Fix bug in item-return.php preventing invalid quantity input

HashJProgramming · HashJProgramming · commit 5a7959f89605 · 2024-06-07T06:13:24.000+08:00
diff --git a/assets/js/main.js b/assets/js/main.js
@@ -141,6 +141,7 @@ VANTA.WAVES({
             $('input[name="data_id"]').val(id);
             $('input[name="qty"]').val(qty - item_return);
             $('input[name="qty"]').attr('max', qty - item_return);
+            $('input[name="total_qty"]').val(qty - item_return);
             console.log(id, qty); 
         });
 
diff --git a/functions/item-return.php b/functions/item-return.php
@@ -2,7 +2,13 @@
 include_once 'connection.php';
 
 $id = $_POST['data_id'];
+
+$total_qty = $_POST['total_qty'];
 $qty = $_POST['qty'];
+if ($qty <= 0 || $qty > $total_qty) {
+    header('Location: ../rents.php?type=error&message=Quantity is not valid!');
+    exit();
+}
 $penalty = $_POST['penalty'];
 
 $sql = "SELECT * FROM rentals WHERE id = :id";
@@ -11,31 +17,13 @@
 $stmt->execute();
 $item = $stmt->fetch(PDO::FETCH_ASSOC);
 
-// $sql = "UPDATE rentals SET penalty = penalty + :penalty, conditions = :conditions WHERE id = :id";
-// $statement = $db->prepare($sql);
-// $statement->bindParam(':penalty', $_POST['penalty']);
-// $statement->bindParam(':conditions', $_POST['conditions']);
-// $statement->bindParam(':id', $id);
-// $statement->execute();
-
-// $sql = "SELECT COUNT(*) FROM rentals WHERE transact_id = :id";
-// $stmt = $db->prepare($sql);
-// $stmt->bindParam(':id', $item['transact_id']);
-// $stmt->execute();
-// $count = $stmt->fetchColumn();
 
 $sql = "SELECT * FROM inventory WHERE id = :id";
 $stmt = $db->prepare($sql);
 $stmt->bindParam(':id', $item['item_id']);
 $stmt->execute();
 $row = $stmt->fetch(PDO::FETCH_ASSOC);
 
-// if ($count > 0){
-//     $sql = "UPDATE transactions SET status = 'Returned' WHERE id = :id";
-//     $statement = $db->prepare($sql);
-//     $statement->bindParam(':id', $item['transact_id']);
-//     $statement->execute();
-// }
 
 
 if ($_POST['conditions'] > 1) {
@@ -45,14 +33,6 @@
     $stmt->bindParam(':qty', $qty);
     $stmt->bindParam(':penalty', $penalty);
     $stmt->execute();
-
-    // $stock = $row['qty'] - $qty;
-
-    // $sql = "UPDATE inventory SET qty = :stock WHERE id = :id";
-    // $statement = $db->prepare($sql);
-    // $statement->bindParam(':stock', $stock);
-    // $statement->bindParam(':id', $item['item_id']);
-    // $statement->execute();
     
     generate_logs('Item Returned Damage', $row['name'].' '.$qty.' Stock was deducted');
     header('Location: ../rents.php?type=success&message=Item Returned!');
diff --git a/rents.php b/rents.php
@@ -169,6 +169,7 @@
                 <div class="modal-body">
                     <form action="functions/item-return.php" method="post">
                         <input type="hidden" name="data_id">
+                        <input type="hidden" name="total_qty">
                         <div class="mb-2" style="margin-top: 5px;">
                         <label class="form-label">Item Condition</label>
                             <select class="form-select" required="" name="conditions">
