Cleaned up logic

itflow-org · Oct 16, 2023 · e51d0b7 · e51d0b7
1 parent 5f839d8
commit e51d0b7
Showing 1 changed file with 26 additions and 48 deletions.
diff --git a/post/invoice.php b/post/invoice.php
@@ -1085,59 +1085,37 @@
 }
 
 
-if (isset($_POST['update_invoice_item_order'])) {  
-
-    if ($_POST['update_invoice_item_order'] == 'up') {
-        $item_id = intval($_POST['item_id']);
-        $item_invoice_id = intval($_POST['item_invoice_id']);
-
-        $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
-        $row = mysqli_fetch_array($sql);
-        $item_order = intval($row['item_order']);
-
-        $new_item_order = $item_order - 1;
-
-        //Check if new item order is used
-        $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order");
-
-        //Redo the entire order of list
-        while ($row = mysqli_fetch_array($sql)) {
-            $item_id = intval($row['item_id']);
-            $item_order = intval($row['item_order']);
-
-            $new_item_order = $item_order + 1;
-
-            mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id");
-        }
-
-
-
-        mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $item_order WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order");
-        mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id");
-
-        $_SESSION['alert_message'] = "Item moved up";
-
-        header("Location: " . $_SERVER["HTTP_REFERER"]);
-
-    }
+if (isset($_POST['update_invoice_item_order'])) {
 
-    if ($_POST['update_invoice_item_order'] == 'down') {
-        $item_id = intval($_POST['item_id']);
-        $item_invoice_id = intval($_POST['item_invoice_id']);
-
-        $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
-        $row = mysqli_fetch_array($sql);
-        $item_order = intval($row['item_order']);
+    $item_id = intval($_POST['item_id']);
+    $item_invoice_id = intval($_POST['item_invoice_id']);
 
-        $new_item_order = $item_order + 1;
+    $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id");
+    $row = mysqli_fetch_array($sql);
+    $current_order = intval($row['item_order']);
+    $update_direction = sanitizeInput($_POST['update_invoice_item_order']);
+
+    switch ($update_direction)
+    {
+        case 'up':
+            $new_order = $current_order - 1;
+            break;
+        case 'down':
+            $new_order = $current_order + 1;
+            break;
+    }
 
-        mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $item_order WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order");
-        mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id");
+    //Find item_id of current item in $new_order
+    $other_sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $item_invoice_id AND item_order = $new_order");
+    $other_row = mysqli_fetch_array($other_sql);
+    $other_item_id = intval($other_row['item_id']);
+    $other_row_str = strval($other_row['item_name']);
 
-        $_SESSION['alert_message'] = "Item moved down";
+    mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_order WHERE item_id = $item_id");
 
-        header("Location: " . $_SERVER["HTTP_REFERER"]);
+    mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $current_order WHERE item_id = $other_item_id");
 
-    }
+    $_SESSION['alert_message'] = "Invoice Item Order Updated";
 
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
 }