92 lines
3.0 KiB
PHP
92 lines
3.0 KiB
PHP
<?php
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
// Auth check (Finance or Admin can convert to invoice)
|
|
if (!isset($_SESSION['user_id']) || !in_array($_SESSION['role'], ['Admin', 'Finance'])) {
|
|
$_SESSION['error'] = "You do not have permission to create invoices.";
|
|
header("Location: quotations.php");
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header("Location: quotations.php");
|
|
exit;
|
|
}
|
|
|
|
if (!validate_csrf($_POST['csrf_token'] ?? '')) {
|
|
die("CSRF token validation failed");
|
|
}
|
|
|
|
$quotation_id = $_POST['quotation_id'] ?? null;
|
|
if (!$quotation_id) {
|
|
die("Quotation ID is required");
|
|
}
|
|
|
|
try {
|
|
db()->beginTransaction();
|
|
|
|
// Fetch quotation
|
|
$stmt = db()->prepare("SELECT * FROM quotations WHERE id = ? AND deleted_at IS NULL");
|
|
$stmt->execute([$quotation_id]);
|
|
$quotation = $stmt->fetch();
|
|
|
|
if (!$quotation) {
|
|
throw new Exception("Quotation not found");
|
|
}
|
|
|
|
if ($quotation['status'] !== 'Approved') {
|
|
throw new Exception("Only approved quotations can be converted to invoices");
|
|
}
|
|
|
|
// Generate invoice number
|
|
$invoice_number = 'INV-' . date('Ymd') . '-' . strtoupper(bin2hex(random_bytes(2)));
|
|
$due_date = date('Y-m-d', strtotime('+14 days'));
|
|
|
|
// Create invoice
|
|
$stmt = db()->prepare("INSERT INTO invoices (invoice_number, quotation_id, customer_id, user_id, issue_date, due_date, status, subtotal, tax_amount, total_amount, notes)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([
|
|
$invoice_number,
|
|
$quotation_id,
|
|
$quotation['customer_id'],
|
|
$_SESSION['user_id'], // Current user (Finance/Admin) who converts it
|
|
date('Y-m-d'),
|
|
$due_date,
|
|
'Unpaid',
|
|
$quotation['subtotal'],
|
|
$quotation['tax_amount'],
|
|
$quotation['total_amount'],
|
|
$quotation['notes']
|
|
]);
|
|
$invoice_id = db()->lastInsertId();
|
|
|
|
// Copy items
|
|
$stmt = db()->prepare("SELECT * FROM quotation_items WHERE quotation_id = ?");
|
|
$stmt->execute([$quotation_id]);
|
|
$items = $stmt->fetchAll();
|
|
|
|
$item_stmt = db()->prepare("INSERT INTO invoice_items (invoice_id, product_id, quantity, unit_price, total_price) VALUES (?, ?, ?, ?, ?)");
|
|
foreach ($items as $item) {
|
|
$item_stmt->execute([
|
|
$invoice_id,
|
|
$item['product_id'],
|
|
$item['quantity'],
|
|
$item['unit_price'],
|
|
$item['total_price']
|
|
]);
|
|
}
|
|
|
|
// Log action
|
|
$log_stmt = db()->prepare("INSERT INTO audit_logs (user_id, action, entity_type, entity_id, details) VALUES (?, ?, ?, ?, ?)");
|
|
$log_stmt->execute([$_SESSION['user_id'], 'CREATE', 'INVOICE', $invoice_id, "Number: $invoice_number (from QTN ID: $quotation_id)"]);
|
|
|
|
db()->commit();
|
|
$_SESSION['success'] = "Quotation converted to invoice successfully.";
|
|
header("Location: invoices.php");
|
|
exit;
|
|
} catch (Exception $e) {
|
|
db()->rollBack();
|
|
$_SESSION['error'] = "Error converting to invoice: " . $e->getMessage();
|
|
header("Location: quotations.php");
|
|
exit;
|
|
} |