<?php # edit_inventory_info.php
// This script will be the base page to set up the user's profile
require ('includes/config.inc.php');
$page_title = 'Your Inventory Information';
include ('includes/header.html');
require (MYSQL); // Need the database connection:
// refresh_session(0);
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
refresh_session(0); // Refresh session settinings incase of previous changes
// header
echo "<h1>$page_title</h1><br />";
// Number of records to show per page:
$display = 20;
// Determine how many pages there are...
if (isset($_GET['p']) && is_numeric($_GET['p'])) { // Already been determined.
$pages = $_GET['p'];
} else { // Need to determine.
// Count the number of records:
$q = "SELECT COUNT(worker_id) FROM worker";
$r = @mysqli_query ($dbc, $q);
$row = @mysqli_fetch_array ($r, MYSQLI_NUM);
$records = $row[0];
// Calculate the number of pages...
if ($records > $display) { // More than 1 page.
$pages = ceil($records/$display);
} else {
$pages = 1;
}
} // End of p IF.
// Determine where in the database to start returning results...
if (isset($_GET['s']) && is_numeric($_GET['s'])) {
$start = $_GET['s'];
} else {
$start = 0;
}
// Determine the sort...
// Default is by registration date.
$sort = (isset($_GET['sort'])) ? $_GET['sort'] : 'box';
$ob = (isset($_GET['ob'])) ? $_GET['ob'] : 'ASC';
$ob = ($ob=='DESC' ? 'ASC' : 'DESC');
// Determine the sorting order:
switch ($sort) {
case 'item':
$order_by = '`Item #` '.$ob;
break;
case 'case':
$order_by = '`Case $` '.$ob;
break;
case 'box':
$order_by = '`Box $` '.$ob;
break;
case 'list':
$order_by = 'MSRP '.$ob;
break;
case 'inv':
$order_by = '`Box INV` '.$ob;
break;
default:
$order_by = '`Item #` '.$ob;
$sort = 'item';
break;
}
// Define the query:
$q = "
SELECT pro.product_id, pro.item_number AS `Item #`, pro.description AS Description,
wpi.case_price AS `Case $`, wpi.box_price AS `Box $`, wpi.list_price AS MSRP,
wpi.inventory_box_count AS `Box INV`
FROM product AS pro
INNER JOIN worker_price_inventory AS wpi
ON pro.product_id = wpi.product_id
AND wpi.worker_id = ".$_SESSION['worker_id']."
AND pro.office_id = ".$_SESSION['office_id']."
ORDER BY $order_by
LIMIT $start, $display
";
$r = @mysqli_query ($dbc, $q); // Run the query.
// Table header:
echo '<table align="center" cellspacing="0" cellpadding="5" width="75%">
<tr>
<td align="left"><b>Delete</b></td>
<td align="left"><b><a href="edit_inventory_info.php?sort=item&ob='.$ob.'">Item #</a></b></td>
<td align="left"><b>Description</b></td>
<td align="left"><b><a href="edit_inventory_info.php?sort=case&ob='.$ob.'">Case</a></b></td>
<td align="left"><b><a href="edit_inventory_info.php?sort=box&ob='.$ob.'">Box</a></b></td>
<td align="left"><b><a href="edit_inventory_info.php?sort=list&ob='.$ob.'">MSRP</a></b></td>
<td align="left"><b><a href="edit_inventory_info.php?sort=inv&ob='.$ob.'">Box INV</a></b></td>
</tr>
';
// Fetch and print all the records....
$bg = '#eeeeee';
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
$bg = ($bg=='#eeeeee' ? '#ffffff' : '#eeeeee');
echo '<tr bgcolor="' . $bg . '">
<td align="left"><a href="delete_inventory.php?pid='.$row['product_id'].'&wid='.$_SESSION['worker_id'].'">delete</a></td>
<td align="left">' . $row['Item #'] . '</td>
<td align="left">' . $row['Description'] . '</td>
<td align="left">' . $row['Case $'] . '</td>
<td align="left">' . $row['Box $'] . '</td>
<td align="left">' . $row['MSRP'] . '</td>
<td align="left">' . $row['Box INV'] . '</td>
</tr>
';
} // End of WHILE loop.
echo '</table>';
// Make the links to other pages, if necessary.
if ($pages > 1) {
echo '<br /><p>';
$current_page = ($start/$display) + 1;
// If it's not the first page, make a Previous button:
if ($current_page != 1) {
echo '<a href="edit_inventory_info.php?s=' . ($start - $display) . '&p=' . $pages . '&sort=' . $sort . '">Previous</a> ';
}
// Make all the numbered pages:
for ($i = 1; $i <= $pages; $i++) {
if ($i != $current_page) {
echo '<a href="edit_inventory_info.php?s=' . (($display * ($i - 1))) . '&p=' . $pages . '&sort=' . $sort . '">' . $i . '</a> ';
} else {
echo $i . ' ';
}
} // End of FOR loop.
// If it's not the last page, make a Next button:
if ($current_page != $pages) {
echo '<a href="edit_inventory_info.php?s=' . ($start + $display) . '&p=' . $pages . '&sort=' . $sort . '">Next</a>';
}
echo '</p>'; // Close the paragraph.
} // End of links section.
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
$trimmed = array_map('trim', $_POST); // Trim all the incoming data:
// Assume invalid values:
$pro_item_number = $pro_description = $w_p_i_case_price = $w_p_i_box_price = $w_p_i_list_price = FALSE;
// Check for item number:
if (preg_match ('/^([A-Z0-9-_]{2,20})$/i', $trimmed['pro_item_number'])) {
$pro_item_number = mysqli_real_escape_string ($dbc, $trimmed['pro_item_number']);
} else {
echo '<p class="error">Please enter a valid Item Number!<br>
Use only numbers, letters, dash, and underscore.<br>
Must be between 2 and 20 characters long.</p>';
}
// Check for item discription:
if (preg_match ('/^([A-Z0-9 !@#$&%_=<>?\(\),.+-]{2,255})$/i', $trimmed['pro_description'])) {
$pro_description = mysqli_real_escape_string ($dbc, $trimmed['pro_description']);
} else {
echo '<p class="error">Please enter a valid Description!<br>
Must be between 2 and 255 characters long.<br>
Use only numbers, letters, space, and the following characters:<br>
! @ # $ & % _ = < > ? ( ) , . + - </p>';
}
// Check for case price:
if (preg_match ('/^([0-9]{1,3}\.[0-9]{2})$/', $trimmed['w_p_i_case_price'])) {
$w_p_i_case_price = mysqli_real_escape_string ($dbc, $trimmed['w_p_i_case_price']);
} else {
echo '<p class="error">Please enter a valid Case Price!<br>
Must include cents. No letters or symboles<br>
Must be between 0.00 and 999.99</p>';
}
// Check for box price:
if (preg_match ('/^([0-9]{1,3}\.[0-9]{2})$/', $trimmed['w_p_i_box_price'])) {
$w_p_i_box_price = mysqli_real_escape_string ($dbc, $trimmed['w_p_i_box_price']);
} else {
echo '<p class="error">Please enter a valid Box Price!<br>
Must include cents. No letters or symboles<br>
Must be between 0.00 and 999.99</p>';
}
// Check for list price:
if (preg_match ('/^([0-9]{1,3}\.[0-9]{2})$/', $trimmed['w_p_i_list_price'])) {
$w_p_i_list_price = mysqli_real_escape_string ($dbc, $trimmed['w_p_i_list_price']);
} else {
echo '<p class="error">Please enter a valid List Price!<br>
Must include cents. No letters or symboles<br>
Must be between 0.00 and 999.99</p>';
}
if ($pro_item_number && $pro_description && $w_p_i_case_price && $w_p_i_box_price && $w_p_i_list_price) { // If everything's OK...
// Add the product info to the database:
try {
$dbc->autocommit(FALSE); // i.e., start transaction
//
// Add product to product table
//
// no checks needed
BUG(1);
$q = "
INSERT INTO product (office_id, item_number, description, cost)
VALUES (".$_SESSION['office_id'].", '$pro_item_number', '$pro_description', 0.00)
";
BUG(2);
$result = $dbc->query($q);
BUG(3);
$product_id = $dbc->insert_id; // last auto_inc id from *this* connection
BUG(4);
if ( !$result ) {
BUG(5);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
//
// Add workers prices info to worker_price_inventory table
//
// no checks needed
BUG(6);
$q = "
INSERT INTO worker_price_inventory (worker_id, product_id, case_price, box_price, list_price)
VALUES (".$_SESSION['worker_id'].", $product_id, $w_p_i_case_price,
$w_p_i_box_price, $w_p_i_list_price)
";
BUG(7);
$result = $dbc->query($q);
BUG(8);
if ( !$result ) {
BUG(9);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
BUG(10);
//
// Update user_level to 4 on registered_user table
//
//check user level and update to level 3
(( $_SESSION['user_level'] < 4) ? ($user_level = 4) : ($user_level = $_SESSION['user_level']));
BUG(11);
// update registered_user table
$q = "
UPDATE registered_user SET user_level=$user_level
WHERE user_id = ".$_SESSION['user_id'];
BUG(12);
$result = $dbc->query($q);
BUG(13);
if ( !$result ) {
BUG(14);
$result->free();
BUG(15);
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
BUG(97);
// our SQL queries have been successful. commit them
// and go back to non-transaction mode.
$dbc->commit();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = TRUE;
BUG(98);
}
catch ( Exception $email ) {
$dbc->rollback();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = FALSE;
BUG(99);
}
BUG(100);
if ($passed) { // If it ran OK.
// Finish the page:
echo '<h3>The changes were excepted.</h3>';
//refresh_session();
BUG('ALL HAS PASSED');
// forward to profile.php in 1 seconds
$url = BASE_URL . 'edit_inventory_info.php';
header('Refresh: 1;url=' . $url . '');
include ('includes/footer.html'); // Include the HTML footer.
exit(); // Stop the page.
} else { // If it did not run OK.
echo '<p class="error">The changes did not take place due to a system error.
We apologize for any inconvenience.</p>';
}
} else { // If one of the data tests failed.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbc);
//refresh_session();
}// End of the main Submit conditional.
?>
<p><br></p>
<form action="edit_inventory_info.php" method="post">
<fieldset>
<h3>Add an Inventory Item</h3>
<p>Product Item Number: <br /><small>example: Beef-8545</small>
<input type="text" name="pro_item_number" size="20" maxlength="20"
value="<?php if (isset($trimmed['pro_item_number'])) echo $trimmed['pro_item_number']; ?>" ></p>
<p>product description: <br />
<textarea id="p_description" name="pro_description" rows="6" cols="40" maxlength="255" wrap="soft"
><?php if (isset($trimmed['pro_description'])) echo $trimmed['pro_description']; ?></textarea>
<p>Case Price: <br /><small>example: your cost (132.00)</small>
<input type="text" name="w_p_i_case_price" size="20" maxlength="6"
value="<?php if (isset($trimmed['w_p_i_case_price'])) echo $trimmed['w_p_i_case_price']; ?>" /></p>
<p>Box Price: <br /><small>example: case price (132.00) divided by six boxes equals 22.00<br>some people pay a higher box price for breaking cases.</small>
<input type="text" name="w_p_i_box_price" size="20" maxlength="6"
value="<?php if (isset($trimmed['w_p_i_box_price'])) echo $trimmed['w_p_i_box_price']; ?>" /></p>
<p>List Price: <br /><small>example: MSRP of the case, 425.00</small>
<input type="text" name="w_p_i_list_price" size="20" maxlength="6"
value="<?php if (isset($trimmed['w_p_i_list_price'])) echo $trimmed['w_p_i_list_price']; ?>" /></p>
</fieldset>
<div align="center">
<input type="submit" name="submit" value="Submit" />
</div>
</form>
<?php
include ('includes/footer.html');
?>