From 253705f2193c14e1f4162a37e8d1550d79efe5ec Mon Sep 17 00:00:00 2001 From: Thomas Mudrunka Date: Fri, 23 Sep 2011 20:42:25 +0200 Subject: [PATCH] Assistenti nyni ukladaji aktualni UID --- TODO.md | 1 + assistants/sell.inc.php | 1 + assistants/store-single.inc.php | 3 ++- assistants/store.inc.php | 3 ++- 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/TODO.md b/TODO.md index ab53ef7..da42d59 100644 --- a/TODO.md +++ b/TODO.md @@ -13,6 +13,7 @@ * SQLi (some fixed, some not) * XSS (none fixed) * Code refactoring + * Use something more elegant than get_user_id() (something more universal) and map_unique() (load whole array at once) * Optimize magic quotes usage * Move classes to separate files * Make sure that every method is in the class that it belongs to diff --git a/assistants/sell.inc.php b/assistants/sell.inc.php index cb038d2..20444e0 100644 --- a/assistants/sell.inc.php +++ b/assistants/sell.inc.php @@ -25,6 +25,7 @@ switch($SUBPATH[0]) { $item_id = $this->db->map_unique('item_serial', $item_serial, 'item_id', 'item'); $current = $this->db->get_listing('item', $item_id, 1); + $current[$item_id]['item_author'] = $this->db->auth->get_user_id(); $forked_item = $current; $model_id = $this->db->map_unique('item_serial', $item_serial, 'model_id', 'item'); diff --git a/assistants/store-single.inc.php b/assistants/store-single.inc.php index 7af375d..5e18f59 100644 --- a/assistants/store-single.inc.php +++ b/assistants/store-single.inc.php @@ -12,7 +12,8 @@ switch($SUBPATH[0]) { $current = array(array( 'model_id' => $model_id, 'item_quantity' => 1, - 'status_id' => 1 + 'status_id' => 1, + 'item_author' => $this->db->auth->get_user_id() )); $action = $_SERVER['SCRIPT_NAME'].'/item/new'; diff --git a/assistants/store.inc.php b/assistants/store.inc.php index b7818ab..cf48292 100644 --- a/assistants/store.inc.php +++ b/assistants/store.inc.php @@ -40,7 +40,8 @@ switch($SUBPATH[0]) { 'item_quantity' => $item_quantity, 'status_id' => 1, 'item_price_in' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_in', 'model'), - 'item_price_out' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model') + 'item_price_out' => $this->db->map_unique('model_barcode', $_GET['barcode'], 'model_price_out', 'model'), + 'item_author' => $this->db->auth->get_user_id() )); echo $this->html->render_insert_form('item', $columns, $selectbox, $current, $disable_cols, $action); -- 2.30.2