Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4749] trunk
|
From: <dai...@us...> - 2011-11-21 09:22:13
|
Revision: 4749
http://web-erp.svn.sourceforge.net/web-erp/?rev=4749&view=rev
Author: daintree
Date: 2011-11-21 09:22:06 +0000 (Mon, 21 Nov 2011)
Log Message:
-----------
Modified Paths:
--------------
trunk/CustLoginSetup.php
trunk/DiscountMatrix.php
trunk/GoodsReceived.php
trunk/PO_Header.php
trunk/Shipments.php
trunk/SuppLoginSetup.php
trunk/UserSettings.php
trunk/WWW_Users.php
trunk/doc/Change.log
trunk/includes/DefinePOClass.php
trunk/includes/DefineShiptClass.php
Modified: trunk/CustLoginSetup.php
===================================================================
--- trunk/CustLoginSetup.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/CustLoginSetup.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -43,7 +43,7 @@
ie the page has called itself with some user input */
//first off validate inputs sensible
- if (mb_strlen($_POST['UserID'])<3){
+ if (mb_strlen($_POST['UserID'])<4){
$InputError = 1;
prnMsg(_('The user ID entered must be at least 4 characters long'),'error');
} elseif (ContainsIllegalCharacters($_POST['UserID']) OR mb_strstr($_POST['UserID'],' ')) {
Modified: trunk/DiscountMatrix.php
===================================================================
--- trunk/DiscountMatrix.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/DiscountMatrix.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -138,7 +138,7 @@
</table>
<br />
<div class="centre">
- <input tabindex=5 type="submit" name="submit" value="' . _('Enter Information') . '">
+ <input tabindex="5" type="submit" name="submit" value="' . _('Enter Information') . '" />
</div>
<br />';
@@ -155,7 +155,7 @@
$result = DB_query($sql,$db);
-echo '<table class=selection>';
+echo '<table class="selection">';
echo '<tr>
<th>' . _('Sales Type') . '</th>
<th>' . _('Discount Category') . '</th>
Modified: trunk/GoodsReceived.php
===================================================================
--- trunk/GoodsReceived.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/GoodsReceived.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -154,7 +154,8 @@
//Now Display LineItem
- echo '<td>' . $LnItm->StockID . '</td>
+
+ echo '<td><a href="' . $rootpath . '/' . $_SESSION['part_pics_dir'] . '/' . $StockID . '.jpg" target="_blank">'. $LnItm->StockID . '</a></td>
<td>' . $LnItm->ItemDescription . '</td>
<td class="number">' . $DisplaySupplierQtyOrd . '</td>
<td>' . $LnItm->SuppliersUnit . '</td>
Modified: trunk/PO_Header.php
===================================================================
--- trunk/PO_Header.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/PO_Header.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -106,6 +106,11 @@
_('Prices cannot be altered for lines that have already been received') .' '.
_('and quantities cannot be reduced below the quantity already received'),'warn');
}
+ $ShipmentExists = $_SESSION['PO'.$identifier]->Any_Lines_On_A_Shipment();
+ if ($ShipmentExists != false){
+ $OKToUpdateStatus = 0; //not ok to update the status
+ prnMsg( _('This order cannot be cancelled or rejected because there is at least one line that is allocated to a shipment') . '. ' . _('See shipment number') . ' ' . $ShipmentExists,'warn');
+ }
}
if ($OKToUpdateStatus==1){ // none of the order has been received
if ($AuthorityLevel>$OrderTotal) {
Modified: trunk/Shipments.php
===================================================================
--- trunk/Shipments.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/Shipments.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -84,18 +84,18 @@
$LineItemsSQL = "SELECT purchorderdetails.podetailitem,
purchorders.orderno,
- purchorderdetails.itemcode,
- purchorderdetails.itemdescription,
- purchorderdetails.deliverydate,
- purchorderdetails.glcode,
- purchorderdetails.qtyinvoiced,
- purchorderdetails.unitprice,
- stockmaster.units,
- purchorderdetails.quantityord,
- purchorderdetails.quantityrecd,
- purchorderdetails.stdcostunit,
- stockmaster.materialcost+stockmaster.labourcost+stockmaster.overheadcost as stdcost,
- purchorders.intostocklocation
+ purchorderdetails.itemcode,
+ purchorderdetails.itemdescription,
+ purchorderdetails.deliverydate,
+ purchorderdetails.glcode,
+ purchorderdetails.qtyinvoiced,
+ purchorderdetails.unitprice,
+ stockmaster.units,
+ purchorderdetails.quantityord,
+ purchorderdetails.quantityrecd,
+ purchorderdetails.stdcostunit,
+ stockmaster.materialcost+stockmaster.labourcost+stockmaster.overheadcost as stdcost,
+ purchorders.intostocklocation
FROM purchorderdetails INNER JOIN stockmaster
ON purchorderdetails.itemcode=stockmaster.stockid
INNER JOIN purchorders
@@ -120,17 +120,18 @@
$StandardCost =$myrow['stdcostunit'];
}
- $_SESSION['Shipment']->LineItems[$myrow['podetailitem']] = new LineDetails($myrow['podetailitem'],
- $myrow['orderno'],
- $myrow['itemcode'],
- $myrow['itemdescription'],
- $myrow['qtyinvoiced'],
- $myrow['unitprice'],
- $myrow['units'],
- $myrow['deliverydate'],
- $myrow['quantityord'],
- $myrow['quantityrecd'],
- $StandardCost);
+ $_SESSION['Shipment']->LineItems[$myrow['podetailitem']] = new LineDetails(
+ $myrow['podetailitem'],
+ $myrow['orderno'],
+ $myrow['itemcode'],
+ $myrow['itemdescription'],
+ $myrow['qtyinvoiced'],
+ $myrow['unitprice'],
+ $myrow['units'],
+ $myrow['deliverydate'],
+ $myrow['quantityord'],
+ $myrow['quantityrecd'],
+ $StandardCost);
} /* line Shipment from shipment details */
DB_data_Seek($LineItemsResult,0);
@@ -147,28 +148,31 @@
$_SESSION['Shipment'] = new Shipment;
$sql = "SELECT suppname,
- currcode
- FROM suppliers
+ currcode,
+ decimalplaces AS currdecimalplaces
+ FROM suppliers INNER JOIN currencies
+ ON suppliers.currcode=currencies.currabrev
WHERE supplierid='" . $_SESSION['SupplierID'] . "'";
$ErrMsg = _('The supplier details for the shipment could not be retrieved because');
$result = DB_query($sql,$db,$ErrMsg);
- $myrow = DB_fetch_row($result);
+ $myrow = DB_fetch_array($result);
$_SESSION['Shipment']->SupplierID = $_SESSION['SupplierID'];
- $_SESSION['Shipment']->SupplierName = $myrow[0];
- $_SESSION['Shipment']->CurrCode = $myrow[1];
+ $_SESSION['Shipment']->SupplierName = $myrow['suppname'];
+ $_SESSION['Shipment']->CurrCode = $myrow['currcode'];
+ $_SESSION['Shipment']->CurrDecimalPlaces = $myrow['currdecimalplaces'];
$_SESSION['Shipment']->ShiptRef = GetNextTransNo (31, $db);
}
-if (isset($_POST['Update']) OR (isset($_GET['Add']) AND $_SESSION['Shipment']->Closed==0)) { //user hit the update button
+if (isset($_POST['Update'])
+ OR (isset($_GET['Add'])
+ AND $_SESSION['Shipment']->Closed==0)) { //user hit the update button
$InputError = 0;
if (isset($_POST['Update'])){
- $_SESSION['Shipment']->Vessel = $_POST['Vessel'];
- $_SESSION['Shipment']->VoyageRef = $_POST['VoyageRef'];
if (!Is_Date($_POST['ETA'])){
$InputError=1;
@@ -186,19 +190,24 @@
if (mb_strlen($_POST['VoyageRef'])<2){
prnMsg( _('A reference to the voyage (or HAWB in the case of air-freight) of more than 2 characters is expected'), 'error');
}
- } elseif(mb_strlen($_SESSION['Shipment']->Vessel)<2 OR mb_strlen($_SESSION['Shipment']->VoyageRef)<2){
+ } elseif(mb_strlen($_SESSION['Shipment']->Vessel)<2
+ OR mb_strlen($_SESSION['Shipment']->VoyageRef)<2){
prnMsg(_('Cannot add purchase order lines to the shipment unless the shipment is first initiated - hit update to setup the shipment first'),'info');
$InputError = 1;
}
/*The user hit the update the shipment button and there are some lines on the shipment*/
if ($InputError == 0 AND (count($_SESSION['Shipment']->LineItems) > 0 OR isset($_GET['Add']))){
+
+ $_SESSION['Shipment']->Vessel = $_POST['Vessel'];
+ $_SESSION['Shipment']->VoyageRef = $_POST['VoyageRef'];
+
$sql = "SELECT shiptref FROM shipments WHERE shiptref =" . $_SESSION['Shipment']->ShiptRef;
$result = DB_query($sql,$db);
if (DB_num_rows($result)==1){
$sql = "UPDATE shipments SET vessel='" . $_SESSION['Shipment']->Vessel . "',
- voyageref='". $_SESSION['Shipment']->VoyageRef . "',
- eta='" . $_SESSION['Shipment']->ETA . "'
+ voyageref='". $_SESSION['Shipment']->VoyageRef . "',
+ eta='" . $_SESSION['Shipment']->ETA . "'
WHERE shiptref ='" . $_SESSION['Shipment']->ShiptRef . "'";
} else {
@@ -225,12 +234,11 @@
$sql = "UPDATE purchorderdetails
SET deliverydate ='" . $_SESSION['Shipment']->ETA . "'
- WHERE podetailitem='" . $LnItm->PODetailItem . "'";
+ WHERE podetailitem='" . $LnItm->PODetailItem . "'";
$result = DB_query($sql,$db);
$_SESSION['Shipment']->LineItems[$LnItm->PODetailItem]->DelDate = $_SESSION['Shipment']->ETA;
-
}
}
prnMsg( _('Updated the shipment record and delivery dates of order lines as necessary'), 'success');
@@ -239,23 +247,25 @@
} //user hit Update
-if (isset($_GET['Add']) AND $_SESSION['Shipment']->Closed==0 AND $InputError==0){
+if (isset($_GET['Add'])
+ AND $_SESSION['Shipment']->Closed==0
+ AND $InputError==0){
$sql = "SELECT purchorderdetails.orderno,
- purchorderdetails.itemcode,
- purchorderdetails.itemdescription,
- purchorderdetails.unitprice,
- purchorderdetails.stdcostunit,
- stockmaster.materialcost+stockmaster.labourcost+stockmaster.overheadcost as stdcost,
- purchorderdetails.quantityord,
- purchorderdetails.quantityrecd,
- purchorderdetails.deliverydate,
- stockmaster.units,
- stockmaster.decimalplaces,
- purchorderdetails.qtyinvoiced
- FROM purchorderdetails INNER JOIN stockmaster
+ purchorderdetails.itemcode,
+ purchorderdetails.itemdescription,
+ purchorderdetails.unitprice,
+ purchorderdetails.stdcostunit,
+ stockmaster.materialcost+stockmaster.labourcost+stockmaster.overheadcost as stdcost,
+ purchorderdetails.quantityord,
+ purchorderdetails.quantityrecd,
+ purchorderdetails.deliverydate,
+ stockmaster.units,
+ stockmaster.decimalplaces,
+ purchorderdetails.qtyinvoiced
+ FROM purchorderdetails INNER JOIN stockmaster
ON purchorderdetails.itemcode=stockmaster.stockid
- WHERE purchorderdetails.podetailitem='" . $_GET['Add'] . "'";
+ WHERE purchorderdetails.podetailitem='" . $_GET['Add'] . "'";
$result = DB_query($sql,$db);
$myrow = DB_fetch_array($result);
@@ -268,7 +278,7 @@
$StandardCost = $myrow['stdcostunit'];
}
- $_SESSION['Shipment']->add_to_shipment($_GET['Add'],
+ $_SESSION['Shipment']->Add_To_Shipment($_GET['Add'],
$myrow['orderno'],
$myrow['itemcode'],
$myrow['itemdescription'],
@@ -283,7 +293,7 @@
}
if (isset($_GET['Delete']) AND $_SESSION['Shipment']->Closed==0){ //shipment is open and user hit delete on a line
- $_SESSION['Shipment']->remove_from_shipment($_GET['Delete'],$db);
+ $_SESSION['Shipment']->Remove_From_Shipment($_GET['Delete'],$db);
}
@@ -315,24 +325,24 @@
if (isset($_SESSION['Shipment']->ETA)) {
echo '<td><input type="text class="date" alt='.$_SESSION['DefaultDateFormat'].' name="ETA" maxlength="10" size="10" value="' . $ETA . '" /></td>';
} else {
- echo '<td><input type="text class="date" alt='.$_SESSION['DefaultDateFormat'].' name="ETA" maxlength=10 size=10 value="' . Date($_SESSION['DefaultDateFormat']) . '" /></td>';
+ echo '<td><input type="text class="date" alt='.$_SESSION['DefaultDateFormat'].' name="ETA" maxlength="10" size="10" value="' . Date($_SESSION['DefaultDateFormat']) . '" /></td>';
}
echo '<td>'. _('Into').' ';
if (count($_SESSION['Shipment']->LineItems)>0){
- if (!isset($_SESSION['Shipment']->StockLocation)){
+ if (!isset($_SESSION['Shipment']->StockLocation)){
- $sql = "SELECT purchorders.intostocklocation
- FROM purchorders INNER JOIN purchorderdetails
- ON purchorders.orderno=purchorderdetails.orderno and podetailitem = '" . key($_SESSION['Shipment']->LineItems) . "'";
+ $sql = "SELECT purchorders.intostocklocation
+ FROM purchorders INNER JOIN purchorderdetails
+ ON purchorders.orderno=purchorderdetails.orderno AND podetailitem = '" . key($_SESSION['Shipment']->LineItems) . "'";
+
+ $result = DB_query($sql,$db);
+ $myrow = DB_fetch_row($result);
+
+ $_SESSION['Shipment']->StockLocation = $myrow[0];
+ $_POST['StockLocation']=$_SESSION['Shipment']->StockLocation;
- $result = DB_query($sql,$db);
- $myrow = DB_fetch_row($result);
-
- $_SESSION['Shipment']->StockLocation = $myrow[0];
- $_POST['StockLocation']=$_SESSION['Shipment']->StockLocation;
-
} else {
$_POST['StockLocation']=$_SESSION['Shipment']->StockLocation;
@@ -373,7 +383,7 @@
$sql = "SELECT locationname FROM locations WHERE loccode='" . $_SESSION['Shipment']->StockLocation . "'";
$resultStkLocs = DB_query($sql,$db);
$myrow=DB_fetch_array($resultStkLocs);
- echo '<input type=hidden name=StockLocation value='.$_SESSION['Shipment']->StockLocation.'>';
+ echo '<input type="hidden" name="StockLocation" value="'.$_SESSION['Shipment']->StockLocation.'" />';
echo $myrow['locationname'];
}
@@ -382,18 +392,19 @@
if (count($_SESSION['Shipment']->LineItems)>0){
/* Always display all shipment lines */
- echo '<br /><table cellpadding=2 colspan=7 class="selection">';
+ echo '<br /><table class="selection">';
echo '<tr><th colspan="9"><font color="navy" size="3">'. _('Order Lines On This Shipment'). '</font></th></tr>';
$TableHeader = '<tr>
- <th>'. _('Order'). '</th>
- <th>'. _('Item'). '</th>
- <th>'. _('Quantity'). '<br />'. _('Ordered'). '</th>
- <th>'. _('Units'). '</th>
- <th>'. _('Quantity').'<br />'. _('Received'). '</th>
- <th>'. _('Quantity').'<br />'. _('Invoiced'). '</th>
- <th>'. $_SESSION['Shipment']->CurrCode .' '. _('Price') . '</th>
- <th>'. _('Current'). '<br />'. _('Std Cost'). '</th></tr>';
+ <th>'. _('Order'). '</th>
+ <th>'. _('Item'). '</th>
+ <th>'. _('Quantity'). '<br />'. _('Ordered'). '</th>
+ <th>'. _('Units'). '</th>
+ <th>'. _('Quantity').'<br />'. _('Received'). '</th>
+ <th>'. _('Quantity').'<br />'. _('Invoiced'). '</th>
+ <th>'. $_SESSION['Shipment']->CurrCode .' '. _('Price') . '</th>
+ <th>'. _('Current'). '<br />'. _('Std Cost'). '</th>
+ </tr>';
echo $TableHeader;
@@ -420,12 +431,12 @@
echo '<td>'.$LnItm->OrderNo.'</td>
- <td>'. $LnItm->StockID .' - '. $LnItm->ItemDescription. '</td><td class="number">' . locale_number_format($LnItm->QuantityOrd,2) . '</td>
+ <td>'. $LnItm->StockID .' - '. $LnItm->ItemDescription. '</td><td class="number">' . locale_number_format($LnItm->QuantityOrd,$LnItm->DecimalPlaces) . '</td>
<td>'. $LnItm->UOM .'</td>
- <td class="number">' . locale_number_format($LnItm->QuantityRecd,2) . '</td>
- <td class="number">' . locale_number_format($LnItm->QtyInvoiced,2) . '</td>
- <td class="number">' . locale_number_format($LnItm->UnitPrice,2) . '</td>
- <td class="number">' . locale_number_format($LnItm->StdCostUnit,2) . '</td>
+ <td class="number">' . locale_number_format($LnItm->QuantityRecd,$LnItm->DecimalPlaces) . '</td>
+ <td class="number">' . locale_number_format($LnItm->QtyInvoiced,$LnItm->DecimalPlaces) . '</td>
+ <td class="number">' . locale_number_format($LnItm->UnitPrice, $_SESSION['Shipment']->CurrDecimalPlaces) . '</td>
+ <td class="number">' . locale_number_format($LnItm->StdCostUnit,$_SESSION['CompanyRecord']['decimalplaces']) . '</td>
<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?Delete=' . $LnItm->PODetailItem . '">'. _('Delete'). '</a></td>
</tr>';
}//for each line on the shipment
@@ -442,39 +453,43 @@
}
$sql = "SELECT purchorderdetails.podetailitem,
- purchorders.orderno,
- purchorderdetails.itemcode,
- purchorderdetails.itemdescription,
- purchorderdetails.unitprice,
- purchorderdetails.quantityord,
- purchorderdetails.quantityrecd,
- purchorderdetails.deliverydate,
- stockmaster.units,
- stockmaster.decimalplaces
- FROM purchorderdetails INNER JOIN purchorders
- ON purchorderdetails.orderno=purchorders.orderno
- INNER JOIN stockmaster
+ purchorders.orderno,
+ purchorderdetails.itemcode,
+ purchorderdetails.itemdescription,
+ purchorderdetails.unitprice,
+ purchorderdetails.quantityord,
+ purchorderdetails.quantityrecd,
+ purchorderdetails.deliverydate,
+ stockmaster.units,
+ stockmaster.decimalplaces
+ FROM purchorderdetails INNER JOIN purchorders
+ ON purchorderdetails.orderno=purchorders.orderno
+ INNER JOIN stockmaster
ON purchorderdetails.itemcode=stockmaster.stockid
- WHERE qtyinvoiced=0
- AND purchorders.supplierno ='" . $_SESSION['Shipment']->SupplierID . "'
- AND purchorderdetails.shiptref=0
- AND purchorders.intostocklocation='" . $_POST['StockLocation'] . "'";
+ WHERE qtyinvoiced=0
+ AND purchorderdetails.completed=0
+ AND purchorders.status='Authorised'
+ AND purchorders.supplierno ='" . $_SESSION['Shipment']->SupplierID . "'
+ AND purchorderdetails.shiptref=0
+ AND purchorders.intostocklocation='" . $_POST['StockLocation'] . "'";
$result = DB_query($sql,$db);
if (DB_num_rows($result)>0){
echo '<table cellpadding="2" colspan="7" class="selection">';
- echo '<tr><th colspan="7"><font color="navy" size="3">'. _('Possible Order Lines To Add To This Shipment').'</font></th></tr>';
+ echo '<tr>
+ <th colspan="7"><font color="navy" size="3">'. _('Possible Order Lines To Add To This Shipment').'</font></th>
+ </tr>';
$TableHeader = '<tr>
- <th>'. _('Order').'</th>
- <th>'. _('Item').'</th>
- <th>'. _('Quantity').'<br />'. _('Ordered').'</th>
- <th>'. _('Units').'</th>
- <th>'. _('Quantity').'<br />'. _('Received').'</th>
- <th>'. _('Delivery').'<br />'. _('Date').'</th>
- </tr>';
+ <th>'. _('Order').'</th>
+ <th>'. _('Item').'</th>
+ <th>'. _('Quantity').'<br />'. _('Ordered').'</th>
+ <th>'. _('Units').'</th>
+ <th>'. _('Quantity').'<br />'. _('Received').'</th>
+ <th>'. _('Delivery').'<br />'. _('Date').'</th>
+ </tr>';
echo $TableHeader;
@@ -500,12 +515,12 @@
}
echo '<td>' . $myrow['orderno'] . '</td>
- <td>' . $myrow['itemcode'] . ' - ' . $myrow['itemdescription'] . '</td>
- <td class="number">' . locale_number_format($myrow['quantityord'],$myrow['decimalplaces']) . '</td>
- <td>' . $myrow['units'] . '</td>
- <td class="number">' . locale_number_format($myrow['quantityrecd'],,$myrow['decimalplaces']) . '</td>
- <td class="number">' . ConvertSQLDate($myrow['deliverydate']) . '</td>
- <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?' . 'Add=' . $myrow['podetailitem'] . '">'. _('Add').'</a></td>
+ <td>' . $myrow['itemcode'] . ' - ' . $myrow['itemdescription'] . '</td>
+ <td class="number">' . locale_number_format($myrow['quantityord'],$myrow['decimalplaces']) . '</td>
+ <td>' . $myrow['units'] . '</td>
+ <td class="number">' . locale_number_format($myrow['quantityrecd'],$myrow['decimalplaces']) . '</td>
+ <td class="number">' . ConvertSQLDate($myrow['deliverydate']) . '</td>
+ <td><a href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?' . 'Add=' . $myrow['podetailitem'] . '">'. _('Add').'</a></td>
</tr>';
}
Modified: trunk/SuppLoginSetup.php
===================================================================
--- trunk/SuppLoginSetup.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/SuppLoginSetup.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -43,7 +43,7 @@
ie the page has called itself with some user input */
//first off validate inputs sensible
- if (mb_strlen($_POST['UserID'])<3){
+ if (mb_strlen($_POST['UserID'])<4){
$InputError = 1;
prnMsg(_('The user ID entered must be at least 4 characters long'),'error');
} elseif (ContainsIllegalCharacters($_POST['UserID'])) {
Modified: trunk/UserSettings.php
===================================================================
--- trunk/UserSettings.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/UserSettings.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -34,27 +34,34 @@
prnMsg(_('Cannot change password in the demo or others would be locked out!'),'warn');
}
*/
- $update_pw = 'N';
- if ($_POST['pass'] != ''){
- if ($_POST['pass'] != $_POST['passcheck']){
+ $UpdatePassword = 'N';
+ if ($_POST['Password'] != ''){
+ if ($_POST['Password'] != $_POST['PasswordCheck']){
$InputError = 1;
prnMsg(_('The password and password confirmation fields entered do not match'),'error');
}else{
- $update_pw = 'Y';
+ $UpdatePassword = 'Y';
}
}
- if ($_POST['passcheck'] != ''){
- if ($_POST['pass'] != $_POST['passcheck']){
+ if ($_POST['PasswordCheck'] != ''){
+ if ($_POST['Password'] != $_POST['PasswordCheck']){
$InputError = 1;
prnMsg(_('The password and password confirmation fields entered do not match'),'error');
}else{
- $update_pw = 'Y';
+ $UpdatePassword = 'Y';
}
}
+ if (mb_strlen($_POST['Password'])<5){
+ $InputError = 1;
+ prnMsg(_('The password entered must be at least 5 characters long'),'error');
+ } elseif (mb_strstr($_POST['Password'],$_SESSION['UserID'])!= False){
+ $InputError = 1;
+ prnMsg(_('The password cannot contain the user id'),'error');
+ }
if ($InputError != 1) {
// no errors
- if ($update_pw != 'Y'){
+ if ($UpdatePassword != 'Y'){
$sql = "UPDATE www_users
SET displayrecordsmax='" . $_POST['DisplayRecordsMax'] . "',
theme='" . $_POST['Theme'] . "',
@@ -76,7 +83,7 @@
language='" . $_POST['Language'] . "',
email='". $_POST['email'] ."',
pdflanguage='" . $_POST['PDFLanguage'] . "',
- password='" . CryptPass($_POST['pass']) . "'
+ password='" . CryptPass($_POST['Password']) . "'
WHERE userid = '" . $_SESSION['UserID'] . "'";
$ErrMsg = _('The user alterations could not be processed because');
@@ -161,20 +168,20 @@
}
}
-if (!isset($_POST['passcheck'])) {
- $_POST['passcheck']='';
+if (!isset($_POST['PasswordCheck'])) {
+ $_POST['PasswordCheck']='';
}
-if (!isset($_POST['pass'])) {
- $_POST['pass']='';
+if (!isset($_POST['Password'])) {
+ $_POST['Password']='';
}
echo '</select></td></tr>
<tr>
<td>' . _('New Password') . ':</td>
- <td><input type="password" name="pass" size=20 value="' . $_POST['pass'] . '"></td>
+ <td><input type="password" name="Password" size="20" value="' . $_POST['Password'] . '" /></td>
</tr>
<tr>
<td>' . _('Confirm Password') . ':</td>
- <td><input type="password" name="passcheck" size="20" value="' . $_POST['passcheck'] . '"></td>
+ <td><input type="password" name="PasswordCheck" size="20" value="' . $_POST['PasswordCheck'] . '" /></td>
</tr>
<tr>
<td colspan=2 align="center"><i>' . _('If you leave the password boxes empty your password will not change') . '</i></td>
@@ -189,7 +196,7 @@
$_POST['email'] = $myrow['email'];
}
-echo '<td><input type="text" name="email" size=40 value="' . $_POST['email'] . '"></td>
+echo '<td><input type="text" name="email" size=40 value="' . $_POST['email'] . '" /></td>
</tr>';
if (!isset($_POST['PDFLanguage'])){
Modified: trunk/WWW_Users.php
===================================================================
--- trunk/WWW_Users.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/WWW_Users.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -60,7 +60,7 @@
ie the page has called itself with some user input */
//first off validate inputs sensible
- if (mb_strlen($_POST['UserID'])<3){
+ if (mb_strlen($_POST['UserID'])<4){
$InputError = 1;
prnMsg(_('The user ID entered must be at least 4 characters long'),'error');
} elseif (ContainsIllegalCharacters($_POST['UserID'])) {
@@ -391,19 +391,23 @@
$_POST['Blocked'] = $myrow['blocked'];
$_POST['PDFLanguage'] = $myrow['pdflanguage'];
- echo '<input type="hidden" name="SelectedUser" value="' . $SelectedUser . '" /';
+ echo '<input type="hidden" name="SelectedUser" value="' . $SelectedUser . '" />';
echo '<input type="hidden" name="UserID" value="' . $_POST['UserID'] . '" />';
echo '<input type="hidden" name="ModulesAllowed" value="' . $_POST['ModulesAllowed'] . '" />';
- echo '<table class=selection> <tr><td>' . _('User code') . ':</td><td>';
- echo $_POST['UserID'] . '</td></tr>';
+ echo '<table class="selection">
+ <tr>
+ <td>' . _('User code') . ':</td>
+ <td>' . $_POST['UserID'] . '</td>
+ </tr>';
} else { //end of if $SelectedUser only do the else when a new record is being entered
echo '<table class="selection">
<tr>
<td>' . _('User Login') . ':</td>
- <td><input type="text" name="UserID" size="22" maxlength="20" /></td></tr>';
+ <td><input type="text" name="UserID" size="22" maxlength="20" /></td>
+ </tr>';
/*set the default modules to show to all
this had trapped a few people previously*/
Modified: trunk/doc/Change.log
===================================================================
--- trunk/doc/Change.log 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/doc/Change.log 2011-11-21 09:22:06 UTC (rev 4749)
@@ -1,5 +1,8 @@
webERP Change Log
+21/11/11 Phil: UserSettings.php now checks for at least 5 character passwords WWW_Users.php CustLoginSetup.php and SupplierLoginSetup.php now also check for 4 character userids
+21/11/11 Felix Lim: WWW_users.php malfomed <input type="hidden" - with no closing >
+
19/11/11 Release 4.06RC3 - 4.06.1
19/11/11 Phil: SupplierAllocations.php fixes for number_formatting
Modified: trunk/includes/DefinePOClass.php
===================================================================
--- trunk/includes/DefinePOClass.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/includes/DefinePOClass.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -154,6 +154,17 @@
return 0;
}
+ function Any_Lines_On_A_Shipment(){
+ /* Checks if any of the line items are on a shipment */
+ if (count($this->LineItems)>0){
+ foreach ($this->LineItems as $OrderedItems) {
+ if ($OrderedItems->ShiptRef !=''){
+ return $OrderedItems->ShiptRef;
+ }
+ }
+ }
+ return 0;
+ }
function Some_Already_Received($LineNo){
/* Checks if there have been deliveries or amounts invoiced against a specific line item */
if (count($this->LineItems)>0 and isset($this->LineItems[$LineNo])){
Modified: trunk/includes/DefineShiptClass.php
===================================================================
--- trunk/includes/DefineShiptClass.php 2011-11-19 04:00:22 UTC (rev 4748)
+++ trunk/includes/DefineShiptClass.php 2011-11-21 09:22:06 UTC (rev 4749)
@@ -4,17 +4,17 @@
Class Shipment {
- Var $ShiptRef; /*unqique identifier for the shipment */
-
+ var $ShiptRef; /*unqique identifier for the shipment */
var $LineItems; /*array of objects of class LineDetails using the product id as the pointer */
- Var $SupplierID;
+ var $SupplierID;
var $SupplierName;
var $CurrCode;
var $VoyageRef;
- Var $Vessel;
- Var $ETA;
- Var $StockLocation;
- Var $Closed;
+ var $Vessel;
+ var $ETA;
+ var $StockLocation;
+ var $Closed;
+ var $CurrDecimalPlaces;
function Shipment(){
/*Constructor function initialises a new Shipment object */
@@ -23,20 +23,32 @@
$this->Closed =0;
}
- function add_to_shipment($PODetailItem,
- $OrderNo,
- $StockID,
- $ItemDescr,
- $QtyInvoiced,
- $UnitPrice,
- $UOM,
- $DelDate,
- $QuantityOrd,
- $QuantityRecd,
- $StdCostUnit,
- &$db){
+ function Add_To_Shipment($PODetailItem,
+ $OrderNo,
+ $StockID,
+ $ItemDescr,
+ $QtyInvoiced,
+ $UnitPrice,
+ $UOM,
+ $DelDate,
+ $QuantityOrd,
+ $QuantityRecd,
+ $StdCostUnit,
+ $DecimalPlaces,
+ &$db){
- $this->LineItems[$PODetailItem]= new LineDetails($PODetailItem,$OrderNo,$StockID,$ItemDescr, $QtyInvoiced, $UnitPrice, $UOM, $DelDate, $QuantityOrd, $QuantityRecd, $StdCostUnit);
+ $this->LineItems[$PODetailItem]= new LineDetails($PODetailItem,
+ $OrderNo,
+ $StockID,
+ $ItemDescr,
+ $QtyInvoiced,
+ $UnitPrice,
+ $UOM,
+ $DelDate,
+ $QuantityOrd,
+ $QuantityRecd,
+ $StdCostUnit,
+ $DecimalPlaces);
$sql = "UPDATE purchorderdetails SET shiptref = '" . $this->ShiptRef . "'
WHERE podetailitem = '" . $PODetailItem . "'";
@@ -47,7 +59,7 @@
}
- function remove_from_shipment($PODetailItem,&$db){
+ function Remove_From_Shipment($PODetailItem,&$db){
if ($this->LineItems[$PODetailItem]->QtyInvoiced==0){
@@ -63,20 +75,32 @@
Class LineDetails {
- Var $PODetailItem;
- Var $OrderNo;
- Var $StockID;
- Var $ItemDescription;
- Var $QtyInvoiced;
- Var $UnitPrice;
- Var $UOM;
- Var $DelDate;
- Var $QuantityOrd;
- Var $QuantityRecd;
- Var $StdCostUnit;
+ var $PODetailItem;
+ var $OrderNo;
+ var $StockID;
+ var $ItemDescription;
+ var $QtyInvoiced;
+ var $UnitPrice;
+ var $UOM;
+ var $DelDate;
+ var $QuantityOrd;
+ var $QuantityRecd;
+ var $StdCostUnit;
+ var $DecimalPlaces;
- function LineDetails ($PODetailItem, $OrderNo, $StockID, $ItemDescr, $QtyInvoiced, $UnitPrice, $UOM, $DelDate, $QuantityOrd, $QuantityRecd, $StdCostUnit){
+ function LineDetails ($PODetailItem,
+ $OrderNo,
+ $StockID,
+ $ItemDescr,
+ $QtyInvoiced,
+ $UnitPrice,
+ $UOM,
+ $DelDate,
+ $QuantityOrd,
+ $QuantityRecd,
+ $StdCostUnit,
+ $DecimalPlaces=2){
/* Constructor function to add a new LineDetail object with passed params */
$this->PODetailItem = $PODetailItem;
@@ -90,6 +114,7 @@
$this->QuantityRecd = $QuantityRecd;
$this->QuantityOrd = $QuantityOrd;
$this->StdCostUnit = $StdCostUnit;
+ $this->DecimalPlaces = $DecimalPlaces;
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
