<?php

class inventory_manager {
	
	private $base_object;
	private $layout_object;
	private $db;
	
	function __construct() {
		$this->base_object = Registry::get('base');
		$this->layout_object = Registry::get('layout_object');
		$this->db = $this->base_object->db;
	}

	function run() {
		if (isset($_POST['action'])) {
			$action = $_POST['action'];
		} elseif (isset($_GET['action'])) {
			$action = $_GET['action'];
		} else {
			$action = false;
		}
		
		if ($action == "get_item_by_search_string") {
			$this->get_item_by_search_string();
		} elseif ($action == "get_item_for_inventory") {
			$this->get_item_for_inventory();
		} elseif ($action == "save_item_for_inventory") {
			$this->save_item_for_inventory();
		}
		
		return $this->draw();
	}

	private function draw() {
		return $this->layout_object->fetch('widgets/inventory_manager.tpl');
	}

	private function get_item_by_search_string() {
		if (isset($_POST['data'])) {
			$data = $_POST['data'];
		} elseif (isset($_GET['data'])) {
			$data = $_GET['data'];
		} else {
			$data = false;
		}

		if ($data) {
			$safe_data = $this->db->real_escape_string($data);
			
			$sql = "SELECT id, name FROM items WHERE number LIKE '%" . $safe_data . "%' OR ean_code like '%" . $safe_data . "%'";
			
			$result = $this->db->query($sql);
			
			$items = array();
			if ($result->num_rows > 0) {
				while ($obj = $result->fetch_object()) {
					$items[] = $obj;
				}
			}
		
			$return_data = array('items' => $items);
		} else {
			$return_data = array('items' => array());
		}

		echo json_encode($return_data);
		exit();	
	}
	
	private function get_item_for_inventory() {
		if (isset($_POST['id'])) {
			$id = $_POST['id'];
		} elseif (isset($_GET['id'])) {
			$id = $_GET['id'];
		} else {
			$id = false;
		}

		if ($id) {
			$sql = "SELECT * FROM items WHERE id=" . $this->db->real_escape_string($id);
			
			$result = $this->db->query($sql);
			
			$item = false;
			if ($result->num_rows > 0) {
				$item = $result->fetch_object();
			}
			
			if ($item) {
				$return_data = array('status' => 'success', 'item' => $item);
			} else {
				$return_data = array('status' => 'error', 'message' => 'no result');
			}
		} else {
			$return_data = array('status' => 'error', 'message' => 'no id');
		}
		
		echo json_encode($return_data);
		exit();
		
	}
	
	private function save_item_for_inventory() {
		if (isset($_POST['id']) && $_POST['id'] != '') {
			$id = $_POST['id'];
		} else {
			$id = false;
		}
		
		if (isset($_POST['inventory_min']) && $_POST['inventory_min'] != '') {
			$inventory_min = $_POST['inventory_min'];
		} else {
			$inventory_min = 0;
		}
		
		if (isset($_POST['inventory']) && $_POST['inventory'] != '') {
			$inventory = $_POST['inventory'];
		} else {
			$inventory = 0;
		}
		
		if (isset($_POST['inventory_add']) && $_POST['inventory_add'] != '') {
			$inventory_add = $_POST['inventory_add'];
		} else {
			$inventory_add = 0;
		}
		
		if (isset($_POST['inventory_sub']) && $_POST['inventory_sub'] != '') {
			$inventory_sub = $_POST['inventory_sub'];
		} else {
			$inventory_sub = 0;
		}
		
		if ($id) {
			$inventory = $inventory + $inventory_add - $inventory_sub;
			$date = getdate();
			$today = $date['year'] . '-' . $date['mon'] . '-' . $date['mday'];
			
			$sql = "UPDATE items SET";
			$sql .= " inventory_min=" . $this->db->real_escape_string($inventory_min);
			$sql .= ", inventory=" . $this->db->real_escape_string($inventory);
			$sql .= ", last_update='" . $this->db->real_escape_string($today) . "'";
			$sql .= " WHERE id=" . $this->db->real_escape_string($id);
			
			if ($this->db->query($sql)) {
				$return_data = array('status' => 'success', 'inventory' => $inventory, 'sql' => $sql);
			} else {
				$return_data = array('status' => 'error', 'message' => 'no result', 'sql' => $sql);
			}
		} else {
			$return_data = array('status' => 'error', 'message' => 'no id');
		}
		
		echo json_encode($return_data);
		exit();
	}
}