hasPermission("INV_EDIT")) { returnToSender("no_edit_permission"); } switch ($VARS['action']) { case "edititem": $insert = true; if (is_empty($VARS['itemid'])) { $insert = true; } else { if ($database->has('items', ['itemid' => $VARS['itemid']])) { $insert = false; } else { returnToSender("invalid_itemid"); } } if (is_empty($VARS['name'])) { returnToSender('missing_name'); } if (!is_empty($VARS['catstr']) && is_empty($VARS['cat'])) { if ($database->count("categories", ["catname" => $VARS['catstr']]) == 1) { $VARS['cat'] = $database->get("categories", 'catid', ["catname" => $VARS['catstr']]); } else { returnToSender('use_the_drop_luke'); } } if (!is_empty($VARS['locstr']) && is_empty($VARS['loc'])) { if ($database->count("locations", ["locname" => $VARS['locstr']]) == 1) { $VARS['loc'] = $database->get("locations", 'locid', ["locname" => $VARS['locstr']]); } else { returnToSender('use_the_drop_luke'); } } if (is_empty($VARS['cat']) || is_empty($VARS['loc'])) { returnToSender('invalid_parameters'); } if (is_empty($VARS['qty'])) { $VARS['qty'] = 1; } else if (!is_numeric($VARS['qty'])) { returnToSender('field_nan'); } if (is_empty($VARS['want'])) { $VARS['want'] = 0; } else if (!is_numeric($VARS['want'])) { returnToSender('field_nan'); } if (is_empty($VARS['cost'])) { $VARS['cost'] = null; } else if (!is_numeric($VARS['cost'])) { returnToSender('field_nan'); } if (is_empty($VARS['price'])) { $VARS['price'] = null; } else if (!is_numeric($VARS['price'])) { returnToSender('field_nan'); } if (!$database->has('categories', ['catid' => $VARS['cat']])) { returnToSender('invalid_category'); } if (!$database->has('locations', ['locid' => $VARS['loc']])) { returnToSender('invalid_location'); } $userid = null; if (!empty($VARS['assignedto'])) { $assigneduser = User::byUsername($VARS['assignedto']); if ($assigneduser->exists()) { $userid = $assigneduser->getUID(); } } $data = [ 'name' => $VARS['name'], 'code1' => $VARS['code1'], 'code2' => $VARS['code2'], 'text1' => $VARS['text1'], 'text2' => $VARS['text2'], 'text3' => $VARS['text3'], 'catid' => $VARS['cat'], 'locid' => $VARS['loc'], 'qty' => $VARS['qty'], 'want' => $VARS['want'], 'cost' => $VARS['cost'], 'price' => $VARS['price'], 'userid' => $userid ]; if ($insert) { $database->insert('items', $data); } else { $database->update('items', $data, ['itemid' => $VARS['itemid']]); } returnToSender("item_saved"); case "editcat": $insert = true; if (is_empty($VARS['catid'])) { $insert = true; } else { if ($database->has('categories', ['catid' => $VARS['catid']])) { $insert = false; } else { returnToSender("invalid_catid"); } } if (is_empty($VARS['name'])) { returnToSender('invalid_parameters'); } $data = [ 'catname' => $VARS['name'] ]; if ($insert) { $database->insert('categories', $data); } else { $database->update('categories', $data, ['catid' => $VARS['catid']]); } returnToSender("category_saved"); case "editloc": $insert = true; if (is_empty($VARS['locid'])) { $insert = true; } else { if ($database->has('locations', ['locid' => $VARS['locid']])) { $insert = false; } else { returnToSender("invalid_locid"); } } if (is_empty($VARS['name'])) { returnToSender('invalid_parameters'); } $data = [ 'locname' => $VARS['name'], 'loccode' => $VARS['code'], 'locinfo' => $VARS['info'] ]; if ($insert) { $database->insert('locations', $data); } else { $database->update('locations', $data, ['locid' => $VARS['locid']]); } returnToSender("location_saved"); case "deleteitem": if ($database->has('items', ['itemid' => $VARS['itemid']])) { $database->delete('items', ['itemid' => $VARS['itemid']]); returnToSender("item_deleted"); } returnToSender("invalid_parameters"); case "deletecat": if ($database->has('categories', ['catid' => $VARS['catid']])) { if ($database->has('items', ['catid' => $VARS['catid']])) { returnToSender("category_in_use"); } $database->delete('categories', ['catid' => $VARS['catid']]); returnToSender("category_deleted"); } returnToSender("invalid_parameters"); case "deleteloc": if ($database->has('locations', ['locid' => $VARS['locid']])) { if ($database->has('items', ['locid' => $VARS['locid']])) { returnToSender("location_in_use"); } $database->delete('locations', ['locid' => $VARS['locid']]); returnToSender("location_deleted"); } returnToSender("invalid_parameters"); case "autocomplete_category": exit(json_encode($database->select('categories', ['catid (id)', 'catname (name)'], ['catname[~]' => $VARS['q'], 'LIMIT' => 10]))); case "autocomplete_location": exit(json_encode($database->select('locations', ['locid (id)', 'locname (name)'], ["OR" => ['locname[~]' => $VARS['q'], 'loccode' => $VARS['q']], 'LIMIT' => 10]))); case "autocomplete_user": header("Content-Type: application/json"); $client = new GuzzleHttp\Client(); $response = $client ->request('POST', PORTAL_API, [ 'form_params' => [ 'key' => PORTAL_KEY, 'action' => "usersearch", 'search' => $VARS['q'] ] ]); if ($response->getStatusCode() != 200) { exit("[]"); } $resp = json_decode($response->getBody(), TRUE); if ($resp['status'] == "OK") { exit(json_encode($resp['result'])); } else { exit("[]"); } break; case "signout": session_destroy(); header('Location: index.php'); die("Logged out."); }