partstock/pages/edit_vendors.php

<?php

$EditVendorId=0;

if (UserHasRight('EditVendors'))
{
  ////////////////
  //save changes
  if ($ToDo=="SaveVendor")
  {
    $Id       = (isset($_POST['Id']))? $_POST['Id']:"";
    $Name     = (isset($_POST['Name']))? $_POST['Name']:"";
    $Homepage = (isset($_POST['Homepage']))? $_POST['Homepage']:"";
    $MinBill = (isset($_POST['MinBill']))? OtherConvertToFloat($_POST['MinBill']):0;
    $ShippingCost = (isset($_POST['ShippingCost']))? OtherConvertToFloat($_POST['ShippingCost']):0;

    if (LockIsActive('Vendors',$_POST['Id']))
    {
      MessageError(LangSpellHtml('SentenceLockIsActive'));
    }
    elseif (!$Id)
    {
      MessageError(LangSpellHtml('SentenceUnknownError'));
    }
    elseif (!$Name)
    {
      $Error=1;
      MessageError(LangSpellHtml('EditVendorsSentenceVendorNameRequired'));
    }
    else
    {
      $InsertVendorQuery = "UPDATE `Vendors` SET `Name` = '$Name', `Homepage` = '$Homepage', `MinBill` = '$MinBill', `ShippingCost` = '$ShippingCost' WHERE `Id` =$Id LIMIT 1 ;";
      if (!mysqli_query($GlobalMysqlHandler, $InsertVendorQuery))
      {
        ErrorLog("[edit_vendors.php] Database error while save changes vendor!");
        MessageError(LangSpell('SentenceDatabaseError'));
      }
      else
      {
        MessageSuccess(LangSpell('EditVendorsSentenceVendorUpated'));
      }
      LockRelease('Vendors',$_POST['Id']);
    }
  }

  /////////////////
  //delete vendor
  if ($ToDo=="DeleteVendor")
  {
    global $GlobalMysqlHandler;
    $Id = (isset($_GET['Id']))? $_GET['Id']:0;
    $Vendor = (isset($_GET['Name']))? $_GET['Name']:0;
    if ($Id && !LockIsActive("Vendors",$Id))
    {
      if (!mysqli_query($GlobalMysqlHandler, "DELETE FROM `Vendors` WHERE `Id` = $Id LIMIT 1;"))
      {
        MessageError(LangSpellHtml('SentenceDatabaseError'));
        ErrorLog("[edit_vendors.php] Database error while delete vendor!");
      }
      else
      {
        MessageSuccess(LangSpellHtml('EditVendorsSentenceVendorDeleted'));
      }
    }
    else
    {
      MessageError(LangSpellHtml('SentenceLockIsActive'));
    }

  }

  //////////////
  //new vendor
  if ($ToDo=="NewVendor")
  {
    $Name     = (isset($_POST['Name']))? $_POST['Name']:"";
    $Homepage = (isset($_POST['Homepage']))? $_POST['Homepage']:"";
    $MinBill = (isset($_POST['MinBill']))? OtherConvertToFloat($_POST['MinBill']):0;
    $ShippingCost = (isset($_POST['ShippingCost']))? OtherConvertToFloat($_POST['ShippingCost']):0;

    if (!$Name)
    {
      $Error=1;
      MessageError(LangSpellHtml('EditVendorsSentenceVendorNameRequired'));
    }
    else
    {
      $InsertVendorQuery = "INSERT INTO `Vendors` (`Name`, `Homepage`, `MinBill`, `ShippingCost`, `LockId`, `LockTime`) VALUES ('$Name', '$Homepage', '$MinBill', '$ShippingCost', 0, 0);";
      if (mysqli_query($GlobalMysqlHandler, $InsertVendorQuery) === false) {
        $err_msg = "Database error while insert new vendor!";
        $err_msg .= "\nErrno: " . mysqli_connect_errno();
        $err_msg .= "\nError: " . mysqli_connect_error();
        ErrorLog($err_msg);
        MessageError(LangSpell('SentenceDatabaseError'));
      } else {
        MessageSuccess(LangSpell('EditVendorsSentenceVendorNewAdded'));
      }
    }
  }

  //////////////////
  //cancel editing
  if ($ToDo=="CancelEditVendor")
  {
    $Id = (isset($_GET['Id']))? $_GET['Id']:"";
    if ($Id)  LockRelease("Vendors",$Id);
  }

  //////////////////
  //enable editing
  if (($ToDo=="EditVendor") && isset($_POST['Id']))
  {
    if (LockActivate('Vendors',$_POST['Id'])) $EditVendorId=$_POST['Id'];
    else MessageError(LangSpellHtml('SentenceLockIsActive'));
  }
}

if(UserHasRight('EditVendors') || UserHasRight('ViewSTPV'))
{
  //////////////////
  //global content
  $GlobalContent.='<table>'."\n";

  $GlobalContent.=' <tr>'."\n";
  $GlobalContent.='   <th>'.LangSpellHtml('EditVendorsId').'</th>'."\n";
  $GlobalContent.='   <th>'.LangSpellHtml('EditVendorsName').'</th>'."\n";
  $GlobalContent.='   <th>'.LangSpellHtml('EditVendorsHomepage').'</th>'."\n";
  $GlobalContent.='   <th>'.LangSpellHtml('EditVendorsMinBill').'</th>'."\n";
  $GlobalContent.='   <th>'.LangSpellHtml('EditVendorsShippingCost').'</th>'."\n";
  if (UserHasRight('EditVendors'))
    $GlobalContent.='   <th colspan="2">'.LangSpellHtml('EditVendorsEdit').'</th>'."\n";
  $GlobalContent.=' </tr>'."\n";

  $VendorQuery = "SELECT * FROM `Vendors`";
  $VendorQuery = mysqli_query($GlobalMysqlHandler, $VendorQuery);
  while ($Vendor=mysqli_fetch_array($VendorQuery))
  {
    if ( ($EditVendorId==$Vendor['Id']) )
    {
      $GlobalContent.=' <form action="index.php?Page=EditVendors&ToDo=SaveVendor" method="post">'."\n";
      $GlobalContent.=' <tr>'."\n";
      $GlobalContent.='   <td><input type="hidden" name="Id" value="'.$Vendor['Id'].'">'.$Vendor['Id'].'</td>'."\n";
      $GlobalContent.='   <td><input type="text" name="Name" value="'.$Vendor['Name'].'"></td>'."\n";
      $GlobalContent.='   <td><input type="text" name="Homepage" value="'.$Vendor['Homepage'].'"></td>'."\n";
      $GlobalContent.='   <td><input type="text" name="MinBill" value="'.$Vendor['MinBill'].'"></td>'."\n";
      $GlobalContent.='   <td><input type="text" name="ShippingCost" value="'.$Vendor['ShippingCost'].'"></td>'."\n";
      $GlobalContent.='   <td><a href="index.php?Page=EditVendors&ToDo=CancelEditVendor&Id='.$Vendor['Id'].'" title="'.LangSpellHtml('TagTitleCancel').'" target="_top">'.OtherGetIcon('Cancel',"Button").'</a></td>'."\n";
      $GlobalContent.='   <td><input type="submit" value="'.LangSpellHtml('ButtonSave').'" class="Button"></td>'."\n";
      $GlobalContent.=' </tr>'."\n";
      $GlobalContent.=' </form>'."\n";
    }
    else
    {
      $GlobalContent.=' <tr>'."\n";
      $GlobalContent.='   <td>'.$Vendor['Id'].'</td>'."\n";
      $GlobalContent.='   <td>'.$Vendor['Name'].'</td>'."\n";
      $GlobalContent.='   <td><a href="'.$Vendor['Homepage'].'" target="_new">'.$Vendor['Homepage'].'</a></td>'."\n";
      $GlobalContent.='   <td>'.$Vendor['MinBill'].'</td>'."\n";
      $GlobalContent.='   <td>'.$Vendor['ShippingCost'].'</td>'."\n";
      if (LockIsActive("Vendors",$Vendor['Id']))
        $GlobalContent.='   <td>'.OtherGetIcon('LockActive.png').'</td>'."\n";
      elseif (UserHasRight('EditVendors'))
      {
        $GlobalContent.='   <td>'."\n";
        $GlobalContent.='       <a href="index.php?Page=EditVendors&ToDo=DeleteVendor&Id='.$Vendor['Id'].'&Name='.$Vendor['Name'].'" title="'.LangSpellHtml('TagTitleDeleteEntry').'" target="_top">'.OtherGetIcon('Delete',"Button").'</a>'."\n";
        $GlobalContent.='   </td>'."\n";
        $GlobalContent.='   <td>'."\n";
        $GlobalContent.='     <form action="index.php?Page=EditVendors&ToDo=EditVendor" method="post">'."\n";
        $GlobalContent.='       <input type="hidden" name="Id" value="'.$Vendor['Id'].'">'."\n";
        $GlobalContent.='       <input type="submit" value="'.LangSpellHtml('ButtonEdit').'" class="Button">'."\n";
        $GlobalContent.='     </form>'."\n";
        $GlobalContent.='   </td>'."\n";
      }
      $GlobalContent.=' </tr>'."\n";
    }
  }

  if (!$EditVendorId && UserHasRight('EditVendors'))
  {
    $GlobalContent.=' <form action="index.php?Page=EditVendors&ToDo=NewVendor" method="post">'."\n";
    $GlobalContent.=' <tr>'."\n";
    $GlobalContent.='   <td><input type="hidden" name="Id" value="">'.$Vendor['Id'].'</td>'."\n";
    $GlobalContent.='   <td><input type="text" name="Name" value=""></td>'."\n";
    $GlobalContent.='   <td><input type="text" name="Homepage" value=""></td>'."\n";
    $GlobalContent.='   <td><input type="text" name="MinBill" value=""></td>'."\n";
    $GlobalContent.='   <td><input type="text" name="ShippingCost" value=""></td>'."\n";
    $GlobalContent.='   <td></td>'."\n";
    $GlobalContent.='   <td><input type="submit" value="'.LangSpellHtml('ButtonNew').'" class="Button"></td>'."\n";
    $GlobalContent.=' </tr>'."\n";
    $GlobalContent.=' </form>'."\n";
  }

  $GlobalContent.='</table>'."\n";
}
else
{
  MessageError(LangSpell("ScentenceNoUserRights"));
}
?>