Accounts.php 6.42 KB
Newer Older
François Jacquet's avatar
François Jacquet committed
1 2
<?php

3 4
require_once 'ProgramFunctions/TipMessage.fnc.php';

François Jacquet's avatar
François Jacquet committed
5
if ( $_REQUEST['modfunc'] === 'update' )
François Jacquet's avatar
François Jacquet committed
6
{
François Jacquet's avatar
François Jacquet committed
7 8 9
	if ( UserStaffID()
		&& AllowEdit() )
	{
10
		if ( ! empty( $_REQUEST['submit']['delete'] ) )
François Jacquet's avatar
François Jacquet committed
11
		{
12 13 14 15 16
			if ( DeletePrompt( _( 'User Account' ) ) )
			{
				DBQuery( "DELETE FROM FOOD_SERVICE_STAFF_ACCOUNTS
					WHERE STAFF_ID='" . UserStaffID() . "'" );

François Jacquet's avatar
François Jacquet committed
17 18 19
				// Unset modfunc & redirect URL.
				RedirectURL( 'modfunc' );
			}
François Jacquet's avatar
François Jacquet committed
20

François Jacquet's avatar
François Jacquet committed
21 22
			//unset($_REQUEST['submit']);
		}
23
		elseif ( ! empty( $_REQUEST['food_service'] ) )
François Jacquet's avatar
François Jacquet committed
24
		{
25
			if ( ! empty( $_REQUEST['food_service']['BARCODE'] ) )
François Jacquet's avatar
François Jacquet committed
26
			{
27 28 29 30
				$question = _( 'Are you sure you want to assign that barcode?' );

				$account_id = DBGetOne( "SELECT STAFF_ID
					FROM FOOD_SERVICE_STAFF_ACCOUNTS
François Jacquet's avatar
François Jacquet committed
31 32
					WHERE BARCODE='" . trim( $_REQUEST['food_service']['BARCODE'] ) . "'
					AND STAFF_ID!='" . UserStaffID() . "'" );
33 34

				if ( $account_id )
François Jacquet's avatar
François Jacquet committed
35
				{
36
					$staff_full_name = DBGetOne( "SELECT " . DisplayNameSQL() . " AS FULL_NAME
37
						FROM STAFF
38
						WHERE STAFF_ID='" . $account_id . "'" );
39

40
					$message = sprintf(
François Jacquet's avatar
François Jacquet committed
41
						_( "That barcode is already assigned to User <b>%s</b>." ),
42
						$staff_full_name
François Jacquet's avatar
François Jacquet committed
43 44
					) . ' ' .
					_( "Hit OK to reassign it to the current user or Cancel to cancel all changes." );
François Jacquet's avatar
François Jacquet committed
45 46 47
				}
				else
				{
48 49
					$account_id = DBGetOne( "SELECT ACCOUNT_ID
						FROM FOOD_SERVICE_STUDENT_ACCOUNTS
François Jacquet's avatar
François Jacquet committed
50
						WHERE BARCODE='" . trim( $_REQUEST['food_service']['BARCODE'] ) . "'" );
51 52

					if ( $account_id )
François Jacquet's avatar
François Jacquet committed
53
					{
54
						$student_full_name = DBGetOne( "SELECT " . DisplayNameSQL( 's' ) . " AS FULL_NAME
55 56
							FROM STUDENTS s,FOOD_SERVICE_STUDENT_ACCOUNTS fssa
							WHERE s.STUDENT_ID=fssa.STUDENT_ID
57
							AND fssa.ACCOUNT_ID='" . $account_id . "'" );
58

59
						$message = sprintf(
François Jacquet's avatar
François Jacquet committed
60
							_( "That barcode is already assigned to Student <b>%s</b>." ),
61
							$student_full_name
François Jacquet's avatar
François Jacquet committed
62 63
						) . ' ' .
						_( "Hit OK to reassign it to the user student or Cancel to cancel all changes." );
François Jacquet's avatar
François Jacquet committed
64 65 66 67
					}
				}
			}

68
			if ( ! $account_id
François Jacquet's avatar
François Jacquet committed
69 70 71
				|| Prompt( 'Confirm', $question, $message ) )
			{
				$sql = 'UPDATE FOOD_SERVICE_STAFF_ACCOUNTS SET ';
François Jacquet's avatar
François Jacquet committed
72 73 74

				foreach ( (array) $_REQUEST['food_service'] as $column_name => $value )
				{
François Jacquet's avatar
François Jacquet committed
75
					$sql .= DBEscapeIdentifier( $column_name ) . "='" . trim( $value ) . "',";
François Jacquet's avatar
François Jacquet committed
76 77 78 79
				}

				$sql = mb_substr( $sql, 0, -1 ) . " WHERE STAFF_ID='" . UserStaffID() . "'";

80
				if ( ! empty( $_REQUEST['food_service']['BARCODE'] ) )
François Jacquet's avatar
François Jacquet committed
81
				{
François Jacquet's avatar
François Jacquet committed
82 83
					DBQuery( "UPDATE FOOD_SERVICE_STAFF_ACCOUNTS SET BARCODE=NULL WHERE BARCODE='" . trim( $_REQUEST['food_service']['BARCODE'] ) . "'" );
					DBQuery( "UPDATE FOOD_SERVICE_STUDENT_ACCOUNTS SET BARCODE=NULL WHERE BARCODE='" . trim( $_REQUEST['food_service']['BARCODE'] ) . "'" );
François Jacquet's avatar
François Jacquet committed
84 85 86 87 88 89
				}

				DBQuery( $sql );

				// Unset modfunc redirect URL.
				RedirectURL( 'modfunc' );
90
			}
François Jacquet's avatar
François Jacquet committed
91 92 93 94 95 96 97
		}
	}
	else
	{
		// Unset modfunc & redirect URL.
		RedirectURL( 'modfunc' );
	}
François Jacquet's avatar
François Jacquet committed
98 99
}

François Jacquet's avatar
François Jacquet committed
100
if ( $_REQUEST['modfunc'] === 'create' )
François Jacquet's avatar
François Jacquet committed
101
{
102 103
	if ( UserStaffID()
		&& AllowEdit()
104
		&& ! DBGet( "SELECT 1
105
			FROM FOOD_SERVICE_STAFF_ACCOUNTS
106
			WHERE STAFF_ID='" . UserStaffID() . "'" ) )
François Jacquet's avatar
François Jacquet committed
107
	{
François Jacquet's avatar
François Jacquet committed
108 109 110 111 112 113 114 115 116 117 118
		$fields = 'STAFF_ID,BALANCE,TRANSACTION_ID,';
		$values = "'" . UserStaffID() . "','0.00','0',";

		foreach ( (array) $_REQUEST['food_service'] as $column_name => $value )
		{
			$fields .= DBEscapeIdentifier( $column_name ) . ',';

			$values .= "'" . trim( $value ) . "',";
		}

		$sql = 'INSERT INTO FOOD_SERVICE_STAFF_ACCOUNTS (' . mb_substr( $fields, 0, -1 ) .
François Jacquet's avatar
François Jacquet committed
119
		') VALUES (' . mb_substr( $values, 0, -1 ) . ')';
François Jacquet's avatar
François Jacquet committed
120 121

		DBQuery( $sql );
François Jacquet's avatar
François Jacquet committed
122
	}
François Jacquet's avatar
François Jacquet committed
123 124 125

	// Unset modfunc & food service & redirect URL.
	RedirectURL( array( 'modfunc', 'food_service' ) );
François Jacquet's avatar
François Jacquet committed
126 127
}

François Jacquet's avatar
François Jacquet committed
128 129 130 131
StaffWidgets( 'fsa_balance' );
StaffWidgets( 'fsa_status' );
StaffWidgets( 'fsa_barcode' );
StaffWidgets( 'fsa_exists_Y' );
François Jacquet's avatar
François Jacquet committed
132

133
$extra['SELECT'] = issetVal( $extra['SELECT'], '' );
François Jacquet's avatar
François Jacquet committed
134
$extra['SELECT'] .= ",(SELECT BALANCE FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS BALANCE";
135
$extra['SELECT'] .= ",(SELECT coalesce(STATUS,'" . DBEscapeString( _( 'Active' ) ) . "') FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS STATUS";
François Jacquet's avatar
François Jacquet committed
136 137
$extra['functions'] += array( 'BALANCE' => 'red' );
$extra['columns_after'] = array( 'BALANCE' => _( 'Balance' ), 'STATUS' => _( 'Status' ) );
François Jacquet's avatar
François Jacquet committed
138

François Jacquet's avatar
François Jacquet committed
139
Search( 'staff_id', $extra );
François Jacquet's avatar
François Jacquet committed
140

François Jacquet's avatar
François Jacquet committed
141
if ( UserStaffID() && ! $_REQUEST['modfunc'] )
François Jacquet's avatar
François Jacquet committed
142
{
143
	$staff = DBGet( "SELECT s.STAFF_ID," . DisplayNameSQL( 's' ) . " AS FULL_NAME,
144 145 146
	(SELECT s.STAFF_ID FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS ACCOUNT_ID,
	(SELECT STATUS FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS STATUS,
	(SELECT BALANCE FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS BALANCE,
147 148
	(SELECT BARCODE FROM FOOD_SERVICE_STAFF_ACCOUNTS WHERE STAFF_ID=s.STAFF_ID) AS BARCODE
	FROM STAFF s
149
	WHERE s.STAFF_ID='" . UserStaffID() . "'" );
150

François Jacquet's avatar
François Jacquet committed
151 152
	$staff = $staff[1];

François Jacquet's avatar
François Jacquet committed
153
	if ( $staff['ACCOUNT_ID'] )
François Jacquet's avatar
François Jacquet committed
154
	{
François Jacquet's avatar
François Jacquet committed
155
		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=update" method="POST">';
156 157 158 159

		DrawHeader(
			'',
			SubmitButton( _( 'Save' ), 'submit[save]' ) .
160 161 162 163
			( $staff['BALANCE'] == 0 ?
				SubmitButton( _( 'Delete Account' ), 'submit[delete]', '' ) : // No .primary button class.
				''
			)
164
		);
François Jacquet's avatar
François Jacquet committed
165 166 167
	}
	else
	{
François Jacquet's avatar
François Jacquet committed
168
		echo '<form action="Modules.php?modname=' . $_REQUEST['modname'] . '&modfunc=create" method="POST">';
169
		DrawHeader( '', SubmitButton( _( 'Create Account' ) ) );
François Jacquet's avatar
François Jacquet committed
170 171
	}

François Jacquet's avatar
François Jacquet committed
172
	echo '<br />';
François Jacquet's avatar
François Jacquet committed
173
	PopTable( 'header', _( 'Account Information' ), 'width="100%"' );
François Jacquet's avatar
François Jacquet committed
174

175
	echo '<table class="width-100p valign-top fixed-col"><tr><td>';
176

177
	echo NoInput( $staff['FULL_NAME'], $staff['STAFF_ID'] );
178 179

	// warn if other users associated with the same account
François Jacquet's avatar
François Jacquet committed
180

181
	if ( ! $staff['ACCOUNT_ID'] )
François Jacquet's avatar
François Jacquet committed
182
	{
183 184 185 186 187
		echo '<br />' . MakeTipMessage(
			_( 'This user does not have a Meal Account.' ),
			_( 'Warning' ),
			button( 'warning' )
		);
François Jacquet's avatar
François Jacquet committed
188
	}
189

190
	echo '</td><td>';
François Jacquet's avatar
François Jacquet committed
191

192
	echo NoInput( red( $staff['BALANCE'] ), _( 'Balance' ) );
François Jacquet's avatar
François Jacquet committed
193

194
	echo '</td></tr></table>';
François Jacquet's avatar
François Jacquet committed
195
	echo '<hr />';
François Jacquet's avatar
François Jacquet committed
196

197
	echo '<table class="width-100p valign-top fixed-col"><tr><td>';
François Jacquet's avatar
François Jacquet committed
198

François Jacquet's avatar
François Jacquet committed
199 200
	$options = array( 'Inactive' => _( 'Inactive' ), 'Disabled' => _( 'Disabled' ), 'Closed' => _( 'Closed' ) );
	echo ( $staff['ACCOUNT_ID'] ? SelectInput( $staff['STATUS'], 'food_service[STATUS]', _( 'Status' ), $options, _( 'Active' ) ) : NoInput( '-', _( 'Status' ) ) );
François Jacquet's avatar
François Jacquet committed
201 202
	echo '</td>';
	echo '<td>';
François Jacquet's avatar
François Jacquet committed
203
	echo ( $staff['ACCOUNT_ID'] ? TextInput( $staff['BARCODE'], 'food_service[BARCODE]', _( 'Barcode' ), 'size=12 maxlength=25' ) : NoInput( '-', _( 'Barcode' ) ) );
François Jacquet's avatar
François Jacquet committed
204 205
	echo '</td>';
	echo '</tr></table>';
François Jacquet's avatar
François Jacquet committed
206

François Jacquet's avatar
François Jacquet committed
207
	PopTable( 'footer' );
208

209
	echo '<br /><div class="center">' . SubmitButton() . '</div>';
François Jacquet's avatar
François Jacquet committed
210
	echo '</form>';
François Jacquet's avatar
François Jacquet committed
211
}