-
Notifications
You must be signed in to change notification settings - Fork 0
/
item_lost.php
97 lines (82 loc) · 2.21 KB
/
item_lost.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?
include_once(dirname(__FILE__) . "/first.php");
$db->show_search = FALSE;
$item_ID = $query[0];
$lost_fee = $query[1];
$lost_fee = preg_replace("/\$/", "", $lost_fee);
if($lost_fee < 3)
{
$lost_fee = 3;
}; // end if
if(! $accounts->account_record->ID)
{
exit_error("Not Signed In", "You must be signed into perform that action.");
}; // end if
if($accounts->account_record->librarian != "Y" && $accounts->account_record->admin != "Y")
{
exit_error("Access Denied", "Only a librarian can perform that action.");
}; // end if
if($lost_fee < 1)
{
exit_error("No Cost Specified", "You must specify how much the lost fine is.");
}
else
{
$checkout_sql = "
SELECT
*
FROM
`" . $db->table_library_checkout . "`
WHERE
`" . $db->field_library_item_ID . "`='" . mysql_escape_string($item_ID) . "'
AND `in_datetime`='" . $db->blank_datetime . "'
";
$checkout_result = mysql_query($checkout_sql, $mysql->link);
if(mysql_num_rows($checkout_result) > 0)
{
$lost_type = "patron";
$checkout_record = mysql_fetch_object($checkout_result);
$patron_account_sql = "
SELECT
*
FROM
`" . $db->table_account . "`
WHERE
`ID`='" . $checkout_record->{$db->field_account_ID} . "'
";
$patron_account_result = mysql_query($patron_account_sql, $mysql->link);
$patron_account_record = mysql_fetch_object($patron_account_result);
}
else
{
$lost_type = "librarian";
}; // end if
if($lost_type == "patron")
{
$checkout_sql = "
UPDATE
`" . $db->table_library_checkout . "`
SET
`lost_datetime`='" . date("Y-m-d H:i:s") . "',
`lost_fee`='" . mysql_escape_string($lost_fee) . "'
WHERE
`" . $db->field_library_item_ID . "`='" . mysql_escape_string($item_ID) . "'
AND `in_datetime`='" . $db->blank_datetime . "'
";
mysql_query($checkout_sql, $mysql->link);
}; // end if
$sql = "
UPDATE
`" . $db->table_library_item . "`
SET
`lost_datetime`='" . date("Y-m-d H:i:s") . "',
`lost_account_ID`='" . ($lost_type == "patron" ? $patron_account_record->ID : "0") . "',
`enabled`='N'
WHERE
`ID`='" . mysql_escape_string($item_ID) . "'
";
mysql_query($sql, $mysql->link);
header("location:" . $db->url_root . "/item_details.php/ID/" . $item_ID);
exit();
}; // end if
?>