mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-25 00:44:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:feature/ubuntu-install-script
Branches Tags
mirror:master mirror:fix-tax-input-locale mirror:fix/4554-encryption-docker-issue mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2
...
compare: mirror:feature/travis-to-github-actions
Branches Tags
mirror:fix-tax-input-locale mirror:fix/4554-encryption-docker-issue mirror:master mirror:fix/4559-migration-type-error mirror:fix/shared-version-tag-logic mirror:WebShells-Secondary-Display mirror:plugin-system-fresh mirror:WebShells-Second-Display mirror:ubl-invoice-generation mirror:feature/ubuntu-install-clean mirror:fix/attribute-search-refactor mirror:pr-4522 mirror:bootstrap-5 mirror:feature/person-attributes mirror:person_attributes mirror:refactor-4489-model-getters mirror:issue-4459 mirror:issue-4474 mirror:refactor-4491-js-modernization mirror:refactor-4490-remove-duplication mirror:feat-4488-enable-csp mirror:review-pr-4394 mirror:feature/payment-provider-system mirror:feature/travis-to-github-actions mirror:feature/payment-plugins mirror:fix/pr-4361-camelcase mirror:fix/pr-4305-bugs mirror:feature/integration-tests mirror:feature/rest-api-implementation mirror:feature/api-openapi-spec mirror:feature/ubuntu-install-script mirror:fix/bola-remaining-controllers mirror:feature-add-transactions-to-migrations mirror:apply-ci4-coding-standards mirror:4283-bug-suspended-sales-not-displaying mirror:fix-sales-completion mirror:validation-fixes mirror:ui-improvements mirror:gh-pages mirror:fix-requisitions mirror:revert-input-filtering mirror:migration-success-message mirror:no-negative-stock mirror:customer-due-tracking
mirror:unstable mirror:3.4.1 mirror:3.4.0 mirror:3.3.9 mirror:3.3.8 mirror:3.3.7 mirror:3.3.6 mirror:master.3.3.6 mirror:3.3.5 mirror:master.3.3.5 mirror:CodeIgniter_4_upgrade.3.4.0-dev mirror:eventsauce.3.4.0-dev mirror:formatting_corrections.3.4.0-dev mirror:fix-employee-update.3.4.0-dev mirror:person_attributes.3.4.0-dev mirror:login-improvements.3.4.0-dev mirror:upgrade-grunt-and-npm mirror:master.3.4.0-dev mirror:3.3.4 mirror:3.3.3 mirror:3.3.2 mirror:3.3.1 mirror:3.3.0 mirror:3.2.3 mirror:3.2.2 mirror:3.2.1 mirror:3.2.0 mirror:3.1.1 mirror:3.1.0 mirror:3.0.2 mirror:3.0.1 mirror:3.0.0 mirror:2.4.0 mirror:2.3.4 mirror:2.3.3 mirror:2.3.2 mirror:2.3.1 mirror:2.3 mirror:2.2.2

65 Commits
feature/ub ... feature/tr

Author SHA1 Message Date
Ollama
80fdf2b7b5 fix: add autoload-dev for Tests namespace and fix UrlHelperTest namespace 
- Add autoload-dev section to composer.json for Tests namespace
- Rename tests/helpers to tests/Helpers for PSR-4 compliance
- Add proper namespace to UrlHelperTest.php
- This fixes PHPUnit test discovery - previously only 6 tests were running
 2026-04-01 21:18:52 +00:00
Ollama
6d02eb12c2 fix: remove duplicate phpunit.xml that prevented tests from running 
The tests/phpunit.xml was incomplete - it only configured helpers and
Libraries testsuites, while phpunit.xml.dist at root contains all tests.
PHPUnit was likely using the incomplete config, resulting in empty test
results.
 2026-03-27 07:54:37 +00:00
Ollama
0c3574423c refactor: optimize Docker image size 
- Combine RUN commands to reduce layers
- Add --no-install-recommends and clean apt cache
- Use COPY --chown to set ownership during copy
- Update .dockerignore to exclude dev files and build configs

Saves ~260MB (21%) in image size
 2026-03-24 08:00:56 +00:00
Ollama
6fea9c3abd refactor: remove build-database gulp task (#4447) 
The build-database task previously concatenated tables.sql and constraints.sql
into database.sql. Since we now use initial_schema.sql directly in migrations,
this task is no longer needed.

- Remove gulp task 'build-database'
- Keep all other build tasks intact
 2026-03-20 19:36:11 +00:00
Ollama
0547d3ba60 refactor: remove tables.sql and constraints.sql (#4447) 
These files have been replaced by initial_schema.sql which is now the
authoritative source for the database schema. The initial migration
loads this schema on fresh installs.

- Remove app/Database/tables.sql
- Remove app/Database/constraints.sql
- Schema is frozen in app/Database/Migrations/sqlscripts/initial_schema.sql
 2026-03-20 19:33:13 +00:00
Ollama
a18dde4bbe feat: migrate CI from Travis to GitHub Actions with enhancements 
- Convert Travis CI configuration to GitHub Actions workflows
- Add multi-arch Docker builds (amd64/arm64)
- Implement initial schema migration for fresh database installs
- Add multi-attribute search with AND logic and sort by attribute columns
- Address various PR review feedback and formatting fixes
 2026-03-19 21:34:12 +00:00
dependabot[bot]
e4b92b58c3 Bump jspdf from 4.2.0 to 4.2.1 
Bumps [jspdf](https://github.com/parallax/jsPDF) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 4.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-17 19:06:05 +00:00
Ollama
dc1e448bc3 Fix review comments: remove redundant loop and add XSS escaping 
- Remove redundant property assignment loop in Expenses.php
- Add esc() to employee name values to prevent XSS vulnerabilities
 2026-03-17 15:32:16 +00:00
Ollama
24b2825b31 Fix: Restrict employee selection in expenses and receivings forms 
Users without the 'employees' permission can no longer impersonate other
employees when creating or editing expenses and receivings. The employee
field is now restricted to the current user for new records and shows the
stored employee for existing records.

Changes:
- Expenses controller: Add permission check in getView() and postSave()
- Receivings controller: Add permission check in getEdit() and postSave()
- Form views: Conditionally display dropdown or read-only field

Fixes #3616
 2026-03-17 15:32:16 +00:00
Ollama
38d672592b Add seed data to tests for proper integration testing 
- Add setUp() to seed test data: items, sales, sales_items, sales_items_taxes
- Add tearDown() to clean up seeded data after tests
- Remove skip conditions since we now have guaranteed test data
- Add testTaxDataIsGroupedByTaxNameAndPercent to verify grouping
- Use narrow date range to isolate seeded data
 2026-03-16 18:36:31 +00:00
Ollama
6f7e06e986 Rewrite tests to use database integration testing 
Tests now:
- Use DatabaseTestTrait for real database integration
- Actually call getData() and getSummaryData() methods
- Verify row totals (subtotal + tax = total) from real queries
- Verify summary data matches sum of rows
- Test getDataColumns() returns expected structure
- Use assertEqualsWithDelta for float comparisons with tolerance

These tests exercise the actual SQL queries and verify the
mathematical consistency of the calculations returned.
 2026-03-16 18:36:31 +00:00
Ollama
fda40d9340 Fix rounding consistency and update tests per review feedback 
- Ensure total = subtotal + tax by deriving total from rounded components
- Use assertEqualsWithDelta for float comparisons in tests
- Add defensive null coalescing in calculateSummary helper
- Add missing 'count' key to test data rows
- Add testRoundingAtBoundary test case
 2026-03-16 18:36:31 +00:00
Ollama
b49186ec7c Add unit tests for Taxes Summary Report calculations 
Tests verify:
- Row totals add up (subtotal + tax = total)
- Summary totals match sum of row values
- Tax-included and tax-not-included modes calculate correctly
- Rounding consistency across calculations
- Negative values (returns) are handled correctly
- Zero tax rows are handled correctly
 2026-03-16 18:36:31 +00:00
Ollama
8b56f61b8a Fix Taxes Summary Report totals not matching row values 
The report had calculation inconsistencies where:
1. Per-line totals (subtotal + tax) didn't equal the total column
2. Column totals didn't match the sum of individual rows

Root cause: subtotal, tax, and total were calculated independently
using different formulas and rounding at different stages, leading to
cumulative rounding errors.

Fix:
- Use item_tax_amount from database as the source of truth for tax
- Derive subtotal from sale_amount (handling both tax_included and
  tax_not_included modes correctly)
- Calculate total = subtotal + tax consistently for each line
- Override getSummaryData() to sum values from getData() rows,
  ensuring summary totals match the sum of displayed rows

Fixes #4112
 2026-03-16 18:36:31 +00:00
Ollama
9820beb0e1 Fix: Add Debit Card filter to Daily Sales and Takings 
Add 'only_debit' filter to Daily Sales and Takings dropdown. Reuses
existing 'Sales.debit' language string for the filter label. Includes
filter default initialization in getSearch() to prevent PHP warnings.

Fixes #4439
 2026-03-16 18:06:00 +00:00
Ollama
e01dad728f Add AGENTS.md with coding guidelines for AI agents 2026-03-16 18:02:50 +00:00
Ollama
234f930079 Fix strftime directives handling and tighten test assertions 
- Remove incorrect %C mapping (was mapping century to full year)
- Add special handling for %C (century), %c (datetime), %n (newline), %t (tab), %x (date)
- Add %h mapping (same as %b for abbreviated month)
- Tighten edge-case test assertions to use assertSame/assertMatchesRegularExpression
- Add tests for new directives: %C, %c, %n, %t, %x, %h
 2026-03-14 23:08:39 +00:00
Ollama
3001dc0e17 Fix: Pass parameter to generate() and add composite format tests 
- Fixed bug where render() was not passing caller-supplied  to
  generate(), causing ad-hoc tokens to be ignored
- Added %F (yyyy-MM-dd) and %D (MM/dd/yy) composite date formats to
  the IntlDateFormatter pattern map
- Added test coverage for composite date format directives (%F, %D, %T, %R)
 2026-03-14 23:08:39 +00:00
Ollama
3ba207e8b9 Use CIUnitTestCase for consistency with other tests 2026-03-14 23:08:39 +00:00
Ollama
d684c49ebd Fix Token_lib::render() for PHP 8.4 compatibility 
- Replaced deprecated strftime() with IntlDateFormatter
- Added proper handling for edge cases:
  - Strings with '%' not in date format (e.g., 'Discount: 50%')
  - Invalid date formats (e.g., '%-%-%', '%Y-%q-%bad')
  - Very long strings
- Added comprehensive unit tests for Token_lib
- All date format specifiers now mapped to IntlDateFormatter patterns
 2026-03-14 23:08:39 +00:00
Ollama
071e641f95 Fix stored XSS via stock location name 
Add esc() to stock_name output in sales/register.php and receivings/receiving.php

GHSA-vmm7-g33q-qqr2
 2026-03-14 15:35:32 +00:00
Ollama
48af67bd00 Fix stored XSS in gcaptcha_site_key on login page 2026-03-14 15:35:16 +00:00
Ollama
7cb1d95da7 Fix: Host Header Injection vulnerability (GHSA-jchf-7hr6-h4f3) 
Security: Prevent Host Header Injection attacks by validating HTTP_HOST
against a whitelist of allowed hostnames before constructing the baseURL.

Changes:
- Add getValidHost() method to validate HTTP_HOST against allowedHostnames
- If allowedHostnames is empty, log warning and fall back to 'localhost'
- If host not in whitelist, log warning and use first allowed hostname
- Update .env.example with allowedHostnames documentation
- Add security configuration section to INSTALL.md
- Add unit tests for host validation

This addresses the security advisory where the application constructed
baseURL from the attacker-controllable HTTP_HOST header, allowing:
- Login form phishing via manipulated form actions
- Cache poisoning via poisoned asset URLs

Fixes GHSA-jchf-7hr6-h4f3
 2026-03-14 15:34:21 +00:00
jekkos
bafe3ddf1b Fix stored XSS vulnerability in Attribute Definitions (GHSA-rvfg-ww4r-rwqf) (#4429) 
* Fix stored XSS vulnerability in Attribute Definitions

GHSA-rvfg-ww4r-rwqf: Stored XSS via Attribute Definition Name

Security Impact:
- Authenticated users with attribute management permission can inject XSS payloads
- Payloads execute when viewing/editing attributes in admin panel
- Can steal session cookies, perform CSRF attacks, or compromise admin operations

Root Cause:
1. Input: Attributes.php postSaveDefinition() accepts definition_name without sanitization
2. Output: Views echo definition_name without proper escaping

Fix Applied:
- Input sanitization: Added FILTER_SANITIZE_FULL_SPECIAL_CHARS to definition_name and definition_unit
- Output escaping: Added esc() wrapper when displaying definition_name in views
- Defense-in-depth: htmlspecialchars on attribute values saved to database

Files Changed:
- app/Controllers/Attributes.php - Sanitize inputs on save
- app/Views/attributes/form.php - Escape output on display
- app/Views/attributes/item.php - Escape output on display

* Remove input sanitization, keep output escaping only

Use escaping on output (esc() in views) as the sole XSS prevention
measure instead of sanitizing on input. This preserves the original
data in the database while still protecting against XSS attacks.

* Add validation for definition_fk foreign key in attribute definitions

Validate definition_group input before saving:
- Must be a positive integer (> 0)
- Must exist in attribute_definitions table
- Must be of type GROUP to ensure data integrity

Also add translation for definition_invalid_group error message
in all 45 language files (English placeholder for translations).

* Refactor definition_fk validation into single conditional statement

* Add esc() to attribute value outputs for XSS protection

- Add esc() to TEXT input value in item.php
- Add esc() to definition_unit in form.php

These fields display user-provided content and need output escaping
to prevent stored XSS attacks.

* Refactor definition_group validation into separate method

Extract validation logic for definition_fk into validateDefinitionGroup()
private method to improve code readability and reduce method complexity.

Returns:
- null if input is empty (no group selected)
- false if validation fails (invalid group)
- integer ID if valid

* Add translations for definition_invalid_group in all languages

- Added proper translations for 28 languages (de, es, fr, it, nl, pl, pt-BR, ru, tr, uk, th, zh-Hans, zh-Hant, ro, sv, vi, id, el, he, fa, hu, da, sw-KE, sw-TZ, ar-LB, ar-EG)
- Set empty string for 14 languages to fallback to English (cs, hr-HR, bg, bs, ckb, hy, km, lo, ml, nb, ta, tl, ur, az)

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-14 15:33:58 +00:00
jekkos
c482e75304 Fix DECIMAL attribute not respecting locale format (#4422) 
* Fix DECIMAL attribute not respecting locale format

Issue: DECIMAL attribute values were displayed as raw database values
instead of being formatted according to the user's locale settings.

Fix:
1. Modified Attribute::get_definitions_by_flags() to optionally return
   definition types along with names (new $include_types parameter)
2. Updated expand_attribute_values() in tabular_helper.php to detect
   DECIMAL attributes and apply to_decimals() locale formatting
3. Updated callers (Reports, Items table) to pass include_types=true
   where attributes are displayed

The DECIMAL values in table views (items, sales reports, receiving reports)
now respect the configured locale number format, matching DATE attributes
which already use locale-based formatting.

* Apply PSR-12 camelCase naming to new variables

Response to PR review comments:
- Rename  to
- Rename  to
- Rename  to

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 21:23:52 +00:00
jekkos
afc2f82dc6 Fix PHPUnit environment variables not being set (#4434) 
PHPUnit 10+/11+ requires force="true" attribute on <env> elements
to properly set environment variables. Without this attribute, the
database connection env vars were not being set during test bootstrap,
causing tests to fail silently with empty junit.xml output.

This fix adds force="true" to all <env> elements in phpunit.xml.dist.

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 18:54:29 +00:00
jekkos
ce411707b4 Fix SQL injection in suggestions column configuration (#4421) 
* Fix SQL injection in suggestions column configuration

The suggestions_first_column, suggestions_second_column, and
suggestions_third_column configuration values were concatenated
directly into SQL SELECT statements without validation, allowing
SQL injection attacks through the item search suggestions.

Changes:
- Add whitelist validation in Config controller to only allow
  valid column names (name, item_number, description, cost_price,
  unit_price)
- Add defensive validation in Item model's get_search_suggestion_format()
  and get_search_suggestion_label() methods
- Default invalid values to 'name' column for safety
- Add unit tests to verify malicious inputs are rejected

This is a critical security fix as attackers with config permissions
could inject arbitrary SQL through these configuration fields.

Vulnerability reported as additional injection point in bug report.

* Refactor: Move allowed suggestions columns to Item model constants

Extract the list of valid suggestion columns into two constants in the Item model for better cohesion:
- ALLOWED_SUGGESTIONS_COLUMNS: valid column names
- ALLOWED_SUGGESTIONS_COLUMNS_WITH_EMPTY: includes empty string for config validation

This consolidates the validation logic in one place and makes it reusable across Config controller and Item model.

* Address PR review comments: improve validation and code quality

Changes:
- Use camelCase naming for validateSuggestionsColumn() method (PSR-12)
- Add field-aware validation with different fallbacks for first vs other columns
- Handle non-string POST input by checking is_string() before validation
- Refactor duplicate validation logic into suggestionColumnIsAllowed() helper
- Use consistent camelCase variable names ($suggestionsFirstColumn)
- Update tests to validate constants and behavior rather than implementation
- Tests now focus on security properties of the allowlist itself

The validation now properly handles:
- First column: defaults to 'name' when invalid
- Second/Third columns: defaults to '' (empty) when invalid
- Non-string inputs: treated as invalid with appropriate fallback

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 18:13:54 +00:00
jekkos
37c6e22fc4 Update SECURITY.md with published security advisories (#4431) 
- Add Security Advisories section with 4 published CVEs
- Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits
- Update supported versions table to reflect current state (>= 3.4.2)
- Add link to GitHub Security Advisories page for complete list

CVEs added:
- CVE-2025-68434: CSRF leading to Admin Creation (8.8)
- CVE-2025-68147: Stored XSS in Return Policy (8.1)
- CVE-2025-66924: Stored XSS in Item Kits (7.2)
- CVE-2025-68658: Stored XSS in Company Name (4.3)

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 17:53:32 +00:00
jekkos
3c7ece5c33 Fix permission bypass in Sales.getManage() access control (#4428) 
The redirect() in getManage() returned a RedirectResponse that was never
executed, allowing unauthorized access to reports_sales. Updated method
signature to return ResponseInterface|string and properly return the
redirect response.

Refs: GHSA-94jm-c32g-48r5

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 17:52:07 +00:00
jekkos
02fccaf43f Fix XSS vulnerability in tax invoice view (#4432) 
Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 16:09:04 +00:00
jekkos
ee4d44ed39 Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch) (#4427) 
* Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch)

The previous authorization check using can_modify_employee() was too
permissive - it allowed non-admin users to change other non-admin users'
passwords. For password changes, users should only be able to change
their own password. Only admins should be able to change any user's
password.

This fix replaces the can_modify_employee() check with a stricter
authorization that only allows:
- Users to change their own password
- Admins to change any user's password

Affected endpoints:
- GET /home/changePassword/{employee_id}
- POST /home/save/{employee_id}

Added tests to verify non-admin users cannot access or change other
non-admin users' passwords.

* Address PR review feedback

- Replace header/exit redirect with proper 403 response in getChangePassword
- Refactor createNonAdminEmployee helper to accept overrides array
- Simplify tests by reusing the helper
- Update tests to expect 403 response instead of redirect

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 12:13:21 +01:00
jekkos
fa3f257e7b Fix PHPUnit test configuration for database connectivity (#4430) 
- Add database.tests.* environment variables to phpunit.xml.dist
- Set hostname to 127.0.0.1 to match CI MariaDB container
- Add MYSQL_* env vars for Database.php compatibility
- Tests were not running because database connection failed silently

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-13 10:38:37 +01:00
jekkos
431a9951e9 Fix filter persistence javascript issues (#4400) 2026-03-11 23:03:21 +01:00
jekkos
f7e8d6e427 Add filter persistence for table views via URL query string (#4400) 
This commit adds URL-based filter persistence for table views, allowing
users to navigate away from a filtered view (e.g., clicking into sale
details) and return without losing their filter settings.

The solution uses history.replaceState() to update the URL without
triggering a page reload, providing a seamless user experience while
maintaining shareable/bookmarkable URLs.

Fixes navigation issue where filters are lost when viewing details or
navigating away from table views.

* Move filter restoration to server-side for cleaner architecture

Changes:
- Controllers now restore filters from URL query string on initial page load:
  * Sales.php: Reads start_date, end_date, and filters[] from GET
  * Items.php: Reads start_date, end_date, filters[], and stock_location
  * Expenses.php: Reads start_date, end_date, and filters[]
  * Cashups.php: Reads start_date, end_date, and filters[]

- Views now receive restored filter values from controllers:
  * Server-side date override via JavaScript variables
  * form_multiselect() receives $selected_filters from controller
  * Removed setTimeout hack from table_filter_persistence.php

- Simplified table_filter_persistence.php:
  * Now only handles URL updates on filter changes
  * No longer responsible for restoring state
  * Cleaner, single responsibility (client-side URL management)

Benefits:
- Works without JavaScript for initial render
- Cleaner architecture (server controls initial state)
- Client-side JS only handles "live" filter updates
- Filters persist across navigation via URL query string
- Shareable/bookmarkable URLs

How it works:
1. User visits /sales/manage?start_date=2024-01-01&filters[]=only_cash
2. Controller reads GET params and passes to view
3. View renders with correct initial filter values
4. User changes filter → JavaScript updates URL via replaceState()
5. User navigates away and back → Controller restores from URL again

* Refactor filter restoration into helper function and use PSR-12 naming

* Use array_merge with helper to reduce code duplication

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-11 20:11:00 +01:00
dependabot[bot]
85889b6e65 Bump jspdf from 4.1.0 to 4.2.0 (#4383) 
Bumps [jspdf](https://github.com/parallax/jsPDF) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/parallax/jsPDF/releases)
- [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md)
- [Commits](https://github.com/parallax/jsPDF/compare/v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: jspdf
  dependency-version: 4.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: objecttothis <17935339+objecttothis@users.noreply.github.com>
 2026-03-11 16:36:53 +04:00
Ollama
6818f02ef9 Update SECURITY.md with published security advisories 
- Add Security Advisories section with 4 published CVEs
- Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits
- Update supported versions table to reflect current state (>= 3.4.2)
- Add link to GitHub Security Advisories page for complete list

CVEs added:
- CVE-2025-68434: CSRF leading to Admin Creation (8.8)
- CVE-2025-68147: Stored XSS in Return Policy (8.1)
- CVE-2025-66924: Stored XSS in Item Kits (7.2)
- CVE-2025-68658: Stored XSS in Company Name (4.3)
 2026-03-10 22:28:09 +01:00
Ollama
436696b11b Add workflow to auto-update issue templates with releases 
Adds a GitHub Actions workflow that automatically updates the
OpensourcePOS Version dropdown in bug report and feature request
templates when new releases are published.

Fixes #4317
 2026-03-10 22:26:49 +01:00
Ollama
9a2b308647 Sync language files (#3468) 
- Add csv_import_invalid_location to Items.php for CSV import validation
- Add error_deleting_admin and error_updating_admin to Employees.php for admin protection messages

Strings added with empty values so they fallback to English and show as untranslated in Weblate.
 2026-03-09 07:45:19 +01:00
Ollama
1f55d96580 Fix mass assignment vulnerability in bulk edit (GHSA-49mq-h2g4-grr9) 
The bulk edit function iterated over all $_POST keys without a whitelist,
allowing authenticated users to inject arbitrary database columns (e.g.,
cost_price, deleted, item_type) into the update query. This bypassed
CodeIgniter 4's $allowedFields protection since Query Builder was used
directly.

Fix: Add ALLOWED_BULK_EDIT_FIELDS constant to Item model defining the
explicit whitelist of fields that can be bulk-updated. Use this constant
in the controller instead of iterating over $_POST directly.

Fields allowed: name, category, supplier_id, cost_price, unit_price,
reorder_level, description, allow_alt_description, is_serialized

Security impact: High (CVSS 8.1) - Could allow price manipulation and
data integrity violations.
 2026-03-08 22:49:12 +01:00
Ollama
b2fadea44a Fix broken SQL injection fix - use havingLike() instead of having() with named params 
The previous SQL injection fix (GHSA-hmjv-wm3j-pfhw) used named parameter
syntax :search: with having(), but CodeIgniter 4's having() method does
not support named parameters. This caused the query to fail.

The fix uses havingLike() which properly:
- Escapes the search value to prevent SQL injection
- Handles the LIKE clause construction internally (wraps value with %)
- Works correctly with HAVING clauses for aggregated columns

This maintains the security fix while actually working on CI4.
 2026-03-08 22:48:43 +01:00
Ollama
0fdb3ba37b Fix payment type becoming null when editing sales 
When localization uses dot (.) as thousands separator (e.g., it_IT, es_ES, pt_PT),
the payment_amount value was displayed as raw float (e.g., '10.50') but parsed
using parse_decimals() which expects locale-formatted numbers.

In these locales, '.' is thousands separator and ',' is decimal separator.
parse_decimals('10.50') would return false, causing the condition
 != 0 to evaluate incorrectly (false == 0 in PHP),
resulting in the payment being deleted instead of updated.

Fix: Use to_currency_no_money() to format payment_amount and cash_refund
values according to locale before displaying in the form, so parse_decimals()
can correctly parse them on submission.
 2026-03-08 22:34:47 +01:00
jekkos
d7b2264ac1 Fix: Preserve CHECKBOX attribute state when adding attributes (#4385) 
Modified definition_values() function in app/Views/attributes/item.php to properly handle checkbox attributes.

The issue was that checkbox attributes have two input elements (hidden and checkbox) with the same name pattern. When collecting attribute values during the refresh operation, both inputs were being processed, with the hidden input potentially overwriting the checkbox state.

Changes:
- Skip hidden inputs that have a corresponding checkbox input
- For checkbox inputs, explicitly capture the checked state using prop('checked')
- Convert checked state to '1' or '0' for consistency

This ensures that when adding another attribute to an item, existing checkbox states are preserved correctly.
 2026-03-08 22:31:02 +01:00
Ollama
a229bf6031 Fix stored XSS vulnerabilities in employee permissions and customer data 
1. Stock Location XSS (GHSA-7hg5-68rx-xpmg):
   - Stock location names were rendered unescaped in employee form
   - Malicious stock locations could contain XSS payloads that execute
     when viewing employee permissions
   - Fixed by adding esc() to permission display in employees/form.php

2. Customer Name XSS (GHSA-hcfr-9hfv-mcwp):
   - Bootstrap-table columns had escape disabled for customer_name,
     email, phone_number, and note fields
   - Malicious customer names could execute XSS in Daily Sales view
   - Fixed by removing user-controlled fields from escape exception list
   - Only 'edit', 'messages', and 'item_pic' remain in exception list
     (these contain safe server-generated HTML)

Both vulnerabilities allow authenticated attackers with basic permissions
to inject JavaScript that executes in admin/other user sessions.
 2026-03-08 18:42:30 +01:00
Ollama
977fa5647b Fix stored XSS vulnerability in item descriptions 
GHSA-q58g-gg7v-f9rf: Stored XSS via Item Description

Security Impact:
- Authenticated users with item management permission can inject XSS payloads
- Payloads execute in POS register view (sales and receivings)
- Can steal session cookies, perform CSRF attacks, or compromise POS operations

Root Cause:
1. Input: Items.php:614 accepts description without sanitization
2. Output: register.php:255 and receiving.php:220 echo description without escaping

Fix Applied:
- Input sanitization: Added FILTER_SANITIZE_FULL_SPECIAL_CHARS to description POST
- Output escaping: Added esc() wrapper when echoing item descriptions
- Defense-in-depth approach: sanitize on input, escape on output

Files Changed:
- app/Controllers/Items.php - Sanitize description on save
- app/Views/sales/register.php - Escape description on display
- app/Views/receivings/receiving.php - Escape description on display

Testing:
- XSS payloads like '<script>alert(1)</script>' are now sanitized on input
- Any existing malicious descriptions are escaped on output
- Does not break legitimate descriptions with special characters
 2026-03-07 20:51:48 +01:00
Ollama
52b0a83190 Fix SQL injection in custom attribute search 
Parameterize LIKE queries in HAVING clause to prevent SQL injection
when search_custom filter is enabled. Also sanitize search parameter
input at controller level for defense-in-depth.

Fixes vulnerability where user input was directly interpolated into
SQL queries without sanitization.
 2026-03-07 19:10:42 +01:00
jekkos
f25a0f5b09 Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase 
- Move admin modules list from is_admin method to ADMIN_MODULES constant
- Rename is_admin() to isAdmin() following CodeIgniter naming conventions
- Rename can_modify_employee() to canModifyEmployee() following conventions
- Update all callers in Employees controller and tests
 2026-03-06 17:25:25 +01:00
jekkos
f0f288797a Add migration to fix existing image filenames with spaces (#4372) 
This migration will:
- Scan all items for filenames containing spaces
- Rename both original and thumbnail files on the filesystem
- Update database records with sanitized filenames
- Only process files that actually exist on the filesystem
 2026-03-06 17:09:52 +01:00
jekkos
63083a0946 Fix: Sanitize image filenames to prevent thumbnail display issues (#4372) 
When uploading item images with filenames containing spaces, the thumbnails fail to load due to Apache mod_rewrite rejecting URLs with spaces.

Changes:
- Modified upload_image() method to sanitize filenames by replacing spaces and special characters with underscores
- Uses regex to keep only alphanumeric, underscores, hyphens, and periods
- Preserves original filename in 'orig_name' field for reference
- Fixes issue where thumbnail URLs would fail with 'AH10411: Rewritten query string contains control characters or spaces'

Example: 'banana marsmellow.jpg' becomes 'banana_marsmellow.jpg'

Fixes: #4372
 2026-03-06 17:09:52 +01:00
jekkos
3a33098776 Fix: Handle image filenames with spaces in thumbnails 
- URL-encode filenames when constructing image/thumbnail URLs
- Decode filename parameter in getPicThumb() controller
- Prevents Apache AH10411 error with spaces in rewritten URLs

Fixes #4372
 2026-03-06 17:09:52 +01:00
jekkos
ca6a1b35af Add row-level authorization to password change endpoints (#4401) 
* fix(security): add row-level authorization to password change endpoints

- Prevents non-admin users from viewing other users' password forms
- Prevents non-admin users from changing other users' passwords
- Uses can_modify_employee() check consistent with Employees controller fix
- Addresses BOLA vulnerability in Home controller (GHSA-q58g-gg7v-f9rf)

* test(security): add BOLA authorization tests for Home controller

- Test non-admin cannot view/change admin password
- Test user can view/change own password
- Test admin can view/change any password
- Test default employee_id uses current user
- Add JUnit test result upload to CI workflow

* refactor: apply PSR-12 naming and add DEFAULT_EMPLOYEE_ID constant

- Add DEFAULT_EMPLOYEE_ID constant to Constants.php
- Rename variables to follow PSR-12 camelCase convention
- Use ternary for default employee ID assignment

* refactor: use NEW_ENTRY constant instead of adding DEFAULT_EMPLOYEE_ID

Reuse existing NEW_ENTRY constant for default employee ID parameter.
Avoids adding redundant constants to Constants.php with same value (-1).

---------

Co-authored-by: jekkos <jeroen@steganos.dev>
 2026-03-06 17:08:36 +01:00
jekkos
418580a52d Fix second-order SQL injection in currency_symbol config (#4390) 
* Fix second-order SQL injection in currency_symbol config

The currency_symbol value was concatenated directly into SQL queries
without proper escaping, allowing SQL injection attacks via the
Summary Discounts report.

Changes:
- Use $this->db->escape() in Summary_discounts::getData() to properly
  escape the currency symbol value before concatenation
- Add htmlspecialchars() validation in Config::postSaveLocale() to
  sanitize the input at storage time
- Add unit tests to verify escaping of malicious inputs

Fixes SQL injection vulnerability described in bug report where
attackers with config permissions could inject arbitrary SQL through
the currency_symbol field.

* Update test to use CIUnitTestCase for consistency

Per code review feedback, updated test to extend CIUnitTestCase
instead of PHPUnit TestCase to maintain consistency with other
tests in the codebase.

---------

Co-authored-by: Ollama <ollama@steganos.dev>
 2026-03-06 17:01:38 +01:00
jekkos
31d25e06dc fix(security): whitelist and validate invoice template types (#4393) 
- Add whitelist validation for invoice_type to prevent path traversal and LFI
- Validate invoice_type against allowed values in Sale_lib
- Sanitize invoice_type input in Config controller before saving
- Default to 'invoice' template for invalid types

Security: Prevents arbitrary file inclusion via user-controlled invoice_type config
 2026-03-06 13:18:47 +01:00
jekkos
b1819b3b36 dd validation for invalid stock locations in CSV import (#4399) 
- Add validateCSVStockLocations() method to check CSV columns against allowed locations
- Log error when invalid stock location columns are detected
- Tests for valid, invalid, and mixed stock location columns
- Tests for location name case sensitivity
- Tests for CSV parsing and detecting location columns
- Add error message language string for invalid locations

Co-authored-by: objecttothis <17935339+objecttothis@users.noreply.github.com>
 2026-03-06 13:17:52 +01:00
jekkos
6705420373 Fix incorrect argument types in migration round_number() methods (#4403) 
The round_number() method signature declares $amount as string, but the
HALF_FIVE case and other rounding operations pass string values to round()
and other arithmetic operations which expect numeric types. This causes
type errors when strict type checking is enabled.

Fix by casting $amount to float before arithmetic operations in both
migration files:
- 20170502221506_sales_tax_data.php (line 268)
- 20200202000000_taxamount.php (line 244)

Also cast sale_tax_amount to float in round_sales_taxes() method before
passing to round() operations (lines 381 in sales_tax_data.php and 358 in
taxamount.php).

Fixes #4324
 2026-03-06 13:07:24 +01:00
dependabot[bot]
d6b767c80a Bump dompurify from 3.3.1 to 3.3.2 (#4402) 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-05 21:54:49 +01:00
jekkos
19eb43270a Fix broken object-level authorization in Employees controller (CVE-worthy) (#4391) 
- Non-admin employees can no longer view/modify admin accounts
- Non-admin employees can no longer delete admin accounts
- Non-admin employees can only grant permissions they themselves have
- Added is_admin() and can_modify_employee() methods to Employee model
- Prevents privilege escalation via permission grants

Add tests for BOLA fix and permission delegation

- EmployeeTest: Unit tests for is_admin() and can_modify_employee() methods
- EmployeesControllerTest: Test cases for authorization checks (integration tests require DB)
- ReportsControllerTest: Test validating the constructor redirect fix pattern

Fix return type error in Employees controller

Use $this->response->setJSON() instead of echo json_encode() + return
to properly satisfy the ResponseInterface return type.
 2026-03-05 19:46:39 +01:00
jekkos
df4549bb0b Fix Docker image upload by replacing slashes in TAG 2026-03-05 14:46:45 +00:00
jekkos
bdc965be23 Fix: Refresh session language for employee after update. (#4245) 2026-03-04 22:43:52 +01:00
Lucas Lyimo
5c8905aa1b Language Array Key Typo Fix (#4371) 
* Fix typo in stock location translation

* Fix typo in stock location key

* Fix typo in Language Receivings files stock_location

* Add Swahili-TZ Language Files

* Add Swahili-KE Language Files
 2026-03-04 22:06:17 +01:00
jekkos
690f43578d Use Content-Type application/json for AJAX responses (#4357) 
Complete Content-Type application/json fix for all AJAX responses

- Add missing return statements to all ->response->setJSON() calls
- Fix Items.php method calls from JSON() to setJSON()
- Convert echo statements to proper JSON responses
- Ensure consistent Content-Type headers across all controllers
- Fix 46+ instances across 12 controller files
- Change Config.php methods to : ResponseInterface (all return setJSON only):
  - postSaveRewards(), postSaveBarcode(), postSaveReceipt()
  - postSaveInvoice(), postRemoveLogo()
  - Update PHPDoc @return tags

- Change Receivings.php _reload() to : string (only returns view)
- Change Receivings.php methods to : string (all return _reload()):
  - getIndex(), postSelectSupplier(), postChangeMode(), postAdd()
  - postEditItem(), getDeleteItem(), getRemoveSupplier()
  - postComplete(), postRequisitionComplete(), getReceipt(), postCancelReceiving()
- Change postSave() to : ResponseInterface (returns setJSON)
- Update all PHPDoc @return tags

Fix XSS vulnerabilities in sales templates, login, and config pages

This commit addresses 5 XSS vulnerabilities by adding proper escaping
to all user-controlled configuration values in HTML contexts.

Fixed Files:
- app/Views/sales/invoice.php: Escaped company_logo (URL context) and company (HTML)
- app/Views/sales/work_order.php: Escaped company_logo (URL context)
- app/Views/sales/receipt_email.php: Added file path validation and escaping for logo
- app/Views/login.php: Escaped all config values in title, logo src, and alt
- app/Views/configs/info_config.php: Escaped company_logo (URL context)

Security Impact:
- Prevents stored XSS attacks if configuration is compromised
- Defense-in-depth principle applied to administrative interfaces
- Follows OWASP best practices for output encoding

Testing:
- Verified no script execution with XSS payloads in config values
- Confirmed proper escaping in HTML, URL, and file contexts
- All templates render correctly with valid configuration

Severity: High (4 files), Medium-High (1 file)
CVSS Score: ~6.1
CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation)

Fix critical password validation bypass and add unit tests

This commit addresses a critical security vulnerability where the password
minimum length check was performed on the HASHED password (always 60
characters for bcrypt) instead of the actual password before hashing.

Vulnerability Details:
- Original code: strlen($employee_data['password']) >= 8
- This compared the hash length (always 60) instead of raw password
- Impact: Users could set 1-character passwords like "a"
- Severity: Critical (enables brute force attacks on weak passwords)
- CVE-like issue: CWE-307 (Improper Restriction of Excessive Authentication Attempts)

Fix Applied:
- Validate password length BEFORE hashing
- Clear error message when password is too short
- Added unit tests to verify minimum length enforcement
- Regression test to prevent future vulnerability re-introduction

Test Coverage:
- testPasswordMinLength_Rejects7Characters: Verify 7 chars rejected
- testPasswordMinLength_Accepts8Characters: Verify 8 chars accepted
- testPasswordMinLength_RejectsEmptyString: Verify empty rejected
- testPasswordMinLength_RejectsWhitespaceOnly: Verify whitespace rejected
- testPasswordMinLength_AcceptsSpecialCharacters: Verify special chars OK
- testPasswordMinLength_RejectsPreviousBehavior: Regression test for bug

Files Modified:
- app/Controllers/Home.php: Fixed password validation logic
- tests/Controllers/HomeTest.php: Added comprehensive unit tests

Security Impact:
- Enforces 8-character minimum password policy
- Prevents extremely weak passwords that facilitate brute-force attacks
- Critical for credential security and user account protection

Breaking Changes:
- Users with passwords < 8 characters will need to reset their password
- This is the intended security improvement

Severity: Critical
CVSS Score: ~7.5
CWE: CWE-305 (Authentication Bypass by Primary Weakness), CWE-307

Add GitHub Actions workflow to run PHPUnit tests

Move business logic from views to controllers for better separation of concerns

- Move logo URL computation from info_config view to Config::getIndex()
- Move image base64 encoding from receipt_email view to Sales controller
- Improves separation of concerns by keeping business logic in controllers
- Simplifies view templates to only handle presentation

Fix XSS vulnerabilities in report views - escape user-controllable summary data and labels

Fix base64 encoding URL issue in delete payment - properly URL encode base64 string

Fix remaining return type declarations for Sales controller

Fixed additional methods that call _reload():
- postAdd() - returns _reload($data)
- postAddPayment() - returns _reload($data)
- postEditItem() - returns _reload($data)
- postSuspend() - returns _reload($data)
- postSetPaymentType() - returns _reload()

All methods now return ResponseInterface|string to match _reload() signature.
This resolves PHP TypeError errors.
 2026-03-04 21:42:35 +01:00
jekkos
0858a1c23c Fix permission bypass in Reports submodule access control (#4389) 
The redirect() in constructor returned a RedirectResponse that was never executed, allowing unauthorized access to report submodules. Replaced with header() + exit() to enforce permission checks.
 2026-03-04 21:18:42 +01:00
jekkos
3c217bbddd Fix XSS vulnerabilities in invoice_email.php view 2026-03-04 17:54:01 +00:00
jekkos
87a0606141 Fix XSS vulnerability in register (#3965) 2026-03-03 22:40:50 +01:00
jekkos
b6a90f7880 Fix XSS vulnerability in register (#3965) 2026-03-03 22:37:08 +01:00
jekkos
b93359bcaf Fix XSS vulnerability in attributes (#3965) 2026-03-03 22:28:32 +01:00
331 changed files with 9290 additions and 1579 deletions
Expand all files Collapse all files

55
.dockerignore
View File

@@ -1,23 +1,56 @@
node_modules
tmp
# Version control
.git
.gitignore
# Sensitive config (user may mount their own)
app/Config/Email.php
# Build artifacts
node_modules/
dist/
tmp/
*.patch
patches/
# IDE and editor files
.idea/
git-svn-diff.py
*.bash
.vscode/
.swp
*.swp
.buildpath
.project
.settings/*
.git
dist/
node_modules/
*.swp
.settings/
# Development tools and configs
tests/
phpunit.xml
.php-cs-fixer.*
phpstan.neon
*.bash
git-svn-diff.py
# Documentation
*.md
!LICENSE
branding/
# Build configs (not needed at runtime)
composer.json
composer.lock
package.json
package-lock.json
gulpfile.js
.env.example
.dockerignore
# Temporary and backup files
*.rej
*.orig
*~
*.~
*.log
app/writable/session/*
!app/writable/session/index.html
# CI
.github/
.github/workflows/
build/

29
.env.example
View File

@@ -4,6 +4,35 @@
CI_ENVIRONMENT = production
#--------------------------------------------------------------------
# SECURITY: ALLOWED HOSTNAMES
#--------------------------------------------------------------------
# IMPORTANT: Whitelist of allowed hostnames to prevent Host Header
# Injection attacks (GHSA-jchf-7hr6-h4f3).
#
# If not configured, the application will default to 'localhost',
# which may break functionality in production.
#
# Configure this with all domains/subdomains that host your application:
# - Primary domain
# - WWW subdomain (if used)
# - Any alternative domains
#
# Examples:
# Single domain:
# app.allowedHostnames.0 = 'example.com'
#
# Multiple domains:
# app.allowedHostnames.0 = 'example.com'
# app.allowedHostnames.1 = 'www.example.com'
# app.allowedHostnames.2 = 'demo.opensourcepos.org'
#
# For localhost development:
# app.allowedHostnames.0 = 'localhost'
#
# Note: Do not include the protocol (http/https) or port number.
#app.allowedHostnames.0 = ''
#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------

61
.github/workflows/README.md vendored Normal file
View File

@@ -0,0 +1,61 @@
# GitHub Actions
This document describes the CI/CD workflows for OSPOS.
## Build and Release Workflow (`.github/workflows/build-release.yml`)
### Build Process
- Setup PHP 8.2 with required extensions
- Setup Node.js 20
- Install composer dependencies
- Install npm dependencies
- Build frontend assets with Gulp
### Docker Images
- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
- On master: tagged with version and `latest`
- On other branches: tagged with version only
- Pushed to Docker Hub
### Releases
- Create distribution archives (tar.gz, zip)
- Create/update GitHub "unstable" release on master branch only
## Required Secrets
To use this workflow, you need to add the following secrets to your repository:
1. **DOCKER_USERNAME** - Docker Hub username for pushing images
2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
### How to add secrets
1. Go to your repository on GitHub
2. Click **Settings****Secrets and variables****Actions**
3. Click **New repository secret**
4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
## Workflow Triggers
- **Push to master** - Runs build, Docker push (with `latest` tag), and release
- **Push to other branches** - Runs build and Docker push (version tag only)
- **Push tags** - Runs build and Docker push (version tag only)
- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
## Existing Workflows
This repository also has these workflows:
- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
- `.github/workflows/php-linter.yml` - PHP linting
## Testing
PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
To test the build workflow:
1. Add the required secrets
2. Push to master or create a PR
3. Monitor the Actions tab in GitHub

218
.github/workflows/build-release.yml vendored Normal file
View File

@@ -0,0 +1,218 @@
name: Build and Release
on:
push:
branches:
- master
tags:
- '*'
pull_request:
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
version-tag: ${{ steps.version.outputs.version-tag }}
short-sha: ${{ steps.version.outputs.short-sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
extensions: intl, mbstring, mysqli, gd, bcmath, zip
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache composer dependencies
uses: actions/cache@v4
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v4
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install composer dependencies
run: composer install --no-dev --optimize-autoloader
- name: Install npm dependencies
run: npm ci
- name: Install gulp globally
run: npm install -g gulp-cli
- name: Get version info
id: version
run: |
VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///')
TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '-')
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
env:
GITHUB_TAG: ${{ github.ref_name }}
- name: Create .env file
run: |
cp .env.example .env
sed -i 's/production/development/g' .env
- name: Update commit hash
run: |
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
- name: Build frontend assets
run: npm run build
- name: Create distribution archives
run: |
set -euo pipefail
gulp compress
VERSION="${{ steps.version.outputs.version }}"
SHORT_SHA="${{ steps.version.outputs.short-sha }}"
mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist-${{ steps.version.outputs.short-sha }}
path: dist/
retention-days: 7
- name: Upload build context for Docker
uses: actions/upload-artifact@v4
with:
name: build-context-${{ steps.version.outputs.short-sha }}
path: |
.
!.git
!node_modules
retention-days: 1
docker:
name: Build Docker Image
runs-on: ubuntu-22.04
needs: build
if: github.event_name == 'push'
steps:
- name: Download build context
uses: actions/download-artifact@v4
with:
name: build-context-${{ needs.build.outputs.short-sha }}
path: .
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine Docker tags
id: tags
run: |
BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '-')
if [ "$BRANCH" = "master" ]; then
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:latest" >> $GITHUB_OUTPUT
else
echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
fi
env:
GITHUB_REF: ${{ github.ref }}
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
target: ospos
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.tags.outputs.tags }}
release:
name: Create Release
needs: build
runs-on: ubuntu-22.04
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: dist-${{ needs.build.outputs.short-sha }}
path: dist/
- name: Get version info
id: version
run: |
VERSION="${{ needs.build.outputs.version }}"
SHORT_SHA=$(git rev-parse --short=6 HEAD)
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
- name: Create/Update unstable release
uses: softprops/action-gh-release@v2
with:
tag_name: unstable
name: Unstable OpenSourcePOS
body: |
This is a build of the latest master which might contain bugs. Use at your own risk.
Check the releases section for the latest official release.
files: |
dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
prerelease: true
draft: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

71
.github/workflows/codeql-analysis.yml vendored
View File

@@ -1,71 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '21 12 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

33
.github/workflows/opencode.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: opencode
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
opencode:
if: |
contains(github.event.comment.body, ' /oc') ||
startsWith(github.event.comment.body, '/oc') ||
contains(github.event.comment.body, ' /opencode') ||
startsWith(github.event.comment.body, '/opencode')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
issues: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Run opencode
uses: anomalyco/opencode/github@latest
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
with:
model: anthropic/claude-3-haiku-20240307

122
.github/workflows/phpunit.yml vendored Normal file
View File

@@ -0,0 +1,122 @@
name: PHPUnit Tests
on:
push:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
pull_request:
paths:
- '**.php'
- 'spark'
- 'tests/**'
- '.github/workflows/phpunit.yml'
- 'gulpfile.js'
- 'app/Database/**'
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
test:
name: PHP ${{ matrix.php-version }} Tests
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
php-version:
- '8.1'
- '8.2'
- '8.3'
- '8.4'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-version }}
extensions: intl, mbstring, mysqli
coverage: none
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Get npm cache directory
run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ${{ env.NPM_CACHE_DIR }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install npm dependencies
run: npm install
- name: Start MariaDB
run: |
docker run -d --name mysql \
-e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_DATABASE=ospos \
-e MYSQL_USER=admin \
-e MYSQL_PASSWORD=pointofsale \
-p 3306:3306 \
mariadb:10.5
# Wait for MariaDB to be ready
until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
echo "Waiting for MariaDB..."
sleep 2
done
echo "MariaDB is ready!"
- name: Get composer cache directory
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
- name: Cache dependencies
uses: actions/cache@v3
with:
path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-${{ matrix.php-version }}-
${{ runner.os }}-
- name: Install dependencies
run: composer update --ansi --no-interaction
- name: Create .env file
run: cp .env.example .env
- name: Run PHPUnit tests
env:
CI_ENVIRONMENT: testing
MYSQL_HOST_NAME: 127.0.0.1
run: composer test -- --log-junit test-results/junit.xml
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: test-results-php-${{ matrix.php-version }}
path: test-results/
retention-days: 30
- name: Stop MariaDB
if: always()
run: docker stop mysql && docker rm mysql

72
.github/workflows/update-issue-templates.yml vendored Normal file
View File

@@ -0,0 +1,72 @@
name: Update Issue Templates
on:
release:
types: [published]
workflow_dispatch:
schedule:
- cron: '0 0 * * 0'
jobs:
update-templates:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Fetch releases and update templates
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Fetch releases from GitHub API
RELEASES=$(gh api repos/${{ github.repository }}/releases --jq '.[].tag_name' | head -n 10)
# Create temporary file with options
OPTIONS_FILE=$(mktemp)
echo " - development (unreleased)" >> "$OPTIONS_FILE"
while IFS= read -r release; do
echo " - opensourcepos $release" >> "$OPTIONS_FILE"
done <<< "$RELEASES"
update_template() {
local template="$1"
local template_path=".github/ISSUE_TEMPLATE/$template"
# Find the line numbers for the OpensourcePOS Version dropdown
start_line=$(grep -n "label: OpensourcePOS Version" "$template_path" | cut -d: -f1)
if [ -z "$start_line" ]; then
echo "Could not find OpensourcePOS Version in $template"
return 1
fi
# Find the options section and default line
options_start=$((start_line + 3))
default_line=$(grep -n "default:" "$template_path" | awk -F: -v opts="$options_start" '$1 > opts {print $1; exit}')
# Create new template file
head -n $((options_start - 1)) "$template_path" > "${template_path}.new"
cat "$OPTIONS_FILE" >> "${template_path}.new"
tail -n +$default_line "$template_path" >> "${template_path}.new"
mv "${template_path}.new" "$template_path"
echo "Updated $template"
}
update_template "bug report.yml"
update_template "feature_request.yml"
- name: Commit and push changes
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .github/ISSUE_TEMPLATE/*.yml
if git diff --staged --quiet; then
echo "No changes to commit"
else
git commit -m "Update issue templates with latest releases [skip ci]"
git push
fi

54
.travis.yml
View File

@@ -1,54 +0,0 @@
sudo: required
branches:
except:
- unstable
- weblate
services:
- docker
dist: jammy
language: node_js
node_js:
- 20
script:
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
- docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
- version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
- cp .env.example .env && sed -i 's/production/development/g' .env
- sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
- echo "$version-$branch-$rev"
- npm version "$version-$branch-$rev" --force || true
- sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
- npm ci && npm install -g gulp && npm run build
- docker build . --target ospos -t ospos
- docker build . --target ospos_test -t ospos_test
- docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
- docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
env:
global:
- BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
- TAG=${TRAVIS_TAG:-$BRANCH}
- date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
after_success:
- docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
"jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
- gulp compress
- mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
- mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
deploy:
- provider: releases
edge: true
file: dist/opensourcepos.$version.$rev.zip
name: "Unstable OpensourcePos"
overwrite: true
release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
prerelease: true
tag_name: unstable
user: jekkos
api_key:
secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
on:
branch: master

40
AGENTS.md Normal file
View File

@@ -0,0 +1,40 @@
# Agent Instructions
This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
## Code Style
- Follow PHP CodeIgniter 4 coding standards
- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
- Write PHP 8.1+ compatible code with proper type declarations
- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
## Development
- Create a new git worktree for each issue, based on the latest state of `origin/master`
- Commit fixes to the worktree and push to the remote
## Testing
- Run PHPUnit tests: `composer test`
- Tests must pass before submitting changes
## Build
- Install dependencies: `composer install && npm install`
- Build assets: `npm run build` or `gulp`
## Conventions
- Controllers go in `app/Controllers/`
- Models go in `app/Models/`
- Views go in `app/Views/`
- Database migrations in `app/Database/Migrations/`
- Use CodeIgniter 4 framework patterns and helpers
- Sanitize user input; escape output using `esc()` helper
## Security
- Never commit secrets, credentials, or `.env` files
- Use parameterized queries to prevent SQL injection
- Validate and sanitize all user input

32
Dockerfile
View File

@@ -1,28 +1,22 @@
FROM php:8.2-apache AS ospos
LABEL maintainer="jekkos"
RUN apt update && apt-get install -y libicu-dev libgd-dev
RUN a2enmod rewrite
RUN docker-php-ext-install mysqli bcmath intl gd
RUN apt-get update && apt-get install -y --no-install-recommends \
libicu-dev \
libgd-dev \
&& docker-php-ext-install mysqli bcmath intl gd \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& a2enmod rewrite
RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
WORKDIR /app
COPY . /app
RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
FROM ospos AS ospos_test
COPY --from=composer /usr/bin/composer /usr/bin/composer
RUN apt-get install -y libzip-dev wget git
RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
RUN docker-php-ext-install zip
RUN composer install -d/app
#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
WORKDIR /app/tests
CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
COPY --chown=www-data:www-data . /app
RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
&& ln -s /app/*[^public] /var/www \
&& rm -rf /var/www/html \
&& ln -nsf /app/public /var/www/html
FROM ospos AS ospos_dev

3
Dockerfile.test Normal file
View File

@@ -0,0 +1,3 @@
FROM php:8.4-cli
RUN apt-get update && apt-get install -y libicu-dev && docker-php-ext-install intl
WORKDIR /app

43
INSTALL.md
View File

@@ -6,22 +6,53 @@
- Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
- For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
## Security Configuration
### Allowed Hostnames (Required for Production)
OpenSourcePOS validates the Host header against a whitelist to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You must configure this for production deployments.**
Add the following to your `.env` file:
```
app.allowedHostnames.0 = 'yourdomain.com'
app.allowedHostnames.1 = 'www.yourdomain.com'
```
**For local development**, use:
```
app.allowedHostnames.0 = 'localhost'
```
If `allowedHostnames` is not configured:
1. A security warning will be logged
2. The application will fall back to 'localhost' as the hostname
3. This means URLs generated by the application (links, redirects, etc.) will point to 'localhost'
### HTTPS Behind Proxy
If your installation is behind a proxy with SSL offloading, set:
```
FORCE_HTTPS = true
```
## Local install
First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
2. Create/locate a new MySQL database to install Open Source Point of Sale into.
3. Execute the file `app/Database/database.sql` to create the tables needed.
4. Unzip and upload Open Source Point of Sale files to the web-server.
5. Open `.env` file and modify credentials to connect to your database if needed. (First copy .env.example to .env and update)
3. Unzip and upload Open Source Point of Sale files to the web-server.
4. If `.env` does not exist, copy `.env.example` to `.env`.
5. Open `.env` and modify credentials to connect to your database if needed.
6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
7. Go to your install `public` dir via the browser.
8. Log in using
- Username: admin
- Password: pointofsale
9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
9. Enjoy!
10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
10. Enjoy!
11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
## Local install using Docker

8
README.md
View File

@@ -8,7 +8,7 @@
</p>
<p align="center">
<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
<a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
<a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
<a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o
## 🙏 Credits
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
| --- | --- | --- |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |
| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |

37
SECURITY.md
View File

@@ -1,9 +1,9 @@
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Security Policy](#security-policy)
- [Supported Versions](#supported-versions)
- [Security Advisories](#security-advisories)
- [Reporting a Vulnerability](#reporting-a-vulnerability)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,14 +12,35 @@
## Supported Versions
We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
We release patches for security vulnerabilities.
| CVSS v3.0 | Supported Versions |
| --------- | -------------------------------------------------- |
| 7.3 | 3.3.5 |
| 9.8 | 3.3.6 |
| 6.8 | 3.4.2 |
| Version | Supported |
| --------- | ------------------ |
| >= 3.4.2 | :white_check_mark: |
| < 3.4.2 | :x: |
## Security Advisories
The following security vulnerabilities have been published:
### High Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
### Medium Severity
| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
|-----|--------------|------|-----------|----------|--------|
| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).
## Reporting a Vulnerability
Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**.
You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

60
app/Config/App.php
View File

@@ -55,13 +55,21 @@ class App extends BaseConfig
public string $baseURL; // Defined in the constructor
/**
* Allowed Hostnames in the Site URL other than the hostname in the baseURL.
* If you want to accept multiple Hostnames, set this.
*
* E.g.,
* When your site URL ($baseURL) is 'http://example.com/', and your site
* also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
* ['media.example.com', 'accounts.example.com']
* Allowed Hostnames for the Site URL.
*
* Security: This is used to validate the HTTP Host header to prevent
* Host Header Injection attacks. If the Host header doesn't match
* an entry in this list, the request will use the first allowed hostname.
*
* IMPORTANT: This MUST be configured for production deployments.
* If empty, the application will fall back to 'localhost'.
*
* Configure via .env file:
* app.allowedHostnames.0 = 'example.com'
* app.allowedHostnames.1 = 'www.example.com'
*
* For local development:
* app.allowedHostnames.0 = 'localhost'
*
* @var list<string>
*/
@@ -284,8 +292,44 @@ class App extends BaseConfig
{
parent::__construct();
$this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
$host = $this->getValidHost();
$this->baseURL = $this->https_on ? 'https' : 'http';
$this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
$this->baseURL .= '://' . $host . '/';
$this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
/**
* Validates and returns a trusted hostname.
*
* Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
* by validating the HTTP_HOST against a whitelist of allowed hostnames.
*
* @return string A validated hostname
*/
private function getValidHost(): string
{
$httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
if (empty($this->allowedHostnames)) {
log_message('warning',
'Security: allowedHostnames is not configured. ' .
'Host header injection protection is disabled. ' .
'Please set app.allowedHostnames in your .env file. ' .
'Received Host: ' . $httpHost
);
return 'localhost';
}
if (in_array($httpHost, $this->allowedHostnames, true)) {
return $httpHost;
}
log_message('warning',
'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
'Using fallback: ' . $this->allowedHostnames[0]
);
return $this->allowedHostnames[0];
}
}

29
app/Config/Boot/testing.php
View File

@@ -1,38 +1,23 @@
<?php
/*
* The environment testing is reserved for PHPUnit testing. It has special
* conditions built into the framework at various places to assist with that.
* You cant use it for your development.
*/
/*
|--------------------------------------------------------------------------
| ERROR DISPLAY
| ERROR DISPLAY
|--------------------------------------------------------------------------
| In development, we want to show as many errors as possible to help
| make sure they don't make it to production. And save us hours of
| painful debugging.
*/
*/
error_reporting(E_ALL);
ini_set('display_errors', '1');
/*
|--------------------------------------------------------------------------
| DEBUG BACKTRACES
| DEBUG BACKTRACES
|--------------------------------------------------------------------------
| If true, this constant will tell the error screens to display debug
| backtraces along with the other error information. If you would
| prefer to not see this, set this value to false.
*/
*/
defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
/*
|--------------------------------------------------------------------------
| DEBUG MODE
| DEBUG MODE
|--------------------------------------------------------------------------
| Debug mode is an experimental flag that can allow changes throughout
| the system. It's not widely used currently, and may not survive
| release of the framework.
*/
defined('CI_DEBUG') || define('CI_DEBUG', true);
*/
defined('CI_DEBUG') || define('CI_DEBUG', true);

5
app/Config/Constants.php
View File

@@ -169,3 +169,8 @@ const MAX_PRECISION = 1e14;
const DEFAULT_PRECISION = 2;
const DEFAULT_LANGUAGE = 'english';
const DEFAULT_LANGUAGE_CODE = 'en';
/**
* Admin modules - list of modules required for admin privileges
*/
const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

18
app/Config/Filters.php
View File

@@ -100,9 +100,25 @@ class Filters extends BaseFilters
* before or after URI patterns.
*
* Example:
* 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
* isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
*
* @var array<string, array<string, list<string>>>
*/
public array $filters = [];
/**
* Constructor to conditionally disable CSRF filter in testing environment
*/
public function __construct()
{
// Check for testing environment via env variable or constant
$isTesting = ($_ENV['CI_ENVIRONMENT'] ?? $_SERVER['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT')) === 'testing'
|| (defined('ENVIRONMENT') && ENVIRONMENT === 'testing');
// Remove CSRF filter from globals in testing environment
if ($isTesting) {
// Remove the 'csrf' key from $globals['before'] while preserving array structure
$this->globals['before'] = array_filter($this->globals['before'], static fn($key) => $key !== 'csrf', ARRAY_FILTER_USE_KEY);
}
}
}

4
app/Config/Security.php
View File

@@ -13,9 +13,9 @@ class Security extends BaseConfig
*
* Protection Method for Cross Site Request Forgery protection.
*
* @var string 'cookie' or 'session'
* @var string|false 'cookie', 'session', or false
*/
public string $csrfProtection = 'session';
public string|false $csrfProtection = 'session';
/**
* --------------------------------------------------------------------------

99
app/Controllers/Attributes.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Attribute;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
require_once('Secure_Controller.php');
@@ -24,19 +25,19 @@ class Attributes extends Secure_Controller
/**
* Gets and sends the main view for Attributes to the browser.
*
* @return void
* @return string
**/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_attribute_definition_manage_table_headers();
echo view('attributes/manage', $data);
return view('attributes/manage', $data);
}
/**
* Returns attribute table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -53,15 +54,15 @@ class Attributes extends Secure_Controller
$data_rows[] = get_attribute_definition_data_row($attribute_row);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* AJAX called function which saves the attribute value sent via POST by using the model save function.
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveAttributeValue(): void
public function postSaveAttributeValue(): ResponseInterface
{
$success = $this->attribute->saveAttributeValue(
html_entity_decode($this->request->getPost('attribute_value')),
@@ -70,32 +71,32 @@ class Attributes extends Secure_Controller
$this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false
);
echo json_encode(['success' => $success != 0]);
return $this->response->setJSON(['success' => $success != 0]);
}
/**
* AJAX called function deleting an attribute value using the model delete function.
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postDeleteDropdownAttributeValue(): void
public function postDeleteDropdownAttributeValue(): ResponseInterface
{
$success = $this->attribute->deleteDropdownAttributeValue(
html_entity_decode($this->request->getPost('attribute_value')),
$this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
);
echo json_encode(['success' => $success]);
return $this->response->setJSON(['success' => $success]);
}
/**
* AJAX called function which saves the attribute definition.
*
* @param int $definition_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): void
public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): ResponseInterface
{
$definition_flags = 0;
@@ -105,12 +106,24 @@ class Attributes extends Secure_Controller
$definition_flags |= $flag;
}
// Validate definition_group (definition_fk) foreign key
$definition_group_input = $this->request->getPost('definition_group');
$definition_fk = $this->validateDefinitionGroup($definition_group_input);
if ($definition_fk === false) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Attributes.definition_invalid_group'),
'id' => NEW_ENTRY
]);
}
// Save definition data
$definition_data = [
'definition_name' => $this->request->getPost('definition_name'),
'definition_unit' => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
'definition_flags' => $definition_flags,
'definition_fk' => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : null
'definition_fk' => $definition_fk
];
if ($this->request->getPost('definition_type') != null) {
@@ -128,20 +141,20 @@ class Attributes extends Secure_Controller
$this->attribute->saveAttributeValue($definition_value, $definition_data['definition_id']);
}
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
'id' => $definition_data['definition_id']
]);
} else { // Existing definition
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
'id' => $definition_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
'id' => NEW_ENTRY
@@ -149,30 +162,56 @@ class Attributes extends Secure_Controller
}
}
/**
* Validates a definition_group foreign key.
* Returns the validated integer ID, null if empty, or false if invalid.
*
* @param mixed $definition_group_input
* @return int|null|false
*/
private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
{
if ($definition_group_input === '' || $definition_group_input === null) {
return null;
}
$definition_group_id = (int) $definition_group_input;
// Must be a positive integer, exist in attribute_definitions, and be of type GROUP
if ($definition_group_id <= 0
|| !$this->attribute->exists($definition_group_id)
|| $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
) {
return false;
}
return $definition_group_id;
}
/**
*
* @param int $definition_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestAttribute(int $definition_id): void
public function getSuggestAttribute(int $definition_id): ResponseInterface
{
$suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
$attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
$data_row = get_attribute_definition_data_row($attribute_definition_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
@@ -192,9 +231,9 @@ class Attributes extends Secure_Controller
/**
* @param int $definition_id
* @return void
* @return string
*/
public function getView(int $definition_id = NO_DEFINITION_ID): void
public function getView(int $definition_id = NO_DEFINITION_ID): string
{
$info = $this->attribute->getAttributeInfo($definition_id);
foreach (get_object_vars($info) as $property => $value) {
@@ -212,22 +251,22 @@ class Attributes extends Secure_Controller
$selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
$data['selected_definition_flags'] = $this->get_attributes($selected_flags);
echo view('attributes/form', $data);
return view('attributes/form', $data);
}
/**
* Deletes an attribute definition
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if($this->attribute->deleteDefinitionList($attributes_to_delete)) {
$message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
echo json_encode(['success' => true, 'message' => $message]);
return $this->response->setJSON(['success' => true, 'message' => $message]);
} else {
echo json_encode(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
}
}
}

50
app/Controllers/Cashups.php
View File

@@ -5,6 +5,7 @@ namespace App\Controllers;
use App\Models\Cashup;
use App\Models\Expense;
use App\Models\Reports\Summary_payments;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
@@ -26,22 +27,25 @@ class Cashups extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_cashups_manage_table_headers();
// filters that will be loaded in the multiselect dropdown
$data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
echo view('cashups/manage', $data);
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('cashups/manage', $data);
}
/**
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -64,14 +68,14 @@ class Cashups extends Secure_Controller
$data_rows[] = get_cash_up_data_row($cash_up);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @param int $cashup_id
* @return void
* @return string
*/
public function getView(int $cashup_id = NEW_ENTRY): void
public function getView(int $cashup_id = NEW_ENTRY): string
{
$data = [];
@@ -180,26 +184,26 @@ class Cashups extends Secure_Controller
$data['cash_ups_info'] = $cash_ups_info;
echo view("cashups/form", $data);
return view("cashups/form", $data);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$cash_ups_info = $this->cashup->get_info($row_id);
$data_row = get_cash_up_data_row($cash_ups_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $cashup_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $cashup_id = NEW_ENTRY): void
public function postSave(int $cashup_id = NEW_ENTRY): ResponseInterface
{
$open_date = $this->request->getPost('open_date');
$open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
@@ -227,36 +231,36 @@ class Cashups extends Secure_Controller
if ($this->cashup->save_value($cash_up_data, $cashup_id)) {
// New cashup_id
if ($cashup_id == NEW_ENTRY) {
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
} else { // Existing Cashup
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
}
} else { // Failure
echo json_encode(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
}
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->cashup->delete_list($cash_ups_to_delete)) {
echo json_encode(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
} else {
echo json_encode(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
}
}
/**
* Calculate the total for cashups. Used in app\Views\cashups\form.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postAjax_cashup_total(): void
public function postAjax_cashup_total(): ResponseInterface
{
$open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
$transfer_amount_cash = parse_decimals($this->request->getPost('transfer_amount_cash'));
@@ -267,7 +271,7 @@ class Cashups extends Secure_Controller
$total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check); // TODO: hungarian notation
echo json_encode(['total' => to_currency_no_money($total)]);
return $this->response->setJSON(['total' => to_currency_no_money($total)]);
}
/**

168
app/Controllers/Config.php
View File

@@ -11,12 +11,14 @@ use App\Models\Appconfig;
use App\Models\Attribute;
use App\Models\Customer_rewards;
use App\Models\Dinner_table;
use App\Models\Item;
use App\Models\Module;
use App\Models\Enums\Rounding_mode;
use App\Models\Stock_location;
use App\Models\Tax;
use CodeIgniter\Database\BaseConnection;
use CodeIgniter\Encryption\EncrypterInterface;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Database;
use Config\OSPOS;
use Config\Services;
@@ -215,8 +217,9 @@ class Config extends Secure_Controller
}
/**
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['stock_locations'] = $this->stock_location->get_all()->getResultArray();
$data['dinner_tables'] = $this->dinner_table->get_all()->getResultArray();
@@ -224,6 +227,7 @@ class Config extends Secure_Controller
$data['support_barcode'] = $this->barcode_lib->get_list_barcodes();
$data['barcode_fonts'] = $this->barcode_lib->listfonts('fonts');
$data['logo_exists'] = $this->config['company_logo'] != '';
$data['logo_src'] = !empty($this->config['company_logo']) ? base_url('uploads/' . $this->config['company_logo']) : '';
$data['line_sequence_options'] = $this->sale_lib->get_line_sequence_options();
$data['register_mode_options'] = $this->sale_lib->get_register_mode_options();
$data['invoice_type_options'] = $this->sale_lib->get_invoice_type_options();
@@ -272,17 +276,17 @@ class Config extends Secure_Controller
$data['mailchimp']['lists'] = $this->_mailchimp();
echo view('configs/manage', $data);
return view('configs/manage', $data);
}
/**
* Saves company information. Used in app/Views/configs/info_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveInfo(): void
public function postSaveInfo(): ResponseInterface
{
$upload_data = $this->upload_logo();
$upload_success = empty($upload_data['error']);
@@ -306,7 +310,7 @@ class Config extends Secure_Controller
$message = lang('Config.saved_' . ($success ? '' : 'un') . 'successfully');
$message = $upload_success ? $message : strip_tags($upload_data['error']);
echo json_encode(['success' => $success, 'message' => $message]);
return $this->response->setJSON(['success' => $success, 'message' => $message]);
}
@@ -358,9 +362,10 @@ class Config extends Secure_Controller
* Saves general configuration. Used in app/Views/configs/general_config.php
*
* @throws ReflectionException
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveGeneral(): void
public function postSaveGeneral(): ResponseInterface
{
$batch_save_data = [
'theme' => $this->request->getPost('theme'),
@@ -381,9 +386,9 @@ class Config extends Secure_Controller
'gcaptcha_enable' => $this->request->getPost('gcaptcha_enable') != null,
'gcaptcha_secret_key' => $this->request->getPost('gcaptcha_secret_key'),
'gcaptcha_site_key' => $this->request->getPost('gcaptcha_site_key'),
'suggestions_first_column' => $this->request->getPost('suggestions_first_column'),
'suggestions_second_column' => $this->request->getPost('suggestions_second_column'),
'suggestions_third_column' => $this->request->getPost('suggestions_third_column'),
'suggestions_first_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_first_column'), 'first'),
'suggestions_second_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_second_column'), 'other'),
'suggestions_third_column' => $this->validateSuggestionsColumn($this->request->getPost('suggestions_third_column'), 'other'),
'giftcard_number' => $this->request->getPost('giftcard_number'),
'derive_sale_quantity' => $this->request->getPost('derive_sale_quantity') != null,
'multi_pack_enabled' => $this->request->getPost('multi_pack_enabled') != null,
@@ -407,16 +412,16 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Checks a number against the currently selected locale. Used in app/Views/configs/locale_config.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckNumberLocale(): void
public function postCheckNumberLocale(): ResponseInterface
{
$number_locale = $this->request->getPost('number_locale');
$save_number_locale = $this->request->getPost('save_number_locale');
@@ -438,7 +443,7 @@ class Config extends Secure_Controller
$fmt->setSymbol(NumberFormatter::CURRENCY_SYMBOL, $currency_symbol);
$number_local_example = $fmt->format(1234567890.12300);
echo json_encode([
return $this->response->setJSON([
'success' => $number_local_example != false,
'save_number_locale' => $save_number_locale,
'number_locale_example' => $number_local_example,
@@ -451,14 +456,15 @@ class Config extends Secure_Controller
* Saves locale configuration. Used in app/Views/configs/locale_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveLocale(): void
public function postSaveLocale(): ResponseInterface
{
$exploded = explode(":", $this->request->getPost('language'));
$currency_symbol = $this->request->getPost('currency_symbol');
$batch_save_data = [
'currency_symbol' => $this->request->getPost('currency_symbol'),
'currency_symbol' => htmlspecialchars($currency_symbol ?? ''),
'currency_code' => $this->request->getPost('currency_code'),
'language_code' => $exploded[0],
'language' => $exploded[1],
@@ -480,17 +486,17 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves email configuration. Used in app/Views/configs/email_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveEmail(): void
public function postSaveEmail(): ResponseInterface
{
$password = '';
@@ -511,17 +517,17 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves SMS message configuration. Used in app/Views/configs/message_config.php.
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveMessage(): void
public function postSaveMessage(): ResponseInterface
{
$password = '';
@@ -538,7 +544,7 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
@@ -565,15 +571,15 @@ class Config extends Secure_Controller
/**
* Gets Mailchimp lists when a valid API key is inserted. Used in app/Views/configs/integrations_config.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckMailchimpApiKey(): void
public function postCheckMailchimpApiKey(): ResponseInterface
{
$lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key'));
$success = count($lists) > 0;
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Config.mailchimp_key_' . ($success ? '' : 'un') . 'successfully'),
'mailchimp_lists' => $lists
@@ -584,10 +590,10 @@ class Config extends Secure_Controller
* Saves Mailchimp configuration. Used in app/Views/configs/integrations_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveMailchimp(): void
public function postSaveMailchimp(): ResponseInterface
{
$api_key = '';
$list_id = '';
@@ -608,56 +614,56 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Gets all stock locations. Used in app/Views/configs/stock_config.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getStockLocations(): void
public function getStockLocations(): string
{
$stock_locations = $this->stock_location->get_all()->getResultArray();
echo view('partial/stock_locations', ['stock_locations' => $stock_locations]);
return view('partial/stock_locations', ['stock_locations' => $stock_locations]);
}
/**
* @return void
* @return string
*/
public function getDinnerTables(): void
public function getDinnerTables(): string
{
$dinner_tables = $this->dinner_table->get_all()->getResultArray();
echo view('partial/dinner_tables', ['dinner_tables' => $dinner_tables]);
return view('partial/dinner_tables', ['dinner_tables' => $dinner_tables]);
}
/**
* Gets all tax categories.
*
* @return void
* @return string
*/
public function ajax_tax_categories(): void // TODO: Is this function called anywhere in the code?
public function ajax_tax_categories(): string // TODO: Is this function called anywhere in the code?
{
$tax_categories = $this->tax->get_all_tax_categories()->getResultArray();
echo view('partial/tax_categories', ['tax_categories' => $tax_categories]);
return view('partial/tax_categories', ['tax_categories' => $tax_categories]);
}
/**
* Gets all customer rewards. Used in app/Views/configs/reward_config.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getCustomerRewards(): void
public function getCustomerRewards(): string
{
$customer_rewards = $this->customer_rewards->get_all()->getResultArray();
echo view('partial/customer_rewards', ['customer_rewards' => $customer_rewards]);
return view('partial/customer_rewards', ['customer_rewards' => $customer_rewards]);
}
/**
@@ -677,10 +683,10 @@ class Config extends Secure_Controller
/**
* Saves stock locations. Used in app/Views/configs/stock_config.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveLocations(): void
public function postSaveLocations(): ResponseInterface
{
$this->db->transStart();
@@ -712,17 +718,17 @@ class Config extends Secure_Controller
$success = $this->db->transStatus();
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves all dinner tables. Used in app/Views/configs/table_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveTables(): void
public function postSaveTables(): ResponseInterface
{
$this->db->transStart();
@@ -759,17 +765,17 @@ class Config extends Secure_Controller
$success = $this->db->transStatus();
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves tax configuration. Used in app/Views/configs/tax_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveTax(): void
public function postSaveTax(): ResponseInterface
{
$default_tax_1_rate = $this->request->getPost('default_tax_1_rate');
$default_tax_2_rate = $this->request->getPost('default_tax_2_rate');
@@ -791,17 +797,17 @@ class Config extends Secure_Controller
$message = lang('Config.saved_' . ($success ? '' : 'un') . 'successfully');
echo json_encode(['success' => $success, 'message' => $message]);
return $this->response->setJSON(['success' => $success, 'message' => $message]);
}
/**
* Saves customer rewards configuration. Used in app/Views/configs/reward_config.php
*
* @throws ReflectionException
* @return void
* @noinspection PhpUnused
*/
public function postSaveRewards(): void
* @throws ReflectionException
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveRewards(): ResponseInterface
{
$this->db->transStart();
@@ -845,17 +851,17 @@ class Config extends Secure_Controller
$success = $this->db->transStatus();
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves barcode configuration. Used in app/Views/configs/barcode_config.php
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveBarcode(): void
public function postSaveBarcode(): ResponseInterface
{
$batch_save_data = [
'barcode_type' => $this->request->getPost('barcode_type'),
@@ -877,17 +883,17 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves receipt configuration. Used in app/Views/configs/receipt_config.php.
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveReceipt(): void
public function postSaveReceipt(): ResponseInterface
{
$batch_save_data = [
'receipt_template' => $this->request->getPost('receipt_template'),
@@ -912,17 +918,17 @@ class Config extends Secure_Controller
$success = $this->appconfig->batch_save($batch_save_data);
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Saves invoice configuration. Used in app/Views/configs/invoice_config.php.
*
* @throws ReflectionException
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSaveInvoice(): void
public function postSaveInvoice(): ResponseInterface
{
$batch_save_data = [
'invoice_enable' => $this->request->getPost('invoice_enable') != null,
@@ -938,7 +944,9 @@ class Config extends Secure_Controller
'work_order_enable' => $this->request->getPost('work_order_enable') != null,
'work_order_format' => $this->request->getPost('work_order_format'),
'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT),
'invoice_type' => $this->request->getPost('invoice_type')
'invoice_type' => Sale_lib::isValidInvoiceType($this->request->getPost('invoice_type'))
? $this->request->getPost('invoice_type')
: 'invoice'
];
$success = $this->appconfig->batch_save($batch_save_data);
@@ -953,20 +961,42 @@ class Config extends Secure_Controller
}
}
echo json_encode(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
}
/**
* Removes the company logo from the database. Used in app/Views/configs/info_config.php.
*
* @return void
* @return ResponseInterface
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postRemoveLogo(): void
public function postRemoveLogo(): ResponseInterface
{
$success = $this->appconfig->save(['company_logo' => '']);
echo json_encode(['success' => $success]);
return $this->response->setJSON(['success' => $success]);
}
/**
* Validates suggestions column configuration to prevent SQL injection.
*
* @param mixed $column The column value from POST
* @param string $fieldType Either 'first' or 'other' to determine default fallback
* @return string Validated column name
*/
private function validateSuggestionsColumn(mixed $column, string $fieldType): string
{
if (!is_string($column)) {
return $fieldType === 'first' ? 'name' : '';
}
$allowed = $fieldType === 'first'
? Item::ALLOWED_SUGGESTIONS_COLUMNS
: Item::ALLOWED_SUGGESTIONS_COLUMNS_WITH_EMPTY;
$fallback = $fieldType === 'first' ? 'name' : '';
return in_array($column, $allowed, true) ? $column : $fallback;
}
}

78
app/Controllers/Customers.php
View File

@@ -8,6 +8,7 @@ use App\Models\Customer;
use App\Models\Customer_rewards;
use App\Models\Tax_code;
use CodeIgniter\HTTP\DownloadResponse;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
use stdClass;
@@ -40,19 +41,20 @@ class Customers extends Persons
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_customer_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gets one row for a customer manage table. This is called using AJAX to update one row.
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$person = $this->customer->get_info($row_id);
@@ -72,7 +74,7 @@ class Customers extends Persons
$data_row = get_customer_data_row($person, $stats);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
@@ -81,7 +83,7 @@ class Customers extends Persons
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -111,35 +113,37 @@ class Customers extends Persons
$data_rows[] = get_customer_data_row($person, $stats);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->customer->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->customer->get_search_suggestions($search, 25, false);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the customer edit form
* @return string
*/
public function getView(int $customer_id = NEW_ENTRY): void
public function getView(int $customer_id = NEW_ENTRY): string
{
// Set default values
if ($customer_id == null) $customer_id = NEW_ENTRY;
@@ -227,13 +231,14 @@ class Customers extends Persons
}
}
echo view("customers/form", $data);
return view("customers/form", $data);
}
/**
* Inserts/updates a customer
* @return ResponseInterface
*/
public function postSave(int $customer_id = NEW_ENTRY): void
public function postSave(int $customer_id = NEW_ENTRY): ResponseInterface
{
$first_name = $this->request->getPost('first_name');
$last_name = $this->request->getPost('last_name');
@@ -288,20 +293,20 @@ class Customers extends Persons
// New customer
if ($customer_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_adding') . ' ' . $first_name . ' ' . $last_name,
'id' => $customer_data['person_id']
]);
} else { // Existing customer
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => $customer_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Customers.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => NEW_ENTRY
@@ -312,36 +317,37 @@ class Customers extends Persons
/**
* Verifies if an email address already exists. Used in app/Views/customers/form.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckEmail(): void
public function postCheckEmail(): ResponseInterface
{
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
$person_id = $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT);
$exists = $this->customer->check_email_exists($email, $person_id);
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* Verifies if an account number already exists. Used in app/Views/customers/form.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckAccountNumber(): void
public function postCheckAccountNumber(): ResponseInterface
{
$exists = $this->customer->check_account_number_exists($this->request->getPost('account_number'), $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT));
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* This deletes customers from the customers table
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$customers_to_delete = $this->request->getPost('ids');
$customers_info = $this->customer->get_multiple_info($customers_to_delete);
@@ -358,12 +364,12 @@ class Customers extends Persons
}
if ($count == count($customers_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
}
}
@@ -383,24 +389,24 @@ class Customers extends Persons
/**
* Displays the customer CSV import modal. Used in app/Views/people/manage.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getCsvImport(): void
public function getCsvImport(): string
{
echo view('customers/form_csv_import');
return view('customers/form_csv_import');
}
/**
* Imports a CSV file containing customers. Used in app/Views/customers/form_csv_import.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postImportCsvFile(): void
public function postImportCsvFile(): ResponseInterface
{
if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) {
echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
} else {
if (($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== false) {
// Skip the first row as it's the table description
@@ -467,12 +473,12 @@ class Customers extends Persons
if (count($failCodes) > 0) {
$message = lang('Customers.csv_import_partially_failed', [count($failCodes), implode(', ', $failCodes)]);
echo json_encode(['success' => false, 'message' => $message]);
return $this->response->setJSON(['success' => false, 'message' => $message]);
} else {
echo json_encode(['success' => true, 'message' => lang('Customers.csv_import_success')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Customers.csv_import_success')]);
}
} else {
echo json_encode(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
}
}
}

83
app/Controllers/Employees.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
@@ -25,7 +26,7 @@ class Employees extends Persons
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -41,39 +42,47 @@ class Employees extends Persons
$data_rows[] = get_person_data_row($person);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* AJAX called function gives search suggestions based on what is being searched for.
*
* @return void
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->employee->get_search_suggestions($search, 25, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->employee->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the employee edit form
* @return string
*/
public function getView(int $employee_id = NEW_ENTRY): void
public function getView(int $employee_id = NEW_ENTRY): string
{
$person_info = $this->employee->get_info($employee_id);
$current_user = $this->employee->get_logged_in_employee_info();
if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
header('Location: ' . base_url('no_access/employees/employees'));
exit();
}
foreach (get_object_vars($person_info) as $property => $value) {
$person_info->$property = $value;
}
@@ -98,14 +107,28 @@ class Employees extends Persons
}
$data['all_subpermissions'] = $permissions;
echo view('employees/form', $data);
return view('employees/form', $data);
}
/**
* Inserts/updates an employee
* @return ResponseInterface
*/
public function postSave(int $employee_id = NEW_ENTRY): void
public function postSave(int $employee_id = NEW_ENTRY): ResponseInterface
{
$current_user = $this->employee->get_logged_in_employee_info();
if ($employee_id != NEW_ENTRY) {
$target_employee = $this->employee->get_info($employee_id);
if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.error_updating_admin'),
'id' => NEW_ENTRY
]);
}
}
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: duplicated code
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
@@ -130,11 +153,16 @@ class Employees extends Persons
];
$grants_array = [];
$isAdmin = $this->employee->isAdmin($current_user->person_id);
foreach ($this->module->get_all_permissions()->getResult() as $permission) {
$grants = [];
$grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
if ($grant == $permission->permission_id) {
if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
continue;
}
$grants['permission_id'] = $permission->permission_id;
$grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
$grants_array[] = $grants;
@@ -163,20 +191,25 @@ class Employees extends Persons
if ($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id)) {
// New employee
if ($employee_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
'id' => $employee_data['person_id']
]);
} else { // Existing employee
echo json_encode([
$logged_in_employee_id = session()->get('person_id');
if ($employee_id == $logged_in_employee_id) {
session()->set('language_code', $employee_data['language_code']);
session()->set('language', $employee_data['language']);
}
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => $employee_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
'id' => NEW_ENTRY
@@ -186,18 +219,28 @@ class Employees extends Persons
/**
* This deletes employees from the employees table
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$current_user = $this->employee->get_logged_in_employee_info();
if (!$this->employee->isAdmin($current_user->person_id)) {
foreach ($employees_to_delete as $emp_id) {
if ($this->employee->isAdmin((int)$emp_id)) {
return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
}
}
}
if ($this->employee->delete_list($employees_to_delete)) { // TODO: this is passing a string, but delete_list expects an array
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
}
}
@@ -205,12 +248,12 @@ class Employees extends Persons
* Checks an employee username against the database. Used in app\Views\employees\form.php
*
* @param $employee_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getCheckUsername($employee_id): void
public function getCheckUsername($employee_id): ResponseInterface
{
$exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
}

85
app/Controllers/Expenses.php
View File

@@ -4,6 +4,7 @@ namespace App\Controllers;
use App\Models\Expense;
use App\Models\Expense_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
@@ -23,7 +24,7 @@ class Expenses extends Secure_Controller
/**
* @return void
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_expenses_manage_table_headers();
@@ -37,13 +38,16 @@ class Expenses extends Secure_Controller
'is_deleted' => lang('Expenses.is_deleted')
];
echo view('expenses/manage', $data);
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('expenses/manage', $data);
}
/**
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -78,27 +82,34 @@ class Expenses extends Secure_Controller
$data_rows[] = get_expenses_data_last_row($expenses);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
}
/**
* @param int $expense_id
* @return void
*/
public function getView(int $expense_id = NEW_ENTRY): void
public function getView(int $expense_id = NEW_ENTRY): string
{
$data = []; // TODO: Duplicated code
$data['employees'] = [];
foreach ($this->employee->get_all()->getResult() as $employee) {
foreach (get_object_vars($employee) as $property => $value) {
$employee->$property = $value;
}
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
$data['expenses_info'] = $this->expense->get_info($expense_id);
$expense_id = $data['expenses_info']->expense_id;
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
$data['employees'] = [];
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {
$stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
}
$data['can_assign_employee'] = $can_assign_employee;
$expense_categories = [];
foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
@@ -106,11 +117,9 @@ class Expenses extends Secure_Controller
}
$data['expense_categories'] = $expense_categories;
$expense_id = $data['expenses_info']->expense_id;
if ($expense_id == NEW_ENTRY) {
$data['expenses_info']->date = date('Y-m-d H:i:s');
$data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$data['expenses_info']->employee_id = $current_employee_id;
}
$data['payments'] = [];
@@ -125,32 +134,46 @@ class Expenses extends Secure_Controller
// Don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
$data['payment_options'] = $this->expense->get_payment_options();
echo view("expenses/form", $data);
return view("expenses/form", $data);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$expense_info = $this->expense->get_info($row_id);
$data_row = get_expenses_data_row($expense_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $expense_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $expense_id = NEW_ENTRY): void
public function postSave(int $expense_id = NEW_ENTRY): ResponseInterface
{
$config = config(OSPOS::class)->settings;
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
if ($expense_id == NEW_ENTRY) {
$employee_id = $current_employee_id;
} else {
$existing_expense = $this->expense->get_info($expense_id);
$employee_id = $existing_expense->employee_id;
}
} else {
$employee_id = $submitted_employee_id;
}
$expense_data = [
'date' => $date_formatter->format('Y-m-d H:i:s'),
'supplier_id' => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
@@ -160,33 +183,33 @@ class Expenses extends Secure_Controller
'payment_type' => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'employee_id' => $employee_id,
'deleted' => $this->request->getPost('deleted') != null
];
if ($this->expense->save_value($expense_data, $expense_id)) {
// New Expense
if ($expense_id == NEW_ENTRY) {
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
} else { // Existing Expense
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
}
} else { // Failure
echo json_encode(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
}
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->expense->delete_list($expenses_to_delete)) {
echo json_encode(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
} else {
echo json_encode(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
}
}
}

31
app/Controllers/Expenses_categories.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Expense_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Expenses_categories extends Secure_Controller // TODO: Is this class ever used?
@@ -19,17 +20,17 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
/**
* @return void
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_expense_category_manage_table_headers();
echo view('expenses_categories/manage', $data);
return view('expenses_categories/manage', $data);
}
/**
* Returns expense_category_manage table data rows. This will be called with AJAX.
**/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -45,36 +46,36 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
$data_rows[] = get_expense_category_data_row($expense_category);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @param int $row_id
* @return void
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $expense_category_id
* @return void
*/
public function getView(int $expense_category_id = NEW_ENTRY): void
public function getView(int $expense_category_id = NEW_ENTRY): string
{
$data['category_info'] = $this->expense_category->get_info($expense_category_id);
echo view("expenses_categories/form", $data);
return view("expenses_categories/form", $data);
}
/**
* @param int $expense_category_id
* @return void
*/
public function postSave(int $expense_category_id = NEW_ENTRY): void
public function postSave(int $expense_category_id = NEW_ENTRY): ResponseInterface
{
$expense_category_data = [
'category_name' => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
@@ -84,20 +85,20 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
if ($this->expense_category->save_value($expense_category_data, $expense_category_id)) {
// New expense_category
if ($expense_category_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_adding'),
'id' => $expense_category_data['expense_category_id']
]);
} else { // Existing Expense Category
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_updating'),
'id' => $expense_category_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
'id' => NEW_ENTRY
@@ -108,17 +109,17 @@ class Expenses_categories extends Secure_Controller // TODO: Is this class ev
/**
* @return void
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->expense_category->delete_list($expense_category_to_delete)) { // TODO: Convert to ternary notation.
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
}
}
}

57
app/Controllers/Giftcards.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Giftcard;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
@@ -18,19 +19,19 @@ class Giftcards extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_giftcards_manage_table_headers();
echo view('giftcards/manage', $data);
return view('giftcards/manage', $data);
}
/**
* Returns Giftcards table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -46,50 +47,50 @@ class Giftcards extends Secure_Controller
$data_rows[] = get_giftcard_data_row($giftcard);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gets search suggestions for giftcards. Used in app\Views\sales\register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->giftcard->get_search_suggestions($search, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->giftcard->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $giftcard_id
* @return void
* @return string
*/
public function getView(int $giftcard_id = NEW_ENTRY): void
public function getView(int $giftcard_id = NEW_ENTRY): string
{
$config = config(OSPOS::class)->settings;
$giftcard_info = $this->giftcard->get_info($giftcard_id);
@@ -106,14 +107,14 @@ class Giftcards extends Secure_Controller
$data['giftcard_id'] = $giftcard_id;
$data['giftcard_value'] = $giftcard_info->value;
echo view("giftcards/form", $data);
return view("giftcards/form", $data);
}
/**
* @param int $giftcard_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $giftcard_id = NEW_ENTRY): void
public function postSave(int $giftcard_id = NEW_ENTRY): ResponseInterface
{
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -131,20 +132,20 @@ class Giftcards extends Secure_Controller
if ($this->giftcard->save_value($giftcard_data, $giftcard_id)) {
// New giftcard
if ($giftcard_id == NEW_ENTRY) { // TODO: Constant needed
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
'id' => $giftcard_data['giftcard_id']
]);
} else { // Existing giftcard
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
'id' => $giftcard_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
'id' => NEW_ENTRY
@@ -158,30 +159,30 @@ class Giftcards extends Secure_Controller
* @return void
* @noinspection PhpUnused
*/
public function postCheckNumberGiftcard(): void
public function postCheckNumberGiftcard(): ResponseInterface
{
$existing_id = $this->request->getPost('giftcard_id', FILTER_SANITIZE_NUMBER_INT);
$giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_NUMBER_INT);
$giftcard_id = $this->giftcard->get_giftcard_id($giftcard_number);
$success = ($giftcard_id == (int) $existing_id || !$giftcard_id );
echo $success ? 'true' : 'false';
return $this->response->setJSON($success ? 'true' : 'false');
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->giftcard->delete_list($giftcards_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
}
}
}

79
app/Controllers/Home.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use CodeIgniter\HTTP\RedirectResponse;
use CodeIgniter\HTTP\ResponseInterface;
class Home extends Secure_Controller
{
@@ -12,12 +13,12 @@ class Home extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$logged_in = $this->employee->is_logged_in();
echo view('home/home');
return view('home/home');
}
/**
@@ -35,58 +36,92 @@ class Home extends Secure_Controller
/**
* Load "change employee password" form
*
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function getChangePassword(int $employee_id = -1): void // TODO: Replace -1 with a constant
public function getChangePassword(int $employeeId = NEW_ENTRY)
{
$person_info = $this->employee->get_info($employee_id);
$loggedInEmployee = $this->employee->get_logged_in_employee_info();
$currentPersonId = $loggedInEmployee->person_id;
$employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
}
$person_info = $this->employee->get_info($employeeId);
foreach (get_object_vars($person_info) as $property => $value) {
$person_info->$property = $value;
}
$data['person_info'] = $person_info;
echo view('home/form_change_password', $data);
return view('home/form_change_password', $data);
}
/**
* Change employee password
*
* @return ResponseInterface
*/
public function postSave(int $employee_id = -1): void // TODO: Replace -1 with a constant
public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
{
if (!empty($this->request->getPost('current_password')) && $employee_id != -1) {
$currentUser = $this->employee->get_logged_in_employee_info();
$employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
return $this->response->setStatusCode(403)->setJSON([
'success' => false,
'message' => lang('Employees.unauthorized_modify')
]);
}
if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
// Validate password length BEFORE hashing
$new_password = $this->request->getPost('password');
if (strlen($new_password) < 8) {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.password_minlength'),
'id' => NEW_ENTRY
]);
}
$employee_data = [
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'password' => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
'password' => password_hash($new_password, PASSWORD_DEFAULT),
'hash_version' => 2
];
if ($this->employee->change_password($employee_data, $employee_id) && strlen($employee_data['password']) >= 8) {
echo json_encode([
if ($this->employee->change_password($employee_data, $employeeId)) {
return $this->response->setJSON([
'success' => true,
'message' => lang('Employees.successful_change_password'),
'id' => $employee_id
'id' => $employeeId
]);
} else { // Failure // TODO: Replace -1 with constant
echo json_encode([
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.unsuccessful_change_password'),
'id' => -1
'id' => NEW_ENTRY
]);
}
} else { // TODO: Replace -1 with constant
echo json_encode([
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => -1
'id' => NEW_ENTRY
]);
}
} else { // TODO: Replace -1 with constant
echo json_encode([
} else {
return $this->response->setJSON([
'success' => false,
'message' => lang('Employees.current_password_invalid'),
'id' => -1
'id' => NEW_ENTRY
]);
}
}
}
}

59
app/Controllers/Item_kits.php
View File

@@ -7,6 +7,7 @@ use App\Libraries\Barcode_lib;
use App\Models\Item;
use App\Models\Item_kit;
use App\Models\Item_kit_items;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Item_kits extends Secure_Controller
@@ -59,19 +60,19 @@ class Item_kits extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_item_kits_manage_table_headers();
echo view('item_kits/manage', $data);
return view('item_kits/manage', $data);
}
/**
* Returns Item_kit table data rows. This will be called with AJAX.
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search') ?? '';
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -89,37 +90,37 @@ class Item_kits extends Secure_Controller
$data_rows[] = get_item_kit_data_row($item_kit);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->item_kit->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
// Calculate the total cost and retail price of the Kit, so it can be added to the table refresh
$item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));
echo json_encode(get_item_kit_data_row($item_kit));
return $this->response->setJSON(get_item_kit_data_row($item_kit));
}
/**
* @param int $item_kit_id
* @return void
* @return string
*/
public function getView(int $item_kit_id = NEW_ENTRY): void
public function getView(int $item_kit_id = NEW_ENTRY): string
{
$info = $this->item_kit->get_info($item_kit_id);
@@ -153,14 +154,14 @@ class Item_kits extends Secure_Controller
$data['selected_kit_item_id'] = $info->kit_item_id;
$data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
echo view("item_kits/form", $data);
return view("item_kits/form", $data);
}
/**
* @param int $item_kit_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $item_kit_id = NEW_ENTRY): void
public function postSave(int $item_kit_id = NEW_ENTRY): ResponseInterface
{
$item_kit_data = [
'name' => $this->request->getPost('name'),
@@ -201,20 +202,20 @@ class Item_kits extends Secure_Controller
}
if ($new_item) {
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Item_kits.successful_adding') . ' ' . $item_kit_data['name'],
'id' => $item_kit_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Item_kits.successful_updating') . ' ' . $item_kit_data['name'],
'id' => $item_kit_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
'id' => NEW_ENTRY
@@ -223,42 +224,42 @@ class Item_kits extends Secure_Controller
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
if ($this->item_kit->delete_list($item_kits_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
}
}
/**
* Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckItemNumber(): void
public function postCheckItemNumber(): ResponseInterface
{
$exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* AJAX called function that generates barcodes for selected item_kits.
*
* @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getGenerateBarcodes(string $item_kit_ids): void
public function getGenerateBarcodes(string $item_kit_ids): string
{
$barcode_lib = new Barcode_lib();
$result = [];
@@ -289,6 +290,6 @@ class Item_kits extends Secure_Controller
$data['barcode_config'] = $barcode_config;
// Display barcodes
echo view("barcodes/barcode_sheet", $data);
return view("barcodes/barcode_sheet", $data);
}
}

233
app/Controllers/Items.php
View File

@@ -15,6 +15,7 @@ use App\Models\Stock_location;
use App\Models\Supplier;
use App\Models\Tax_category;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Images\Handlers\BaseHandler;
use CodeIgniter\HTTP\DownloadResponse;
use Config\OSPOS;
@@ -65,14 +66,19 @@ class Items extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$this->session->set('allow_temp_items', 0);
$data['table_headers'] = get_items_manage_table_headers();
$data['stock_location'] = $this->item_lib->get_item_location();
// Restore stock_location from URL or session
$stockLocation = $this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT);
$data['stock_location'] = $stockLocation
? $stockLocation
: $this->item_lib->get_item_location();
$data['stock_locations'] = $this->stock_location->get_allowed_locations();
// Filters that will be loaded in the multiselect dropdown
@@ -86,16 +92,19 @@ class Items extends Secure_Controller
'temporary' => lang('Items.temp')
];
echo view('items/manage', $data);
// Restore filters from URL
$data = array_merge($data, restoreTableFilters($this->request));
return view('items/manage', $data);
}
/**
* Returns Items table data rows. This will be called with AJAX.
* @noinspection PhpUnused
**/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
$offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
$sort = $this->sanitizeSortColumn(item_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id');
@@ -134,19 +143,20 @@ class Items extends Secure_Controller
}
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* AJAX function. Processes thumbnail of image. Called via tabular_helper
* @param string $pic_filename
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getPicThumb(string $pic_filename): void
public function getPicThumb(string $pic_filename): ResponseInterface
{
helper('file');
$pic_filename = rawurldecode($pic_filename);
$file_extension = pathinfo($pic_filename, PATHINFO_EXTENSION);
$images = glob("./uploads/item_pics/$pic_filename");
$base_path = './uploads/item_pics/' . pathinfo($pic_filename, PATHINFO_FILENAME);
@@ -164,15 +174,17 @@ class Items extends Secure_Controller
$this->response->setContentType(mime_content_type($thumb_path));
$this->response->setBody(file_get_contents($thumb_path));
$this->response->send();
}
return $this->response;
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$options = [
'search_custom' => $this->request->getPost('search_custom'),
@@ -182,71 +194,73 @@ class Items extends Secure_Controller
$search = $this->request->getPost('term');
$suggestions = $this->item->get_search_suggestions($search, $options);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* AJAX Function used to get search suggestions from the model and return them in JSON format
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestLowSell(): void
public function getSuggestLowSell(): ResponseInterface
{
$suggestions = $this->item->get_low_sell_suggestions($this->request->getPostGet('name'));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestKits(): void
public function getSuggestKits(): ResponseInterface
{
$suggestions = $this->item->get_kit_search_suggestions($this->request->getGet('term'), ['search_custom' => false, 'is_deleted' => false], true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gives search suggestions based on what is being searched for. Called from the view.
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestCategory(): void
public function getSuggestCategory(): ResponseInterface
{
$suggestions = $this->item->get_category_suggestions($this->request->getGet('term'));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gives search suggestions based on what is being searched for.
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestLocation(): void
public function getSuggestLocation(): ResponseInterface
{
$suggestions = $this->item->get_location_suggestions($this->request->getGet('term'));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @param string $item_ids
* @return void
* @return ResponseInterface
*/
public function getRow(string $item_ids): void // TODO: An array would be better for parameter.
public function getRow(string $item_ids): ResponseInterface // TODO: An array would be better for parameter.
{
$item_infos = $this->item->get_multiple_info(explode(':', $item_ids), $this->item_lib->get_item_location());
@@ -256,14 +270,14 @@ class Items extends Secure_Controller
$result[$item_info->item_id] = get_item_data_row($item_info);
}
echo json_encode($result);
return $this->response->setJSON($result);
}
/**
* @param int $item_id
* @return void
* @return string
*/
public function getView(int $item_id = NEW_ENTRY): void // TODO: Long function. Perhaps we need to refactor out some methods.
public function getView(int $item_id = NEW_ENTRY): string // TODO: Long function. Perhaps we need to refactor out some methods.
{
$item_id ??= NEW_ENTRY;
@@ -372,7 +386,7 @@ class Items extends Secure_Controller
} else {
$images = glob("./uploads/item_pics/$item_info->pic_filename");
}
$data['image_path'] = sizeof($images) > 0 ? base_url($images[0]) : '';
$data['image_path'] = sizeof($images) > 0 ? base_url(implode('/', array_map('rawurlencode', explode('/', ltrim($images[0], './'))))) : '';
} else {
$data['image_path'] = '';
}
@@ -395,17 +409,17 @@ class Items extends Secure_Controller
$data['selected_low_sell_item'] = '';
}
echo view('items/form', $data);
return view('items/form', $data);
}
/**
* AJAX called function which returns the update inventory form view for an item
*
* @param int $item_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getInventory(int $item_id = NEW_ENTRY): void
public function getInventory(int $item_id = NEW_ENTRY): string
{
$item_info = $this->item->get_info($item_id); // TODO: Duplicate code
@@ -424,15 +438,15 @@ class Items extends Secure_Controller
$data['item_quantities'][$location['location_id']] = $quantity;
}
echo view('items/form_inventory', $data);
return view('items/form_inventory', $data);
}
/**
* @param int $item_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getCountDetails(int $item_id = NEW_ENTRY): void
public function getCountDetails(int $item_id = NEW_ENTRY): string
{
$item_info = $this->item->get_info($item_id); // TODO: Duplicate code
@@ -451,17 +465,17 @@ class Items extends Secure_Controller
$data['item_quantities'][$location['location_id']] = $quantity;
}
echo view('items/form_count_details', $data);
return view('items/form_count_details', $data);
}
/**
* AJAX called function that generates barcodes for selected items.
*
* @param string $item_ids Colon separated list of item_id values to generate barcodes for.
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getGenerateBarcodes(string $item_ids): void // TODO: Passing these through as a string instead of an array limits the contents of the item_ids. Perhaps a better approach would to serialize as JSON in an array and pass through post variables?
public function getGenerateBarcodes(string $item_ids): string // TODO: Passing these through as a string instead of an array limits the contents of the item_ids. Perhaps a better approach would to serialize as JSON in an array and pass through post variables?
{
$item_ids = explode(':', $item_ids);
$result = $this->item->get_multiple_info($item_ids, $this->item_lib->get_item_location())->getResultArray();
@@ -477,16 +491,16 @@ class Items extends Secure_Controller
}
$data['items'] = $result;
echo view('barcodes/barcode_sheet', $data);
return view('barcodes/barcode_sheet', $data);
}
/**
* Gathers attribute value information for an item and returns it in a view.
*
* @param int $item_id
* @return void
* @return string
*/
public function getAttributes(int $item_id = NEW_ENTRY): void
public function getAttributes(int $item_id = NEW_ENTRY): string
{
$data['item_id'] = $item_id;
$definition_ids = json_decode($this->request->getGet('definition_ids') ?? '', true);
@@ -514,15 +528,15 @@ class Items extends Secure_Controller
unset($data['definition_names'][$definition_id]);
}
echo view('attributes/item', $data);
return view('attributes/item', $data);
}
/**
* @param int $item_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function postAttributes(int $item_id = NEW_ENTRY): void
public function postAttributes(int $item_id = NEW_ENTRY): string
{
$data['item_id'] = $item_id;
$definition_ids = json_decode($this->request->getPost('definition_ids'), true);
@@ -550,16 +564,16 @@ class Items extends Secure_Controller
unset($data['definition_names'][$definition_id]);
}
echo view('attributes/item', $data);
return view('attributes/item', $data);
}
/**
* Edit multiple items. Used in app/Views/items/manage.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getBulkEdit(): void
public function getBulkEdit(): string
{
$suppliers = ['' => lang('Items.none')];
@@ -580,14 +594,15 @@ class Items extends Secure_Controller
0 => lang('Items.change_all_to_unserialized')
];
echo view('items/form_bulk', $data);
return view('items/form_bulk', $data);
}
/**
* @param int $item_id
* @return ResponseInterface
* @throws ReflectionException
*/
public function postSave(int $item_id = NEW_ENTRY): void
public function postSave(int $item_id = NEW_ENTRY): ResponseInterface
{
$upload_data = $this->upload_image();
$upload_success = empty($upload_data['error']);
@@ -611,7 +626,7 @@ class Items extends Secure_Controller
// Save item data
$item_data = [
'name' => $this->request->getPost('name'),
'description' => $this->request->getPost('description'),
'description' => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'category' => $this->request->getPost('category'),
'item_type' => $item_type,
'stock_type' => $this->request->getPost('stock_type') === null ? HAS_STOCK : intval($this->request->getPost('stock_type')),
@@ -717,16 +732,16 @@ class Items extends Secure_Controller
if ($success && $upload_success) {
$message = lang('Items.successful_' . ($new_item ? 'adding' : 'updating')) . ' ' . $item_data['name'];
echo json_encode(['success' => true, 'message' => $message, 'id' => $item_id]);
return $this->response->setJSON(['success' => true, 'message' => $message, 'id' => $item_id]);
} else {
$message = $upload_success ? lang('Items.error_adding_updating') . ' ' . $item_data['name'] : strip_tags($upload_data['error']);
echo json_encode(['success' => false, 'message' => $message, 'id' => $item_id]);
return $this->response->setJSON(['success' => false, 'message' => $message, 'id' => $item_id]);
}
} else {
$message = lang('Items.error_adding_updating') . ' ' . $item_data['name'];
echo json_encode(['success' => false, 'message' => $message, 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => $message, 'id' => NEW_ENTRY]);
}
}
@@ -762,10 +777,13 @@ class Items extends Secure_Controller
$filename = $file->getClientName();
$info = pathinfo($filename);
// Sanitize filename to remove problematic characters like spaces
$sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $info['filename']);
$file_info = [
'orig_name' => $filename,
'raw_name' => $info['filename'],
'raw_name' => $sanitized_name,
'file_ext' => $file->guessExtension()
];
@@ -777,49 +795,51 @@ class Items extends Secure_Controller
/**
* Ajax call to check to see if the item number, a.k.a. barcode, is already used by another item
* If it exists then that is an error condition so return true for "error found"
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckItemNumber(): void
public function postCheckItemNumber(): ResponseInterface
{
$exists = $this->item->item_number_exists($this->request->getPost('item_number'), $this->request->getPost('item_id'));
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* Checks to see if an item kit with the same name as the item already exists.
*
* @return void
* @return ResponseInterface
*/
public function check_kit_exists(): void // TODO: This function appears to be never called in the code. Need to confirm.
public function check_kit_exists(): ResponseInterface // TODO: This function appears to be never called in the code. Need to confirm.
{
if ($this->request->getPost('item_number') === NEW_ENTRY) {
$exists = $this->item_kit->item_kit_exists_for_name($this->request->getPost('name')); // TODO: item_kit_exists_for_name doesn't exist in Item_kit. I looked at the blame and it appears to have never existed.
} else {
$exists = false;
}
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
* @param $item_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getRemoveLogo($item_id): void
public function getRemoveLogo($item_id): ResponseInterface
{
$item_data = ['pic_filename' => null];
$result = $this->item->save_value($item_data, $item_id);
echo json_encode(['success' => $result]);
return $this->response->setJSON(['success' => $result]);
}
/**
* @return ResponseInterface
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postSaveInventory($item_id = NEW_ENTRY): void
public function postSaveInventory($item_id = NEW_ENTRY): ResponseInterface
{
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$cur_item_info = $this->item->get_info($item_id);
@@ -847,29 +867,29 @@ class Items extends Secure_Controller
if ($this->item_quantity->save_value($item_quantity_data, $item_id, $location_id)) {
$message = lang('Items.successful_updating') . " $cur_item_info->name";
echo json_encode(['success' => true, 'message' => $message, 'id' => $item_id]);
return $this->response->setJSON(['success' => true, 'message' => $message, 'id' => $item_id]);
} else {
$message = lang('Items.error_adding_updating') . " $cur_item_info->name";
echo json_encode(['success' => false, 'message' => $message, 'id' => NEW_ENTRY]);
return $this->response->setJSON(['success' => false, 'message' => $message, 'id' => NEW_ENTRY]);
}
}
/**
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postBulkUpdate(): void
public function postBulkUpdate(): ResponseInterface
{
$items_to_update = $this->request->getPost('item_ids');
$item_data = [];
foreach ($_POST as $key => $value) {
// This field is nullable, so treat it differently
if ($key === 'supplier_id' && $value !== '') {
$item_data[$key] = $value;
} elseif ($value !== '' && !(in_array($key, ['item_ids', 'tax_names', 'tax_percents']))) {
$item_data[$key] = $value;
foreach (Item::ALLOWED_BULK_EDIT_FIELDS as $field) {
$value = $this->request->getPost($field);
if ($field === 'supplier_id' && $value !== '') {
$item_data[$field] = $value;
} elseif ($value !== null && $value !== '') {
$item_data[$field] = $value;
}
}
@@ -891,23 +911,24 @@ class Items extends Secure_Controller
$this->item_taxes->save_multiple($items_taxes_data, $items_to_update);
}
echo json_encode(['success' => true, 'message' => lang('Items.successful_bulk_edit'), 'id' => $items_to_update]);
return $this->response->setJSON(['success' => true, 'message' => lang('Items.successful_bulk_edit'), 'id' => $items_to_update]);
} else {
echo json_encode(['success' => false, 'message' => lang('Items.error_updating_multiple')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Items.error_updating_multiple')]);
}
}
/**
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$items_to_delete = $this->request->getPost('ids');
if ($this->item->delete_list($items_to_delete)) {
$message = lang('Items.successful_deleted') . ' ' . count($items_to_delete) . ' ' . lang('Items.one_or_multiple');
echo json_encode(['success' => true, 'message' => $message]);
return $this->response->setJSON(['success' => true, 'message' => $message]);
} else {
echo json_encode(['success' => false, 'message' => lang('Items.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Items.cannot_be_deleted')]);
}
}
@@ -929,25 +950,26 @@ class Items extends Secure_Controller
}
/**
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getCsvImport(): void
public function getCsvImport(): string
{
echo view('items/form_csv_import');
return view('items/form_csv_import');
}
/**
* Imports items from CSV formatted file.
* @return ResponseInterface
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postImportCsvFile(): void
public function postImportCsvFile(): ResponseInterface
{
helper('importfile_helper');
try {
if ($_FILES['file_path']['error'] !== UPLOAD_ERR_OK) {
echo json_encode(['success' => false, 'message' => lang('Items.csv_import_failed')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Items.csv_import_failed')]);
} else {
if (file_exists($_FILES['file_path']['tmp_name'])) {
set_time_limit(240);
@@ -1007,7 +1029,11 @@ class Items extends Secure_Controller
}
if (!$is_failed_row) {
$is_failed_row = $this->data_error_check($row, $item_data, $allowed_stock_locations, $attribute_definition_names, $attribute_data);
$invalidLocations = $this->validateCSVStockLocations($row, $allowedStockLocations);
if (!empty($invalidLocations)) {
$isFailedRow = true;
log_message('error', 'CSV import: Invalid stock location(s) found: ' . implode(', ', $invalidLocations));
}
}
// Remove false, null, '' and empty strings but keep 0
@@ -1037,23 +1063,46 @@ class Items extends Secure_Controller
if (count($failCodes) > 0) {
$message = lang('Items.csv_import_partially_failed', [count($failCodes), implode(', ', $failCodes)]);
$db->transRollback();
echo json_encode(['success' => false, 'message' => $message]);
return $this->response->setJSON(['success' => false, 'message' => $message]);
} else {
$db->transCommit();
echo json_encode(['success' => true, 'message' => lang('Items.csv_import_success')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Items.csv_import_success')]);
}
} else {
echo json_encode(['success' => false, 'message' => lang('Items.csv_import_nodata_wrongformat')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Items.csv_import_nodata_wrongformat')]);
}
}
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => $e->getMessage()]);
return;
return $this->response->setJSON(['success' => false, 'message' => $e->getMessage()]);
}
}
/**
* Validates that stock location columns in CSV row are valid locations
*
* @param array $row
* @param array $allowedLocations
* @return array Returns array of invalid location names, empty if all valid
*/
private function validateCSVStockLocations(array $row, array $allowedLocations): array
{
$invalidLocations = [];
$allowedLocationNames = array_values($allowedLocations);
foreach (array_keys($row) as $key) {
if (str_starts_with($key, 'location_')) {
$locationName = substr($key, 9);
if (!in_array($locationName, $allowedLocationNames)) {
$invalidLocations[] = $locationName;
}
}
}
return $invalidLocations;
}
/**
* Checks the entire line of data in an import file for errors
*

29
app/Controllers/Messages.php
View File

@@ -5,6 +5,7 @@ namespace App\Controllers;
use App\Libraries\Sms_lib;
use App\Models\Person;
use CodeIgniter\HTTP\ResponseInterface;
class Messages extends Secure_Controller
{
@@ -18,18 +19,18 @@ class Messages extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
echo view('messages/sms');
return view('messages/sms');
}
/**
* @param int $person_id
* @return void
* @return string
*/
public function getView(int $person_id = NEW_ENTRY): void
public function getView(int $person_id = NEW_ENTRY): string
{
$person = model(Person::class);
$info = $person->get_info($person_id);
@@ -39,13 +40,13 @@ class Messages extends Secure_Controller
}
$data['person_info'] = $info;
echo view('messages/form_sms', $data);
return view('messages/form_sms', $data);
}
/**
* @return void
* @return ResponseInterface
*/
public function send(): void
public function send(): ResponseInterface
{
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -53,9 +54,9 @@ class Messages extends Secure_Controller
$response = $this->sms_lib->sendSMS($phone, $message);
if ($response) {
echo json_encode(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
return $this->response->setJSON(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
} else {
echo json_encode(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
return $this->response->setJSON(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
}
}
@@ -63,10 +64,10 @@ class Messages extends Secure_Controller
* Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
*
* @param int $person_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function send_form(int $person_id = NEW_ENTRY): void
public function send_form(int $person_id = NEW_ENTRY): ResponseInterface
{
$phone = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -74,13 +75,13 @@ class Messages extends Secure_Controller
$response = $this->sms_lib->sendSMS($phone, $message);
if ($response) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Messages.successfully_sent') . ' ' . esc($phone),
'person_id' => $person_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
'person_id' => NEW_ENTRY

7
app/Controllers/No_access.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
/**
* Part of the grants mechanism to restrict access to modules that the user doesn't have permission for.
@@ -22,13 +23,13 @@ class No_access extends BaseController
/**
* @param string $module_id
* @param string $permission_id
* @return void
* @return string
*/
public function getIndex(string $module_id = '', string $permission_id = ''): void
public function getIndex(string $module_id = '', string $permission_id = ''): string
{
$data['module_name'] = $this->module->get_module_name($module_id);
$data['permission_id'] = $permission_id;
echo view('no_access', $data);
return view('no_access', $data);
}
}

7
app/Controllers/Office.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Employee;
use CodeIgniter\HTTP\ResponseInterface;
/**
* @property Employee employee
@@ -17,11 +18,11 @@ class Office extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
echo view('home/office');
return view('home/office');
}
/**

17
app/Controllers/Persons.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Person;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use function Tamtamchik\NameCase\str_name_case;
@@ -21,34 +22,36 @@ abstract class Persons extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_people_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->person->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gets one row for a person manage table. This is called using AJAX to update one row.
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_person_data_row($this->person->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**

159
app/Controllers/Receivings.php
View File

@@ -11,6 +11,7 @@ use App\Models\Item_kit;
use App\Models\Receiving;
use App\Models\Stock_location;
use App\Models\Supplier;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
use ReflectionException;
@@ -46,66 +47,66 @@ class Receivings extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$this->_reload();
return $this->_reload();
}
/**
* Returns search suggestions for an item. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getItemSearch(): void
public function getItemSearch(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Gets search suggestions for a stock item. Used in app/Views/receivings/receiving.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getStockItemSearch(): void
public function getStockItemSearch(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Set supplier if it exists in the database. Used in app/Views/receivings/receiving.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function postSelectSupplier(): void
public function postSelectSupplier(): string
{
$supplier_id = $this->request->getPost('supplier', FILTER_SANITIZE_NUMBER_INT);
if ($this->supplier->exists($supplier_id)) {
$this->receiving_lib->set_supplier($supplier_id);
}
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Change receiving mode for current receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function postChangeMode(): void
public function postChangeMode(): string
{
$stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
@@ -121,49 +122,49 @@ class Receivings extends Secure_Controller
$this->receiving_lib->set_stock_destination($stock_destination);
}
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Sets receiving comment. Used in app/Views/receivings/receiving.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetComment(): void
public function postSetComment(): ResponseInterface
{
$this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the print after sale flag for the receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetPrintAfterSale(): void
public function postSetPrintAfterSale(): ResponseInterface
{
$this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') != null);
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the reference number for the receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetReference(): void
public function postSetReference(): ResponseInterface
{
$this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Add an item to the receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function postAdd(): void
public function postAdd(): string
{
$data = [];
@@ -183,17 +184,17 @@ class Receivings extends Secure_Controller
$data['error'] = lang('Receivings.unable_to_add_item');
}
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
/**
* Edit line item in current receiving. Used in app/Views/receivings/receiving.php
*
* @param $item_id
* @return void
* @param string|int|null $item_id
* @return string
* @noinspection PhpUnused
*/
public function postEditItem($item_id): void
public function postEditItem($item_id): string
{
$data = [];
@@ -222,17 +223,16 @@ class Receivings extends Secure_Controller
$data['error'] = lang('Receivings.error_editing_item');
}
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
/**
* Edit a receiving. Used in app/Controllers/Receivings.php
*
* @param $receiving_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getEdit($receiving_id): void
public function getEdit($receiving_id): string
{
$data = [];
@@ -241,73 +241,86 @@ class Receivings extends Secure_Controller
$data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
}
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
$data['employees'] = [];
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
if ($can_assign_employee) {
foreach ($this->employee->get_all()->getResult() as $employee) {
$data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
}
} else {
$stored_employee_id = $receiving_info['employee_id'];
$stored_employee = $this->employee->get_info($stored_employee_id);
$data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
}
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
$data['selected_supplier_id'] = $receiving_info['supplier_id'];
$data['receiving_info'] = $receiving_info;
$data['can_assign_employee'] = $can_assign_employee;
echo view('receivings/form', $data);
return view('receivings/form', $data);
}
/**
* Deletes an item from the current receiving. Used in app/Views/receivings/receiving.php
*
* @param $item_number
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getDeleteItem($item_number): void
public function getDeleteItem($item_number): string
{
$this->receiving_lib->delete_item($item_number);
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* @throws ReflectionException
* @return ResponseInterface
*/
public function postDelete(int $receiving_id = -1, bool $update_inventory = true): void
public function postDelete(int $receiving_id = -1, bool $update_inventory = true): ResponseInterface
{
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$receiving_ids = $receiving_id == -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id]; // TODO: Replace -1 with constant
if ($this->receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) { // TODO: Likely need to surround this block of code in a try-catch to catch the ReflectionException
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Receivings.successfully_deleted') . ' ' . count($receiving_ids) . ' ' . lang('Receivings.one_or_multiple'),
'ids' => $receiving_ids
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
}
}
/**
* Removes a supplier from a receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getRemoveSupplier(): void
public function getRemoveSupplier(): string
{
$this->receiving_lib->clear_reference();
$this->receiving_lib->remove_supplier();
$this->_reload(); // TODO: Hungarian notation
return $this->_reload(); // TODO: Hungarian notation
}
/**
* Complete and finalize receiving. Used in app/Views/receivings/receiving.php
*
* @return string
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postComplete(): void
public function postComplete(): string
{
$data = [];
@@ -356,18 +369,21 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
echo view("receivings/receipt", $data);
$view = view("receivings/receipt", $data);
$this->receiving_lib->clear_all();
return $view;
}
/**
* Complete a receiving requisition. Used in app/Views/receivings/receiving.php.
*
* @return string
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postRequisitionComplete(): void
public function postRequisitionComplete(): string
{
if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) {
foreach ($this->receiving_lib->get_cart() as $item) {
@@ -376,11 +392,11 @@ class Receivings extends Secure_Controller
$this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source(), $item['discount_type']);
}
$this->postComplete();
return $this->postComplete();
} else {
$data['error'] = lang('Receivings.error_requisition');
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data); // TODO: Hungarian notation
}
}
@@ -388,10 +404,10 @@ class Receivings extends Secure_Controller
* Gets the receipt for a receiving. Used in app/Views/receivings/form.php
*
* @param $receiving_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getReceipt($receiving_id): void
public function getReceipt($receiving_id): string
{
$receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
$this->receiving_lib->copy_entire_receiving($receiving_id);
@@ -424,16 +440,18 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = false;
echo view("receivings/receipt", $data);
$view = view("receivings/receipt", $data);
$this->receiving_lib->clear_all();
return $view;
}
/**
* @param array $data
* @return void
* @return string
*/
private function _reload(array $data = []): void // TODO: Hungarian notation
private function _reload(array $data = []): string // TODO: Hungarian notation
{
$data['cart'] = $this->receiving_lib->get_cart();
$data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
@@ -470,36 +488,47 @@ class Receivings extends Secure_Controller
$data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
echo view("receivings/receiving", $data);
return view("receivings/receiving", $data);
}
/**
* @return ResponseInterface
* @throws ReflectionException
*/
public function postSave(int $receiving_id = -1): void // TODO: Replace -1 with a constant
public function postSave(int $receiving_id = -1): ResponseInterface // TODO: Replace -1 with a constant
{
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: newdate does not follow naming conventions
$date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
$receiving_time = $date_formatter->format('Y-m-d H:i:s');
$current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
if (!$this->employee->has_grant('employees', $current_employee_id)) {
$existing_receiving = $this->receiving->get_info($receiving_id)->getRowArray();
$employee_id = $existing_receiving['employee_id'];
} else {
$employee_id = $submitted_employee_id;
}
$receiving_data = [
'receiving_time' => $receiving_time,
'supplier_id' => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
'employee_id' => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
'employee_id' => $employee_id,
'comment' => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
'reference' => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
];
$this->inventory->update('RECV ' . $receiving_id, ['trans_date' => $receiving_time]);
if ($this->receiving->update($receiving_id, $receiving_data)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Receivings.successfully_updated'),
'id' => $receiving_id
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Receivings.unsuccessfully_updated'),
'id' => $receiving_id
@@ -510,13 +539,13 @@ class Receivings extends Secure_Controller
/**
* Cancel an in-process receiving. Used in app/Views/receivings/receiving.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function postCancelReceiving(): void
public function postCancelReceiving(): string
{
$this->receiving_lib->clear_all();
$this->_reload(); // TODO: Hungarian Notation
return $this->_reload(); // TODO: Hungarian Notation
}
}

275
app/Controllers/Reports.php
View File

@@ -25,6 +25,7 @@ use App\Models\Reports\Summary_sales;
use App\Models\Reports\Summary_sales_taxes;
use App\Models\Reports\Summary_suppliers;
use App\Models\Reports\Summary_taxes;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
@@ -84,7 +85,8 @@ class Reports extends Secure_Controller
// Check access to report submodule
if (!$this->employee->has_grant('reports_' . $submodule_id, $this->employee->get_logged_in_employee_info()->person_id)) {
redirect('no_access/reports/reports_' . $submodule_id);
header('Location: ' . base_url('no_access/reports/reports_' . $submodule_id));
exit();
}
}
@@ -101,8 +103,9 @@ class Reports extends Secure_Controller
/**
* Initial Report listing screen
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$person_id = $this->session->get('person_id');
$grants = $this->employee->get_employee_grants($this->session->get('person_id'));
@@ -114,7 +117,7 @@ class Reports extends Secure_Controller
'permission_ids' => $permissions_ids,
];
echo view('reports/listing', $data);
return view('reports/listing', $data);
}
/**
@@ -123,9 +126,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void // TODO: Perhaps these need to be passed as an array? Too many parameters in the signature.
public function summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string // TODO: Perhaps these need to be passed as an array? Too many parameters in the signature.
{ // TODO: Duplicated code
$this->clearCache();
@@ -161,7 +164,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -170,9 +173,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated code
$this->clearCache();
@@ -207,7 +210,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -215,9 +218,9 @@ class Reports extends Secure_Controller
* @param string $start_date
* @param string $end_date
* @param string $sale_type
* @return void
* @return string
*/
public function summary_expenses_categories(string $start_date, string $end_date, string $sale_type): void
public function summary_expenses_categories(string $start_date, string $end_date, string $sale_type): string
{
$this->clearCache();
@@ -244,7 +247,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -253,9 +256,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -292,7 +295,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -301,9 +304,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -338,7 +341,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -347,9 +350,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -388,7 +391,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -397,9 +400,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -436,7 +439,7 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -445,9 +448,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicate Code
$this->clearCache();
@@ -482,13 +485,14 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
* Summary Sales Taxes report
* @return string
*/
public function summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated code
$this->clearCache();
@@ -521,16 +525,16 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
* Summary Discounts report input. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function summary_discounts_input(): void
public function summary_discounts_input(): string
{
$this->clearCache();
@@ -541,13 +545,14 @@ class Reports extends Secure_Controller
$data['discount_type_options'] = ['0' => lang('Reports.discount_percent'), '1' => lang('Reports.discount_fixed')];
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/date_input', $data);
return view('reports/date_input', $data);
}
/**
* Summary Discounts report
* @return string
**/
public function summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): void
public function summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -579,13 +584,14 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
* Summary Payments report
* @return string
*/
public function summary_payments(string $start_date, string $end_date): void
public function summary_payments(string $start_date, string $end_date): string
{
$this->clearCache();
@@ -637,16 +643,16 @@ class Reports extends Secure_Controller
'summary_data' => $summary
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
* Input for reports that require only a date range. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function date_input(): void
public function date_input(): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -656,30 +662,30 @@ class Reports extends Secure_Controller
$data['mode'] = 'sale';
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/date_input', $data);
return view('reports/date_input', $data);
}
/**
* Input for reports that require only a date range. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function date_input_only(): void
public function date_input_only(): string
{
$this->clearCache();
$data = [];
echo view('reports/date_input', $data);
return view('reports/date_input', $data);
}
/**
* Input for reports that require only a date range. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function date_input_sales(): void
public function date_input_sales(): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -689,23 +695,23 @@ class Reports extends Secure_Controller
$data['mode'] = 'sale';
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/date_input', $data);
return view('reports/date_input', $data);
}
/**
* Receivings date input. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function date_input_recv(): void
public function date_input_recv(): string
{
$stock_locations = $data = $this->stock_location->get_allowed_locations('receivings');
$stock_locations['all'] = lang('Reports.all');
$data['stock_locations'] = array_reverse($stock_locations, true);
$data['mode'] = 'receiving';
echo view('reports/date_input', $data);
return view('reports/date_input', $data);
}
/**
@@ -714,10 +720,10 @@ class Reports extends Secure_Controller
* @param string $start_date
* @param string $end_date
* @param string $sale_type
* @return void
* @return string
* @noinspection PhpUnused
*/
public function graphical_summary_expenses_categories(string $start_date, string $end_date, string $sale_type): void
public function graphical_summary_expenses_categories(string $start_date, string $end_date, string $sale_type): string
{
$this->clearCache();
@@ -750,7 +756,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -760,9 +766,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -796,7 +802,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -806,9 +812,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_items(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -843,7 +849,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -853,9 +859,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_categories(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -886,7 +892,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -896,9 +902,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_suppliers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -931,7 +937,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -941,9 +947,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_employees(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -975,7 +981,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -985,9 +991,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -1019,7 +1025,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -1029,9 +1035,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_sales_taxes(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -1063,7 +1069,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -1073,9 +1079,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_customers(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -1109,7 +1115,7 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -1120,9 +1126,10 @@ class Reports extends Secure_Controller
* @param string $sale_type
* @param string $location_id ID of the location to be reported or 'all' if none is specified
* @param int $discount_type
* @return string
* @noinspection PhpUnused
*/
public function graphical_summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): void
public function graphical_summary_discounts(string $start_date, string $end_date, string $sale_type, string $location_id = 'all', int $discount_type = 0): string
{ // TODO: Duplicated Code
$this->clearCache();
@@ -1157,7 +1164,7 @@ class Reports extends Secure_Controller
'show_currency' => false
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
@@ -1167,9 +1174,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function graphical_summary_payments(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function graphical_summary_payments(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
@@ -1203,16 +1210,16 @@ class Reports extends Secure_Controller
'show_currency' => true
];
echo view('reports/graphical', $data);
return view('reports/graphical', $data);
}
/**
* Gets the specific customer input view. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_customer_input(): void
public function specific_customer_input(): string
{
$this->clearCache();
@@ -1230,7 +1237,7 @@ class Reports extends Secure_Controller
$data['sale_type_options'] = $this->get_sale_type_options();
$data['payment_type'] = $this->get_payment_type();
echo view('reports/specific_customer_input', $data);
return view('reports/specific_customer_input', $data);
}
/**
@@ -1257,10 +1264,10 @@ class Reports extends Secure_Controller
* @param string $customer_id
* @param string $sale_type
* @param string $payment_type
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_customers(string $start_date, string $end_date, string $customer_id, string $sale_type, string $payment_type): void
public function specific_customers(string $start_date, string $end_date, string $customer_id, string $sale_type, string $payment_type): string
{
$this->clearCache();
@@ -1351,16 +1358,16 @@ class Reports extends Secure_Controller
'overall_summary_data' => $specific_customer->getSummaryData($inputs)
];
echo view('reports/tabular_details', $data);
return view('reports/tabular_details', $data);
}
/**
* Detailed employee report input form. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_employee_input(): void
public function specific_employee_input(): string
{
$this->clearCache();
@@ -1374,7 +1381,7 @@ class Reports extends Secure_Controller
$data['specific_input_data'] = $employees;
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/specific_input', $data);
return view('reports/specific_input', $data);
}
/**
@@ -1384,10 +1391,10 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $employee_id
* @param string $sale_type
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_employees(string $start_date, string $end_date, string $employee_id, string $sale_type): void
public function specific_employees(string $start_date, string $end_date, string $employee_id, string $sale_type): string
{
$this->clearCache();
@@ -1474,16 +1481,16 @@ class Reports extends Secure_Controller
'overall_summary_data' => $specific_employee->getSummaryData($inputs)
];
echo view('reports/tabular_details', $data);
return view('reports/tabular_details', $data);
}
/**
* Detailed discount report. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_discount_input(): void
public function specific_discount_input(): string
{
$this->clearCache();
@@ -1498,7 +1505,7 @@ class Reports extends Secure_Controller
$data['discount_type_options'] = ['0' => lang('Reports.discount_percent'), '1' => lang('Reports.discount_fixed')];
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/specific_input', $data);
return view('reports/specific_input', $data);
}
/**
@@ -1509,10 +1516,10 @@ class Reports extends Secure_Controller
* @param string $discount
* @param string $sale_type
* @param string $discount_type
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_discounts(string $start_date, string $end_date, string $discount, string $sale_type, string $discount_type): void
public function specific_discounts(string $start_date, string $end_date, string $discount, string $sale_type, string $discount_type): string
{
$this->clearCache();
@@ -1605,17 +1612,17 @@ class Reports extends Secure_Controller
'overall_summary_data' => $specific_discount->getSummaryData($inputs)
];
echo view('reports/tabular_details', $data);
return view('reports/tabular_details', $data);
}
/**
* Gets the detailed sales data row for given sale_id. Used in app/Views/reports/tabular_details.php
*
* @param string $sale_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getGet_detailed_sales_row(string $sale_id): void
public function getGet_detailed_sales_row(string $sale_id): ResponseInterface
{
$this->clearCache();
@@ -1658,16 +1665,16 @@ class Reports extends Secure_Controller
)
];
echo json_encode([$sale_id => $summary_data]);
return $this->response->setJSON([$sale_id => $summary_data]);
}
/**
* Detailed Supplier report input form. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function specific_supplier_input(): void
public function specific_supplier_input(): string
{
$this->clearCache();
@@ -1681,7 +1688,7 @@ class Reports extends Secure_Controller
$data['specific_input_data'] = $suppliers;
$data['sale_type_options'] = $this->get_sale_type_options();
echo view('reports/specific_input', $data);
return view('reports/specific_input', $data);
}
/**
@@ -1691,9 +1698,9 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $supplier_id
* @param string $sale_type
* @return void
* @return string
*/
public function specific_suppliers(string $start_date, string $end_date, string $supplier_id, string $sale_type): void
public function specific_suppliers(string $start_date, string $end_date, string $supplier_id, string $sale_type): string
{
$inputs = [
'start_date' => $start_date,
@@ -1736,7 +1743,7 @@ class Reports extends Secure_Controller
'summary_data' => $specific_supplier->getSummaryData($inputs)
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
@@ -1763,13 +1770,13 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $sale_type
* @param string $location_id
* @return void
* @return string
*/
public function detailed_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): void
public function detailed_sales(string $start_date, string $end_date, string $sale_type, string $location_id = 'all'): string
{
$this->clearCache();
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES);
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES, true);
$inputs = [
'start_date' => $start_date,
@@ -1782,7 +1789,12 @@ class Reports extends Secure_Controller
$this->detailed_sales->create($inputs);
$columns = $this->detailed_sales->getDataColumns();
$columns['details'] = array_merge($columns['details'], $definition_names);
// Extract just names for column headers
$definitionHeaders = [];
foreach ($definition_names as $definition_id => $definitionInfo) {
$definitionHeaders[$definition_id] = $definitionInfo['name'];
}
$columns['details'] = array_merge($columns['details'], $definitionHeaders);
$headers = $columns;
@@ -1869,17 +1881,17 @@ class Reports extends Secure_Controller
'details_data_rewards' => $details_data_rewards,
'overall_summary_data' => $this->detailed_sales->getSummaryData($inputs)
];
echo view('reports/tabular_details', $data);
return view('reports/tabular_details', $data);
}
/**
* Returns detailed receivings row for given receiving_id. Used in app/Views/reports/tabular_details.php
*
* @param string $receiving_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getGet_detailed_receivings_row(string $receiving_id): void
public function getGet_detailed_receivings_row(string $receiving_id): ResponseInterface
{
$inputs = ['receiving_id' => $receiving_id];
@@ -1909,7 +1921,7 @@ class Reports extends Secure_Controller
)
];
echo json_encode([$receiving_id => $summary_data]);
return $this->response->setJSON([$receiving_id => $summary_data]);
}
/**
@@ -1917,20 +1929,25 @@ class Reports extends Secure_Controller
* @param string $end_date
* @param string $receiving_type
* @param string $location_id
* @return void
* @return string
*/
public function detailed_receivings(string $start_date, string $end_date, string $receiving_type, string $location_id = 'all'): void
public function detailed_receivings(string $start_date, string $end_date, string $receiving_type, string $location_id = 'all'): string
{
$this->clearCache();
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS);
$definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS, true);
$inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id, 'definition_ids' => array_keys($definition_names)];
$this->detailed_receivings->create($inputs);
$columns = $this->detailed_receivings->getDataColumns();
$columns['details'] = array_merge($columns['details'], $definition_names);
// Extract just names for column headers
$definitionHeaders = [];
foreach ($definition_names as $definition_id => $definitionInfo) {
$definitionHeaders[$definition_id] = $definitionInfo['name'];
}
$columns['details'] = array_merge($columns['details'], $definitionHeaders);
$headers = $columns;
$report_data = $this->detailed_receivings->getData($inputs);
@@ -1993,13 +2010,13 @@ class Reports extends Secure_Controller
'overall_summary_data' => $this->detailed_receivings->getSummaryData($inputs)
];
echo view('reports/tabular_details', $data);
return view('reports/tabular_details', $data);
}
/**
* @return void
* @return string
*/
public function inventory_low(): void
public function inventory_low(): string
{
$this->clearCache();
@@ -2028,16 +2045,16 @@ class Reports extends Secure_Controller
'summary_data' => $inventory_low->getSummaryData($inputs)
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**
* Gets the inventory summary input view. Used in app/Config/Routes.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function inventory_summary_input(): void
public function inventory_summary_input(): string
{
$this->clearCache();
@@ -2048,15 +2065,15 @@ class Reports extends Secure_Controller
$stock_locations['all'] = lang('Reports.all');
$data['stock_locations'] = array_reverse($stock_locations, true);
echo view('reports/inventory_summary_input', $data);
return view('reports/inventory_summary_input', $data);
}
/**
* @param string $location_id
* @param string $item_count
* @return void
* @return string
*/
public function inventory_summary(string $location_id = 'all', string $item_count = 'all'): void
public function inventory_summary(string $location_id = 'all', string $item_count = 'all'): string
{
$this->clearCache();
@@ -2088,7 +2105,7 @@ class Reports extends Secure_Controller
'summary_data' => $this->inventory_summary->getSummaryData($report_data)
];
echo view('reports/tabular', $data);
return view('reports/tabular', $data);
}
/**

303
app/Controllers/Sales.php
View File

@@ -20,6 +20,7 @@ use App\Models\Stock_location;
use App\Models\Tokens\Token_invoice_count;
use App\Models\Tokens\Token_customer;
use App\Models\Tokens\Token_invoice_sequence;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
use Config\OSPOS;
use ReflectionException;
@@ -65,27 +66,24 @@ class Sales extends Secure_Controller
$this->employee = model(Employee::class);
}
/**
* @return void
*/
public function getIndex(): void
public function getIndex(): ResponseInterface|string
{
$this->session->set('allow_temp_items', 1);
$this->_reload(); // TODO: Hungarian Notation
return $this->_reload(); // TODO: Hungarian Notation
}
/**
* Load the sale edit modal. Used in app/Views/sales/register.php.
*
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function getManage(): void
public function getManage(): ResponseInterface|string
{
$person_id = $this->session->get('person_id');
$personId = $this->session->get('person_id');
if (!$this->employee->has_grant('reports_sales', $person_id)) {
redirect('no_access/sales/reports_sales');
if (!$this->employee->has_grant('reports_sales', $personId)) {
return redirect()->to('no_access/sales/reports_sales');
} else {
$data['table_headers'] = get_sales_manage_table_headers();
@@ -94,39 +92,52 @@ class Sales extends Secure_Controller
'only_due' => lang('Sales.due_filter'),
'only_check' => lang('Sales.check_filter'),
'only_creditcard' => lang('Sales.credit_filter'),
'only_debit' => lang('Sales.debit'),
'only_invoices' => lang('Sales.invoice_filter'),
'selected_customer' => lang('Sales.selected_customer')
];
if ($this->sale_lib->get_customer() != -1) {
$selected_filters = ['selected_customer'];
$selectedFilters = ['selected_customer'];
$data['customer_selected'] = true;
} else {
$data['customer_selected'] = false;
$selected_filters = [];
$selectedFilters = [];
}
$data['selected_filters'] = $selected_filters;
echo view('sales/manage', $data);
// Restore filters from URL query string
$filters = restoreTableFilters($this->request);
if (!empty($filters['selected_filters'])) {
$selectedFilters = array_merge($selectedFilters, $filters['selected_filters']);
}
if (isset($filters['start_date'])) {
$data['start_date'] = $filters['start_date'];
}
if (isset($filters['end_date'])) {
$data['end_date'] = $filters['end_date'];
}
$data['selected_filters'] = $selectedFilters;
return view('sales/manage', $data);
}
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$sale_info = $this->sale->get_info($row_id)->getRow();
$data_row = get_sale_data_row($sale_info);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -144,6 +155,7 @@ class Sales extends Secure_Controller
'only_check' => false,
'selected_customer' => false,
'only_creditcard' => false,
'only_debit' => false,
'only_invoices' => $this->config['invoice_enable'] && $this->request->getGet('only_invoices', FILTER_SANITIZE_NUMBER_INT),
'is_valid_receipt' => $this->sale->is_valid_receipt($search)
];
@@ -166,16 +178,16 @@ class Sales extends Secure_Controller
$data_rows[] = get_sale_data_last_row($sales);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
}
/**
* Gets search suggestions for an item or item kit. Used in app/Views/sales/register.php.
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getItemSearch(): void
public function getItemSearch(): ResponseInterface
{
$suggestions = [];
$receipt = $search = $this->request->getGet('term') != ''
@@ -189,13 +201,13 @@ class Sales extends Secure_Controller
$suggestions = array_merge($suggestions, $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true));
$suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term') != ''
? $this->request->getPost('term')
@@ -203,16 +215,16 @@ class Sales extends Secure_Controller
$suggestions = $this->sale->get_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Set a given customer. Used in app/Views/sales/register.php.
*
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postSelectCustomer(): void
public function postSelectCustomer(): ResponseInterface|string
{
$customer_id = (int)$this->request->getPost('customer', FILTER_SANITIZE_NUMBER_INT);
if ($this->customer->exists($customer_id)) {
@@ -226,16 +238,16 @@ class Sales extends Secure_Controller
}
}
$this->_reload();
return $this->_reload();
}
/**
* Changes the sale mode in the register to carry out different types of sales
*
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postChangeMode(): void
public function postChangeMode(): ResponseInterface|string
{
$mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$this->sale_lib->set_mode($mode);
@@ -276,14 +288,14 @@ class Sales extends Secure_Controller
$this->sale_lib->empty_payments();
$this->_reload();
return $this->_reload();
}
/**
* @param int $sale_type
* @return void
* @return ResponseInterface|string
*/
public function change_register_mode(int $sale_type): void
public function change_register_mode(int $sale_type): ResponseInterface|string
{
$mode = match ($sale_type) {
SALE_TYPE_QUOTE => 'sale_quote',
@@ -294,81 +306,87 @@ class Sales extends Secure_Controller
};
$this->sale_lib->set_mode($mode);
return $this->_reload();
}
/**
* Sets the sales comment. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetComment(): void
public function postSetComment(): ResponseInterface
{
$this->sale_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the invoice number. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetInvoiceNumber(): void
public function postSetInvoiceNumber(): ResponseInterface|string
{
$this->sale_lib->set_invoice_number($this->request->getPost('sales_invoice_number', FILTER_SANITIZE_NUMBER_INT));
return $this->response->setJSON(['success' => true]);
}
/**
* @return void
* @return ResponseInterface
*/
public function postSetPaymentType(): void // TODO: This function does not appear to be called anywhere in the code.
public function postSetPaymentType(): ResponseInterface|string // TODO: This function does not appear to be called anywhere in the code.
{
$this->sale_lib->set_payment_type($this->request->getPost('selected_payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
$this->_reload(); // TODO: Hungarian notation.
return $this->_reload(); // TODO: Hungarian notation.
}
/**
* Sets PrintAfterSale flag. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postSetPrintAfterSale(): void
public function postSetPrintAfterSale(): ResponseInterface
{
$this->sale_lib->set_print_after_sale($this->request->getPost('sales_print_after_sale') != 'false');
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the flag to include prices in the work order. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetPriceWorkOrders(): void
public function postSetPriceWorkOrders(): ResponseInterface
{
$price_work_orders = parse_decimals($this->request->getPost('price_work_orders'));
$this->sale_lib->set_price_work_orders($price_work_orders);
return $this->response->setJSON(['success' => true]);
}
/**
* Sets the flag to email receipt to the customer. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSetEmailReceipt(): void
public function postSetEmailReceipt(): ResponseInterface
{
$this->sale_lib->set_email_receipt($this->request->getPost('email_receipt', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
return $this->response->setJSON(['success' => true]);
}
/**
* Add a payment to the sale. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postAddPayment(): void
public function postAddPayment(): ResponseInterface|string
{
$data = [];
$giftcard = model(Giftcard::class);
@@ -453,32 +471,32 @@ class Sales extends Secure_Controller
}
}
$this->_reload($data);
return $this->_reload($data);
}
/**
* Multiple Payments. Used in app/Views/sales/register.php
*
* @param string $payment_id
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getDeletePayment(string $payment_id): void
public function getDeletePayment(string $payment_id): ResponseInterface|string
{
helper('url');
$this->sale_lib->delete_payment(base64url_decode($payment_id));
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Add an item to the sale. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postAdd(): void
public function postAdd(): ResponseInterface|string
{
$data = [];
@@ -549,17 +567,17 @@ class Sales extends Secure_Controller
}
}
$this->_reload($data);
return $this->_reload($data);
}
/**
* Edit an item in the sale. Used in app/Views/sales/register.php
*
* @param string $line
* @return void
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postEditItem(string $line): void
public function postEditItem(string $line): ResponseInterface|string
{
$data = [];
@@ -594,33 +612,33 @@ class Sales extends Secure_Controller
$data['error'] = lang('Sales.error_editing_item');
}
$this->_reload($data);
return $this->_reload($data);
}
/**
* Deletes an item specified in the parameter from the shopping cart. Used in app/Views/sales/register.php
*
* @param int $item_id
* @return void
* @return ResponseInterface
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function getDeleteItem(int $item_id): void
public function getDeleteItem(int $item_id): ResponseInterface|string
{
$this->sale_lib->delete_item($item_id);
$this->sale_lib->empty_payments();
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Remove the current customer from the sale. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getRemoveCustomer(): void
public function getRemoveCustomer(): ResponseInterface|string
{
$this->sale_lib->clear_giftcard_remainder();
$this->sale_lib->clear_rewards_remainder();
@@ -629,17 +647,17 @@ class Sales extends Secure_Controller
$this->sale_lib->clear_quote_number();
$this->sale_lib->remove_customer();
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Complete and finalize a sale. Used in app/Views/sales/register.php
*
* @return void
* @return string
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postComplete(): void // TODO: this function is huge. Probably should be refactored.
public function postComplete(): string // TODO: this function is huge. Probably should be refactored.
{
$sale_id = $this->sale_lib->get_sale_id();
$data = [];
@@ -751,8 +769,11 @@ class Sales extends Secure_Controller
$data['sale_status'] = COMPLETED;
$sale_type = SALE_TYPE_INVOICE;
// The PHP file name is the same as the invoice_type key
$invoice_view = $this->config['invoice_type'];
$invoice_type = $this->config['invoice_type'];
if (!Sale_lib::isValidInvoiceType($invoice_type)) {
$invoice_type = 'invoice';
}
$invoice_view = $invoice_type;
// Save the data to the sales table
$data['sale_id_num'] = $this->sale->save_value($sale_id, $data['sale_status'], $data['cart'], $customer_id, $employee_id, $data['comments'], $invoice_number, $work_order_number, $quote_number, $sale_type, $data['payments'], $data['dinner_table'], $tax_details);
@@ -765,7 +786,7 @@ class Sales extends Secure_Controller
$data['error_message'] = lang('Sales.transaction_failed');
} else {
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
echo view('sales/' . $invoice_view, $data);
return view('sales/' . $invoice_view, $data);
$this->sale_lib->clear_all();
}
}
@@ -799,7 +820,7 @@ class Sales extends Secure_Controller
$data['barcode'] = null;
echo view('sales/work_order', $data);
return view('sales/work_order', $data);
$this->sale_lib->clear_mode();
$this->sale_lib->clear_all();
}
@@ -827,7 +848,7 @@ class Sales extends Secure_Controller
$data['cart'] = $this->sale_lib->sort_and_filter_cart($data['cart']);
$data['barcode'] = null;
echo view('sales/quote', $data);
return view('sales/quote', $data);
$this->sale_lib->clear_mode();
$this->sale_lib->clear_all();
}
@@ -850,7 +871,7 @@ class Sales extends Secure_Controller
$data['error_message'] = lang('Sales.transaction_failed');
} else {
$data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
echo view('sales/receipt', $data);
return view('sales/receipt', $data);
$this->sale_lib->clear_all();
}
}
@@ -861,10 +882,10 @@ class Sales extends Secure_Controller
*
* @param int $sale_id
* @param string $type
* @return bool
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSendPdf(int $sale_id, string $type = 'invoice'): bool
public function getSendPdf(int $sale_id, string $type = 'invoice'): ResponseInterface
{
$sale_data = $this->_load_sale_data($sale_id);
@@ -899,21 +920,19 @@ class Sales extends Secure_Controller
$message = lang($result ? "Sales." . $type . "_sent" : "Sales." . $type . "_unsent") . ' ' . $to;
}
echo json_encode(['success' => $result, 'message' => $message, 'id' => $sale_id]);
$this->sale_lib->clear_all();
return $result;
return $this->response->setJSON(['success' => $result, 'message' => $message, 'id' => $sale_id]);
}
/**
* Emails sales receipt to customer. Used in app/Views/sales/receipt.php
*
* @param int $sale_id
* @return bool
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSendReceipt(int $sale_id): bool
public function getSendReceipt(int $sale_id): ResponseInterface
{
$sale_data = $this->_load_sale_data($sale_id);
@@ -922,6 +941,13 @@ class Sales extends Secure_Controller
if (!empty($sale_data['customer_email'])) {
$sale_data['barcode'] = $this->barcode_lib->generate_receipt_barcode($sale_data['sale_id']);
$sale_data['img_tag'] = '';
$logo_path = FCPATH . 'uploads/' . $this->config['company_logo'];
if (!empty($this->config['company_logo']) && file_exists($logo_path)) {
$logo_data = base64_encode(file_get_contents($logo_path));
$sale_data['img_tag'] = '<img id="image" src="data:image/png;base64,' . $logo_data . '" alt="company_logo">';
}
$to = $sale_data['customer_email'];
$subject = lang('Sales.receipt');
@@ -934,11 +960,9 @@ class Sales extends Secure_Controller
$message = lang($result ? 'Sales.receipt_sent' : 'Sales.receipt_unsent') . ' ' . $to;
}
echo json_encode(['success' => $result, 'message' => $message, 'id' => $sale_id]);
$this->sale_lib->clear_all();
return $result;
return $this->response->setJSON(['success' => $result, 'message' => $message, 'id' => $sale_id]);
}
/**
@@ -1100,6 +1124,9 @@ class Sales extends Secure_Controller
}
$invoice_type = $this->config['invoice_type'];
if (!Sale_lib::isValidInvoiceType($invoice_type)) {
$invoice_type = 'invoice';
}
$data['invoice_view'] = $invoice_type;
return $data;
@@ -1109,7 +1136,7 @@ class Sales extends Secure_Controller
* @param array $data
* @return void
*/
private function _reload(array $data = []): void // TODO: Hungarian notation
private function _reload(array $data = []): ResponseInterface|string // TODO: Hungarian notation
{
$sale_id = $this->session->get('sale_id'); // TODO: This variable is never used
@@ -1215,40 +1242,47 @@ class Sales extends Secure_Controller
$data['customer_required'] = lang('Sales.customer_optional');
}
echo view("sales/register", $data);
return view("sales/register", $data);
}
/**
* Load the sales receipt for a sale. Used in app/Views/sales/form.php
*
* @param int $sale_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getReceipt(int $sale_id): void
public function getReceipt(int $sale_id): string
{
$data = $this->_load_sale_data($sale_id);
echo view('sales/receipt', $data);
$this->sale_lib->clear_all();
return view('sales/receipt', $data);
}
/**
* Loads the sales invoice for a sale. Used in app/Views/sales/form.php
*
* @param int $sale_id
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getInvoice(int $sale_id): void
public function getInvoice(int $sale_id): string
{
$data = $this->_load_sale_data($sale_id);
echo view('sales/' . $data['invoice_view'], $data);
$this->sale_lib->clear_all();
return view('sales/' . $data['invoice_view'], $data);
}
/**
* Edits an existing sale or work order. Used in app/Views/sales/form.php
*
* @param int $sale_id
* @return void
* @return string
* @throws ReflectionException
*/
public function getEdit(int $sale_id): void
public function getEdit(int $sale_id): string
{
$data = [];
@@ -1293,30 +1327,32 @@ class Sales extends Secure_Controller
$data['new_payment_options'] = $payment_options;
echo view('sales/form', $data);
return view('sales/form', $data);
}
/**
* @param int $sale_id
* @return ResponseInterface
* @throws ReflectionException
*/
public function postDelete(int $sale_id = NEW_ENTRY, bool $update_inventory = true): void
public function postDelete(int $sale_id = NEW_ENTRY, bool $update_inventory = true): ResponseInterface
{
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$has_grant = $this->employee->has_grant('sales_delete', $employee_id);
if (!$has_grant) {
echo json_encode(['success' => false, 'message' => lang('Sales.not_authorized')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Sales.not_authorized')]);
} else {
$sale_ids = $sale_id == NEW_ENTRY ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$sale_id];
if ($this->sale->delete_list($sale_ids, $employee_id, $update_inventory)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Sales.successfully_deleted') . ' ' . count($sale_ids) . ' ' . lang('Sales.one_or_multiple'),
'ids' => $sale_ids
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Sales.unsuccessfully_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Sales.unsuccessfully_deleted')]);
}
}
}
@@ -1324,26 +1360,26 @@ class Sales extends Secure_Controller
/**
* @param int $sale_id
* @param bool $update_inventory
* @return void
* @return ResponseInterface
*/
public function restore(int $sale_id = NEW_ENTRY, bool $update_inventory = true): void
public function restore(int $sale_id = NEW_ENTRY, bool $update_inventory = true): ResponseInterface
{
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
$has_grant = $this->employee->has_grant('sales_delete', $employee_id);
if (!$has_grant) {
echo json_encode(['success' => false, 'message' => lang('Sales.not_authorized')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Sales.not_authorized')]);
} else {
$sale_ids = $sale_id == NEW_ENTRY ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$sale_id];
if ($this->sale->restore_list($sale_ids, $employee_id, $update_inventory)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Sales.successfully_restored') . ' ' . count($sale_ids) . ' ' . lang('Sales.one_or_multiple'),
'ids' => $sale_ids
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Sales.unsuccessfully_restored')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Sales.unsuccessfully_restored')]);
}
}
}
@@ -1352,9 +1388,10 @@ class Sales extends Secure_Controller
* This saves the sale from the update sale view (sales/form).
* It only updates the sales table and payments.
* @param int $sale_id
* @return ResponseInterface
* @throws ReflectionException
*/
public function postSave(int $sale_id = NEW_ENTRY): void
public function postSave(int $sale_id = NEW_ENTRY): ResponseInterface
{
$newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$employee_id = $this->employee->get_logged_in_employee_info()->person_id;
@@ -1435,9 +1472,9 @@ class Sales extends Secure_Controller
$inventory->update('POS ' . $sale_id, ['trans_date' => $sale_time]); // TODO: Reflection Exception
if ($this->sale->update($sale_id, $sale_data)) {
echo json_encode(['success' => true, 'message' => lang('Sales.successfully_updated'), 'id' => $sale_id]);
return $this->response->setJSON(['success' => true, 'message' => lang('Sales.successfully_updated'), 'id' => $sale_id]);
} else {
echo json_encode(['success' => false, 'message' => lang('Sales.unsuccessfully_updated'), 'id' => $sale_id]);
return $this->response->setJSON(['success' => false, 'message' => lang('Sales.unsuccessfully_updated'), 'id' => $sale_id]);
}
}
@@ -1447,10 +1484,11 @@ class Sales extends Secure_Controller
* Work orders can be canceled but are not physically removed from the sales history.
* Used in app/Views/sales/register.php
*
* @return ResponseInterface
* @throws ReflectionException
* @noinspection PhpUnused
*/
public function postCancel(): void
public function postCancel(): ResponseInterface|string
{
$sale_id = $this->sale_lib->get_sale_id();
if ($sale_id != NEW_ENTRY && $sale_id != '') {
@@ -1472,32 +1510,32 @@ class Sales extends Secure_Controller
}
$this->sale_lib->clear_all();
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Discards the suspended sale. Used in app/Views/sales/quote.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getDiscardSuspendedSale(): void
public function getDiscardSuspendedSale(): ResponseInterface|string
{
$suspended_id = $this->sale_lib->get_suspended_id();
$this->sale_lib->clear_all();
$this->sale->delete_suspended_sale($suspended_id);
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Suspend the current sale.
* If the current sale is already suspended then update the existing suspended sale otherwise create
* it as a new suspended sale. Used in app/Views/sales/register.php.
* it as a new suspended sale. Used in app/Views/sales/register.php
*
* @throws ReflectionException
* @return ResponseInterface|string
* @noinspection PhpUnused
*/
public function postSuspend(): void
public function postSuspend(): ResponseInterface|string
{
$sale_id = $this->sale_lib->get_sale_id();
$dinner_table = $this->sale_lib->get_dinner_table();
@@ -1528,28 +1566,29 @@ class Sales extends Secure_Controller
$this->sale_lib->clear_all();
$this->_reload($data); // TODO: Hungarian notation
return $this->_reload($data);
}
/**
* List suspended sales
* @return string
*/
public function getSuspended(): void
public function getSuspended(): string
{
$data = [];
$customer_id = $this->sale_lib->get_customer();
$data['suspended_sales'] = $this->sale->get_all_suspended($customer_id);
echo view('sales/suspended', $data);
return view('sales/suspended', $data);
}
/**
* Unsuspended sales are now left in the tables and are only removed
* when they are intentionally cancelled. Used in app/Views/sales/suspended.php.
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postUnsuspend(): void
public function postUnsuspend(): ResponseInterface|string
{
$sale_id = $this->request->getPost('suspended_sale_id', FILTER_SANITIZE_NUMBER_INT);
$this->sale_lib->clear_all();
@@ -1561,32 +1600,32 @@ class Sales extends Secure_Controller
// Set current register mode to reflect that of unsuspended order type
$this->change_register_mode($this->sale_lib->get_sale_type());
$this->_reload(); // TODO: Hungarian notation
return $this->_reload();
}
/**
* Show Keyboard shortcut modal. Used in app/Views/sales/register.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getSalesKeyboardHelp(): void
public function getSalesKeyboardHelp(): string
{
echo view('sales/help');
return view('sales/help');
}
/**
* Check the validity of an invoice number. Used in app/Views/sales/form.php.
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postCheckInvoiceNumber(): void
public function postCheckInvoiceNumber(): ResponseInterface
{
$sale_id = $this->request->getPost('sale_id', FILTER_SANITIZE_NUMBER_INT);
$invoice_number = $this->request->getPost('invoice_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$exists = !empty($invoice_number) && $this->sale->check_invoice_number_exists($invoice_number, $sale_id);
echo !$exists ? 'true' : 'false';
return $this->response->setJSON(!$exists ? 'true' : 'false');
}
/**
@@ -1613,10 +1652,10 @@ class Sales extends Secure_Controller
/**
* Update the item number in the register. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postChangeItemNumber(): void
public function postChangeItemNumber(): ResponseInterface
{
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
$item_number = $this->request->getPost('item_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -1632,10 +1671,10 @@ class Sales extends Secure_Controller
/**
* Change a given item name. Used in app/Views/sales/register.php.
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postChangeItemName(): void
public function postChangeItemName(): ResponseInterface
{
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
$name = $this->request->getPost('item_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -1655,10 +1694,10 @@ class Sales extends Secure_Controller
/**
* Update the given item description. Used in app/Views/sales/register.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postChangeItemDescription(): void
public function postChangeItemDescription(): ResponseInterface
{
$item_id = $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT);
$description = $this->request->getPost('item_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

11
app/Controllers/Secure_Controller.php
View File

@@ -4,7 +4,7 @@ namespace App\Controllers;
use App\Models\Employee;
use App\Models\Module;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Model;
use CodeIgniter\Session\Session;
use Config\OSPOS;
@@ -85,18 +85,17 @@ class Secure_Controller extends BaseController
/**
* AJAX function used to confirm whether values sent in the request are numeric
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getCheckNumeric(): void
public function getCheckNumeric(): ResponseInterface
{
foreach ($this->request->getGet() as $value) {
if (parse_decimals($value) === false) {
echo 'false';
return;
return $this->response->setJSON('false');
}
}
echo 'true';
return $this->response->setJSON('true');
}
/**

52
app/Controllers/Suppliers.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Supplier;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
class Suppliers extends Persons
@@ -17,33 +18,33 @@ class Suppliers extends Persons
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_suppliers_manage_table_headers();
echo view('people/manage', $data);
return view('people/manage', $data);
}
/**
* Gets one row for a supplier manage table. This is called using AJAX to update one row.
* @param $row_id
* @return void
* @return ResponseInterface
*/
public function getRow($row_id): void
public function getRow($row_id): ResponseInterface
{
$data_row = get_supplier_data_row($this->supplier->get_info($row_id));
$data_row['category'] = $this->supplier->get_category_name($data_row['category']);
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* Returns Supplier table data rows. This will be called with AJAX.
* @return void
**/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -62,38 +63,39 @@ class Suppliers extends Persons
$data_rows[] = $row;
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
**/
public function getSuggest(): void
public function getSuggest(): ResponseInterface
{
$search = $this->request->getGet('term');
$suggestions = $this->supplier->get_search_suggestions($search, true);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @return void
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->supplier->get_search_suggestions($search, false);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Loads the supplier edit form
*
* @param int $supplier_id
* @return void
* @return string
*/
public function getView(int $supplier_id = NEW_ENTRY): void
public function getView(int $supplier_id = NEW_ENTRY): string
{
$info = $this->supplier->get_info($supplier_id);
foreach (get_object_vars($info) as $property => $value) {
@@ -102,16 +104,16 @@ class Suppliers extends Persons
$data['person_info'] = $info;
$data['categories'] = $this->supplier->get_categories();
echo view("suppliers/form", $data);
return view("suppliers/form", $data);
}
/**
* Inserts/updates a supplier
*
* @param int $supplier_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $supplier_id = NEW_ENTRY): void
public function postSave(int $supplier_id = NEW_ENTRY): ResponseInterface
{
$first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // TODO: Duplicate code
$last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -147,21 +149,21 @@ class Suppliers extends Persons
if ($this->supplier->save_supplier($person_data, $supplier_data, $supplier_id)) {
// New supplier
if ($supplier_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_adding') . ' ' . $supplier_data['company_name'],
'id' => $supplier_data['person_id']
]);
} else { // Existing supplier
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_updating') . ' ' . $supplier_data['company_name'],
'id' => $supplier_id
]);
}
} else { // Failure
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Suppliers.error_adding_updating') . ' ' . $supplier_data['company_name'],
'id' => NEW_ENTRY
@@ -172,19 +174,19 @@ class Suppliers extends Persons
/**
* This deletes suppliers from the suppliers table
*
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$suppliers_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->supplier->delete_list($suppliers_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Suppliers.successful_deleted') . ' ' . count($suppliers_to_delete) . ' ' . lang('Suppliers.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Suppliers.cannot_be_deleted')]);
}
}
}

41
app/Controllers/Tax_categories.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Tax_category;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
@@ -20,13 +21,13 @@ class Tax_categories extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['tax_categories_table_headers'] = get_tax_categories_table_headers();
echo view('taxes/tax_categories', $data);
return view('taxes/tax_categories', $data);
}
/**
@@ -34,7 +35,7 @@ class Tax_categories extends Secure_Controller
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -50,37 +51,37 @@ class Tax_categories extends Secure_Controller
$data_rows[] = get_tax_categories_data_row($tax_category);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @param $row_id
* @return void
* @return ResponseInterface
*/
public function getRow($row_id): void
public function getRow($row_id): ResponseInterface
{
$data_row = get_tax_categories_data_row($this->tax_category->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $tax_category_id
* @return void
* @return string
*/
public function getView(int $tax_category_id = NEW_ENTRY): void
public function getView(int $tax_category_id = NEW_ENTRY): string
{
$data['tax_category_info'] = $this->tax_category->get_info($tax_category_id);
echo view("taxes/tax_category_form", $data);
return view("taxes/tax_category_form", $data);
}
/**
* @param int $tax_category_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $tax_category_id = NEW_ENTRY): void
public function postSave(int $tax_category_id = NEW_ENTRY): ResponseInterface
{
$tax_category_data = [
'tax_category' => $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
@@ -91,20 +92,20 @@ class Tax_categories extends Secure_Controller
if ($this->tax_category->save_value($tax_category_data, $tax_category_id)) {
// New tax_category_id
if ($tax_category_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_adding'),
'id' => $tax_category_data['tax_category_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_updating'),
'id' => $tax_category_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_categories.error_adding_updating') . ' ' . $tax_category_data['tax_category'],
'id' => NEW_ENTRY
@@ -113,19 +114,19 @@ class Tax_categories extends Secure_Controller
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$tax_categories_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_category->delete_list($tax_categories_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_categories.successful_deleted') . ' ' . count($tax_categories_to_delete) . ' ' . lang('Tax_categories.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_categories.cannot_be_deleted')]);
}
}
}

41
app/Controllers/Tax_codes.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Tax_code;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
@@ -22,11 +23,11 @@ class Tax_codes extends Secure_Controller
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
echo view('taxes/tax_codes', $this->get_data());
return view('taxes/tax_codes', $this->get_data());
}
/**
@@ -44,7 +45,7 @@ class Tax_codes extends Secure_Controller
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -61,37 +62,37 @@ class Tax_codes extends Secure_Controller
$data_rows[] = get_tax_code_data_row($tax_code);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_code_data_row($this->tax_code->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $tax_code_id
* @return void
* @return string
*/
public function getView(int $tax_code_id = NEW_ENTRY): void
public function getView(int $tax_code_id = NEW_ENTRY): string
{
$data['tax_code_info'] = $this->tax_code->get_info($tax_code_id);
echo view("taxes/tax_code_form", $data);
return view("taxes/tax_code_form", $data);
}
/**
* @param int $tax_code_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $tax_code_id = NEW_ENTRY): void
public function postSave(int $tax_code_id = NEW_ENTRY): ResponseInterface
{
$tax_code_data = [
'tax_code' => $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
@@ -102,20 +103,20 @@ class Tax_codes extends Secure_Controller
if ($this->tax_code->save($tax_code_data)) {
if ($tax_code_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_adding'),
'id' => $tax_code_data['tax_code_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_updating'),
'id' => $tax_code_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_codes.error_adding_updating') . ' ' . $tax_code_data['tax_code_id'],
'id' => NEW_ENTRY
@@ -124,19 +125,19 @@ class Tax_codes extends Secure_Controller
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_code->delete_list($tax_codes_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_codes.successful_deleted') . ' ' . count($tax_codes_to_delete) . ' ' . lang('Tax_codes.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_codes.cannot_be_deleted')]);
}
}
}

41
app/Controllers/Tax_jurisdictions.php
View File

@@ -3,6 +3,7 @@
namespace App\Controllers;
use App\Models\Tax_jurisdiction;
use CodeIgniter\HTTP\ResponseInterface;
use Config\Services;
/**
@@ -23,13 +24,13 @@ class Tax_jurisdictions extends Secure_Controller
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['table_headers'] = get_tax_jurisdictions_table_headers();
echo view('taxes/tax_jurisdictions', $data);
return view('taxes/tax_jurisdictions', $data);
}
/**
@@ -37,7 +38,7 @@ class Tax_jurisdictions extends Secure_Controller
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -53,37 +54,37 @@ class Tax_jurisdictions extends Secure_Controller
$data_rows[] = get_tax_jurisdictions_data_row($tax_jurisdiction);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_jurisdictions_data_row($this->tax_jurisdiction->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $tax_jurisdiction_id
* @return void
* @return string
*/
public function getView(int $tax_jurisdiction_id = NEW_ENTRY): void
public function getView(int $tax_jurisdiction_id = NEW_ENTRY): string
{
$data['tax_jurisdiction_info'] = $this->tax_jurisdiction->get_info($tax_jurisdiction_id);
echo view("taxes/tax_jurisdiction_form", $data);
return view("taxes/tax_jurisdiction_form", $data);
}
/**
* @param int $jurisdiction_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $jurisdiction_id = NEW_ENTRY): void
public function postSave(int $jurisdiction_id = NEW_ENTRY): ResponseInterface
{
$tax_jurisdiction_data = [
'jurisdiction_name' => $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
@@ -92,20 +93,20 @@ class Tax_jurisdictions extends Secure_Controller
if ($this->tax_jurisdiction->save_value($tax_jurisdiction_data)) {
if ($jurisdiction_id == NEW_ENTRY) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_adding'),
'id' => $tax_jurisdiction_data['jurisdiction_id']
]);
} else {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_updating'),
'id' => $jurisdiction_id
]);
}
} else {
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Tax_jurisdictions.error_adding_updating') . ' ' . $tax_jurisdiction_data['jurisdiction_name'],
'id' => NEW_ENTRY
@@ -114,19 +115,19 @@ class Tax_jurisdictions extends Secure_Controller
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$tax_jurisdictions_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax_jurisdiction->delete_list($tax_jurisdictions_to_delete)) {
echo json_encode([
return $this->response->setJSON([
'success' => true,
'message' => lang('Tax_jurisdictions.successful_deleted') . ' ' . count($tax_jurisdictions_to_delete) . ' ' . lang('Tax_jurisdictions.one_or_multiple')
]);
} else {
echo json_encode(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Tax_jurisdictions.cannot_be_deleted')]);
}
}
}

116
app/Controllers/Taxes.php
View File

@@ -8,6 +8,7 @@ use App\Models\Tax;
use App\Models\Tax_category;
use App\Models\Tax_code;
use App\Models\Tax_jurisdiction;
use CodeIgniter\HTTP\ResponseInterface;
use Config\OSPOS;
use Config\Services;
@@ -36,9 +37,9 @@ class Taxes extends Secure_Controller
}
/**
* @return void
* @return string
*/
public function getIndex(): void
public function getIndex(): string
{
$data['tax_codes'] = $this->tax_code->get_all()->getResultArray();
if (count($data['tax_codes']) == 0) {
@@ -67,7 +68,7 @@ class Taxes extends Secure_Controller
$data['tax_type_options'] = $this->tax_lib->get_tax_type_options($data['default_tax_type']);
echo view('taxes/manage', $data);
return view('taxes/manage', $data);
}
/**
@@ -75,7 +76,7 @@ class Taxes extends Secure_Controller
*
* @return void
*/
public function getSearch(): void
public function getSearch(): ResponseInterface
{
$search = $this->request->getGet('search');
$limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
@@ -92,50 +93,50 @@ class Taxes extends Secure_Controller
$data_rows[] = get_tax_rates_data_row($tax_rate_row);
}
echo json_encode(['total' => $total_rows, 'rows' => $data_rows]);
return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
}
/**
* Gives search suggestions based on what is being searched for
* @return ResponseInterface
*/
public function suggest_search(): void
public function suggest_search(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->tax->get_search_suggestions($search); // TODO: There is no get_search_suggestions function in the tax model
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Provides list of tax categories to select from
*
* @return void
* @return ResponseInterface
*/
public function suggest_tax_categories(): void
public function suggest_tax_categories(): ResponseInterface
{
$search = $this->request->getPost('term');
$suggestions = $this->tax_category->get_tax_category_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* @param int $row_id
* @return void
* @return ResponseInterface
*/
public function getRow(int $row_id): void
public function getRow(int $row_id): ResponseInterface
{
$data_row = get_tax_rates_data_row($this->tax->get_info($row_id));
echo json_encode($data_row);
return $this->response->setJSON($data_row);
}
/**
* @param int $tax_code
* @return void
* @return string
*/
public function getView_tax_codes(int $tax_code = NEW_ENTRY): void
public function getView_tax_codes(int $tax_code = NEW_ENTRY): string
{
$tax_code_info = $this->tax->get_info($tax_code);
@@ -192,15 +193,15 @@ class Taxes extends Secure_Controller
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_code_form', $data);
return view('taxes/tax_code_form', $data);
}
/**
* @param int $tax_rate_id
* @return void
* @return string
*/
public function getView(int $tax_rate_id = NEW_ENTRY): void
public function getView(int $tax_rate_id = NEW_ENTRY): string
{
$tax_rate_info = $this->tax->get_info($tax_rate_id);
@@ -226,14 +227,14 @@ class Taxes extends Secure_Controller
$data['tax_rate'] = $tax_rate_info->tax_rate;
}
echo view('taxes/tax_rates_form', $data);
return view('taxes/tax_rates_form', $data);
}
/**
* @param int $tax_code
* @return void
* @return string
*/
public function getView_tax_categories(int $tax_code = NEW_ENTRY): void // TODO: This appears to be called no where in the code.
public function getView_tax_categories(int $tax_code = NEW_ENTRY): string // TODO: This appears to be called no where in the code.
{
$tax_code_info = $this->tax->get_info($tax_code); // TODO: Duplicated Code
@@ -290,14 +291,14 @@ class Taxes extends Secure_Controller
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_category_form', $data);
return view('taxes/tax_category_form', $data);
}
/**
* @param int $tax_code
* @return void
* @return string
*/
public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): void // TODO: This appears to be called no where in the code.
public function getView_tax_jurisdictions(int $tax_code = NEW_ENTRY): string // TODO: This appears to be called no where in the code.
{
$tax_code_info = $this->tax->get_info($tax_code); // TODO: Duplicated code
@@ -354,7 +355,7 @@ class Taxes extends Secure_Controller
$data['tax_rates'] = $tax_rates;
echo view('taxes/tax_jurisdiction_form', $data);
return view('taxes/tax_jurisdiction_form', $data);
}
/**
@@ -367,9 +368,9 @@ class Taxes extends Secure_Controller
/**
* @param int $tax_rate_id
* @return void
* @return ResponseInterface
*/
public function postSave(int $tax_rate_id = NEW_ENTRY): void
public function postSave(int $tax_rate_id = NEW_ENTRY): ResponseInterface
{
$tax_category_id = $this->request->getPost('rate_tax_category_id', FILTER_SANITIZE_NUMBER_INT);
$tax_rate = parse_tax($this->request->getPost('tax_rate'));
@@ -388,50 +389,50 @@ class Taxes extends Secure_Controller
if ($this->tax->save_value($tax_rate_data, $tax_rate_id)) {
if ($tax_rate_id == NEW_ENTRY) { // TODO: this needs to be replaced with ternary notation
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successfully_added')]);
} else { // Existing tax_code
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_rate_successful_updated')]);
}
} else {
echo json_encode(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_rate_error_adding_updating')]);
}
}
/**
* @return void
* @return ResponseInterface
*/
public function postDelete(): void
public function postDelete(): ResponseInterface
{
$tax_codes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT);
if ($this->tax->delete_list($tax_codes_to_delete)) { // TODO: this needs to be replaced with ternary notation
echo json_encode(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
return $this->response->setJSON(['success' => true, 'message' => lang('Taxes.tax_code_successful_deleted')]);
} else {
echo json_encode(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
return $this->response->setJSON(['success' => false, 'message' => lang('Taxes.tax_code_cannot_be_deleted')]);
}
}
/**
* Get search suggestions for tax codes. Used in app/Views/customers/form.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function getSuggestTaxCodes(): void
public function getSuggestTaxCodes(): ResponseInterface
{
$search = $this->request->getPostGet('term');
$suggestions = $this->tax_code->get_tax_codes_search_suggestions($search);
echo json_encode($suggestions);
return $this->response->setJSON($suggestions);
}
/**
* Saves Tax Codes. Used in app/Views/taxes/tax_codes.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSave_tax_codes(): void
public function postSave_tax_codes(): ResponseInterface
{
$tax_code_id = $this->request->getPost('tax_code_id', FILTER_SANITIZE_NUMBER_INT);
$tax_code = $this->request->getPost('tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -452,7 +453,7 @@ class Taxes extends Secure_Controller
$success = $this->tax_code->save_tax_codes($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_codes_saved_' . ($success ? '' : 'un') . 'successfully')
]);
@@ -461,10 +462,10 @@ class Taxes extends Secure_Controller
/**
* Saves given tax jurisdiction. Used in app/Views/taxes/tax_jurisdictions.php.
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSave_tax_jurisdictions(): void
public function postSave_tax_jurisdictions(): ResponseInterface
{
$jurisdiction_id = $this->request->getPost('jurisdiction_id', FILTER_SANITIZE_NUMBER_INT);
$jurisdiction_name = $this->request->getPost('jurisdiction_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -489,11 +490,10 @@ class Taxes extends Secure_Controller
];
if (in_array($tax_group[$key], $unique_tax_groups)) { // TODO: This can be replaced with `in_array($tax_group[$key], $unique_tax_groups)`
echo json_encode([
return $this->response->setJSON([
'success' => false,
'message' => lang('Taxes.tax_group_not_unique', [$tax_group[$key]])
]);
return;
} else {
$unique_tax_groups[] = $tax_group[$key];
}
@@ -501,7 +501,7 @@ class Taxes extends Secure_Controller
$success = $this->tax_jurisdiction->save_jurisdictions($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_jurisdictions_saved_' . ($success ? '' : 'un') . 'successfully')
]);
@@ -510,10 +510,10 @@ class Taxes extends Secure_Controller
/**
* Saves tax categories. Used in app/Views/taxes/tax_categories.php
*
* @return void
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function postSave_tax_categories(): void
public function postSave_tax_categories(): ResponseInterface
{
$tax_category_id = $this->request->getPost('tax_category_id', FILTER_SANITIZE_NUMBER_INT);
$tax_category = $this->request->getPost('tax_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -531,7 +531,7 @@ class Taxes extends Secure_Controller
$success = $this->tax_category->save_categories($array_save);
echo json_encode([
return $this->response->setJSON([
'success' => $success,
'message' => lang('Taxes.tax_categories_saved_' . ($success ? '' : 'un') . 'successfully')
]);
@@ -540,36 +540,36 @@ class Taxes extends Secure_Controller
/**
* Gets tax codes partial view. Used in app/Views/taxes/tax_codes.php.
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getAjax_tax_codes(): void
public function getAjax_tax_codes(): string
{
$tax_codes = $this->tax_code->get_all()->getResultArray();
echo view('partial/tax_codes', ['tax_codes' => $tax_codes]);
return view('partial/tax_codes', ['tax_codes' => $tax_codes]);
}
/**
* Gets current tax categories. Used in app/Views/taxes/tax_categories.php
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getAjax_tax_categories(): void
public function getAjax_tax_categories(): string
{
$tax_categories = $this->tax_category->get_all()->getResultArray();
echo view('partial/tax_categories', ['tax_categories' => $tax_categories]);
return view('partial/tax_categories', ['tax_categories' => $tax_categories]);
}
/**
* Gets the tax jurisdiction partial view. Used in app/Views/taxes/tax_jurisdictions.php.
*
* @return void
* @return string
* @noinspection PhpUnused
*/
public function getAjax_tax_jurisdictions(): void
public function getAjax_tax_jurisdictions(): string
{
$tax_jurisdictions = $this->tax_jurisdiction->get_all()->getResultArray();
@@ -581,7 +581,7 @@ class Taxes extends Secure_Controller
$tax_types = $this->tax_lib->get_tax_types();
echo view('partial/tax_jurisdictions', [
return view('partial/tax_jurisdictions', [
'tax_jurisdictions' => $tax_jurisdictions,
'tax_types' => $tax_types,
'default_tax_type' => $default_tax_type

60
app/Database/Migrations/20170501000000_initial_schema.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
class Migration_Initial_Schema extends Migration
{
public function __construct()
{
parent::__construct();
}
/**
* Perform a migration step.
* Only runs on fresh installs - skips if database already has tables.
*
* For testing: CI4's DatabaseTestTrait with $refresh=true handles table
* cleanup/creation automatically. This migration only loads initial schema
* on fresh databases where no application tables exist.
*/
public function up(): void
{
// Check if core application tables exist (existing install)
// Note: migrations table may exist even on fresh DB due to migration tracking
$tables = $this->db->listTables();
// Check for a core application table, not just migrations table
foreach ($tables as $table) {
// Strip prefix if present for comparison
$tableName = str_replace($this->db->getPrefix(), '', $table);
if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
// Database already populated - skip initial schema
// This is an existing installation upgrading from older version
return;
}
}
// Fresh install - load initial schema
helper('migration');
execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
}
/**
* Revert a migration step.
* Cannot revert initial schema - would lose all data.
*/
public function down(): void
{
// Cannot safely revert initial schema
// Would require dropping all tables which would lose all data
$this->db->query('SET FOREIGN_KEY_CHECKS = 0');
foreach ($this->db->listTables() as $table) {
$this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
}
$this->db->query('SET FOREIGN_KEY_CHECKS = 1');
}
}

4
app/Database/Migrations/20170502221506_sales_tax_data.php
View File

@@ -267,6 +267,8 @@ class Migration_Sales_Tax_Data extends Migration
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float
{
$amount = (float)$amount;
if ($rounding_mode == Migration_Sales_Tax_Data::ROUND_UP) {
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
@@ -376,7 +378,7 @@ class Migration_Sales_Tax_Data extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;

2
app/Database/Migrations/20191008100000_receipttaxindicator.php
View File

@@ -21,6 +21,6 @@ class Migration_receipttaxindicator extends Migration
*/
public function down(): void
{
$this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE key = \'receipt_show_tax_ind\'');
$this->db->query('DELETE FROM ' . $this->db->prefixTable('app_config') . ' WHERE `key` = \'receipt_show_tax_ind\'');
}
}

4
app/Database/Migrations/20200202000000_taxamount.php
View File

@@ -243,6 +243,8 @@ class Migration_TaxAmount extends Migration
*/
public function round_number(int $rounding_mode, string $amount, int $decimals): float // TODO: is this currency safe?
{ // TODO: This needs to be converted to a switch
$amount = (float)$amount;
if ($rounding_mode == Migration_TaxAmount::ROUND_UP) { // TODO: === ?
$fig = pow(10, $decimals);
$rounded_total = (ceil($fig * $amount) + ceil($fig * $amount - ceil($fig * $amount))) / $fig;
@@ -354,7 +356,7 @@ class Migration_TaxAmount extends Migration
$decimals = totals_decimals();
foreach ($sales_taxes as $row_number => $sales_tax) {
$sale_tax_amount = $sales_tax['sale_tax_amount'];
$sale_tax_amount = (float)$sales_tax['sale_tax_amount'];
$rounding_code = $sales_tax['rounding_code'];
$rounded_sale_tax_amount = $sale_tax_amount;

65
app/Database/Migrations/20250521000000_FixImageFilenameSpaces.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace App\Database\Migrations;
use CodeIgniter\Database\Migration;
/**
* Migration to sanitize existing image filenames by replacing spaces with underscores
* This fixes issue #4372 where thumbnails failed to load for images with spaces in filenames
*/
class FixImageFilenameSpaces extends Migration
{
/**
* Perform a migration.
*/
public function up(): void
{
$db = \Config\Database::connect();
$builder = $db->table('ospos_items');
// Get all items with pic_filename containing spaces
$query = $builder->like('pic_filename', ' ', 'both')->get();
$items = $query->getResult();
foreach ($items as $item) {
$old_filename = $item->pic_filename;
$ext = pathinfo($old_filename, PATHINFO_EXTENSION);
$base_name = pathinfo($old_filename, PATHINFO_FILENAME);
// Sanitize the filename by replacing spaces and special characters
$sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $base_name);
$new_filename = $sanitized_name . '.' . $ext;
// Rename the file on the filesystem
$old_path = FCPATH . 'uploads/item_pics/' . $old_filename;
$new_path = FCPATH . 'uploads/item_pics/' . $new_filename;
if (file_exists($old_path)) {
// Rename the original file
if (rename($old_path, $new_path)) {
// Check if thumbnail exists and rename it too
$old_thumb = FCPATH . 'uploads/item_pics/' . $base_name . '_thumb.' . $ext;
$new_thumb = FCPATH . 'uploads/item_pics/' . $sanitized_name . '_thumb.' . $ext;
if (file_exists($old_thumb)) {
rename($old_thumb, $new_thumb);
}
// Update database record
$builder->where('item_id', $item->item_id)
->update(['pic_filename' => $new_filename]);
}
}
}
}
/**
* Revert a migration.
* Note: This migration does not support rollback as the original filenames are lost
*/
public function down(): void
{
// This migration cannot be safely reversed as the original filenames are lost
// after sanitization.
}
}

145
app/Database/tables.sql → app/Database/Migrations/sqlscripts/initial_schema.sql
View File

@@ -730,3 +730,148 @@ CREATE TABLE `ospos_suppliers` (
--
-- Dumping data for table `ospos_suppliers`
--
--
-- Constraints for dumped tables
--
--
-- Constraints for table `ospos_customers`
--
ALTER TABLE `ospos_customers`
ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_employees`
--
ALTER TABLE `ospos_employees`
ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_inventory`
--
ALTER TABLE `ospos_inventory`
ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_items`
--
ALTER TABLE `ospos_items`
ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_items_taxes`
--
ALTER TABLE `ospos_items_taxes`
ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_item_kit_items`
--
ALTER TABLE `ospos_item_kit_items`
ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_permissions`
--
ALTER TABLE `ospos_permissions`
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_grants`
--
ALTER TABLE `ospos_grants`
ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_receivings`
--
ALTER TABLE `ospos_receivings`
ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_receivings_items`
--
ALTER TABLE `ospos_receivings_items`
ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
--
-- Constraints for table `ospos_sales`
--
ALTER TABLE `ospos_sales`
ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_items`
--
ALTER TABLE `ospos_sales_items`
ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_items_taxes`
--
ALTER TABLE `ospos_sales_items_taxes`
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_payments`
--
ALTER TABLE `ospos_sales_payments`
ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
--
-- Constraints for table `ospos_sales_suspended`
--
ALTER TABLE `ospos_sales_suspended`
ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_suspended_items`
--
ALTER TABLE `ospos_sales_suspended_items`
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_suspended_items_taxes`
--
ALTER TABLE `ospos_sales_suspended_items_taxes`
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_suspended_payments`
--
ALTER TABLE `ospos_sales_suspended_payments`
ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
--
-- Constraints for table `ospos_item_quantities`
--
ALTER TABLE `ospos_item_quantities`
ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_suppliers`
--
ALTER TABLE `ospos_suppliers`
ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_giftcards`
--
ALTER TABLE `ospos_giftcards`
ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

145
app/Database/constraints.sql
View File

@@ -1,145 +0,0 @@
--
-- Constraints for dumped tables
--
--
-- Constraints for table `ospos_customers`
--
ALTER TABLE `ospos_customers`
ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_employees`
--
ALTER TABLE `ospos_employees`
ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_inventory`
--
ALTER TABLE `ospos_inventory`
ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_items`
--
ALTER TABLE `ospos_items`
ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_items_taxes`
--
ALTER TABLE `ospos_items_taxes`
ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_item_kit_items`
--
ALTER TABLE `ospos_item_kit_items`
ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_permissions`
--
ALTER TABLE `ospos_permissions`
ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_grants`
--
ALTER TABLE `ospos_grants`
ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
--
-- Constraints for table `ospos_receivings`
--
ALTER TABLE `ospos_receivings`
ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
--
-- Constraints for table `ospos_receivings_items`
--
ALTER TABLE `ospos_receivings_items`
ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
--
-- Constraints for table `ospos_sales`
--
ALTER TABLE `ospos_sales`
ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_items`
--
ALTER TABLE `ospos_sales_items`
ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_items_taxes`
--
ALTER TABLE `ospos_sales_items_taxes`
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_payments`
--
ALTER TABLE `ospos_sales_payments`
ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
--
-- Constraints for table `ospos_sales_suspended`
--
ALTER TABLE `ospos_sales_suspended`
ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
--
-- Constraints for table `ospos_sales_suspended_items`
--
ALTER TABLE `ospos_sales_suspended_items`
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_sales_suspended_items_taxes`
--
ALTER TABLE `ospos_sales_suspended_items_taxes`
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
--
-- Constraints for table `ospos_sales_suspended_payments`
--
ALTER TABLE `ospos_sales_suspended_payments`
ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
--
-- Constraints for table `ospos_item_quantities`
--
ALTER TABLE `ospos_item_quantities`
ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
--
-- Constraints for table `ospos_suppliers`
--
ALTER TABLE `ospos_suppliers`
ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
--
-- Constraints for table `ospos_giftcards`
--
ALTER TABLE `ospos_giftcards`
ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

2
app/Database/docker_mysql.cnf
View File

@@ -1,5 +1,5 @@
[mysqld]
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"
key_buffer = 16M
max_allowed_packet = 1M

2
app/Helpers/locale_helper.php
View File

@@ -89,6 +89,8 @@ function get_languages(): array
'pt-BR:portuguese' => 'Portuguese (Brazil)',
'ro:romanian' => 'Romanian',
'ru:russian' => 'Russian',
'sw-KE:swahili' => 'Swahili (Kenya)',
'sw-TZ:swahili' => 'Swahili (Tanzania)',
'sv:swedish' => 'Swedish',
'ta:tamil' => 'Tamil',
'th:thai' => 'Thai',

48
app/Helpers/tabular_helper.php
View File

@@ -48,7 +48,7 @@ function transform_headers(array $headers, bool $readonly = false, bool $editabl
'field' => key($element),
'title' => current($element),
'switchable' => $element['switchable'] ?? !preg_match('(^$|&nbsp)', current($element)),
'escape' => !preg_match("/(edit|email|messages|item_pic|customer_name|note)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
'escape' => !preg_match("/(edit|email|messages|item_pic)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
'sortable' => $element['sortable'] ?? current($element) != '',
'checkbox' => $element['checkbox'] ?? false,
'class' => isset($element['checkbox']) || preg_match('(^$|&nbsp)', current($element)) ? 'print_hide' : '',
@@ -408,7 +408,7 @@ function get_items_manage_table_headers(): string
{
$attribute = model(Attribute::class);
$config = config(OSPOS::class)->settings;
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS); // TODO: this should be made into a constant in constants.php
$definitionsWithTypes = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
$headers = item_headers();
@@ -420,8 +420,8 @@ function get_items_manage_table_headers(): string
$headers[] = ['item_pic' => lang('Items.image'), 'sortable' => false];
foreach ($definition_names as $definition_id => $definition_name) {
$headers[] = [$definition_id => $definition_name, 'sortable' => false];
foreach ($definitionsWithTypes as $definition_id => $definitionInfo) {
$headers[] = [$definition_id => $definitionInfo['name'], 'sortable' => false];
}
$headers[] = ['inventory' => '', 'escape' => false];
@@ -470,7 +470,8 @@ function get_item_data_row(object $item): array
: glob("./uploads/item_pics/$item->pic_filename");
if (sizeof($images) > 0) {
$image .= '<a class="rollover" href="' . base_url($images[0]) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . pathinfo($images[0], PATHINFO_BASENAME)) . '"></a>';
$image_path = ltrim($images[0], './');
$image .= '<a class="rollover" href="' . base_url(implode('/', array_map('rawurlencode', explode('/', $image_path)))) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . rawurlencode(pathinfo($images[0], PATHINFO_BASENAME))) . '"></a>';
}
}
@@ -478,7 +479,7 @@ function get_item_data_row(object $item): array
$item->name .= NAME_SEPARATOR . $item->pack_name;
}
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS);
$definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
$columns = [
'items.item_id' => $item->item_id,
@@ -633,7 +634,7 @@ function parse_attribute_values(array $columns, array $row): array
}
/**
* @param array $definition_names
* @param array $definition_names Array of definition_id => ['name' => name, 'type' => type] or definition_id => name
* @param array $row
* @return array
*/
@@ -650,10 +651,16 @@ function expand_attribute_values(array $definition_names, array $row): array
}
$attribute_values = [];
foreach ($definition_names as $definition_id => $definition_name) {
foreach ($definition_names as $definition_id => $definitionInfo) {
if (isset($indexed_values[$definition_id])) {
$attribute_value = $indexed_values[$definition_id];
$attribute_values["$definition_id"] = $attribute_value;
$raw_value = $indexed_values[$definition_id];
// Format DECIMAL attributes according to locale
if (is_array($definitionInfo) && isset($definitionInfo['type']) && $definitionInfo['type'] === DECIMAL) {
$attribute_values["$definition_id"] = to_decimals($raw_value);
} else {
$attribute_values["$definition_id"] = $raw_value;
}
} else {
$attribute_values["$definition_id"] = "";
}
@@ -924,3 +931,24 @@ function get_controller(): string
$controller_name_parts = explode('\\', $controller_name);
return end($controller_name_parts);
}
/**
* Restores filter values from URL query string.
*
* @param CodeIgniter\HTTP\IncomingRequest $request The request object
* @return array Array with 'start_date', 'end_date', and 'selected_filters' keys
*/
function restoreTableFilters($request): array
{
$startDate = $request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$endDate = $request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$urlFilters = $request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
return array_filter([
'start_date' => $startDate ?: null,
'end_date' => $endDate ?: null,
'selected_filters' => $urlFilters ?? []
], function($value) {
return $value !== null && $value !== [];
});
}

1
app/Language/ar-EG/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
"confirm_restore" => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
"definition_cannot_be_deleted" => "لا يمكن حذف السمات المحددة",
"definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
"definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
"definition_flags" => "رؤية الميزات",
"definition_group" => "المجموعة",

2
app/Language/ar-EG/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "كلمة المرور الحالية غير صحيحة.",
"employee" => "موظف",
"error_adding_updating" => "خطاء فى إضافة/تعديل موظف.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
"error_updating_demo_admin" => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
"language" => "اللغة",

1
app/Language/ar-EG/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "سعر التكلفة مطلوب.",
"count" => "تحديث المخزون",
"csv_import_failed" => "فشل الإستيراد من اكسل",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
"csv_import_partially_failed" => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
"csv_import_success" => "تم استيراد الأصناف بنجاح.",

2
app/Language/ar-EG/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "ابداء بكتابة اسم المورد....",
"stock" => "المخزون",
"stock_destination" => "المخزون المحول له",
"stock_locaiton" => "مكان المخزون",
"stock_location" => "مكان المخزون",
"stock_source" => "مصدر المخزون",
"successfully_deleted" => "لقد تم الحذف",
"successfully_updated" => "لقد تم التحديث",

1
app/Language/ar-LB/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
"confirm_restore" => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
"definition_cannot_be_deleted" => "لا يمكن حذف السمات المحددة",
"definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
"definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
"definition_flags" => "رؤية الميزات",
"definition_group" => "المجموعة",

2
app/Language/ar-LB/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "كلمة المرور الحالية غير صحيحة.",
"employee" => "موظف",
"error_adding_updating" => "خطاء فى إضافة/تعديل موظف.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
"error_updating_demo_admin" => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
"language" => "اللغة",

1
app/Language/ar-LB/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "سعر التكلفة مطلوب.",
"count" => "تحديث المخزون",
"csv_import_failed" => "فشل الإستيراد من اكسل",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
"csv_import_partially_failed" => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
"csv_import_success" => "تم استيراد الأصناف بنجاح.",

2
app/Language/ar-LB/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "ابداء بكتابة اسم المورد....",
"stock" => "المخزون",
"stock_destination" => "المخزون المحول له",
"stock_locaiton" => "مكان المخزون",
"stock_location" => "مكان المخزون",
"stock_source" => "مصدر المخزون",
"successfully_deleted" => "لقد تم الحذف",
"successfully_updated" => "لقد تم التحديث",

1
app/Language/az/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "Seçilmiş Atributları silmək istədiyinizdən əminsinizmi?",
"confirm_restore" => "Seçilmiş atributları bərpa etmək istədiyinizə əminsinizmi?",
"definition_cannot_be_deleted" => "Seçilmiş xüsusiyyətləri silmək olmadı",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "{0} -in atributları əlavə oluna və yenilənə bilmədi. Lütfən XƏTA loq faylını yoxlayın.",
"definition_flags" => "Atribut görünüşü",
"definition_group" => "Qrup",

2
app/Language/az/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "Hazirki Şifrə düzgün deyil.",
"employee" => "Əməkdaş",
"error_adding_updating" => "Əməkdaş əlavə etməsk və ya yeniləməsi baş vermədi.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Demo administrator istifadəçisini silə bilməzsiniz.",
"error_updating_demo_admin" => "Demo administrator istifadəçisini dəyişə bilməzsiniz.",
"language" => "Dil",

1
app/Language/az/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Topdan satiış - doldurulması vacib sahə.",
"count" => "inventorun yenilənməsi",
"csv_import_failed" => "səhv csv import",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Yüklənmiş faylda məlumat yoxdur və ya düzgün formatlanmır.",
"csv_import_partially_failed" => "Xətlərdə {0} element idxalı uğursuzluq (lar) var: {1}. Heç bir sıra idxal edilmədi.",
"csv_import_success" => "Malların İdxalı Uğurla Həyata Keçdi.",

2
app/Language/az/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Təchizatçıın adını yazmağa başlayın ...",
"stock" => "Ehtiyyat",
"stock_destination" => "Ehtiyyatın Hədəfi",
"stock_locaiton" => "Ehtiyyatın Yeri",
"stock_location" => "Ehtiyyatın Yeri",
"stock_source" => "Ehtiyyatın Mənbəyi",
"successfully_deleted" => "cəmi",
"successfully_updated" => "alışda sehv var",

1
app/Language/bg/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "",
"confirm_restore" => "",
"definition_cannot_be_deleted" => "",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "",
"definition_flags" => "",
"definition_group" => "",

2
app/Language/bg/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "Текущата парола е невалидна.",
"employee" => "Служител",
"error_adding_updating" => "Добавянето или актуализирането на служителите е неуспешно.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Не може да изтриете Пробният Администратор.",
"error_updating_demo_admin" => "Не може да промените Пробният Администратор.",
"language" => "Език",

1
app/Language/bg/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Wholesale Price is a required field.",
"count" => "Update Inventory",
"csv_import_failed" => "CSV import failed",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "The uploaded file has no data or is formatted incorrectly.",
"csv_import_partially_failed" => "Item import successful with some failures:",
"csv_import_success" => "Item import successful.",

2
app/Language/bg/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Start Typing Supplier's name...",
"stock" => "",
"stock_destination" => "Stock Destination",
"stock_locaiton" => "Stock Location",
"stock_location" => "Stock Location",
"stock_source" => "Stock Source",
"successfully_deleted" => "You have successfully deleted",
"successfully_updated" => "Receiving successfully updated",

1
app/Language/bs/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "Da li ste sigurni da želite da izbrišete izabrani atribut?",
"confirm_restore" => "Da li ste sigurni da želite vratiti izabrane atribute?",
"definition_cannot_be_deleted" => "Nije moguće izbrisati izabrane atribut",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "Atribut {0} nije moguće dodati ili ažurirati. Molimo provjerite dnevnik grešaka.",
"definition_flags" => "Vidljivost atributa",
"definition_group" => "Grupa",

2
app/Language/bs/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "Trenutna lozinka je nevažeća.",
"employee" => "Zaposlenik",
"error_adding_updating" => "Dodavanje ili ažuriranje zaposlenika nije uspjelo.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Ne možete izbrisati demo korisnika administratora.",
"error_updating_demo_admin" => "Ne možete promijeniti korisnika demo administratora.",
"language" => "Jezik",

1
app/Language/bs/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Fakturna cijena je obavezno polje.",
"count" => "Ažuriraj zalihu",
"csv_import_failed" => "Uvoz CSV-a nije uspio",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Učitana CSV datoteka nema podatke ili je pogrešno formatirana.",
"csv_import_partially_failed" => "Bilo je {0} grešaka pri uvozu stavke na liniji: {1}. Nijedan red nije uvezen.",
"csv_import_success" => "Uvoz CSV stavke je uspješan.",

2
app/Language/bs/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Počnite upisivati ime dobavljača ...",
"stock" => "Skladište",
"stock_destination" => "Destinacija skladišta",
"stock_locaiton" => "Lokacija zaliha",
"stock_location" => "Lokacija zaliha",
"stock_source" => "Izvor zaliha",
"successfully_deleted" => "Uspješno ste izbrisali prijem",
"successfully_updated" => "Uspješno ste ažurirali prijem",

1
app/Language/ckb/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بسڕیتەوە؟",
"confirm_restore" => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بگەڕێنیتەوە؟",
"definition_cannot_be_deleted" => "نەتوانرا تایبەتمەندی هەڵبژێردراو بسڕدرێتەوە",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "تایبەتمەندی {0} نەتوانرا زیاد بکرێت یان نوێ بکرێتەوە. تکایە لیستی هەڵەکان بپشکنە.",
"definition_flags" => "توانای بینراویی تایبەتمەندی",
"definition_group" => "گروپ",

2
app/Language/ckb/Employees.php
View File

@@ -14,6 +14,8 @@ return [
'current_password_invalid' => "وشەی نهێنی ئێستا نادروستە.",
'employee' => "فەرمانبەر",
'error_adding_updating' => "زیادکردن یان نوێکردنەوەی کارمەند سەرکەوتوو نەبوو.",
'error_deleting_admin' => "",
'error_updating_admin' => "",
'error_deleting_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمینی تاقیکردنەوەیی بسڕیتەوە.",
'error_updating_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمین تاقیکردنەوەیی بگۆڕیت.",
'language' => "زمان",

1
app/Language/ckb/Items.php
View File

@@ -26,6 +26,7 @@ return [
'cost_price_required' => "نرخی جوملە خانەیەکی پێویستە.",
'count' => "جەرد نوێ بکەوە",
'csv_import_failed' => "هاوردەکردنی CSV سەرکەوتوو نەبوو",
'csv_import_invalid_location' => "",
'csv_import_nodata_wrongformat' => "پەڕگەی CSV بارکراو هیچ داتایەکی نییە یان بە هەڵە فۆرمات کراوە.",
'csv_import_partially_failed' => "{0} شکستی هاوردەکردنی بابەتی لەسەر هێڵەکان هەبوو: {1}. هیچ ڕیزێک هاوردە نەکرا.",
'csv_import_success' => "بابەتی هاوردەکردنی CSV سەرکەوتوو بوو.",

2
app/Language/ckb/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
'start_typing_supplier_name' => "دەست بکە بە نووسینی ناوی دابینکەر...",
'stock' => "کۆگا",
'stock_destination' => "شوێنی مەبەستی کۆگا",
'stock_locaiton' => "شوێنی کۆگا",
'stock_location' => "شوێنی کۆگا",
'stock_source' => "سەرچاوەی کۆگا",
'successfully_deleted' => "بەسەرکەوتوویی سڕیتەوە",
'successfully_updated' => "وەرگرتن بە سەرکەوتوویی نوێ کراوەتەوە",

1
app/Language/cs/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "",
"confirm_restore" => "",
"definition_cannot_be_deleted" => "",
"definition_invalid_group" => "",
"definition_error_adding_updating" => "",
"definition_flags" => "",
"definition_group" => "",

2
app/Language/cs/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "",
"employee" => "",
"error_adding_updating" => "",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "",
"error_updating_demo_admin" => "",
"language" => "",

1
app/Language/cs/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Musíte zadat nákupní cenu.",
"count" => "Upravit množství",
"csv_import_failed" => "Import z CSVu se nepovedl",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Nahraný soubor neobsahuje žádná data nebo má špatný formát.",
"csv_import_partially_failed" => "Při importu položek došlo k několika chybám:",
"csv_import_success" => "Import položek proběhl bez chyby.",

2
app/Language/cs/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Začněte psát jméno dodavatele...",
"stock" => "Sklad",
"stock_destination" => "Cílový sklad",
"stock_locaiton" => "Umístění skladu",
"stock_location" => "Umístění skladu",
"stock_source" => "",
"successfully_deleted" => "Smazáno",
"successfully_updated" => "Upraveno",

1
app/Language/da/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "Er du sikker på, at du vil slette de valgte egenskaber?",
"confirm_restore" => "Er du sikker på, at du vil gendanne de valgte egenskaber?",
"definition_cannot_be_deleted" => "De valgte egenskaber kunne ikke slettes",
"definition_invalid_group" => "Den valgte gruppe findes ikke eller er ugyldig.",
"definition_error_adding_updating" => "Egenskab {0} Kunne ikke tilføjes eller opdateres. Tjek venligst fejlprotokollen.",
"definition_flags" => "Egenskabens Synlighed",
"definition_group" => "Gruppe",

2
app/Language/da/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "Current Password is invalid.",
"employee" => "Employee",
"error_adding_updating" => "Employee add or update failed.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "You can not delete the demo admin user.",
"error_updating_demo_admin" => "You can not change the demo admin user.",
"language" => "Language",

1
app/Language/da/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "",
"count" => "",
"csv_import_failed" => "",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "",
"csv_import_partially_failed" => "",
"csv_import_success" => "",

2
app/Language/da/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "",
"stock" => "",
"stock_destination" => "",
"stock_locaiton" => "",
"stock_location" => "",
"stock_source" => "",
"successfully_deleted" => "",
"successfully_updated" => "",

1
app/Language/de-CH/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "",
"confirm_restore" => "",
"definition_cannot_be_deleted" => "",
"definition_invalid_group" => "Die ausgewählte Gruppe existiert nicht oder ist ungültig.",
"definition_error_adding_updating" => "",
"definition_flags" => "",
"definition_group" => "",

2
app/Language/de-CH/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "",
"employee" => "Mitarbeiter",
"error_adding_updating" => "Fehler beim Hinzufügen/Ändern",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Sie können den Admin nicht löschen",
"error_updating_demo_admin" => "Sie können den Admin nicht ändern",
"language" => "",

1
app/Language/de-CH/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Einstandspreis ist erforderlich",
"count" => "Ändere Bestand",
"csv_import_failed" => "CSV Import fehlerhaft",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Your uploaded file has no data or wrong format",
"csv_import_partially_failed" => "Most Items imported. But some were not, here is the list",
"csv_import_success" => "Import of Items successful",

2
app/Language/de-CH/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Lieferantenname eingeben",
"stock" => "",
"stock_destination" => "Lagerort (Ziel)",
"stock_locaiton" => "Lagerort",
"stock_location" => "Lagerort",
"stock_source" => "Lagerort (Quelle)",
"successfully_deleted" => "Löschung erfolgreich",
"successfully_updated" => "Änderung erfolgreich",

1
app/Language/de-DE/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "Sind Sie sicher, dass Sie die ausgewählten Attribute löschen möchten?",
"confirm_restore" => "Sind Sie sicher, dass Sie die ausgewählten Attribute wiederherstellen möchten?",
"definition_cannot_be_deleted" => "Ausgewählte Attribute konnten nicht gelöscht werden",
"definition_invalid_group" => "Die ausgewählte Gruppe existiert nicht oder ist ungültig.",
"definition_error_adding_updating" => "Das Attribut {0} konnte nicht hinzugefügt oder aktualisiert werden. Bitte überprüfen Sie den Error-Log.",
"definition_flags" => "Attribut Sichtbarkeit",
"definition_group" => "Gruppe",

2
app/Language/de-DE/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "Aktuelles Passwort ist ungültig.",
"employee" => "Mitarbeiter",
"error_adding_updating" => "Fehler beim Hinzufügen/Ändern.",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "Sie können den Demo-Administrator nicht löschen.",
"error_updating_demo_admin" => "Sie können den Demo-Administrator nicht verändern.",
"language" => "Sprache",

1
app/Language/de-DE/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "Der Großhandelspreis ist ein Pflichtfeld.",
"count" => "Ändere Bestand",
"csv_import_failed" => "CSV Import fehlgeschlagen",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "Die hochgeladene Datei enthält keine Daten oder ist falsch formatiert.",
"csv_import_partially_failed" => "{0} Artikel-Import Fehler in Zeile: {1}. Keine Reihen wurden importiert.",
"csv_import_success" => "Artikelimport erfolgreich.",

2
app/Language/de-DE/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Eintippen des Namens des Lieferanten beginnen...",
"stock" => "Lager",
"stock_destination" => "Lagerort (Ziel)",
"stock_locaiton" => "Lagerort",
"stock_location" => "Lagerort",
"stock_source" => "Lagerort (Quelle)",
"successfully_deleted" => "Löschung erfolgreich",
"successfully_updated" => "Änderung erfolgreich",

1
app/Language/el/Attributes.php
View File

@@ -5,6 +5,7 @@ return [
"confirm_delete" => "Είστε βέβαιοι ότι θέλετε να διαγράψετε τα επιλεγμένα χαρακτηριστικά;",
"confirm_restore" => "Είστε βέβαιοι ότι θέλετε να επαναφέρετε τα επιλεγμένα χαρακτηριστικά;",
"definition_cannot_be_deleted" => "Δεν ήταν δυνατή η διαγραφή των επιλεγμένων χαρακτηριστικών",
"definition_invalid_group" => "Η επιλεγμένη ομάδα δεν υπάρχει ή δεν είναι έγκυρη.",
"definition_error_adding_updating" => "Το χαρακτηριστικό {0} δεν ήταν δυνατό να προστεθεί ή να ενημερωθεί. Ελέγξτε το αρχείο καταγραφής σφαλμάτων.",
"definition_flags" => "Ορατότητα χαρακτηριστικών",
"definition_group" => "Ομάδα",

2
app/Language/el/Employees.php
View File

@@ -14,6 +14,8 @@ return [
"current_password_invalid" => "",
"employee" => "",
"error_adding_updating" => "",
"error_deleting_admin" => "",
"error_updating_admin" => "",
"error_deleting_demo_admin" => "",
"error_updating_demo_admin" => "",
"language" => "",

1
app/Language/el/Items.php
View File

@@ -26,6 +26,7 @@ return [
"cost_price_required" => "",
"count" => "",
"csv_import_failed" => "",
"csv_import_invalid_location" => "",
"csv_import_nodata_wrongformat" => "",
"csv_import_partially_failed" => "",
"csv_import_success" => "",

2
app/Language/el/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Πληκτρολογήστε το όνομα του Προμηθευτή...",
"stock" => "Απόθεμα",
"stock_destination" => "Προορισμός Αποθέματος",
"stock_locaiton" => "Τοποθεσία Αποθέματος",
"stock_location" => "Τοποθεσία Αποθέματος",
"stock_source" => "Προέλευση Αποθέματος",
"successfully_deleted" => "Έχετε διαγράψει επιτυχώς",
"successfully_updated" => "Επιτυχής ενημέρωση Παραλαβής",

1
app/Language/en-GB/Attributes.php
View File

@@ -6,6 +6,7 @@ return [
"confirm_restore" => "Are you sure you want to restore the selected attribute(s)?",
"definition_cannot_be_deleted" => "Could not delete selected attribute(s)",
"definition_error_adding_updating" => "Attribute {0} could not be added or updated. Please check the error log.",
"definition_invalid_group" => "The selected group does not exist or is invalid.",
"definition_flags" => "Attribute Visibility",
"definition_group" => "Group",
"definition_id" => "Id",

2
app/Language/en-GB/Receivings.php
View File

@@ -43,7 +43,7 @@ return [
"start_typing_supplier_name" => "Start Typing Supplier's name...",
"stock" => "Stock",
"stock_destination" => "Stock Destination",
"stock_locaiton" => "Stock Location",
"stock_location" => "Stock Location",
"stock_source" => "Stock Source",
"successfully_deleted" => "You have successfully deleted receiving",
"successfully_updated" => "Receiving successfully updated",

Some files were not shown because too many files have changed in this diff Show More