[Web-erp-svn] SF.net SVN: web-erp:[4665] trunk

[<dai...@us...>]

Revision: 4665
          http://web-erp.svn.sourceforge.net/web-erp/?rev=4665&view=rev
Author:   daintree
Date:     2011-08-21 07:13:02 +0000 (Sun, 21 Aug 2011)

Log Message:
-----------
21/8/11 Phil: Fixed bug that duplicated purchase order items when more than one item was added to an existing purchase order
21/8/11 Phil: BackupDatabase.php Delete link now deletes any backup files in the company directory in case any were left there before - as this is a serious security issue if files are left on the web-server

Modified Paths:
--------------
    trunk/BackupDatabase.php
    trunk/PO_Header.php
    trunk/PO_Items.php
    trunk/UserSettings.php
    trunk/doc/Change.log
    trunk/includes/PO_ReadInOrder.inc

Modified: trunk/BackupDatabase.php
===================================================================
--- trunk/BackupDatabase.php	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/BackupDatabase.php	2011-08-21 07:13:02 UTC (rev 4665)
@@ -8,8 +8,27 @@
 include('includes/header.inc');
 
 if (isset($_GET['BackupFile'])){
-	unlink($_SERVER['DOCUMENT_ROOT'] . $_GET['BackupFile']);
-	prnMsg(_('The backup file has been deleted'),'success');
+	$BackupFiles = scandir('companies/' . $_SESSION['DatabaseName'], 0);
+	$DeletedFiles = false;
+	foreach ($BackupFiles as $BackupFile){
+	
+		if (mb_substr($BackupFile,0,6)=='Backup'){
+			
+			$DeleteResult = unlink('companies/' . $_SESSION['DatabaseName'] . '/' . $BackupFile);
+						
+			if ($DeleteResult==true){
+				prnMsg(_('Deleted') . ' companies/' . $_SESSION['DatabaseName'] . '/' . $BackupFile,'info');
+				$DeletedFiles = true;
+			} else {
+				prnMsg(_('Unable to delete'). ' companies/' . $_SESSION['DatabaseName'] . '/' . $BackupFile,'warn');
+			}
+		}
+	}
+	if ($DeletedFiles){
+		prnMsg(_('All backup files on the server have been deleted'),'success');
+	} else {
+		prnMsg(_('No backup files on the server were deleted'),'info');
+	}
 } else {
 	
 	$BackupFile =   $rootpath . '/companies/' . $_SESSION['DatabaseName']  .'/' . _('Backup') . '_' . Date('Y-m-d-H-i-s') . '.sql.gz';

Modified: trunk/PO_Header.php
===================================================================
--- trunk/PO_Header.php	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/PO_Header.php	2011-08-21 07:13:02 UTC (rev 4665)
@@ -42,7 +42,7 @@
 	$_SESSION['ExistingOrder']=0;
 }
 
-if (isset($_POST['Select']) and empty($_POST['SupplierContact'])) {
+if (isset($_POST['Select']) AND empty($_POST['SupplierContact'])) {
 	$sql = "SELECT contact
 				FROM suppliercontacts
 				WHERE supplierid='". $_POST['Select'] ."'";
@@ -706,8 +706,8 @@
 
 	echo '<br /><table colspan=1 width=80%>
 		<tr>
-			<th><font color=blue size=4><b>' . _('Order Initiation Details') . '</b></font></th>
-			<th><font color=blue size=4><b>' . _('Order Status') . '</b></font></th>
+			<th><font color="blue" size="4"><b>' . _('Order Initiation Details') . '</b></font></th>
+			<th><font color="blue" size="4"><b>' . _('Order Status') . '</b></font></th>
 		</tr>		
 		<tr><td style="width:50%">';
 //sub table starts

Modified: trunk/PO_Items.php
===================================================================
--- trunk/PO_Items.php	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/PO_Items.php	2011-08-21 07:13:02 UTC (rev 4665)
@@ -291,12 +291,12 @@
 			
 			/*Now Update the purchase order detail records */
 			foreach ($_SESSION['PO'.$identifier]->LineItems as $POLine) {
-				$result=DB_query($sql,$db,'','',true);
+
 				if ($POLine->Deleted==true) {
 					if ($POLine->PODetailRec!='') {
 						$sql="DELETE FROM purchorderdetails WHERE podetailitem='" . $POLine->PODetailRec . "'";
-						$ErrMsg =  _('The purchase order could not be deleted because');
-						$DbgMsg = _('The SQL statement used to delete the purchase order header record, that failed was');
+						$ErrMsg =  _('The purchase order detail line could not be deleted because');
+						$DbgMsg = _('The SQL statement used to delete the purchase order detail record, that failed was');
 						$result = DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
 					}
 				} else if ($POLine->PODetailRec=='') {
@@ -368,6 +368,7 @@
 				$ErrMsg = _('One of the purchase order detail records could not be updated because');
 				$DbgMsg = _('The SQL statement used to update the purchase order detail record that failed was');
 				$result =DB_query($sql,$db,$ErrMsg,$DbgMsg,true);
+
 			} /* end of the loop round the detail line items on the order */
 			echo '<br /><br />';
 			prnMsg(_('Purchase Order') . ' ' . $_SESSION['PO'.$identifier]->OrderNo . ' ' . _('has been updated'),'success');
@@ -381,7 +382,6 @@
 
 		$Result = DB_Txn_Commit($db);
 		unset($_SESSION['PO'.$identifier]); /*Clear the PO data to allow a newy to be input*/
-		echo '<br /><a href="' . $rootpath . '/PO_SelectOSPurchOrder.php">' . _('Return To PO List') . '</a>';
 		include('includes/footer.inc');
 		exit;
 	} /*end if there were no input errors trapped */
@@ -403,6 +403,7 @@
 if(isset($_GET['Complete'])){
 	$_SESSION['PO'.$identifier]->LineItems[$_GET['Complete']]->Completed=1;
 }
+
 if (isset($_POST['EnterLine'])){ /*Inputs from the form directly without selecting a stock item from the search */
 
 	$AllowUpdate = true; /*always assume the best */
@@ -486,7 +487,7 @@
 	if ($AllowUpdate == true){
 	//adding the non-stock item
 		
-		$_SESSION['PO'.$identifier]->add_to_order ($_SESSION['PO'.$identifier]->LinesOnOrder+1,
+		$_SESSION['PO'.$identifier]->add_to_order($_SESSION['PO'.$identifier]->LinesOnOrder+1,
 												'',
 												0, /*Serialised */
 												0, /*Controlled */
@@ -514,6 +515,7 @@
 
 
 if (isset($_POST['NewItem'])){ 
+	
 	/* NewItem is set from the part selection list as the part code selected 
 	* take the form entries and enter the data from the form into the PurchOrder class variable 
 	* A series of form variables of the format "NewQty" with the ItemCode concatenated are created on the search for adding new 
@@ -523,8 +525,8 @@
 
 	foreach ($_POST as $FormVariableName => $Quantity) {
 
-		if (mb_substr($FormVariableName, 0, 6)=='NewQty') { //if the form variable represents a Qty to add to the order
-			
+		if (mb_substr($FormVariableName, 0, 6)=='NewQty' AND $Quantity!=0) { //if the form variable represents a Qty to add to the order
+
 			$ItemCode = mb_substr($FormVariableName, 6, mb_strlen($FormVariableName)-6);
 			$AlreadyOnThisOrder = 0;
 			
@@ -600,7 +602,7 @@
 						$PurchPrice = 0; 
 						$ConversionFactor = 1;
 						$SupplierDescription = 	$ItemRow['description'];
-						$SuppliersUnitOfMeasure = $ItemRow['unitname'];
+						$SuppliersUnitOfMeasure = $ItemRow['units'];
 						$SuppliersPartNo = '';
 						$LeadTime = 1;
 					}
@@ -620,7 +622,7 @@
 															0,
 															0,
 															0,
-															$Itemrow['accountname'],
+															$ItemRow['accountname'],
 															$ItemRow['decimalplaces'],
 															$SuppliersUnitOfMeasure,
 															$ConversionFactor,
@@ -716,7 +718,7 @@
 	}
 
 	$DisplayTotal = number_format($_SESSION['PO'.$identifier]->Total,$_SESSION['PO'.$identifier]->CurrDecimalPlaces);
-	echo '<tr><td colspan="10" class="number">' . _('TOTAL') . _(' excluding Tax') . '</td>
+	echo '<tr><td colspan="9" class="number">' . _('TOTAL') . _(' excluding Tax') . '</td>
 						<td class="number"><b>' . $DisplayTotal . '</b></td>
 			</tr></table>';
 	echo '<br />
@@ -923,7 +925,7 @@
 
 	} else {
 		if ($_POST['StockCat']=='All'){
-			if ($_POST['SupplierItemsOnly']=='on'){
+			if (isset($_POST['SupplierItemsOnly'])){
 				$sql = "SELECT stockmaster.stockid,
 								stockmaster.description,
 								stockmaster.units
@@ -1014,7 +1016,7 @@
 
 	echo '<table class="selection">
 			<tr>
-				<th colspan=3><font size=3 color=blue>'. _('Search For Stock Items') . '</th>';
+				<th colspan="3"><font size="3" color="blue">'. _('Search For Stock Items') . '</th>';
 
 	echo ':</font>
 			</tr>
@@ -1049,7 +1051,7 @@
 		echo 'checked';
 	}
 	echo ' /></td>
-		<td><font size=3><b>' . _('OR') . ' </b></font>' . _('Enter extract of the Stock Code') . ':</td>
+		<td><font size="3"><b>' . _('OR') . ' </b></font>' . _('Enter extract of the Stock Code') . ':</td>
 		<td><input type="text" name="StockCode" size=15 maxlength=18 value="' . $_POST['StockCode'] . '"></td>
 		</tr>
 		<tr><td></td>

Modified: trunk/UserSettings.php
===================================================================
--- trunk/UserSettings.php	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/UserSettings.php	2011-08-21 07:13:02 UTC (rev 4665)
@@ -107,12 +107,16 @@
 
 }
 
-echo '<table class=selection><tr><td>' . _('User ID') . ':</td><td>';
-echo $_SESSION['UserID'] . '</td></tr>';
+echo '<table class="selection">
+		<tr>
+			<td>' . _('User ID') . ':</td>
+			<td>' . $_SESSION['UserID'] . '</td>
+		</tr>';
 
-echo '<tr><td>' . _('User Name') . ':</td><td>';
-echo $_SESSION['UsersRealName'] . '</td>
-		<input type="hidden" name="RealName" value="'.$_SESSION['UsersRealName'].'"<td></tr>';
+echo '<tr>
+		<td>' . _('User Name') . ':</td>
+		<td>' . $_SESSION['UsersRealName'] . '</td>
+		<input type="hidden" name="RealName" value="'.$_SESSION['UsersRealName'].'" /></tr>';
 
 echo '<tr>
 	<td>' . _('Maximum Number of Records to Display') . ':</td>

Modified: trunk/doc/Change.log
===================================================================
--- trunk/doc/Change.log	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/doc/Change.log	2011-08-21 07:13:02 UTC (rev 4665)
@@ -1,5 +1,7 @@
 webERP Change Log
 
+21/8/11 Phil: Fixed bug that duplicated purchase order items when more than one item was added to an existing purchase order
+21/8/11 Phil: BackupDatabase.php Delete link now deletes any backup files in the company directory in case any were left there before - as this is a serious security issue if files are left on the web-server
 19/8/11 Phil: Fixed bug in Stocks.php should have used Date($_SESSION['DefaultDateFormat']) instead of Date('Y-m-d') inside GetPeriod function as pointed out by Ricard
 16/8/11 Tim: SelectCustomer.php fixed selection of customer where the first one was selected needed to kick off count at 0.
 19/8/11 Phil: Remove redundant field stockmaster.lastcurcostdate

Modified: trunk/includes/PO_ReadInOrder.inc
===================================================================
--- trunk/includes/PO_ReadInOrder.inc	2011-08-21 02:15:14 UTC (rev 4664)
+++ trunk/includes/PO_ReadInOrder.inc	2011-08-21 07:13:02 UTC (rev 4665)
@@ -150,21 +150,21 @@
 									purchorderdetails.suppliersunit,
 									purchorderdetails.suppliers_partno
 									FROM purchorderdetails
-										LEFT JOIN stockmaster
-										ON purchorderdetails.itemcode=stockmaster.stockid
-										INNER JOIN purchorders
-										ON purchorders.orderno=purchorderdetails.orderno
-										LEFT JOIN chartmaster
-										ON purchorderdetails.glcode=chartmaster.accountcode
+									LEFT JOIN stockmaster
+									ON purchorderdetails.itemcode=stockmaster.stockid
+									INNER JOIN purchorders
+									ON purchorders.orderno=purchorderdetails.orderno
+									LEFT JOIN chartmaster
+									ON purchorderdetails.glcode=chartmaster.accountcode
 									WHERE purchorderdetails.completed=0
-										AND purchorderdetails.orderno ='" . $_GET['ModifyOrderNumber'] . "'
+									AND purchorderdetails.orderno ='" . $_GET['ModifyOrderNumber'] . "'
 									ORDER BY podetailitem";
 
 			$ErrMsg =  _('The lines on the purchase order cannot be retrieved because');
 			$DbgMsg =  _('The SQL statement that was used to retrieve the purchase order lines was');
 			$LineItemsResult = db_query($LineItemsSQL,$db,$ErrMsg,$DbgMsg);
 
-		  if (db_num_rows($LineItemsResult) > 0) {
+		  if (DB_num_rows($LineItemsResult) > 0) {
 
 				while ($myrow=db_fetch_array($LineItemsResult)) {
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.