mirror of https://github.com/fspc/biketree.git
Bike Tree - https://biketree.bikelover.org
586 lines
16 KiB
586 lines
16 KiB
<?php
|
|
|
|
class db_functions
|
|
{
|
|
//class variable that represents the database connection.
|
|
var $conn;
|
|
var $lang;
|
|
var $tblprefix;
|
|
//var $sec;
|
|
|
|
var $table_bgcolor,$cellspacing,$cellpadding,$border_style,$border_width,
|
|
$border_color,$header_rowcolor,$header_text_color,$headerfont_face,$headerfont_size,
|
|
$rowcolor,$rowcolor2,$rowcolor_text,$rowfont_face,$rowfont_size;
|
|
|
|
//user-defined constructor
|
|
function db_functions($server,$username,$password,$database,$tableprefix,$theme,$language)
|
|
{
|
|
//pre: parameters must be correct in order to connect to database.
|
|
//post: connects to database.
|
|
|
|
//$sec=new security_functions($this,'Sales Clerk',$lang);
|
|
$this->tblprefix=$tableprefix;
|
|
$this->lang=$language;
|
|
$this->conn = mysql_connect("$server", "$username", "$password") or die("Could not connect : " . mysql_error());
|
|
mysql_select_db("$database",$this->conn) or die("Could not select database <b>$database</b>");
|
|
|
|
switch($theme)
|
|
{
|
|
//add more themes
|
|
|
|
case $theme=='serious':
|
|
$this->table_bgcolor='white';
|
|
$this->cellspacing='1';
|
|
$this->cellpadding='0';
|
|
$this->border_style='solid';
|
|
$this->border_width='1';
|
|
$this->border_color='black';
|
|
|
|
$this->header_rowcolor='black';
|
|
$this->header_text_color='white';
|
|
$this->headerfont_face='arial';
|
|
$this->headerfont_size='2';
|
|
|
|
|
|
$this->rowcolor='#DDDDDD';
|
|
$this->rowcolor_text='black';
|
|
$this->rowfont_face='geneva';
|
|
$this->rowfont_size='2';
|
|
break;
|
|
|
|
case $theme=='big blue':
|
|
|
|
$this->table_bgcolor='white';
|
|
$this->cellspacing='1';
|
|
$this->cellpadding='0';
|
|
$this->border_style='solid';
|
|
$this->border_width='1';
|
|
$this->border_color='black';
|
|
|
|
$this->header_rowcolor='navy';
|
|
$this->header_text_color='white';
|
|
$this->headerfont_face='arial';
|
|
$this->headerfont_size='2';
|
|
|
|
|
|
$this->rowcolor='#15759B';
|
|
$this->rowcolor_text='white';
|
|
$this->rowfont_face='geneva';
|
|
$this->rowfont_size='2';
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
}
|
|
|
|
function getUserID($username,$password)
|
|
{
|
|
//pre: $username is a string and $password (encrypted) is the user's encrypted password.
|
|
//post: returns the id of the user with the specific username and password supplied.
|
|
|
|
$tablename = "$this->tblprefix".'users';
|
|
$result = mysql_query("SELECT * FROM $tablename WHERE username=\"$username\" and password=\"$password\"",$this->conn);
|
|
$row = mysql_fetch_assoc($result);
|
|
|
|
return $row['id'];
|
|
}
|
|
|
|
function getAllElements($tablename,$field,$orderby)
|
|
{
|
|
//pre: $tablename,$field,$orderby must be valid
|
|
/*post: returns all elements in an array of specified table
|
|
and sets first position to an empty string. This function will be used for filling
|
|
select fields, which requires the first position for the selected value
|
|
*/
|
|
|
|
$result = mysql_query("SELECT $field FROM $tablename ORDER BY $orderby",$this->conn);
|
|
$numRows = mysql_num_rows($result);
|
|
$data = array();
|
|
|
|
$data[0]='';
|
|
for($k=1; $k< $numRows+1; $k++)
|
|
{
|
|
$data[$k]= mysql_result($result,$k-1);
|
|
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
function idToField($tablename,$field,$id)
|
|
{
|
|
//pre: $tablename, field, and id all must be valid
|
|
//post: returns a specified field based on the ID from a specified table.
|
|
|
|
$result = mysql_query("SELECT $field FROM $tablename WHERE id=\"$id\"",$this->conn);
|
|
|
|
$row = mysql_fetch_assoc($result);
|
|
|
|
return $row[$field];
|
|
}
|
|
|
|
function fieldToid($tablename,$field,$value)
|
|
{
|
|
//pre: $tablename, field, and value all must be valid
|
|
//post: returns a specified id based on the field from a specified table.
|
|
|
|
$result = mysql_query("SELECT * FROM $tablename WHERE $field=\"$value\"",$this->conn);
|
|
|
|
$row=mysql_fetch_assoc($result);
|
|
|
|
return $row['id'];
|
|
|
|
}
|
|
|
|
function getFields($database,$tablename)
|
|
{
|
|
//returns fields in table
|
|
|
|
$fields=array();
|
|
$fieldsRef=mysql_list_fields ($database, $tablename);
|
|
$columns=mysql_num_fieldsfieldsRef;
|
|
|
|
for($k=0;$k<$columns;$k++)
|
|
{
|
|
$fields[]=mysql_field_name($fieldsRef,$k);
|
|
}
|
|
|
|
return $fields;
|
|
}
|
|
|
|
function insert($field_names,$field_data,$tablename,$output)
|
|
{
|
|
//pre: $field_names and $field_data are pararell arrays and $tablename is a string.
|
|
//post: creates a query then executes it.
|
|
|
|
if(!($this->isValidData($field_data)))
|
|
{
|
|
echo "{$this->lang->invalidCharactor}";
|
|
exit();
|
|
}
|
|
|
|
$query = "INSERT INTO $tablename ($field_names[0]";
|
|
|
|
for($k=1;$k< count($field_names);$k++)
|
|
{
|
|
$query.=', '."$field_names[$k]";
|
|
|
|
}
|
|
|
|
$query.=") VALUES (\"$field_data[0]\"";
|
|
|
|
for($k=1;$k< count($field_data);$k++)
|
|
{
|
|
$query.=', '."\"$field_data[$k]\"";
|
|
|
|
}
|
|
$query.=')';
|
|
mysql_query($query,$this->conn);
|
|
|
|
|
|
if($output)
|
|
{
|
|
echo "<center><b>{$this->lang->successfullyAdded} $tablename</b></center><br>";
|
|
|
|
echo "<center><table width=350 cellspacing=$this->cellspacing cellpadding=$this->cellpadding bgcolor=$this->table_bgcolor style=\"border: $this->border_style $this->border_color $this->border_width px\">
|
|
<tr bgcolor=$this->header_rowcolor>
|
|
<th align='left'><font color='$this->header_text_color' face='$this->headerfont_face' size='$this->headerfont_size'>{$this->lang->field}</th></font>
|
|
<th align='left'><font color='$this->header_text_color' face='$this->headerfont_face' size='$this->headerfont_size'>{$this->lang->data}</th></font>
|
|
</tr>";
|
|
for($k=0;$k<count($field_names);$k++)
|
|
{
|
|
//certain fields I do not want displayed.
|
|
if($field_names[$k]!="password")
|
|
{
|
|
echo "<tr bgcolor=$this->rowcolor><td width='120'><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_names[$k]". '</font></td>'."<td><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_data[$k]</font></td></tr>\n";
|
|
}
|
|
else
|
|
{
|
|
echo "<tr bgcolor=$this->rowcolor><td width='120'><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_names[$k]". '</font></td>'."<td><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>*******</font></td></tr>\n";
|
|
|
|
}
|
|
}
|
|
echo '</table></center>';
|
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
function update($field_names,$field_data,$tablename,$id,$output)
|
|
{
|
|
//pre: $field_names and $field_data are pararell arrays and tablename and id are strings.
|
|
//post: creates a query then executes it limites based on id.
|
|
|
|
if($id=='')
|
|
{
|
|
echo "{$this->lang->didNotEnterID}";
|
|
exit();
|
|
}
|
|
if(!($this->isValidData($field_data)))
|
|
{
|
|
echo "{$this->lang->invalidCharactor}";
|
|
exit();
|
|
}
|
|
$query="UPDATE $tablename SET $field_names[0]=\"$field_data[0]\"";
|
|
|
|
for($k=1;$k< count($field_names);$k++)
|
|
{
|
|
$query.=', '."$field_names[$k]=\"$field_data[$k]\"";
|
|
|
|
}
|
|
|
|
$sales_items_table=$this->tblprefix.'sales_items';
|
|
if($output)
|
|
{
|
|
$query.=" WHERE id=\"$id\"";
|
|
//echo "Here: $query";
|
|
}
|
|
else
|
|
{
|
|
$query.=" WHERE sale_id=\"$id\"";
|
|
}
|
|
|
|
|
|
mysql_query($query,$this->conn);
|
|
|
|
|
|
if($output)
|
|
{
|
|
echo "<center><b>{$this->lang->successfullyUpdated} $tablename</b></center><br>";
|
|
|
|
echo "<center><table width=350 cellspacing=$this->cellspacing cellpadding=$this->cellpadding bgcolor=$this->table_bgcolor style=\"border: $this->border_style $this->border_color $this->border_width px\">
|
|
<tr bgcolor=$this->header_rowcolor>
|
|
<th align='left'><font color='$this->header_text_color' face='$this->headerfont_face' size='$this->headerfont_size'>{$this->lang->field}</th></font>
|
|
<th align='left'><font color='$this->header_text_color' face='$this->headerfont_face' size='$this->headerfont_size'>{$this->lang->data}</th></font>
|
|
</tr>";
|
|
for($k=0;$k<count($field_names);$k++)
|
|
{
|
|
//certain fields I do not want displayed.
|
|
if($field_names[$k]!="password")
|
|
{
|
|
echo "<tr bgcolor=$this->rowcolor><td width='120'><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_names[$k]". '</font></td>'."<td><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_data[$k]</font></td></tr>\n";
|
|
}
|
|
else
|
|
{
|
|
echo "<tr bgcolor=$this->rowcolor><td width='120'><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>$field_names[$k]". '</font></td>'."<td><font color='$this->rowcolor_text' face='$this->rowfont_face' size='$this->rowfont_size'>*******</font></td></tr>\n";
|
|
|
|
}
|
|
}
|
|
echo '</table></center>';
|
|
|
|
}
|
|
}
|
|
|
|
function deleteRow($tablename,$id)
|
|
{
|
|
//pre: $tablename and id are strings.
|
|
//post: Does extensive error checking and then deletes row is allowed.
|
|
|
|
if($this->tblprefix=='')
|
|
{
|
|
$baseTable=$tablename;
|
|
}
|
|
else
|
|
{
|
|
$splitTable= explode ("$this->tblprefix",$tablename);
|
|
$baseTable=$splitTable[1];
|
|
}
|
|
|
|
$canDelete=true;
|
|
$errmessage='';
|
|
|
|
if($id=='')
|
|
{
|
|
echo "{$this->lang->didNotEnterID}";
|
|
exit();
|
|
}
|
|
elseif($baseTable=='brands')
|
|
{
|
|
|
|
$checkTable = "$this->tblprefix".'items';
|
|
$result = mysql_query("SELECT brand_id FROM $checkTable WHERE brand_id=\"$id\"",$this->conn);
|
|
if(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteBrand}";
|
|
|
|
}
|
|
|
|
}
|
|
elseif($baseTable=='categories')
|
|
{
|
|
$checkTable = "$this->tblprefix".'items';
|
|
$result = mysql_query("SELECT category_id FROM $checkTable WHERE category_id=\"$id\"",$this->conn);
|
|
|
|
if(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteCategory}";
|
|
|
|
}
|
|
|
|
}
|
|
elseif($baseTable=='customers')
|
|
{
|
|
$checkTable = "$this->tblprefix".'sales';
|
|
$result = mysql_query("SELECT customer_id FROM $checkTable WHERE customer_id=\"$id\"",$this->conn);
|
|
|
|
if(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteCustomer}";
|
|
}
|
|
|
|
}
|
|
elseif($baseTable=='items')
|
|
{
|
|
$checkTable = "$this->tblprefix".'sales_items';
|
|
$result = mysql_query("SELECT item_id FROM $checkTable WHERE item_id=\"$id\"",$this->conn);
|
|
|
|
if(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteItem}";
|
|
}
|
|
|
|
}
|
|
elseif($baseTable=='suppliers')
|
|
{
|
|
|
|
$checkTable = "$this->tblprefix".'items';
|
|
$result = mysql_query("SELECT supplier_id FROM $checkTable WHERE supplier_id=\"$id\"",$this->conn);
|
|
if(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteSupplier}";
|
|
|
|
}
|
|
|
|
}
|
|
elseif($baseTable=='sales')
|
|
{
|
|
$sales_items_table="$this->tblprefix".'sales_items';
|
|
$items_table="$this->tblprefix".'items';
|
|
$result=mysql_query("SELECT * FROM $sales_items_table WHERE sale_id=\"$id\"");
|
|
|
|
while($row=mysql_fetch_assoc($result))
|
|
{
|
|
$quantityToAdd =$row['quantity_purchased'];
|
|
$newQuantity=$this->idToField($items_table,'quantity',"$row[item_id]")+$quantityToAdd;
|
|
$this->updateItemQuantity($row['item_id'],$newQuantity);
|
|
}
|
|
mysql_query("DELETE FROM $sales_items_table WHERE sale_id=\"$id\"",$this->conn);
|
|
}
|
|
elseif($baseTable=='users')
|
|
{
|
|
|
|
$checkTable = "$this->tblprefix".'sales';
|
|
|
|
$result = mysql_query("SELECT sold_by FROM $checkTable WHERE sold_by=\"$id\"",$this->conn);
|
|
if($_SESSION['session_user_id']==$id)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteUserLoggedIn}";
|
|
|
|
|
|
}
|
|
elseif(@mysql_num_rows($result) >= 1)
|
|
{
|
|
$canDelete=false;
|
|
$errmessage="{$this->lang->cantDeleteUserEnteredSales}";
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
if($canDelete==true)
|
|
{
|
|
$query="DELETE FROM $tablename WHERE id=\"$id\"";
|
|
mysql_query($query,$this->conn);
|
|
|
|
echo "<center>{$this->lang->successfullyDeletedRow} <b>$id</b> {$this->lang->fromThe} <b>$tablename</b> {$this->lang->table}</center>";
|
|
}
|
|
else
|
|
{
|
|
echo "<center>$errmessage</center><br>";
|
|
}
|
|
}
|
|
|
|
|
|
function isValidData($data_to_check)
|
|
{
|
|
//checks data for errors
|
|
|
|
for($k=0;$k<count($data_to_check);$k++)
|
|
{
|
|
if(ereg('\"',$data_to_check[$k]) or ereg('<',$data_to_check[$k]) or ereg('>',$data_to_check[$k]) )
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
function isValidItem($item)
|
|
{
|
|
$table=$this->tblprefix.'items';
|
|
$result=mysql_query("SELECT id FROM $table WHERE id=\"$item\"",$this->conn);
|
|
|
|
if(mysql_num_rows($result)==0)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
function isItemOnDiscount($itemID)
|
|
{
|
|
$table=$this->tblprefix.'discounts';
|
|
$query="SELECT item_id FROM $table WHERE item_id=\"$itemID\"";
|
|
$result=mysql_query($query,$this->conn);
|
|
|
|
if(mysql_num_rows($result) >0)
|
|
{
|
|
return true;
|
|
}
|
|
return false;
|
|
|
|
}
|
|
|
|
function getPercentDiscount($itemID)
|
|
{
|
|
$table=$this->tblprefix.'discounts';
|
|
$query="SELECT percent_off FROM $table WHERE item_id=\"$itemID\"";
|
|
$result=mysql_query($query,$this->conn);
|
|
|
|
if(mysql_num_rows($result) >0)
|
|
{
|
|
$row=mysql_fetch_assoc($result);
|
|
return $row['percent_off'];
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
function getDiscountedPrice($itemID)
|
|
{
|
|
$itemtable=$this->tblprefix.'items';
|
|
$discounttable=$this->tblprefix.'discounts';
|
|
|
|
$query1="SELECT * FROM $discounttable WHERE item_id=\"$itemID\"";
|
|
$row=mysql_fetch_assoc(mysql_query($query1,$this->conn));
|
|
$percent_off=$row['percent_off'];
|
|
|
|
$query2="SELECT * FROM $itemtable WHERE id=\"$itemID\"";
|
|
$row=mysql_fetch_assoc(mysql_query($query2,$this->conn));
|
|
$discounted_price=$row['unit_price']*(1-($percent_off/100));
|
|
|
|
return number_format($discounted_price,2,'.', '');
|
|
|
|
|
|
|
|
}
|
|
|
|
function isValidCustomer($customer)
|
|
{
|
|
$table=$this->tblprefix.'customers';
|
|
$result=mysql_query("SELECT id FROM $table WHERE id=\"$customer\"",$this->conn);
|
|
|
|
if(mysql_num_rows($result)==0)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
function getNumRows($table)
|
|
{
|
|
//gets the number of rows in a table
|
|
|
|
$query="SELECT id FROM $table";
|
|
$result=mysql_query($query,$this->conn);
|
|
|
|
return mysql_num_rows($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
function updateSaleTotals($sale_id)
|
|
{
|
|
//updates the totals for a sale
|
|
|
|
$sales_items_table=$this->tblprefix.'sales_items';
|
|
$sales_table=$this->tblprefix.'sales';
|
|
|
|
$query="SELECT item_total_cost,item_total_tax,quantity_purchased FROM $sales_items_table WHERE sale_id=\"$sale_id\"";
|
|
|
|
$result=mysql_query($query,$this->conn);
|
|
|
|
|
|
|
|
if(@mysql_num_rows($result) > 0)
|
|
{
|
|
$sale_sub_total=0;
|
|
$sale_total_cost=0;
|
|
$items_purchased=0;
|
|
|
|
while($row=mysql_fetch_assoc($result))
|
|
{
|
|
$sale_sub_total+=$row['item_total_cost']-$row['item_total_tax'];
|
|
$sale_total_cost+=$row['item_total_cost'];
|
|
$items_purchased+=$row['quantity_purchased'];
|
|
}
|
|
|
|
$sale_sub_total=number_format($sale_sub_total,2,'.', '');
|
|
$sale_total_cost=number_format($sale_total_cost,2,'.', '');
|
|
|
|
$query2="UPDATE $sales_table SET sale_sub_total=\"$sale_sub_total\",sale_total_cost=\"$sale_total_cost\",items_purchased=\"$items_purchased\" WHERE id=\"$sale_id\"";
|
|
mysql_query($query2,$this->conn);
|
|
}
|
|
else
|
|
{
|
|
$this->deleteRow($sales_table,$sale_id);
|
|
}
|
|
}
|
|
|
|
function updateItemQuantity($item_id,$newQuantity)
|
|
{
|
|
$items_table=$this->tblprefix.'items';
|
|
$query="UPDATE $items_table SET quantity=\"$newQuantity\" WHERE id=\"$item_id\"";
|
|
mysql_query($query,$this->conn);
|
|
|
|
}
|
|
|
|
function optimizeTables()
|
|
{
|
|
//optimizes the sales
|
|
|
|
$tableprefix=$this->tblprefix;
|
|
$brandsTable="$tableprefix".'brands';
|
|
$categorieTable="$tableprefix".'categories';
|
|
$customersTable="$tableprefix".'customers';
|
|
$itemsTable="$tableprefix".'items';
|
|
$salesTable="$tableprefix".'sales';
|
|
$sales_itemsTable="$tableprefix".'sales_items';
|
|
$suppliersTable="$tableprefix".'suppliers';
|
|
$usersTable="$tableprefix".'users';
|
|
$booksTable="$tableprefix".'books';
|
|
|
|
$query="OPTIMIZE TABLE $brandsTable, $categorieTable, $customersTable, $itemsTable, $salesTable, $sales_itemsTable,$suppliersTable, $usersTable, $booksTable";
|
|
mysql_query($query,$this->conn);
|
|
}
|
|
|
|
function closeDBlink()
|
|
{
|
|
mysql_close($this->conn);
|
|
}
|
|
}
|
|
|
|
?>
|
|
|