basket.pl and template - Many fixes including SQL injection security check,

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / acqui / basket.tmpl

<!-- TMPL_INCLUDE NAME="doc-head-open.inc" -->
<title>Koha &rsaquo; Acquisitions &rsaquo; <!-- TMPL_UNLESS name="basketno" -->New <!-- /TMPL_UNLESS -->Basket <!-- TMPL_IF NAME="basketno" -->(<!-- TMPL_VAR NAME="basketno" -->)<!-- /TMPL_IF --> for <!-- TMPL_VAR NAME="name" --></title>
<!-- TMPL_INCLUDE NAME="doc-head-close.inc" -->
<!-- TMPL_UNLESS name="closedate" -->
<script type="text/javascript">
//<![CDATA[
            function confirm_close() {
                var is_confirmed = confirm('Are you sure you want to close this basket?');
                if (is_confirmed) {
                    window.location = "/cgi-bin/koha/acqui/booksellers.pl?op=close&basketno=<!-- TMPL_VAR NAME="basketno" -->&supplier=<!-- TMPL_VAR name="booksellerid" -->";
                }
            }
//]]>
        </script>
<!-- /TMPL_UNLESS -->
<style type="text/css">
.sortmsg {font-size: 80%;}
</style>
</head>
<body>
<!-- TMPL_INCLUDE NAME="header.inc" -->
<!-- TMPL_INCLUDE NAME="acquisitions-search.inc" -->


<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; <a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a> &rsaquo; <a href="/cgi-bin/koha/acqui/supplier.pl?supplierid=<!-- TMPL_VAR NAME="booksellerid" -->"><!-- TMPL_VAR NAME="name" --></a> &rsaquo; <!-- TMPL_UNLESS name="basketno" -->New <!-- /TMPL_UNLESS -->Basket <!-- TMPL_IF NAME="basketno" -->(<!-- TMPL_VAR NAME="basketno" -->)<!-- /TMPL_IF --> for <!-- TMPL_VAR NAME="name" --></div>

<div id="doc3" class="yui-t2">
   
   <div id="bd">
        <div id="yui-main">
        <div class="yui-b">
<!-- TMPL_IF NAME="NO_BOOKSELLER" -->
<h2>Supplier Not Found</h2>
<!-- TMPL_ELSE -->
    <h1><!-- TMPL_UNLESS name="basketno" -->New <!-- /TMPL_UNLESS -->Basket <!-- TMPL_VAR NAME="basketno" --> for <a href="supplier.pl?supplierid=<!-- TMPL_VAR NAME="booksellerid" -->"><!-- TMPL_VAR NAME="name" --></a></h1>

    <!-- TMPL_IF NAME="basketno" --><div id="acqui_basket_summary">
        <h2>Basket Details</h2>
        <p>Basket number:  <!-- TMPL_VAR NAME="basketno" --></p>
        <p>Managed by:  <!-- TMPL_VAR NAME="authorisedbyname" --></p>
        <p>Open on:  <!-- TMPL_VAR NAME="creationdate" --></p>
        <p>For vendor ID: <!-- TMPL_VAR NAME="booksellerid" --></p>
        <p>Invoice number: <!-- TMPL_VAR NAME="booksellerinvoicenumber" --></p>
        <!-- TMPL_IF name="closedate" --><p>Closed On:  <!-- TMPL_VAR name="closedate" --></p><!-- /TMPL_IF -->
        <!-- TMPL_UNLESS name="closedate" -->
        <p><a href="javascript:confirm_close()" class="button">Close this basket</a></p>
        <!-- /TMPL_UNLESS -->
    </div><!-- /TMPL_IF -->
    
    <div id="acqui_basket_content">
    <h2>Order Details</h2>
        <!-- TMPL_IF NAME="sort_loop" -->
                <!-- TMPL_LOOP NAME="sort_loop" -->
                        <!-- TMPL_IF name="error" -->
                        <div class="error">ERROR: Illegal sort requested by &quot;<!-- TMPL_VAR NAME="string" -->&quot;.
                                <br />You will need to use valid sort criteria to return valid results.</div>
                        <!-- TMPL_ELSE -->
                        <div class="sortmsg">Sorted by &quot;<!-- TMPL_VAR NAME="string" -->&quot;.</div>
                        <!-- /TMPL_IF -->
                <!-- /TMPL_LOOP -->
        <!-- /TMPL_IF -->

    <!-- TMPL_IF name="books_loop" -->
        <table>
            <tr>
                <th>Order</th>
                <th>Title</th>
                <th><a href="basket.pl?basketno=<!-- TMPL_VAR name="basketno" -->&amp;order=biblioitems.publishercode">Publisher</a></th>
                <th>RRP</th>
                <th>Est.</th>
                <th>Qty.</th>
                <th>Total</th>
                <th>
                    <a href="basket.pl?basketno=<!-- TMPL_VAR name="basketno" -->&amp;order=aqorderbreakdown.bookfundid,biblioitems.publishercode">Fund</a>
                </th>
                <!-- TMPL_IF name="active" -->
                    <!-- TMPL_UNLESS name="closedate" -->
                        <th>Modify</th>
                        <th>Delete</th>
                    <!-- /TMPL_UNLESS -->
                <!-- /TMPL_IF -->
            </tr>
            <!-- TMPL_LOOP NAME="books_loop" -->
                 <!-- TMPL_IF NAME="order_received" --><tr class="disabled"><!-- TMPL_ELSE --><!-- TMPL_IF NAME="toggle" --><tr class="highlight"><!-- TMPL_ELSE --><tr><!-- /TMPL_IF --><!-- /TMPL_IF -->
                    <td><!-- TMPL_VAR NAME="ordernumber" -->
                                                        <!-- TMPL_IF NAME="order_received" --> (rcvd)<!-- /TMPL_IF --></td>
                        <td>
                                <p>
                                <a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR NAME="title" --></a></p>
                                <p><!-- TMPL_VAR NAME="author" -->
                                <!-- TMPL_IF name="isbn"-->- <!-- TMPL_VAR name="isbn" --><!-- /TMPL_IF -->
                                <!-- TMPL_IF name="notes" --></p><p><!--TMPL_VAR name="notes" --><!-- /TMPL_IF -->
                            </p>
                        </td>
                    <td><!-- TMPL_VAR NAME="publishercode" --></td>
                    <td class="number"><!-- TMPL_VAR NAME="rrp" --></td>
                    <td class="number"><!-- TMPL_VAR NAME="ecost" --></td>
                    <td class="number"><!-- TMPL_VAR NAME="quantity" --></td>
                    <td class="number"><!-- TMPL_VAR NAME="line_total" --></td>
                    <td><!-- TMPL_VAR NAME="bookfundname" --></td>
                    <!-- TMPL_IF name="active" -->
                        <!-- TMPL_UNLESS name="closedate" -->
                        <td>
                            <a href="neworderempty.pl?ordnum=<!-- TMPL_VAR NAME="ordernumber" -->&amp;booksellerid=<!-- TMPL_VAR NAME="booksellerid" -->&amp;basketno=<!-- TMPL_VAR NAME="basketno" -->">Modify</a>
                        </td>
                        <td>
                        <a href="addorder.pl?ordnum=<!-- TMPL_VAR NAME="ordernumber" -->&amp;basketno=<!-- TMPL_VAR NAME="basketno" -->&amp;quantity=0&amp;biblionumber=<!-- TMPL_VAR NAME="biblionumber" -->">Delete</a>
                        </td>
                        <!-- /TMPL_UNLESS -->
                    <!-- /TMPL_IF -->
                </tr>
            <!-- /TMPL_LOOP -->
            <tr>
                <td colspan="2" rowspan="3">
                    <input type="hidden" name="number" value="<!-- TMPL_VAR NAME="count" -->" />
                    <input type="hidden" name="basketno" value="<!-- TMPL_VAR NAME="basketno" -->" />
                </td>
                <th>SubTotal</th>
                <th><!-- TMPL_VAR NAME="sub_total_rrp" --></th>
                <th><!-- currently duplicative <!-- TMPL_VAR NAME="sub_total_est" --> --></th>
                <th><!-- TMPL_VAR name="qty_total" --></th>
                <th><!-- TMPL_VAR NAME="sub_total" --></th>
                    <!-- TMPL_IF name="active" -->
                        <!-- TMPL_IF name="closedate" -->
                          <td colspan="1" rowspan="3">&nbsp;</td>
                        <!-- TMPL_ELSE -->
                          <td colspan="3" rowspan="3">&nbsp;</td>
                        <!-- /TMPL_IF -->
                    <!-- /TMPL_IF -->
            </tr>
                        <tr>
                <th>GST (<!-- TMPL_VAR NAME="gist_rate" -->)</th>
                <th><!-- TMPL_VAR NAME="gist_rrp" --></th>
<!-- TMPL_UNLESS NAME="listincgst" -->
                <th><!-- currently duplicative <!-- TMPL_VAR NAME="gist_est" --> --></th>
                <th>&nbsp;</th>
                <th><!-- TMPL_VAR NAME="gist" --></th>
<!-- TMPL_ELSE -->
                                <th colspan="3">**</th>
<!-- /TMPL_UNLESS -->
            </tr>
            <tr>
                <th>TOTAL (<!-- TMPL_VAR NAME="currency" -->)</th>
                <th><!-- TMPL_VAR NAME="grand_total_rrp" --></th>
                <th>&nbsp;</th>
                <th><!-- TMPL_VAR name="qty_total" --></th>
                <th><!-- TMPL_VAR NAME="grand_total" --></th>
            </tr>
        </table>
    <!-- TMPL_ELSE -->
        <table>
            <tr><td>Basket empty</td></tr>
        </table>
    <!-- /TMPL_IF -->
        <!-- TMPL_IF NAME="listincgst" --><small class="highlight">** Vendor's listings already include GST.</small>
    <!-- /TMPL_IF -->
    </div>
    <br />
    <!-- TMPL_UNLESS name="closedate" -->
    <div id="acqui_basket_add">
        <h2>Add To Order</h2>
        <form action="/cgi-bin/koha/acqui/neworderbiblio.pl" method="post">
            <input type="hidden" name="booksellerid" value="<!-- TMPL_VAR NAME="booksellerid" -->" />
            <input type="hidden" name="basketno" value="<!-- TMPL_VAR NAME="basketno" -->" />
            <ul><li><label for="q">From an existing record: </label><input id="q" type="text"  size="25" name="q" />
            <input type="submit" value="Search" /></li>
            <li><a href="/cgi-bin/koha/acqui/newordersuggestion.pl?booksellerid=<!-- TMPL_VAR NAME="booksellerid" -->&amp;basketno=<!-- TMPL_VAR NAME="basketno" -->">From a Suggestion</a></li>
            <li><a href="/cgi-bin/koha/acqui/neworderempty.pl?booksellerid=<!-- TMPL_VAR NAME="booksellerid" -->&amp;basketno=<!-- TMPL_VAR NAME="basketno" -->">From a new (empty) record</a></li>
            </ul>
        </form>
    </div>
    <!-- /TMPL_UNLESS -->
<!-- /TMPL_IF -->
</div>
</div>
<div class="yui-b">
<!-- TMPL_INCLUDE NAME="acquisitions-menu.inc" -->
</div>
</div>
<!-- TMPL_INCLUDE NAME="intranet-bottom.inc" -->