| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/itms.arukustech.com/public/api/ |
Upload File : |
<?php
require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';
check_login();
$pdo = db();
$id = intval($_POST["id"]);
$category_id = intval($_POST["category_id"]);
// Fetch existing item (including invoice file)
$old = $pdo->prepare("SELECT category_id, invoice_file FROM inventory_items WHERE id=?");
$old->execute([$id]);
$old = $old->fetch(PDO::FETCH_ASSOC);
if (!$old) {
die("Invalid item");
}
/* ----------------------------------------------------
CATEGORY CHANGE? ? REGENERATE ASSET CODE
-----------------------------------------------------*/
$asset_code = null;
if ($old['category_id'] != $category_id) {
$cat = $pdo->prepare("SELECT asset_prefix, next_number FROM inv_categories WHERE id=?");
$cat->execute([$category_id]);
$cat = $cat->fetch(PDO::FETCH_ASSOC);
if (!$cat) {
die("Invalid category");
}
$next = str_pad($cat["next_number"], 4, "0", STR_PAD_LEFT);
$asset_code = $cat["asset_prefix"] . $next;
// Update next number
$pdo->prepare("UPDATE inv_categories SET next_number = next_number + 1 WHERE id=?")
->execute([$category_id]);
}
/* ----------------------------------------------------
UPDATE BASIC FIELDS
-----------------------------------------------------*/
$sql = "
UPDATE inventory_items SET
category_id = ?,
item_name = ?,
brand = ?,
model = ?,
serial_no = ?,
purchase_date = ?,
invoice_no = ?,
warranty_date = ?,
cost = ?,
status = ? -- ADDED THIS LINE
" . ($asset_code ? ", asset_code = '$asset_code' " : "") . "
WHERE id = ?
";
$stmt = $pdo->prepare($sql);
$stmt->execute([
$category_id,
$_POST['item_name'],
$_POST['brand'],
$_POST['model'],
$_POST['serial_no'],
$_POST['purchase_date'],
$_POST['invoice_no'],
$_POST['warranty_date'],
$_POST['cost'],
$_POST['status'], // ADDED THIS LINE
$id
]);
/* ----------------------------------------------------
INVOICE FILE UPLOAD (OPTIONAL!)
-----------------------------------------------------*/
if (!empty($_FILES["invoice_file"]["name"])) {
// folder inside public
$uploadDir = __DIR__ . "/../../public/uploads/invoices/" . $id . "/";
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
// remove old file if exists
if (!empty($old['invoice_file'])) {
$oldFile = __DIR__ . "/../../public" . $old['invoice_file'];
if (file_exists($oldFile)) {
unlink($oldFile);
}
}
// upload new invoice
$ext = pathinfo($_FILES["invoice_file"]["name"], PATHINFO_EXTENSION);
$fileName = "invoice_" . time() . "." . $ext;
$fullPath = $uploadDir . $fileName;
if (move_uploaded_file($_FILES["invoice_file"]["tmp_name"], $fullPath)) {
// save path accessible from browser
$invoice_path = "/uploads/invoices/$id/$fileName";
$upd = $pdo->prepare("UPDATE inventory_items SET invoice_file=? WHERE id=?");
$upd->execute([$invoice_path, $id]);
}
}
/* ----------------------------------------------------
REDIRECT BACK
-----------------------------------------------------*/
header("Location: /inventory_list.php?updated=1");
exit;
?>