class.vendors.php at phpMyOrdering

<?PHP
/*
 * phpMyPurchasing - All rights reserved.
 * Jason Gerfen [hide@address.com]
 *
 * class.vendors.php - vendors management libs
 *
 */

class vendors
{

 function process($token,$get,$post,$server)
 {
  global $errors, $handles, $defined;

  $user_details = $handles['encrypt']->DecodeAuthTokenHeavy($token);
		$user = $user_details[0];
  $group = $user_details[3];

  $post = array_merge($post,$this->GenAllErrors($post));

		if(!empty($post['cmd'])) {
			if((!empty($post['txtVendorName']))&&(!empty($post['txtVendorManager']))&&(!empty($post['txtVendorAddress']))&&(!empty($post['txtVendorPhone']))&&(!empty($post['txtVendorEmail']))) {
				if(($handles['val']->ValidateParagraph($post['txtDeparmentName'])!==-1)&&($handles['val']->ValidateParagraph($post['txtVendorManager'])!==-1)&&($handles['val']->ValidateParagraph($post['txtVendorAddress'])!==-1)&&($handles['val']->ValidateParagraph($post['txtVendorPhone'])!==-1)&&($handles['val']->ValidateParagraph($post['txtVendorEmail'])!==-1)) {

 				if($post['cmd']==="addVendor") {
      $flag = 'add';
      $sql['main'] = $this->add($token,$order,$post,$user);
					}
 				if($post['cmd']==="editVendor") {
      $flag = 'edit';
				  $sql['main'] = $this->edit($post,$user);
 				}
 				if($post['cmd']==="delVendor") {
      $flag = 'del';
				  $sql['main'] = $this->delete($post);
      $sql['resource'] = $this->dresource($post);
      $sql['uresource'] = $this->duresource($post);
 				}

     if($post['cmd']!=="delVendor") {
      $sql['resource'] = $this->resource($user,$post);
      $sql['gresource'] = $this->gresource($group,$post);
      $sql['uresource'] = $this->uresource($user,$post);
     }

     $result = $this->execute($sql);
     if($result==='-1'){
      $x = $defined['error']; $class = "error";
      $message = "A database error occured when saving changes to '$post[txtVendorName]'";
     } else {
      $x = $defined['good']; $class = "good";
      $message = "Changes to '$post[txtVendorName]' were successful. $result changes were made.";
     }

     $post['error'] = '<div class="' . $class . '">' . $handles['err']->GenerateErrorImg( $x, "help/help.html", NULL, '800', '800' ) . '&nbsp;' . $message . '</div>';

				} else {
					$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
     $list = "<ul>";
     if($handles['val']->ValidateParagraph($post['txtVendorName'])===-1){ $list .= "<li>Vendor name field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtVendorNameErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtVendorManager'])===-1){ $list .= "<li>Vendor manager field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtVendorManagerErr'] = $erlink; }
     if($handles['val']->ValidateParagraph($post['txtVendorAddress'])===-1){ $list .= "<li>Vendor address field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtVendorAddressErr'] = $erlink; }
     if($handles['val']->ValidatePhone($post['txtVendorPhone'])===-1){ $list .= "<li>Vendor phone number is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtVendorPhoneErr'] = $erlink; }
     if($handles['val']->ValidateParagraph($post['txtVendorEmail'])===-1){ $list .= "<li>Vendor email is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtVendorEmailErr'] = $erlink; }
					$list .= "</ul>";
					$post['error'] = '<div class="error">' . $list . '</div>';
				}
			} else {
				$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
    $list = "<ul>";
				if(empty($post['txtVendorName'])){ $list .= "<li>Vendor name is missing</li>"; $post['txtVendorNameErr'] = $erlink; }
    if(empty($post['txtVendorManager'])){ $list .= "<li>Vendor manager is missing</li>"; $post['txtVendorManagerErr'] = $erlink; }
    if(empty($post['txtVendorAddress'])){ $list .= "<li>Vendor address is missing</li>"; $post['txtVendorAddressErr'] = $erlink; }
    if(empty($post['txtVendorPhone'])){ $list .= "<li>Vendor phone is missing</li>"; $post['txtVendorPhoneErr'] = $erlink; }
    if(empty($post['txtVendorEmail'])){ $list .= "<li>Vendor email is missing</li>"; $post['txtVendorEmailErr'] = $erlink; }
				$list .= "</ul>";
				$post['error'] = '<div class="error">' . $list . '</div>';
			}
		} else {
   $post = array_merge($post, $this->GenAllValues());
  }

  if(function_exists("json_encode")) {
   $jsonVendors = json_encode(array_map($handles['val']->ValidateXSS,$this->getVendors()));
  } else {
   $jsonVendors = $handles['misc']->arr2json(array_map($handles['val']->ValidateXSS,$this->getVendors()));
  }
  $post['jsonVendors'] = 'var vendors = ' . $jsonVendors . ';';

  return $post;
 }

 function genAllValues()
 {
  $post['txtVendorName'] = '';
  $post['txtVendorManager'] = '';
  $post['txtVendorAddress'] = '';
  $post['txtVendorPhone'] = '';
  $post['txtVendorEmail'] = '';
  return $post;
 }

 function genAllErrors($post)
 {
  $post['error'] = '';
  $post['lerror'] = '';
  $post['txtVendorNameErr'] = '*';
  $post['txtVendorManagerErr'] = '*';
  $post['txtVendorAddressErr'] = '*';
  $post['txtVendorPhoneErr'] = '*';
  $post['txtVendorEmailErr'] = '*';
  return $post;
 }

 function getVendors()
 {
  global $defined,$handles;
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $lvl = "SELECT * FROM `vendors` ORDER BY `txtVendorName` ASC";
		if(($return = $handles['db']->dbQuery($handles['val']->ValidateSQL($lvl,$dbconn),$dbconn))!==-1) {
   if($handles['db']->dbNumRows($return)>0) {
  	 $data = $handles['db']->dbArrayResultsAssoc($return);
   }
		}
  $handles['db']->dbFixTable("levels", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
 }

 function add($token,$order,$post,$user)
 {
  return "INSERT INTO `vendors` (`txtVendorName`,`txtVendorManager`,`txtVendorAddress`,`txtVendorPhone`,`txtVendorEmail`) VALUES (\"" . $post['txtVendorName'] . "\",\"" . $post['txtVendorManager'] . "\",\"" . $post['txtVendorAddress'] . "\",\"" . $post['txtVendorPhone'] . "\",\"" . $post['txtVendorEmail'] . "\") ON DUPLICATE KEY UPDATE `txtVendorName` = \"" . $post['txtVendorName'] . "\",`txtVendorManager` = \"" . $post['txtVendorManager'] . "\",`txtVendorAddress` = \"" . $post['txtVendorAddress'] . "\",`txtVendorPhone` = \"" . $post['txtVendorPhone'] . "\",`txtVendorEmail` = \"" . $post['txtVendorEmail'] . "\"";
 }

 function edit($post,$user)
 {
  return "UPDATE `vendors` SET `txtVendorName` = \"" . $post['txtVendorName'] . "\",`txtVendorManager` = \"" . $post['txtVendorManager'] . "\",`txtVendorAddress` = \"" . $post['txtVendorAddress'] . "\",`txtVendorPhone` = \"" . $post['txtVendorPhone'] . "\",`txtVendorEmail` = \"" . $post['txtVendorEmail'] . "\" WHERE `txtVendorName` = \"" . $post['txtVendorName'] . "\" LIMIT 1";
 }
 
 function delete($post)
 {
  return "DELETE FROM `vendors` WHERE `txtVendorName` = \"" . $post['txtVendorName'] . "\" LIMIT 1";
 }

 function resource($user,$post)
 {
  return "INSERT INTO `resources` (`txtObjectID`,`txtObjectName`,`txtObjectOwner`) VALUES (\"" . md5($post['txtVendorName']) . "\", \"" . $post['txtVendorName'] . "\", \"" . $user . "\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\",`txtObjectName` = \"" . $post['txtVendorName'] . "\"";
 }
 
 function gresource($group,$post)
 {
  return "INSERT INTO `gresources` (`txtObjectID`,`txtObjectGroup`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . md5($post['txtVendorName']) . "\", \"" . $group . "\", \"1\", \"1\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\",`txtObjectGroup` = \"" . $group . "\",`txtObjectRead` = \"1\", `txtObjectWrite` = \"1\"";
 }

 function uresource($user,$post)
 {
  return "INSERT INTO `uresources` (`txtObjectID`,`txtObjectUser`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . md5($post['txtVendorName']) . "\", \"" . $user . "\", \"1\", \"1\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\",`txtObjectUser` = \"" . $user . "\",`txtObjectRead` = \"1\", `txtObjectWrite` = \"1\"";
 }

 function dresource($post)
 {
  return "DELETE FROM `resources` WHERE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\" LIMIT 1";
 }
 
 function duresource($user)
 {
  return "DELETE FROM `uresources` WHERE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\"";
 }

 function dgresource($user)
 {
  return "DELETE FROM `gresources` WHERE `txtObjectID` = \"" . md5($post['txtVendorName']) . "\"";
 }

 function execute($sql)
 {
  global $defined, $handles;
  if(count($sql)>0) {
   $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
   foreach($sql as $key => $value) {
    if(($res = $handles['db']->dbQuery($handles['val']->ValidateSQL($value, $dbconn), $dbconn))!==-1) {
     if(($a=$handles['db']->dbNumRowsAffected($dbconn))>0) {
      $a++;
      $return = $a;
			  }
		  } else {
     $return = '-1';
    }
   }
   $handles['db']->dbFixTable("vendors", $dbconn);
   $handles['db']->dbFixTable("resources", $dbconn);
   $handles['db']->dbFixTable("gresources", $dbconn);
   $handles['db']->dbFixTable("uresources", $dbconn);
   $handles['db']->dbFreeData($dbconn);
   $handles['db']->dbCloseConn($dbconn);
  }
  return $return;
 }

}

?>