admin/38471-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Autosave: 20260226-055148

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-26 05:51:48 +00:00
parent a7e405eadf
commit 94adb3e38d
28 changed files with 7 additions and 930 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
fix_showreceipt.php
View File

@ -1,26 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
const rcn = document.getElementById('receiptCompanyName');
if(rcn) rcn.textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const rca = document.getElementById('receiptCompanyAddress');
if(rca) rca.innerHTML = data.outlet_address ? data.outlet_address.replace(/\n/g, '<br>') : "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>";
// Update labels for Purchase vs Sale
JS;
$replace = <<<'JS'
const rcn = document.getElementById('receiptCompanyName');
if(rcn) rcn.textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const rca = document.getElementById('receiptCompanyAddress');
if(rca) {
rca.textContent = data.outlet_address || "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>".replace(/<br\s*[\/]?>/gi, '\n');
rca.style.whiteSpace = 'pre-line';
}
// Update labels for Purchase vs Sale
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

8
index.php
View File

@ -6985,7 +6985,7 @@ $projectDescription = $_SERVER['PROJECT_DESCRIPTION'] ?? 'Accounting System';
const total = subtotal - discountAmount - loyaltyRedeemed; const total = subtotal - discountAmount - loyaltyRedeemed;
const companyName = outletName || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>"; const companyName = outletName || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const companyPhone = outletPhone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>"; const companyPhone = outletPhone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>";
const companyAddress = outletAddress ? outletAddress.replace(/\n/g, '<br>') : "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>"; const companyAddress = outletAddress ? outletAddress.replace(/\n/g, '<br>') : (typeof companySettings !== 'undefined' ? (companySettings.company_address || '').replace(/\n/g, '<br>') : '');
const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>"; const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>";
const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>"; const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>";
@ -11895,7 +11895,7 @@ document.addEventListener('DOMContentLoaded', function() {
if(rcn) rcn.textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>"; if(rcn) rcn.textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const rca = document.getElementById('receiptCompanyAddress'); const rca = document.getElementById('receiptCompanyAddress');
if(rca) { if(rca) {
rca.textContent = data.outlet_address || "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>".replace(/<br\s*[\/]?>/gi, '\n'); rca.textContent = data.outlet_address || (typeof companySettings !== 'undefined' ? companySettings.company_address : '') || '';
rca.style.whiteSpace = 'pre-line'; rca.style.whiteSpace = 'pre-line';
} }
@ -14694,7 +14694,7 @@ document.addEventListener('DOMContentLoaded', function() {
if (!data) return; if (!data) return;
// Reuse view logic // Reuse view logic
document.getElementById('printCompanyName').textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>"; document.getElementById('printCompanyName').textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
document.getElementById('printCompanyAddress').textContent = data.outlet_address || "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>".replace(/<br\s*[\/]?>/gi, '\n'); document.getElementById('printCompanyAddress').textContent = data.outlet_address || (typeof companySettings !== 'undefined' ? companySettings.company_address : '') || '';
document.getElementById('printCompanyAddress').style.whiteSpace = 'pre-line'; document.getElementById('printCompanyAddress').style.whiteSpace = 'pre-line';
const cPhone = data.outlet_phone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>"; const cPhone = data.outlet_phone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>";
if (cPhone) { if (cPhone) {
@ -14836,7 +14836,7 @@ document.addEventListener('DOMContentLoaded', function() {
const companyName = inv.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>"; const companyName = inv.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const companyPhone = inv.outlet_phone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>"; const companyPhone = inv.outlet_phone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>";
const companyAddress = inv.outlet_address ? inv.outlet_address.replace(/\n/g, '<br>') : "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>"; const companyAddress = inv.outlet_address ? inv.outlet_address.replace(/\n/g, '<br>') : (typeof companySettings !== 'undefined' ? (companySettings.company_address || '').replace(/\n/g, '<br>') : '');
const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>"; const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>";
const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>"; const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>";

60
patch_cashflow.php
View File

@ -1,60 +0,0 @@
<?php
$c = file_get_contents('index.php');
$find_cf = ' // Cash Flow Data (Income vs Expense - last 6 months)
$data[\'cash_flow\'] = db()->query("
SELECT m.sort_col, m.label,
(
SELECT COALESCE(SUM(amount), 0) FROM payments WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col
) + (
SELECT COALESCE(SUM(amount), 0) FROM pos_payments WHERE DATE_FORMAT(created_at, \'%Y-%m\') = m.sort_col
) as income,
(
SELECT COALESCE(SUM(amount), 0) FROM expenses WHERE DATE_FORMAT(expense_date, \'%Y-%m\') = m.sort_col
) + (
SELECT COALESCE(SUM(amount), 0) FROM purchase_payments WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col
) + (
SELECT COALESCE(SUM(net_salary), 0) FROM hr_payroll WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col
) as expense
FROM (
SELECT DISTINCT DATE_FORMAT(dt, \'%Y-%m\') as sort_col, DATE_FORMAT(dt, \'%M %Y\') as label
FROM (
SELECT payment_date as dt FROM payments
UNION SELECT created_at as dt FROM pos_payments
UNION SELECT expense_date as dt FROM expenses
UNION SELECT payment_date as dt FROM purchase_payments
) dates
) m
ORDER BY m.sort_col DESC LIMIT 6
")->fetchAll(PDO::FETCH_ASSOC);';
$repl_cf = ' // Cash Flow Data (Income vs Expense - last 6 months)
$data[\'cash_flow\'] = db()->query("
SELECT m.sort_col, m.label,
(
SELECT COALESCE(SUM(amount), 0) FROM payments WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col $out_and
) + (
SELECT COALESCE(SUM(amount), 0) FROM pos_payments WHERE DATE_FORMAT(created_at, \'%Y-%m\') = m.sort_col $out_and
) as income,
(
SELECT COALESCE(SUM(amount), 0) FROM expenses WHERE DATE_FORMAT(expense_date, \'%Y-%m\') = m.sort_col $out_and
) + (
SELECT COALESCE(SUM(amount), 0) FROM purchase_payments WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col $out_and
) + (
SELECT COALESCE(SUM(net_salary), 0) FROM hr_payroll WHERE DATE_FORMAT(payment_date, \'%Y-%m\') = m.sort_col $out_and
) as expense
FROM (
SELECT DISTINCT DATE_FORMAT(dt, \'%Y-%m\') as sort_col, DATE_FORMAT(dt, \'%M %Y\') as label
FROM (
SELECT payment_date as dt FROM payments $out_w
UNION SELECT created_at as dt FROM pos_payments $out_w
UNION SELECT expense_date as dt FROM expenses $out_w
UNION SELECT payment_date as dt FROM purchase_payments $out_w
) dates
) m
ORDER BY m.sort_col DESC LIMIT 6
")->fetchAll(PDO::FETCH_ASSOC);';
$c = str_replace($find_cf, $repl_cf, $c);
file_put_contents('index.php', $c);
echo "Cash flow patched\n";

81
patch_dashboard.php
View File

@ -1,81 +0,0 @@
<?php
$c = file_get_contents('index.php');
$find_dashboard = ' if (can(\'dashboard_view\')) {
$data[\'customers\'] = db()->query("SELECT * FROM customers ORDER BY id DESC LIMIT 5")->fetchAll();
$data[\'stats\'] = [
\'total_customers\' => db()->query("SELECT COUNT(*) FROM customers")->fetchColumn(),
\'total_items\' => db()->query("SELECT COUNT(*) FROM stock_items")->fetchColumn(),
\'total_sales\' => (db()->query("SELECT SUM(total_with_vat) FROM invoices")->fetchColumn() ?: 0) + (db()->query("SELECT SUM(net_amount) FROM pos_transactions WHERE status = \'completed\'")->fetchColumn() ?: 0),
\'total_received\' => (db()->query("SELECT SUM(amount) FROM payments")->fetchColumn() ?: 0) + (db()->query("SELECT SUM(amount) FROM pos_payments")->fetchColumn() ?: 0),
\'total_purchases\' => db()->query("SELECT SUM(total_with_vat) FROM purchases")->fetchColumn() ?: 0,
\'total_paid\' => db()->query("SELECT SUM(amount) FROM purchase_payments")->fetchColumn() ?: 0,
\'expired_items\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE expiry_date IS NOT NULL AND expiry_date <= CURDATE()")->fetchColumn(),
\'near_expiry_items\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE expiry_date IS NOT NULL AND expiry_date > CURDATE() AND expiry_date <= DATE_ADD(CURDATE(), INTERVAL 30 DAY)")->fetchColumn(),
\'low_stock_items_count\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE stock_quantity <= min_stock_level")->fetchColumn(),
];';
$repl_dashboard = ' if (can(\'dashboard_view\')) {
$out_w = isset($_SESSION[\'outlet_id\']) ? "WHERE outlet_id = " . (int)$_SESSION[\'outlet_id\'] : "WHERE 1=1";
$out_and = isset($_SESSION[\'outlet_id\']) ? "AND outlet_id = " . (int)$_SESSION[\'outlet_id\'] : "";
$data[\'customers\'] = db()->query("SELECT * FROM customers $out_w ORDER BY id DESC LIMIT 5")->fetchAll();
$data[\'stats\'] = [
\'total_customers\' => db()->query("SELECT COUNT(*) FROM customers $out_w")->fetchColumn(),
\'total_items\' => db()->query("SELECT COUNT(*) FROM stock_items $out_w")->fetchColumn(),
\'total_sales\' => (db()->query("SELECT SUM(total_with_vat) FROM invoices $out_w")->fetchColumn() ?: 0) + (db()->query("SELECT SUM(net_amount) FROM pos_transactions WHERE status = \'completed\' $out_and")->fetchColumn() ?: 0),
\'total_received\' => (db()->query("SELECT SUM(amount) FROM payments $out_w")->fetchColumn() ?: 0) + (db()->query("SELECT SUM(amount) FROM pos_payments WHERE 1=1 $out_and")->fetchColumn() ?: 0),
\'total_purchases\' => db()->query("SELECT SUM(total_with_vat) FROM purchases $out_w")->fetchColumn() ?: 0,
\'total_paid\' => db()->query("SELECT SUM(amount) FROM purchase_payments $out_w")->fetchColumn() ?: 0,
\'expired_items\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE expiry_date IS NOT NULL AND expiry_date <= CURDATE() $out_and")->fetchColumn(),
\'near_expiry_items\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE expiry_date IS NOT NULL AND expiry_date > CURDATE() AND expiry_date <= DATE_ADD(CURDATE(), INTERVAL 30 DAY) $out_and")->fetchColumn(),
\'low_stock_items_count\' => db()->query("SELECT COUNT(*) FROM stock_items WHERE stock_quantity <= min_stock_level $out_and")->fetchColumn(),
];';
$c = str_replace($find_dashboard, $repl_dashboard, $c);
// Also replace the queries for Cash Flow and Charts
$find_charts = ' $data[\'monthly_sales\'] = db()->query("
SELECT label, SUM(tot) as total FROM (
SELECT DATE_FORMAT(invoice_date, \'%M %Y\') as label, total_with_vat as tot, DATE_FORMAT(invoice_date, \'%Y-%m\') as sort_col FROM invoices
UNION ALL
SELECT DATE_FORMAT(created_at, \'%M %Y\') as label, net_amount as tot, DATE_FORMAT(created_at, \'%Y-%m\') as sort_col FROM pos_transactions WHERE status = \'completed\'
) t
GROUP BY label, sort_col
ORDER BY sort_col ASC LIMIT 12
")->fetchAll(PDO::FETCH_ASSOC);
$data[\'yearly_sales\'] = db()->query("
SELECT label, SUM(tot) as total FROM (
SELECT YEAR(invoice_date) as label, total_with_vat as tot FROM invoices
UNION ALL
SELECT YEAR(created_at) as label, net_amount as tot FROM pos_transactions WHERE status = \'completed\'
) t
GROUP BY label
ORDER BY label ASC LIMIT 5
")->fetchAll(PDO::FETCH_ASSOC);';
$repl_charts = ' $data[\'monthly_sales\'] = db()->query("
SELECT label, SUM(tot) as total FROM (
SELECT DATE_FORMAT(invoice_date, \'%M %Y\') as label, total_with_vat as tot, DATE_FORMAT(invoice_date, \'%Y-%m\') as sort_col FROM invoices $out_w
UNION ALL
SELECT DATE_FORMAT(created_at, \'%M %Y\') as label, net_amount as tot, DATE_FORMAT(created_at, \'%Y-%m\') as sort_col FROM pos_transactions WHERE status = \'completed\' $out_and
) t
GROUP BY label, sort_col
ORDER BY sort_col ASC LIMIT 12
")->fetchAll(PDO::FETCH_ASSOC);
$data[\'yearly_sales\'] = db()->query("
SELECT label, SUM(tot) as total FROM (
SELECT YEAR(invoice_date) as label, total_with_vat as tot FROM invoices $out_w
UNION ALL
SELECT YEAR(created_at) as label, net_amount as tot FROM pos_transactions WHERE status = \'completed\' $out_and
) t
GROUP BY label
ORDER BY label ASC LIMIT 5
")->fetchAll(PDO::FETCH_ASSOC);';
$c = str_replace($find_charts, $repl_charts, $c);
file_put_contents('index.php', $c);
echo "Dashboard Patched\n";

9
patch_expenses.php
View File

@ -1,9 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = "case 'expenses':\n \$where = [\"1=1\"];";
$replace = "case 'expenses':\n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"e.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }";
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);
echo "Expenses patched.\n";

15
patch_lists.php
View File

@ -1,15 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = '$where = ["1=1"];';
$replace = '$where = ["1=1"];
if (isset($_SESSION[\'outlet_id\'])) {
$where[] = "v.outlet_id = " . (int)$_SESSION[\'outlet_id\'];
}';
// Apply to case 'sales', 'purchases'
$content = preg_replace("/case 'sales':.*?case 'purchases':.*?\\\$where = \[\"1=1\"\];/s", "case 'sales':\n case 'purchases':\n \$type = (\$page === 'sales') ? 'sale' : 'purchase';\n \$table = (\$type === 'purchase') ? 'purchases' : 'invoices';\n \$cust_supplier_col = (\$type === 'purchase') ? 'supplier_id' : 'customer_id';\n \$cust_supplier_table = (\$type === 'purchase') ? 'suppliers' : 'customers';\n \n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"v.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }", $content);
file_put_contents('index.php', $content);
echo "sales and purchases patched.\n";

23
patch_lpoprint.php
View File

@ -1,23 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
<h4 class="fw-bold mb-0">${companySettings.company_name || 'Your Company'}</h4>
<p class="text-muted mb-0 small">
${companySettings.company_address || ''}<br>
Phone: ${companySettings.company_phone || ''} | Email: ${companySettings.company_email || ''}
${companySettings.tax_number ? `<br>TRN: ${companySettings.tax_number}` : ''}
</p>
JS;
$replace = <<<'JS'
<h4 class="fw-bold mb-0">${data.outlet_name || companySettings.company_name || 'Your Company'}</h4>
<p class="text-muted mb-0 small">
${data.outlet_address ? data.outlet_address.replace(/\n/g, '<br>') : (companySettings.company_address || '').replace(/\n/g, '<br>')}<br>
Phone: ${data.outlet_phone || companySettings.company_phone || ''} | Email: ${companySettings.company_email || ''}
${companySettings.tax_number ? `<br>TRN: ${companySettings.tax_number}` : ''}
</p>
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

25
patch_others.php
View File

@ -1,25 +0,0 @@
<?php
$content = file_get_contents('index.php');
// Quotations
$search_q = "case 'quotations':\n \$where = [\"1=1\"];";
$replace_q = "case 'quotations':\n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"q.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }";
$content = str_replace($search_q, $replace_q, $content);
// LPOs
$search_l = "case 'lpos':\n \$where = [\"1=1\"];";
$replace_l = "case 'lpos':\n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"q.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }";
$content = str_replace($search_l, $replace_l, $content);
// Sales Returns
$search_sr = "case 'sales_returns':\n \$where = [\"1=1\"];";
$replace_sr = "case 'sales_returns':\n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"sr.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }";
$content = str_replace($search_sr, $replace_sr, $content);
// Purchase Returns
$search_pr = "case 'purchase_returns':\n \$where = [\"1=1\"];";
$replace_pr = "case 'purchase_returns':\n \$where = [\"1=1\"];\n if (isset(\$_SESSION['outlet_id'])) {\n \$where[] = \"pr.outlet_id = \" . (int)\$_SESSION['outlet_id'];\n }";
$content = str_replace($search_pr, $replace_pr, $content);
file_put_contents('index.php', $content);
echo "Other lists patched.\n";

26
patch_outlets.php
View File

@ -1,26 +0,0 @@
<?php
$content = file_get_contents('index.php');
// 1. Fix Login Session
$content = str_replace(
"\$_SESSION['user_role_name'] = \$u['role_name'];",
"\$_SESSION['user_role_name'] = \$u['role_name'];\n \$_SESSION['outlet_id'] = \$u['outlet_id'];",
$content
);
// 2. Fix Add User POST
$content = preg_replace(
"/\\\$group_id = \(int\)\(\\\$_POST\['group_id'\] \?\? 0\) \?\: null;.*?\\\$stmt = \\\$db->prepare\(\"INSERT INTO users \(username, password, email, phone, group_id\) VALUES \(\?, \?, \?, \?, \?\)\"\);.*?\\\$stmt->execute\(\[\\\$username, password_hash\(\\\$password, PASSWORD_DEFAULT\), \\\$email, \\\$phone, \\\$group_id\]\);/s",
"\$group_id = (int)(\$_POST['group_id'] ?? 0) ?: null;\n \$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;\n \$stmt = \$db->prepare(\"INSERT INTO users (username, password, email, phone, group_id, outlet_id) VALUES (?, ?, ?, ?, ?, ?)\");\n \$stmt->execute([\$username, password_hash(\$password, PASSWORD_DEFAULT), \$email, \$phone, \$group_id, \$outlet_id]);",
$content
);
// 3. Fix Edit User POST
$content = preg_replace(
"/\\\$group_id = \(int\)\(\\\$_POST\['group_id'\] \?\? 0\) \?\: null;.*?if \(\!empty\(\\\$password\)\) \{.*?\\\$stmt = \\\$db->prepare\(\"UPDATE users SET username=\?, password=\?, email=\?, phone=\?, group_id=\? WHERE id=\?\"\);.*?\\\$stmt->execute\(\[\\\$username, password_hash\(\\\$password, PASSWORD_DEFAULT\), \\\$email, \\\$phone, \\\$group_id, \\\$id\]\);.*?\} else \{.*?\\\$stmt = \\\$db->prepare\(\"UPDATE users SET username=\?, email=\?, phone=\?, group_id=\? WHERE id=\?\"\);.*?\\\$stmt->execute\(\[\\\$username, \\\$email, \\\$phone, \\\$group_id, \\\$id\]\);.*?\}/s",
"\$group_id = (int)(\$_POST['group_id'] ?? 0) ?: null;\n \$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;\n if (!empty(\$password)) {\n \$stmt = \$db->prepare(\"UPDATE users SET username=?, password=?, email=?, phone=?, group_id=?, outlet_id=? WHERE id=?\");\n \$stmt->execute([\$username, password_hash(\$password, PASSWORD_DEFAULT), \$email, \$phone, \$group_id, \$outlet_id, \$id]);\n } else {\n \$stmt = \$db->prepare(\"UPDATE users SET username=?, email=?, phone=?, group_id=?, outlet_id=? WHERE id=?\");\n \$stmt->execute([\$username, \$email, \$phone, \$group_id, \$outlet_id, \$id]);\n }",
$content
);
file_put_contents('index.php', $content);
echo "Patched auth & post logic\n";

23
patch_payment.php
View File

@ -1,23 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'SQL'
$stmt = db()->prepare("SELECT p.*, i.customer_id, c.name as customer_name,
o.name as outlet_name, o.address as outlet_address, o.phone as outlet_phone
FROM payments p
JOIN invoices i ON p.invoice_id = i.id
LEFT JOIN customers c ON i.customer_id = c.id
LEFT JOIN outlets o ON i.outlet_id = o.id
WHERE p.id = ?");
SQL;
$replace = <<<'SQL'
$stmt = db()->prepare("SELECT p.*, i.customer_id, i.id as inv_id, c.name as customer_name,
o.name as outlet_name, o.address as outlet_address, o.phone as outlet_phone
FROM payments p
JOIN invoices i ON p.invoice_id = i.id
LEFT JOIN customers c ON i.customer_id = c.id
LEFT JOIN outlets o ON i.outlet_id = o.id
WHERE p.id = ?");
SQL;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

37
patch_posreceipt.php
View File

@ -1,37 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
const companyName = "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const companyPhone = "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>";
const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>";
const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>";
container.innerHTML = `
<div class="thermal-receipt <?= $lang === 'ar' ? 'rtl' : '' ?>">
<div class="center">
${companyLogo ? `<img src="${companyLogo}" alt="Logo" style="max-height: 60px; width: auto; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto;">` : ''}
<h5 class="mb-0 fw-bold">${companyName}</h5>
${companyPhone ? `<div>هاتف / Tel: ${companyPhone}</div>` : ''}
${companyVat ? `<div>الرقم الضريبي / VAT No: ${companyVat}</div>` : ''}
JS;
$replace = <<<'JS'
const companyName = outletName || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const companyPhone = outletPhone || "<?= htmlspecialchars($data['settings']['company_phone'] ?? '') ?>";
const companyAddress = outletAddress ? outletAddress.replace(/\n/g, '<br>') : "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>";
const companyVat = "<?= htmlspecialchars($data['settings']['vat_number'] ?? '') ?>";
const companyLogo = "<?= htmlspecialchars($data['settings']['company_logo'] ?? '') ?>";
container.innerHTML = `
<div class="thermal-receipt <?= $lang === 'ar' ? 'rtl' : '' ?>">
<div class="center">
${companyLogo ? `<img src="${companyLogo}" alt="Logo" style="max-height: 60px; width: auto; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto;">` : ''}
<h5 class="mb-0 fw-bold">${companyName}</h5>
${companyAddress ? `<div>${companyAddress}</div>` : ''}
${companyPhone ? `<div>هاتف / Tel: ${companyPhone}</div>` : ''}
${companyVat ? `<div>الرقم الضريبي / VAT No: ${companyVat}</div>` : ''}
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

17
patch_qrcode.php
View File

@ -1,17 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
const companyName = <?= json_encode($data['settings']['company_name'] ?? 'Accounting System') ?>;
const vatNo = <?= json_encode($data['settings']['vat_number'] ?? '') ?>;
const qrData = `Seller: ${companyName}\nVAT: ${vatNo}\nInvoice: INV-${data.id.toString().padStart(5, '0')}\nDate: ${data.invoice_date}\nTotal: ${grandTotalValue.toFixed(3)}`;
JS;
$replace = <<<'JS'
const companyName = data.outlet_name || <?= json_encode($data['settings']['company_name'] ?? 'Accounting System') ?>;
const vatNo = <?= json_encode($data['settings']['vat_number'] ?? '') ?>;
const qrData = `Seller: ${companyName}\nVAT: ${vatNo}\nInvoice: INV-${data.id.toString().padStart(5, '0')}\nDate: ${data.invoice_date}\nTotal: ${grandTotalValue.toFixed(3)}`;
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

40
patch_quotations.php
View File

@ -1,40 +0,0 @@
<?php
$content = file_get_contents('index.php');
// Quotations query update
$search_q = <<<'SQL'
$stmt = db()->prepare("SELECT q.*, c.name as customer_name
FROM quotations q
JOIN customers c ON q.customer_id = c.id
WHERE $whereSql
SQL;
$replace_q = <<<'SQL'
$stmt = db()->prepare("SELECT q.*, c.name as customer_name, o.name as outlet_name, o.address as outlet_address, o.phone as outlet_phone
FROM quotations q
JOIN customers c ON q.customer_id = c.id
LEFT JOIN outlets o ON q.outlet_id = o.id
WHERE $whereSql
SQL;
$content = str_replace($search_q, $replace_q, $content);
// LPOs query update
$search_l = <<<'SQL'
$stmt = db()->prepare("SELECT q.*, s.name as supplier_name
FROM lpos q
JOIN suppliers s ON q.supplier_id = s.id
WHERE $whereSql
SQL;
$replace_l = <<<'SQL'
$stmt = db()->prepare("SELECT q.*, s.name as supplier_name, o.name as outlet_name, o.address as outlet_address, o.phone as outlet_phone
FROM lpos q
JOIN suppliers s ON q.supplier_id = s.id
LEFT JOIN outlets o ON q.outlet_id = o.id
WHERE $whereSql
SQL;
$content = str_replace($search_l, $replace_l, $content);
file_put_contents('index.php', $content);

15
patch_receipt.php
View File

@ -1,15 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'HTML'
<h3 class="mb-1 fw-bold"><?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?></h3>
<p class="text-muted small mb-0"><?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?></p>
HTML;
$replace = <<<'HTML'
<h3 class="mb-1 fw-bold" id="receiptCompanyName"><?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?></h3>
<p class="text-muted small mb-0" id="receiptCompanyAddress"><?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?></p>
HTML;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

22
patch_showreceipt.php
View File

@ -1,22 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
document.getElementById('receiptAmountWords').textContent = data.amount_words;
// Update labels for Purchase vs Sale
JS;
$replace = <<<'JS'
document.getElementById('receiptAmountWords').textContent = data.amount_words;
const rcn = document.getElementById('receiptCompanyName');
if(rcn) rcn.textContent = data.outlet_name || "<?= htmlspecialchars($data['settings']['company_name'] ?? 'Accounting System') ?>";
const rca = document.getElementById('receiptCompanyAddress');
if(rca) rca.innerHTML = data.outlet_address ? data.outlet_address.replace(/\n/g, '<br>') : "<?= nl2br(htmlspecialchars($data['settings']['company_address'] ?? '')) ?>";
// Update labels for Purchase vs Sale
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

46
patch_users.php
View File

@ -1,46 +0,0 @@
<?php
$c = file_get_contents('index.php');
// Fix Add User
$find_add = ' $stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id) VALUES (?, ?, ?, ?, ?)");
try {
$stmt->execute([$username, $hashed_password, $email, $phone, $group_id]);';
$repl_add = ' $outlet_id = !empty($_POST[\'outlet_id\']) ? (int)$_POST[\'outlet_id\'] : null;
$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id, outlet_id) VALUES (?, ?, ?, ?, ?, ?)");
try {
$stmt->execute([$username, $hashed_password, $email, $phone, $group_id, $outlet_id]);';
$c = str_replace($find_add, $repl_add, $c);
// Fix Edit User
$find_edit = ' if ($password) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET username = ?, password = ?, email = ?, phone = ?, group_id = ? WHERE id = ?");
$stmt->execute([$username, $hashed_password, $email, $phone, $group_id, $id]);
} else {
$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ? WHERE id = ?");
$stmt->execute([$username, $email, $phone, $group_id, $id]);
}';
$repl_edit = ' $outlet_id = !empty($_POST[\'outlet_id\']) ? (int)$_POST[\'outlet_id\'] : null;
if ($password) {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET username = ?, password = ?, email = ?, phone = ?, group_id = ?, outlet_id = ? WHERE id = ?");
$stmt->execute([$username, $hashed_password, $email, $phone, $group_id, $outlet_id, $id]);
} else {
$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, outlet_id = ? WHERE id = ?");
$stmt->execute([$username, $email, $phone, $group_id, $outlet_id, $id]);
}';
$c = str_replace($find_edit, $repl_edit, $c);
// Fix login session
$c = str_replace(
"\$_SESSION['user_role_name'] = \$u['role_name'];",
"\$_SESSION['user_role_name'] = \$u['role_name'];\n \$_SESSION['outlet_id'] = \$u['outlet_id'];",
$c
);
file_put_contents('index.php', $c);
echo "Patched users.php\n";

99
patch_users_1.php
View File

@ -1,99 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
// Replace login script to store assigned_outlets
$content = str_replace(
" \$_SESSION['outlet_id'] = \$u['outlet_id'];",
" \$_SESSION['outlet_id'] = \$u['outlet_id'];\n \$_SESSION['assigned_outlets'] = \$u['assigned_outlets'];",
$content
);
// Replace switch_outlet logic
$old_switch = <<<EOD
if (isset(\$_GET['action']) && \$_GET['action'] === 'switch_outlet') {
\$target = (int)\$_GET['id'];
if ((\$_SESSION['user_role_name'] ?? '') === 'Administrator') {
\$_SESSION['outlet_id'] = \$target === 0 ? null : \$target;
}
header("Location: " . (\$_SERVER['HTTP_REFERER'] ?? 'index.php'));
exit;
}
EOD;
$new_switch = <<<EOD
if (isset(\$_GET['action']) && \$_GET['action'] === 'switch_outlet') {
\$target = (int)\$_GET['id'];
\$is_admin = (\$_SESSION['user_role_name'] ?? '') === 'Administrator';
\$assigned_outlets = isset(\$_SESSION['assigned_outlets']) ? explode(',', \$_SESSION['assigned_outlets']) : [];
if (\$is_admin || in_array(\$target, \$assigned_outlets)) {
\$_SESSION['outlet_id'] = (\$target === 0 && \$is_admin) ? null : \$target;
}
header("Location: " . (\$_SERVER['HTTP_REFERER'] ?? 'index.php'));
exit;
}
EOD;
$content = str_replace($old_switch, $new_switch, $content);
// Update nav dropdown logic
$old_nav = <<<EOD
<?php
if ((\$_SESSION['user_role_name'] ?? '') === 'Administrator'):
\$outlets = db()->query("SELECT * FROM outlets WHERE status = 'active'")->fetchAll(PDO::FETCH_ASSOC);
\$cur_out = \$_SESSION['outlet_id'] ?? 0;
\$cur_name = 'All Outlets';
foreach (\$outlets as \$o) { if (\$o['id'] == \$cur_out) \$cur_name = \$o['name']; }
?>
<div class="dropdown me-3">
<button class="btn btn-outline-primary btn-sm dropdown-toggle" type="button" data-bs-toggle="dropdown">
<i class="bi bi-shop"></i> <span class="d-none d-md-inline"><?= htmlspecialchars(\$cur_name) ?></span>
</button>
<ul class="dropdown-menu shadow-sm border-0">
<li><a class="dropdown-item <?= \$cur_out == 0 ? 'active' : '' ?>" href="index.php?action=switch_outlet&id=0">All Outlets</a></li>
<li><hr class="dropdown-divider"></li>
<?php foreach (\$outlets as \$o): ?>
<li><a class="dropdown-item <?= \$cur_out == \$o['id'] ? 'active' : '' ?>" href="index.php?action=switch_outlet&id=<?= \$o['id'] ?>"><?= htmlspecialchars(\$o['name']) ?></a></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
EOD;
$new_nav = <<<EOD
<?php
\$is_admin = (\$_SESSION['user_role_name'] ?? '') === 'Administrator';
\$assigned_outlets_str = \$_SESSION['assigned_outlets'] ?? '';
\$assigned_outlets_arr = array_filter(explode(',', \$assigned_outlets_str));
if (\$is_admin || count(\$assigned_outlets_arr) > 1):
if (\$is_admin) {
\$outlets = db()->query("SELECT * FROM outlets WHERE status = 'active'")->fetchAll(PDO::FETCH_ASSOC);
} else {
\$in_clause = implode(',', array_map('intval', \$assigned_outlets_arr));
\$outlets = db()->query("SELECT * FROM outlets WHERE status = 'active' AND id IN (\$in_clause)")->fetchAll(PDO::FETCH_ASSOC);
}
\$cur_out = \$_SESSION['outlet_id'] ?? 0;
\$cur_name = \$is_admin ? 'All Outlets' : (count(\$outlets) > 0 ? \$outlets[0]['name'] : 'Select Outlet');
foreach (\$outlets as \$o) { if (\$o['id'] == \$cur_out) \$cur_name = \$o['name']; }
?>
<div class="dropdown me-3">
<button class="btn btn-outline-primary btn-sm dropdown-toggle" type="button" data-bs-toggle="dropdown">
<i class="bi bi-shop"></i> <span class="d-none d-md-inline"><?= htmlspecialchars(\$cur_name) ?></span>
</button>
<ul class="dropdown-menu shadow-sm border-0">
<?php if (\$is_admin): ?>
<li><a class="dropdown-item <?= \$cur_out == 0 ? 'active' : '' ?>" href="index.php?action=switch_outlet&id=0">All Outlets</a></li>
<li><hr class="dropdown-divider"></li>
<?php endif; ?>
<?php foreach (\$outlets as \$o): ?>
<li><a class="dropdown-item <?= \$cur_out == \$o['id'] ? 'active' : '' ?>" href="index.php?action=switch_outlet&id=<?= \$o['id'] ?>"><?= htmlspecialchars(\$o['name']) ?></a></li>
<?php endforeach; ?>
</ul>
</div>
<?php endif; ?>
EOD;
$content = str_replace($old_nav, $new_nav, $content);
file_put_contents($file, $content);
echo "Patch 1 applied.\n";

44
patch_users_2.php
View File

@ -1,44 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
// add_user backend
$old_add = <<<EOD
\$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;
\$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id, outlet_id) VALUES (?, ?, ?, ?, ?, ?)");
try {
\$stmt->execute([\$username, \$hashed_password, \$email, \$phone, \$group_id, \$outlet_id]);
EOD;
$new_add = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? \$_POST['outlet_ids'] : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)\$outlet_ids[0] : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
\$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id, outlet_id, assigned_outlets) VALUES (?, ?, ?, ?, ?, ?, ?)");
try {
\$stmt->execute([\$username, \$hashed_password, \$email, \$phone, \$group_id, \$outlet_id, \$assigned_outlets]);
EOD;
$content = str_replace($old_add, $new_add, $content);
// edit_user backend
$old_edit = <<<EOD
\$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;
if (\$id && \$username) {
\$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ?, outlet_id = ? WHERE id = ?");
\$stmt->execute([\$username, \$email, \$phone, \$group_id, \$status, \$outlet_id, \$id]);
EOD;
$new_edit = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? \$_POST['outlet_ids'] : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)\$outlet_ids[0] : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
if (\$id && \$username) {
\$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ?, outlet_id = ?, assigned_outlets = ? WHERE id = ?");
\$stmt->execute([\$username, \$email, \$phone, \$group_id, \$status, \$outlet_id, \$assigned_outlets, \$id]);
EOD;
$content = str_replace($old_edit, $new_edit, $content);
file_put_contents($file, $content);
echo "Patch 2 applied.\n";

64
patch_users_3.php
View File

@ -1,64 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
// add_user form
$old_add_ui = <<<EOD
<div class="mb-3">
<label class="form-label" data-en="Assigned Outlet" data-ar="الفرع">Assigned Outlet</label>
<select name="outlet_id" class="form-select">
<option value="">--- Global (Admin only) ---</option>
<?php foreach ((\$data['outlets'] ?? []) as \$o): ?>
<option value="<?= \$o['id'] ?>"><?= htmlspecialchars(\$o['name']) ?></option>
<?php endforeach; ?>
</select>
</div>
EOD;
$new_add_ui = <<<EOD
<div class="mb-3">
<label class="form-label" data-en="Assigned Outlets" data-ar="الفروع المخصصة">Assigned Outlets</label>
<select name="outlet_ids[]" class="form-select" multiple size="4">
<option value="">--- Global (Admin only) ---</option>
<?php foreach ((\$data['outlets'] ?? []) as \$o): ?>
<option value="<?= \$o['id'] ?>"><?= htmlspecialchars(\$o['name']) ?></option>
<?php endforeach; ?>
</select>
<div class="form-text small" data-en="Hold Ctrl/Cmd to select multiple outlets." data-ar="اضغط على Ctrl/Cmd لتحديد فروع متعددة.">Hold Ctrl/Cmd to select multiple outlets.</div>
</div>
EOD;
$content = str_replace($old_add_ui, $new_add_ui, $content);
// edit_user form
$old_edit_ui = <<<EOD
<div class="mb-3">
<label class="form-label fw-semibold" data-en="Assigned Outlet" data-ar="الفرع">Assigned Outlet</label>
<select name="outlet_id" class="form-select">
<option value="">--- Global (Admin only) ---</option>
<?php foreach ((\$data['outlets'] ?? []) as \$o): ?>
<option value="<?= \$o['id'] ?>" <?= (\$u['outlet_id'] ?? null) == \$o['id'] ? 'selected' : '' ?>><?= htmlspecialchars(\$o['name']) ?></option>
<?php endforeach; ?>
</select>
</div>
EOD;
$new_edit_ui = <<<EOD
<div class="mb-3">
<label class="form-label fw-semibold" data-en="Assigned Outlets" data-ar="الفروع المخصصة">Assigned Outlets</label>
<select name="outlet_ids[]" class="form-select" multiple size="4">
<option value="">--- Global (Admin only) ---</option>
<?php
\$assigned = explode(',', \$u['assigned_outlets'] ?? '');
foreach ((\$data['outlets'] ?? []) as \$o): ?>
<option value="<?= \$o['id'] ?>" <?= in_array(\$o['id'], \$assigned) || (\$u['outlet_id'] ?? null) == \$o['id'] ? 'selected' : '' ?>><?= htmlspecialchars(\$o['name']) ?></option>
<?php endforeach; ?>
</select>
<div class="form-text small" data-en="Hold Ctrl/Cmd to select multiple outlets." data-ar="اضغط على Ctrl/Cmd لتحديد فروع متعددة.">Hold Ctrl/Cmd to select multiple outlets.</div>
</div>
EOD;
$content = str_replace($old_edit_ui, $new_edit_ui, $content);
file_put_contents($file, $content);
echo "Patch 3 applied.\n";

45
patch_users_4.php
View File

@ -1,45 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
$old_action = <<<EOD
<div class="dropdown">
<button class="btn btn-light btn-sm rounded-circle" type="button" data-bs-toggle="dropdown">
<i class="bi bi-three-dots-vertical"></i>
</button>
<ul class="dropdown-menu dropdown-menu-end shadow-sm border-0">
<?php if (can('users_edit')): ?>
<li><a class="dropdown-item" href="#" data-bs-toggle="modal" data-bs-target="#editUserModal<?= \$u['id'] ?>"><i class="bi bi-pencil me-2 text-primary"></i> Edit Profile</a></li>
<?php endif; ?>
<?php if (can('users_delete')): ?>
<li><hr class="dropdown-divider"></li>
<li>
<form method="POST" onsubmit="return confirm('Deactivate this user account?')">
<input type="hidden" name="id" value="<?= \$u['id'] ?>">
<button type="submit" name="delete_user" class="dropdown-item text-danger"><i class="bi bi-trash me-2"></i> Remove Access</button>
</form>
</li>
<?php endif; ?>
</ul>
</div>
EOD;
$new_action = <<<EOD
<div class="d-flex justify-content-end gap-2">
<?php if (can('users_edit')): ?>
<button class="btn btn-light btn-sm text-primary" data-bs-toggle="modal" data-bs-target="#editUserModal<?= \$u['id'] ?>" title="Edit Profile">
<i class="bi bi-pencil"></i>
</button>
<?php endif; ?>
<?php if (can('users_delete')): ?>
<form method="POST" onsubmit="return confirm('Deactivate this user account?')" class="d-inline">
<input type="hidden" name="id" value="<?= \$u['id'] ?>">
<button type="submit" name="delete_user" class="btn btn-light btn-sm text-danger" title="Remove Access"><i class="bi bi-trash"></i></button>
</form>
<?php endif; ?>
</div>
EOD;
$content = str_replace($old_action, $new_action, $content);
file_put_contents($file, $content);
echo "Patch 4 applied.\n";

43
patch_users_5.php
View File

@ -1,43 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
$old_display = <<<EOD
<span class="badge rounded-pill bg-secondary bg-opacity-10 text-secondary px-3">
<?php
\$out_name = "Global / All Outlets";
foreach ((\$data["outlets"] ?? []) as \$out) {
if (\$out["id"] == \$u["outlet_id"]) {
\$out_name = \$out["name"];
break;
}
}
echo htmlspecialchars(\$out_name);
?>
</span>
EOD;
$new_display = <<<EOD
<div class="d-flex flex-wrap gap-1">
<?php
\$out_names = [];
\$assigned = array_filter(explode(',', \$u['assigned_outlets'] ?? ''));
if (empty(\$assigned) && !empty(\$u['outlet_id'])) {
\$assigned = [\$u['outlet_id']];
}
if (empty(\$assigned)) {
echo '<span class="badge rounded-pill bg-secondary bg-opacity-10 text-secondary px-3">Global / All Outlets</span>';
} else {
foreach ((\$data["outlets"] ?? []) as \$out) {
if (in_array(\$out["id"], \$assigned)) {
echo '<span class="badge rounded-pill bg-secondary bg-opacity-10 text-secondary px-2 py-1">' . htmlspecialchars(\$out["name"]) . '</span>';
}
}
}
?>
</div>
EOD;
$content = str_replace($old_display, $new_display, $content);
file_put_contents($file, $content);
echo "Patch 5 applied.\n";

44
patch_users_6.php
View File

@ -1,44 +0,0 @@
<?php
$file = 'index.php';
$content = file_get_contents($file);
// add_user
$old_add = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? \$_POST['outlet_ids'] : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)\$outlet_ids[0] : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
\$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id, outlet_id, assigned_outlets) VALUES (?, ?, ?, ?, ?, ?, ?)");
EOD;
$new_add = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? array_filter(\$_POST['outlet_ids'], function(\$v) { return \$v !== ''; }) : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)reset(\$outlet_ids) : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
\$stmt = db()->prepare("INSERT INTO users (username, password, email, phone, group_id, outlet_id, assigned_outlets) VALUES (?, ?, ?, ?, ?, ?, ?)");
EOD;
$content = str_replace($old_add, $new_add, $content);
// edit_user
$old_edit = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? \$_POST['outlet_ids'] : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)\$outlet_ids[0] : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
if (\$id && \$username) {
\$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ?, outlet_id = ?, assigned_outlets = ? WHERE id = ?");
EOD;
$new_edit = <<<EOD
\$outlet_ids = !empty(\$_POST['outlet_ids']) && is_array(\$_POST['outlet_ids']) ? array_filter(\$_POST['outlet_ids'], function(\$v) { return \$v !== ''; }) : [];
\$outlet_id = !empty(\$outlet_ids) ? (int)reset(\$outlet_ids) : null;
\$assigned_outlets = !empty(\$outlet_ids) ? implode(',', array_map('intval', \$outlet_ids)) : null;
if (\$id && \$username) {
\$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ?, outlet_id = ?, assigned_outlets = ? WHERE id = ?");
EOD;
$content = str_replace($old_edit, $new_edit, $content);
file_put_contents($file, $content);
echo "Patch 6 applied.\n";

17
patch_users_edit_post.php
View File

@ -1,17 +0,0 @@
<?php
$c = file_get_contents('index.php');
$find_edit_post = '$status = $_POST[\'status\'] ?? \'active\';
if ($id && $username) {
$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ? WHERE id = ?");
$stmt->execute([$username, $email, $phone, $group_id, $status, $id]);';
$repl_edit_post = '$status = $_POST[\'status\'] ?? \'active\';
$outlet_id = !empty($_POST[\'outlet_id\']) ? (int)$_POST[\'outlet_id\'] : null;
if ($id && $username) {
$stmt = db()->prepare("UPDATE users SET username = ?, email = ?, phone = ?, group_id = ?, status = ?, outlet_id = ? WHERE id = ?");
$stmt->execute([$username, $email, $phone, $group_id, $status, $outlet_id, $id]);';
$c = str_replace($find_edit_post, $repl_edit_post, $c);
file_put_contents('index.php', $c);
echo "Edit Post Patched\n";

31
patch_users_edit_ui.php
View File

@ -1,31 +0,0 @@
<?php
$c = file_get_contents('index.php');
$find_group_edit = '<select name="group_id" class="form-select">
<option value="">--- No Group ---</option>
<?php foreach (($data[\'role_groups\'] ?? []) as $g): ?>
<option value="<?= $g[\'id\'] ?>" <?= ($u[\'group_id\'] ?? null) == $g[\'id\'] ? \'selected\' : \'\' ?>><?= htmlspecialchars((string)$g[\'name\']) ?></option>
<?php endforeach; ?>
</select>
</div>';
$repl_group_edit = $find_group_edit . '
<div class="mb-3">
<label class="form-label fw-semibold" data-en="Assigned Outlet" data-ar="الفرع">Assigned Outlet</label>
<select name="outlet_id" class="form-select">
<option value="">--- Global (Admin only) ---</option>
<?php foreach (($data[\'outlets\'] ?? []) as $o): ?>
<option value="<?= $o[\'id\'] ?>" <?= ($u[\'outlet_id\'] ?? null) == $o[\'id\'] ? \'selected\' : \'\' ?>><?= htmlspecialchars($o[\'name\']) ?></option>
<?php endforeach; ?>
</select>
</div>';
$c = str_replace($find_group_edit, $repl_group_edit, $c);
// Also we need to make sure 'status' was updated in Edit User POST!
// Looking at the previous edit_user patch, I didn't add status. I will add status now since the UI has it!
// Actually, earlier the backend code didn't update `status`?
// Let me just replace the file contents.
file_put_contents('index.php', $c);
echo "UI Edit Patched\n";

34
patch_users_ui.php
View File

@ -1,34 +0,0 @@
<?php
$c = file_get_contents('index.php');
// Fetch outlets for users
$c = str_replace(
"\$data['role_groups'] = db()->query(\"SELECT id, name FROM role_groups ORDER BY name ASC\")->fetchAll();\n break;\n case 'backups':",
"\$data['role_groups'] = db()->query(\"SELECT id, name FROM role_groups ORDER BY name ASC\")->fetchAll();\n \$data['outlets'] = db()->query(\"SELECT id, name FROM outlets ORDER BY name ASC\")->fetchAll();\n break;\n case 'backups':",
$c
);
// Add Outlet field to Add User
$find_group_add = '<select name="group_id" class="form-select">
<option value="">--- Select Group ---</option>
<?php foreach (($data[\'role_groups\'] ?? []) as $g): ?>
<option value="<?= $g[\'id\'] ?>"><?= htmlspecialchars($g[\'name\']) ?></option>
<?php endforeach; ?>
</select>
</div>';
$repl_group_add = $find_group_add . '
<div class="mb-3">
<label class="form-label" data-en="Assigned Outlet" data-ar="الفرع">Assigned Outlet</label>
<select name="outlet_id" class="form-select">
<option value="">--- Global (Admin only) ---</option>
<?php foreach (($data[\'outlets\'] ?? []) as $o): ?>
<option value="<?= $o[\'id\'] ?>"><?= htmlspecialchars($o[\'name\']) ?></option>
<?php endforeach; ?>
</select>
</div>';
$c = str_replace($find_group_add, $repl_group_add, $c);
file_put_contents('index.php', $c);
echo "UI Patched\n";

19
patch_viewquot.php
View File

@ -1,19 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'JS'
const companyName = companySettings.company_name || 'Accounting System';
const companyAddress = (companySettings.company_address || '').replace(/\n/g, '<br>');
const companyVat = companySettings.vat_number ? `<p class="text-muted small mb-0">VAT: ${companySettings.vat_number}</p>` : '';
const companyPhone = companySettings.company_phone ? `<p class="text-muted small mb-0">Tel: ${companySettings.company_phone}</p>` : '';
JS;
$replace = <<<'JS'
const companyName = data.outlet_name || companySettings.company_name || 'Accounting System';
const companyAddress = data.outlet_address ? data.outlet_address.replace(/\n/g, '<br>') : (companySettings.company_address || '').replace(/\n/g, '<br>');
const companyVat = companySettings.vat_number ? `<p class="text-muted small mb-0">VAT: ${companySettings.vat_number}</p>` : '';
const companyPhone = data.outlet_phone ? `<p class="text-muted small mb-0">Tel: ${data.outlet_phone}</p>` : (companySettings.company_phone ? `<p class="text-muted small mb-0">Tel: ${companySettings.company_phone}</p>` : '');
JS;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content);

3
post_debug.log
View File

@ -18,3 +18,6 @@
2026-02-26 03:09:24 - POST: {"action":"translate","text":"LAMING RED KIDNEY BEANS 425","target":"ar"} 2026-02-26 03:09:24 - POST: {"action":"translate","text":"LAMING RED KIDNEY BEANS 425","target":"ar"}
2026-02-26 03:09:34 - POST: {"id":"62","name_en":"LAMING RED KIDNEY BEANS 425","name_ar":"\u0641\u0627\u0635\u0648\u0644\u064a\u0627\u0621 \u062d\u0645\u0631\u0627\u0621 \u0644\u0627\u0645\u064a\u0646\u062c 425","sku":"000023071605","category_id":"2","unit_id":"1","supplier_id":"5","sale_price":"0.25","purchase_price":"0.2","stock_quantity":"0","min_stock_level":"0","vat_rate":"0.00","expiry_date":"","promotion_start":"","promotion_end":"","promotion_percent":"0","edit_item":""} 2026-02-26 03:09:34 - POST: {"id":"62","name_en":"LAMING RED KIDNEY BEANS 425","name_ar":"\u0641\u0627\u0635\u0648\u0644\u064a\u0627\u0621 \u062d\u0645\u0631\u0627\u0621 \u0644\u0627\u0645\u064a\u0646\u062c 425","sku":"000023071605","category_id":"2","unit_id":"1","supplier_id":"5","sale_price":"0.25","purchase_price":"0.2","stock_quantity":"0","min_stock_level":"0","vat_rate":"0.00","expiry_date":"","promotion_start":"","promotion_end":"","promotion_percent":"0","edit_item":""}
2026-02-26 03:11:08 - POST: {"action":"save_pos_transaction","customer_id":"","payments":"[{\"method\":\"cash\",\"amount\":1.7}]","total_amount":"1.7000000000000002","tax_amount":"0","discount_code_id":"","discount_amount":"0","loyalty_redeemed":"0","items":"[{\"id\":48,\"qty\":1,\"price\":1.3,\"vat_rate\":0,\"vat_amount\":0},{\"id\":17,\"qty\":1,\"price\":0.4,\"vat_rate\":0,\"vat_amount\":0}]"} 2026-02-26 03:11:08 - POST: {"action":"save_pos_transaction","customer_id":"","payments":"[{\"method\":\"cash\",\"amount\":1.7}]","total_amount":"1.7000000000000002","tax_amount":"0","discount_code_id":"","discount_amount":"0","loyalty_redeemed":"0","items":"[{\"id\":48,\"qty\":1,\"price\":1.3,\"vat_rate\":0,\"vat_amount\":0},{\"id\":17,\"qty\":1,\"price\":0.4,\"vat_rate\":0,\"vat_amount\":0}]"}
2026-02-26 05:17:43 - POST: {"action":"save_theme","theme":"forest"}
2026-02-26 05:17:47 - POST: {"action":"save_theme","theme":"default"}
2026-02-26 05:47:24 - POST: {"action":"save_pos_transaction","customer_id":"","payments":"[{\"method\":\"cash\",\"amount\":2.6}]","total_amount":"2.6","tax_amount":"0","discount_code_id":"","discount_amount":"0","loyalty_redeemed":"0","items":"[{\"id\":19,\"qty\":1,\"price\":1.2,\"vat_rate\":0,\"vat_amount\":0},{\"id\":12,\"qty\":1,\"price\":1.2,\"vat_rate\":0,\"vat_amount\":0},{\"id\":13,\"qty\":1,\"price\":0.2,\"vat_rate\":0,\"vat_amount\":0}]"}

21
update_payment.php
View File

@ -1,21 +0,0 @@
<?php
$content = file_get_contents('index.php');
$search = <<<'SQL'
$stmt = db()->prepare("SELECT p.*, i.customer_id, c.name as customer_name
FROM payments p
JOIN invoices i ON p.invoice_id = i.id
JOIN customers c ON i.customer_id = c.id
WHERE p.id = ?");
SQL;
$replace = <<<'SQL'
$stmt = db()->prepare("SELECT p.*, i.customer_id, i.type as inv_type, i.id as inv_id, c.name as customer_name,
o.name as outlet_name, o.address as outlet_address, o.phone as outlet_phone
FROM payments p
JOIN invoices i ON p.invoice_id = i.id
LEFT JOIN customers c ON i.customer_id = c.id
LEFT JOIN outlets o ON i.outlet_id = o.id
WHERE p.id = ?");
SQL;
$content = str_replace($search, $replace, $content);
file_put_contents('index.php', $content); // oops wait, file_put_contents