query("SELECT id, name_ar, name_en FROM expense_categories ORDER BY name_ar"); $categories = $catStmt->fetchAll(); $branchesStmt = $pdo->query("SELECT code, name_ar, name_en FROM branches ORDER BY name_ar"); $branches = $branchesStmt->fetchAll(); // Check if user is restricted to a branch $userBranch = $user['branch_code'] ?? ''; $isOwner = $user['role'] === 'owner'; // Handle Form Submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; if ($action === 'create' && has_permission('expenses', 'add')) { $pb = $_POST['branch_code'] ?? ''; $branch_code = can_access_branch($pb) ? $pb : $userBranch; if ($pb === '' && $user['role'] === 'owner') { $branch_code = null; } else if ($branch_code === '') { $branch_code = null; } $stmt = $pdo->prepare('INSERT INTO expenses (branch_code, category_id, amount, expense_date, description, created_by) VALUES (?, ?, ?, ?, ?, ?)'); $stmt->execute([ $branch_code === '' ? null : $branch_code, $_POST['category_id'], $_POST['amount'], $_POST['expense_date'], $_POST['description'] ?? '', $user['id'] ]); set_flash('success', tr('تمت إضافة المصروف بنجاح', 'Expense added successfully')); redirect_to('expenses.php'); } elseif ($action === 'edit' && has_permission('expenses', 'edit')) { $pb = $_POST['branch_code'] ?? ''; $branch_code = can_access_branch($pb) ? $pb : $userBranch; if ($pb === '' && $user['role'] === 'owner') { $branch_code = null; } else if ($branch_code === '') { $branch_code = null; } $stmt = $pdo->prepare('UPDATE expenses SET branch_code = ?, category_id = ?, amount = ?, expense_date = ?, description = ? WHERE id = ?'); $stmt->execute([ $branch_code === '' ? null : $branch_code, $_POST['category_id'], $_POST['amount'], $_POST['expense_date'], $_POST['description'] ?? '', $_POST['id'] ]); set_flash('success', tr('تم التحديث بنجاح', 'Updated successfully')); redirect_to('expenses.php'); } elseif ($action === 'delete' && has_permission('expenses', 'del')) { $stmt = $pdo->prepare('DELETE FROM expenses WHERE id = ?'); $stmt->execute([$_POST['id']]); set_flash('success', tr('تم الحذف بنجاح', 'Deleted successfully')); redirect_to('expenses.php'); } } // Pagination & Search $page = max(1, (int)($_GET['p'] ?? 1)); $limit = 10; $offset = ($page - 1) * $limit; $search = $_GET['q'] ?? ''; $where = '1=1'; $params = []; if ($search) { $where .= ' AND (e.description LIKE ?)'; $params[] = "%$search%"; } if (!$isOwner) { $ubranches = get_user_branches($user); if (!empty($ubranches)) { $inQuery = implode(',', array_fill(0, count($ubranches), '?')); $where .= " AND (e.branch_code IN ($inQuery) OR e.branch_code IS NULL)"; foreach ($ubranches as $ub) { $params[] = $ub; } } else { $where .= " AND e.branch_code IS NULL"; } } $totalStmt = $pdo->prepare("SELECT COUNT(*) FROM expenses e WHERE $where"); $totalStmt->execute($params); $total = $totalStmt->fetchColumn(); $totalPages = ceil($total / $limit); $queryStmt = $pdo->prepare(" SELECT e.*, c.name_ar as category_ar, c.name_en as category_en, b.name_ar as branch_ar, b.name_en as branch_en, u.name_ar as user_ar, u.name_en as user_en FROM expenses e LEFT JOIN expense_categories c ON e.category_id = c.id LEFT JOIN branches b ON e.branch_code = b.code LEFT JOIN users u ON e.created_by = u.id WHERE $where ORDER BY e.expense_date DESC, e.id DESC LIMIT $limit OFFSET $offset "); $queryStmt->execute($params); $items = $queryStmt->fetchAll(); require __DIR__ . '/includes/header.php'; ?>

'.h(tr('عام', 'General')).'' ?>
1): ?>