X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=assistants%2Fstore.inc.php;h=8dd245c48bdb4ea48b73e7dd9abf80df7919dc12;hb=4e9289ea286705d3464eb5224716cd006cbf3a15;hp=fcc420f55aadaf440831f5a135bb02281504c7ff;hpb=fbf1a4e63bb82818dcebfa9b7a26a71c1c8de17e;p=mirrors%2FSokoMan.git

diff --git a/assistants/store.inc.php b/assistants/store.inc.php
index fcc420f..8dd245c 100644
--- a/assistants/store.inc.php
+++ b/assistants/store.inc.php
@@ -1,37 +1,41 @@
 <?php
 switch($SUBPATH[0]) {
 	default: case 1:
+		$barcode = isset($_GET['barcode']) ? htmlspecialchars($_GET['barcode']) : ''; //TODO: XSS
 		echo $this->html->form("$URL/2", 'GET', array(
-			array('barcode','','text',false,'autofocus','model_barcode:'),
+			array('barcode',$barcode,'text',false,'autofocus','model_barcode:'),
 			array('quantity','1','text',false,false,'quantity:'),
 			array(false,'STORE','submit')
 		));
 		break;
 	case 2:
 		$model_id = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_id', 'model');
+		$item_price_in = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_in', 'item', false);
+		$item_price_out = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_out', 'item', false);
+		$model_price_in = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model');
+		$model_price_out = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model');
 
 		$disable_cols = array('status_id','item_price_out','item_customer', 'model_id','item_quantity');
 		if($this->db->map_unique('model_barcode', $_GET['barcode'], 'model_countable', 'model')) {
+			$multi_insert = true;
 			//$disable_cols[] = 'item_quantity';
 			$item_serial = '';
-			$item_quantity = 1;
+			$item_quantity = $quantity_added = 1;
 			$action = $_SERVER['SCRIPT_NAME'].'/item/new';
 		} else {
+			$multi_insert = false;
 			$quantity_added = $_GET['quantity'];
 			if($quantity_added <= 0) $this->post_redirect_get("$URL_INTERNAL/1","Can't store non-possitive amount of items!");
 			if(!is_numeric($quantity_added)) $quantity_added = 1;
 			$quantity_stored = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_quantity', 'item', false);
-			$item_price_in = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_in', 'item', false);
-			$item_price_out = $this->db->map_unique('item_serial', $_GET['barcode'], 'item_price_out', 'item', false);
-			$model_price_in = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model');
-			$model_price_out = $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model');
 			if(!is_numeric($quantity_stored)) $quantity_stored = 0;
-			echo("Quantity stored: ".$quantity_stored);
 
 			$disable_cols[] = 'item_serial';
 			$item_serial = $_GET['barcode'];
 			$item_quantity = $quantity_stored + $quantity_added;
 			$action = $_SERVER['SCRIPT_NAME'].'/item/0/edit';
+
+			echo('Stock: '.$quantity_stored.'<br />Storing: '.$quantity_added.'<br />Total: '.$item_quantity);
 		}
 		$columns = $this->db->get_columns('item');
 
@@ -48,6 +52,6 @@ switch($SUBPATH[0]) {
 			'item_author' => $this->db->auth->get_user_id()
 		));
 
-    echo $this->html->render_insert_form('item', $columns, $selectbox, $current, $disable_cols, $action);
+    echo $this->html->render_insert_form('item', $columns, $selectbox, $current, $disable_cols, $action, $multi_insert);
 		break;
 }