| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/itms.arukustech.com/public/api/ |
Upload File : |
<?php
header("Content-Type: application/json");
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';
require_once __DIR__ . '/../../app/helpers/activity_logger.php';
auth();
$pdo = db();
/* =============================
VALIDATE INPUT
============================= */
$category_id = $_POST["category_id"] ?? null;
$item_name = trim($_POST["item_name"] ?? '');
$brand = $_POST["brand"] ?? null;
$model = $_POST["model"] ?? null;
$serial_no = $_POST["serial_no"] ?? null;
$purchase_date = $_POST["purchase_date"] ?? null;
$invoice_no = $_POST["invoice_no"] ?? null;
$warranty_date = $_POST["warranty_date"] ?? null;
$cost = $_POST["cost"] ?? null;
if (!$category_id || !$item_name) {
echo json_encode([
"status" => "error",
"message" => "Missing required fields"
]);
exit;
}
try {
/* =============================
BEGIN TRANSACTION
============================= */
$pdo->beginTransaction();
/* STEP 1: FETCH CATEGORY */
$cat = $pdo->prepare("
SELECT asset_prefix, next_number
FROM inv_categories
WHERE id = ?
FOR UPDATE
");
$cat->execute([$category_id]);
$category = $cat->fetch(PDO::FETCH_ASSOC);
if (!$category) {
throw new Exception("Invalid category");
}
$asset_code = $category['asset_prefix']
. str_pad($category['next_number'], 4, "0", STR_PAD_LEFT);
/* STEP 2: INSERT INVENTORY */
$stmt = $pdo->prepare("
INSERT INTO inventory_items
(
category_id, item_name, brand, model, serial_no,
purchase_date, invoice_no, warranty_date,
cost, asset_code, status
)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'available')
");
$stmt->execute([
$category_id,
$item_name,
$brand,
$model,
$serial_no,
$purchase_date,
$invoice_no,
$warranty_date,
$cost,
$asset_code
]);
$item_id = $pdo->lastInsertId();
/* STEP 3: OPTIONAL INVOICE UPLOAD */
$invoice_path = null;
if (!empty($_FILES['invoice_file']['name'])) {
$uploadDir = __DIR__ . "/../../public/uploads/invoices/$item_id/";
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0775, true);
}
$ext = strtolower(pathinfo($_FILES['invoice_file']['name'], PATHINFO_EXTENSION));
$file = "invoice_" . time() . "." . $ext;
if (!move_uploaded_file($_FILES['invoice_file']['tmp_name'], $uploadDir . $file)) {
throw new Exception("Invoice upload failed");
}
$invoice_path = "/uploads/invoices/$item_id/$file";
$pdo->prepare("
UPDATE inventory_items
SET invoice_file = ?
WHERE id = ?
")->execute([$invoice_path, $item_id]);
}
/* STEP 4: UPDATE CATEGORY COUNTER */
$pdo->prepare("
UPDATE inv_categories
SET next_number = next_number + 1
WHERE id = ?
")->execute([$category_id]);
/* STEP 5: ACTIVITY LOG */
logActivity(
"Inventory Added",
"Item: {$item_name}, Asset Code: {$asset_code}"
);
/* COMMIT */
$pdo->commit();
echo json_encode([
"status" => "success",
"asset_code" => $asset_code,
"invoice_file" => $invoice_path
]);
exit;
} catch (Exception $e) {
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
echo json_encode([
"status" => "error",
"message" => $e->getMessage()
]);
exit;
}