<?php # delete_inventory.php
// This script will be the base page to set up the user's profile
require ('includes/config.inc.php');
$page_title = 'Delete Inventory Item';
include ('includes/header.html');
require (MYSQL); // Need the database connection:
// refresh_session(0);
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
// header
echo "<h1>$page_title</h1><br />";
refresh_session(0); // Refresh session settinings incase of previous changes
// Check for a valid worker ID and product ID, through GET or POST:
if ( (isset($_GET['pid'])) && (is_numeric($_GET['pid'])) &&
(isset($_GET['wid'])) && (is_numeric($_GET['wid'])) &&
(isset($_SESSION['worker_id'])) && ($_SESSION['worker_id'] == $_GET['wid']) ) { // From edit_inventory_info.php
$pid = $_GET['pid'];
$wid = $_GET['wid'];
} elseif ( (isset($_POST['pid'])) && (is_numeric($_POST['pid'])) &&
(isset($_POST['wid'])) && (is_numeric($_POST['wid'])) &&
(isset($_SESSION['worker_id'])) && ($_SESSION['worker_id'] == $_POST['wid']) ) { // Form submission.
$pid = $_POST['pid'];
$wid = $_POST['wid'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
include ('includes/footer.html');
exit();
}
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['sure'] == 'Yes') { // Delete the record.
// Add the user info to the database:
try {
$dbc->autocommit(FALSE); // i.e., start transaction
// Delete from the first table:
$q = "DELETE FROM worker_price_inventory WHERE (worker_id=$wid AND product_id=$pid) LIMIT 1";
$r = @mysqli_query ($dbc, $q);
if (mysqli_affected_rows($dbc) != 1) { // If it ran OK.
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
} else {
// Delete from the second table:
$q = "DELETE FROM product WHERE product_id=$pid LIMIT 1";
$r = @mysqli_query ($dbc, $q);
if (mysqli_affected_rows($dbc) != 1) { // If it ran OK.
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
}
// our SQL queries have been successful. commit them
// and go back to non-transaction mode.
$dbc->commit();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = TRUE;
}
catch ( Exception $email ) {
$dbc->rollback();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = FALSE;
}
if ($passed) { // If it ran OK.
// Finish the page:
echo '<h3>The Inventory intem has been deleted.</h3>';
//refresh_session();
// forward to edit_inventory_info.php in 2 seconds
$url = BASE_URL . 'edit_inventory_info.php';
header('Refresh: 2;url=' . $url . '');
include ('includes/footer.html'); // Include the HTML footer.
exit(); // Stop the page.
} else { // If the query did not run OK.
echo '<p class="error">The changes did not take place due to a system error.
We apologize for any inconvenience.</p>';
}
} else { // No confirmation of deletion.
echo '<p>The user has NOT been deleted.</p>';
// forward to profile.php in 1 seconds
$url = BASE_URL . 'edit_inventory_info.php';
header('Refresh: 2;url=' . $url . '');
include ('includes/footer.html'); // Include the HTML footer.
exit(); // Stop the page.
}
} else { // Show the form.
// Retrieve the inventory's information:
$q = "
SELECT pro.product_id, pro.item_number AS `Item #`, pro.description AS Description,
wpi.case_price AS `Case $`, wpi.box_price AS `Box $`, wpi.list_price AS MSRP,
wpi.inventory_box_count AS `Box INV`
FROM product AS pro
INNER JOIN worker_price_inventory AS wpi
ON pro.product_id = $pid
AND wpi.product_id = $pid
AND wpi.worker_id = $wid
AND pro.office_id = ".$_SESSION['office_id']."
";
$r = @mysqli_query ($dbc, $q); // Run the query.
if (mysqli_num_rows($r) == 1) { // Valid, show the form.
// Display the record being deleted:
// Table header:
echo '<table align="center" cellspacing="0" cellpadding="5" width="75%">
<tr>
<td align="left"><b>Item #</b></td>
<td align="left"><b>Description</b></td>
<td align="left"><b>Case</b></td>
<td align="left"><b>Box</b></td>
<td align="left"><b>MSRP</b></td>
<td align="left"><b>Box INV</b></td>
</tr>
';
// Fetch and print all the records....
$bg = '#eeeeee';
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
$bg = ($bg=='#eeeeee' ? '#ffffff' : '#eeeeee');
echo '<tr bgcolor="' . $bg . '">
<td align="left">' . $row['Item #'] . '</td>
<td align="left">' . $row['Description'] . '</td>
<td align="left">' . $row['Case $'] . '</td>
<td align="left">' . $row['Box $'] . '</td>
<td align="left">' . $row['MSRP'] . '</td>
<td align="left">' . $row['Box INV'] . '</td>
</tr>
';
} // End of WHILE loop.
echo '</table>';
// Create the form:
echo '<form action="delete_inventory.php" method="post">
<fieldset class="radiogroup">
<legend>Are you sure you want to delete this user?</legend>
<br>
<input type="radio" name="sure" value="Yes" /> Yes  
<input type="radio" name="sure" value="No" checked="checked" /> No<br><br><br>
<input type="submit" name="submit" value="Submit" />
<input type="hidden" name="pid" value="' . $pid . '" />
<input type="hidden" name="wid" value="' . $wid . '" />
</fieldset>
</form>
</p>';
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p>';
}
} // End of the main submission conditional.
include ('includes/footer.html');
?>