Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/phpMyPurchasing-0.1.2-alpha/scripts/classes/class.purchases.php
<?PHP
/*
 * phpMyPurchasing
 * Jason Gerfen [hide@address.com]
 *
 * class.purchasing.php - Handle management of purchases
 */

class purchases
{

 function process($token,$get,$post,$server)
 {
  global $errors;
  global $handles;
  global $defined;

  $post = array_merge($post,$this->GenAllErrors($post));

  // department,group,ordernum and date
		$post['txtOrderDate'] = $handles['misc']->GenDate();
		$post['txtOrderNum'] = $this->genOrderNum();
  $department = $this->getDeptInfo($token);

		$post['txtOrderGroup'] = '';

		if(!empty($post['cmd'])) {
			// missing anything?
			if((!empty($post['txtOrderDate']))&&(!empty($post['txtOrderNum']))&&(!empty($post['txtOrderGroup']))&&(count($post['txtParts'])>0)&&(!empty($post['txtVendorName']))&&(!empty($post['txtVendorContact']))&&(!empty($post['txtVendorAddress']))&&(!empty($post['txtVendorPhone']))&&(!empty($post['txtVendorEmail']))&&(!empty($post['txtDepartmentName']))&&(!empty($post['txtDepartmentContact']))&&(!empty($post['txtDepartmentAddress']))&&(!empty($post['txtDepartmentPhone']))&&(!empty($post['txtDepartmentEmail']))) {
				// field formatting check out?
				if(($handles['val']->ValidateDate($post['txtOrderDate'])!==-1)||($handles['val']->ValidateInteger($post['txtOrderNum'])!==-1)||($handles['val']->ValidateParagraph($post['txtOrderGroup'])!==-1)||($handles['val']->ValidateAlphaChar($post['txtAccountNumber'])!==-1)||($handles['val']->ValidateDate($post['txtOrderETA'])!==-1)||($handles['val']->ValidateParagraph($post['txtVendorName'])!==-1)||($handles['val']->ValidateParagraph($post['txtVendorContact'])!==-1)||($handles['val']->ValidateParagraph($post['txtVendorAddress'])!==-1)||($handles['val']->ValidatePhone($post['txtVendorPhone'])!==-1)||($handles['val']->ValidateEmail($post['txtVendorEmail'])!==-1)||($handles['val']->ValidateParagraph($post['txtDepartmentName'])!==-1)||($handles['val']->ValidateParagraph($post['txtDepartmentContact'])!==-1)||($handles['val']->ValidateParagraph($post['txtDepartmentAddress'])!==-1)||($handles['val']->ValidatePhone($post['txtDepartmentPhone'])!==-1)||($handles['val']->ValidateEmail($post['txtDepartmentEmail'])!==-1)||($handles['val']->ValidateParagraph($post['txtOrderTrackingNumber'])!==-1)||($handles['val']->ValidateParagraph($post['txtOrderNotes'])!==-1)) {

     // determine our sql data
 				if($post['cmd']==="addPurchase") {
      $flag = 'add';
      $sql['main'] = $this->add($token,$order,$post);
					}
 				if($post['cmd']==="editPurchase") {
      $flag = 'edit';
				  $sql['main'] = $this->edit($post);
 				}
 				if($post['cmd']==="delPurchase") {
      $flag = 'del';
				  $sql['main'] = $this->delete($post);
 				}

     // handle our product list
     $sql['parts'] = $this->handleProducts($flag,$post['txtParts']);

     // success message
     $post['error'] = '<div class="error">' . $handles['err']->GenerateErrorImg( $defined['good'], "help/help.html", NULL, '800', '800' ) . '&nbsp;' . $message . '</div>';

				} else {
					// find our syntax errors
					$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
     $list = "<ul>";
     if($handles['val']->ValidateDate($post['txtOrderDate'])===-1){ $list .= "<li>Order date is invalid [mm/dd/yyyy]</li>"; $post['txtOrderDateErr'] = $erlink; }
					if($handles['val']->ValidateInteger($post['txtOrderNum'])===-1){ $list .= "<li>Order number invalid [integers only]</li>"; $post['txtOrderNumErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtOrderGroup'])===-1){ $list .= "<li>Order group id is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtOrderGroupErr'] = $erlink; }
					if($handles['val']->ValidateAlphaChar($post['txtAccountNumber'])===-1){ $list .= "<li>Order account number(s) is invalid [a-z 0-9]</li>"; $post['txtAccountNumberErr'] = $erlink; }
					if($handles['val']->ValidateDate($post['txtOrderETA'])===-1){ $list .= "<li>Order ETA date is invalid [mm/dd/yyyy]</li>"; $post['txtOrderETAErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtVendorName'])===-1){ $list .= "<li>Vendor name is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtVendorNameErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtVendorContact'])===-1){ $list .= "<li>Vendor contact is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtVendorContactErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtVendorAddress'])===-1){ $list .= "<li>Vendor address is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtVendorAddressErr'] = $erlink; }
					if($handles['val']->ValidatePhone($post['txtVendorPhone'])===-1){ $list .= "<li>Vendor phone number is invalid [xxx-xxx-xxxx]</li>"; $post['txtVendorPhoneErr'] = $erlink; }
					if($handles['val']->ValidateEmail($post['txtVendorEmail'])===-1){ $list .= "<li>Vendor email is invalid [_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,5}]</li>"; $post['txtVendorEmailErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtDepartmentName'])===-1){ $list .= "<li>Department name is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtDepartmentNameErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtDepartmentContact'])===-1){ $list .= "<li>Department contact is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtDepartmentContactErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtDepartmentAddress'])===-1){ $list .= "<li>Department address is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtDepartmentAddressErr'] = $erlink; }
					if($handles['val']->ValidatePhone($post['txtDepartmentPhone'])===-1){ $list .= "<li>Department phone number is invalid [xxx-xxx-xxxx]</li>"; $post['txtDepartmentPhoneErr'] = $erlink; }
					if($handles['val']->ValidateEmail($post['txtDepartmentEmail'])===-1){ $list .= "<li>Department email is invalid [_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,5}]</li>"; $post['txtDepartmentEmailErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtOrderTrackingNumber'])===-1){ $list .= "<li>Tracking number is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtOrderTrackingNumberErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtOrderNotes'])===-1){ $list .= "<li>Order notes is invalid [a-z 0-9 -!#$%&\'*+\\./=?^_`a-z{|}~<>.,]</li>"; $post['txtOrderNotesErr'] = $erlink; }
					$list .= "</ul>";
					$post['error'] = '<div class="error">' . $list . '</div>';
				}
			} else {echo $post['txtOrderDate'];
			 // find our required fields
				$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
    $list = "<ul>";
				if(empty($post['txtOrderDate'])){ $list .= "<li>Order date is missing</li>"; $post['txtOrderDateErr'] = $erlink; }
				if(empty($post['txtOrderNum'])){ $list .= "<li>Order number is missing</li>"; $post['txtOrderNumErr'] = $erlink; }
				if(empty($post['txtOrderGroup'])){ $list .= "<li>Order group owner is missing</li>"; $post['txtOrderGroupErr'] = $erlink; }
				if(count($post['txtParts'])===0){ $list .= "<li>Order product list is empty</li>"; $post['txtOrderPartsErr'] = $erlink; }
				if(empty($post['txtVendorName'])){ $list .= "<li>Vendor name is missing</li>"; $post['txtVendorNameErr'] = $erlink; }
				if(empty($post['txtVendorContact'])){ $list .= "<li>Vendor contact is missing</li>"; $post['txtVendorContactErr'] = $erlink; }
				if(empty($post['txtVendorAddress'])){ $list .= "<li>Vendor address is missing</li>"; $post['txtVendorAddressErr'] = $erlink; }
				if(empty($post['txtVendorPhone'])){ $list .= "<li>Vendor phone number is missing</li>"; $post['txtVendorPhoneErr'] = $erlink; }
				if(empty($post['txtVendorEmail'])){ $list .= "<li>Vendor email is missing</li>"; $post['txtVendorEmailErr'] = $erlink; }
				if(empty($post['txtDepartmentName'])){ $list .= "<li>Department name is missing</li>"; $post['txtDepartmentNameErr'] = $erlink; }
				if(empty($post['txtDepartmentContact'])){ $list .= "<li>Department contact is missing</li>"; $post['txtDepartmentContactErr'] = $erlink; }
				if(empty($post['txtDepartmentAddress'])){ $list .= "<li>Department address is missing</li>"; $post['txtDepartmentAddressErr'] = $erlink; }
				if(empty($post['txtDepartmentPhone'])){ $list .= "<li>Department phone number is missing</li>"; $post['txtDepartmentPhoneErr'] = $erlink; }
				if(empty($post['txtDepartmentEmail'])){ $list .= "<li>Department email is missing</li>"; $post['txtDepartmentEmailErr'] = $erlink; }
				$list .= "</ul>";
				$post['error'] = '<div class="error">' . $list . '</div>';
			}
		} else {
   $post = array_merge($post, $this->GenAllValues());
  }
  return $post;
 }

 function genAllValues()
 {
  $post['txtOrderDate'] = '';
  $post['txtOrderNum'] = '';
  $post['txtOrderGroup'] = '';
  $post['txtOrderAccountNumber'] = '';
  $post['txtOrderETA'] = '';
  $post['txtOrderParts'] = '';
  $post['txtVendorName'] = '';
  $post['txtVendorContact'] = '';
  $post['txtVendorAddress'] = '';
  $post['txtVendorPhone'] = '';
  $post['txtVendorEmail'] = '';
  $post['txtDepartmentName'] = '';
  $post['txtDepartmentContact'] = '';
  $post['txtDepartmentAddress'] = '';
  $post['txtDepartmentPhone'] = '';
  $post['txtDepartmentEmail'] = '';
  $post['txtOrderTrackingNumber'] = '';
  $post['txtOrderNotes'] = '';
  return $post;
 }

 function genAllErrors($post)
 {
  $post['error'] = '';
  $post['txtOrderDateErr'] = '*';
  $post['txtOrderNumErr'] = '*';
  $post['txtOrderGroupErr'] = '*';
  $post['txtOrderAccountNumberErr'] = '';
  $post['txtOrderETAErr'] = '';
  $post['txtOrderPartsErr'] = '*';
  $post['txtVendorNameErr'] = '*';
  $post['txtVendorContactErr'] = '*';
  $post['txtVendorAddressErr'] = '*';
  $post['txtVendorPhoneErr'] = '*';
  $post['txtVendorEmailErr'] = '*';
  $post['txtDepartmentNameErr'] = '*';
  $post['txtDepartmentContactErr'] = '*';
  $post['txtDepartmentAddressErr'] = '*';
  $post['txtDepartmentPhoneErr'] = '*';
  $post['txtDepartmentEmailErr'] = '*';
  $post['txtOrderTrackingNumberErr'] = '';
  $post['txtOrderNotesErr'] = '';
  return $post;
 }

 function genOrderNum()
 {
		global $defined;
  global $handles;

  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
		$sql = "SELECT `number` FROM `purchases`";
  if(($value = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql, $dbconn), $dbconn))!==-1) {
   if($handles['db']->dbNumRows($dbconn)>0) {
				$data = $handles['db']->dbArrayResultsAssoc($value);
			}
		}
 }

 function getDeptInfo($token)
	{
		global $defined;
  global $handles;

  $details = $handles['encrypt']->DecodeAuthTokenHeavy($token);
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $sql = "SELECT * FROM `departments` WHERE `dname` = \"" . $details[3] . "\"";
		if(($value = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql, $dbconn), $dbconn))!==-1) {
   if($handles['db']->dbNumRows($dbconn)>0) {
				$data = $handles['db']->dbArrayResultsAssoc($value);
			}
		}
		$handles['misc']->CleanUpVars($details, NULL);
  $handles['db']->dbFixTable("departments", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
	}

 function handleProducts($flag,$products)
 {
  if(count($products)>0) {
			foreach($products as $key => $value) {
				
			}
		}
 }

 function add($token,$order,$post)
 {
  return "INSERT INTO `purchases` (`resource`,`date`,`number`,`group`,`account`,`eta`,`vname`,`vcontact`,`vaddress`,`vphone`,`vemail`,`dname`,`dcontact`,`daddress`,`dphone`,`demail`,`tracking`,`notes`) VALUES (\"" . md5($post['txtOrderNum']) . "\",\"" . $post['txtOrderDate'] . "\",\"" . $post['txtOrderNum'] . "\",\"" . $post['txtOrderGroup'] . "\",\"" . $post['txtOrderAccountNumber'] . "\",\"" . $post['txtOrderETA'] . "\",\"" . $post['txtVendorName'] . "\",\"" . $post['txtVendorConact'] . "\",\"" . $post['txtVendorAddress'] . "\",\"" . $post['txtVendorPhone'] . "\",\"" . $post['txtVendorEmail'] . "\",\"" . $post['txtDepartmentName'] . "\",\"" . $post['txtDepartmentContact'] . "\",\"" . $post['txtDepartmentAddress'] . "\",\"" . $post['txtDepartmentPhone'] . "\",\"" . $post['txtDepartmentEmail'] . "\",\"" . $post['txtOrderTrackingNumber'] . "\",\"" . $post['txtOrderNotes'] . "\") ON DUPLICATE KEY UPDATE `resource` = \"" . md5($post['txtOrderNum']) . "\",`date` = \"" . $post['txtOrderDate'] . "\",`number` = \"" . $post['txtOrderNum'] . "\",`group` = \"" . $post['txtOrderGroup'] . "\",`account` = \"" . $post['txtOrderAccount'] . "\",`eta` = \"" . $post['txtOrderETA'] . "\",`vname` = \"" . $post['txtVendorName'] . "\",`vcontact` = \"" . $post['txtVendorContact'] . "\",`vaddress` = \"" . $post['txtVendorAddress'] . "\",`vphone` = \"" . $post['txtVendorPhone'] . "\",`vemail` = \"" . $post['txtVendorEmail'] . "\",`dname` = \"" . $post['txtDepartmentName'] . "\",`dcontact` = \"" . $post['txtDepartmentContact'] . "\",`daddress` = \"" . $post['txtDepartmentAddress'] . "\",`dphone` = \"" . $post['txtDepartmentPhone'] . "\",`demail` = \"" . $post['txtDepartmentEmail'] . "\",`tracking` = \"" . $post['txtOrderTrackingNumber'] . "\",`notes` = \"" . $post['txtOrderNotes'] . "\"";
 }

 function edit($post)
 {
  return "UPDATE `purchases` SET `resource` = \"" . md5($post['txtOrderNum']) . "\",`date` = \"" . $post['txtOrderDate'] . "\",`number` = \"" . $post['txtOrderNum'] . "\",`group` = \"" . $post['txtOrderGroup'] . "\",`account` = \"" . $post['txtOrderAccount'] . "\",`eta` = \"" . $post['txtOrderETA'] . "\",`vname` = \"" . $post['txtVendorName'] . "\",`vcontact` = \"" . $post['txtVendorContact'] . "\",`vaddress` = \"" . $post['txtVendorAddress'] . "\",`vphone` = \"" . $post['txtVendorPhone'] . "\",`vemail` = \"" . $post['txtVendorEmail'] . "\",`dname` = \"" . $post['txtDepartmentName'] . "\",`dcontact` = \"" . $post['txtDepartmentContact'] . "\",`daddress` = \"" . $post['txtDepartmentAddress'] . "\",`dphone` = \"" . $post['txtDepartmentPhone'] . "\",`demail` = \"" . $post['txtDepartmentEmail'] . "\",`tracking` = \"" . $post['txtOrderTrackingNumber'] . "\",`notes` = \"" . $post['txtOrderNotes'] . "\" WHERE `number` = \"" . $post['txtOrderNum'] . "\" LIMIT 1";
 }
 
 function delete($post)
 {
  return "DELETE FROM `purchases` WHERE `number` = \"" . $post['txtOrderNum'] . "\" LIMIT 1";
 }

}
?>
Return current item: phpMyOrdering