ljr/ljcom/htdocs/admin/accounts/shipping_finish.bml

<html>
<head>
<style>
    strong { font-weight: bold; color: red; font-size: 14pt; }
</style>
</head>
<body>
<?_code
{
    use strict;
    use vars qw(%POST);

    my $remote = LJ::get_remote();
        return "<?needlogin?>" unless $remote;

    return "You don't have access to finish payments"
        unless LJ::remote_has_priv($remote, "moneyenter") || LJ::remote_has_priv($remote, "shipping");

    my $ret;

    unless (LJ::did_post() && $POST{'ids'}) {
        $ret .= "<form method='post'>Enter order numbers that have been shipped:<br />";
        $ret .= "<textarea name='ids' rows='40' cols='20' /></textarea>\n";
        $ret .= "<br /><input type='submit' value='Shipped' /></form>";
        return $ret;
    }

    my $dbh = LJ::get_db_writer();

    my $ids = $POST{'ids'};
    $ids =~ s/\r//g;
    my @ids = split(/\n/, $ids);
    foreach my $id (@ids) {
        next unless $id =~ /\S/;
        $id =~ s/\s+//g;
        unless ($id =~ /^(\d+)-(\d+)$/) {
            $ret .="<strong>Error!</strong> -- invalid order number: $id<br />";
            next;
        }
        my ($payid, $anum) = ($1, $2);
        my $pay = $dbh->selectrow_hashref("SELECT * FROM payments WHERE payid=? AND anum=?",
                                          undef, $payid, $anum);
        unless ($pay) {
            $ret .="<strong>Error!</strong> -- invalid order number: $id<br />";
            next;
        }

        my ($status, $date) = $dbh->selectrow_array("SELECT status, dateshipped FROM shipping ".
                                                    "WHERE payid=?", undef, $payid);
        unless ($status eq "needs") {
            if ($status eq "shipped") {
                $ret .="<strong>Error!</strong> -- Order already shipped on $date<br />";
            } else {
                $ret .="<strong>Error!</strong> -- Order is valid, but has no physical items<br />";
            }
            next;
        }

        my $rv = $dbh->do("UPDATE shipping SET status='shipped', dateshipped=NOW() WHERE payid=?", undef,
                          $payid);
        if ($rv > 0) {
            $ret .= "Order $payid-$anum marked as shipped.<br />\n";
            
            # decrement inventory
            my $sth = $dbh->prepare("SELECT item, subitem FROM payitems ".
                                    "WHERE payid=? AND item IN ('clothes')");
            $sth->execute($payid);
            while (my ($item, $subitem) = $sth->fetchrow_array) {
                $dbh->do("UPDATE inventory SET qty=qty-1 WHERE item=? AND subitem=?",
                         undef, $item, $subitem);
            }

        } else {
            $ret .="<strong>Error!</strong> -- some db error updating $payid-$anum<br />\n";
        }
    }
    return $ret;

}
_code?>
</body>
</html>
init 2019-02-05 21:49:12 +00:00			`<html>`
			`<head>`
			`<style>`
			`strong { font-weight: bold; color: red; font-size: 14pt; }`
			`</style>`
			`</head>`
			`<body>`
			`<?_code`
			`{`
			`use strict;`
			`use vars qw(%POST);`

			`my $remote = LJ::get_remote();`
			`return "<?needlogin?>" unless $remote;`

			`return "You don't have access to finish payments"`
			`unless LJ::remote_has_priv($remote, "moneyenter") \|\| LJ::remote_has_priv($remote, "shipping");`

			`my $ret;`

			`unless (LJ::did_post() && $POST{'ids'}) {`
			`$ret .= "<form method='post'>Enter order numbers that have been shipped:<br />";`
			`$ret .= "<textarea name='ids' rows='40' cols='20' /></textarea>\n";`
			`$ret .= "<br /><input type='submit' value='Shipped' /></form>";`
			`return $ret;`
			`}`

			`my $dbh = LJ::get_db_writer();`

			`my $ids = $POST{'ids'};`
			`$ids =~ s/\r//g;`
			`my @ids = split(/\n/, $ids);`
			`foreach my $id (@ids) {`
			`next unless $id =~ /\S/;`
			`$id =~ s/\s+//g;`
			`unless ($id =~ /^(\d+)-(\d+)$/) {`
			`$ret .="<strong>Error!</strong> -- invalid order number: $id<br />";`
			`next;`
			`}`
			`my ($payid, $anum) = ($1, $2);`
			`my $pay = $dbh->selectrow_hashref("SELECT * FROM payments WHERE payid=? AND anum=?",`
			`undef, $payid, $anum);`
			`unless ($pay) {`
			`$ret .="<strong>Error!</strong> -- invalid order number: $id<br />";`
			`next;`
			`}`

			`my ($status, $date) = $dbh->selectrow_array("SELECT status, dateshipped FROM shipping ".`
			`"WHERE payid=?", undef, $payid);`
			`unless ($status eq "needs") {`
			`if ($status eq "shipped") {`
			`$ret .="<strong>Error!</strong> -- Order already shipped on $date<br />";`
			`} else {`
			`$ret .="<strong>Error!</strong> -- Order is valid, but has no physical items<br />";`
			`}`
			`next;`
			`}`

			`my $rv = $dbh->do("UPDATE shipping SET status='shipped', dateshipped=NOW() WHERE payid=?", undef,`
			`$payid);`
			`if ($rv > 0) {`
			`$ret .= "Order $payid-$anum marked as shipped.<br />\n";`

			`# decrement inventory`
			`my $sth = $dbh->prepare("SELECT item, subitem FROM payitems ".`
			`"WHERE payid=? AND item IN ('clothes')");`
			`$sth->execute($payid);`
			`while (my ($item, $subitem) = $sth->fetchrow_array) {`
			`$dbh->do("UPDATE inventory SET qty=qty-1 WHERE item=? AND subitem=?",`
			`undef, $item, $subitem);`
			`}`

			`} else {`
			`$ret .="<strong>Error!</strong> -- some db error updating $payid-$anum<br />\n";`
			`}`
			`}`
			`return $ret;`

			`}`
			`_code?>`
			`</body>`
			`</html>`