike() instead of having() with named params 
The previous SQL injection fix (GHSA-hmjv-wm3j-pfhw) used named parameter
syntax :search: with having(), but CodeIgniter 4's having() method does
not support named parameters. This caused the query to fail.

The fix uses havingLike() which properly:
- Escapes the search value to prevent SQL injection
- Handles the LIKE clause construction internally (wraps value with %)
- Works correctly with HAVING clauses for aggregated columns

This maintains the security fix while actually working on CI4.
 2026-03-08 22:48:43 +01:00
Ollama
0fdb3ba37b Fix payment type becoming null when editing sales 
When localization uses dot (.) as thousands separator (e.g., it_IT, es_ES, pt_PT),
the payment_amount value was displayed as raw float (e.g., '10.50') but parsed
using parse_decimals() which expects locale-formatted numbers.

In these locales, '.' is thousands separator and ',' is decimal separator.
parse_decimals('10.50') would return false, causing the condition
 != 0 to evaluate incorrectly (false == 0 in PHP),
resulting in the payment being deleted instead of updated.

Fix: Use to_currency_no_money() to format payment_amount and cash_refund
values according to locale before displaying in the form, so parse_decimals()
can correctly parse them on submission.
 2026-03-08 22:34:47 +01:00
jekkos
d7b2264ac1 Fix: Preserve CHECKBOX attribute state when adding attributes (#4385) 
Modified definition_values() function in app/Views/attributes/item.php to properly handle checkbox attributes.

The issue was that checkbox attributes have two input elements (hidden and checkbox) with the same name pattern. When collecting attribute values during the refresh operation, both inputs were being processed, with the hidden input potentially overwriting the checkbox state.

Changes:
- Skip hidden inputs that have a corresponding checkbox input
- For checkbox inputs, explicitly capture the checked state using prop('checked')
- Convert checked state to '1' or '0' for consistency

This ensures that when adding another attribute to an item, existing checkbox states are preserved correctly.
 2026-03-08 22:31:02 +01:00
Ollama
a229bf6031 Fix stored XSS vulnerabilities in employee permissions and customer data 
1. Stock Location XSS (GHSA-7hg5-68rx-xpmg):
   - Stock location names were rendered unescaped in employee form
   - Malicious stock locations could contain XSS payloads that execute
     when viewing employee permissions
   - Fixed by adding esc() to permission display in employees/form.php

2. Customer Name XSS (GHSA-hcfr-9hfv-mcwp):
   - Bootstrap-table columns had escape disabled for customer_name,
     email, phone_number, and note fields
   - Malicious customer names could execute XSS in Daily Sales view
   - Fixed by removing user-controlled fields from escape exception list
   - Only 'edit', 'messages', and 'item_pic' remain in exception list
     (these contain safe server-generated HTML)

Both vulnerabilities allow authenticated attackers with basic permissions
to inject JavaScript that executes in admin/other user sessions.
 2026-03-08 18:42:30 +01:00
Ollama
977fa5647b Fix stored XSS vulnerability in item descriptions 
GHSA-q58g-gg7v-f9rf: Stored XSS via Item Description

Security Impact:
- Authenticated users with item management permission can inject XSS payloads
- Payloads execute in POS register view (sales and receivings)
- Can steal session cookies, perform CSRF attacks, or compromise POS operations

Root Cause:
1. Input: Items.php:614 accepts description without sanitization
2. Output: register.php:255 and receiving.php:220 echo description without escaping

Fix Applied:
- Input sanitization: Added FILTER_SANITIZE_FULL_SPECIAL_CHARS to description POST
- Output escaping: Added esc() wrapper when echoing item descriptions
- Defense-in-depth approach: sanitize on input, escape on output

Files Changed:
- app/Controllers/Items.php - Sanitize description on save
- app/Views/sales/register.php - Escape description on display
- app/Views/receivings/receiving.php - Escape description on display

Testing:
- XSS payloads like '<script>alert(1)</script>' are now sanitized on input
- Any existing malicious descriptions are escaped on output
- Does not break legitimate descriptions with special characters
 2026-03-07 20:51:48 +01:00
Ollama
52b0a83190 Fix SQL injection in custom attribute search 
Parameterize LIKE queries in HAVING clause to prevent SQL injection
when search_custom filter is enabled. Also sanitize search parameter
input at controller level for defense-in-depth.

Fixes vulnerability where user input was directly interpolated into
SQL queries without sanitization.
 2026-03-07 19:10:42 +01:00
jekkos
f25a0f5b09 Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase 
- Move admin modules list from is_admin method to ADMIN_MODULES constant
- Rename is_admin() to isAdmin() following CodeIgniter naming conventions
- Rename can_modify_employee() to canModifyEmployee() following conventions
- Update all callers in Employees controller and tests
 2026-03-06 17:25:25 +01:00
jekkos
f0f288797a Add migration to fix existing image filenames with spaces (#4372) 
This migration will:
- Scan all items for filenames containing spaces
- Rename both original and thumbnail files on the filesystem
- Update database records with sanitized filenames
- Only process files that actually exist on the filesystem
 2026-03-06 17:09:52 +01:00
jekkos
63083a0946 Fix: Sanitize image filenames to prevent thumbnail display issues (#4372) 
When uploading item images with filenames containing spaces, the thumbnails fail to load due to Apache mod_rewrite rejecting URLs with spaces.

Changes:
- Modified upload_image() method to sanitize filenames by replacing spaces and special characters with underscores
- Uses regex to keep only alphanumeric, underscores, hyphens, and periods
- Preserves original filename in 'orig_name' field for reference
- Fixes issue where thumbnail URLs would fail with 'AH10411: Rewritten query string contains control characters or spaces'

Example: 'banana marsmellow.jpg' becomes 'banana_marsmellow.jpg'

Fixes: #4372
 2026-03-06 17:09:52 +01:00
jekkos
3a33098776 Fix: Handle image filenames with spaces in thumbnails 
- URL-encode filenames when constructing image/thumbnail URLs
- Decode filename parameter in getPicThumb() controller
- Prevents Apache AH10411 error with spaces in rewritten URLs

Fixes #4372
 2026-03-06 17:09:52 +01:00
jekkos
ca6a1b35af Add row-level authorization to password change endpoints (#4401) 
* fix(security): add row-level authorization to password change endpoints

- Prevents non-admin users from viewing other users' password forms
- Prevents non-admin users from changing other users' passwords
- Uses can_modify_employee() check consistent with Employees controller fix
- Addresses BOLA vulnerability in Home controller (GHSA-q58g-gg7v-f9rf)

* test(security): add BOLA authorization tests for Home controller

- Test non-admin cannot view/change admin password
- Test user can view/change own password
- Test admin can view/change any password
- Test default employee_id uses current user
- Add JUnit test result upload to CI workflow

* refactor: apply PSR-12 naming and add DEFAULT_EMPLOYEE_ID constant

- Add DEFAULT_EMPLOYEE_ID constant to Constants.php
- Rename variables to follow PSR-12 camelCase convention
- Use ternary for default employee ID assignment

* refactor: use NEW_ENTRY constant instead of adding DEFAULT_EMPLOYEE_ID

Reuse existing NEW_ENTRY constant for default employee ID parameter.
Avoids adding redundant constants to Constants.php with same value (-1).

---------

Co-authored-by: jekkos <jeroen@steganos.dev>
 2026-03-06 17:08:36 +01:00
jekkos
418580a52d Fix second-order SQL injection in currency_symbol config (#4390) 
* Fix second-order SQL injection in currency_symbol config

The currency_symbol value was concatenated directly into SQL queries
without proper escaping, allowing SQL injection attacks via the
Summary Discounts report.

Changes:
- Use $this->db->escape() in Summary_discounts::getData() to properly
  escape the currency symbol value before concatenation
- Add htmlspecialchars() validation in Config::postSaveLocale() to
  sanitize the input at storage time
- Add unit tests to verify escaping of malicious inputs

Fixes SQL injection vulnerability described in bug report where
attackers with config permissions could inject arbitrary SQL through
the currency_symbol field.

* Update test to use CIUnitTestCase for consistency

Per code review feedback, updated test to extend CIUnitTestCase
instead of PHPUnit TestCase to maintain consistency with other
tests in the codebase.

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-06 17:01:38 +01:00
jekkos
31d25e06dc fix(security): whitelist and validate invoice template types (#4393) 
- Add whitelist validation for invoice_type to prevent path traversal and LFI
- Validate invoice_type against allowed values in Sale_lib
- Sanitize invoice_type input in Config controller before saving
- Default to 'invoice' template for invalid types

Security: Prevents arbitrary file inclusion via user-controlled invoice_type config
 2026-03-06 13:18:47 +01:00
jekkos
b1819b3b36 dd validation for invalid stock locations in CSV import (#4399) 
- Add validateCSVStockLocations() method to check CSV columns against allowed locations
- Log error when invalid stock location columns are detected
- Tests for valid, invalid, and mixed stock location columns
- Tests for location name case sensitivity
- Tests for CSV parsing and detecting location columns
- Add error message language string for invalid locations

Co-authored-by: objecttothis <17935339+objecttothis@users.noreply.github.com>
 2026-03-06 13:17:52 +01:00
jekkos
6705420373 Fix incorrect argument types in migration round_number() methods (#4403) 
The round_number() method signature declares $amount as string, but the
HALF_FIVE case and other rounding operations pass string values to round()
and other arithmetic operations which expect numeric types. This causes
type errors when strict type checking is enabled.

Fix by casting $amount to float before arithmetic operations in both
migration files:
- 20170502221506_sales_tax_data.php (line 268)
- 20200202000000_taxamount.php (line 244)

Also cast sale_tax_amount to float in round_sales_taxes() method before
passing to round() operations (lines 381 in sales_tax_data.php and 358 in
taxamount.php).

Fixes #4324
 2026-03-06 13:07:24 +01:00
dependabot[bot]
d6b767c80a Bump dompurify from 3.3.1 to 3.3.2 (#4402) 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-05 21:54:49 +01:00
jekkos
19eb43270a Fix broken object-level authorization in Employees controller (CVE-worthy) (#4391) 
- Non-admin employees can no longer view/modify admin accounts
- Non-admin employees can no longer delete admin accounts
- Non-admin employees can only grant permissions they themselves have
- Added is_admin() and can_modify_employee() methods to Employee model
- Prevents privilege escalation via permission grants

Add tests for BOLA fix and permission delegation

- EmployeeTest: Unit tests for is_admin() and can_modify_employee() methods
- EmployeesControllerTest: Test cases for authorization checks (integration tests require DB)
- ReportsControllerTest: Test validating the constructor redirect fix pattern

Fix return type error in Employees controller

Use $this->response->setJSON() instead of echo json_encode() + return
to properly satisfy the ResponseInterface return type.
 2026-03-05 19:46:39 +01:00
jekkos
df4549bb0b Fix Docker image upload by replacing slashes in TAG 2026-03-05 14:46:45 +00:00
jekkos
bdc965be23 Fix: Refresh session language for employee after update. (#4245) 2026-03-04 22:43:52 +01:00
Lucas Lyimo
5c8905aa1b Language Array Key Typo Fix (#4371) 
* Fix typo in stock location translation

* Fix typo in stock location key

* Fix typo in Language Receivings files stock_location

* Add Swahili-TZ Language Files

* Add Swahili-KE Language Files
 2026-03-04 22:06:17 +01:00
jekkos
690f43578d Use Content-Type application/json for AJAX responses (#4357) 
Complete Content-Type application/json fix for all AJAX responses

- Add missing return statements to all ->response->setJSON() calls
- Fix Items.php method calls from JSON() to setJSON()
- Convert echo statements to proper JSON responses
- Ensure consistent Content-Type headers across all controllers
- Fix 46+ instances across 12 controller files
- Change Config.php methods to : ResponseInterface (all return setJSON only):
  - postSaveRewards(), postSaveBarcode(), postSaveReceipt()
  - postSaveInvoice(), postRemoveLogo()
  - Update PHPDoc @return tags

- Change Receivings.php _reload() to : string (only returns view)
- Change Receivings.php methods to : string (all return _reload()):
  - getIndex(), postSelectSupplier(), postChangeMode(), postAdd()
  - postEditItem(), getDeleteItem(), getRemoveSupplier()
  - postComplete(), postRequisitionComplete(), getReceipt(), postCancelReceiving()
- Change postSave() to : ResponseInterface (returns setJSON)
- Update all PHPDoc @return tags

Fix XSS vulnerabilities in sales templates, login, and config pages

This commit addresses 5 XSS vulnerabilities by adding proper escaping
to all user-controlled configuration values in HTML contexts.

Fixed Files:
- app/Views/sales/invoice.php: Escaped company_logo (URL context) and company (HTML)
- app/Views/sales/work_order.php: Escaped company_logo (URL context)
- app/Views/sales/receipt_email.php: Added file path validation and escaping for logo
- app/Views/login.php: Escaped all config values in title, logo src, and alt
- app/Views/configs/info_config.php: Escaped company_logo (URL context)

Security Impact:
- Prevents stored XSS attacks if configuration is compromised
- Defense-in-depth principle applied to administrative interfaces
- Follows OWASP best practices for output encoding

Testing:
- Verified no script execution with XSS payloads in config values
- Confirmed proper escaping in HTML, URL, and file contexts
- All templates render correctly with valid configuration

Severity: High (4 files), Medium-High (1 file)
CVSS Score: ~6.1
CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation)

Fix critical password validation bypass and add unit tests

This commit addresses a critical security vulnerability where the password
minimum length check was performed on the HASHED password (always 60
characters for bcrypt) instead of the actual password before hashing.

Vulnerability Details:
- Original code: strlen($employee_data['password']) >= 8
- This compared the hash length (always 60) instead of raw password
- Impact: Users could set 1-character passwords like "a"
- Severity: Critical (enables brute force attacks on weak passwords)
- CVE-like issue: CWE-307 (Improper Restriction of Excessive Authentication Attempts)

Fix Applied:
- Validate password length BEFORE hashing
- Clear error message when password is too short
- Added unit tests to verify minimum length enforcement
- Regression test to prevent future vulnerability re-introduction

Test Coverage:
- testPasswordMinLength_Rejects7Characters: Verify 7 chars rejected
- testPasswordMinLength_Accepts8Characters: Verify 8 chars accepted
- testPasswordMinLength_RejectsEmptyString: Verify empty rejected
- testPasswordMinLength_RejectsWhitespaceOnly: Verify whitespace rejected
- testPasswordMinLength_AcceptsSpecialCharacters: Verify special chars OK
- testPasswordMinLength_RejectsPreviousBehavior: Regression test for bug

Files Modified:
- app/Controllers/Home.php: Fixed password validation logic
- tests/Controllers/HomeTest.php: Added comprehensive unit tests

Security Impact:
- Enforces 8-character minimum password policy
- Prevents extremely weak passwords that facilitate brute-force attacks
- Critical for credential security and user account protection

Breaking Changes:
- Users with passwords < 8 characters will need to reset their password
- This is the intended security improvement

Severity: Critical
CVSS Score: ~7.5
CWE: CWE-305 (Authentication Bypass by Primary Weakness), CWE-307

Add GitHub Actions workflow to run PHPUnit tests

Move business logic from views to controllers for better separation of concerns

- Move logo URL computation from info_config view to Config::getIndex()
- Move image base64 encoding from receipt_email view to Sales controller
- Improves separation of concerns by keeping business logic in controllers
- Simplifies view templates to only handle presentation

Fix XSS vulnerabilities in report views - escape user-controllable summary data and labels

Fix base64 encoding URL issue in delete payment - properly URL encode base64 string

Fix remaining return type declarations for Sales controller

Fixed additional methods that call _reload():
- postAdd() - returns _reload($data)
- postAddPayment() - returns _reload($data)
- postEditItem() - returns _reload($data)
- postSuspend() - returns _reload($data)
- postSetPaymentType() - returns _reload()

All methods now return ResponseInterface|string to match _reload() signature.
This resolves PHP TypeError errors.
 2026-03-04 21:42:35 +01:00
jekkos
0858a1c23c Fix permission bypass in Reports submodule access control (#4389) 
The redirect() in constructor returned a RedirectResponse that was never executed, allowing unauthorized access to report submodules. Replaced with header() + exit() to enforce permission checks.
 2026-03-04 21:18:42 +01:00
jekkos
3c217bbddd Fix XSS vulnerabilities in invoice_email.php view 2026-03-04 17:54:01 +00:00
jekkos
87a0606141 Fix XSS vulnerability in register (#3965) 2026-03-03 22:40:50 +01:00
jekkos
b6a90f7880 Fix XSS vulnerability in register (#3965) 2026-03-03 22:37:08 +01:00
jekkos
b93359bcaf Fix XSS vulnerability in attributes (#3965) 2026-03-03 22:28:32 +01:00
jekkos
79427481b3 Fix XSS vulnerabilities in invoices + receipts (#3965) (#4363) 2026-02-23 20:14:55 +01:00
dependabot[bot]
b23351a45c Bump jspdf and jspdf-autotable (#4373) 
Bumps [jspdf](https://github.com/parallax/jsPDF) and [jspdf-autotable](https://github.com/simonbengtsson/jsPDF-AutoTable). These dependencies needed to be updated together.

Updates `jspdf` from 3.0.2 to 4.1.0
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v3.0.2...v4.1.0)

Updates `jspdf-autotable` from 5.0.2 to 5.0.7
- [Release notes](https://github.com/simonbengtsson/jsPDF-AutoTable/releases)
- [Commits](https://github.com/simonbengtsson/jsPDF-AutoTable/compare/v5.0.2...v5.0.7)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 4.1.0
  dependency-type: direct:production
- dependency-name: jspdf-autotable
  dependency-version: 5.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-07 11:46:11 +00:00
dependabot[bot]
bee0c8e364 Bump lodash from 4.17.21 to 4.17.23 (#4369) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 20:51:03 +01:00
jekkos
849439c71e Fix multiple XSS vulnerabilities (#3965) (#4356) 2025-12-22 17:21:49 +01:00
Chathura Dilushanka
25680f05db Add equals as permitted URI character (#4329) 
This should resolve the 400 error when deleting payments with base64 encoded IDs containing `=`.
 2025-12-21 22:41:36 +01:00
jekkos
a11fb099e2 Fix travis build after merge (#4130) 2025-12-21 19:51:21 +01:00
BhojKamal
aee5f31cf5 Add show/hide cost price & profit feature - in reports #4130 (#4350) 
* Add show/hide cost price & profit feature

* .env should be ignored.

* js code formatted. .vscode folder ignore for vscode user settings.json

* style is replaced with bootstrap class, formatted and .env.example

* toggle button on table to like in other

* comment corrected.

* class re-factored

* minor refactor

* formatted with 4 space

---------

Co-authored-by: Lotussoft Youngtech <lotussoftyoungtech@gmail.com>
 2025-12-21 15:23:39 +05:45
jekkos
643b0ac499 Fix for detailed suppliers report (#4351) 2025-12-17 22:46:59 +01:00
jekkos
3e844f2f89 Escape return_policy in receipt + invoice (#4349) 
* Escape return_policy in receipt + invoice

* Enable CSRF using session token (#3632)
 2025-12-17 20:39:58 +01:00
jekkos
2acdec431f Fix wrong migration script location (#4285) 2025-12-08 23:06:48 +01:00
jekkos
f245f585da Fix creation of date attribute value (#4310) (#4344) 
Fix type hints in case search string is empty in sales
 2025-12-02 07:19:14 +01:00
jekkos
e48ab45094 Fix toast notifications in config (#4341) (#4343) 2025-11-28 09:01:07 +01:00
jekkos
46e31b1c16 Allow anonymous giftcard creation (#4278) 
* Allow giftcard without person (#4276)

* Update giftcard form validation (#4276)
 2025-11-24 22:54:52 +01:00
jekkos
bea69c7aa1 Add DOMPurify to JS includes (#4341) 2025-11-23 22:20:40 +01:00
jekkos
30da69a382 Fix attachment cid (#4314) 
* Add attachment cid when sending emails (#4308)

Also check if an encryption key is set before decrypting the SMTP
password.

* Upgrade to CI 4.6.3 (#4308)

* Fix for changing invoice id in email (#4308)
 2025-11-23 21:37:32 +01:00
jekkos
6dd5a9162f Add DOMpurify + fix XSS (#4341) 2025-11-23 21:35:47 +01:00
jekkos
26a398f7d2 Add recent releases to issue template (#4317) 2025-11-21 23:55:24 +01:00
jekkos
ce73d9bb31 Add env variable to disallow pwd change (#4325) 2025-11-21 23:46:48 +01:00
jekkos
83af580d40 Add server side validation for password (#4335) 2025-11-21 23:45:47 +01:00
jekkos
ca7adf76c1 Update SECURITY.md contact (#4335) 2025-11-21 23:22:39 +01:00
jekkos
832db664e5 Fix tax configuration pages (#4331) 2025-11-21 22:13:35 +01:00
jekkos
36e73a84af Clean up docker compose setup (#4308) 2025-10-27 21:57:12 +01:00
Joe Williams
bcddf482fe [Feature] Add logging to migrations (#4327) 
* `execute_script()` now returns a boolean for error handling.

* Added transaction to `Migration_MissingConfigKeys.up()`.

* Added logging to various migrations.

* Added transaction to `Migration_MissingConfigKeys.up()`.

* Added logging to various migrations.

* Formatting and function call fixes

Fixed a minor formatting issue in the migration helper.
Replaced a few remaining error_log() calls.
Updated executeScriptWithTransaction() to use log_message()

* Function call fix

Replaced the last error_log() calls with log_message().

---------

Co-authored-by: Joe Williams <hey-there-joe@outlook.com>
 2025-10-19 22:10:28 -07:00
Joe Williams
759356288b Add transactions to missing config keys migration. (#4318) 
* `execute_script()` now returns a boolean for error handling.

* Added transaction to `Migration_MissingConfigKeys.up()`.

* Added `executeScriptWithTransaction()` to migration helpers.

* Many changes for testing; also minor formatting fixes.

* Removed test code and pointed the `NullableTaxCategoryId` migration at the right SQL file.

* Fixed header.php

* Code cleanup from code review:
- Added IGNORE to SQL scripts.
- Added try-catch to executeScriptWithTransaction().
- Various comment changes.

* Fixed naming issue

Nullable tax category ID migration now runs the correct script.

* Updated SQL

Replaced INSERT WHERE NOT EXISTS in missing config keys sql script to use a single INSERT IGNORE.

* Updated migration helper

Updated executeScriptWithTransaction to use transRollback

---------

Co-authored-by: Joe Williams <hey-there-joe@outlook.com>
 2025-10-15 22:53:14 -07:00
j2272850861-pixel
d1e5575ac1 Translated using Weblate (Portuguese (Brazil)) 
Currently translated at 100.0% (8 of 8 strings)

Translation: opensourcepos/bootstrap_tables
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/bootstrap_tables/pt_BR/
 2025-10-10 12:58:48 +02:00
j2272850861-pixel
b3f67a5e0f Translated using Weblate (Portuguese (Brazil)) 
Currently translated at 100.0% (85 of 85 strings)

Translation: opensourcepos/common
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/common/pt_BR/
 2025-10-10 12:58:48 +02:00
j2272850861-pixel
41b349134a Translated using Weblate (Portuguese (Brazil)) 
Currently translated at 100.0% (12 of 12 strings)

Translation: opensourcepos/login
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/login/pt_BR/
 2025-10-10 12:58:48 +02:00
jekkos
b1f6ae6d35 Fix mount path for uploads (#4308) 
Remove duplicated compose sections in nginx version.  We will include
parts of the main file instead of duplicating it here.
 2025-08-29 09:12:02 +02:00
dependabot[bot]
4153c69ccd Bump jspdf from 3.0.1 to 3.0.2 (#4309) 
Bumps [jspdf](https://github.com/parallax/jsPDF) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 3.0.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-29 07:32:54 +02:00
jekkos
87fbd72478 Add generic try/catch in import (#4302) 2025-08-28 00:05:58 +02:00
jekkos
a4ac42b4ad Fix reference to uploads folder (#4270) (#4286) 2025-08-18 21:19:36 +02:00
jekkos
2eff79a8b6 Fix for suspended sales (#4283) (#4303) 2025-08-15 23:12:35 +02:00
Aril Apria Susanto
880fb8faef Translated using Weblate (Indonesian) 
Currently translated at 100.0% (327 of 327 strings)

Translation: opensourcepos/config
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/config/id/
 2025-08-11 10:27:22 +02:00
Aril Apria Susanto
4d2347173b Translated using Weblate (Indonesian) 
Currently translated at 100.0% (85 of 85 strings)

Translation: opensourcepos/common
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/common/id/
 2025-08-11 10:27:22 +02:00
Aril Apria Susanto
82d36d01fb Translated using Weblate (Indonesian) 
Currently translated at 100.0% (45 of 45 strings)

Translation: opensourcepos/module
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/module/id/
 2025-08-11 10:27:22 +02:00
Aril Apria Susanto
13314b7da1 Translated using Weblate (Indonesian) 
Currently translated at 100.0% (53 of 53 strings)

Translation: opensourcepos/customers
Translate-URL: https://translate.opensourcepos.org/projects/opensourcepos/customers/id/
 2025-08-11 10:27:22 +02:00
jekkos
43808c5970 Revert toast message sanitization (#4302) 2025-08-07 23:49:54 +02:00
jekkos
1615ef3832 Set release version to 3.4.2 2025-08-07 21:06:11 +02:00
jekkos
e089dc5e2c Fix item kits update (#4294) 2025-08-06 23:40:00 +02:00
jekkos
4cf70a95e6 Fix security incident email address (#4298) 2025-07-30 08:05:58 +02:00
jekkos
e08367aaae Allow empty tax category id (#4285) (#4288) 2025-07-29 23:59:23 +02:00
jekkos
9cd2f685ff Fix barcode generation in items (#4270) 2025-07-29 23:56:50 +02:00
jekkos
6800f338e7 Upgrade to ci 4.6.2 (#4296) (#4298) 2025-07-29 23:20:24 +02:00
jekkos
d4ab56b742 Fix migration 20250522000000 (#4284) 
* Fix migration errors

Add dropColumnIfExists to migration_helper

* Add config key/values if missing (#4282)
 2025-07-16 23:28:24 +02:00
1396 changed files with 84037 additions and 77011 deletions
Expand all files Collapse all files

55
.dockerignore
View File

@@ -1,23 +1,56 @@
node_modules
tmp
# Version control
.git
.gitignore
# Sensitive config (user may mount their own)
app/Config/Email.php
# Build artifacts
node_modules/
dist/
tmp/
*.patch
patches/
# IDE and editor files
.idea/
git-svn-diff.py
*.bash
.vscode/
.swp
*.swp
.buildpath
.project
.settings/*
.git
dist/
node_modules/
*.swp
.settings/
# Development tools and configs
tests/
phpunit.xml
.php-cs-fixer.*
phpstan.neon
*.bash
git-svn-diff.py
# Documentation
*.md
!LICENSE
branding/
# Build configs (not needed at runtime)
composer.json
composer.lock
package.json
package-lock.json
gulpfile.js
.env.example
.dockerignore
# Temporary and backup files
*.rej
*.orig
*~
*.~
*.log
app/writable/session/*
!app/writable/session/index.html
# CI
.github/
.github/workflows/
build/

63
.env-example
View File

@@ -1,63 +0,0 @@
#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------
CI_ENVIRONMENT = production
#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------
database.default.hostname = 'localhost'
database.default.database = 'ospos'
database.default.username = 'admin'
database.default.password = 'pointofsale'
database.default.DBDriver = 'MySQLi'
database.default.DBPrefix = 'ospos_'
database.development.hostname = 'localhost'
database.development.database = 'ospos'
database.development.username = 'admin'
database.development.password = 'pointofsale'
database.development.DBDriver = 'MySQLi'
database.development.DBPrefix = 'ospos_'
database.tests.hostname = 'localhost'
database.tests.database = 'ospos'
database.tests.username = 'admin'
database.tests.password = 'pointofsale'
database.tests.DBDriver = 'MySQLi'
database.tests.DBPrefix = 'ospos_'
#--------------------------------------------------------------------
# ENCRYPTION
#--------------------------------------------------------------------
encryption.key = ''
#--------------------------------------------------------------------
# LOGGER
# - 0 = Disables logging, Error logging TURNED OFF
# - 1 = Emergency Messages - System is unusable
# - 2 = Alert Messages - Action Must Be Taken Immediately
# - 3 = Critical Messages - Application component unavailable, unexpected exception.
# - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
# - 5 = Warnings - Exceptional occurrences that are not errors.
# - 6 = Notices - Normal but significant events.
# - 7 = Info - Interesting events, like user logging in, etc.
# - 8 = Debug - Detailed debug information.
# - 9 = All Messages
#--------------------------------------------------------------------
logger.threshold = 0
app.db_log_enabled = false
#--------------------------------------------------------------------
# HONEYPOT
#--------------------------------------------------------------------
honeypot.hidden = true
honeypot.label = 'Fill This Field'
honeypot.name = 'honeypot'
honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
honeypot.container = '<div style="display:none">{template}</div>'

67
.env → .env.example
View File

@@ -3,13 +3,35 @@
#--------------------------------------------------------------------
CI_ENVIRONMENT = production
CI_DEBUG = false
#--------------------------------------------------------------------
# APP
# SECURITY: ALLOWED HOSTNAMES
#--------------------------------------------------------------------
app.appTimezone = 'UTC'
# IMPORTANT: Whitelist of allowed hostnames to prevent Host Header
# Injection attacks (GHSA-jchf-7hr6-h4f3).
#
# If not configured, the application will default to 'localhost',
# which may break functionality in production.
#
# Configure this with all domains/subdomains that host your application:
# - Primary domain
# - WWW subdomain (if used)
# - Any alternative domains
#
# Examples:
# Single domain:
# app.allowedHostnames.0 = 'example.com'
#
# Multiple domains:
# app.allowedHostnames.0 = 'example.com'
# app.allowedHostnames.1 = 'www.example.com'
# app.allowedHostnames.2 = 'demo.opensourcepos.org'
#
# For localhost development:
# app.allowedHostnames.0 = 'localhost'
#
# Note: Do not include the protocol (http/https) or port number.
#app.allowedHostnames.0 = ''
#--------------------------------------------------------------------
# DATABASE
@@ -21,7 +43,6 @@ database.default.username = 'admin'
database.default.password = 'pointofsale'
database.default.DBDriver = 'MySQLi'
database.default.DBPrefix = 'ospos_'
database.default.port = 3306
database.development.hostname = 'localhost'
database.development.database = 'ospos'
@@ -29,7 +50,6 @@ database.development.username = 'admin'
database.development.password = 'pointofsale'
database.development.DBDriver = 'MySQLi'
database.development.DBPrefix = 'ospos_'
database.development.port = 3306
database.tests.hostname = 'localhost'
database.tests.database = 'ospos'
@@ -37,20 +57,6 @@ database.tests.username = 'admin'
database.tests.password = 'pointofsale'
database.tests.DBDriver = 'MySQLi'
database.tests.DBPrefix = 'ospos_'
database.tests.charset = utf8mb4
database.tests.DBCollat = utf8mb4_general_ci
database.tests.port = 3306
#--------------------------------------------------------------------
# EMAIL
#--------------------------------------------------------------------
email.SMTPHost = ''
email.SMTPUser = ''
email.SMTPPass = ''
email.SMTPPort =
email.SMTPTimeout = 5
email.SMTPCrypto = 'tls'
#--------------------------------------------------------------------
# ENCRYPTION
@@ -58,16 +64,6 @@ email.SMTPCrypto = 'tls'
encryption.key = ''
#--------------------------------------------------------------------
# HONEYPOT
#--------------------------------------------------------------------
honeypot.hidden = true
honeypot.label = 'Fill This Field'
honeypot.name = 'honeypot'
honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
honeypot.container = '<div style="display:none">{template}</div>'
#--------------------------------------------------------------------
# LOGGER
# - 0 = Disables logging, Error logging TURNED OFF
@@ -84,4 +80,13 @@ honeypot.container = '<div style="display:none">{template}</div>'
logger.threshold = 0
app.db_log_enabled = false
app.db_log_only_long = false
#--------------------------------------------------------------------
# HONEYPOT
#--------------------------------------------------------------------
honeypot.hidden = true
honeypot.label = 'Fill This Field'
honeypot.name = 'honeypot'
honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
honeypot.container = '<div style="display:none">{template}</div>'

4
.github/ISSUE_TEMPLATE/bug report.yml vendored
View File

@@ -42,10 +42,12 @@ body:
label: OpensourcePOS Version
description: What version of our software are you running?
options:
- development (unreleased)
- opensourcepos 3.4.1
- opensourcepos 3.4.0
- opensourcepos 3.3.9
- opensourcepos 3.3.8
- opensourcepos 3.3.7
- development (unreleased)
default: 0
validations:
required: true

61
.github/workflows/README.md vendored Normal file
View File

@@ -0,0 +1,61 @@
# GitHub Actions
This document describes the CI/CD workflows for OSPOS.
## Build and Release Workflow (`.github/workflows/build-release.yml`)
### Build Process
- Setup PHP 8.2 with required extensions
- Setup Node.js 20
- Install composer dependencies
- Install npm dependencies
- Build frontend assets with Gulp
### Docker Images
- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
- On master: tagged with version and `latest`
- On other branches: tagged with version only
- Pushed to Docker Hub
### Releases
- Create distribution archives (tar.gz, zip)
- Create/update GitHub "unstable" release on master branch only
## Required Secrets
To use this workflow, you need to add the following secrets to your repository:
1. **DOCKER_USERNAME** - Docker Hub username for pushing images
2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
### How to add secrets
1. Go to your repository on GitHub
2. Click **Settings****Secrets and variables****Actions**
3. Click **New repository secret**
4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
## Workflow Triggers
- **Push to master** - Runs build, Docker push (with `latest` tag), and release
- **Push to other branches** - Runs build and Docker push (version tag only)
- **Push tags** - Runs build and Docker push (version tag only)
- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
## Existing Workflows
This repository also has these workflows:
- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
- `.github/workflows/php-linter.yml` - PHP linting
## Testing
PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
To test the build workflow:
1. Add the required secrets
2. Push to master or create a PR
3. Monitor the Actions tab in GitHub

218
.github/workflows/build-release.yml vendored Normal file
View File

@@ -0,0 +1,218 @@
name: Build and Release
on:
push:
branches:
- master
tags:
- '*'
pull_request:
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
version-tag: ${{ steps.version.outputs.version-tag }}
short-sha: ${{ steps.version.outputs.short-sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
extensions: intl, mbstring, mysqli, gd, bcmath, zip
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v4
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install composer dependencies
run: composer install --no-dev --optimize-autoloader
- name: Install npm dependencies
run: npm ci
- name: Install gulp globally
run: npm install -g gulp-cli
- name: Get version info
id: version
run: |
VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///')
TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '-')
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
env:
GITHUB_TAG: ${{ github.ref_name }}
- name: Create .env file
run: |
cp .env.example .env
sed -i 's/production/development/g' .env
- name: Update commit hash
run: |
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
- name: Build frontend assets
run: npm run build
- name: Create distribution archives
run: |
set -euo pipefail
gulp compress
VERSION="${{ steps.version.outputs.version }}"
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist-${{ steps.version.outputs.short-sha }}
path: dist/
retention-days: 7
- name: Upload build context for Docker
uses: actions/upload-artifact@v4
with:
name: build-context-${{ steps.version.outputs.short-sha }}
path: |
.
!.git
!node_modules
retention-days: 1
docker:
name: Build Docker Image
runs-on: ubuntu-22.04
needs: build
if: github.event_name == 'push'
steps:
- name: Download build context
uses: actions/download-artifact@v4
with:
name: build-context-${{ needs.build.outputs.short-sha }}
path: .
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine Docker tags
id: tags
run: |
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '-')
if [ "$BRANCH" = "master" ]; then
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:latest" >> $GITHUB_OUTPUT
else
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
fi
env:
GITHUB_REF: ${{ github.ref }}
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
target: ospos
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.tags.outputs.tags }}
release:
name: Create Release
needs: build
runs-on: ubuntu-22.04
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist-${{ needs.build.outputs.short-sha }}
path: dist/
- name: Get version info
id: version
run: |
VERSION="${{ needs.build.outputs.version }}"
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
- name: Create/Update unstable release
uses: softprops/action-gh-release@v2
with:
tag_name: unstable
name: Unstable OpenSourcePOS
body: |
This is a build of the latest master which might contain bugs. Use at your own risk.
Check the releases section for the latest official release.
files: |
dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
prerelease: true
draft: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

71
.github/workflows/codeql-analysis.yml vendored
View File

@@ -1,71 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '21 12 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

0
.github/workflows/test-coding-standards.yml → .github/workflows/main.yml vendored
View File

33
.github/workflows/opencode.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: opencode
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
opencode:
if: |
contains(github.event.comment.body, ' /oc') ||
startsWith(github.event.comment.body, '/oc') ||
contains(github.event.comment.body, ' /opencode') ||
startsWith(github.event.comment.body, '/opencode')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
issues: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Run opencode
uses: anomalyco/opencode/github@latest
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
with:
model: anthropic/claude-3-haiku-20240307

122
.github/workflows/phpunit.yml vendored Normal file
View File

@@ -0,0 +1,122 @@
name: PHPUnit Tests
on:
push:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
pull_request:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
name: PHP ${{ matrix.php-version }} Tests
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
php-version:
- '8.1'
- '8.2'
- '8.3'
- '8.4'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-version }}
extensions: intl, mbstring, mysqli
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install npm dependencies
run: npm install
- name: Start MariaDB
run: |
docker run -d --name mysql \
-e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_DATABASE=ospos \
-e MYSQL_USER=admin \
-e MYSQL_PASSWORD=pointofsale \
-p 3306:3306 \
mariadb:10.5
# Wait for MariaDB to be ready
until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
echo "Waiting for MariaDB..."
sleep 2
done
echo "MariaDB is ready!"
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache dependencies
uses: actions/cache@v3
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-${{ matrix.php-version }}-
${{ runner.os }}-
- name: Install dependencies
run: composer update --ansi --no-interaction
- name: Create .env file
run: cp .env.example .env
- name: Run PHPUnit tests
env:
CI_ENVIRONMENT: testing
MYSQL_HOST_NAME: 127.0.0.1
run: composer test -- --log-junit test-results/junit.xml
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results-php-${{ matrix.php-version }}
path: test-results/
retention-days: 30
- name: Stop MariaDB
if: always()
run: docker stop mysql && docker rm mysql

72
.github/workflows/update-issue-templates.yml vendored Normal file
View File

@@ -0,0 +1,72 @@
name: Update Issue Templates
on:
release:
types: [published]
workflow_dispatch:
schedule:
- cron: '0 0 * * 0'
jobs:
update-templates:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Fetch releases and update templates
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Fetch releases from GitHub API
RELEASES=$(gh api repos/${{ github.repository }}/releases --jq '.[].tag_name' | head -n 10)
# Create temporary file with options
OPTIONS_FILE=$(mktemp)
echo " - development (unreleased)" >> "$OPTIONS_FILE"
while IFS= read -r release; do
echo " - opensourcepos $release" >> "$OPTIONS_FILE"
done <<< "$RELEASES"
update_template() {
local template="$1"
local template_path=".github/ISSUE_TEMPLATE/$template"
# Find the line numbers for the OpensourcePOS Version dropdown
start_line=$(grep -n "label: OpensourcePOS Version" "$template_path" | cut -d: -f1)
if [ -z "$start_line" ]; then
echo "Could not find OpensourcePOS Version in $template"
return 1
fi
# Find the options section and default line
options_start=$((start_line + 3))
default_line=$(grep -n "default:" "$template_path" | awk -F: -v opts="$options_start" '$1 > opts {print $1; exit}')
# Create new template file
head -n $((options_start - 1)) "$template_path" > "${template_path}.new"
cat "$OPTIONS_FILE" >> "${template_path}.new"
tail -n +$default_line "$template_path" >> "${template_path}.new"
mv "${template_path}.new" "$template_path"
echo "Updated $template"
}
update_template "bug report.yml"
update_template "feature_request.yml"
- name: Commit and push changes
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .github/ISSUE_TEMPLATE/*.yml
if git diff --staged --quiet; then
echo "No changes to commit"
else
git commit -m "Update issue templates with latest releases [skip ci]"
git push
fi

1
.gitignore vendored
View File

@@ -8,6 +8,7 @@ public/license/*
!public/license/.gitkeep
app/Config/email.php
npm-debug.log*
.vscode
# Docker
!docker/.env

54
.travis.yml
View File

@@ -1,54 +0,0 @@
sudo: required
branches:
except:
- unstable
- weblate
services:
- docker
dist: jammy
language: node_js
node_js:
- 20
script:
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
- version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
- sed -i 's/production/development/g' .env
- sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
- echo "$version-$branch-$rev"
- npm version "$version-$branch-$rev" --force || true
- sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
- npm ci && npm install -g gulp && npm run build
- docker build . --target ospos -t ospos
- docker build . --target ospos_test -t ospos_test
- docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
- docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
env:
global:
- BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
- TAG=${TRAVIS_TAG:-$BRANCH}
- date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
after_success:
- docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
"jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
- gulp compress
- mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
- mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
deploy:
- provider: releases
edge: true
file: dist/opensourcepos.$version.$rev.zip
name: "Unstable OpensourcePos"
overwrite: true
release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
prerelease: true
tag_name: unstable
user: jekkos
api_key:
secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
on:
branch: master

40
AGENTS.md Normal file
View File

@@ -0,0 +1,40 @@
# Agent Instructions
This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
## Code Style
- Follow PHP CodeIgniter 4 coding standards
- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
- Write PHP 8.1+ compatible code with proper type declarations
- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
## Development
- Create a new git worktree for each issue, based on the latest state of `origin/master`
- Commit fixes to the worktree and push to the remote
## Testing
- Run PHPUnit tests: `composer test`
- Tests must pass before submitting changes
## Build
- Install dependencies: `composer install && npm install`
- Build assets: `npm run build` or `gulp`
## Conventions
- Controllers go in `app/Controllers/`
- Models go in `app/Models/`
- Views go in `app/Views/`
- Database migrations in `app/Database/Migrations/`
- Use CodeIgniter 4 framework patterns and helpers
- Sanitize user input; escape output using `esc()` helper
## Security
- Never commit secrets, credentials, or `.env` files
- Use parameterized queries to prevent SQL injection
- Validate and sanitize all user input

1
CHANGELOG.md
View File

@@ -1,4 +1,5 @@
[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...HEAD
[3.4.2]: https://github.com/opensourcepos/opensourcepos/compare/3.4.1...3.4.2
[3.4.1]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...3.4.1
[3.4.0]: https://github.com/opensourcepos/opensourcepos/compare/3.3.9...3.4.0
[3.3.9]: https://github.com/opensourcepos/opensourcepos/compare/3.3.8...3.3.9

32
Dockerfile
View File

@@ -1,28 +1,22 @@
FROM php:8.2-apache AS ospos
LABEL maintainer="jekkos"
RUN apt update && apt-get install -y libicu-dev libgd-dev
RUN a2enmod rewrite
RUN docker-php-ext-install mysqli bcmath intl gd
RUN apt-get update && apt-get install -y --no-install-recommends \
libicu-dev \
libgd-dev \
&& docker-php-ext-install mysqli bcmath intl gd \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& a2enmod rewrite
RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
WORKDIR /app
COPY . /app
RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
FROM ospos AS ospos_test
COPY --from=composer /usr/bin/composer /usr/bin/composer
RUN apt-get install -y libzip-dev wget git
RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
RUN docker-php-ext-install zip
RUN composer install -d/app
#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
WORKDIR /app/tests
CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
COPY --chown=www-data:www-data . /app
RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
&& ln -s /app/*[^public] /var/www \
&& rm -rf /var/www/html \
&& ln -nsf /app/public /var/www/html
FROM ospos AS ospos_dev

3
Dockerfile.test Normal file
View File

@@ -0,0 +1,3 @@
FROM php:8.4-cli
RUN apt-get update && apt-get install -y libicu-dev && docker-php-ext-install intl
WORKDIR /app

43
INSTALL.md
View File

@@ -6,22 +6,53 @@
- Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
- For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
## Security Configuration
### Allowed Hostnames (Required for Production)
OpenSourcePOS validates the Host header against a whitelist to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You must configure this for production deployments.**
Add the following to your `.env` file:
```
app.allowedHostnames.0 = 'yourdomain.com'
app.allowedHostnames.1 = 'www.yourdomain.com'
```
**For local development**, use:
```
app.allowedHostnames.0 = 'localhost'
```
If `allowedHostnames` is not configured:
1. A security warning will be logged
2. The application will fall back to 'localhost' as the hostname
3. This means URLs generated by the application (links, redirects, etc.) will point to 'localhost'
### HTTPS Behind Proxy
If your installation is behind a proxy with SSL offloading, set:
```
FORCE_HTTPS = true
```
## Local install
First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
2. Create/locate a new MySQL database to install Open Source Point of Sale into.
3. Execute the file `app/Database/database.sql` to create the tables needed.
4. Unzip and upload Open Source Point of Sale files to the web-server.
5. Open `.env` file and modify credentials to connect to your database if needed.
3. Unzip and upload Open Source Point of Sale files to the web-server.
4. If `.env` does not exist, copy `.env.example` to `.env`.
5. Open `.env` and modify credentials to connect to your database if needed.
6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
7. Go to your install `public` dir via the browser.
8. Log in using
- Username: admin
- Password: pointofsale
9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
9. Enjoy!
10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
10. Enjoy!
11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
## Local install using Docker

8
README.md
View File

@@ -8,7 +8,7 @@
</p>
<p align="center">
<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
<a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
<a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
<a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o
## 🙏 Credits
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
| --- | --- | --- |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |

36
SECURITY.md
View File

@@ -1,9 +1,9 @@
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Security Policy](#security-policy)
- [Supported Versions](#supported-versions)
- [Security Advisories](#security-advisories)
- [Reporting a Vulnerability](#reporting-a-vulnerability)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,13 +12,35 @@
## Supported Versions
We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
We release patches for security vulnerabilities.
| CVSS v3.0 | Supported Versions |
| --------- | -------------------------------------------------- |
| 7.3 | 3.3.5 |
| 9.8 | 3.3.6 |
| Version | Supported |
| --------- | ------------------ |
| >= 3.4.2 | :white_check_mark: |
| < 3.4.2 | :x: |
## Security Advisories
The following security vulnerabilities have been published:
### High Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
### Medium Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).
## Reporting a Vulnerability
Please report (suspected) security vulnerabilities to **[jekkos@opensourcepos.org](mailto:jekkos@opensourcepos.org)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**.
You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

79
app/Config/App.php
View File

@@ -3,31 +3,42 @@
namespace Config;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Session\Handlers\DatabaseHandler;
class App extends BaseConfig
{
/**
* This is the code version of the Open Source Point of Sale you're running.
*
* @var string
*/
public string $application_version = '3.4.1';
public string $application_version = '3.4.2';
/**
* This is the commit hash for the version you are currently using.
*
* @var string
*/
public string $commit_sha1 = 'dev';
/**
* Logs are stored in writable/logs
*
* @var bool
*/
public bool $db_log_enabled = false;
/**
* DB Query Log only long-running queries
*
* @var bool
*/
public bool $db_log_only_long = false;
/**
* Defines whether to require/reroute to HTTPS
*
* @var bool
*/
public bool $https_on; // Set in the constructor
@@ -44,13 +55,21 @@ class App extends BaseConfig
public string $baseURL; // Defined in the constructor
/**
* Allowed Hostnames in the Site URL other than the hostname in the baseURL.
* If you want to accept multiple Hostnames, set this.
*
* E.g.,
* When your site URL ($baseURL) is 'http://example.com/', and your site
* also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
* ['media.example.com', 'accounts.example.com']
* Allowed Hostnames for the Site URL.
*
* Security: This is used to validate the HTTP Host header to prevent
* Host Header Injection attacks. If the Host header doesn't match
* an entry in this list, the request will use the first allowed hostname.
*
* IMPORTANT: This MUST be configured for production deployments.
* If empty, the application will fall back to 'localhost'.
*
* Configure via .env file:
* app.allowedHostnames.0 = 'example.com'
* app.allowedHostnames.1 = 'www.example.com'
*
* For local development:
* app.allowedHostnames.0 = 'localhost'
*
* @var list<string>
*/
@@ -106,7 +125,7 @@ class App extends BaseConfig
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
public string $permittedURIChars = 'a-z 0-9~%.:_\-';
public string $permittedURIChars = 'a-z 0-9~%.:_\-=';
/**
* --------------------------------------------------------------------------
@@ -272,9 +291,45 @@ class App extends BaseConfig
public function __construct()
{
parent::__construct();
$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] === 'true');
$this->baseURL = $this->https_on ? 'https' : 'http';
$this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
$host = $this->getValidHost();
$this->baseURL = $this->https_on ? 'https' : 'http';
$this->baseURL .= '://' . $host . '/';
$this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
/**
* Validates and returns a trusted hostname.
*
* Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
* by validating the HTTP_HOST against a whitelist of allowed hostnames.
*
* @return string A validated hostname
*/
private function getValidHost(): string
{
$httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
if (empty($this->allowedHostnames)) {
log_message('warning',
'Security: allowedHostnames is not configured. ' .
'Host header injection protection is disabled. ' .
'Please set app.allowedHostnames in your .env file. ' .
'Received Host: ' . $httpHost
);
return 'localhost';
}
if (in_array($httpHost, $this->allowedHostnames, true)) {
return $httpHost;
}
log_message('warning',
'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
'Using fallback: ' . $this->allowedHostnames[0]
);
return $this->allowedHostnames[0];
}
}

6
app/Config/Autoload.php
View File

@@ -42,7 +42,7 @@ class Autoload extends AutoloadConfig
public $psr4 = [
APP_NAMESPACE => APPPATH,
'Config' => APPPATH . 'Config',
'dompdf' => APPPATH . 'ThirdParty/dompdf/src',
'dompdf' => APPPATH . 'ThirdParty/dompdf/src'
];
/**
@@ -169,7 +169,7 @@ class Autoload extends AutoloadConfig
'Token_lib' => '/App/Libraries/Token_lib.php',
// Miscellaneous
'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php',
'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php'
];
/**
@@ -205,6 +205,6 @@ class Autoload extends AutoloadConfig
'cookie',
'tabular',
'locale',
'security',
'security'
];
}

29
app/Config/Boot/testing.php
View File

@@ -1,38 +1,23 @@
<?php
/*
* The environment testing is reserved for PHPUnit testing. It has special
* conditions built into the framework at various places to assist with that.
* You cant use it for your development.
*/
/*
|--------------------------------------------------------------------------
| ERROR DISPLAY
| ERROR DISPLAY
|--------------------------------------------------------------------------
| In development, we want to show as many errors as possible to help
| make sure they don't make it to production. And save us hours of
| painful debugging.
*/
*/
error_reporting(E_ALL);
ini_set('display_errors', '1');
/*
|--------------------------------------------------------------------------
| DEBUG BACKTRACES
| DEBUG BACKTRACES
|--------------------------------------------------------------------------
| If true, this constant will tell the error screens to display debug
| backtraces along with the other error information. If you would
| prefer to not see this, set this value to false.
*/
*/
defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
/*
|--------------------------------------------------------------------------
| DEBUG MODE
| DEBUG MODE
|--------------------------------------------------------------------------
| Debug mode is an experimental flag that can allow changes throughout
| the system. It's not widely used currently, and may not survive
| release of the framework.
*/
defined('CI_DEBUG') || define('CI_DEBUG', true);
*/
defined('CI_DEBUG') || define('CI_DEBUG', true);

95
app/Config/Constants.php
View File

@@ -33,17 +33,17 @@ defined('COMPOSER_PATH') || define('COMPOSER_PATH', ROOTPATH . 'vendor/autoload.
| Provide simple ways to work with the myriad of PHP functions that
| require information to be in seconds.
*/
defined('SECOND') || define('SECOND', 1);
defined('MINUTE') || define('MINUTE', 60);
defined('HOUR') || define('HOUR', 3600);
defined('DAY') || define('DAY', 86400);
defined('WEEK') || define('WEEK', 604800);
defined('MONTH') || define('MONTH', 2_592_000);
defined('YEAR') || define('YEAR', 31_536_000);
defined('DECADE') || define('DECADE', 315_360_000);
defined('SECOND') || define('SECOND', 1);
defined('MINUTE') || define('MINUTE', 60);
defined('HOUR') || define('HOUR', 3600);
defined('DAY') || define('DAY', 86400);
defined('WEEK') || define('WEEK', 604800);
defined('MONTH') || define('MONTH', 2_592_000);
defined('YEAR') || define('YEAR', 31_536_000);
defined('DECADE') || define('DECADE', 315_360_000);
defined('DEFAULT_DATE') || define('DEFAULT_DATE', mktime(0, 0, 0, 1, 1, 2010));
defined('DEFAULT_DATETIME') || define('DEFAULT_DATETIME', mktime(0, 0, 0, 1, 1, 2010));
defined('NOW') || define('NOW', time());
defined('NOW') || define('NOW', time());
/*
| --------------------------------------------------------------------------
@@ -85,47 +85,47 @@ defined('EXIT__AUTO_MAX') || define('EXIT__AUTO_MAX', 125); // highest a
* Global Constants.
*/
const NEW_ENTRY = -1;
const ACTIVE = 0;
const DELETED = 1;
const ACTIVE = 0;
const DELETED = 1;
/**
* Attribute Related Constants.
*/
const GROUP = 'GROUP';
const DROPDOWN = 'DROPDOWN';
const DECIMAL = 'DECIMAL';
const DATE = 'DATE';
const TEXT = 'TEXT';
const CHECKBOX = 'CHECKBOX';
const NO_DEFINITION_ID = 0;
const GROUP = 'GROUP';
const DROPDOWN = 'DROPDOWN';
const DECIMAL = 'DECIMAL';
const DATE = 'DATE';
const TEXT = 'TEXT';
const CHECKBOX = 'CHECKBOX';
const NO_DEFINITION_ID = 0;
const CATEGORY_DEFINITION_ID = -1;
const DEFINITION_TYPES = [GROUP, DROPDOWN, DECIMAL, TEXT, DATE, CHECKBOX];
const DEFINITION_TYPES = [GROUP, DROPDOWN, DECIMAL, TEXT, DATE, CHECKBOX];
/**
* Item Related Constants.
*/
const HAS_STOCK = 0;
const HAS_STOCK = 0;
const HAS_NO_STOCK = 1;
const ITEM = 0;
const ITEM_KIT = 1;
const ITEM = 0;
const ITEM_KIT = 1;
const ITEM_AMOUNT_ENTRY = 2;
const ITEM_TEMP = 3;
const NEW_ITEM = -1;
const ITEM_TEMP = 3;
const NEW_ITEM = -1;
const PRINT_ALL = 0;
const PRINT_ALL = 0;
const PRINT_PRICED = 1;
const PRINT_KIT = 2;
const PRINT_KIT = 2;
const PRINT_YES = 0;
const PRINT_NO = 1;
const PRINT_NO = 1;
const PRICE_ALL = 0;
const PRICE_KIT = 1;
const PRICE_ALL = 0;
const PRICE_KIT = 1;
const PRICE_KIT_ITEMS = 2;
const PRICE_OPTION_ALL = 0;
const PRICE_OPTION_KIT = 1;
const PRICE_OPTION_ALL = 0;
const PRICE_OPTION_KIT = 1;
const PRICE_OPTION_KIT_STOCK = 2;
const NAME_SEPARATOR = ' | ';
@@ -135,37 +135,42 @@ const NAME_SEPARATOR = ' | ';
*/
const COMPLETED = 0;
const SUSPENDED = 1;
const CANCELED = 2;
const CANCELED = 2;
const SALE_TYPE_POS = 0;
const SALE_TYPE_INVOICE = 1;
const SALE_TYPE_POS = 0;
const SALE_TYPE_INVOICE = 1;
const SALE_TYPE_WORK_ORDER = 2;
const SALE_TYPE_QUOTE = 3;
const SALE_TYPE_RETURN = 4;
const SALE_TYPE_QUOTE = 3;
const SALE_TYPE_RETURN = 4;
const PERCENT = 0;
const FIXED = 1;
const FIXED = 1;
const PRICE_MODE_STANDARD = 0;
const PRICE_MODE_KIT = 1;
const PRICE_MODE_KIT = 1;
const PAYMENT_TYPE_UNASSIGNED = '--';
const CASH_ADJUSTMENT_TRUE = 1;
const CASH_ADJUSTMENT_TRUE = 1;
const CASH_ADJUSTMENT_FALSE = 0;
const CASH_MODE_TRUE = 1;
const CASH_MODE_FALSE = 0;
const CASH_MODE_TRUE = 1;
const CASH_MODE_FALSE = 0;
/**
* Supplier Related Constants
*/
const GOODS_SUPPLIER = 0;
const COST_SUPPLIER = 1;
const COST_SUPPLIER = 1;
/**
* Locale Related Constants
*/
const MAX_PRECISION = 1e14;
const DEFAULT_PRECISION = 2;
const DEFAULT_LANGUAGE = 'english';
const MAX_PRECISION = 1e14;
const DEFAULT_PRECISION = 2;
const DEFAULT_LANGUAGE = 'english';
const DEFAULT_LANGUAGE_CODE = 'en';
/**
* Admin modules - list of modules required for admin privileges
*/
const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

2
app/Config/ContentSecurityPolicy.php
View File

@@ -61,7 +61,7 @@ class ContentSecurityPolicy extends BaseConfig
'self',
'unsafe-inline',
'unsafe-eval',
'www.google.com www.gstatic.com',
'www.google.com www.gstatic.com'
];
/**

127
app/Config/Database.php
View File

@@ -25,24 +25,24 @@ class Database extends Config
* @var array<string, mixed>
*/
public array $default = [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'dateFormat' => [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'dateFormat' => [
'date' => 'Y-m-d',
'datetime' => 'Y-m-d H:i:s',
'time' => 'H:i:s',
@@ -55,26 +55,26 @@ class Database extends Config
* @var array<string, mixed>
*/
public array $tests = [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'foreignKeys' => true,
'busyTimeout' => 1000,
'dateFormat' => [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'foreignKeys' => true,
'busyTimeout' => 1000,
'dateFormat' => [
'date' => 'Y-m-d',
'datetime' => 'Y-m-d H:i:s',
'time' => 'H:i:s',
@@ -87,26 +87,26 @@ class Database extends Config
* @var array
*/
public $development = [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'foreignKeys' => true,
'busyTimeout' => 1000,
'dateFormat' => [
'DSN' => '',
'hostname' => 'localhost',
'username' => 'admin',
'password' => 'pointofsale',
'database' => 'ospos',
'DBDriver' => 'MySQLi',
'DBPrefix' => 'ospos_',
'pConnect' => false,
'DBDebug' => (ENVIRONMENT !== 'production'),
'charset' => 'utf8mb4',
'DBCollat' => 'utf8mb4_general_ci',
'swapPre' => '',
'encrypt' => false,
'compress' => false,
'strictOn' => false,
'failover' => [],
'port' => 3306,
'foreignKeys' => true,
'busyTimeout' => 1000,
'dateFormat' => [
'date' => 'Y-m-d',
'datetime' => 'Y-m-d H:i:s',
'time' => 'H:i:s',
@@ -124,17 +124,16 @@ class Database extends Config
case 'testing':
$this->defaultGroup = 'tests';
break;
case 'development':
case 'development';
$this->defaultGroup = 'development';
break;
}
foreach ([&$this->development, &$this->tests, &$this->default] as &$config) {
$config['hostname'] = ! getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
$config['username'] = ! getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
$config['password'] = ! getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
$config['database'] = ! getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
$config['hostname'] = !getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
$config['username'] = !getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
$config['password'] = !getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
$config['database'] = !getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
}
}
}

6
app/Config/Events.php
View File

@@ -2,12 +2,12 @@
namespace Config;
use App\Events\Db_log;
use App\Events\Load_config;
use App\Events\Method;
use CodeIgniter\Events\Events;
use CodeIgniter\Exceptions\FrameworkException;
use CodeIgniter\HotReloader\HotReloader;
use App\Events\Db_log;
use App\Events\Load_config;
use App\Events\Method;
/*
* --------------------------------------------------------------------

20
app/Config/Filters.php
View File

@@ -70,7 +70,7 @@ class Filters extends BaseFilters
public array $globals = [
'before' => [
'honeypot',
// 'csrf' => ['except' => 'login'], // TODO: Temporarily disable CSRF until we get everything sorted
'csrf' => ['except' => 'login'],
'invalidchars',
],
'after' => [
@@ -100,9 +100,25 @@ class Filters extends BaseFilters
* before or after URI patterns.
*
* Example:
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
* isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
*
* @var array<string, array<string, list<string>>>
*/
public array $filters = [];
/**
* Constructor to conditionally disable CSRF filter in testing environment
*/
public function __construct()
{
// Check for testing environment via env variable or constant
$isTesting = ($_ENV['CI_ENVIRONMENT'] ?? $_SERVER['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT')) === 'testing'
|| (defined('ENVIRONMENT') && ENVIRONMENT === 'testing');
// Remove CSRF filter from globals in testing environment
if ($isTesting) {
// Remove the 'csrf' key from $globals['before'] while preserving array structure
$this->globals['before'] = array_filter($this->globals['before'], static fn($key) => $key !== 'csrf', ARRAY_FILTER_USE_KEY);
}
}
}

7
app/Config/OSPOS.php
View File

@@ -24,6 +24,9 @@ class OSPOS extends BaseConfig
$this->set_settings();
}
/**
* @return void
*/
public function set_settings(): void
{
$cache = $this->cache->get('settings');
@@ -32,7 +35,6 @@ class OSPOS extends BaseConfig
$this->settings = decode_array($cache);
} else {
$appconfig = model(Appconfig::class);
foreach ($appconfig->get_all()->getResult() as $app_config) {
$this->settings[$app_config->key] = $app_config->value;
}
@@ -40,6 +42,9 @@ class OSPOS extends BaseConfig
}
}
/**
* @return void
*/
public function update_settings(): void
{
$this->cache->delete('settings');

2
app/Config/Pager.php
View File

@@ -56,6 +56,6 @@ class Pager extends BaseConfig
'first_tag_open' => '<li>',
'first_tagl_close' => '</li>',
'last_tag_open' => '<li>',
'last_tagl_close' => '</li>',
'last_tagl_close' => '</li>'
];
}

6
app/Config/Security.php
View File

@@ -13,9 +13,9 @@ class Security extends BaseConfig
*
* Protection Method for Cross Site Request Forgery protection.
*
* @var string 'cookie' or 'session'
* @var string|false 'cookie', 'session', or false
*/
public string $csrfProtection = 'cookie';
public string|false $csrfProtection = 'session';
/**
* --------------------------------------------------------------------------
@@ -71,7 +71,7 @@ class Security extends BaseConfig
*
* Regenerate CSRF Token on every submission.
*/
public bool $regenerate = true;
public bool $regenerate = false;
/**
* --------------------------------------------------------------------------

14
app/Config/Services.php
View File

@@ -2,11 +2,12 @@
namespace Config;
use CodeIgniter\Config\BaseService;
use CodeIgniter\HTTP\IncomingRequest;
use Config\Services as AppServices;
use Locale;
use HTMLPurifier;
use HTMLPurifier_Config;
use CodeIgniter\Config\BaseService;
use Config\Services as AppServices;
use CodeIgniter\HTTP\IncomingRequest;
/**
* Services Configuration file.
@@ -23,7 +24,6 @@ use HTMLPurifier_Config;
*/
class Services extends BaseService
{
private static $htmlPurifier;
/*
* public static function example($getShared = true)
* {
@@ -58,14 +58,16 @@ class Services extends BaseService
return new \App\Libraries\MY_Language($locale);
}
private static $htmlPurifier;
public static function htmlPurifier($getShared = true)
{
if ($getShared) {
return static::getSharedInstance('htmlPurifier');
}
if (! isset(static::$htmlPurifier)) {
$config = HTMLPurifier_Config::createDefault();
if (!isset(static::$htmlPurifier)) {
$config = HTMLPurifier_Config::createDefault();
static::$htmlPurifier = new HTMLPurifier($config);
}

2
app/Config/Validation.php
View File

@@ -2,12 +2,12 @@
namespace Config;
use App\Config\Validation\OSPOSRules;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Validation\StrictRules\CreditCardRules;
use CodeIgniter\Validation\StrictRules\FileRules;
use CodeIgniter\Validation\StrictRules\FormatRules;
use CodeIgniter\Validation\StrictRules\Rules;
use App\Config\Validation\OSPOSRules;
class Validation extends BaseConfig
{

44
app/Config/Validation/OSPOSRules.php
View File

@@ -19,30 +19,28 @@ class OSPOSRules
/**
* Validates the username and password sent to the login view. User is logged in on successful validation.
*
* @param string $username Username to check against.
* @param string $fields Comma separated string of the fields for validation.
* @param array $data Data sent to the view.
* @param string|null $error The error sent back to the validation handler on failure.
*
* @param string $username Username to check against.
* @param string $fields Comma separated string of the fields for validation.
* @param array $data Data sent to the view.
* @param string|null $error The error sent back to the validation handler on failure.
* @return bool True if validation passes or false if there are errors.
*
* @noinspection PhpUnused
*/
public function login_check(string $username, string $fields, array $data, ?string &$error = null): bool
{
$employee = model(Employee::class);
$employee = model(Employee::class);
$this->request = Services::request();
$this->config = config(OSPOS::class)->settings;
$this->config = config(OSPOS::class)->settings;
// Installation Check
if (! $this->installation_check()) {
if (!$this->installation_check()) {
$error = lang('Login.invalid_installation');
return false;
}
$password = $data['password'];
if (! $employee->login($username, $password)) {
if (!$employee->login($username, $password)) {
$error = lang('Login.invalid_username_and_password');
return false;
@@ -52,7 +50,7 @@ class OSPOSRules
if ($gcaptcha_enabled) {
$g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
if (! $this->gcaptcha_check($g_recaptcha_response)) {
if (!$this->gcaptcha_check($g_recaptcha_response)) {
$error = lang('Login.invalid_gcaptcha');
return false;
@@ -65,22 +63,21 @@ class OSPOSRules
/**
* Checks to see if GCaptcha verification was successful.
*
* @param mixed $response
*
* @param $response
* @return bool true on successful GCaptcha verification or false if GCaptcha failed.
*/
private function gcaptcha_check($response): bool
{
if (! empty($response)) {
if (!empty($response)) {
$check = [
'secret' => $this->config['gcaptcha_secret_key'],
'response' => $response,
'remoteip' => $this->request->getIPAddress(),
'remoteip' => $this->request->getIPAddress()
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -91,7 +88,7 @@ class OSPOSRules
$status = json_decode($result, true);
if (! empty($status['success'])) {
if (!empty($status['success'])) {
return true;
}
}
@@ -101,12 +98,14 @@ class OSPOSRules
/**
* Checks to make sure dependency PHP extensions are installed
*
* @return bool
*/
private function installation_check(): bool
{
$installed_extensions = implode(', ', get_loaded_extensions());
$required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
$pattern = '/';
$required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
$pattern = '/';
foreach ($required_extensions as $extension) {
$pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
@@ -115,9 +114,9 @@ class OSPOSRules
$pattern .= '/i';
$is_installed = preg_match($pattern, $installed_extensions);
if (! $is_installed) {
if (!$is_installed) {
log_message('error', '[ERROR] Check your php.ini.');
log_message('error', "PHP installed extensions: {$installed_extensions}");
log_message('error', "PHP installed extensions: $installed_extensions");
log_message('error', 'PHP required extensions: ' . implode(', ', $required_extensions));
}
@@ -127,6 +126,9 @@ class OSPOSRules
/**
* Validates the candidate as a decimal number. Takes the locale into account. Used in validation rule calls.
*
* @param string $candidate
* @param string|null $error
* @return bool
* @noinspection PhpUnused
*/
public function decimal_locale(string $candidate, ?string &$error = null): bool

158
app/Controllers/Attributes.php
View File

@@ -3,12 +3,14 @@
namespace App\Controllers;
use App\Models\Attribute;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
require_once 'Secure_Controller.php';
require_once('Secure_Controller.php');
/**
* Attributes controls the custom attributes assigned to items
*/
**/
class Attributes extends Secure_Controller
{
private Attribute $attribute;
@@ -22,18 +24,20 @@ class Attributes extends Secure_Controller
/**
* Gets and sends the main view for Attributes to the browser.
*/
public function getIndex(): void
*
* @return string
**/
public function getIndex(): string
{
$data['table_headers'] = get_attribute_definition_manage_table_headers();
echo view('attributes/manage', $data);
return view('attributes/manage', $data);
}
/**
* Returns attribute table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -45,53 +49,54 @@ class Attributes extends Secure_Controller
$total_rows = $this->attribute->get_found_rows($search);
$data_rows = [];
foreach ($attributes->getResult() as $attribute_row) {
$attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags);
$data_rows[] = get_attribute_definition_data_row($attribute_row);
$data_rows[] = get_attribute_definition_data_row($attribute_row);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* AJAX called function which saves the attribute value sent via POST by using the model save function.
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveAttributeValue(): void
public function postSaveAttributeValue(): ResponseInterface
{
$success = $this->attribute->saveAttributeValue(
html_entity_decode($this->request->getPost('attribute_value')),
$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
$this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
$this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
$this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false
);
echo json_encode(['success' => $success !== 0]);
return $this->response->setJSON(['success' => $success != 0]);
}
/**
* AJAX called function deleting an attribute value using the model delete function.
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postDeleteDropdownAttributeValue(): void
public function postDeleteDropdownAttributeValue(): ResponseInterface
{
$success = $this->attribute->deleteDropdownAttributeValue(
html_entity_decode($this->request->getPost('attribute_value')),
$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
);
echo json_encode(['success' => $success]);
return $this->response->setJSON(['success' => $success]);
}
/**
* AJAX called function which saves the attribute definition.
*
* @param int $definition_id
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): void
public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): ResponseInterface
{
$definition_flags = 0;
@@ -101,15 +106,27 @@ class Attributes extends Secure_Controller
$definition_flags |= $flag;
}
// Validate definition_group (definition_fk) foreign key
$definition_group_input = $this->request->getPost('definition_group');
$definition_fk = $this->validateDefinitionGroup($definition_group_input);
if ($definition_fk === false) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Attributes.definition_invalid_group'),
'id' => NEW_ENTRY
]);
}
// Save definition data
$definition_data = [
'definition_name' => $this->request->getPost('definition_name'),
'definition_unit' => $this->request->getPost('definition_unit') !== '' ? $this->request->getPost('definition_unit') : null,
'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
'definition_flags' => $definition_flags,
'definition_fk' => $this->request->getPost('definition_group') !== '' ? $this->request->getPost('definition_group') : null,
'definition_fk' => $definition_fk
];
if ($this->request->getPost('definition_type') !== null) {
if ($this->request->getPost('definition_type') != null) {
$definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')];
}
@@ -117,100 +134,139 @@ class Attributes extends Secure_Controller
if ($this->attribute->save_definition($definition_data, $definition_id)) {
// New definition
if ($definition_id === NO_DEFINITION_ID) {
if ($definition_id == NO_DEFINITION_ID) {
$definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values')));
foreach ($definition_values as $definition_value) {
$this->attribute->saveAttributeValue($definition_value, $definition_data['definition_id']);
}
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
'id' => $definition_data['definition_id'],
'id' => $definition_data['definition_id']
]);
} else { // Existing definition
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
'id' => $definition_id,
'id' => $definition_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
/**
* Validates a definition_group foreign key.
* Returns the validated integer ID, null if empty, or false if invalid.
*
* @param mixed $definition_group_input
* @return int|null|false
*/
private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
{
if ($definition_group_input === '' || $definition_group_input === null) {
return null;
}
$definition_group_id = (int) $definition_group_input;
// Must be a positive integer, exist in attribute_definitions, and be of type GROUP
if ($definition_group_id <= 0
|| !$this->attribute->exists($definition_group_id)
|| $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
) {
return false;
}
return $definition_group_id;
}
/**
*
* @param int $definition_id
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestAttribute(int $definition_id): void
public function getSuggestAttribute(int $definition_id): ResponseInterface
{
$suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
$attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
$attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
$data_row = get_attribute_definition_data_row($attribute_definition_info);
$data_row = get_attribute_definition_data_row($attribute_definition_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $definition_flags
* @return array
*/
private function get_attributes(int $definition_flags = 0): array
{
$definition_flag_names = [];
foreach (Attribute::get_definition_flags() as $id => $term) {
if ($id & $definition_flags) {
$definition_flag_names[$id] = lang('Attributes.' . strtolower($term) . '_visibility');
}
}
return $definition_flag_names;
}
public function getView(int $definition_id = NO_DEFINITION_ID): void
/**
* @param int $definition_id
* @return string
*/
public function getView(int $definition_id = NO_DEFINITION_ID): string
{
$info = $this->attribute->getAttributeInfo($definition_id);
foreach (get_object_vars($info) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['definition_id'] = $definition_id;
$data['definition_values'] = $this->attribute->get_definition_values($definition_id);
$data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
$data['definition_id'] = $definition_id;
$data['definition_values'] = $this->attribute->get_definition_values($definition_id);
$data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
$data['definition_group'][''] = lang('Common.none_selected_text');
$data['definition_info'] = $info;
$data['definition_info'] = $info;
$show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
$data['definition_flags'] = $this->get_attributes($show_all);
$selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
$show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
$data['definition_flags'] = $this->get_attributes($show_all);
$selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
$data['selected_definition_flags'] = $this->get_attributes($selected_flags);
echo view('attributes/form', $data);
return view('attributes/form', $data);
}
/**
* Deletes an attribute definition
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->attribute->deleteDefinitionList($attributes_to_delete)) {
if($this->attribute->deleteDefinitionList($attributes_to_delete)) {
$message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
echo json_encode(['success' => true, 'message' => $message]);
return $this->response->setJSON(['success' => true, 'message' => $message]);
} else {
echo json_encode(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
}
}
}

157
app/Controllers/Cashups.php
View File

@@ -5,7 +5,9 @@ namespace App\Controllers;
use App\Models\Cashup;
use App\Models\Expense;
use App\Models\Reports\Summary_payments;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
class Cashups extends Secure_Controller
{
@@ -18,58 +20,69 @@ class Cashups extends Secure_Controller
{
parent::__construct('cashups');
$this->cashup = model(Cashup::class);
$this->expense = model(Expense::class);
$this->cashup = model(Cashup::class);
$this->expense = model(Expense::class);
$this->summary_payments = model(Summary_payments::class);
$this->config = config(OSPOS::class)->settings;
$this->config = config(OSPOS::class)->settings;
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_cashups_manage_table_headers();
// filters that will be loaded in the multiselect dropdown
$data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
echo view('cashups/manage', $data);
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('cashups/manage', $data);
}
public function getSearch(): void
/**
* @return void
*/
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$filters = [
'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS), // TODO: Is this the best way to filter dates
'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'is_deleted' => false,
'is_deleted' => false
];
// Check if any filter is set in the multiselect dropdown
$request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
$filters = array_merge($filters, $request_filters);
$cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
$total_rows = $this->cashup->get_found_rows($search, $filters);
$data_rows = [];
$filters = array_merge($filters, $request_filters);
$cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
$total_rows = $this->cashup->get_found_rows($search, $filters);
$data_rows = [];
foreach ($cash_ups->getResult() as $cash_up) {
$data_rows[] = get_cash_up_data_row($cash_up);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function getView(int $cashup_id = NEW_ENTRY): void
/**
* @param int $cashup_id
* @return string
*/
public function getView(int $cashup_id = NEW_ENTRY): string
{
$data = [];
$data['employees'] = [];
foreach ($this->employee->get_all()->getResult() as $employee) {
foreach (get_object_vars($employee) as $property => $value) {
$employee->{$property} = $value;
$employee->$property = $value;
}
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
@@ -78,22 +91,22 @@ class Cashups extends Secure_Controller
$cash_ups_info = $this->cashup->get_info($cashup_id);
foreach (get_object_vars($cash_ups_info) as $property => $value) {
$cash_ups_info->{$property} = $value;
$cash_ups_info->$property = $value;
}
// Open cashup
if ($cash_ups_info->cashup_id === NEW_ENTRY) {
$cash_ups_info->open_date = date('Y-m-d H:i:s');
$cash_ups_info->close_date = $cash_ups_info->open_date;
$cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
if ($cash_ups_info->cashup_id == NEW_ENTRY) {
$cash_ups_info->open_date = date('Y-m-d H:i:s');
$cash_ups_info->close_date = $cash_ups_info->open_date;
$cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$cash_ups_info->close_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
}
// If all the amounts are null or 0 that means it's a close cashup
elseif (
(float) ($cash_ups_info->closed_amount_cash) === 0
&& (float) ($cash_ups_info->closed_amount_due) === 0
&& (float) ($cash_ups_info->closed_amount_card) === 0
&& (float) ($cash_ups_info->closed_amount_check) === 0
floatval($cash_ups_info->closed_amount_cash) == 0
&& floatval($cash_ups_info->closed_amount_due) == 0
&& floatval($cash_ups_info->closed_amount_card) == 0
&& floatval($cash_ups_info->closed_amount_check) == 0
) {
// Set the close date and time to the actual as this is a close session
$cash_ups_info->close_date = date('Y-m-d H:i:s');
@@ -103,12 +116,12 @@ class Cashups extends Secure_Controller
// If it's date mode only and not date & time truncate the open and end date to date only
if (empty($this->config['date_or_time_format'])) {
if ($cash_ups_info->open_date !== null) {
if ($cash_ups_info->open_date != null) {
$start_date = substr($cash_ups_info->open_date, 0, 10);
} else {
$start_date = null;
}
if ($cash_ups_info->close_date !== null) {
if ($cash_ups_info->close_date != null) {
$end_date = substr($cash_ups_info->close_date, 0, 10);
} else {
$end_date = null;
@@ -118,7 +131,7 @@ class Cashups extends Secure_Controller
'start_date' => $start_date,
'end_date' => $end_date,
'sale_type' => 'complete',
'location_id' => 'all',
'location_id' => 'all'
];
} else {
// Search for all the payments given the time range
@@ -126,7 +139,7 @@ class Cashups extends Secure_Controller
'start_date' => $cash_ups_info->open_date,
'end_date' => $cash_ups_info->close_date,
'sale_type' => 'complete',
'location_id' => 'all',
'location_id' => 'all'
];
}
@@ -134,17 +147,17 @@ class Cashups extends Secure_Controller
$reports_data = $this->summary_payments->getData($inputs);
foreach ($reports_data as $row) {
if ($row['trans_group'] === lang('Reports.trans_payments')) {
if ($row['trans_type'] === lang('Sales.cash')) {
if ($row['trans_group'] == lang('Reports.trans_payments')) {
if ($row['trans_type'] == lang('Sales.cash')) {
$cash_ups_info->closed_amount_cash += $row['trans_amount'];
} elseif ($row['trans_type'] === lang('Sales.due')) {
} elseif ($row['trans_type'] == lang('Sales.due')) {
$cash_ups_info->closed_amount_due += $row['trans_amount'];
} elseif (
$row['trans_type'] === lang('Sales.debit')
|| $row['trans_type'] === lang('Sales.credit')
$row['trans_type'] == lang('Sales.debit') ||
$row['trans_type'] == lang('Sales.credit')
) {
$cash_ups_info->closed_amount_card += $row['trans_amount'];
} elseif ($row['trans_type'] === lang('Sales.check')) {
} elseif ($row['trans_type'] == lang('Sales.check')) {
$cash_ups_info->closed_amount_check += $row['trans_amount'];
}
}
@@ -157,7 +170,7 @@ class Cashups extends Secure_Controller
'only_check' => false,
'only_credit' => false,
'only_debit' => false,
'is_deleted' => false,
'is_deleted' => false
];
$payments = $this->expense->get_payments_summary('', array_merge($inputs, $filters));
@@ -171,23 +184,31 @@ class Cashups extends Secure_Controller
$data['cash_ups_info'] = $cash_ups_info;
echo view('cashups/form', $data);
return view("cashups/form", $data);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$cash_ups_info = $this->cashup->get_info($row_id);
$data_row = get_cash_up_data_row($cash_ups_info);
$data_row = get_cash_up_data_row($cash_ups_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function postSave(int $cashup_id = NEW_ENTRY): void
/**
* @param int $cashup_id
* @return ResponseInterface
*/
public function postSave(int $cashup_id = NEW_ENTRY): ResponseInterface
{
$open_date = $this->request->getPost('open_date');
$open_date = $this->request->getPost('open_date');
$open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
$close_date = $this->request->getPost('close_date');
$close_date = $this->request->getPost('close_date');
$close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date);
$cash_up_data = [
@@ -200,62 +221,64 @@ class Cashups extends Secure_Controller
'closed_amount_card' => parse_decimals($this->request->getPost('closed_amount_card')),
'closed_amount_check' => parse_decimals($this->request->getPost('closed_amount_check')),
'closed_amount_total' => parse_decimals($this->request->getPost('closed_amount_total')),
'note' => $this->request->getPost('note') !== null,
'note' => $this->request->getPost('note') != null,
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'open_employee_id' => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
'close_employee_id' => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
'deleted' => $this->request->getPost('deleted') !== null,
'deleted' => $this->request->getPost('deleted') != null
];
if ($this->cashup->save_value($cash_up_data, $cashup_id)) {
// New cashup_id
if ($cashup_id === NEW_ENTRY) {
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
if ($cashup_id == NEW_ENTRY) {
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
} else { // Existing Cashup
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
}
} else { // Failure
echo json_encode(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->cashup->delete_list($cash_ups_to_delete)) {
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
} else {
echo json_encode(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
}
}
/**
* Calculate the total for cashups. Used in app\Views\cashups\form.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postAjax_cashup_total(): void
public function postAjax_cashup_total(): ResponseInterface
{
$open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
$open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
$transfer_amount_cash = parse_decimals($this->request->getPost('transfer_amount_cash'));
$closed_amount_cash = parse_decimals($this->request->getPost('closed_amount_cash'));
$closed_amount_due = parse_decimals($this->request->getPost('closed_amount_due'));
$closed_amount_card = parse_decimals($this->request->getPost('closed_amount_card'));
$closed_amount_check = parse_decimals($this->request->getPost('closed_amount_check'));
$closed_amount_cash = parse_decimals($this->request->getPost('closed_amount_cash'));
$closed_amount_due = parse_decimals($this->request->getPost('closed_amount_due'));
$closed_amount_card = parse_decimals($this->request->getPost('closed_amount_card'));
$closed_amount_check = parse_decimals($this->request->getPost('closed_amount_check'));
$total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check); // TODO: hungarian notation
echo json_encode(['total' => to_currency_no_money($total)]);
return $this->response->setJSON(['total' => to_currency_no_money($total)]);
}
/**
* Calculate total
*
* @param mixed $closed_amount_check
*/
private function _calculate_total(float $open_amount_cash, float $transfer_amount_cash, float $closed_amount_due, float $closed_amount_cash, float $closed_amount_card, $closed_amount_check): float // TODO: need to get rid of hungarian notation here. Also, the signature is pretty long. Perhaps they need to go into an object or array?
{
return $closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check;
return ($closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check);
}
}

454
app/Controllers/Config.php
View File

File diff suppressed because it is too large Load Diff

248
app/Controllers/Customers.php
View File

@@ -3,10 +3,12 @@
namespace App\Controllers;
use App\Libraries\Mailchimp_lib;
use App\Models\Customer;
use App\Models\Customer_rewards;
use App\Models\Tax_code;
use CodeIgniter\HTTP\DownloadResponse;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
use stdClass;
@@ -23,32 +25,36 @@ class Customers extends Persons
public function __construct()
{
parent::__construct('customers');
$this->mailchimp_lib = new Mailchimp_lib();
$this->mailchimp_lib = new Mailchimp_lib();
$this->customer_rewards = model(Customer_rewards::class);
$this->customer = model(Customer::class);
$this->tax_code = model(Tax_code::class);
$this->config = config(OSPOS::class)->settings;
$this->customer = model(Customer::class);
$this->tax_code = model(Tax_code::class);
$this->config = config(OSPOS::class)->settings;
$encrypter = Services::encrypter();
if (! empty($this->config['mailchimp_list_id'])) {
if (!empty($this->config['mailchimp_list_id'])) {
$this->_list_id = $encrypter->decrypt($this->config['mailchimp_list_id']);
} else {
$this->_list_id = '';
}
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_customer_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gets one row for a customer manage table. This is called using AJAX to update one row.
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$person = $this->customer->get_info($row_id);
@@ -57,32 +63,35 @@ class Customers extends Persons
if (empty($stats)) {
// Create object with empty properties.
$stats = new stdClass();
$stats->total = 0;
$stats->min = 0;
$stats->max = 0;
$stats->average = 0;
$stats = new stdClass();
$stats->total = 0;
$stats->min = 0;
$stats->max = 0;
$stats->average = 0;
$stats->avg_discount = 0;
$stats->quantity = 0;
$stats->quantity = 0;
}
$data_row = get_customer_data_row($person, $stats);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* Returns customer table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(customer_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$sort = $this->sanitizeSortColumn(customer_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$customers = $this->customer->search($search, $limit, $offset, $sort, $order);
$customers = $this->customer->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->customer->get_found_rows($search);
$data_rows = [];
@@ -92,94 +101,95 @@ class Customers extends Persons
$stats = $this->customer->get_stats($person->person_id); // TODO: duplicated... see above
if (empty($stats)) {
// Create object with empty properties.
$stats = new stdClass();
$stats->total = 0;
$stats->min = 0;
$stats->max = 0;
$stats->average = 0;
$stats = new stdClass();
$stats->total = 0;
$stats->min = 0;
$stats->max = 0;
$stats->average = 0;
$stats->avg_discount = 0;
$stats->quantity = 0;
$stats->quantity = 0;
}
$data_rows[] = get_customer_data_row($person, $stats);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->customer->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function suggest_search(): void
/**
* @return ResponseInterface
*/
public function suggest_search(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->customer->get_search_suggestions($search, 25, false);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the customer edit form
* @return string
*/
public function getView(int $customer_id = NEW_ENTRY): void
public function getView(int $customer_id = NEW_ENTRY): string
{
// Set default values
if ($customer_id === null) {
$customer_id = NEW_ENTRY;
}
if ($customer_id == null) $customer_id = NEW_ENTRY;
$info = $this->customer->get_info($customer_id);
foreach (get_object_vars($info) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['person_info'] = $info;
if (empty($info->person_id) || empty($info->date) || empty($info->employee_id)) {
$data['person_info']->date = date('Y-m-d H:i:s');
$data['person_info']->date = date('Y-m-d H:i:s');
$data['person_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
}
$employee_info = $this->employee->get_info($info->employee_id);
$employee_info = $this->employee->get_info($info->employee_id);
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
$tax_code_info = $this->tax_code->get_info($info->sales_tax_code_id);
if ($tax_code_info->tax_code !== null) {
if ($tax_code_info->tax_code != null) {
$data['sales_tax_code_label'] = $tax_code_info->tax_code . ' ' . $tax_code_info->tax_code_name;
} else {
$data['sales_tax_code_label'] = '';
}
$packages = ['' => lang('Items.none')];
foreach ($this->customer_rewards->get_all()->getResultArray() as $row) {
$packages[$row['package_id']] = $row['package_name'];
}
$data['packages'] = $packages;
$data['packages'] = $packages;
$data['selected_package'] = $info->package_id;
$data['use_destination_based_tax'] = $this->config['use_destination_based_tax'];
// Retrieve the total amount the customer spent so far together with min, max and average values
$stats = $this->customer->get_stats($customer_id);
if (! empty($stats)) {
if (!empty($stats)) {
foreach (get_object_vars($stats) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['stats'] = $stats;
}
// Retrieve the info from Mailchimp only if there is an email address assigned
if (! empty($info->email)) {
if (!empty($info->email)) {
// Collect Mailchimp customer info
if (($mailchimp_info = $this->mailchimp_lib->getMemberInfo($this->_list_id, $info->email)) !== false) {
$data['mailchimp_info'] = $mailchimp_info;
@@ -187,55 +197,56 @@ class Customers extends Persons
// Collect customer Mailchimp emails activities (stats)
if (($activities = $this->mailchimp_lib->getMemberActivity($this->_list_id, $info->email)) !== false) {
if (array_key_exists('activity', $activities)) {
$open = 0;
$unopen = 0;
$click = 0;
$total = 0;
$open = 0;
$unopen = 0;
$click = 0;
$total = 0;
$lastopen = '';
foreach ($activities['activity'] as $activity) {
if ($activity['action'] === 'sent') {
$unopen++;
} elseif ($activity['action'] === 'open') {
if ($activity['action'] == 'sent') {
++$unopen;
} elseif ($activity['action'] == 'open') {
if (empty($lastopen)) {
$lastopen = substr($activity['timestamp'], 0, 10);
}
$open++;
} elseif ($activity['action'] === 'click') {
++$open;
} elseif ($activity['action'] == 'click') {
if (empty($lastopen)) {
$lastopen = substr($activity['timestamp'], 0, 10);
}
$click++;
++$click;
}
$total++;
++$total;
}
$data['mailchimp_activity']['total'] = $total;
$data['mailchimp_activity']['open'] = $open;
$data['mailchimp_activity']['unopen'] = $unopen;
$data['mailchimp_activity']['click'] = $click;
$data['mailchimp_activity']['total'] = $total;
$data['mailchimp_activity']['open'] = $open;
$data['mailchimp_activity']['unopen'] = $unopen;
$data['mailchimp_activity']['click'] = $click;
$data['mailchimp_activity']['lastopen'] = $lastopen;
}
}
}
}
echo view('customers/form', $data);
return view("customers/form", $data);
}
/**
* Inserts/updates a customer
* @return ResponseInterface
*/
public function postSave(int $customer_id = NEW_ENTRY): void
public function postSave(int $customer_id = NEW_ENTRY): ResponseInterface
{
$first_name = $this->request->getPost('first_name');
$last_name = $this->request->getPost('last_name');
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$last_name = $this->request->getPost('last_name');
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
// Format first and last name properly
$first_name = $this->nameize($first_name);
$last_name = $this->nameize($last_name);
$last_name = $this->nameize($last_name);
$person_data = [
'first_name' => $first_name,
@@ -249,23 +260,23 @@ class Customers extends Persons
'state' => $this->request->getPost('state'),
'zip' => $this->request->getPost('zip'),
'country' => $this->request->getPost('country'),
'comments' => $this->request->getPost('comments'),
'comments' => $this->request->getPost('comments')
];
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date'));
$customer_data = [
'consent' => $this->request->getPost('consent') !== null,
'account_number' => $this->request->getPost('account_number') === '' ? null : $this->request->getPost('account_number'),
'consent' => $this->request->getPost('consent') != null,
'account_number' => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number'),
'tax_id' => $this->request->getPost('tax_id'),
'company_name' => $this->request->getPost('company_name') === '' ? null : $this->request->getPost('company_name'),
'discount' => $this->request->getPost('discount') === '' ? 0.00 : parse_decimals($this->request->getPost('discount')),
'discount_type' => $this->request->getPost('discount_type') === null ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
'package_id' => $this->request->getPost('package_id') === '' ? null : $this->request->getPost('package_id'),
'taxable' => $this->request->getPost('taxable') !== null,
'company_name' => $this->request->getPost('company_name') == '' ? null : $this->request->getPost('company_name'),
'discount' => $this->request->getPost('discount') == '' ? 0.00 : parse_decimals($this->request->getPost('discount')),
'discount_type' => $this->request->getPost('discount_type') == null ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
'package_id' => $this->request->getPost('package_id') == '' ? null : $this->request->getPost('package_id'),
'taxable' => $this->request->getPost('taxable') != null,
'date' => $date_formatter->format('Y-m-d H:i:s'),
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'sales_tax_code_id' => $this->request->getPost('sales_tax_code_id') === '' ? null : $this->request->getPost('sales_tax_code_id', FILTER_SANITIZE_NUMBER_INT),
'sales_tax_code_id' => $this->request->getPost('sales_tax_code_id') == '' ? null : $this->request->getPost('sales_tax_code_id', FILTER_SANITIZE_NUMBER_INT)
];
if ($this->customer->save_customer($person_data, $customer_data, $customer_id)) {
@@ -276,29 +287,29 @@ class Customers extends Persons
$email,
$first_name,
$last_name,
$mailchimp_status === null ? '' : $mailchimp_status,
['vip' => $this->request->getPost('mailchimp_vip') !== null],
$mailchimp_status == null ? "" : $mailchimp_status,
['vip' => $this->request->getPost('mailchimp_vip') != null]
);
// New customer
if ($customer_id === NEW_ENTRY) {
echo json_encode([
if ($customer_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_adding') . ' ' . $first_name . ' ' . $last_name,
'id' => $customer_data['person_id'],
'id' => $customer_data['person_id']
]);
} else { // Existing customer
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => $customer_id,
'id' => $customer_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Customers.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
@@ -306,37 +317,40 @@ class Customers extends Persons
/**
* Verifies if an email address already exists. Used in app/Views/customers/form.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckEmail(): void
public function postCheckEmail(): ResponseInterface
{
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$person_id = $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT);
$exists = $this->customer->check_email_exists($email, $person_id);
echo ! $exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* Verifies if an account number already exists. Used in app/Views/customers/form.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckAccountNumber(): void
public function postCheckAccountNumber(): ResponseInterface
{
$exists = $this->customer->check_account_number_exists($this->request->getPost('account_number'), $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT));
echo ! $exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* This deletes customers from the customers table
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$customers_to_delete = $this->request->getPost('ids');
$customers_info = $this->customer->get_multiple_info($customers_to_delete);
$customers_info = $this->customer->get_multiple_info($customers_to_delete);
$count = 0;
@@ -349,13 +363,13 @@ class Customers extends Persons
}
}
if ($count === count($customers_to_delete)) {
echo json_encode([
if ($count == count($customers_to_delete)) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple'),
'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
}
}
@@ -363,38 +377,38 @@ class Customers extends Persons
* Customers import from csv spreadsheet
*
* @return DownloadResponse The template for Customer CSV imports is returned and download forced.
*
* @noinspection PhpUnused
*/
public function getCsv(): DownloadResponse
{
$name = 'importCustomers.csv';
$data = file_get_contents(WRITEPATH . "uploads/{$name}");
$data = file_get_contents(WRITEPATH . "uploads/$name");
return $this->response->download($name, $data);
}
/**
* Displays the customer CSV import modal. Used in app/Views/people/manage.php
*
* @return string
* @noinspection PhpUnused
*/
public function getCsvImport(): void
public function getCsvImport(): string
{
echo view('customers/form_csv_import');
return view('customers/form_csv_import');
}
/**
* Imports a CSV file containing customers. Used in app/Views/customers/form_csv_import.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postImportCsvFile(): void
public function postImportCsvFile(): ResponseInterface
{
if ($_FILES['file_path']['error'] !== UPLOAD_ERR_OK) {
echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) {
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
} else {
if (($handle = fopen($_FILES['file_path']['tmp_name'], 'rb')) !== false) {
if (($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== false) {
// Skip the first row as it's the table description
fgetcsv($handle);
$i = 1;
@@ -402,10 +416,10 @@ class Customers extends Persons
$failCodes = [];
while (($data = fgetcsv($handle)) !== false) {
$consent = $data[3] === '' ? 0 : 1;
$consent = $data[3] == '' ? 0 : 1;
if (count($data) >= 16 && $consent) {
$email = strtolower($data[4]);
if (sizeof($data) >= 16 && $consent) {
$email = strtolower($data[4]);
$person_data = [
'first_name' => $data[0],
'last_name' => $data[1],
@@ -418,7 +432,7 @@ class Customers extends Persons
'state' => $data[9],
'zip' => $data[10],
'country' => $data[11],
'comments' => $data[12],
'comments' => $data[12]
];
$customer_data = [
@@ -426,16 +440,16 @@ class Customers extends Persons
'company_name' => $data[13],
'discount' => $data[15],
'discount_type' => $data[16],
'taxable' => $data[17] === '' ? 0 : 1,
'taxable' => $data[17] == '' ? 0 : 1,
'date' => date('Y-m-d H:i:s'),
'employee_id' => $this->employee->get_logged_in_employee_info()->person_id,
'employee_id' => $this->employee->get_logged_in_employee_info()->person_id
];
$account_number = $data[14];
// Don't duplicate people with same email
$invalidated = $this->customer->check_email_exists($email);
if ($account_number !== '') {
if ($account_number != '') {
$customer_data['account_number'] = $account_number;
$invalidated &= $this->customer->check_account_number_exists($account_number);
}
@@ -445,7 +459,7 @@ class Customers extends Persons
if ($invalidated) {
$failCodes[] = $i;
log_message('error', "Row {$i} was not imported: Either email or account number already exist or data was invalid.");
log_message('error', "Row $i was not imported: Either email or account number already exist or data was invalid.");
} elseif ($this->customer->save_customer($person_data, $customer_data)) {
// Save customer to Mailchimp selected list
$this->mailchimp_lib->addOrUpdateMember($this->_list_id, $person_data['email'], $person_data['first_name'], '', $person_data['last_name']);
@@ -453,18 +467,18 @@ class Customers extends Persons
$failCodes[] = $i;
}
$i++;
++$i;
}
if (count($failCodes) > 0) {
$message = lang('Customers.csv_import_partially_failed', [count($failCodes), implode(', ', $failCodes)]);
echo json_encode(['success' => false, 'message' => $message]);
return $this->response->setJSON(['success' => false, 'message' => $message]);
} else {
echo json_encode(['success' => true, 'message' => lang('Customers.csv_import_success')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Customers.csv_import_success')]);
}
} else {
echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
}
}
}

143
app/Controllers/Employees.php
View File

@@ -3,9 +3,14 @@
namespace App\Controllers;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
* @property Module module
*
*
* @property module module
*
*/
class Employees extends Persons
{
@@ -18,8 +23,10 @@ class Employees extends Persons
/**
* Returns employee table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -27,54 +34,64 @@ class Employees extends Persons
$sort = $this->sanitizeSortColumn(person_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$employees = $this->employee->search($search, $limit, $offset, $sort, $order);
$employees = $this->employee->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->employee->get_found_rows($search);
$data_rows = [];
foreach ($employees->getResult() as $person) {
$data_rows[] = get_person_data_row($person);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* AJAX called function gives search suggestions based on what is being searched for.
*
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->employee->get_search_suggestions($search, 25, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function suggest_search(): void
/**
* @return ResponseInterface
*/
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->employee->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the employee edit form
* @return string
*/
public function getView(int $employee_id = NEW_ENTRY): void
public function getView(int $employee_id = NEW_ENTRY): string
{
$person_info = $this->employee->get_info($employee_id);
$current_user = $this->employee->get_logged_in_employee_info();
if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
header('Location: ' . base_url('no_access/employees/employees'));
exit();
}
foreach (get_object_vars($person_info) as $property => $value) {
$person_info->{$property} = $value;
$person_info->$property = $value;
}
$data['person_info'] = $person_info;
$data['employee_id'] = $employee_id;
$modules = [];
foreach ($this->module->get_all_modules()->getResult() as $module) {
$module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
$module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
$module->menu_group = $this->employee->get_menu_group($module->module_id, $person_info->person_id);
$modules[] = $module;
@@ -82,30 +99,43 @@ class Employees extends Persons
$data['all_modules'] = $modules;
$permissions = [];
foreach ($this->module->get_all_subpermissions()->getResult() as $permission) { // TODO: subpermissions does not follow naming standards.
$permission->permission_id = str_replace(' ', '_', $permission->permission_id);
$permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
$permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
$permissions[] = $permission;
}
$data['all_subpermissions'] = $permissions;
echo view('employees/form', $data);
return view('employees/form', $data);
}
/**
* Inserts/updates an employee
* @return ResponseInterface
*/
public function postSave(int $employee_id = NEW_ENTRY): void
public function postSave(int $employee_id = NEW_ENTRY): ResponseInterface
{
$current_user = $this->employee->get_logged_in_employee_info();
if ($employee_id != NEW_ENTRY) {
$target_employee = $this->employee->get_info($employee_id);
if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.error_updating_admin'),
'id' => NEW_ENTRY
]);
}
}
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: duplicated code
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
// format first and last name properly
$first_name = $this->nameize($first_name);
$last_name = $this->nameize($last_name);
$last_name = $this->nameize($last_name);
$person_data = [
'first_name' => $first_name,
@@ -119,92 +149,111 @@ class Employees extends Persons
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
];
$grants_array = [];
$isAdmin = $this->employee->isAdmin($current_user->person_id);
foreach ($this->module->get_all_permissions()->getResult() as $permission) {
$grants = [];
$grant = $this->request->getPost('grant_' . $permission->permission_id) !== null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
$grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
if ($grant === $permission->permission_id) {
if ($grant == $permission->permission_id) {
if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
continue;
}
$grants['permission_id'] = $permission->permission_id;
$grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) !== null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
$grants_array[] = $grants;
$grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
$grants_array[] = $grants;
}
}
// Password has been changed OR first time password set
if (! empty($this->request->getPost('password')) && ENVIRONMENT !== 'testing') {
$exploded = explode(':', $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
if (!empty($this->request->getPost('password')) && ENVIRONMENT != 'testing') {
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
'hash_version' => 2,
'language_code' => $exploded[0],
'language' => $exploded[1],
'language' => $exploded[1]
];
} else { // Password not changed
$exploded = explode(':', $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
$exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'language_code' => $exploded[0],
'language' => $exploded[1],
'language' => $exploded[1]
];
}
if ($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id)) {
// New employee
if ($employee_id === NEW_ENTRY) {
echo json_encode([
if ($employee_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
'id' => $employee_data['person_id'],
'id' => $employee_data['person_id']
]);
} else { // Existing employee
echo json_encode([
$logged_in_employee_id = session()->get('person_id');
if ($employee_id == $logged_in_employee_id) {
session()->set('language_code', $employee_data['language_code']);
session()->set('language', $employee_data['language']);
}
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => $employee_id,
'id' => $employee_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
/**
* This deletes employees from the employees table
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$current_user = $this->employee->get_logged_in_employee_info();
if (!$this->employee->isAdmin($current_user->person_id)) {
foreach ($employees_to_delete as $emp_id) {
if ($this->employee->isAdmin((int)$emp_id)) {
return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
}
}
}
if ($this->employee->delete_list($employees_to_delete)) { // TODO: this is passing a string, but delete_list expects an array
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple'),
'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
}
}
/**
* Checks an employee username against the database. Used in app\Views\employees\form.php
*
* @param $employee_id
* @return ResponseInterface
* @noinspection PhpUnused
*
* @param mixed $employee_id
*/
public function getCheckUsername($employee_id): void
public function getCheckUsername($employee_id): ResponseInterface
{
$exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
echo ! $exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
}

148
app/Controllers/Expenses.php
View File

@@ -4,7 +4,9 @@ namespace App\Controllers;
use App\Models\Expense;
use App\Models\Expense_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
class Expenses extends Secure_Controller
{
@@ -15,11 +17,14 @@ class Expenses extends Secure_Controller
{
parent::__construct('expenses');
$this->expense = model(Expense::class);
$this->expense = model(Expense::class);
$this->expense_category = model(Expense_category::class);
}
public function getIndex(): void
/**
* @return void
*/
public function getIndex(): string
{
$data['table_headers'] = get_expenses_manage_table_headers();
@@ -30,20 +35,26 @@ class Expenses extends Secure_Controller
'only_check' => lang('Expenses.check_filter'),
'only_credit' => lang('Expenses.credit_filter'),
'only_debit' => lang('Expenses.debit_filter'),
'is_deleted' => lang('Expenses.is_deleted'),
'is_deleted' => lang('Expenses.is_deleted')
];
echo view('expenses/manage', $data);
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('expenses/manage', $data);
}
public function getSearch(): void
/**
* @return void
*/
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$filters = [
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$filters = [
'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'end_date' => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'only_cash' => false,
@@ -51,17 +62,17 @@ class Expenses extends Secure_Controller
'only_check' => false,
'only_credit' => false,
'only_debit' => false,
'is_deleted' => false,
'is_deleted' => false
];
// Check if any filter is set in the multiselect dropdown
$request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
$filters = array_merge($filters, $request_filters);
$expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
$total_rows = $this->expense->get_found_rows($search, $filters);
$payments = $this->expense->get_payments_summary($search, $filters);
$filters = array_merge($filters, $request_filters);
$expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
$total_rows = $this->expense->get_found_rows($search, $filters);
$payments = $this->expense->get_payments_summary($search, $filters);
$payment_summary = get_expenses_manage_payments_summary($payments, $expenses);
$data_rows = [];
$data_rows = [];
foreach ($expenses->getResult() as $expense) {
$data_rows[] = get_expenses_data_row($expense);
@@ -71,44 +82,50 @@ class Expenses extends Secure_Controller
$data_rows[] = get_expenses_data_last_row($expenses);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
}
public function getView(int $expense_id = NEW_ENTRY): void
/**
* @param int $expense_id
* @return void
*/
public function getView(int $expense_id = NEW_ENTRY): string
{
$data = []; // TODO: Duplicated code
$data['employees'] = [];
foreach ($this->employee->get_all()->getResult() as $employee) {
foreach (get_object_vars($employee) as $property => $value) {
$employee->{$property} = $value;
}
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
$data['expenses_info'] = $this->expense->get_info($expense_id);
$expense_id = $data['expenses_info']->expense_id;
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {
$stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
}
$data['can_assign_employee'] = $can_assign_employee;
$expense_categories = [];
foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
$expense_categories[$row['expense_category_id']] = $row['category_name'];
}
$data['expense_categories'] = $expense_categories;
$expense_id = $data['expenses_info']->expense_id;
if ($expense_id === NEW_ENTRY) {
$data['expenses_info']->date = date('Y-m-d H:i:s');
$data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
if ($expense_id == NEW_ENTRY) {
$data['expenses_info']->date = date('Y-m-d H:i:s');
$data['expenses_info']->employee_id = $current_employee_id;
}
$data['payments'] = [];
foreach ($this->expense->get_expense_payment($expense_id)->getResult() as $payment) {
foreach (get_object_vars($payment) as $property => $value) {
$payment->{$property} = $value;
$payment->$property = $value;
}
$data['payments'][] = $payment;
@@ -117,57 +134,82 @@ class Expenses extends Secure_Controller
// Don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
$data['payment_options'] = $this->expense->get_payment_options();
echo view('expenses/form', $data);
return view("expenses/form", $data);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$expense_info = $this->expense->get_info($row_id);
$data_row = get_expenses_data_row($expense_info);
$data_row = get_expenses_data_row($expense_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function postSave(int $expense_id = NEW_ENTRY): void
/**
* @param int $expense_id
* @return ResponseInterface
*/
public function postSave(int $expense_id = NEW_ENTRY): ResponseInterface
{
$config = config(OSPOS::class)->settings;
$config = config(OSPOS::class)->settings;
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
if ($expense_id == NEW_ENTRY) {
$employee_id = $current_employee_id;
} else {
$existing_expense = $this->expense->get_info($expense_id);
$employee_id = $existing_expense->employee_id;
}
} else {
$employee_id = $submitted_employee_id;
}
$expense_data = [
'date' => $date_formatter->format('Y-m-d H:i:s'),
'supplier_id' => $this->request->getPost('supplier_id') === '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
'supplier_id' => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
'supplier_tax_code' => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'amount' => parse_decimals($this->request->getPost('amount')),
'tax_amount' => parse_decimals($this->request->getPost('tax_amount')),
'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'deleted' => $this->request->getPost('deleted') !== null,
'employee_id' => $employee_id,
'deleted' => $this->request->getPost('deleted') != null
];
if ($this->expense->save_value($expense_data, $expense_id)) {
// New Expense
if ($expense_id === NEW_ENTRY) {
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
if ($expense_id == NEW_ENTRY) {
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
} else { // Existing Expense
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
}
} else { // Failure
echo json_encode(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->expense->delete_list($expenses_to_delete)) {
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
} else {
echo json_encode(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
}
}
}

67
app/Controllers/Expenses_categories.php
View File

@@ -3,6 +3,8 @@
namespace App\Controllers;
use App\Models\Expense_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Expenses_categories extends Secure_Controller // TODO: Is this class ever used?
{
@@ -15,17 +17,20 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
$this->expense_category = model(Expense_category::class);
}
public function getIndex(): void
/**
* @return void
*/
public function getIndex(): string
{
$data['table_headers'] = get_expense_category_manage_table_headers();
echo view('expenses_categories/manage', $data);
return view('expenses_categories/manage', $data);
}
/**
* Returns expense_category_manage table data rows. This will be called with AJAX.
*/
public function getSearch(): void
**/
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -34,73 +39,87 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->expense_category->get_found_rows($search);
$total_rows = $this->expense_category->get_found_rows($search);
$data_rows = [];
foreach ($expense_categories->getResult() as $expense_category) {
$data_rows[] = get_expense_category_data_row($expense_category);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return void
*/
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView(int $expense_category_id = NEW_ENTRY): void
/**
* @param int $expense_category_id
* @return void
*/
public function getView(int $expense_category_id = NEW_ENTRY): string
{
$data['category_info'] = $this->expense_category->get_info($expense_category_id);
echo view('expenses_categories/form', $data);
return view("expenses_categories/form", $data);
}
public function postSave(int $expense_category_id = NEW_ENTRY): void
/**
* @param int $expense_category_id
* @return void
*/
public function postSave(int $expense_category_id = NEW_ENTRY): ResponseInterface
{
$expense_category_data = [
'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
];
if ($this->expense_category->save_value($expense_category_data, $expense_category_id)) {
// New expense_category
if ($expense_category_id === NEW_ENTRY) {
echo json_encode([
if ($expense_category_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_adding'),
'id' => $expense_category_data['expense_category_id'],
'id' => $expense_category_data['expense_category_id']
]);
} else { // Existing Expense Category
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_updating'),
'id' => $expense_category_id,
'id' => $expense_category_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
public function postDelete(): void
/**
* @return void
*/
public function postDelete(): ResponseInterface
{
$expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->expense_category->delete_list($expense_category_to_delete)) { // TODO: Convert to ternary notation.
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple'),
'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
}
}
}

107
app/Controllers/Giftcards.php
View File

@@ -3,7 +3,9 @@
namespace App\Controllers;
use App\Models\Giftcard;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
class Giftcards extends Secure_Controller
{
@@ -16,17 +18,20 @@ class Giftcards extends Secure_Controller
$this->giftcard = model(Giftcard::class);
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_giftcards_manage_table_headers();
echo view('giftcards/manage', $data);
return view('giftcards/manage', $data);
}
/**
* Returns Giftcards table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -34,71 +39,86 @@ class Giftcards extends Secure_Controller
$sort = $this->sanitizeSortColumn(giftcard_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'giftcard_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
$giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->giftcard->get_found_rows($search);
$data_rows = [];
foreach ($giftcards->getResult() as $giftcard) {
$data_rows[] = get_giftcard_data_row($giftcard);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gets search suggestions for giftcards. Used in app\Views\sales\register.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->giftcard->get_search_suggestions($search, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function suggest_search(): void
/**
* @return ResponseInterface
*/
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->giftcard->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView(int $giftcard_id = NEW_ENTRY): void
/**
* @param int $giftcard_id
* @return string
*/
public function getView(int $giftcard_id = NEW_ENTRY): string
{
$config = config(OSPOS::class)->settings;
$config = config(OSPOS::class)->settings;
$giftcard_info = $this->giftcard->get_info($giftcard_id);
$data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
$data['selected_person_id'] = $giftcard_info->person_id;
if ($config['giftcard_number'] === 'random') {
$data['selected_person_id'] = $giftcard_info->person_id;
if ($config['giftcard_number'] == 'random') {
$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : '';
} else {
$max_number_obj = $this->giftcard->get_max_number();
$max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0; // TODO: variable does not follow naming standard.
$max_number_obj = $this->giftcard->get_max_number();
$max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0; // TODO: variable does not follow naming standard.
$data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $max_giftnumber + 1;
}
$data['giftcard_id'] = $giftcard_id;
$data['giftcard_id'] = $giftcard_id;
$data['giftcard_value'] = $giftcard_info->value;
echo view('giftcards/form', $data);
return view("giftcards/form", $data);
}
public function postSave(int $giftcard_id = NEW_ENTRY): void
/**
* @param int $giftcard_id
* @return ResponseInterface
*/
public function postSave(int $giftcard_id = NEW_ENTRY): ResponseInterface
{
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($giftcard_id === NEW_ENTRY && trim($giftcard_number) === '') {
if ($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') {
$giftcard_number = $this->giftcard->generate_unique_giftcard_name($giftcard_number);
}
@@ -106,29 +126,29 @@ class Giftcards extends Secure_Controller
'record_time' => date('Y-m-d H:i:s'),
'giftcard_number' => $giftcard_number,
'value' => parse_decimals($this->request->getPost('giftcard_amount')),
'person_id' => $this->request->getPost('person_id') === '' ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT),
'person_id' => empty($this->request->getPost('person_id')) ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT)
];
if ($this->giftcard->save_value($giftcard_data, $giftcard_id)) {
// New giftcard
if ($giftcard_id === NEW_ENTRY) { // TODO: Constant needed
echo json_encode([
if ($giftcard_id == NEW_ENTRY) { // TODO: Constant needed
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
'id' => $giftcard_data['giftcard_id'],
'id' => $giftcard_data['giftcard_id']
]);
} else { // Existing giftcard
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
'id' => $giftcard_id,
'id' => $giftcard_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
@@ -136,26 +156,33 @@ class Giftcards extends Secure_Controller
/**
* Checks the giftcard number validity. Used in app\Views\giftcards\form.php
*
* @return void
* @noinspection PhpUnused
*/
public function postCheckNumberGiftcard(): void
public function postCheckNumberGiftcard(): ResponseInterface
{
$giftcard_amount = parse_decimals($this->request->getPost('giftcard_amount'));
$parsed_value = filter_var($giftcard_amount, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
echo json_encode(['success' => $parsed_value !== false && $parsed_value > 0 && $giftcard_amount !== false, 'giftcard_amount' => to_currency_no_money($parsed_value)]);
$existing_id = $this->request->getPost('giftcard_id', FILTER_SANITIZE_NUMBER_INT);
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_NUMBER_INT);
$giftcard_id = $this->giftcard->get_giftcard_id($giftcard_number);
$success = ($giftcard_id == (int) $existing_id || !$giftcard_id );
return $this->response->setJSON($success ? 'true' : 'false');
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->giftcard->delete_list($giftcards_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple'),
'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
}
}
}

101
app/Controllers/Home.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\ResponseInterface;
class Home extends Secure_Controller
{
@@ -11,80 +12,116 @@ class Home extends Secure_Controller
parent::__construct('home', null, 'home');
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$logged_in = $this->employee->is_logged_in();
echo view('home/home');
return view('home/home');
}
/**
* Logs the currently logged in employee out of the system. Used in app/Views/partial/header.php
*
* @return RedirectResponse
* @noinspection PhpUnused
*/
public function getLogout(): RedirectResponse
{
$this->employee->logout();
return redirect()->to('login');
}
/**
* Load "change employee password" form
*
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function getChangePassword(int $employee_id = -1): void // TODO: Replace -1 with a constant
public function getChangePassword(int $employeeId = NEW_ENTRY)
{
$person_info = $this->employee->get_info($employee_id);
$loggedInEmployee = $this->employee->get_logged_in_employee_info();
$currentPersonId = $loggedInEmployee->person_id;
$employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
}
$person_info = $this->employee->get_info($employeeId);
foreach (get_object_vars($person_info) as $property => $value) {
$person_info->{$property} = $value;
$person_info->$property = $value;
}
$data['person_info'] = $person_info;
echo view('home/form_change_password', $data);
return view('home/form_change_password', $data);
}
/**
* Change employee password
*
* @return ResponseInterface
*/
public function postSave(int $employee_id = -1): void // TODO: Replace -1 with a constant
public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
{
if (! empty($this->request->getPost('current_password')) && $employee_id !== -1) {
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
'hash_version' => 2,
];
$currentUser = $this->employee->get_logged_in_employee_info();
if ($this->employee->change_password($employee_data, $employee_id)) {
echo json_encode([
'success' => true,
'message' => lang('Employees.successful_change_password'),
'id' => $employee_id,
]);
} else { // Failure // TODO: Replace -1 with constant
echo json_encode([
$employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
return $this->response->setStatusCode(403)->setJSON([
'success' => false,
'message' => lang('Employees.unauthorized_modify')
]);
}
if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
// Validate password length BEFORE hashing
$new_password = $this->request->getPost('password');
if (strlen($new_password) < 8) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.unsuccessful_change_password'),
'id' => -1,
'message' => lang('Employees.password_minlength'),
'id' => NEW_ENTRY
]);
}
} else { // TODO: Replace -1 with constant
echo json_encode([
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'password' => password_hash($new_password, PASSWORD_DEFAULT),
'hash_version' => 2
];
if ($this->employee->change_password($employee_data, $employeeId)) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_change_password'),
'id' => $employeeId
]);
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.unsuccessful_change_password'),
'id' => NEW_ENTRY
]);
}
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => -1,
'id' => NEW_ENTRY
]);
}
} else { // TODO: Replace -1 with constant
echo json_encode([
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => -1,
'id' => NEW_ENTRY
]);
}
}
}
}

145
app/Controllers/Item_kits.php
View File

@@ -3,9 +3,12 @@
namespace App\Controllers;
use App\Libraries\Barcode_lib;
use App\Models\Item;
use App\Models\Item_kit;
use App\Models\Item_kit_items;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Item_kits extends Secure_Controller
{
@@ -17,8 +20,8 @@ class Item_kits extends Secure_Controller
{
parent::__construct('item_kits');
$this->item = model(Item::class);
$this->item_kit = model(Item_kit::class);
$this->item = model(Item::class);
$this->item_kit = model(Item_kit::class);
$this->item_kit_items = model(Item_kit_items::class);
}
@@ -31,18 +34,17 @@ class Item_kits extends Secure_Controller
$item_kit->total_cost_price = 0;
$item_kit->total_unit_price = $kit_item_info->unit_price;
$total_quantity = 0;
$total_quantity = 0;
foreach ($this->item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) {
$item_info = $this->item->get_info($item_kit_item['item_id']);
foreach (get_object_vars($item_info) as $property => $value) {
$item_info->{$property} = $value;
$item_info->$property = $value;
}
$item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];
if ($item_kit->price_option === PRICE_OPTION_ALL || ($item_kit->price_option === PRICE_OPTION_KIT_STOCK && $item_info->stock_type === HAS_STOCK)) {
if ($item_kit->price_option == PRICE_OPTION_ALL || ($item_kit->price_option == PRICE_OPTION_KIT_STOCK && $item_info->stock_type == HAS_STOCK)) {
$item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity'];
$total_quantity += $item_kit_item['quantity'];
}
@@ -50,24 +52,27 @@ class Item_kits extends Secure_Controller
$discount_fraction = bcdiv($item_kit->kit_discount, '100');
$item_kit->total_unit_price -= round(($item_kit->kit_discount_type === PERCENT)
$item_kit->total_unit_price = $item_kit->total_unit_price - round(($item_kit->kit_discount_type == PERCENT)
? bcmul($item_kit->total_unit_price, $discount_fraction)
: $item_kit->kit_discount, totals_decimals(), PHP_ROUND_HALF_UP);
return $item_kit;
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_item_kits_manage_table_headers();
echo view('item_kits/manage', $data);
return view('item_kits/manage', $data);
}
/**
* Returns Item_kit table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search') ?? '';
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -75,61 +80,71 @@ class Item_kits extends Secure_Controller
$sort = $this->sanitizeSortColumn(item_kit_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_kit_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
$item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->item_kit->get_found_rows($search);
$data_rows = [];
foreach ($item_kits->getResult() as $item_kit) {
// Calculate the total cost and retail price of the Kit, so it can be printed out in the manage table
$item_kit = $this->_add_totals_to_item_kit($item_kit);
$item_kit = $this->_add_totals_to_item_kit($item_kit);
$data_rows[] = get_item_kit_data_row($item_kit);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function suggest_search(): void
/**
* @return ResponseInterface
*/
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->item_kit->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
// Calculate the total cost and retail price of the Kit, so it can be added to the table refresh
$item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));
echo json_encode(get_item_kit_data_row($item_kit));
return $this->response->setJSON(get_item_kit_data_row($item_kit));
}
public function getView(int $item_kit_id = NEW_ENTRY): void
/**
* @param int $item_kit_id
* @return string
*/
public function getView(int $item_kit_id = NEW_ENTRY): string
{
$info = $this->item_kit->get_info($item_kit_id);
if ($item_kit_id === NEW_ENTRY) {
if ($item_kit_id == NEW_ENTRY) {
$info->price_option = '0';
$info->print_option = PRINT_ALL;
$info->kit_item_id = 0;
$info->item_number = '';
$info->kit_item_id = 0;
$info->item_number = '';
$info->kit_discount = 0;
}
foreach (get_object_vars($info) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['item_kit_info'] = $info;
$data['item_kit_info'] = $info;
$items = [];
foreach ($this->item_kit_items->get_info($item_kit_id) as $item_kit_item) {
$item['kit_sequence'] = $item_kit_item['kit_sequence'];
$item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
$item['item_id'] = $item_kit_item['item_id'];
$item['quantity'] = $item_kit_item['quantity'];
$item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
$item['item_id'] = $item_kit_item['item_id'];
$item['quantity'] = $item_kit_item['quantity'];
$items[] = $item;
}
@@ -137,113 +152,119 @@ class Item_kits extends Secure_Controller
$data['item_kit_items'] = $items;
$data['selected_kit_item_id'] = $info->kit_item_id;
$data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
$data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
echo view('item_kits/form', $data);
return view("item_kits/form", $data);
}
public function postSave(int $item_kit_id = NEW_ENTRY): void
/**
* @param int $item_kit_id
* @return ResponseInterface
*/
public function postSave(int $item_kit_id = NEW_ENTRY): ResponseInterface
{
$item_kit_data = [
'name' => $this->request->getPost('name'),
'item_kit_number' => $this->request->getPost('item_kit_number'),
'item_id' => $this->request->getPost('kit_item_id') ? null : (int) ($this->request->getPost('kit_item_id')),
'item_id' => $this->request->getPost('kit_item_id'),
'kit_discount' => parse_decimals($this->request->getPost('kit_discount')),
'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : (int) ($this->request->getPost('kit_discount_type')),
'price_option' => $this->request->getPost('price_option') === null ? PRICE_ALL : (int) ($this->request->getPost('price_option')),
'print_option' => $this->request->getPost('print_option') === null ? PRINT_ALL : (int) ($this->request->getPost('print_option')),
'description' => $this->request->getPost('description'),
'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : intval($this->request->getPost('kit_discount_type')),
'price_option' => $this->request->getPost('price_option') === null ? PRICE_ALL : intval($this->request->getPost('price_option')),
'print_option' => $this->request->getPost('print_option') === null ? PRINT_ALL : intval($this->request->getPost('print_option')),
'description' => $this->request->getPost('description')
];
if ($this->item_kit->save_value($item_kit_data, $item_kit_id)) {
$new_item = false;
// New item kit
if ($item_kit_id === NEW_ENTRY) {
if ($item_kit_id == NEW_ENTRY) {
$item_kit_id = $item_kit_data['item_kit_id'];
$new_item = true;
$new_item = true;
}
$item_kit_items_array = $this->request->getPost('item_kit_qty') === null ? null : $this->request->getPost('item_kit_qty');
if ($item_kit_items_array !== null) {
if ($item_kit_items_array != null) {
$item_kit_items = [];
foreach ($item_kit_items_array as $item_id => $item_kit_qty) {
$item_kit_items[] = [
'item_id' => $item_id,
'quantity' => $item_kit_qty === null ? 0 : parse_quantity($item_kit_qty),
'kit_sequence' => $this->request->getPost("item_kit_seq[{$item_id}]") === null ? 0 : (int) ($this->request->getPost("item_kit_seq[{$item_id}]")),
'kit_sequence' => $this->request->getPost("item_kit_seq[$item_id]") === null ? 0 : intval($this->request->getPost("item_kit_seq[$item_id]"))
];
}
}
if (! empty($item_kit_items)) {
if (!empty($item_kit_items)) {
$success = $this->item_kit_items->save_value($item_kit_items, $item_kit_id);
} else {
$success = true;
}
if ($new_item) {
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Item_kits.successful_adding') . ' ' . $item_kit_data['name'],
'id' => $item_kit_id,
'id' => $item_kit_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Item_kits.successful_updating') . ' ' . $item_kit_data['name'],
'id' => $item_kit_id,
'id' => $item_kit_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->item_kit->delete_list($item_kits_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple'),
'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
}
}
/**
* Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckItemNumber(): void
public function postCheckItemNumber(): ResponseInterface
{
$exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
echo ! $exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* AJAX called function that generates barcodes for selected item_kits.
*
* @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
*
* @return string
* @noinspection PhpUnused
*/
public function getGenerateBarcodes(string $item_kit_ids): void
public function getGenerateBarcodes(string $item_kit_ids): string
{
$barcode_lib = new Barcode_lib();
$result = [];
$result = [];
$item_kit_ids = explode(':', $item_kit_ids);
foreach ($item_kit_ids as $item_kid_id) {
// Calculate the total cost and retail price of the Kit, so it can be added to the barcode text at the bottom
$item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($item_kid_id));
@@ -255,20 +276,20 @@ class Item_kits extends Secure_Controller
'item_id' => $item_kid_id,
'item_number' => $item_kid_id,
'cost_price' => $item_kit->total_cost_price,
'unit_price' => $item_kit->total_unit_price,
'unit_price' => $item_kit->total_unit_price
];
}
$data['items'] = $result;
$data['items'] = $result;
$barcode_config = $barcode_lib->get_barcode_config();
// In case the selected barcode type is not Code39 or Code128 we set by default Code128
// The rationale for this is that EAN codes cannot have strings as seed, so 'KIT ' is not allowed
if ($barcode_config['barcode_type'] !== 'C39' && $barcode_config['barcode_type'] !== 'C128') {
if ($barcode_config['barcode_type'] != 'C39' && $barcode_config['barcode_type'] != 'C128') {
$barcode_config['barcode_type'] = 'C128';
}
$data['barcode_config'] = $barcode_config;
// Display barcodes
echo view('barcodes/barcode_sheet', $data);
return view("barcodes/barcode_sheet", $data);
}
}

847
app/Controllers/Items.php
View File

File diff suppressed because it is too large Load Diff

24
app/Controllers/Login.php
View File

@@ -10,18 +10,21 @@ use Config\OSPOS;
use Config\Services;
/**
* @property Employee employee
* @property employee employee
*/
class Login extends BaseController
{
public Model $employee;
public function index(): RedirectResponse|string
/**
* @return RedirectResponse|string
*/
public function index(): string|RedirectResponse
{
$this->employee = model(Employee::class);
if (! $this->employee->is_logged_in()) {
if (!$this->employee->is_logged_in()) {
$migration = new MY_Migration(config('Migrations'));
$config = config(OSPOS::class)->settings;
$config = config(OSPOS::class)->settings;
$gcaptcha_enabled = array_key_exists('gcaptcha_enable', $config)
? $config['gcaptcha_enable']
@@ -37,32 +40,31 @@ class Login extends BaseController
'latest_version' => $migration->get_latest_migration(),
'gcaptcha_enabled' => $gcaptcha_enabled,
'config' => $config,
'validation' => $validation,
'validation' => $validation
];
if ($this->request->getMethod() !== 'POST') {
return view('login', $data);
}
$rules = ['username' => 'required|login_check[data]'];
$rules = ['username' => 'required|login_check[data]'];
$messages = [
'username' => [
'required' => lang('Login.required_username'),
'login_check' => lang('Login.invalid_username_and_password'),
],
]
];
if (! $this->validate($rules, $messages)) {
$data['has_errors'] = ! empty($validation->getErrors());
if (!$this->validate($rules, $messages)) {
$data['has_errors'] = !empty($validation->getErrors());
return view('login', $data);
}
if (! $data['is_latest']) {
if (!$data['is_latest']) {
set_time_limit(3600);
$migration->setNamespace('App')->latest();
return redirect()->to('login');
}
}

42
app/Controllers/Messages.php
View File

@@ -3,7 +3,9 @@
namespace App\Controllers;
use App\Libraries\Sms_lib;
use App\Models\Person;
use CodeIgniter\HTTP\ResponseInterface;
class Messages extends Secure_Controller
{
@@ -16,25 +18,35 @@ class Messages extends Secure_Controller
$this->sms_lib = new Sms_lib();
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
echo view('messages/sms');
return view('messages/sms');
}
public function getView(int $person_id = NEW_ENTRY): void
/**
* @param int $person_id
* @return string
*/
public function getView(int $person_id = NEW_ENTRY): string
{
$person = model(Person::class);
$info = $person->get_info($person_id);
$info = $person->get_info($person_id);
foreach (get_object_vars($info) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['person_info'] = $info;
echo view('messages/form_sms', $data);
return view('messages/form_sms', $data);
}
public function send(): void
/**
* @return ResponseInterface
*/
public function send(): ResponseInterface
{
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -42,18 +54,20 @@ class Messages extends Secure_Controller
$response = $this->sms_lib->sendSMS($phone, $message);
if ($response) {
echo json_encode(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
return $this->response->setJSON(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
} else {
echo json_encode(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
return $this->response->setJSON(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
}
}
/**
* Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
*
* @param int $person_id
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function send_form(int $person_id = NEW_ENTRY): void
public function send_form(int $person_id = NEW_ENTRY): ResponseInterface
{
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -61,16 +75,16 @@ class Messages extends Secure_Controller
$response = $this->sms_lib->sendSMS($phone, $message);
if ($response) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Messages.successfully_sent') . ' ' . esc($phone),
'person_id' => $person_id,
'person_id' => $person_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
'person_id' => NEW_ENTRY,
'person_id' => NEW_ENTRY
]);
}
}

12
app/Controllers/No_access.php
View File

@@ -3,12 +3,13 @@
namespace App\Controllers;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
/**
* Part of the grants mechanism to restrict access to modules that the user doesn't have permission for.
* Instantiated in the views.
*
* @property Module module
* @property module module
*/
class No_access extends BaseController
{
@@ -19,11 +20,16 @@ class No_access extends BaseController
$this->module = model(Module::class);
}
public function getIndex(string $module_id = '', string $permission_id = ''): void
/**
* @param string $module_id
* @param string $permission_id
* @return string
*/
public function getIndex(string $module_id = '', string $permission_id = ''): string
{
$data['module_name'] = $this->module->get_module_name($module_id);
$data['permission_id'] = $permission_id;
echo view('no_access', $data);
return view('no_access', $data);
}
}

11
app/Controllers/Office.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Employee;
use CodeIgniter\HTTP\ResponseInterface;
/**
* @property Employee employee
@@ -16,11 +17,17 @@ class Office extends Secure_Controller
parent::__construct('office', null, 'office');
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
echo view('home/office');
return view('home/office');
}
/**
* @return void
*/
public function logout(): void
{
$this->employee = model(Employee::class);

29
app/Controllers/Persons.php
View File

@@ -3,13 +3,17 @@
namespace App\Controllers;
use App\Models\Person;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use function Tamtamchik\NameCase\str_name_case;
abstract class Persons extends Secure_Controller
{
protected Person $person;
/**
* @param string|null $module_id
*/
public function __construct(?string $module_id = null)
{
parent::__construct($module_id);
@@ -17,32 +21,37 @@ abstract class Persons extends Secure_Controller
$this->person = model(Person::class);
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_people_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->person->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gets one row for a person manage table. This is called using AJAX to update one row.
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_person_data_row($this->person->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
@@ -60,6 +69,8 @@ abstract class Persons extends Secure_Controller
$adjusted_name = str_name_case($input);
// TODO: Use preg_replace to match HTML entities and convert them to lowercase. This is a workaround for https://github.com/tamtamchik/namecase/issues/20
return preg_replace_callback('/&[a-zA-Z0-9#]+;/', static fn ($matches) => strtolower($matches[0]), $adjusted_name);
return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function ($matches) {
return strtolower($matches[0]);
}, $adjusted_name);
}
}

340
app/Controllers/Receivings.php
View File

@@ -2,16 +2,18 @@
namespace App\Controllers;
use App\Libraries\Barcode_lib;
use App\Libraries\Receiving_lib;
use App\Libraries\Token_lib;
use App\Libraries\Barcode_lib;
use App\Models\Inventory;
use App\Models\Item;
use App\Models\Item_kit;
use App\Models\Receiving;
use App\Models\Stock_location;
use App\Models\Supplier;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
use ReflectionException;
class Receivings extends Secure_Controller
@@ -32,78 +34,85 @@ class Receivings extends Secure_Controller
parent::__construct('receivings');
$this->receiving_lib = new Receiving_lib();
$this->token_lib = new Token_lib();
$this->barcode_lib = new Barcode_lib();
$this->token_lib = new Token_lib();
$this->barcode_lib = new Barcode_lib();
$this->inventory = model(Inventory::class);
$this->item_kit = model(Item_kit::class);
$this->item = model(Item::class);
$this->receiving = model(Receiving::class);
$this->inventory = model(Inventory::class);
$this->item_kit = model(Item_kit::class);
$this->item = model(Item::class);
$this->receiving = model(Receiving::class);
$this->stock_location = model(Stock_location::class);
$this->supplier = model(Supplier::class);
$this->config = config(OSPOS::class)->settings;
$this->supplier = model(Supplier::class);
$this->config = config(OSPOS::class)->settings;
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$this->_reload();
return $this->_reload();
}
/**
* Returns search suggestions for an item. Used in app/Views/sales/register.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getItemSearch(): void
public function getItemSearch(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gets search suggestions for a stock item. Used in app/Views/receivings/receiving.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getStockItemSearch(): void
public function getStockItemSearch(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Set supplier if it exists in the database. Used in app/Views/receivings/receiving.php
*
* @return string
* @noinspection PhpUnused
*/
public function postSelectSupplier(): void
public function postSelectSupplier(): string
{
$supplier_id = $this->request->getPost('supplier', FILTER_SANITIZE_NUMBER_INT);
if ($this->supplier->exists($supplier_id)) {
$this->receiving_lib->set_supplier($supplier_id);
}
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Change receiving mode for current receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @noinspection PhpUnused
*/
public function postChangeMode(): void
public function postChangeMode(): string
{
$stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
$stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
if ((! $stock_source || $stock_source === $this->receiving_lib->get_stock_source())
&& (! $stock_destination || $stock_destination === $this->receiving_lib->get_stock_destination())
if ((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) &&
(!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())
) {
$this->receiving_lib->clear_reference();
$mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -113,75 +122,79 @@ class Receivings extends Secure_Controller
$this->receiving_lib->set_stock_destination($stock_destination);
}
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Sets receiving comment. Used in app/Views/receivings/receiving.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetComment(): void
public function postSetComment(): ResponseInterface
{
$this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the print after sale flag for the receiving. Used in app/Views/receivings/receiving.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetPrintAfterSale(): void
public function postSetPrintAfterSale(): ResponseInterface
{
$this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') !== null);
$this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') != null);
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the reference number for the receiving. Used in app/Views/receivings/receiving.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetReference(): void
public function postSetReference(): ResponseInterface
{
$this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Add an item to the receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @noinspection PhpUnused
*/
public function postAdd(): void
public function postAdd(): string
{
$data = [];
$mode = $this->receiving_lib->get_mode();
$mode = $this->receiving_lib->get_mode();
$item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
$quantity = ($mode === 'receive' || $mode === 'requisition') ? $quantity : -$quantity;
$quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity;
$item_location = $this->receiving_lib->get_stock_source();
$discount = $this->config['default_receivings_discount'];
$discount = $this->config['default_receivings_discount'];
$discount_type = $this->config['default_receivings_discount_type'];
if ($mode === 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
if ($mode == 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
$this->receiving_lib->return_entire_receiving($item_id_or_number_or_item_kit_or_receipt);
} elseif ($this->item_kit->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) {
$this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt, $item_location, $discount, $discount_type);
} elseif (! $this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount, $discount_type)) {
} elseif (!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount, $discount_type)) {
$data['error'] = lang('Receivings.unable_to_add_item');
}
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
/**
* Edit line item in current receiving. Used in app/Views/receivings/receiving.php
*
* @param string|int|null $item_id
* @return string
* @noinspection PhpUnused
*
* @param mixed $item_id
*/
public function postEditItem($item_id): void
public function postEditItem($item_id): string
{
$data = [];
@@ -191,14 +204,14 @@ class Receivings extends Secure_Controller
'discount' => 'trim|permit_empty|decimal_locale',
];
$price = parse_decimals($this->request->getPost('price'));
$quantity = parse_quantity($this->request->getPost('quantity'));
$price = parse_decimals($this->request->getPost('price'));
$quantity = parse_quantity($this->request->getPost('quantity'));
$raw_receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity'));
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: Duplicated code
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
$description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: Duplicated code
$serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
$discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT);
$discount = $discount_type
$discount = $discount_type
? parse_quantity(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
: parse_decimals(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
@@ -210,123 +223,135 @@ class Receivings extends Secure_Controller
$data['error'] = lang('Receivings.error_editing_item');
}
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
/**
* Edit a receiving. Used in app/Controllers/Receivings.php
*
* @param $receiving_id
* @return string
* @noinspection PhpUnused
*
* @param mixed $receiving_id
*/
public function getEdit($receiving_id): void
public function getEdit($receiving_id): string
{
$data = [];
$data['suppliers'] = ['' => 'No Supplier'];
foreach ($this->supplier->get_all()->getResult() as $supplier) {
$data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
}
$data['employees'] = [];
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {
$stored_employee_id = $receiving_info['employee_id'];
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
}
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$data['selected_supplier_name'] = ! empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
$data['selected_supplier_id'] = $receiving_info['supplier_id'];
$data['receiving_info'] = $receiving_info;
$data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
$data['selected_supplier_id'] = $receiving_info['supplier_id'];
$data['receiving_info'] = $receiving_info;
$data['can_assign_employee'] = $can_assign_employee;
echo view('receivings/form', $data);
return view('receivings/form', $data);
}
/**
* Deletes an item from the current receiving. Used in app/Views/receivings/receiving.php
*
* @param $item_number
* @return string
* @noinspection PhpUnused
*
* @param mixed $item_number
*/
public function getDeleteItem($item_number): void
public function getDeleteItem($item_number): string
{
$this->receiving_lib->delete_item($item_number);
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* @throws ReflectionException
* @return ResponseInterface
*/
public function postDelete(int $receiving_id = -1, bool $update_inventory = true): void
public function postDelete(int $receiving_id = -1, bool $update_inventory = true): ResponseInterface
{
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$receiving_ids = $receiving_id === -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id]; // TODO: Replace -1 with constant
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$receiving_ids = $receiving_id == -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id]; // TODO: Replace -1 with constant
if ($this->receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) { // TODO: Likely need to surround this block of code in a try-catch to catch the ReflectionException
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Receivings.successfully_deleted') . ' ' . count($receiving_ids) . ' ' . lang('Receivings.one_or_multiple'),
'ids' => $receiving_ids,
'ids' => $receiving_ids
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
}
}
/**
* Removes a supplier from a receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @noinspection PhpUnused
*/
public function getRemoveSupplier(): void
public function getRemoveSupplier(): string
{
$this->receiving_lib->clear_reference();
$this->receiving_lib->remove_supplier();
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Complete and finalize receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postComplete(): void
public function postComplete(): string
{
$data = [];
$data['cart'] = $this->receiving_lib->get_cart();
$data['total'] = $this->receiving_lib->get_total();
$data['transaction_time'] = to_datetime(time());
$data['mode'] = $this->receiving_lib->get_mode();
$data['comment'] = $this->receiving_lib->get_comment();
$data['reference'] = $this->receiving_lib->get_reference();
$data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$data['cart'] = $this->receiving_lib->get_cart();
$data['total'] = $this->receiving_lib->get_total();
$data['transaction_time'] = to_datetime(time());
$data['mode'] = $this->receiving_lib->get_mode();
$data['comment'] = $this->receiving_lib->get_comment();
$data['reference'] = $this->receiving_lib->get_reference();
$data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
$data['stock_location'] = $this->receiving_lib->get_stock_source();
if ($this->request->getPost('amount_tendered') !== null) {
$data['stock_location'] = $this->receiving_lib->get_stock_source();
if ($this->request->getPost('amount_tendered') != null) {
$data['amount_tendered'] = parse_decimals($this->request->getPost('amount_tendered'));
$data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']);
$data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']);
}
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$employee_info = $this->employee->get_info($employee_id);
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$employee_info = $this->employee->get_info($employee_id);
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
$supplier_id = $this->receiving_lib->get_supplier();
if ($supplier_id !== -1) {
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name; // TODO: duplicated code
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
if ($supplier_id != -1) {
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name; // TODO: duplicated code
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
$data['supplier_address'] = $supplier_info->address_1;
if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
} else {
$data['supplier_location'] = '';
@@ -336,7 +361,7 @@ class Receivings extends Secure_Controller
// SAVE receiving to database
$data['receiving_id'] = 'RECV ' . $this->receiving->save_value($data['cart'], $supplier_id, $employee_id, $data['comment'], $data['reference'], $data['payment_type'], $data['stock_location']);
if ($data['receiving_id'] === 'RECV -1') {
if ($data['receiving_id'] == 'RECV -1') {
$data['error_message'] = lang('Receivings.transaction_failed');
} else {
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
@@ -344,66 +369,69 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
echo view('receivings/receipt', $data);
$view = view("receivings/receipt", $data);
$this->receiving_lib->clear_all();
return $view;
}
/**
* Complete a receiving requisition. Used in app/Views/receivings/receiving.php.
*
* @return string
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postRequisitionComplete(): void
public function postRequisitionComplete(): string
{
if ($this->receiving_lib->get_stock_source() !== $this->receiving_lib->get_stock_destination()) {
if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) {
foreach ($this->receiving_lib->get_cart() as $item) {
$this->receiving_lib->delete_item($item['line']);
$this->receiving_lib->add_item($item['item_id'], $item['quantity'], $this->receiving_lib->get_stock_destination(), $item['discount_type']);
$this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source(), $item['discount_type']);
}
$this->postComplete();
return $this->postComplete();
} else {
$data['error'] = lang('Receivings.error_requisition');
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
}
/**
* Gets the receipt for a receiving. Used in app/Views/receivings/form.php
*
* @param $receiving_id
* @return string
* @noinspection PhpUnused
*
* @param mixed $receiving_id
*/
public function getReceipt($receiving_id): void
public function getReceipt($receiving_id): string
{
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$this->receiving_lib->copy_entire_receiving($receiving_id);
$data['cart'] = $this->receiving_lib->get_cart();
$data['total'] = $this->receiving_lib->get_total();
$data['mode'] = $this->receiving_lib->get_mode();
$data['transaction_time'] = to_datetime(strtotime($receiving_info['receiving_time']));
$data['cart'] = $this->receiving_lib->get_cart();
$data['total'] = $this->receiving_lib->get_total();
$data['mode'] = $this->receiving_lib->get_mode();
$data['transaction_time'] = to_datetime(strtotime($receiving_info['receiving_time']));
$data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
$data['payment_type'] = $receiving_info['payment_type'];
$data['reference'] = $this->receiving_lib->get_reference();
$data['receiving_id'] = 'RECV ' . $receiving_id;
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
$employee_info = $this->employee->get_info($receiving_info['employee_id']);
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
$data['payment_type'] = $receiving_info['payment_type'];
$data['reference'] = $this->receiving_lib->get_reference();
$data['receiving_id'] = 'RECV ' . $receiving_id;
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
$employee_info = $this->employee->get_info($receiving_info['employee_id']);
$data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
$supplier_id = $this->receiving_lib->get_supplier(); // TODO: Duplicated code
if ($supplier_id !== -1) {
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name;
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
if ($supplier_id != -1) {
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name;
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
$data['supplier_address'] = $supplier_info->address_1;
if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
} else {
$data['supplier_location'] = '';
@@ -412,40 +440,46 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = false;
echo view('receivings/receipt', $data);
$view = view("receivings/receipt", $data);
$this->receiving_lib->clear_all();
return $view;
}
private function _reload(array $data = []): void // TODO: Hungarian notation
/**
* @param array $data
* @return string
*/
private function _reload(array $data = []): string // TODO: Hungarian notation
{
$data['cart'] = $this->receiving_lib->get_cart();
$data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
$data['mode'] = $this->receiving_lib->get_mode();
$data['stock_locations'] = $this->stock_location->get_allowed_locations('receivings');
$data['cart'] = $this->receiving_lib->get_cart();
$data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
$data['mode'] = $this->receiving_lib->get_mode();
$data['stock_locations'] = $this->stock_location->get_allowed_locations('receivings');
$data['show_stock_locations'] = count($data['stock_locations']) > 1;
if ($data['show_stock_locations']) {
$data['modes']['requisition'] = lang('Receivings.requisition');
$data['stock_source'] = $this->receiving_lib->get_stock_source();
$data['stock_destination'] = $this->receiving_lib->get_stock_destination();
$data['stock_source'] = $this->receiving_lib->get_stock_source();
$data['stock_destination'] = $this->receiving_lib->get_stock_destination();
}
$data['total'] = $this->receiving_lib->get_total();
$data['total'] = $this->receiving_lib->get_total();
$data['items_module_allowed'] = $this->employee->has_grant('items', $this->employee->get_logged_in_employee_info()->person_id);
$data['comment'] = $this->receiving_lib->get_comment();
$data['reference'] = $this->receiving_lib->get_reference();
$data['payment_options'] = $this->receiving->get_payment_options();
$data['comment'] = $this->receiving_lib->get_comment();
$data['reference'] = $this->receiving_lib->get_reference();
$data['payment_options'] = $this->receiving->get_payment_options();
$supplier_id = $this->receiving_lib->get_supplier();
if ($supplier_id !== -1) { // TODO: Duplicated Code... replace -1 with a constant
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name;
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
if ($supplier_id != -1) { // TODO: Duplicated Code... replace -1 with a constant
$supplier_info = $this->supplier->get_info($supplier_id);
$data['supplier'] = $supplier_info->company_name;
$data['first_name'] = $supplier_info->first_name;
$data['last_name'] = $supplier_info->last_name;
$data['supplier_email'] = $supplier_info->email;
$data['supplier_address'] = $supplier_info->address_1;
if (! empty($supplier_info->zip) || ! empty($supplier_info->city)) {
if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
$data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
} else {
$data['supplier_location'] = '';
@@ -454,39 +488,50 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
echo view('receivings/receiving', $data);
return view("receivings/receiving", $data);
}
/**
* @return ResponseInterface
* @throws ReflectionException
*/
public function postSave(int $receiving_id = -1): void // TODO: Replace -1 with a constant
public function postSave(int $receiving_id = -1): ResponseInterface // TODO: Replace -1 with a constant
{
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: newdate does not follow naming conventions
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
$receiving_time = $date_formatter->format('Y-m-d H:i:s');
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
$existing_receiving = $this->receiving->get_info($receiving_id)->getRowArray();
$employee_id = $existing_receiving['employee_id'];
} else {
$employee_id = $submitted_employee_id;
}
$receiving_data = [
'receiving_time' => $receiving_time,
'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'employee_id' => $employee_id,
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'reference' => $this->request->getPost('reference') !== '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null,
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
];
$this->inventory->update('RECV ' . $receiving_id, ['trans_date' => $receiving_time]);
if ($this->receiving->update($receiving_id, $receiving_data)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Receivings.successfully_updated'),
'id' => $receiving_id,
'id' => $receiving_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Receivings.unsuccessfully_updated'),
'id' => $receiving_id,
'id' => $receiving_id
]);
}
}
@@ -494,12 +539,13 @@ class Receivings extends Secure_Controller
/**
* Cancel an in-process receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @noinspection PhpUnused
*/
public function postCancelReceiving(): void
public function postCancelReceiving(): string
{
$this->receiving_lib->clear_all();
$this->_reload(); // TODO: Hungarian Notation
return $this->_reload(); // TODO: Hungarian Notation
}
}

827
app/Controllers/Reports.php
View File

File diff suppressed because it is too large Load Diff

1020
app/Controllers/Sales.php
View File

File diff suppressed because it is too large Load Diff

56
app/Controllers/Secure_Controller.php
View File

@@ -4,6 +4,8 @@ namespace App\Controllers;
use App\Models\Employee;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Model;
use CodeIgniter\Session\Session;
use Config\OSPOS;
use Config\Services;
@@ -12,10 +14,11 @@ use Config\Services;
* Controllers that are considered secure extend Secure_Controller, optionally a $module_id can
* be set to also check if a user can access a particular module in the system.
*
* @property employee employee
* @property module module
* @property array global_view_data
* @property Employee employee
* @property Module module
* @property Session session
* @property session session
*
*/
class Secure_Controller extends BaseController
{
@@ -24,43 +27,45 @@ class Secure_Controller extends BaseController
protected Module $module;
protected Session $session;
/**
* @param string $module_id
* @param string|null $submodule_id
* @param string|null $menu_group
*/
public function __construct(string $module_id = '', ?string $submodule_id = null, ?string $menu_group = null)
{
$this->employee = model(Employee::class);
$this->module = model(Module::class);
$config = config(OSPOS::class)->settings;
$validation = Services::validation();
if (! $this->employee->is_logged_in()) {
header('Location:' . base_url('login'));
$this->module = model(Module::class);
$config = config(OSPOS::class)->settings;
$validation = Services::validation();
if (!$this->employee->is_logged_in()) {
header("Location:" . base_url('login'));
exit();
}
$logged_in_employee_info = $this->employee->get_logged_in_employee_info();
if (
! $this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
|| (isset($submodule_id) && ! $this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))
!$this->employee->has_module_grant($module_id, $logged_in_employee_info->person_id)
|| (isset($submodule_id) && !$this->employee->has_module_grant($submodule_id, $logged_in_employee_info->person_id))
) {
header('Location:' . base_url("no_access/{$module_id}/{$submodule_id}"));
header("Location:" . base_url("no_access/$module_id/$submodule_id"));
exit();
}
// Load up global global_view_data visible to all the loaded views
$this->session = session();
if ($menu_group === null) {
if ($menu_group == null) {
$menu_group = $this->session->get('menu_group');
} else {
$this->session->set('menu_group', $menu_group);
}
$allowed_modules = $menu_group === 'home'
$allowed_modules = $menu_group == 'home'
? $this->module->get_allowed_home_modules($logged_in_employee_info->person_id)
: $this->module->get_allowed_office_modules($logged_in_employee_info->person_id);
$this->global_view_data = [];
foreach ($allowed_modules->getResult() as $module) {
$this->global_view_data['allowed_modules'][] = $module;
}
@@ -68,36 +73,33 @@ class Secure_Controller extends BaseController
$this->global_view_data += [
'user_info' => $logged_in_employee_info,
'controller_name' => $module_id,
'config' => $config,
'config' => $config
];
view('viewData', $this->global_view_data);
}
public function sanitizeSortColumn($headers, $field, $default): string
{
return $field !== null && in_array($field, array_keys(array_merge(...$headers)), true) ? $field : $default;
return $field != null && in_array($field, array_keys(array_merge(...$headers))) ? $field : $default;
}
/**
* AJAX function used to confirm whether values sent in the request are numeric
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getCheckNumeric(): void
public function getCheckNumeric(): ResponseInterface
{
foreach ($this->request->getGet() as $value) {
if (parse_decimals($value) === false) {
echo 'false';
return;
return $this->response->setJSON('false');
}
}
echo 'true';
return $this->response->setJSON('true');
}
/**
* @param mixed $key
*
* @param $key
* @return mixed|void
*/
public function getConfig($key)
@@ -132,6 +134,7 @@ class Secure_Controller extends BaseController
}
/**
* @param int $data_item_id
* @return false
*/
public function getView(int $data_item_id = -1)
@@ -140,6 +143,7 @@ class Secure_Controller extends BaseController
}
/**
* @param int $data_item_id
* @return false
*/
public function postSave(int $data_item_id = -1)

112
app/Controllers/Suppliers.php
View File

@@ -3,6 +3,8 @@
namespace App\Controllers;
use App\Models\Supplier;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Suppliers extends Persons
{
@@ -15,98 +17,111 @@ class Suppliers extends Persons
$this->supplier = model(Supplier::class);
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_suppliers_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gets one row for a supplier manage table. This is called using AJAX to update one row.
*
* @param mixed $row_id
* @param $row_id
* @return ResponseInterface
*/
public function getRow($row_id): void
public function getRow($row_id): ResponseInterface
{
$data_row = get_supplier_data_row($this->supplier->get_info($row_id));
$data_row = get_supplier_data_row($this->supplier->get_info($row_id));
$data_row['category'] = $this->supplier->get_category_name($data_row['category']);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* Returns Supplier table data rows. This will be called with AJAX.
*/
public function getSearch(): void
* @return void
**/
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(supplier_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$sort = $this->sanitizeSortColumn(supplier_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
$suppliers = $this->supplier->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->supplier->get_found_rows($search);
$data_rows = [];
foreach ($suppliers->getResult() as $supplier) {
$row = get_supplier_data_row($supplier);
$row = get_supplier_data_row($supplier);
$row['category'] = $this->supplier->get_category_name($row['category']);
$data_rows[] = $row;
$data_rows[] = $row;
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
*/
public function getSuggest(): void
* @return ResponseInterface
**/
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$search = $this->request->getGet('term');
$suggestions = $this->supplier->get_search_suggestions($search, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function suggest_search(): void
/**
* @return ResponseInterface
*/
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->supplier->get_search_suggestions($search, false);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the supplier edit form
*
* @param int $supplier_id
* @return string
*/
public function getView(int $supplier_id = NEW_ENTRY): void
public function getView(int $supplier_id = NEW_ENTRY): string
{
$info = $this->supplier->get_info($supplier_id);
foreach (get_object_vars($info) as $property => $value) {
$info->{$property} = $value;
$info->$property = $value;
}
$data['person_info'] = $info;
$data['categories'] = $this->supplier->get_categories();
$data['categories'] = $this->supplier->get_categories();
echo view('suppliers/form', $data);
return view("suppliers/form", $data);
}
/**
* Inserts/updates a supplier
*
* @param int $supplier_id
* @return ResponseInterface
*/
public function postSave(int $supplier_id = NEW_ENTRY): void
public function postSave(int $supplier_id = NEW_ENTRY): ResponseInterface
{
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: Duplicate code
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
// Format first and last name properly
$first_name = $this->nameize($first_name);
$last_name = $this->nameize($last_name);
$last_name = $this->nameize($last_name);
$person_data = [
'first_name' => $first_name,
@@ -120,55 +135,58 @@ class Suppliers extends Persons
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'zip' => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'country' => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'comments' => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
];
$supplier_data = [
'company_name' => $this->request->getPost('company_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'agency_name' => $this->request->getPost('agency_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'category' => $this->request->getPost('category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'account_number' => $this->request->getPost('account_number') === '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT),
'account_number' => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'tax_id' => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
];
if ($this->supplier->save_supplier($person_data, $supplier_data, $supplier_id)) {
// New supplier
if ($supplier_id === NEW_ENTRY) {
echo json_encode([
if ($supplier_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_adding') . ' ' . $supplier_data['company_name'],
'id' => $supplier_data['person_id'],
'id' => $supplier_data['person_id']
]);
} else { // Existing supplier
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_updating') . ' ' . $supplier_data['company_name'],
'id' => $supplier_id,
'id' => $supplier_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Suppliers.error_adding_updating') . ' ' . $supplier_data['company_name'],
'id' => NEW_ENTRY,
'message' => lang('Suppliers.error_adding_updating') . ' ' . $supplier_data['company_name'],
'id' => NEW_ENTRY
]);
}
}
/**
* This deletes suppliers from the suppliers table
*
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$suppliers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->supplier->delete_list($suppliers_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple'),
'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
}
}
}

70
app/Controllers/Tax_categories.php
View File

@@ -3,9 +3,11 @@
namespace App\Controllers;
use App\Models\Tax_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
* @property Tax_category tax_category
* @property tax_category tax_category
*/
class Tax_categories extends Secure_Controller
{
@@ -18,17 +20,22 @@ class Tax_categories extends Secure_Controller
$this->tax_category = model(Tax_category::class);
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['tax_categories_table_headers'] = get_tax_categories_table_headers();
echo view('taxes/tax_categories', $data);
return view('taxes/tax_categories', $data);
}
/**
* Returns tax_category table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -37,74 +44,89 @@ class Tax_categories extends Secure_Controller
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->tax_category->get_found_rows($search);
$total_rows = $this->tax_category->get_found_rows($search);
$data_rows = [];
foreach ($tax_categories->getResult() as $tax_category) {
$data_rows[] = get_tax_categories_data_row($tax_category);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function getRow($row_id): void
/**
* @param $row_id
* @return ResponseInterface
*/
public function getRow($row_id): ResponseInterface
{
$data_row = get_tax_categories_data_row($this->tax_category->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView(int $tax_category_id = NEW_ENTRY): void
/**
* @param int $tax_category_id
* @return string
*/
public function getView(int $tax_category_id = NEW_ENTRY): string
{
$data['tax_category_info'] = $this->tax_category->get_info($tax_category_id);
echo view('taxes/tax_category_form', $data);
return view("taxes/tax_category_form", $data);
}
public function postSave(int $tax_category_id = NEW_ENTRY): void
/**
* @param int $tax_category_id
* @return ResponseInterface
*/
public function postSave(int $tax_category_id = NEW_ENTRY): ResponseInterface
{
$tax_category_data = [
'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'tax_category_code' => $this->request->getPost('tax_category_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT),
'tax_group_sequence' => $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT)
];
if ($this->tax_category->save_value($tax_category_data, $tax_category_id)) {
// New tax_category_id
if ($tax_category_id === NEW_ENTRY) {
echo json_encode([
if ($tax_category_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_adding'),
'id' => $tax_category_data['tax_category_id'],
'id' => $tax_category_data['tax_category_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_updating'),
'id' => $tax_category_id,
'id' => $tax_category_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_categories.error_adding_updating') . ' ' . $tax_category_data['tax_category'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$tax_categories_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_category->delete_list($tax_categories_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple'),
'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
}
}
}

75
app/Controllers/Tax_codes.php
View File

@@ -3,9 +3,11 @@
namespace App\Controllers;
use App\Models\Tax_code;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
* @property Tax_code tax_code
* @property tax_code tax_code
*/
class Tax_codes extends Secure_Controller
{
@@ -19,22 +21,31 @@ class Tax_codes extends Secure_Controller
helper('tax_helper');
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
echo view('taxes/tax_codes', $this->get_data());
return view('taxes/tax_codes', $this->get_data());
}
/**
* @return array
*/
public function get_data(): array
{
$data['table_headers'] = get_tax_code_table_headers();
$data['table_headers'] = get_tax_code_table_headers();
return $data;
}
/**
* Returns tax_category table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -42,7 +53,7 @@ class Tax_codes extends Secure_Controller
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
$tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->tax_code->get_found_rows($search);
$data_rows = [];
@@ -51,66 +62,82 @@ class Tax_codes extends Secure_Controller
$data_rows[] = get_tax_code_data_row($tax_code);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_code_data_row($this->tax_code->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView(int $tax_code_id = NEW_ENTRY): void
/**
* @param int $tax_code_id
* @return string
*/
public function getView(int $tax_code_id = NEW_ENTRY): string
{
$data['tax_code_info'] = $this->tax_code->get_info($tax_code_id);
echo view('taxes/tax_code_form', $data);
return view("taxes/tax_code_form", $data);
}
public function postSave(int $tax_code_id = NEW_ENTRY): void
/**
* @param int $tax_code_id
* @return ResponseInterface
*/
public function postSave(int $tax_code_id = NEW_ENTRY): ResponseInterface
{
$tax_code_data = [
'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'tax_code_name' => $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'city' => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'state' => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
];
if ($this->tax_code->save($tax_code_data)) {
if ($tax_code_id === NEW_ENTRY) {
echo json_encode([
if ($tax_code_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_adding'),
'id' => $tax_code_data['tax_code_id'],
'id' => $tax_code_data['tax_code_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_updating'),
'id' => $tax_code_id,
'id' => $tax_code_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_codes.error_adding_updating') . ' ' . $tax_code_data['tax_code_id'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_code->delete_list($tax_codes_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple'),
'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
}
}
}

71
app/Controllers/Tax_jurisdictions.php
View File

@@ -3,9 +3,11 @@
namespace App\Controllers;
use App\Models\Tax_jurisdiction;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
* @property Tax_jurisdiction tax_jurisdiction
* @property tax_jurisdiction tax_jurisdiction
*/
class Tax_jurisdictions extends Secure_Controller
{
@@ -20,17 +22,23 @@ class Tax_jurisdictions extends Secure_Controller
helper('tax_helper');
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['table_headers'] = get_tax_jurisdictions_table_headers();
echo view('taxes/tax_jurisdictions', $data);
return view('taxes/tax_jurisdictions', $data);
}
/**
* Returns tax_category table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -39,72 +47,87 @@ class Tax_jurisdictions extends Secure_Controller
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->tax_jurisdiction->get_found_rows($search);
$total_rows = $this->tax_jurisdiction->get_found_rows($search);
$data_rows = [];
foreach ($tax_jurisdictions->getResult() as $tax_jurisdiction) {
$data_rows[] = get_tax_jurisdictions_data_row($tax_jurisdiction);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_jurisdictions_data_row($this->tax_jurisdiction->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView(int $tax_jurisdiction_id = NEW_ENTRY): void
/**
* @param int $tax_jurisdiction_id
* @return string
*/
public function getView(int $tax_jurisdiction_id = NEW_ENTRY): string
{
$data['tax_jurisdiction_info'] = $this->tax_jurisdiction->get_info($tax_jurisdiction_id);
echo view('taxes/tax_jurisdiction_form', $data);
return view("taxes/tax_jurisdiction_form", $data);
}
public function postSave(int $jurisdiction_id = NEW_ENTRY): void
/**
* @param int $jurisdiction_id
* @return ResponseInterface
*/
public function postSave(int $jurisdiction_id = NEW_ENTRY): ResponseInterface
{
$tax_jurisdiction_data = [
'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'reporting_authority' => $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
];
if ($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) {
if ($jurisdiction_id === NEW_ENTRY) {
echo json_encode([
if ($jurisdiction_id == NEW_ENTRY) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_adding'),
'id' => $tax_jurisdiction_data['jurisdiction_id'],
'id' => $tax_jurisdiction_data['jurisdiction_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_updating'),
'id' => $jurisdiction_id,
'id' => $jurisdiction_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_jurisdictions.error_adding_updating') . ' ' . $tax_jurisdiction_data['jurisdiction_name'],
'id' => NEW_ENTRY,
'id' => NEW_ENTRY
]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$tax_jurisdictions_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_jurisdiction->delete_list($tax_jurisdictions_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple'),
'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
}
}
}

406
app/Controllers/Taxes.php
View File

@@ -3,12 +3,14 @@
namespace App\Controllers;
use App\Libraries\Tax_lib;
use App\Models\enums\Rounding_mode;
use App\Models\Enums\Rounding_mode;
use App\Models\Tax;
use App\Models\Tax_category;
use App\Models\Tax_code;
use App\Models\Tax_jurisdiction;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
class Taxes extends Secure_Controller
{
@@ -23,37 +25,40 @@ class Taxes extends Secure_Controller
{
parent::__construct('taxes');
$this->tax = model(Tax::class);
$this->tax_category = model(Tax_category::class);
$this->tax_code = model(Tax_code::class);
$this->tax = model(Tax::class);
$this->tax_category = model(Tax_category::class);
$this->tax_code = model(Tax_code::class);
$this->tax_jurisdiction = model(Tax_jurisdiction::class);
$this->tax_lib = new Tax_lib();
$this->config = config(OSPOS::class)->settings;
$this->config = config(OSPOS::class)->settings;
helper('tax_helper');
}
public function getIndex(): void
/**
* @return string
*/
public function getIndex(): string
{
$data['tax_codes'] = $this->tax_code->get_all()->getResultArray();
if (count($data['tax_codes']) === 0) {
if (count($data['tax_codes']) == 0) {
$data['tax_codes'] = $this->tax_code->get_empty_row();
}
$data['tax_categories'] = $this->tax_category->get_all()->getResultArray();
if (count($data['tax_categories']) === 0) {
if (count($data['tax_categories']) == 0) {
$data['tax_categories'] = $this->tax_category->get_empty_row();
}
$data['tax_jurisdictions'] = $this->tax_jurisdiction->get_all()->getResultArray();
if (count($data['tax_jurisdictions']) === 0) {
if (count($data['tax_jurisdictions']) == 0) {
$data['tax_jurisdictions'] = $this->tax_jurisdiction->get_empty_row();
}
$data['tax_rate_table_headers'] = get_tax_rates_manage_table_headers();
$data['tax_rate_table_headers'] = get_tax_rates_manage_table_headers();
$data['tax_categories_table_headers'] = get_tax_categories_table_headers();
$data['tax_types'] = $this->tax_lib->get_tax_types();
$data['tax_types'] = $this->tax_lib->get_tax_types();
if ($this->config['tax_included']) {
$data['default_tax_type'] = Tax_lib::TAX_TYPE_INCLUDED;
@@ -63,68 +68,80 @@ class Taxes extends Secure_Controller
$data['tax_type_options'] = $this->tax_lib->get_tax_type_options($data['default_tax_type']);
echo view('taxes/manage', $data);
return view('taxes/manage', $data);
}
/**
* Returns tax_codes table data rows. This will be called with AJAX.
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);
$total_rows = $this->tax->get_found_rows($search);
$data_rows = [];
foreach ($tax_rates->getResult() as $tax_rate_row) {
$data_rows[] = get_tax_rates_data_row($tax_rate_row);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->tax->get_search_suggestions($search); // TODO: There is no get_search_suggestions function in the tax model
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Provides list of tax categories to select from
* @return ResponseInterface
*/
public function suggest_tax_categories(): void
public function suggest_tax_categories(): ResponseInterface
{
$search = $this->request->getPost('term');
$search = $this->request->getPost('term');
$suggestions = $this->tax_category->get_tax_category_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
public function getRow(int $row_id): void
/**
* @param int $row_id
* @return ResponseInterface
*/
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_rates_data_row($this->tax->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
public function getView_tax_codes(int $tax_code = NEW_ENTRY): void
/**
* @param int $tax_code
* @return string
*/
public function getView_tax_codes(int $tax_code = NEW_ENTRY): string
{
$tax_code_info = $this->tax->get_info($tax_code);
$default_tax_category_id = 1; // Tax category id is always the default tax category // TODO: Replace 1 with constant
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id); // TODO: this variable is never used in the code.
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id); // TODO: this variable is never used in the code.
$tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);
@@ -134,91 +151,99 @@ class Taxes extends Secure_Controller
$data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
}
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['html_rounding_options'] = $this->get_html_rounding_options();
if ($tax_code === NEW_ENTRY) { // TODO: Duplicated code
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
if ($tax_code == NEW_ENTRY) { // TODO: Duplicated code
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
$data['rate_tax_category_id'] = 1;
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
} else {
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
}
$tax_rates = [];
foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) { // TODO: get_tax_code_rate_exceptions doesn't exist. This was deleted by @steveireland in https://github.com/opensourcepos/opensourcepos/commit/32204698379c230f2a6756655f40334308023de9#diff-e746bab6720cf5dbf855de6cda68f7aca9ecea7ddd5a39bb852e9b9047a7a838L435 but it's unclear if that was on purpose or accidental.
$tax_rate_row = [];
$tax_rate_row = [];
$tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rates[] = $tax_rate_row;
}
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_code_form', $data);
return view('taxes/tax_code_form', $data);
}
public function getView(int $tax_rate_id = NEW_ENTRY): void
/**
* @param int $tax_rate_id
* @return string
*/
public function getView(int $tax_rate_id = NEW_ENTRY): string
{
$tax_rate_info = $this->tax->get_info($tax_rate_id);
$data['tax_rate_id'] = $tax_rate_id;
$data['tax_rate_id'] = $tax_rate_id;
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['tax_code_options'] = $this->tax_lib->get_tax_code_options();
$data['tax_category_options'] = $this->tax_lib->get_tax_category_options();
$data['tax_code_options'] = $this->tax_lib->get_tax_code_options();
$data['tax_category_options'] = $this->tax_lib->get_tax_category_options();
$data['tax_jurisdiction_options'] = $this->tax_lib->get_tax_jurisdiction_options();
if ($tax_rate_id === NEW_ENTRY) {
$data['rate_tax_code_id'] = $this->config['default_tax_code'];
if ($tax_rate_id == NEW_ENTRY) {
$data['rate_tax_code_id'] = $this->config['default_tax_code'];
$data['rate_tax_category_id'] = $this->config['default_tax_category'];
$data['rate_jurisdiction_id'] = $this->config['default_tax_jurisdiction'];
$data['tax_rounding_code'] = Rounding_mode::HALF_UP;
$data['tax_rate'] = '0.0000';
$data['tax_rounding_code'] = Rounding_mode::HALF_UP;
$data['tax_rate'] = '0.0000';
} else {
$data['rate_tax_code_id'] = $tax_rate_info->rate_tax_code_id;
$data['rate_tax_code'] = $tax_rate_info->tax_code;
$data['rate_tax_code_id'] = $tax_rate_info->rate_tax_code_id;
$data['rate_tax_code'] = $tax_rate_info->tax_code;
$data['rate_tax_category_id'] = $tax_rate_info->rate_tax_category_id;
$data['rate_jurisdiction_id'] = $tax_rate_info->rate_jurisdiction_id;
$data['tax_rounding_code'] = $tax_rate_info->tax_rounding_code;
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['tax_rounding_code'] = $tax_rate_info->tax_rounding_code;
$data['tax_rate'] = $tax_rate_info->tax_rate;
}
echo view('taxes/tax_rates_form', $data);
return view('taxes/tax_rates_form', $data);
}
public function getView_tax_categories(int $tax_code = NEW_ENTRY): void // TODO: This appears to be called no where in the code.
/**
* @param int $tax_code
* @return string
*/
public function getView_tax_categories(int $tax_code = NEW_ENTRY): string // TODO: This appears to be called no where in the code.
{
$tax_code_info = $this->tax->get_info($tax_code); // TODO: Duplicated Code
$default_tax_category_id = 1; // Tax category id is always the default tax category // TODO: replace with a constant.
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id);
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id);
$tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['html_rounding_options'] = $this->get_html_rounding_options();
if ($this->config['tax_included']) {
@@ -227,59 +252,62 @@ class Taxes extends Secure_Controller
$data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
}
if ($tax_code === NEW_ENTRY) {
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
if ($tax_code == NEW_ENTRY) {
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
$data['rate_tax_category_id'] = 1;
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
} else {
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
}
$tax_rates = [];
foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) { // TODO: get_tax_code_rate_exceptions doesn't exist in the tax model
$tax_rate_row = [];
$tax_rate_row = [];
$tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rates[] = $tax_rate_row;
}
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_category_form', $data);
return view('taxes/tax_category_form', $data);
}
public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): void // TODO: This appears to be called no where in the code.
/**
* @param int $tax_code
* @return string
*/
public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): string // TODO: This appears to be called no where in the code.
{
$tax_code_info = $this->tax->get_info($tax_code); // TODO: Duplicated code
$default_tax_category_id = 1; // Tax category id is always the default tax category
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id); // TODO: This variable is not used anywhere in the code
$default_tax_category = $this->tax->get_tax_category($default_tax_category_id); // TODO: This variable is not used anywhere in the code
$tax_rate_info = $this->tax->get_rate_info($tax_code, $default_tax_category_id);
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['rounding_options'] = Rounding_mode::get_rounding_options();
$data['html_rounding_options'] = $this->get_html_rounding_options();
if ($this->config['tax_included']) {
@@ -288,60 +316,66 @@ class Taxes extends Secure_Controller
$data['default_tax_type'] = Tax_lib::TAX_TYPE_EXCLUDED;
}
if ($tax_code === NEW_ENTRY) {
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
if ($tax_code == NEW_ENTRY) {
$data['tax_code'] = '';
$data['tax_code_name'] = '';
$data['tax_code_type'] = '0';
$data['city'] = '';
$data['state'] = '';
$data['tax_rate'] = '0.0000';
$data['rate_tax_code'] = '';
$data['rate_tax_category_id'] = 1;
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
$data['tax_category'] = '';
$data['add_tax_category'] = '';
$data['rounding_code'] = '0';
} else {
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['tax_code'] = $tax_code;
$data['tax_code_name'] = $tax_code_info->tax_code_name;
$data['tax_code_type'] = $tax_code_info->tax_code_type;
$data['city'] = $tax_code_info->city;
$data['state'] = $tax_code_info->state;
$data['rate_tax_code'] = $tax_code_info->rate_tax_code;
$data['rate_tax_category_id'] = $tax_code_info->rate_tax_category_id;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
$data['tax_category'] = $tax_code_info->tax_category;
$data['add_tax_category'] = '';
$data['tax_rate'] = $tax_rate_info->tax_rate;
$data['rounding_code'] = $tax_rate_info->rounding_code;
}
$tax_rates = [];
foreach ($this->tax->get_tax_code_rate_exceptions($tax_code) as $tax_code_rate) { // TODO: get_tax_code_rate_exceptions doesn't exist in the tax model
$tax_rate_row = [];
$tax_rate_row = [];
$tax_rate_row['rate_tax_category_id'] = $tax_code_rate['rate_tax_category_id'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rate_row['tax_category'] = $tax_code_rate['tax_category'];
$tax_rate_row['tax_rate'] = $tax_code_rate['tax_rate'];
$tax_rate_row['rounding_code'] = $tax_code_rate['rounding_code'];
$tax_rates[] = $tax_rate_row;
}
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_jurisdiction_form', $data);
return view('taxes/tax_jurisdiction_form', $data);
}
/**
* @return string
*/
public static function get_html_rounding_options(): string
{
return Rounding_mode::get_html_rounding_options();
}
public function postSave(int $tax_rate_id = NEW_ENTRY): void
/**
* @param int $tax_rate_id
* @return ResponseInterface
*/
public function postSave(int $tax_rate_id = NEW_ENTRY): ResponseInterface
{
$tax_category_id = $this->request->getPost('rate_tax_category_id', FILTER_SANITIZE_NUMBER_INT);
$tax_rate = parse_tax($this->request->getPost('tax_rate'));
$tax_rate = parse_tax($this->request->getPost('tax_rate'));
if ($tax_rate === 0) { // TODO: Replace 0 with constant?
if ($tax_rate == 0) { // TODO: Replace 0 with constant?
$tax_category_info = $this->tax_category->get_info($tax_category_id); // TODO: this variable is not used anywhere in the code
}
@@ -350,93 +384,98 @@ class Taxes extends Secure_Controller
'rate_tax_category_id' => $tax_category_id,
'rate_jurisdiction_id' => $this->request->getPost('rate_jurisdiction_id', FILTER_SANITIZE_NUMBER_INT),
'tax_rate' => $tax_rate,
'tax_rounding_code' => $this->request->getPost('tax_rounding_code', FILTER_SANITIZE_NUMBER_INT),
'tax_rounding_code' => $this->request->getPost('tax_rounding_code', FILTER_SANITIZE_NUMBER_INT)
];
if ($this->tax->save_value($tax_rate_data, $tax_rate_id)) {
if ($tax_rate_id === NEW_ENTRY) { // TODO: this needs to be replaced with ternary notation
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
if ($tax_rate_id == NEW_ENTRY) { // TODO: this needs to be replaced with ternary notation
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
} else { // Existing tax_code
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
}
} else {
echo json_encode(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
}
}
public function postDelete(): void
/**
* @return ResponseInterface
*/
public function postDelete(): ResponseInterface
{
$tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax->delete_list($tax_codes_to_delete)) { // TODO: this needs to be replaced with ternary notation
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
} else {
echo json_encode(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
}
}
/**
* Get search suggestions for tax codes. Used in app/Views/customers/form.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestTaxCodes(): void
public function getSuggestTaxCodes(): ResponseInterface
{
$search = $this->request->getPostGet('term');
$search = $this->request->getPostGet('term');
$suggestions = $this->tax_code->get_tax_codes_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Saves Tax Codes. Used in app/Views/taxes/tax_codes.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function save_tax_codes(): void
public function postSave_tax_codes(): ResponseInterface
{
$tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
$tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
$tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_code_name = $this->request->getPost('tax_code_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$city = $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$state = $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$array_save = []; // TODO: the naming of this variable is not good.
foreach ($tax_code_id as $key => $val) {
$array_save[] = [
'tax_code_id' => $val,
'tax_code' => $tax_code[$key],
'tax_code_name' => $tax_code_name[$key],
'city' => $city[$key],
'state' => $state[$key],
'state' => $state[$key]
];
}
$success = $this->tax_code->save_tax_codes($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_codes_saved_' . ($success ? '' : 'un') . 'successfully'),
'message' => lang('Taxes.tax_codes_saved_' . ($success ? '' : 'un') . 'successfully')
]);
}
/**
* Saves given tax jurisdiction. Used in app/Views/taxes/tax_jurisdictions.php.
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function save_tax_jurisdictions(): void
public function postSave_tax_jurisdictions(): ResponseInterface
{
$jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
$jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT);
$jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
$jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_group = $this->request->getPost('tax_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_type = $this->request->getPost('tax_type', FILTER_SANITIZE_NUMBER_INT);
$reporting_authority = $this->request->getPost('reporting_authority', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
$cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT);
$tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
$cascade_sequence = $this->request->getPost('cascade_sequence', FILTER_SANITIZE_NUMBER_INT);
$array_save = [];
$array_save = [];
$unique_tax_groups = [];
foreach ($jurisdiction_id as $key => $val) {
@@ -447,37 +486,37 @@ class Taxes extends Secure_Controller
'tax_type' => $tax_type[$key],
'reporting_authority' => $reporting_authority[$key],
'tax_group_sequence' => $tax_group_sequence[$key],
'cascade_sequence' => $cascade_sequence[$key],
'cascade_sequence' => $cascade_sequence[$key]
];
if (in_array($tax_group[$key], $unique_tax_groups, true)) { // TODO: This can be replaced with `in_array($tax_group[$key], $unique_tax_groups)`
echo json_encode([
if (in_array($tax_group[$key], $unique_tax_groups)) { // TODO: This can be replaced with `in_array($tax_group[$key], $unique_tax_groups)`
return $this->response->setJSON([
'success' => false,
'message' => lang('Taxes.tax_group_not_unique', [$tax_group[$key]]),
'message' => lang('Taxes.tax_group_not_unique', [$tax_group[$key]])
]);
return;
} else {
$unique_tax_groups[] = $tax_group[$key];
}
$unique_tax_groups[] = $tax_group[$key];
}
$success = $this->tax_jurisdiction->save_jurisdictions($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_jurisdictions_saved_' . ($success ? '' : 'un') . 'successfully'),
'message' => lang('Taxes.tax_jurisdictions_saved_' . ($success ? '' : 'un') . 'successfully')
]);
}
/**
* Saves tax categories. Used in app/Views/taxes/tax_categories.php
*
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function save_tax_categories(): void
public function postSave_tax_categories(): ResponseInterface
{
$tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
$tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
$tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$tax_group_sequence = $this->request->getPost('tax_group_sequence', FILTER_SANITIZE_NUMBER_INT);
$array_save = [];
@@ -486,48 +525,51 @@ class Taxes extends Secure_Controller
$array_save[] = [
'tax_category_id' => $val,
'tax_category' => $tax_category[$key],
'tax_group_sequence' => $tax_group_sequence[$key],
'tax_group_sequence' => $tax_group_sequence[$key]
];
}
$success = $this->tax_category->save_categories($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_categories_saved_' . ($success ? '' : 'un') . 'successfully'),
'message' => lang('Taxes.tax_categories_saved_' . ($success ? '' : 'un') . 'successfully')
]);
}
/**
* Gets tax codes partial view. Used in app/Views/taxes/tax_codes.php.
*
* @return string
* @noinspection PhpUnused
*/
public function ajax_tax_codes(): void
public function getAjax_tax_codes(): string
{
$tax_codes = $this->tax_code->get_all()->getResultArray();
echo view('partial/tax_codes', ['tax_codes' => $tax_codes]);
return view('partial/tax_codes', ['tax_codes' => $tax_codes]);
}
/**
* Gets current tax categories. Used in app/Views/taxes/tax_categories.php
*
* @return string
* @noinspection PhpUnused
*/
public function ajax_tax_categories(): void
public function getAjax_tax_categories(): string
{
$tax_categories = $this->tax_category->get_all()->getResultArray();
echo view('partial/tax_categories', ['tax_categories' => $tax_categories]);
return view('partial/tax_categories', ['tax_categories' => $tax_categories]);
}
/**
* Gets the tax jurisdiction partial view. Used in app/Views/taxes/tax_jurisdictions.php.
*
* @return string
* @noinspection PhpUnused
*/
public function ajax_tax_jurisdictions(): void
public function getAjax_tax_jurisdictions(): string
{
$tax_jurisdictions = $this->tax_jurisdiction->get_all()->getResultArray();
@@ -539,10 +581,10 @@ class Taxes extends Secure_Controller
$tax_types = $this->tax_lib->get_tax_types();
echo view('partial/tax_jurisdictions', [
return view('partial/tax_jurisdictions', [
'tax_jurisdictions' => $tax_jurisdictions,
'tax_types' => $tax_types,
'default_tax_type' => $default_tax_type,
'default_tax_type' => $default_tax_type
]);
}
}

60
app/Database/Migrations/20170501000000_initial_schema.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
class Migration_Initial_Schema extends Migration
{
public function __construct()
{
parent::__construct();
}
/**
* Perform a migration step.
* Only runs on fresh installs - skips if database already has tables.
*
* For testing: CI4's DatabaseTestTrait with $refresh=true handles table
* cleanup/creation automatically. This migration only loads initial schema
* on fresh databases where no application tables exist.
*/
public function up(): void
{
// Check if core application tables exist (existing install)
// Note: migrations table may exist even on fresh DB due to migration tracking
$tables = $this->db->listTables();
// Check for a core application table, not just migrations table
foreach ($tables as $table) {
// Strip prefix if present for comparison
$tableName = str_replace($this->db->getPrefix(), '', $table);
if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
// Database already populated - skip initial schema
// This is an existing installation upgrading from older version
return;
}
}
// Fresh install - load initial schema
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
}
/**
* Revert a migration step.
* Cannot revert initial schema - would lose all data.
*/
public function down(): void
{
// Cannot safely revert initial schema
// Would require dropping all tables which would lose all data
$this->db->query('SET FOREIGN_KEY_CHECKS = 0');
foreach ($this->db->listTables() as $table) {
$this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
}
$this->db->query('SET FOREIGN_KEY_CHECKS = 1');
}
}

4
app/Database/Migrations/20170501150000_upgrade_to_3_1_1.php
View File

@@ -23,7 +23,5 @@ class Migration_Upgrade_To_3_1_1 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

185
app/Database/Migrations/20170502221506_sales_tax_data.php
View File

@@ -8,18 +8,17 @@ use CodeIgniter\Database\Migration;
use CodeIgniter\Database\ResultInterface;
/**
* @property Appconfig appconfig
* @property Tax_lib tax_lib
* @property tax_lib tax_lib
* @property appconfig appconfig
*/
class Migration_Sales_Tax_Data extends Migration
{
public const ROUND_UP = 5; // TODO: These need to be moved to constants.php
public const ROUND_UP = 5; // TODO: These need to be moved to constants.php
public const ROUND_DOWN = 6;
public const HALF_FIVE = 7;
public const YES = '1';
public const VAT_TAX = '0';
public const SALES_TAX = '1';
public const HALF_FIVE = 7;
public const YES = '1';
public const VAT_TAX = '0';
public const SALES_TAX = '1';
private Appconfig $appconfig;
public function __construct()
@@ -35,7 +34,7 @@ class Migration_Sales_Tax_Data extends Migration
public function up(): void
{
$number_of_unmigrated = $this->get_count_of_unmigrated();
error_log("Migrating sales tax history. The number of sales that will be migrated is {$number_of_unmigrated}");
log_message('info', "Migrating sales tax history. The number of sales that will be migrated is $number_of_unmigrated");
if ($number_of_unmigrated > 0) {
$unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
@@ -45,20 +44,22 @@ class Migration_Sales_Tax_Data extends Migration
}
}
error_log('Migrating sales tax history. The number of sales that will be migrated is finished.');
log_message('info', 'Migrating sales tax history. The number of sales that will be migrated is finished.');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
/**
* @param int $sale_id
* @return void
*/
private function upgrade_tax_history_for_sale(int $sale_id): void
{
$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) === Migration_Sales_Tax_Data::YES;
$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
$customer_sales_tax_support = false;
if ($tax_included) { // TODO: Convert to ternary notation.
@@ -67,13 +68,13 @@ class Migration_Sales_Tax_Data extends Migration
$tax_type = Migration_Sales_Tax_Data::SALES_TAX;
}
$sales_taxes = [];
$sales_taxes = [];
$tax_group_sequence = 0;
$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
foreach ($items as $item) {
// This computes tax for each line item and adds it to the tax type total
$tax_group = (float) $item['percent'] . '% ' . $item['name'];
$tax_group = (float)$item['percent'] . '% ' . $item['name'];
$tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount_percent'], true);
$item_tax_amount = $tax_included
@@ -93,6 +94,10 @@ class Migration_Sales_Tax_Data extends Migration
$this->save_sales_tax($sales_taxes);
}
/**
* @param int $block_count
* @return ResultInterface
*/
private function get_unmigrated(int $block_count): ResultInterface
{
$builder = $this->db->table('sales_items_taxes as SIT');
@@ -108,6 +113,10 @@ class Migration_Sales_Tax_Data extends Migration
return $builder->get();
}
/**
* @param int $sale_id
* @return ResultInterface
*/
private function get_sale_items_for_migration(int $sale_id): ResultInterface
{
$builder = $this->db->table('sales_items as sales_items');
@@ -124,6 +133,9 @@ class Migration_Sales_Tax_Data extends Migration
return $builder->get();
}
/**
* @return int
*/
private function get_count_of_unmigrated(): int
{
$result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
@@ -133,15 +145,23 @@ class Migration_Sales_Tax_Data extends Migration
. ' as ST ON SIT.sale_id = ST.sale_id WHERE ST.sale_id is null GROUP BY SIT.sale_id, ST.sale_id'
. ' ORDER BY SIT.sale_id) as US')->getResultArray();
if (! $result) {
error_log('Database error in 20170502221506_sales_tax_data.php related to sales_taxes or sales_items_taxes.');
if (!$result) {
log_message('info', 'Database error in 20170502221506_sales_tax_data.php related to sales_taxes or sales_items_taxes.');
return 0;
}
return $result[0]['COUNT(*)'] ?: 0;
}
/**
* @param int $sale_id
* @param int $line
* @param string $name
* @param float $percent
* @param int $tax_type
* @param float $item_tax_amount
* @return void
*/
private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
{
$builder = $this->db->table('sales_items_taxes');
@@ -152,6 +172,10 @@ class Migration_Sales_Tax_Data extends Migration
$builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
}
/**
* @param array $sales_taxes
* @return void
*/
private function save_sales_tax(array &$sales_taxes): void
{
$builder = $this->db->Table('sales_taxes');
@@ -161,37 +185,56 @@ class Migration_Sales_Tax_Data extends Migration
}
}
/**
* @param string $quantity
* @param string $price
* @param string $discount_percentage
* @param bool $include_discount
* @return string
*/
public function get_item_total(string $quantity, string $price, string $discount_percentage, bool $include_discount = false): string
{
$total = bcmul($quantity, $price);
if ($include_discount) {
$discount_amount = $this->get_item_discount($quantity, $price, $discount_percentage);
return bcsub($total, $discount_amount);
}
return $total;
}
/**
* @param string $quantity
* @param string $price
* @param string $discount
* @return float
*/
public function get_item_discount(string $quantity, string $price, string $discount): float
{
$total = bcmul($quantity, $price);
$total = bcmul($quantity, $price);
$discount_fraction = bcdiv($discount, 100);
$discount = bcmul($total, $discount_fraction);
$discount = bcmul($total, $discount_fraction);
return round($discount, totals_decimals(), PHP_ROUND_HALF_UP); // TODO: I don't think this is currency safe. Round will cast it's first parameter to a float. It also returns a float.
}
/**
* @param string $quantity
* @param string $price
* @param string $discount_percentage
* @param string $tax_percentage
* @return string
*/
public function get_item_tax(string $quantity, string $price, string $discount_percentage, string $tax_percentage): string
{
$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) === Migration_Sales_Tax_Data::YES;
$tax_included = $this->appconfig->get_value('tax_included', Migration_Sales_Tax_Data::YES) == Migration_Sales_Tax_Data::YES;
$price = $this->get_item_total($quantity, $price, $discount_percentage, true);
if ($tax_included) {
$tax_fraction = bcadd('100', $tax_percentage);
$tax_fraction = bcdiv($tax_fraction, '100');
$tax_fraction = bcadd('100', $tax_percentage);
$tax_fraction = bcdiv($tax_fraction, '100');
$price_tax_excl = bcdiv($price, $tax_fraction);
return bcsub($price, $price_tax_excl);
@@ -201,23 +244,38 @@ class Migration_Sales_Tax_Data extends Migration
return bcmul($price, $tax_fraction);
}
/**
* @param string $tax_basis
* @param string $tax_percentage
* @param int $rounding_mode
* @param int $decimals
* @return float
*/
public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float
{
$tax_fraction = bcdiv($tax_percentage, '100');
$tax_amount = bcmul($tax_basis, $tax_fraction);
$tax_amount = bcmul($tax_basis, $tax_fraction);
return $this->round_number($rounding_mode, $tax_amount, $decimals);
}
/**
* @param int $rounding_mode
* @param string $amount
* @param int $decimals
* @return float
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float
{
if ($rounding_mode === Migration_Sales_Tax_Data::ROUND_UP) {
$fig = 10 ** $decimals;
$amount = (float)$amount;
if ($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP) {
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
} elseif ($rounding_mode === Migration_Sales_Tax_Data::ROUND_DOWN) {
$fig = 10 ** $decimals;
} elseif ($rounding_mode == Migration_Sales_Tax_Data::ROUND_DOWN) {
$fig = pow(10, $decimals);
$rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount))) / $fig;
} elseif ($rounding_mode === Migration_Sales_Tax_Data::HALF_FIVE) {
} elseif ($rounding_mode == Migration_Sales_Tax_Data::HALF_FIVE) {
$rounded_total = round($amount / 5) * 5;
} else {
$rounded_total = round($amount, $decimals, $rounding_mode);
@@ -226,10 +284,24 @@ class Migration_Sales_Tax_Data extends Migration
return $rounded_total; // TODO: I don't think this is currency safe. I think we need to be using bcmath() functions like we are in the rest of the code.
}
/**
* @param array $sales_taxes
* @param string $tax_type
* @param string $tax_group
* @param float $tax_rate
* @param string $tax_basis
* @param string $item_tax_amount
* @param int $tax_group_sequence
* @param int $rounding_code
* @param int $sale_id
* @param string $name
* @param string $tax_code
* @return void
*/
public function update_sales_taxes(array &$sales_taxes, string $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
{
$tax_group_index = $this->clean('X' . $tax_group);
if (! array_key_exists($tax_group_index, $sales_taxes)) {
if (!array_key_exists($tax_group_index, $sales_taxes)) {
$insertkey = $tax_group_index; // TODO: $insertkey does not follow naming conventions.
$sales_tax = [
$insertkey => [
@@ -242,19 +314,23 @@ class Migration_Sales_Tax_Data extends Migration
'name' => $name,
'tax_rate' => $tax_rate,
'sales_tax_code' => $tax_code,
'rounding_code' => $rounding_code,
],
'rounding_code' => $rounding_code
]
];
// Add to existing array
$sales_taxes += $sales_tax;
} else {
// Important: the sales amounts are accumulated for the group at the maximum configurable scale value of 4
// but the scale will in reality be the scale specified by the tax_decimal configuration value used for sales_items_taxes
$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
$sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
}
}
/**
* @param string $string
* @return string
*/
public function clean(string $string): string // TODO: $string is not a good name for this variable
{
$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
@@ -262,9 +338,13 @@ class Migration_Sales_Tax_Data extends Migration
return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
}
/**
* @param array $sales_taxes
* @return void
*/
public function apply_invoice_taxing(array &$sales_taxes): void
{
if (! empty($sales_taxes)) { // TODO: Duplicated code
if (!empty($sales_taxes)) { // TODO: Duplicated code
$sort = [];
foreach ($sales_taxes as $key => $value) {
@@ -281,11 +361,14 @@ class Migration_Sales_Tax_Data extends Migration
}
}
/**
* @param array $sales_taxes
* @return void
*/
public function round_sales_taxes(array &$sales_taxes): void
{
if (! empty($sales_taxes)) {
if (!empty($sales_taxes)) {
$sort = [];
foreach ($sales_taxes as $k => $v) {
$sort['print_sequence'][$k] = $v['print_sequence'];
}
@@ -295,24 +378,24 @@ class Migration_Sales_Tax_Data extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;
if (
$rounding_code === PHP_ROUND_HALF_UP
|| $rounding_code === PHP_ROUND_HALF_DOWN
|| $rounding_code === PHP_ROUND_HALF_EVEN
|| $rounding_code === PHP_ROUND_HALF_ODD
$rounding_code == PHP_ROUND_HALF_UP
|| $rounding_code == PHP_ROUND_HALF_DOWN
|| $rounding_code == PHP_ROUND_HALF_EVEN
|| $rounding_code == PHP_ROUND_HALF_ODD
) {
$rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
} elseif ($rounding_code === Migration_Sales_Tax_Data::ROUND_UP) {
$fig = (int) str_pad('1', $decimals, '0');
} elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_UP) {
$fig = (int) str_pad('1', $decimals, '0');
$rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
} elseif ($rounding_code === Migration_Sales_Tax_Data::ROUND_DOWN) {
$fig = (int) str_pad('1', $decimals, '0');
} elseif ($rounding_code == Migration_Sales_Tax_Data::ROUND_DOWN) {
$fig = (int) str_pad('1', $decimals, '0');
$rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
} elseif ($rounding_code === Migration_Sales_Tax_Data::HALF_FIVE) {
} elseif ($rounding_code == Migration_Sales_Tax_Data::HALF_FIVE) {
$rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
}

4
app/Database/Migrations/20180225100000_upgrade_to_3_2_0.php
View File

@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_2_0 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20180501100000_upgrade_to_3_2_1.php
View File

@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_2_1 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20181015100000_attributes.php
View File

@@ -18,7 +18,5 @@ class Migration_Attributes extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190111270000_upgrade_to_3_3_0.php
View File

@@ -18,7 +18,5 @@ class Migration_Upgrade_To_3_3_0 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

29
app/Database/Migrations/20190129212600_indiagst.php
View File

@@ -11,7 +11,7 @@ class Migration_IndiaGST extends Migration
*/
public function up(): void
{
if (! $this->db->fieldExists('sales_tax_code', 'customers')) {
if (!$this->db->fieldExists('sales_tax_code', 'customers')) {
return;
}
@@ -19,8 +19,6 @@ class Migration_IndiaGST extends Migration
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst.sql');
error_log('Migrating tax configuration');
$count_of_tax_codes = $this->get_count_of_tax_code_entries();
if ($count_of_tax_codes > 0) {
@@ -42,17 +40,16 @@ class Migration_IndiaGST extends Migration
}
$this->drop_backups();
error_log('Migrating tax configuration completed');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
/**
* @return int
*/
private function get_count_of_tax_code_entries(): int
{
$builder = $this->db->table('tax_codes_backup');
@@ -61,6 +58,9 @@ class Migration_IndiaGST extends Migration
return $builder->get()->getRow()->count;
}
/**
* @return int
*/
private function get_count_of_sales_taxes_entries(): int
{
$builder = $this->db->table('sales_taxes_backup');
@@ -69,6 +69,9 @@ class Migration_IndiaGST extends Migration
return $builder->get()->getRow()->count;
}
/**
* @return int
*/
private function get_count_of_rate_entries(): int
{
$builder = $this->db->table('tax_code_rates_backup');
@@ -81,6 +84,8 @@ class Migration_IndiaGST extends Migration
* This copies the old tax code configuration into the new tax code configuration
* assigning a tax_code_id id to the entry This only needs to be done if there are
* tax codes in the table.
*
* @return void
*/
private function migrate_tax_code_data(): void
{
@@ -93,6 +98,8 @@ class Migration_IndiaGST extends Migration
* This will assign a tax code id using the tax code field that was left in place on the customer table.
* After it is complete then it will drop the old customer tax code.
* This MUST run so that the old tax code is dropped
*
* @return void
*/
private function migrate_customer_tax_codes(): void
{
@@ -125,6 +132,9 @@ class Migration_IndiaGST extends Migration
. 'order by sale_id');
}
/**
* @return void
*/
private function migrate_tax_rates(): void
{
// Create a dummy jurisdiction record and retrieve the jurisdiction rate id
@@ -142,6 +152,9 @@ class Migration_IndiaGST extends Migration
. ' ON tax_code = rate_tax_code');
}
/**
* @return void
*/
private function drop_backups(): void
{
$this->db->query('DROP TABLE IF EXISTS ' . $this->db->prefixTable('tax_codes_backup'));

8
app/Database/Migrations/20190213210000_indiagst1.php
View File

@@ -13,16 +13,10 @@ class Migration_IndiaGST1 extends Migration
{
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.0_indiagst1.sql');
error_log('Fix definition of Supplier.Tax Id');
error_log('Definition of Supplier.Tax Id corrected');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190220210000_indiagst2.php
View File

@@ -18,7 +18,5 @@ class Migration_IndiaGST2 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190301124900_decimal_attribute_type.php
View File

@@ -18,7 +18,5 @@ class Migration_decimal_attribute_type extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190317102600_add_iso_4217.php
View File

@@ -18,7 +18,5 @@ class Migration_add_iso_4217 extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190427100000_paymenttracking.php
View File

@@ -18,7 +18,5 @@ class Migration_PaymentTracking extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

16
app/Database/Migrations/20190502100000_refundtracking.php
View File

@@ -33,7 +33,7 @@ class Migration_RefundTracking extends Migration
ON sales.sale_id = sales_taxes.sale_id
WHERE sales.sale_status = \'' . COMPLETED . '\' AND sales_taxes.tax_type = \'1\'
GROUP BY sale_id
)',
)'
);
$this->db->query(
@@ -47,7 +47,7 @@ class Migration_RefundTracking extends Migration
. 'LEFT OUTER JOIN ' . $this->db->prefixTable('migrate_taxes') . ' AS sumpay_taxes '
. 'ON sales.sale_id = sumpay_taxes.sale_id '
. 'WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
)',
)'
);
$this->db->query('UPDATE ' . $this->db->prefixTable('migrate_sales') . ' AS sumpay_items '
@@ -64,7 +64,7 @@ class Migration_RefundTracking extends Migration
LEFT OUTER JOIN ' . $this->db->prefixTable('sales_payments') . ' AS sales_payments
ON sales.sale_id = sales_payments.sale_id
WHERE sales.sale_status = \'' . COMPLETED . '\' GROUP BY sale_id
)',
)'
);
// You may be asking yourself why the following is not creating a temporary table.
@@ -78,7 +78,7 @@ class Migration_RefundTracking extends Migration
FROM ' . $this->db->prefixTable('migrate_sales') . ' AS a
JOIN ' . $this->db->prefixTable('migrate_payments') . ' AS b ON a.sale_id = b.sale_id
WHERE total_payments > trans_amount AND number_payments = 1
)',
)'
);
// Update existing cash transactions with refund amount
@@ -91,7 +91,7 @@ class Migration_RefundTracking extends Migration
WHERE EXISTS
(SELECT b.refund_amount
FROM ' . $this->db->prefixTable('migrate_refund') . ' AS b
WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')',
WHERE a.sale_id = b.sale_id AND a.payment_type = \'' . $cash_payment . ' \')'
);
// Insert new cash refund transactions for non-cash payments
@@ -102,7 +102,7 @@ class Migration_RefundTracking extends Migration
FROM ' . $this->db->prefixTable('migrate_refund') . ' AS r
JOIN ' . $this->db->prefixTable('sales_payments') . ' AS p ON r.sale_id = p.sale_id
JOIN ' . $this->db->prefixTable('migrate_sales') . ' AS s ON r.sale_id = s.sale_id
WHERE p.payment_type != \'' . $cash_payment . '\'',
WHERE p.payment_type != \'' . $cash_payment . '\''
);
// Post migration cleanup
@@ -112,7 +112,5 @@ class Migration_RefundTracking extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190612100000_dbfix.php
View File

@@ -18,7 +18,5 @@ class Migration_DBFix extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20190615100000_fix_attribute_datetime.php
View File

@@ -18,7 +18,5 @@ class Migration_fix_attribute_datetime extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

10
app/Database/Migrations/20190712150200_fix_empty_reports.php
View File

@@ -11,6 +11,8 @@ class Migration_fix_empty_reports extends Migration
*/
public function up(): void
{
log_message('info', 'Starting migration: Fix empty reports.');
$builder = $this->db->table('stock_locations');
$builder->select('location_name');
$builder->where('location_id', 1);
@@ -18,17 +20,17 @@ class Migration_fix_empty_reports extends Migration
$location_name = $builder->get()->getResultArray()[0]['location_name'];
$location_name = str_replace(' ', '_', $location_name);
$builder = $this->db->table('permissions');
$builder = $this->db->table('permissions');
$builder->set('location_id', 1);
$builder->where('permission_id', 'receivings_' . $location_name);
$builder->orWhere('permission_id', 'sales_' . $location_name);
$builder->update();
log_message('info', 'Finished migration: Fix empty reports.');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

3
app/Database/Migrations/20191008100000_receipttaxindicator.php
View File

@@ -11,6 +11,7 @@ class Migration_receipttaxindicator extends Migration
*/
public function up(): void
{
log_message('info', 'Migrating receipt tax indicator.');
$this->db->query('INSERT INTO ' . $this->db->prefixTable('app_config') . ' (`key`, `value`)
VALUES (\'receipt_show_tax_ind\', \'0\')');
}
@@ -20,6 +21,6 @@ class Migration_receipttaxindicator extends Migration
*/
public function down(): void
{
$this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE key = \'receipt_show_tax_ind\'');
$this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE `key` = \'receipt_show_tax_ind\'');
}
}

4
app/Database/Migrations/20191231100000_paymentdatefix.php
View File

@@ -18,7 +18,5 @@ class Migration_PaymentDateFix extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20200125100000_saleschangeprice.php
View File

@@ -18,7 +18,5 @@ class Migration_SalesChangePrice extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

187
app/Database/Migrations/20200202000000_taxamount.php
View File

@@ -2,24 +2,25 @@
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
use App\Libraries\Tax_lib;
use App\Models\Appconfig;
use CodeIgniter\Database\Migration;
use CodeIgniter\Database\ResultInterface;
/**
* @property Appconfig appconfig
* @property Tax_lib tax_lib
*
*
* @property appconfig appconfig
* @property tax_lib tax_lib
*/
class Migration_TaxAmount extends Migration
{
public const ROUND_UP = 5;
public const ROUND_UP = 5;
public const ROUND_DOWN = 6;
public const HALF_FIVE = 7;
public const YES = '1';
public const VAT_TAX = '0';
public const SALES_TAX = '1'; // TODO: It appears that this constant is never used
public const HALF_FIVE = 7;
public const YES = '1';
public const VAT_TAX = '0';
public const SALES_TAX = '1'; // TODO: It appears that this constant is never used
private Appconfig $appconfig;
public function __construct()
@@ -34,13 +35,13 @@ class Migration_TaxAmount extends Migration
*/
public function up(): void
{
$tax_included = ($this->appconfig->get_value('tax_included', Migration_TaxAmount::YES) === Migration_TaxAmount::YES);
$tax_included = ($this->appconfig->get_value('tax_included', Migration_TaxAmount::YES) == Migration_TaxAmount::YES);
if ($tax_included) {
$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
$tax_decimals = $this->appconfig->get_value('tax_decimals', 2);
$number_of_unmigrated = $this->get_count_of_unmigrated();
error_log('Migrating sales tax fixing. The number of sales that will be migrated is ' . $number_of_unmigrated);
log_message('info', 'Migrating sales tax fixing. The number of sales that will be migrated is ' . $number_of_unmigrated);
if ($number_of_unmigrated > 0) {
$unmigrated_invoices = $this->get_unmigrated($number_of_unmigrated)->getResultArray();
@@ -53,33 +54,37 @@ class Migration_TaxAmount extends Migration
$this->db->query('DROP TABLE ' . $this->db->prefixTable('sales_taxes_backup'));
}
error_log('Migrating sales tax fixing. The number of sales that will be migrated is finished.');
log_message('info', 'Migrating sales tax fixing. The number of sales that will be migrated is finished.');
}
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
/**
* @param int $sale_id
* @param string $tax_decimals
* @param bool $tax_included
* @return void
*/
private function upgrade_tax_history_for_sale(int $sale_id, string $tax_decimals, bool $tax_included): void // TODO: $tax_included is passed as a parameter but never used in the function body.
{
$customer_sales_tax_support = false;
$tax_type = Migration_TaxAmount::VAT_TAX;
$sales_taxes = [];
$tax_group_sequence = 0;
$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
$tax_type = Migration_TaxAmount::VAT_TAX;
$sales_taxes = [];
$tax_group_sequence = 0;
$items = $this->get_sale_items_for_migration($sale_id)->getResultArray();
foreach ($items as $item) {
// This computes tax for each line item and adds it to the tax type total
$tax_group = (float) $item['percent'] . '% ' . $item['name'];
$tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount'], true);
$tax_group = (float)$item['percent'] . '% ' . $item['name'];
$tax_basis = $this->get_item_total($item['quantity_purchased'], $item['item_unit_price'], $item['discount'], true);
$item_tax_amount = $this->get_item_tax($tax_basis, $item['percent'], PHP_ROUND_HALF_UP, $tax_decimals);
$this->update_sales_items_taxes_amount($sale_id, $item['line'], $item['name'], $item['percent'], $tax_type, $item_tax_amount);
$this->update_sales_taxes($sales_taxes, $tax_type, $tax_group, $item['percent'], $tax_basis, $item_tax_amount, $tax_group_sequence, PHP_ROUND_HALF_UP, $sale_id, $item['name']);
$tax_group_sequence++;
$tax_group_sequence += 1;
}
if ($customer_sales_tax_support) { // TODO: This will always evaluate to false.
@@ -90,6 +95,10 @@ class Migration_TaxAmount extends Migration
$this->save_sales_tax($sales_taxes);
}
/**
* @param int $block_count
* @return ResultInterface
*/
private function get_unmigrated(int $block_count): ResultInterface
{
$builder = $this->db->table('sales_items_taxes as SIT');
@@ -104,6 +113,9 @@ class Migration_TaxAmount extends Migration
return $builder->get();
}
/**
* @return int
*/
private function get_count_of_unmigrated(): int
{
$result = $this->db->query('SELECT COUNT(*) FROM(SELECT SIT.sale_id, ST.sale_id as sales_taxes_sale_id FROM '
@@ -113,15 +125,19 @@ class Migration_TaxAmount extends Migration
. ' as ST ON SIT.sale_id = ST.sale_id GROUP BY SIT.sale_id, ST.sale_id'
. ' ORDER BY SIT.sale_id) as US')->getResultArray();
if (! $result) {
error_log('Database error in 20200202000000_taxamount.php related to sales_taxes or sales_items_taxes.');
if (!$result) {
log_message('info', 'Database error in 20200202000000_taxamount.php related to sales_taxes or sales_items_taxes.');
return 0;
}
return $result[0]['COUNT(*)'] ?: 0;
}
/**
* @param int $sale_id
* @return ResultInterface
*/
private function get_sale_items_for_migration(int $sale_id): ResultInterface
{
$builder = $this->db->table('sales_items as sales_items');
@@ -138,6 +154,15 @@ class Migration_TaxAmount extends Migration
return $builder->get();
}
/**
* @param int $sale_id
* @param int $line
* @param string $name
* @param float $percent
* @param int $tax_type
* @param float $item_tax_amount
* @return void
*/
private function update_sales_items_taxes_amount(int $sale_id, int $line, string $name, float $percent, int $tax_type, float $item_tax_amount): void
{
$builder = $this->db->table('sales_items_taxes');
@@ -148,6 +173,10 @@ class Migration_TaxAmount extends Migration
$builder->update(['tax_type' => $tax_type, 'item_tax_amount' => $item_tax_amount]);
}
/**
* @param array $sales_taxes
* @return void
*/
private function save_sales_tax(array &$sales_taxes): void
{
$builder = $this->db->table('sales_taxes');
@@ -157,6 +186,13 @@ class Migration_TaxAmount extends Migration
}
}
/**
* @param string $quantity
* @param string $price
* @param string $discount
* @param bool $include_discount
* @return string
*/
public function get_item_total(string $quantity, string $price, string $discount, bool $include_discount = false): string
{
$total = bcmul($quantity, $price);
@@ -168,32 +204,54 @@ class Migration_TaxAmount extends Migration
return $total;
}
/**
* @param string $tax_basis
* @param string $tax_percentage
* @param int $rounding_mode
* @param int $decimals
* @return float
*/
public function get_item_tax(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float // TODO: is this currency safe?
{
$tax_fraction = bcdiv(bcadd('100', $tax_percentage), '100');
$tax_fraction = bcdiv(bcadd('100', $tax_percentage), '100');
$price_tax_excl = bcdiv($tax_basis, $tax_fraction);
$tax_amount = bcsub($tax_basis, $price_tax_excl);
$tax_amount = bcsub($tax_basis, $price_tax_excl);
return $this->round_number($rounding_mode, $tax_amount, $decimals);
}
/**
* @param string $tax_basis
* @param string $tax_percentage
* @param int $rounding_mode
* @param int $decimals
* @return float
*/
public function get_sales_tax_for_amount(string $tax_basis, string $tax_percentage, int $rounding_mode, int $decimals): float // TODO: is this currency safe?
{
$tax_fraction = bcdiv($tax_percentage, '100');
$tax_amount = bcmul($tax_basis, $tax_fraction);
$tax_amount = bcmul($tax_basis, $tax_fraction);
return $this->round_number($rounding_mode, $tax_amount, $decimals);
}
/**
* @param int $rounding_mode
* @param string $amount
* @param int $decimals
* @return float
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float // TODO: is this currency safe?
{ // TODO: This needs to be converted to a switch
if ($rounding_mode === Migration_TaxAmount::ROUND_UP) { // TODO: === ?
$fig = 10 ** $decimals;
$amount = (float)$amount;
if ($rounding_mode == Migration_TaxAmount::ROUND_UP) { // TODO: === ?
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
} elseif ($rounding_mode === Migration_TaxAmount::ROUND_DOWN) { // TODO: === ?
$fig = 10 ** $decimals;
} elseif ($rounding_mode == Migration_TaxAmount::ROUND_DOWN) { // TODO: === ?
$fig = pow(10, $decimals);
$rounded_total = (floor($fig * $amount) + floor($fig * $amount - floor($fig * $amount))) / $fig;
} elseif ($rounding_mode === Migration_TaxAmount::HALF_FIVE) { // TODO: === ?
} elseif ($rounding_mode == Migration_TaxAmount::HALF_FIVE) { // TODO: === ?
$rounded_total = round($amount / 5) * 5;
} else {
$rounded_total = round($amount, $decimals, $rounding_mode);
@@ -202,11 +260,25 @@ class Migration_TaxAmount extends Migration
return $rounded_total;
}
/**
* @param array $sales_taxes
* @param int $tax_type
* @param string $tax_group
* @param float $tax_rate
* @param string $tax_basis
* @param string $item_tax_amount
* @param int $tax_group_sequence
* @param int $rounding_code
* @param int $sale_id
* @param string $name
* @param string $tax_code
* @return void
*/
public function update_sales_taxes(array &$sales_taxes, int $tax_type, string $tax_group, float $tax_rate, string $tax_basis, string $item_tax_amount, int $tax_group_sequence, int $rounding_code, int $sale_id, string $name = '', string $tax_code = ''): void
{
$tax_group_index = $this->clean('X' . $tax_group);
if (! array_key_exists($tax_group_index, $sales_taxes)) {
if (!array_key_exists($tax_group_index, $sales_taxes)) {
$insertkey = $tax_group_index;
$sales_tax = [
$insertkey => [
@@ -219,8 +291,8 @@ class Migration_TaxAmount extends Migration
'name' => $name,
'tax_rate' => $tax_rate,
'sales_tax_code_id' => $tax_code,
'rounding_code' => $rounding_code,
],
'rounding_code' => $rounding_code
]
];
// Add to existing array
@@ -228,11 +300,15 @@ class Migration_TaxAmount extends Migration
} else {
// Important: the sales amounts are accumulated for the group at the maximum configurable scale value of 4
// but the scale will in reality be the scale specified by the tax_decimal configuration value used for sales_items_taxes
$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
$sales_taxes[$tax_group_index]['sale_tax_basis'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_basis'], $tax_basis, 4);
$sales_taxes[$tax_group_index]['sale_tax_amount'] = bcadd($sales_taxes[$tax_group_index]['sale_tax_amount'], $item_tax_amount, 4);
}
}
/**
* @param string $string
* @return string
*/
public function clean(string $string): string // TODO: This can probably go into the migration helper as it's used it more than one migration. Also, $string needs to be refactored to a different name.
{
$string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
@@ -240,11 +316,14 @@ class Migration_TaxAmount extends Migration
return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
}
/**
* @param array $sales_taxes
* @return void
*/
public function apply_invoice_taxing(array &$sales_taxes): void
{
if (! empty($sales_taxes)) { // TODO: Duplicated code
if (!empty($sales_taxes)) { // TODO: Duplicated code
$sort = [];
foreach ($sales_taxes as $k => $v) {
$sort['print_sequence'][$k] = $v['print_sequence'];
}
@@ -258,9 +337,13 @@ class Migration_TaxAmount extends Migration
}
}
/**
* @param array $sales_taxes
* @return void
*/
public function round_sales_taxes(array &$sales_taxes): void
{
if (! empty($sales_taxes)) {
if (!empty($sales_taxes)) {
$sort = [];
foreach ($sales_taxes as $k => $v) {
@@ -273,24 +356,24 @@ class Migration_TaxAmount extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;
if (
$rounding_code === PHP_ROUND_HALF_UP // TODO: This block of if/elseif statements can be converted to a switch.
|| $rounding_code === PHP_ROUND_HALF_DOWN
|| $rounding_code === PHP_ROUND_HALF_EVEN
|| $rounding_code === PHP_ROUND_HALF_ODD
$rounding_code == PHP_ROUND_HALF_UP // TODO: This block of if/elseif statements can be converted to a switch.
|| $rounding_code == PHP_ROUND_HALF_DOWN
|| $rounding_code == PHP_ROUND_HALF_EVEN
|| $rounding_code == PHP_ROUND_HALF_ODD
) {
$rounded_sale_tax_amount = round($sale_tax_amount, $decimals, $rounding_code);
} elseif ($rounding_code === Migration_TaxAmount::ROUND_UP) {
$fig = (int) str_pad('1', $decimals, '0');
} elseif ($rounding_code == Migration_TaxAmount::ROUND_UP) {
$fig = (int) str_pad('1', $decimals, '0');
$rounded_sale_tax_amount = (ceil($sale_tax_amount * $fig) / $fig);
} elseif ($rounding_code === Migration_TaxAmount::ROUND_DOWN) {
$fig = (int) str_pad('1', $decimals, '0');
} elseif ($rounding_code == Migration_TaxAmount::ROUND_DOWN) {
$fig = (int) str_pad('1', $decimals, '0');
$rounded_sale_tax_amount = (floor($sale_tax_amount * $fig) / $fig);
} elseif ($rounding_code === Migration_TaxAmount::HALF_FIVE) {
} elseif ($rounding_code == Migration_TaxAmount::HALF_FIVE) {
$rounded_sale_tax_amount = round($sale_tax_amount / 5) * 5;
}

1
app/Database/Migrations/20200215100000_taxgroupconstraint.php
View File

@@ -11,6 +11,7 @@ class Migration_taxgroupconstraint extends Migration
*/
public function up(): void
{
log_message('info', 'Migrating tax group constraints.');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('tax_jurisdictions') . ' ADD CONSTRAINT tax_jurisdictions_uq1 UNIQUE (tax_group)');
}

7
app/Database/Migrations/20200508000000_image_upload_defaults.php
View File

@@ -11,11 +11,12 @@ class Migration_image_upload_defaults extends Migration
*/
public function up(): void
{
log_message('info', 'Migrating image upload defaults.');
$image_values = [
['key' => 'image_allowed_types', 'value' => 'gif|jpg|png'],
['key' => 'image_max_height', 'value' => '480'],
['key' => 'image_max_size', 'value' => '128'],
['key' => 'image_max_width', 'value' => '640'],
['key' => 'image_max_height', 'value' => '480'],
['key' => 'image_max_size', 'value' => '128'],
['key' => 'image_max_width', 'value' => '640']
];
$builder = $this->db->table('app_config');

8
app/Database/Migrations/20200819000000_modify_attr_links_constraint.php
View File

@@ -11,18 +11,12 @@ class Migration_modify_attr_links_constraint extends Migration
*/
public function up(): void
{
error_log('Migrating modify_attr_links_constraint');
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.2_modify_attr_links_constraint.sql');
error_log('Migrating modify_attr_links_constraint');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

1
app/Database/Migrations/20201108100000_cashrounding.php
View File

@@ -11,6 +11,7 @@ class Migration_cashrounding extends Migration
*/
public function up(): void
{
log_message('info', 'Migrating cash rounding.');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('sales_payments') . ' ADD COLUMN `cash_adjustment` tinyint NOT NULL DEFAULT 0 AFTER `cash_refund`');
}

8
app/Database/Migrations/20201110000000_add_item_kit_number.php
View File

@@ -11,18 +11,12 @@ class Migration_add_item_kit_number extends Migration
*/
public function up(): void
{
error_log('Migrating add_item_kit_number');
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.3_add_kits_item_number.sql');
error_log('Migrating add_item_kit_number');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

8
app/Database/Migrations/20210103000000_modify_session_datatype.php
View File

@@ -11,18 +11,12 @@ class Migration_modify_session_datatype extends Migration
*/
public function up(): void
{
error_log('Migrating modify_session_datatype');
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.3.4_modify_session_datatype.sql');
error_log('Migrating modify_session_datatype');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

31
app/Database/Migrations/20210422000000_database_optimizations.php
View File

@@ -2,9 +2,10 @@
namespace App\Database\Migrations;
use App\Models\Attribute;
use CodeIgniter\Database\Migration;
use CodeIgniter\Database\ResultInterface;
use App\Models\Attribute;
use Config\Database;
use Config\OSPOS;
use DateTime;
@@ -15,7 +16,7 @@ class Migration_database_optimizations extends Migration
*/
public function up(): void
{
error_log('Migrating database_optimizations');
log_message('info', 'Migrating database optimizations.');
$attribute = model(Attribute::class);
@@ -51,7 +52,7 @@ class Migration_database_optimizations extends Migration
$attribute_links = $builder->get();
if ($attribute_links) {
$builder = $this->db->table('attribute_links');
$builder = $this->db->table('attribute_links');
$attribute_links = $attribute_links->getResultArray() ?: [];
foreach ($attribute_links->getResultArray() as $attribute_link) {
@@ -63,13 +64,11 @@ class Migration_database_optimizations extends Migration
case DECIMAL:
$value = $attribute_value['attribute_decimal'];
break;
case DATE:
$config = config(OSPOS::class)->settings;
$config = config(OSPOS::class)->settings;
$attribute_date = DateTime::createFromFormat('Y-m-d', $attribute_value['attribute_date']);
$value = $attribute_date->format($config['dateformat']);
$value = $attribute_date->format($config['dateformat']);
break;
default:
$value = $attribute_value['attribute_value'];
break;
@@ -83,13 +82,11 @@ class Migration_database_optimizations extends Migration
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.4.0_database_optimizations.sql');
error_log('Migrating database_optimizations completed');
log_message('info', 'Finished migrating database optimizations.');
}
/**
* Given the type of attribute, deletes any duplicates it finds in the attribute_values table and reassigns those
*
* @param mixed $attribute_type
*/
private function migrate_duplicate_attribute_values($attribute_type): void
{
@@ -99,9 +96,9 @@ class Migration_database_optimizations extends Migration
$column = 'attribute_' . strtolower($attribute_type);
$builder = $this->db->table('attribute_values');
$builder->select("{$column}");
$builder->select("$column");
$builder->groupBy($column);
$builder->having("COUNT({$column}) > 1");
$builder->having("COUNT($column) > 1");
$duplicated_values = $builder->get();
foreach ($duplicated_values->getResultArray() as $duplicated_value) {
@@ -113,7 +110,7 @@ class Migration_database_optimizations extends Migration
$builder = $this->db->table('attribute_values');
$builder->select('attribute_id');
$builder->where($column, $duplicated_value[$column]);
$builder->where("attribute_id IN ({$subquery})", null, false);
$builder->where("attribute_id IN ($subquery)", null, false);
$attribute_ids_to_fix = $builder->get();
$this->reassign_duplicate_attribute_values($attribute_ids_to_fix, $duplicated_value);
@@ -126,11 +123,11 @@ class Migration_database_optimizations extends Migration
* Updates the attribute_id in all attribute_link rows with duplicated attribute_ids then deletes unneeded rows from attribute_values
*
* @param ResultInterface $attribute_ids_to_fix All attribute_ids that need to parsed
* @param array $attribute_value The attribute value in question.
* @param array $attribute_value The attribute value in question.
*/
private function reassign_duplicate_attribute_values(ResultInterface $attribute_ids_to_fix, array $attribute_value): void
{
$attribute_ids = $attribute_ids_to_fix->getResultArray();
$attribute_ids = $attribute_ids_to_fix->getResultArray();
$retain_attribute_id = $attribute_ids[0]['attribute_id'];
foreach ($attribute_ids as $attribute_id) {
@@ -150,7 +147,5 @@ class Migration_database_optimizations extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

12
app/Database/Migrations/20210422000001_remove_duplicate_links.php
View File

@@ -2,8 +2,8 @@
namespace App\Database\Migrations;
use App\Models\Attribute;
use CodeIgniter\Database\Migration;
use App\Models\Attribute;
class Migration_remove_duplicate_links extends Migration
{
@@ -12,17 +12,17 @@ class Migration_remove_duplicate_links extends Migration
*/
public function up(): void
{
error_log('Migrating remove_duplicate_links');
log_message('info', 'Removing duplicate links.');
$this->migrate_duplicate_attribute_links();
error_log('Migrating remove_duplicate_links completed');
log_message('info', 'Duplicate links removed.');
}
/**
* Given the type of attribute, deletes any duplicates it finds in the attribute_values table and reassigns those
*
* @property Attribute $attribute
* @property attribute $attribute
*/
private function migrate_duplicate_attribute_links(): void
{
@@ -60,7 +60,5 @@ class Migration_remove_duplicate_links extends Migration
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

8
app/Database/Migrations/20210714140000_move_expenses_categories.php
View File

@@ -11,17 +11,15 @@ class Migration_move_expenses_categories extends Migration
*/
public function up(): void
{
error_log('Migrating expense categories module');
log_message('info', 'Migrating expense categories module');
$this->db->simpleQuery("UPDATE ospos_grants SET menu_group = 'office' WHERE permission_id = 'expenses_categories'");
error_log('Migrating expense categories module completed');
log_message('info', 'Migrating expense categories module completed');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

42
app/Database/Migrations/20220127000000_convert_to_ci4.php
View File

@@ -5,8 +5,8 @@ namespace App\Database\Migrations;
use App\Models\Appconfig;
use CodeIgniter\Database\Forge;
use CodeIgniter\Database\Migration;
use CodeIgniter\HTTP\Exceptions\RedirectException;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\Exceptions\RedirectException;
use Config\Encryption;
use Config\Services;
use ReflectionException;
@@ -27,32 +27,25 @@ class Convert_to_ci4 extends Migration
*/
public function up(): void
{
error_log('Migrating database to CodeIgniter4 formats');
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.4.0_ci4_conversion.sql');
if (! empty(config('Encryption')->key)) {
if (!empty(config('Encryption')->key)) {
$this->convert_ci3_encrypted_data();
} else {
check_encryption();
}
remove_backup();
error_log('Migrating to CodeIgniter4 formats completed');
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
/**
* @return RedirectResponse|void
*
* @throws ReflectionException
*/
private function convert_ci3_encrypted_data()
@@ -64,7 +57,7 @@ class Convert_to_ci4 extends Migration
'clcdesq_api_url' => '',
'mailchimp_api_key' => '',
'mailchimp_list_id' => '',
'smtp_pass' => '',
'smtp_pass' => ''
];
foreach ($ci3_encrypted_data as $key => $value) {
@@ -79,10 +72,9 @@ class Convert_to_ci4 extends Migration
$ci4_encrypted_data = $this->encrypt_data($decrypted_data);
$success = empty(array_diff_assoc($decrypted_data, $this->decrypt_data($ci4_encrypted_data)));
if (! $success) {
if (!$success) {
abort_encryption_conversion();
remove_backup();
throw new RedirectException('login');
}
@@ -96,25 +88,23 @@ class Convert_to_ci4 extends Migration
* Decrypts CI3 encrypted data and returns the plaintext values.
*
* @param array $encrypted_data Data encrypted using CI3 methodology.
*
* @return array Plaintext, unencrypted data.
*/
private function decrypt_ci3_data(array $encrypted_data): array
{
$config = new Encryption();
$config->driver = 'OpenSSL';
$config->key = config('Encryption')->key;
$config->cipher = 'AES-128-CBC';
$config->rawData = false;
$config = new Encryption();
$config->driver = 'OpenSSL';
$config->key = config('Encryption')->key;
$config->cipher = 'AES-128-CBC';
$config->rawData = false;
$config->encryptKeyInfo = 'encryption';
$config->authKeyInfo = 'authentication';
$config->authKeyInfo = 'authentication';
$encrypter = Services::encrypter($config);
$decrypted_data = [];
foreach ($encrypted_data as $key => $value) {
$decrypted_data[$key] = ! empty($value) ? $encrypter->decrypt($value) : '';
$decrypted_data[$key] = !empty($value) ? $encrypter->decrypt($value) : '';
}
return $decrypted_data;
@@ -124,7 +114,6 @@ class Convert_to_ci4 extends Migration
* Encrypts data using CI4 algorithms.
*
* @param array $plain_data Data to be encrypted.
*
* @return array Encrypted data.
*/
private function encrypt_data(array $plain_data): array
@@ -132,9 +121,8 @@ class Convert_to_ci4 extends Migration
$encrypter = Services::encrypter();
$encrypted_data = [];
foreach ($plain_data as $key => $value) {
$encrypted_data[$key] = ! empty($value) ? $encrypter->encrypt($value) : '';
$encrypted_data[$key] = !empty($value) ? $encrypter->encrypt($value) : '';
}
return $encrypted_data;
@@ -144,7 +132,6 @@ class Convert_to_ci4 extends Migration
* Decrypts data using CI4 algorithms.
*
* @param array $encrypted_data Data to be decrypted.
*
* @return array Decrypted data.
*/
private function decrypt_data(array $encrypted_data): array
@@ -152,9 +139,8 @@ class Convert_to_ci4 extends Migration
$encrypter = Services::encrypter();
$decrypted_data = [];
foreach ($encrypted_data as $key => $value) {
$decrypted_data[$key] = ! empty($value) ? $encrypter->decrypt($value) : '';
$decrypted_data[$key] = !empty($value) ? $encrypter->decrypt($value) : '';
}
return $decrypted_data;

2
app/Database/Migrations/20230307000000_int_to_tinyint.php
View File

@@ -11,6 +11,7 @@ class IntToTinyint extends Migration
*/
public function up(): void
{
log_message('info', 'Converting ints to tinyints.');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' MODIFY `consent` tinyint NOT NULL DEFAULT 0');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('cash_up') . ' MODIFY `note` tinyint NOT NULL DEFAULT 0');
}
@@ -20,6 +21,7 @@ class IntToTinyint extends Migration
*/
public function down(): void
{
log_message('info', 'Converting tinyints to ints.');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' MODIFY `consent` int NOT NULL DEFAULT 0');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('cash_up') . ' MODIFY `note` int NOT NULL DEFAULT 0');
}

15
app/Database/Migrations/20230412000000_add_missing_config.php
View File

@@ -11,15 +11,16 @@ class Migration_add_missing_config extends Migration
*/
public function up(): void
{
log_message('info', 'Adding missing configs.');
$image_values = [
['key' => 'account_number', 'value' => ''], // This has no current maintenance, but it's used in Sales
['key' => 'category_dropdown', 'value' => ''],
['key' => 'smtp_host', 'value' => ''],
['key' => 'smtp_user', 'value' => ''],
['key' => 'smtp_pass', 'value' => ''],
['key' => 'login_form', 'value' => ''],
['key' => 'account_number', 'value' => ''], // This has no current maintenance, but it's used in Sales
['key' => 'category_dropdown', 'value' => ''],
['key' => 'smtp_host', 'value' => ''],
['key' => 'smtp_user', 'value' => ''],
['key' => 'smtp_pass', 'value' => ''],
['key' => 'login_form', 'value' => ''],
['key' => 'receiving_calculate_average_price', 'value' => ''],
['key' => 'payment_message', 'value' => ''],
['key' => 'payment_message', 'value' => '']
];
$this->db->table('app_config')->ignore(true)->insertBatch($image_values);

1
app/Database/Migrations/20230412000001_drop_account_number_index.php
View File

@@ -11,6 +11,7 @@ class Migration_drop_account_number_index extends Migration
*/
public function up(): void
{
log_message('info', 'Dropping account number index.');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' DROP INDEX account_number');
$this->db->query('ALTER TABLE ' . $this->db->prefixTable('customers') . ' ADD INDEX account_number (account_number)');
}

10
app/Database/Migrations/20240319000000_Migration_Convert_Barcode_Types.php
View File

@@ -15,7 +15,7 @@ class Migration_Convert_Barcode_Types extends Migration
public function __construct(?Forge $forge = null)
{
$this->appconfig = model(Appconfig::class);
$this->config = config(OSPOS::class)->settings;
$this->config = config(OSPOS::class)->settings;
parent::__construct($forge);
}
@@ -25,21 +25,19 @@ class Migration_Convert_Barcode_Types extends Migration
*/
public function up(): void
{
log_message('info', 'Converting barcode types.');
$old_barcode_type = $this->config['barcode_type'];
switch ($old_barcode_type) {
case 'Code39':
$new_barcode_type = 'C39';
break;
case 'Ean13':
$new_barcode_type = 'EAN13';
break;
case 'Ean8':
$new_barcode_type = 'EAN8';
break;
default:
case 'Code128':
$new_barcode_type = 'C128';
@@ -54,21 +52,19 @@ class Migration_Convert_Barcode_Types extends Migration
*/
public function down(): void
{
log_message('info', 'Converting barcode types.');
$new_barcode_type = $this->config['barcode_type'];
switch ($new_barcode_type) {
case 'C39':
$old_barcode_type = 'Code39';
break;
case 'EAN13':
$old_barcode_type = 'Ean13';
break;
case 'EAN8':
$old_barcode_type = 'Ean8';
break;
default:
case 'C128':
$old_barcode_type = 'Code128';

15
app/Database/Migrations/20240630000001_fix_keys_for_db_upgrade.php
View File

@@ -12,25 +12,26 @@ class Migration_fix_keys_for_db_upgrade extends Migration
*/
public function up(): void
{
log_message('info', 'Fixing keys for database upgrade.');
helper('migration');
$forge = Database::forge();
$forge = Database::forge();
$fields = [
'deleted' => [
'type' => 'TINYINT',
'type' => 'TINYINT',
'constraint' => 1,
'default' => 0,
'null' => false,
'default' => 0,
'null' => false,
],
];
$forge->modifyColumn('tax_codes', $fields);
if (! indexExists('customers', 'company_name')) {
if (!indexExists('customers', 'company_name')) {
$forge->addKey('company_name', false, false, 'company_name');
$forge->processIndexes('customers');
}
$checkSql = "SELECT CONSTRAINT_NAME FROM information_schema.TABLE_CONSTRAINTS WHERE CONSTRAINT_SCHEMA = DATABASE() AND TABLE_NAME = '" . $this->db->prefixTable('sales_items_taxes') . "' AND CONSTRAINT_NAME = 'ospos_sales_items_taxes_ibfk_1'";
$checkSql = "SELECT CONSTRAINT_NAME FROM information_schema.TABLE_CONSTRAINTS WHERE CONSTRAINT_SCHEMA = DATABASE() AND TABLE_NAME = '" . $this->db->prefixTable('sales_items_taxes') . "' AND CONSTRAINT_NAME = 'ospos_sales_items_taxes_ibfk_1'";
$foreignKeyExists = $this->db->query($checkSql)->getRow();
if ($foreignKeyExists) {
@@ -51,7 +52,7 @@ class Migration_fix_keys_for_db_upgrade extends Migration
*/
public function down(): void
{
$checkSql = "SELECT CONSTRAINT_NAME FROM information_schema.TABLE_CONSTRAINTS WHERE CONSTRAINT_SCHEMA = DATABASE() AND TABLE_NAME = '" . $this->db->prefixTable('sales_items_taxes') . "' AND CONSTRAINT_NAME = 'ospos_sales_items_taxes_ibfk_1'";
$checkSql = "SELECT CONSTRAINT_NAME FROM information_schema.TABLE_CONSTRAINTS WHERE CONSTRAINT_SCHEMA = DATABASE() AND TABLE_NAME = '" . $this->db->prefixTable('sales_items_taxes') . "' AND CONSTRAINT_NAME = 'ospos_sales_items_taxes_ibfk_1'";
$foreignKeyExists = $this->db->query($checkSql)->getRow();
if ($foreignKeyExists) {

12
app/Database/Migrations/20240826000000_fix_duplicate_attributes.php
View File

@@ -2,8 +2,8 @@
namespace App\Database\Migrations;
use App\Models\Attribute;
use CodeIgniter\Database\Migration;
use App\Models\Attribute;
use CodeIgniter\Database\ResultInterface;
class fix_duplicate_attributes extends Migration
@@ -23,7 +23,7 @@ class fix_duplicate_attributes extends Migration
'ospos_attribute_links_ibfk_2',
'ospos_attribute_links_ibfk_3',
'ospos_attribute_links_ibfk_4',
'ospos_attribute_links_ibfk_5',
'ospos_attribute_links_ibfk_5'
];
dropForeignKeyConstraints($foreignKeys, 'attribute_links');
@@ -46,7 +46,6 @@ class fix_duplicate_attributes extends Migration
$builder->where('item_id IS NOT NULL');
$builder->groupBy('item_id, definition_id');
$builder->having('COUNT(attribute_id) > 1');
return $builder->get();
}
@@ -54,21 +53,20 @@ class fix_duplicate_attributes extends Migration
* Removes the duplicate attributes from the database.
*
* @param ResultInterface $rows_to_keep A multidimensional associative array containing item_id, definition_id and attribute_id in each row which should be kept in the database.
* @return void
*/
private function remove_duplicate_attributes(ResultInterface $rows_to_keep): void
{
$attribute = model(Attribute::class);
foreach ($rows_to_keep->getResult() as $row) {
$attribute->deleteAttributeLinks($row->item_id, $row->definition_id); // Deletes all attribute links for the item_id/definition_id combination
$attribute->saveAttributeLink($row->item_id, $row->definition_id, $row->attribute_id);
}
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

15
app/Database/Migrations/20250213000000_fix_attributes_cascading_delete.php
View File

@@ -3,6 +3,8 @@
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
use App\Models\Attribute;
use CodeIgniter\Database\ResultInterface;
class Migration_Attributes_fix_cascading_delete extends Migration
{
@@ -11,21 +13,20 @@ class Migration_Attributes_fix_cascading_delete extends Migration
*/
public function up(): void
{
log_message('info', 'Fixing cascading deletes.');
helper('migration');
$this->db->query('ALTER TABLE `ospos_attribute_links` DROP INDEX `attribute_links_uq3`');
$this->db->query('ALTER TABLE `ospos_attribute_links` DROP COLUMN `generated_unique_column`');
$this->db->query("ALTER TABLE `ospos_attribute_links` DROP INDEX `attribute_links_uq3`");
$this->db->query("ALTER TABLE `ospos_attribute_links` DROP COLUMN `generated_unique_column`");
dropForeignKeyConstraints(['ospos_attribute_links_ibfk_1', 'ospos_attribute_links_ibfk_2'], 'attribute_links');
$this->db->query('ALTER TABLE `ospos_attribute_links` ADD CONSTRAINT `ospos_attribute_links_ibfk_1` FOREIGN KEY (`definition_id`) REFERENCES `ospos_attribute_definitions` (`definition_id`) ON DELETE CASCADE;');
$this->db->query('ALTER TABLE `ospos_attribute_links` ADD CONSTRAINT `ospos_attribute_links_ibfk_2` FOREIGN KEY (`attribute_id`) REFERENCES `ospos_attribute_values` (`attribute_id`) ON DELETE CASCADE;');
$this->db->query("ALTER TABLE `ospos_attribute_links` ADD CONSTRAINT `ospos_attribute_links_ibfk_1` FOREIGN KEY (`definition_id`) REFERENCES `ospos_attribute_definitions` (`definition_id`) ON DELETE CASCADE;");
$this->db->query("ALTER TABLE `ospos_attribute_links` ADD CONSTRAINT `ospos_attribute_links_ibfk_2` FOREIGN KEY (`attribute_id`) REFERENCES `ospos_attribute_values` (`attribute_id`) ON DELETE CASCADE;");
}
/**
* Revert a migration step.
*/
public function down(): void
{
}
public function down(): void {}
}

4
app/Database/Migrations/20250425000000_sessions_migration.php
View File

@@ -11,12 +11,8 @@ class Migration_sessions_migration extends Migration
*/
public function up(): void
{
error_log('Migrating sessions table');
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/3.4.1_migrate_sessions_table.sql');
error_log('Migrating sessions table');
}
/**

10
app/Database/Migrations/20250519000000_MigrationOptimizationIndices.php
View File

@@ -12,29 +12,27 @@ class MigrationOptimizationIndices extends Migration
*/
public function up(): void
{
error_log('Migrating Optimization Indices');
log_message('info', 'Migrating Optimization Indices');
helper('migration');
$forge = Database::forge();
if (! indexExists('attribute_links', 'attribute_links_uq2')) {
if (!indexExists('attribute_links', 'attribute_links_uq2')) {
$columns = [
'item_id',
'receiving_id',
'sale_id',
'definition_id',
'attribute_id',
'attribute_id'
];
$forge->addKey($columns, false, true, 'attribute_links_uq2');
$forge->processIndexes('attribute_links');
}
if (! indexExists('inventory', 'trans_items_trans_date')) {
if (!indexExists('inventory', 'trans_items_trans_date')) {
$forge->addKey(['trans_items', 'trans_date'], false, false, 'trans_items_trans_date');
$forge->processIndexes('inventory');
}
error_log('Migrating Optimization Indices');
}
/**

65
app/Database/Migrations/20250521000000_FixImageFilenameSpaces.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
/**
* Migration to sanitize existing image filenames by replacing spaces with underscores
* This fixes issue #4372 where thumbnails failed to load for images with spaces in filenames
*/
class FixImageFilenameSpaces extends Migration
{
/**
* Perform a migration.
*/
public function up(): void
{
$db = \Config\Database::connect();
$builder = $db->table('ospos_items');
// Get all items with pic_filename containing spaces
$query = $builder->like('pic_filename', ' ', 'both')->get();
$items = $query->getResult();
foreach ($items as $item) {
$old_filename = $item->pic_filename;
$ext = pathinfo($old_filename, PATHINFO_EXTENSION);
$base_name = pathinfo($old_filename, PATHINFO_FILENAME);
// Sanitize the filename by replacing spaces and special characters
$sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $base_name);
$new_filename = $sanitized_name . '.' . $ext;
// Rename the file on the filesystem
$old_path = FCPATH . 'uploads/item_pics/' . $old_filename;
$new_path = FCPATH . 'uploads/item_pics/' . $new_filename;
if (file_exists($old_path)) {
// Rename the original file
if (rename($old_path, $new_path)) {
// Check if thumbnail exists and rename it too
$old_thumb = FCPATH . 'uploads/item_pics/' . $base_name . '_thumb.' . $ext;
$new_thumb = FCPATH . 'uploads/item_pics/' . $sanitized_name . '_thumb.' . $ext;
if (file_exists($old_thumb)) {
rename($old_thumb, $new_thumb);
}
// Update database record
$builder->where('item_id', $item->item_id)
->update(['pic_filename' => $new_filename]);
}
}
}
}
/**
* Revert a migration.
* Note: This migration does not support rollback as the original filenames are lost
*/
public function down(): void
{
// This migration cannot be safely reversed as the original filenames are lost
// after sanitization.
}
}

Some files were not shown because too many files have changed in this diff Show More