GIT.Harvie.CZ / mirrors / SokoMan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Pridana abstrakce pro generovani obrazkovych linku
[mirrors/SokoMan.git] / assistants / store.inc.php
diff --git a/assistants/store.inc.php b/assistants/store.inc.php
index b7818abb33dee6eb32be15557979cf5d02ca6e4b..f9725765a16739dd2e05fc020aa8f72d862bd321 100644 (file)
--- a/assistants/store.inc.php
+++ b/assistants/store.inc.php
@@ -1,8 +1,9 @@
 <?php
 switch($SUBPATH[0]) {
        default: case 1:
+               $barcode = isset($_GET['barcode']) ? htmlspecialchars($_GET['barcode']) : ''; //TODO: XSS
                echo $this->html->form("$URL/2", 'GET', array(
-                       array('barcode','','text',false,'autofocus','model_barcode:'),
+                       array('barcode',$barcode,'text',false,'autofocus','model_barcode:'),
                        array('quantity','1','text',false,false,'quantity:'),
                        array(false,'STORE','submit')
                ));
@@ -21,6 +22,10 @@ switch($SUBPATH[0]) {
                        if($quantity_added <= 0) $this->post_redirect_get("$URL_INTERNAL/1","Can't store non-possitive amount of items!");
                        if(!is_numeric($quantity_added)) $quantity_added = 1;
                        $quantity_stored = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_quantity', 'item', false);
+                       $item_price_in = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_in', 'item', false);
+                       $item_price_out = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_out', 'item', false);
+                       $model_price_in = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model');
+                       $model_price_out = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model');
                        if(!is_numeric($quantity_stored)) $quantity_stored = 0;
                        echo("Quantity stored: ".$quantity_stored);
 
@@ -39,8 +44,9 @@ switch($SUBPATH[0]) {
                        'item_serial' => $item_serial,
                        'item_quantity' => $item_quantity,
                        'status_id' => 1,
-                       'item_price_in' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model'),
-                       'item_price_out' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model')
+                       'item_price_in' => $item_price_in + ($quantity_added * $model_price_in),
+                       'item_price_out' => $item_price_out + ($quantity_added * $model_price_out),
+                       'item_author' => $this->db->auth->get_user_id()
                ));
 
     echo $this->html->render_insert_form('item', $columns, $selectbox, $current, $disable_cols, $action);
https://github.com/Harvie/SokoMan.git (mirrored @ Sun, 30 Jun 2024 08:50:11 +0200)
This page took 0.116726 seconds and 4 git commands to generate.