X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=assistants%2Fstore.inc.php;h=f9725765a16739dd2e05fc020aa8f72d862bd321;hb=6f7943a08cc115d137c5777408259009433ea8ca;hp=b7818abb33dee6eb32be15557979cf5d02ca6e4b;hpb=d0e7939cf5ffbebce8db62be368e36d890105e62;p=mirrors%2FSokoMan.git

diff --git a/assistants/store.inc.php b/assistants/store.inc.php
index b7818ab..f972576 100644
--- a/assistants/store.inc.php
+++ b/assistants/store.inc.php
@@ -1,8 +1,9 @@
 <?php
 switch($SUBPATH[0]) {
 	default: case 1:
+		$barcode = isset($_GET['barcode']) ? htmlspecialchars($_GET['barcode']) : ''; //TODO: XSS
 		echo $this->html->form("$URL/2", 'GET', array(
-			array('barcode','','text',false,'autofocus','model_barcode:'),
+			array('barcode',$barcode,'text',false,'autofocus','model_barcode:'),
 			array('quantity','1','text',false,false,'quantity:'),
 			array(false,'STORE','submit')
 		));
@@ -21,6 +22,10 @@ switch($SUBPATH[0]) {
 			if($quantity_added <= 0) $this->post_redirect_get("$URL_INTERNAL/1","Can't store non-possitive amount of items!");
 			if(!is_numeric($quantity_added)) $quantity_added = 1;
 			$quantity_stored = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_quantity', 'item', false);
+			$item_price_in = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_in', 'item', false);
+			$item_price_out = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_out', 'item', false);
+			$model_price_in = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model');
+			$model_price_out = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model');
 			if(!is_numeric($quantity_stored)) $quantity_stored = 0;
 			echo("Quantity stored: ".$quantity_stored);
 
@@ -39,8 +44,9 @@ switch($SUBPATH[0]) {
 			'item_serial' => $item_serial,
 			'item_quantity' => $item_quantity,
 			'status_id' => 1,
-			'item_price_in' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model'),
-			'item_price_out' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model')
+			'item_price_in' => $item_price_in + ($quantity_added * $model_price_in),
+			'item_price_out' => $item_price_out + ($quantity_added * $model_price_out),
+			'item_author' => $this->db->auth->get_user_id()
 		));
 
     echo $this->html->render_insert_form('item', $columns, $selectbox, $current, $disable_cols, $action);