2017-05-14 11:50:09 -06:00
|
|
|
<?php
|
|
|
|
|
|
2017-12-16 13:32:58 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
2017-05-14 11:50:09 -06:00
|
|
|
/**
|
|
|
|
|
* Make things happen when buttons are pressed and forms submitted.
|
|
|
|
|
*/
|
|
|
|
|
require_once __DIR__ . "/required.php";
|
|
|
|
|
|
2017-05-17 23:09:51 -06:00
|
|
|
require_once __DIR__ . "/lib/login.php";
|
|
|
|
|
require_once __DIR__ . "/lib/userinfo.php";
|
|
|
|
|
|
2017-10-10 12:34:25 -06:00
|
|
|
if ($VARS['action'] !== "signout") {
|
|
|
|
|
dieifnotloggedin();
|
|
|
|
|
}
|
2017-05-14 11:50:09 -06:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
|
|
|
|
|
* The message will be displayed by the app.
|
|
|
|
|
* @param string $msg message ID (see lang/messages.php)
|
|
|
|
|
* @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.
|
|
|
|
|
*/
|
|
|
|
|
function returnToSender($msg, $arg = "") {
|
|
|
|
|
global $VARS;
|
|
|
|
|
if ($arg == "") {
|
|
|
|
|
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
|
|
|
|
|
} else {
|
|
|
|
|
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
|
|
|
|
|
}
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-28 23:46:28 -06:00
|
|
|
if ($VARS['action'] != "signout" && !account_has_permission($_SESSION['username'], "INV_EDIT")) {
|
|
|
|
|
returnToSender("no_edit_permission");
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-14 11:50:09 -06:00
|
|
|
switch ($VARS['action']) {
|
2017-05-17 23:09:51 -06:00
|
|
|
case "edititem":
|
|
|
|
|
$insert = true;
|
|
|
|
|
if (is_empty($VARS['itemid'])) {
|
|
|
|
|
$insert = true;
|
|
|
|
|
} else {
|
|
|
|
|
if ($database->has('items', ['itemid' => $VARS['itemid']])) {
|
|
|
|
|
$insert = false;
|
|
|
|
|
} else {
|
|
|
|
|
returnToSender("invalid_itemid");
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-09-15 14:00:45 -06:00
|
|
|
if (is_empty($VARS['name'])) {
|
|
|
|
|
returnToSender('missing_name');
|
|
|
|
|
}
|
|
|
|
|
if (!is_empty($VARS['catstr']) && is_empty($VARS['cat'])) {
|
|
|
|
|
if ($database->count("categories", ["catname" => $VARS['catstr']]) == 1) {
|
|
|
|
|
$VARS['cat'] = $database->get("categories", 'catid', ["catname" => $VARS['catstr']]);
|
|
|
|
|
} else {
|
|
|
|
|
returnToSender('use_the_drop_luke');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!is_empty($VARS['locstr']) && is_empty($VARS['loc'])) {
|
|
|
|
|
if ($database->count("locations", ["locname" => $VARS['locstr']]) == 1) {
|
|
|
|
|
$VARS['loc'] = $database->get("locations", 'locid', ["locname" => $VARS['locstr']]);
|
|
|
|
|
} else {
|
|
|
|
|
returnToSender('use_the_drop_luke');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['cat']) || is_empty($VARS['loc'])) {
|
2017-05-17 23:09:51 -06:00
|
|
|
returnToSender('invalid_parameters');
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['qty'])) {
|
|
|
|
|
$VARS['qty'] = 1;
|
2017-09-05 22:35:35 -06:00
|
|
|
} else if (!is_numeric($VARS['qty'])) {
|
|
|
|
|
returnToSender('field_nan');
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['want'])) {
|
|
|
|
|
$VARS['want'] = 0;
|
|
|
|
|
} else if (!is_numeric($VARS['want'])) {
|
|
|
|
|
returnToSender('field_nan');
|
2017-05-17 23:09:51 -06:00
|
|
|
}
|
2018-04-10 01:25:07 -06:00
|
|
|
if (is_empty($VARS['cost'])) {
|
|
|
|
|
$VARS['cost'] = null;
|
|
|
|
|
} else if (!is_numeric($VARS['cost'])) {
|
|
|
|
|
returnToSender('field_nan');
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['price'])) {
|
|
|
|
|
$VARS['price'] = null;
|
|
|
|
|
} else if (!is_numeric($VARS['price'])) {
|
|
|
|
|
returnToSender('field_nan');
|
|
|
|
|
}
|
2017-05-17 23:09:51 -06:00
|
|
|
if (!$database->has('categories', ['catid' => $VARS['cat']])) {
|
|
|
|
|
returnToSender('invalid_category');
|
|
|
|
|
}
|
|
|
|
|
if (!$database->has('locations', ['locid' => $VARS['loc']])) {
|
|
|
|
|
returnToSender('invalid_location');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!is_empty($VARS['assignedto']) && user_exists($VARS['assignedto'])) {
|
|
|
|
|
$userid = getUserByUsername($VARS['assignedto'])['uid'];
|
|
|
|
|
} else {
|
|
|
|
|
$userid = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = [
|
|
|
|
|
'name' => $VARS['name'],
|
|
|
|
|
'code1' => $VARS['code1'],
|
|
|
|
|
'code2' => $VARS['code2'],
|
|
|
|
|
'text1' => $VARS['text1'],
|
|
|
|
|
'text2' => $VARS['text2'],
|
|
|
|
|
'text3' => $VARS['text3'],
|
|
|
|
|
'catid' => $VARS['cat'],
|
|
|
|
|
'locid' => $VARS['loc'],
|
|
|
|
|
'qty' => $VARS['qty'],
|
2017-09-05 22:35:35 -06:00
|
|
|
'want' => $VARS['want'],
|
2018-04-10 01:25:07 -06:00
|
|
|
'cost' => $VARS['cost'],
|
|
|
|
|
'price' => $VARS['price'],
|
2017-05-17 23:09:51 -06:00
|
|
|
'userid' => $userid
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if ($insert) {
|
|
|
|
|
$database->insert('items', $data);
|
|
|
|
|
} else {
|
|
|
|
|
$database->update('items', $data, ['itemid' => $VARS['itemid']]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
returnToSender("item_saved");
|
|
|
|
|
case "editcat":
|
|
|
|
|
$insert = true;
|
|
|
|
|
if (is_empty($VARS['catid'])) {
|
|
|
|
|
$insert = true;
|
|
|
|
|
} else {
|
|
|
|
|
if ($database->has('categories', ['catid' => $VARS['catid']])) {
|
|
|
|
|
$insert = false;
|
|
|
|
|
} else {
|
|
|
|
|
returnToSender("invalid_catid");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['name'])) {
|
|
|
|
|
returnToSender('invalid_parameters');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = [
|
|
|
|
|
'catname' => $VARS['name']
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if ($insert) {
|
|
|
|
|
$database->insert('categories', $data);
|
|
|
|
|
} else {
|
|
|
|
|
$database->update('categories', $data, ['catid' => $VARS['catid']]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
returnToSender("category_saved");
|
|
|
|
|
case "editloc":
|
|
|
|
|
$insert = true;
|
|
|
|
|
if (is_empty($VARS['locid'])) {
|
|
|
|
|
$insert = true;
|
|
|
|
|
} else {
|
|
|
|
|
if ($database->has('locations', ['locid' => $VARS['locid']])) {
|
|
|
|
|
$insert = false;
|
|
|
|
|
} else {
|
|
|
|
|
returnToSender("invalid_locid");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (is_empty($VARS['name'])) {
|
|
|
|
|
returnToSender('invalid_parameters');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = [
|
|
|
|
|
'locname' => $VARS['name'],
|
|
|
|
|
'loccode' => $VARS['code'],
|
|
|
|
|
'locinfo' => $VARS['info']
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if ($insert) {
|
|
|
|
|
$database->insert('locations', $data);
|
|
|
|
|
} else {
|
|
|
|
|
$database->update('locations', $data, ['locid' => $VARS['locid']]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
returnToSender("location_saved");
|
|
|
|
|
case "deleteitem":
|
|
|
|
|
if ($database->has('items', ['itemid' => $VARS['itemid']])) {
|
|
|
|
|
$database->delete('items', ['itemid' => $VARS['itemid']]);
|
|
|
|
|
returnToSender("item_deleted");
|
|
|
|
|
}
|
|
|
|
|
returnToSender("invalid_parameters");
|
|
|
|
|
case "deletecat":
|
|
|
|
|
if ($database->has('categories', ['catid' => $VARS['catid']])) {
|
|
|
|
|
if ($database->has('items', ['catid' => $VARS['catid']])) {
|
|
|
|
|
returnToSender("category_in_use");
|
|
|
|
|
}
|
|
|
|
|
$database->delete('categories', ['catid' => $VARS['catid']]);
|
|
|
|
|
returnToSender("category_deleted");
|
|
|
|
|
}
|
|
|
|
|
returnToSender("invalid_parameters");
|
|
|
|
|
case "deleteloc":
|
|
|
|
|
if ($database->has('locations', ['locid' => $VARS['locid']])) {
|
|
|
|
|
if ($database->has('items', ['locid' => $VARS['locid']])) {
|
|
|
|
|
returnToSender("location_in_use");
|
|
|
|
|
}
|
|
|
|
|
$database->delete('locations', ['locid' => $VARS['locid']]);
|
|
|
|
|
returnToSender("location_deleted");
|
|
|
|
|
}
|
|
|
|
|
returnToSender("invalid_parameters");
|
|
|
|
|
case "autocomplete_category":
|
|
|
|
|
exit(json_encode($database->select('categories', ['catid (id)', 'catname (name)'], ['catname[~]' => $VARS['q'], 'LIMIT' => 10])));
|
|
|
|
|
case "autocomplete_location":
|
|
|
|
|
exit(json_encode($database->select('locations', ['locid (id)', 'locname (name)'], ["OR" => ['locname[~]' => $VARS['q'], 'loccode' => $VARS['q']], 'LIMIT' => 10])));
|
|
|
|
|
case "autocomplete_user":
|
|
|
|
|
header("Content-Type: application/json");
|
|
|
|
|
$client = new GuzzleHttp\Client();
|
|
|
|
|
|
|
|
|
|
$response = $client
|
|
|
|
|
->request('POST', PORTAL_API, [
|
|
|
|
|
'form_params' => [
|
|
|
|
|
'key' => PORTAL_KEY,
|
|
|
|
|
'action' => "usersearch",
|
|
|
|
|
'search' => $VARS['q']
|
|
|
|
|
]
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
if ($response->getStatusCode() != 200) {
|
|
|
|
|
exit("[]");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$resp = json_decode($response->getBody(), TRUE);
|
|
|
|
|
if ($resp['status'] == "OK") {
|
|
|
|
|
exit(json_encode($resp['result']));
|
|
|
|
|
} else {
|
|
|
|
|
exit("[]");
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-05-14 11:50:09 -06:00
|
|
|
case "signout":
|
|
|
|
|
session_destroy();
|
|
|
|
|
header('Location: index.php');
|
|
|
|
|
die("Logged out.");
|
2018-04-08 16:28:31 -06:00
|
|
|
}
|
