<?
//Copyright David Byrne 2007
//This file is part of eCanteen.
// eCanteen is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// eCanteen is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with eCanteen. If not, see <http://www.gnu.org/licenses/>.
session_start();
if ($_SESSION['userlevel']>=3)
{
include("../include/constants.php");
mysql_free_result();
$filter = "";
$filterfield = "";
$wholeonly = "";
$order = "";
$ordtype = "";
?>
<html>
<head>
<title>ecanteen -- transactions</title>
<meta name="generator" content="text/html">
<LINK REL="stylesheet" TYPE="text/css" HREF="maintain.css"></head>
<body>
<table class="bd" width="50%"><tr><td class="hr"><h2>All Transactions</h2></td><td class="bd" width="50%"><button id="Return2Cal" onclick="window.location.href='../index.php';return true;" style="width: 190px">Return to Main Menu</button></td></tr></table>
<?
$conn = connect();
$showrecs = 20;
$pagerange = 10;
$a = @$_GET["a"];
$recid = @$_GET["recid"];
if (isset($_GET["order"])) $order = @$_GET["order"];
if (isset($_GET["type"])) $ordtype = @$_GET["type"];
if (isset($_POST["filter"])) $filter = @$_POST["filter"];
if (isset($_POST["filter_field"])) $filterfield = @$_POST["filter_field"];
$wholeonly = false;
if (isset($_POST["wholeonly"])) $wholeonly = @$_POST["wholeonly"];
if (!isset($order) && isset($_SESSION["order"])) $order = $_SESSION["order"];
if (!isset($ordtype) && isset($_SESSION["type"])) $ordtype = $_SESSION["type"];
if (!isset($filter) && isset($_SESSION["filter"])) $filter = $_SESSION["filter"];
if (!isset($filterfield) && isset($_SESSION["filter_field"])) $filterfield = $_SESSION["filter_field"];
$page = @$_GET["page"];
if (!isset($page)) $page = 1;
$sql = @$_POST["sql"];
switch ($sql) {
case "update":
sql_update();
break;
}
switch ($a) {
case "edit":
editrec($recid);
break;
default:
select();
break;
}
if (isset($order)) $_SESSION["order"] = $order;
if (isset($ordtype)) $_SESSION["type"] = $ordtype;
if (isset($filter)) $_SESSION["filter"] = $filter;
if (isset($filterfield)) $_SESSION["filter_field"] = $filterfield;
if (isset($wholeonly)) $_SESSION["wholeonly"] = $wholeonly;
mysql_close($conn);
?>
<table class="bd" width="100%"><tr><td class="hr"></td></tr></table>
</body>
</html>
<?}?>
<? function select()
{
global $a;
global $showrecs;
global $page;
global $filter;
global $filterfield;
global $wholeonly;
global $order;
global $ordtype;
if ($a == "reset") {
$filter = "";
$filterfield = "";
$wholeonly = "";
$order = "";
$ordtype = "";
}
$checkstr = "";
if ($wholeonly) $checkstr = " checked";
if ($ordtype == "asc") { $ordtypestr = "desc"; } else { $ordtypestr = "asc"; }
$res = sql_select();
$count = sql_getrecordcount();
if ($count % $showrecs != 0) {
$pagecount = intval($count / $showrecs) + 1;
}
else {
$pagecount = intval($count / $showrecs);
}
$startrec = $showrecs * ($page - 1);
if ($startrec < $count) {mysql_data_seek($res, $startrec);}
$reccount = min($showrecs * $page, $count);
$fields = array(
"TransactionID" => "TransactionID",
"TransactionNumber" => "TransactionNumber",
"TransactionDate" => "TransactionDate",
"TargetDate" => "TargetDate",
"TransactionDescription" => "TransactionDescription",
"AdminID" => "AdminID",
"MajorAccountID" => "MajorAccountID",
"MinorAccountID" => "MinorAccountID",
"BreakID" => "BreakID",
"WithdrawalAmount" => "WithdrawalAmount",
"DepositAmount" => "DepositAmount",
"PrintDate" => "PrintDate");
$conn2 = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);
$sql = "SELECT majorcustomer.`CustomerID` , CONCAT(majorcustomer.`LastName`,', ',majorcustomer.`FirstName`) AS `MajorName` from `majorcustomer` WHERE `~SiteID\$`=".$_SESSION['SiteID'].";";
$arrayres = mysql_query($sql,$conn2) or die(mysql_error());
$resnum=mysql_numrows($arrayres);
for ($ux=0; $ux<=40; $ux=$ux+1)
{
$AdminArray[$ux][0]=0;
}
$i=0;
while ($i < $resnum)
{
$AdminArray[mysql_result($arrayres,$i,"CustomerID")][1]=mysql_result($arrayres,$i,"MajorName")."(".mysql_result($arrayres,$i,"CustomerID").")";
$i++;
}
$sql = "SELECT minorcustomer.`CustomerID` , CONCAT(minorcustomer.`LastName`,', ',minorcustomer.`FirstName`) AS `MinorName` from `minorcustomer` WHERE `~SiteID$`=".$_SESSION['SiteID']." ;";
$arrayres = mysql_query($sql, $conn2) or die(mysql_error());
$resnum=mysql_numrows($arrayres);
for ($ux=0; $ux<=40; $ux=$ux+1)
{
$MinorArray[$ux][0]=0;
}
$i=0;
while ($i < $resnum)
{
$MinorArray[mysql_result($arrayres,$i,"CustomerID")][1]=mysql_result($arrayres,$i,"MinorName")."(".mysql_result($arrayres,$i,"CustomerID").")";
$i++;
}
$sql = "select `BreakID`, `Break` from `break` WHERE `~SiteID$`=".$_SESSION['SiteID']." ;";
$arrayres = mysql_query($sql, $conn2) or die(mysql_error());
$resnum=mysql_numrows($arrayres);
for ($ux=0; $ux<=40; $ux=$ux+1)
{
$BreakArray[$ux][0]=0;
}
$i=0;
while ($i < $resnum)
{
$BreakArray[mysql_result($arrayres,$i,"BreakID")][1]=mysql_result($arrayres,$i,"Break")."(".mysql_result($arrayres,$i,"BreakID").")";
$i++;
}
mysql_close($conn2);
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr><td>Records shown <? echo $startrec + 1 ?> - <? echo $reccount ?> of <? echo $count ?></td></tr>
</table>
<hr size="1" noshade>
<form action="transactions.php" method="post">
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><b>Custom Filter</b> </td>
<td><input type="text" name="filter" value="<? echo $filter ?>"></td>
<td><select name="filter_field">
<option value="">All Fields</option>
<?
reset($fields);
foreach($fields as $val => $caption) {
if ($val == $filterfield) {$selstr = " selected"; } else {$selstr = ""; }
?>
<option value="<? echo $val ?>"<? echo $selstr ?>><? echo htmlspecialchars($caption) ?></option>
<? } ?>
</select></td>
<td><input type="checkbox" name="wholeonly"<? echo $checkstr ?>>Whole words only</td>
</td></tr>
<tr>
<td> </td>
<td><input type="submit" name="action" value="Apply Filter"></td>
<td><a href="transactions.php?a=reset">Reset Filter</a></td>
</tr>
</table>
</form>
<hr size="1" noshade>
<? showpagenav($page, $pagecount,$order,$ordtype); ?>
<br>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="100%">
<tr>
<?
reset($fields);
foreach($fields as $val => $caption) {
?>
<td class="hr"><a class="hr" href="transactions.php?order=<? echo $val ?>&type=<? echo $ordtypestr ?>"><? echo htmlspecialchars($caption) ?></a></td>
<? } ?>
<td class="hr"> </td>
</tr>
<?
for ($i = $startrec; $i < $reccount; $i++)
{
$row = mysql_fetch_assoc($res);
$style = "dr";
if ($i % 2 != 0) {
$style = "sr";
}
?>
<tr>
<?
reset($fields);
foreach($fields as $val => $caption) {
{
print "<td class=".$style.">";
if($caption=="BreakID"||$caption=="MajorAccountID"||$caption=="AdminID"||$caption=="MinorAccountID")
{
if($caption=="BreakID")
{
print $BreakArray[$row[$val]][1];
}elseif ($caption=="MajorAccountID"||$caption=="AdminID"){
print $AdminArray[$row[$val]][1];
}else{
print $MinorArray[$row[$val]][1];
}
}elseif (stristr($caption,"date"))
{
print substr($row[$val],0,10);
}
else
{
print htmlspecialchars($row[$val]);
}
}
}
print "</td>";
?>
</tr>
<?
}
mysql_free_result($res);
?>
</table>
<br>
<? showpagenav($page, $pagecount,$order,$ordtype); ?>
<? } ?>
<? function showroweditor($row)
{
global $conn;
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("TransactionID")." " ?></td>
<td class="dr"><input type="text" name="TransactionID" value="<? echo str_replace('"', '"', trim($row["TransactionID"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TransactionNumber")." " ?></td>
<td class="dr"><input type="text" name="TransactionNumber" value="<? echo str_replace('"', '"', trim($row["TransactionNumber"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TransactionDate")." " ?></td>
<td class="dr"><input type="text" name="TransactionDate" value="<? echo str_replace('"', '"', trim($row["TransactionDate"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TargetDate")." " ?></td>
<td class="dr"><input type="text" name="TargetDate" value="<? echo str_replace('"', '"', trim($row["TargetDate"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TransactionDescription")." " ?></td>
<td class="dr"><textarea cols="35" rows="4" name="TransactionDescription" maxlength="255"><? echo str_replace('"', '"', trim($row["TransactionDescription"])) ?></textarea></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("AdminID")." " ?></td>
<td class="dr"><select name="AdminID">
<option value=""></option>
<?
$sql = "select `CustomerID`, `UserName_L2` from `majorcustomer`";
$res = mysql_query($sql, $conn) or die(mysql_error());
while ($lp_row = mysql_fetch_assoc($res)){
$val = $lp_row["CustomerID"];
$caption = $lp_row["UserName_L2"];
if ($row["AdminID"] == $lp_row["CustomerID"]) {$selstr = " selected"; } else {$selstr = ""; }
?><option value="<? echo $val ?>"<? echo $selstr ?>><? echo $caption ?></option>
<? } ?></select>
</td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MajorAccountID")." " ?></td>
<td class="dr"><select name="MajorAccountID">
<option value=""></option>
<?
$sql = "select `CustomerID`, `UserName_L2` from `majorcustomer`";
$res = mysql_query($sql, $conn) or die(mysql_error());
while ($lp_row = mysql_fetch_assoc($res)){
$val = $lp_row["CustomerID"];
$caption = $lp_row["UserName_L2"];
if ($row["MajorAccountID"] == $lp_row["CustomerID"]) {$selstr = " selected"; } else {$selstr = ""; }
?><option value="<? echo $val ?>"<? echo $selstr ?>><? echo $caption ?></option>
<? } ?></select>
</td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MinorAccountID")." " ?></td>
<td class="dr"><select name="MinorAccountID">
<option value=""></option>
<?
$sql = "select `CustomerID`, `FirstName` from `minorcustomer`";
$res = mysql_query($sql, $conn) or die(mysql_error());
while ($lp_row = mysql_fetch_assoc($res)){
$val = $lp_row["CustomerID"];
$caption = $lp_row["FirstName"];
if ($row["MinorAccountID"] == $lp_row["CustomerID"]) {$selstr = " selected"; } else {$selstr = ""; }
?><option value="<? echo $val ?>"<? echo $selstr ?>><? echo $caption ?></option>
<? } ?></select>
</td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("BreakID")." " ?></td>
<td class="dr"><select name="BreakID">
<option value=""></option>
<?
$sql = "select `BreakID`, `Break` from `break`";
$res = mysql_query($sql, $conn) or die(mysql_error());
while ($lp_row = mysql_fetch_assoc($res)){
$val = $lp_row["BreakID"];
$caption = $lp_row["Break"];
if ($row["BreakID"] == $lp_row["BreakID"]) {$selstr = " selected"; } else {$selstr = ""; }
?><option value="<? echo $val ?>"<? echo $selstr ?>><? echo $caption ?></option>
<? } ?></select>
</td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("WithdrawalAmount")." " ?></td>
<td class="dr"><input type="text" name="WithdrawalAmount" value="<? echo str_replace('"', '"', trim($row["WithdrawalAmount"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("DepositAmount")." " ?></td>
<td class="dr"><input type="text" name="DepositAmount" value="<? echo str_replace('"', '"', trim($row["DepositAmount"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("PrintDate")." " ?></td>
<td class="dr"><input type="text" name="PrintDate" value="<? echo str_replace('"', '"', trim($row["PrintDate"])) ?>"></td>
</tr>
</table>
<? } ?>
<? function showpagenav($page, $pagecount,$order,$ordtype)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<? if ($page > 1) { ?>
<td><a href="transactions.php?page=<? echo $page - 1 ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>"><< Prev</a> </td>
<? } ?>
<?
global $pagerange;
if ($pagecount > 1) {
if ($pagecount % $pagerange != 0) {
$rangecount = intval($pagecount / $pagerange) + 1;
}
else {
$rangecount = intval($pagecount / $pagerange);
}
for ($i = 1; $i < $rangecount + 1; $i++) {
$startpage = (($i - 1) * $pagerange) + 1;
$count = min($i * $pagerange, $pagecount);
if ((($page >= $startpage) && ($page <= ($i * $pagerange)))) {
for ($j = $startpage; $j < $count + 1; $j++) {
if ($j == $page) {
?>
<td><b><? echo $j ?></b></td>
<? } else { ?>
<td><a href="transactions.php?page=<? echo $j ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>"><? echo $j ?></a></td>
<? } } } else { ?>
<td><a href="transactions.php?page=<? echo $startpage ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>"><? echo $startpage ."..." .$count ?></a></td>
<? } } } ?>
<? if ($page < $pagecount) { ?>
<td> <a href="transactions.php?page=<? echo $page + 1 ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>">Next >></a> </td>
<? } ?>
</tr>
</table>
<? } ?>
<? function showrecnav($a, $recid, $count)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="transactions.php?order=<? echo $order ?>&type=<? echo $ordtype ?>">Index Page</a></td>
<? if ($recid > 0) { ?>
<td><a href="transactions.php?a=<? echo $a ?>&recid=<? echo $recid - 1 ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>">Prior Record</a></td>
<? } if ($recid < $count) { ?>
<td><a href="transactions.php?a=<? echo $a ?>&recid=<? echo $recid + 1 ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>">Next Record</a></td>
<? } ?>
</tr>
</table>
<hr size="1" noshade>
<? } ?>
<? function editrec($recid)
{
$res = sql_select();
$count = sql_getrecordcount();
mysql_data_seek($res, $recid);
$row = mysql_fetch_assoc($res);
showrecnav("edit", $recid, $count);
?>
<br>
<form action="transactions.php" method="post">
<input type="hidden" name="sql" value="update">
<input type="hidden" name="xTransactionID" value="<? echo $row["TransactionID"] ?>">
<? showroweditor($row) ?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<?
mysql_free_result($res);
} ?>
<? function connect()
{
$conn = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);
return $conn;
}
function sqlvalue($val, $quote)
{
if ($quote)
$tmp = sqlstr($val);
else
$tmp = $val;
if ($tmp == "")
$tmp = "NULL";
elseif ($quote)
$tmp = "'".$tmp."'";
return $tmp;
}
function sqlstr($val)
{
return str_replace("'", "''", $val);
}
function sql_select()
{
global $conn;
global $order;
global $ordtype;
global $filter;
global $filterfield;
global $wholeonly;
$filterstr = sqlstr($filter);
if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
$sql = "select `TransactionID`, `TransactionNumber`, `TransactionDate`, `TargetDate`, `TransactionDescription`, `AdminID`, `MajorAccountID`, `MinorAccountID`, `BreakID`, `WithdrawalAmount`, `DepositAmount`, `PrintDate` from `transactions` where (`~SiteID\$`=".$_SESSION['SiteID'].")";
if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
$sql .= " and " .sqlstr($filterfield) ." like '" .$filterstr ."'";
} elseif (isset($filterstr) && $filterstr!='') {
$sql .= " and (`TransactionID` like '" .$filterstr ."') or (`TransactionNumber` like '" .$filterstr ."') or (`TransactionDate` like '" .$filterstr ."') or (`TargetDate` like '" .$filterstr ."') or (`TransactionDescription` like '" .$filterstr ."') or (`AdminID` like '" .$filterstr ."') or (`MajorAccountID` like '" .$filterstr ."') or (`MinorAccountID` like '" .$filterstr ."') or (`BreakID` like '" .$filterstr ."') or (`WithdrawalAmount` like '" .$filterstr ."') or (`DepositAmount` like '" .$filterstr ."') or (`PrintDate` like '" .$filterstr ."')";
}
if (isset($order) && $order!='') $sql .= " order by `" .sqlstr($order) ."`";
if (isset($ordtype) && $ordtype!='') $sql .= " " .sqlstr($ordtype);
$res = mysql_query($sql, $conn) or die(mysql_error());
return $res;
}
function sql_getrecordcount()
{
global $conn;
global $order;
global $ordtype;
global $filter;
global $filterfield;
global $wholeonly;
$filterstr = sqlstr($filter);
if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
$sql = "select count(*) from `transactions` where (`~SiteID\$`=".$_SESSION['SiteID'].")";
if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
$sql .= " and " .sqlstr($filterfield) ." like '" .$filterstr ."'";
} elseif (isset($filterstr) && $filterstr!='') {
$sql .= " and (`TransactionID` like '" .$filterstr ."') or (`TransactionNumber` like '" .$filterstr ."') or (`TransactionDate` like '" .$filterstr ."') or (`TargetDate` like '" .$filterstr ."') or (`TransactionDescription` like '" .$filterstr ."') or (`AdminID` like '" .$filterstr ."') or (`MajorAccountID` like '" .$filterstr ."') or (`MinorAccountID` like '" .$filterstr ."') or (`BreakID` like '" .$filterstr ."') or (`WithdrawalAmount` like '" .$filterstr ."') or (`DepositAmount` like '" .$filterstr ."') or (`PrintDate` like '" .$filterstr ."')";
}
$res = mysql_query($sql, $conn) or die(mysql_error());
$row = mysql_fetch_assoc($res);
reset($row);
return current($row);
}
function sql_update()
{
global $conn;
global $_POST;
$sql = "update `transactions` set `TransactionID`=" .sqlvalue(@$_POST["TransactionID"], false) .", `TransactionNumber`=" .sqlvalue(@$_POST["TransactionNumber"], false) .", `TransactionDate`=" .sqlvalue(@$_POST["TransactionDate"], true) .", `TargetDate`=" .sqlvalue(@$_POST["TargetDate"], true) .", `TransactionDescription`=" .sqlvalue(@$_POST["TransactionDescription"], true) .", `AdminID`=" .sqlvalue(@$_POST["AdminID"], false) .", `MajorAccountID`=" .sqlvalue(@$_POST["MajorAccountID"], false) .", `MinorAccountID`=" .sqlvalue(@$_POST["MinorAccountID"], false) .", `BreakID`=" .sqlvalue(@$_POST["BreakID"], false) .", `WithdrawalAmount`=" .sqlvalue(@$_POST["WithdrawalAmount"], false) .", `DepositAmount`=" .sqlvalue(@$_POST["DepositAmount"], false) .", `PrintDate`=" .sqlvalue(@$_POST["PrintDate"], true) ." where " ."(`TransactionID`=" .sqlvalue(@$_POST["xTransactionID"], false) .")";
mysql_query($sql, $conn) or die(mysql_error());
} ?>