<?PHP
//Filename : do_buy_shirt.php
//Description : Functional script which charges the current user the price of how many shirts they selected
//Author :  darc, Marty
//Last modified :  2006.12.20

    include '../includes/auth.php';
	include '../includes/db.php';

    $pin_num = $_SESSION[pin_num];
    $shirt_num = $_POST['shirt_number'];
	$price = $_POST['price'];
    $amount =  ($price * $shirt_num) * -1;
    $added_by = $_POST['added_by'];
    $description = $_POST['description'];
	$design_id = $_POST['design_id'];
	$size = $_POST['size'];
    
	$user = $_SESSION['current_user'];


    $sql_bal = "SELECT brothers.pin_num, financial.pin_num, financial.amount, SUM(financial.amount) AS balance FROM financial INNER JOIN brothers ON financial.pin_num = brothers.pin_num WHERE financial.pin_num = '$pin_num' GROUP BY financial.pin_num";
    $sql_bal_result = mysql_query($sql_bal,$connection) or die(mysql_error());
    $bal_row = mysql_fetch_array($sql_bal_result);
    $balance = $bal_row['balance'];

if($balance >= -30)
{
    $sql = "INSERT INTO financial (transaction_num, pin_num, amount, date_time, description, added_by) VALUES ('', '$pin_num', '$amount', NOW(), '$description Shirt', '$added_by');";
    $result = mysql_query($sql,$connection) or die(mysql_error());
	
	$sql2 = "INSERT INTO tshirt_orders (order_num, pin_num, design_id, quantity, size, total) VALUES ('', '$pin_num', '$design_id', '$shirt_num', '$size', '$amount');";
    $result2 = mysql_query($sql2,$connection) or die(mysql_error());


    include('../includes/header.php');echo "<center>Transaction completed successfully!<p>You were charged $$amount for $shirt_num "; if ($shirt_num > 1) {echo "shirts.</center>";} else echo "shirt.</center>";include('../includes/footer.php');
}

else
{
    include('../includes/header.php');
    echo "<center>You must pay your account in full before you are allowed to charge T-Shirts, please talk to the Treasurer.</center>";
    include('../includes/footer.php');
}
?>