orders delivery

diff --git a/erp24/controllers/OrdersController.php b/erp24/controllers/OrdersController.php
index 3a0eef92b7fac07c616d8187bb5e3a923edd022f..fee3d2c66aafa57651b70c39abd350fe125e000e 100644 (file)
--- a/erp24/controllers/OrdersController.php
+++ b/erp24/controllers/OrdersController.php
@@ -51,6 +51,11 @@ class OrdersController extends Controller
         return $this->render('couriers_stats');
     }
 
+    public function actionAjaxReturnCheck() { return $this->renderPartial('ajax-return-check'); }
+    public function actionAjaxCreateCheck() { return $this->renderPartial('ajax-create-check'); }
+    public function actionAjaxCreateCheckJson() { return $this->renderPartial('ajax-create-check-json'); }
+    public function actionAjaxCheckRemove() { return $this->renderPartial('ajax-check-remove'); }
+
     public function actionDelivery2()
     {
         if (!empty($_REQUEST["umoup"])) {

diff --git a/erp24/inc/base_new.php b/erp24/inc/base_new.php
index 77581d581104e089ae8d1682ab084f27f8bad732..7fc3dd9cfed5bd42bccb6a795ca5723008e12385 100644 (file)
--- a/erp24/inc/base_new.php
+++ b/erp24/inc/base_new.php
@@ -742,7 +742,7 @@ $id_db - уникальный номер заказа или номер AUTOINCR
 */
 function create_guid_my($prefix="01",$id_db="") {
  if(empty($id_db)) $id_db=rand(0,99999999);    
-  $id_db=100000000000+$id_db;    
+  $id_db=100000000000+(int)$id_db;
   $str= "$prefix".date("Ym")."-".date("di")."-".date("hs")."-".bin2hex(random_bytes(2))."-".$id_db."";
   return  strtolower($str);
 } 

diff --git a/erp24/modul/orders/ajax_check_remove.php b/erp24/modul/orders/ajax_check_remove.php
index 04cb651c4944b2ddf93665b03e5555c6d110a6d0..94dee43fe0541ec1e2b9ad2e965504c03bb109fc 100644 (file)
--- a/erp24/modul/orders/ajax_check_remove.php
+++ b/erp24/modul/orders/ajax_check_remove.php
@@ -1,8 +1,7 @@
-<?
-include_once("startup.php");
-include_once("inc/base_new.php");
-include_once("inc/db2.php");
-include_once("inc/db.php");
+<?php
+include_once(dirname(__DIR__, 2) . "/startup.php");
+include_once(dirname(__DIR__, 2) . "/inc/db.php");
+include_once(dirname(__DIR__, 2) . "/inc/base_new.php");
 
 if(!empty($_REQUEST["order_id"])) {
 $order_id=htmlentities($_REQUEST["order_id"]);
@@ -11,23 +10,20 @@ $order_id=htmlentities($_REQUEST["order_id"]);
      $amo_id=(int)$_SESSION["order_id_dell"][$order_id];
 
     
-     $z="DELETE FROM orders_amo WHERE id=? AND amo_id=? AND amo_id!='' LIMIT 1 ";   
-       $z2="DELETE FROM create_checks WHERE order_id=? AND status=0 order BY date LIMIT 1 "; 
+        $z="DELETE FROM orders_amo WHERE id=? AND amo_id=? AND amo_id!=''";
+       $z2="DELETE FROM create_checks WHERE order_id=? AND status=0";
        
-        $db2::sql("DELETE FROM orders_amo WHERE id=? AND amo_id=? AND amo_id!='' LIMIT 1",[$order_id,$amo_id]);
-         $db::sql("DELETE FROM orders_amo WHERE id=? AND amo_id=? AND amo_id!='' LIMIT 1",[$order_id,$amo_id]);
-       
-       
-       $db2::sql("DELETE FROM create_checks WHERE order_id=? AND status=0 order BY date LIMIT 1",[$order_id]);
-        $db::sql("DELETE FROM create_checks WHERE order_id=? AND status=0 order BY date LIMIT 1",[$order_id]);
-        $db::sql("DELETE FROM create_checks2 WHERE order_id=? AND status=0 order BY date LIMIT 1",[$order_id]);
+        $db::sql("DELETE FROM orders_amo WHERE id=? AND amo_id=? AND amo_id!=''",[$order_id,$amo_id]);
+
+        $db::sql("DELETE FROM create_checks WHERE order_id=? AND status=0",[$order_id]);
+        $db::sql("DELETE FROM create_checks2 WHERE order_id=? AND status=0",[$order_id]);
       
          mess("Заказ можно удалить $amo_id $z $z2");       
     }
     
 
 
-//$db2::sql("UPDATE  create_checks  SET status=1 WHERE  type='Продажа' AND order_id=? order BY date DESC LIMIT 1",[(int)$_REQUEST["order_id"]]);
+//$db::sql("UPDATE  create_checks  SET status=1 WHERE  type='Продажа' AND order_id=? order BY date DESC LIMIT 1",[(int)$_REQUEST["order_id"]]);
 //$db::sql("UPDATE  create_checks  SET status=1 WHERE  type='Продажа' AND order_id=? order BY date DESC LIMIT 1",[(int)$_REQUEST["order_id"]]);
 
 }

diff --git a/erp24/modul/orders/ajax_create_check.php b/erp24/modul/orders/ajax_create_check.php
index 00356e7ef4066569e0a80f9ed4a766a985383833..6aaa01476ca8b207146e56a655c9364f155f61ac 100644 (file)
--- a/erp24/modul/orders/ajax_create_check.php
+++ b/erp24/modul/orders/ajax_create_check.php
@@ -1,9 +1,9 @@
-<?
-include_once("startup.php");
-include_once("inc/base_new.php");
-include_once("inc/db2.php");
-include_once("inc/db.php");
-include_once("inc/checks.php");
+<?php
+include_once(dirname(__DIR__, 2) . "/startup.php");
+include_once(dirname(__DIR__, 2) . "/inc/db.php");
+include_once(dirname(__DIR__, 2) . "/inc/base_new.php");
+include_once(dirname(__DIR__, 2) . "/inc/checks.php");
+
 if(!empty($_REQUEST["order_id"])) {
 $order_id=(int)$_REQUEST["order_id"]; 
 
@@ -11,7 +11,7 @@ $order_id=(int)$_REQUEST["order_id"];
 
 
 
-$amo_id=$db2::getValue("SELECT amo_id FROM orders_amo  WHERE id=?  LIMIT 1",[$order_id]);
+$amo_id=$db::getValue("SELECT amo_id FROM orders_amo  WHERE id=?  LIMIT 1",[$order_id]);
 $lid_id=create_order_from_amo($amo_id);
 
 
@@ -83,10 +83,10 @@ exit();
 
 
 $type="Продажа";  
-$row = $db2::getRow("SELECT * FROM create_checks  WHERE status='0' AND type='$type' AND order_id=? order BY date DESC LIMIT 1",[(int)$_REQUEST["order_id"]]);
+$row = $db::getRow("SELECT * FROM create_checks  WHERE status='0' AND type='$type' AND order_id=? order BY date DESC LIMIT 1",[(int)$_REQUEST["order_id"]]);
 //print_r($row); 
 
-$florist_id = $db2::getValue("SELECT florist_id FROM orders_amo  WHERE id=? LIMIT 1",[(int)$_REQUEST["order_id"]]);
+$florist_id = $db::getValue("SELECT florist_id FROM orders_amo  WHERE id=? LIMIT 1",[(int)$_REQUEST["order_id"]]);
 $seller_id = $db::getValue("SELECT export_val FROM export_import_table  WHERE export_id='1' AND entity_id=? AND entity='admin' LIMIT 1",[$florist_id]);
 
 
@@ -107,7 +107,7 @@ if(empty($seller_id)) $seller_id="00000000-0000-0000-0000-000000000000";
 $new_row["seller_id"]=$seller_id;
 //$new_row["guid"]=create_guid();
 $new_row["check_id"]=create_guid();
-$db2::sql("UPDATE  create_checks  SET check_id=? WHERE  type='$type' AND order_id=? order BY date DESC LIMIT 1",[$new_row["check_id"],(int)$_REQUEST["order_id"]]);
+$db::sql("UPDATE  create_checks  SET check_id=? WHERE  type='$type' AND order_id=? order BY date DESC LIMIT 1",[$new_row["check_id"],(int)$_REQUEST["order_id"]]);
 
 //$q="INSERT IGNORE INTO create_checks2 ($sql0) VALUES ($sqlv)";
 //$db::sql($q,$new_row);

diff --git a/erp24/modul/orders/ajax_create_check_json.php b/erp24/modul/orders/ajax_create_check_json.php
index 64ecdcae3c6e8a6dcd50c8bed5d8276515b89837..c6857e53ac1e2f5ff39e8d96d80282f8a58528d7 100644 (file)
--- a/erp24/modul/orders/ajax_create_check_json.php
+++ b/erp24/modul/orders/ajax_create_check_json.php
@@ -1,8 +1,7 @@
-<?
-include_once("startup.php");
-include_once("inc/base_new.php");
-include_once("inc/db2.php");
-include_once("inc/db.php");
+<?php
+include_once(dirname(__DIR__, 2) . "/startup.php");
+include_once(dirname(__DIR__, 2) . "/inc/db.php");
+include_once(dirname(__DIR__, 2) . "/inc/base_new.php");
 
 if(!empty($_REQUEST["order_id"])) {
 $order_id=(int)$_REQUEST["order_id"]; 
@@ -24,7 +23,7 @@ $payments_array=[
 
 
 try {
-$row = $db2::getRow("SELECT * FROM orders_amo WHERE delivery!='Самовывоз' AND delivery!='Доставка из магазина' AND amo_id=? order by delivery_date DESC LIMIT 1",[$order_id]);
+$row = $db::getRow("SELECT * FROM orders_amo WHERE delivery!='Самовывоз' AND delivery!='Доставка из магазина' AND amo_id=? order by delivery_date DESC LIMIT 1",[$order_id]);
 }
 catch (Exception $e) {
        var_dump($e);
@@ -85,7 +84,7 @@ foreach($products as $guid => $colors) {
 // ставим в соответствие вид оплаты
 
 
-$date = $db::getValue("SELECT extract(epoch FROM  date) as date FROM create_checks WHERE order_id=?  AND type='Продажа' order by date desc LIMIT 1",[$lid_id]);
+$date = $db::getValue("SELECT extract(epoch FROM  date) as date FROM create_checks WHERE order_id=?  AND type='Продажа' order by date desc LIMIT 1",[$order_id]);
 $error=""; 
 if($date>(time()-60) and !empty($date))  $error="Чек не создан так как чек с таким заказом уже создан";     
 if(!empty($error))    echo($error); 

diff --git a/erp24/modul/orders/ajax_return_check.php b/erp24/modul/orders/ajax_return_check.php
index 341b706b416eb0e4e23d834febb0ff6c1bed70cc..3e54462aa27e3f587bd48ea4083b2ae4b2966887 100644 (file)
--- a/erp24/modul/orders/ajax_return_check.php
+++ b/erp24/modul/orders/ajax_return_check.php
@@ -1,9 +1,9 @@
-<?
-include_once("startup.php");
-include_once("inc/base_new.php");
-include_once("inc/db2.php");
-include_once("inc/db.php");
-include_once("inc/checks.php");
+<?php
+include_once(dirname(__DIR__, 2) . "/startup.php");
+include_once(dirname(__DIR__, 2) . "/inc/db.php");
+include_once(dirname(__DIR__, 2) . "/inc/base_new.php");
+include_once(dirname(__DIR__, 2) . "/inc/checks.php");
+
 if(!empty($_REQUEST["sales_check"])) {
  $type="Возврат";   
  $sales_check=htmlentities($_REQUEST["sales_check"]);  

diff --git a/erp24/modul/orders/delivery.php b/erp24/modul/orders/delivery.php
index a7f127ab1885b27bcfe31fa41e960a852cbbd65a..9aebb308140c894baad67883c43621b822fc6704 100644 (file)
--- a/erp24/modul/orders/delivery.php
+++ b/erp24/modul/orders/delivery.php
@@ -575,12 +575,14 @@ $_CONFIG["jscss"]="<script>
 
 function ajax_return_check(sales_check) {
  jQuery('#modal-7').modal('show', {backdrop: 'static'}); $('#modal-7 .modal-title').text('');  
- 
+
+ const param3 = $('meta[name=csrf-param]').attr('content');
+ const token3 = $('meta[name=csrf-token]').attr('content');
 $.ajax({
-       url: '/orders/ajax_return_check/',
+       url: '/orders/ajax-return-check/',
        method: 'post',       
        dataType: 'html',        
-       data: { sales_check: ''+sales_check+''},  
+       data: { sales_check: ''+sales_check+'', [param3]: token3},  
        success: function(data){  
        $('#modal-7 .modal-body').html(data);
        $('#check__'+sales_check+'').remove();  
@@ -589,12 +591,14 @@ $.ajax({
 
 function ajax_create_check(order_id) {
  jQuery('#modal-7').modal('show', {backdrop: 'static'}); $('#modal-7 .modal-title').text('');  
- 
+
+ const param3 = $('meta[name=csrf-param]').attr('content');
+ const token3 = $('meta[name=csrf-token]').attr('content');
 $.ajax({
-       url: '/orders/ajax_create_check/',
+       url: '/orders/ajax-create-check/',
        method: 'post',       
        dataType: 'html',        
-       data: { order_id: ''+order_id+'', create_check: '2' },  
+       data: { order_id: ''+order_id+'', create_check: '2', [param3]: token3 },  
        success: function(data){  
        $('#modal-7 .modal-body').html(data);
        $('.btn__'+order_id+'').hide();
@@ -606,12 +610,14 @@ $.ajax({
 
 function ajax_create_check_json(order_id) {
  jQuery('#modal-7').modal('show', {backdrop: 'static'}); $('#modal-7 .modal-title').text('');  
- 
+
+ const param3 = $('meta[name=csrf-param]').attr('content');
+ const token3 = $('meta[name=csrf-token]').attr('content');
 $.ajax({
-       url: '/orders/ajax_create_check_json/',
+       url: '/orders/ajax-create-check-json/',
        method: 'post',       
        dataType: 'html',        
-       data: { order_id: ''+order_id+'', create_check: '2' },  
+       data: { order_id: ''+order_id+'', create_check: '2', [param3]: token3 },  
        success: function(data){  
        $('#modal-7 .modal-body').html(data);
        $('.btn__'+order_id+'').hide();
@@ -620,12 +626,14 @@ $.ajax({
 
 function ajax_check_remove(order_id) {
  jQuery('#modal-7').modal('show', {backdrop: 'static'}); $('#modal-7 .modal-title').text('');  
- 
+
+ const param3 = $('meta[name=csrf-param]').attr('content');
+ const token3 = $('meta[name=csrf-token]').attr('content');
 $.ajax({
-       url: '/orders/ajax_check_remove/',
+       url: '/orders/ajax-check-remove/',
        method: 'post',       
        dataType: 'html',        
-       data: { order_id: ''+order_id+''},  
+       data: { order_id: ''+order_id+'', [param3]: token3},  
        success: function(data){  
        $('#modal-7 .modal-body').html(data);
        }}); 

diff --git a/erp24/views/orders/ajax-check-remove.php b/erp24/views/orders/ajax-check-remove.php
new file mode 100644 (file)
index 0000000..dc14e9a
--- /dev/null
+++ b/erp24/views/orders/ajax-check-remove.php
@@ -0,0 +1,5 @@
+<?php
+
+chdir(__DIR__ . '/../../');
+
+include 'modul/orders/ajax_check_remove.php';

diff --git a/erp24/views/orders/ajax-create-check-json.php b/erp24/views/orders/ajax-create-check-json.php
new file mode 100644 (file)
index 0000000..85e3a69
--- /dev/null
+++ b/erp24/views/orders/ajax-create-check-json.php
@@ -0,0 +1,5 @@
+<?php
+
+chdir(__DIR__ . '/../../');
+
+include 'modul/orders/ajax_create_check_json.php';

diff --git a/erp24/views/orders/ajax-create-check.php b/erp24/views/orders/ajax-create-check.php
new file mode 100644 (file)
index 0000000..2f2455d
--- /dev/null
+++ b/erp24/views/orders/ajax-create-check.php
@@ -0,0 +1,5 @@
+<?php
+
+chdir(__DIR__ . '/../../');
+
+include 'modul/orders/ajax_create_check.php';

diff --git a/erp24/views/orders/ajax-return-check.php b/erp24/views/orders/ajax-return-check.php
new file mode 100644 (file)
index 0000000..aa84a2f
--- /dev/null
+++ b/erp24/views/orders/ajax-return-check.php
@@ -0,0 +1,5 @@
+<?php
+
+chdir(__DIR__ . '/../../');
+
+include 'modul/orders/ajax_return_check.php';