<?
include "./auth.inc.php";
if ($security<90)
die();
if ($supervisor){
$approved=1;
$save=1;
}
if ($save){
if ($SupplierID == '0'){
if (!$ABN)
$e.="<P>Please Enter An ABN.";
if (!$Company)
$e.="<P>Please Enter a Company Name";
#no names for now..
$LastName=$Company;
if (!$e){
$isql = "INSERT INTO MasterAccounts(FirstName, LastName, Company, ABN,Address,Suburb,Postcode,PhoneWork,VISP,Supplier,Approved)
VALUES('$FirstName','$LastName','$Company','$ABN','$Address','$Suburb','$Postcode','$PhoneWork',1,1,'$approved')";
mysql_query($isql);
if (mysql_error()){
$e.="<P>";
$e.=mysql_error();
}else{
$ssql = "SELECT LAST_INSERT_ID()";
$sres = mysql_query($ssql);
$SupplierID = mysql_result($sres,0);
}
}
}elseif(!$SupplierID){
$e.="<P>No Supplier Selected!";
}
if (!$PurchaseCode || $PurchaseCode=='0'){
if ($CodeID > 0 && $CodeName){
$cisql = "INSERT INTO PurchaseCodes(CodeID,CodeName)
VALUES('$CodeID','$CodeName')";
mysql_query($cisql);
if (mysql_error())
$e.=mysql_error();
$PurchaseCode=mysql_insert_id();
}else{
$e.="<P>Please Choose a Purchase Code";
}
}
if (!$e){
if ($Cost){
if (!$GST){
$excost = $Cost;
$gst=0;
if ($TotalCost){
$gst=$TotalCost-$Cost;
}
}else{
$excost=$Cost;
$gst=$GST;
}
}elseif($GST){
$gst=$GST;
if ($TotalPrice){
$excost=$TotalPrice-$GST;
}else{
$e.="<P>GST only makes no sense.";
}
}elseif($TotalPrice){
$gst=$TotalPrice/11;
$excost=$TotalPrice/1.1;
}else{
$e.="<P>Please Enter a Price or GST Charges.";
}
}
if (!$e){
$identity="$REMOTE_ADDR-$PHP_AUTH_USER";
#if ($ItemOnly)
# $ItemOnly=1;
if (!$PurchaseDate)
$PurchaseDate="now()";
else
$PurchaseDate = "'".$PurchaseDate."'";
#$isql = "INSERT INTO Purchases(SupplierID,PurchaseDesc,Cost,GST,
#PurchaseDate,Identifier,SupplierCode,ItemOnly)
# VALUES('$SupplierID','$Purchase','$excost','$gst',now(),'$identity','$SupplierCode','$ItemOnly')";
#mysql_query($isql);
$usql = "UPDATE Purchases SET
SupplierID='$SupplierID',
PurchaseDesc='$Purchase',
Cost='$excost',
GST='$gst',
PurchaseDate=$PurchaseDate,
Identifier='$identity',
SupplierCode='$SupplierCode',
ItemOnly='$ItemOnly',
ChequeID='$ChequeID',
PurchaseCode='$PurchaseCode',
Approved='$approved'
WHERE PurchaseID='$ID'";
mysql_query($usql);
if (mysql_error())
$e.=mysql_error();
if (!$e){
if ($supervisor){
$nsql = "SELECT PurchaseID
FROM Purchases
WHERE PurchaseID > $ID
AND Approved !=1
ORDER BY PurchaseID ASC";
$nres = mysql_query($nsql);
$nextid = mysql_result($nres,0);
if ($nextid){
header("Location: purchaseedit.php?ID=$nextid");
exit;
}
}
print $usql;
print "Purchase Added, ID is:<BR><h1>";
print "$ID";
exit;
}
}
}
if ($supervisor){
print "test.$usql";
}
$psql = "SELECT * FROM Purchases WHERE PurchaseID=$ID";
$pres = mysql_query($psql);
if (mysql_error())
print mysql_error().$psql;
$pr = mysql_fetch_array($pres);
#print $pr[SupplierID];
?><HTML>
<HEAD></HEAD>
<BODY bgcolor=white>
<H2>Purchases</H2>
<H1>ID: <? echo $ID ?></H1>
<? if ($e)
print $e;
?>
<TABLE>
<form>
<INPUT TYPE=HIDDEN NAME=ID VALUE="<? echo $ID ?>">
<INPUT TYPE=HIDDEN NAME=SupplierID VALUE="<? echo $pr[SupplierID] ?>">
<TR><TD>Supplier</TD><TD>
<?
$ssql = "SELECT CustomerID, Company, FirstName, LastName, Address, ABN, Suburb, Postcode,State FROM MasterAccounts WHERE
CustomerID=$pr[SupplierID]";
$sres = mysql_query($ssql);
#print $ssql;
if (mysql_error())
print mysql_error().$ssql;
$srow = mysql_fetch_array($sres);
print "$srow[Company]";
?>
</TD></TR>
<? $bg="bgcolor=#DDDDDD" ?>
<tr <? echo $bg ?>>
<TD align=right>ABN</TD><TD><? echo $srow[ABN]; ?></TD>
</TR>
<tr <? echo $bg ?>>
<TD align=right>Street Address</TD><TD><? print $srow[Address] ?></TD>
</TR>
<tr <? echo $bg ?>>
<TD align=right>Suburb</TD><TD><? print $srow[Suburb] ?></TD>
</TR>
<tr <? echo $bg ?>>
<TD align=right>Postcode</TD><TD><? print $srow[Postcode] ?></TD>
</TR>
<tr <? echo $bg ?>>
<TD align=right>State</TD><TD><? print $srow[State] ?></TD>
</TR>
<TR><TD> </TD></TR>
<TR>
<TD><H2>Purchase Description</H2></TD>
<TD colspan=2><TEXTAREA NAME=Purchase rows=5 cols=40><? echo $pr[PurchaseDesc] ?></TEXTAREA></TD>
</TR>
<TR>
<TD>ex-GST Price</TD><TD><input type=text name=Cost value="<? echo $pr[Cost] ?>"></TD>
<TD rowspan=3>Please fill out no more than 2 of these boxes</TD>
</TR>
<TR>
<TD>GST Charged</TD><TD><input type=text name=GST value="<? echo $pr[GST] ?>"></TD>
</TR>
<TR>
<TD>GST.inc.php.php.php.php.php.php price</TD><TD><input type=text name=TotalPrice value="<? echo $pr[GST] + $pr[Cost] ?>"></TD>
</TR>
<tr>
<TD>Date of Purchase</TD><TD><input type=text name=PurchaseDate value="<? echo $pr[PurchaseDate] ?>"></TD><TD>(YYYY-MM-DD,
Blank for
today)</TD>
</TR>
<tr>
<TD>Supplier Invoice Number/Code</TD>
<TD><input type=text name=SupplierCode value="<? echo $pr[SupplierCode] ?>"></TD>
</TR>
<tr>
<TD>Cheque Number</TD>
<TD><input type=text name=ChequeID value="<? echo $pr[ChequeID] ?>"></TD>
</TR>
<tr>
<TD>Itemised Bill</TD>
<TD><SELECT NAME=ItemOnly>
<? $isql = "SELECT PurchaseGroupID, PGName
FROM PurchaseGroup
ORDER BY PGName";
$ires = mysql_query($isql);
while ($i = mysql_fetch_row($ires)){
print "<option value=\"$i[0]\"";
if ($pr[ItemOnly]==$i[0]){
print " selected";
}
print ">$i[1]</option>\n";
}
?></SELECT>
</TD
</TR>
<tr>
<td>Purchase Code</td>
<TD><SELECT NAME=PurchaseCode>
<option value="0">(New Code) -></option>
<?
$csql = "SELECT CodeID, CodeName FROM PurchaseCodes ORDER BY CodeID";
$cres = mysql_query($csql);
while ($crow = mysql_fetch_array($cres)){
print "<option value=\"$crow[CodeID]\"";
if ($pr[PurchaseCode] == $crow[CodeID])
print " selected";
print ">$crow[CodeID] - $crow[CodeName]</option>\n";
}
?>
</select></td>
<td>Name: <input type=text name=CodeName><br>
Number: <input type=text name=CodeID></td>
</TR>
</TABLE>
<INPUT TYPE=SUBMIT NAME=save VALUE="Save Details">
<? if ($security >= 100){ ?>
<INPUT TYPE=SUBMIT NAME=supervisor VALUE="Supervisor Approve">
<? } ?>
</FORM>
<BR>
<A HREF="purchase-delete.php?ID=<? echo $ID ?>">Delete This Record</A>
</BODY>
</HTML>