<!-- #include virtual="/eB3KTransaction.asp" -->
<HTML>
<script src="/client/Request.js"></script>
<script src="/client/IClient.js"></script>
<BODY></BODY>
<%
Const UR_CREATE = 1
Const UR_READ = 2
Const UR_WRITE = 4
Const UR_PRODUCE = 8
Const UR_UNDO = 16
Const UR_OPRATEOTHER = 32
Const UR_SubPro = 64
Const UR_LockPrice = 128
Const UR_LockPriceSetting = 256

dim bdType,szErrorOut
bdType = 1
szErrorOut=""

dim AccountID, Owner
AccountID = Session("SALES_AccountID")
Owner = Session("SALES_Name")
Function SQLInputParam(str)
	SQLInputParam=replace(str,"'","''")
End Function

Function GetDateString(dateval)
	GetDateString = CStr(Year(dateval)) & "-" & CStr(Month(dateval)) & "-" & CStr(Day(dateval)) & " " & CStr(Hour(dateval)) & ":" & CStr(Minute(dateval)) & ":" & CStr(Second(dateval))
End Function

function bdAuditUndo(bdType, bdID)
	dim szSQL,szTableName,szPID,szError
	dim eBD,rs,rsCheck
	dim iStore,iFlag,iFlag2,x
	dim cQty,cStorePrice,cTotalQty,cTotalAmount

	bdAuditUndo = 0
	Set eBD = Server.CreateObject("eB3KCommon.BillDocument")
	x = eBD.bdGetDetailByType(Conn, CLng(bdType), rs)
	set eBD = Nothing
	if x<>1 then
		set rs = nothing
		exit function
	end if

	szTableName = CStr(rs("TableName"))
	set rs = nothing
	
	'Check Audit Right...
    rsCheck=Conn.Execute("SELECT COUNT(*) as rc FROM ["& szTableName &"] WHERE AccountID=" & AccountID & " AND ID=" & bdID & " AND [Owner]<>'" & Owner & "'")
	iFlag=CLng(rsCheck("rc"))
	set rsCheck=nothing
    rsCheck=Conn.Execute("SELECT COUNT(*) as rc FROM ["& szTableName &"],UserStore WHERE ["& szTableName &"].AccountID=" & AccountID & " AND ["& szTableName &"].ID=" & bdID & " AND UserStore.AccountID=" & AccountID & " AND UserStore.UserName='" & Owner & "' AND ["& szTableName &"].Store=UserStore.Store")
	iFlag2=CLng(rsCheck("rc"))
	set rsCheck=nothing
    If ActSale.TestUserHaveRight("Sale", UR_UNDO, iFlag=1 And iFlag2=1)=0 Then
        ActSale.WriteLogEx Conn, "撤銷銷售單", -1, bdID
        szErrorOut="沒有權限"
        exit function
	end if

    rsCheck=Conn.Execute("SELECT COUNT(*) AS rc FROM ["& szTableName &"] WHERE AccountID=" & AccountID & " AND ID=" & bdID)
	iFlag=CLng(rsCheck("rc"))
	set rsCheck=nothing
	if iFlag=0 then
        ActSale.WriteLogEx Conn, "撤銷銷售單", 0, "非法單據號：" & bdID
        szErrorOut="非法單據號"
        exit function
	end if

    rsCheck=Conn.Execute("SELECT AuditID FROM ["& szTableName &"] WHERE AccountID=" & AccountID & " AND ID=" & bdID)
	iFlag=CLng(rsCheck("AuditID"))
	set rsCheck=nothing
	if iFlag=0 then
        ActSale.WriteLogEx Conn, "撤銷銷售單", 0, "未審核單據：" & bdID
        szErrorOut="未審核單據"
        exit function
	end if
	'End
	
	Conn.Execute "UPDATE ["& szTableName &"] SET AuditID=0,Auditor=NULL,UpdateDate='"& GetDateString(Now()) &"' WHERE [AccountID]=" & AccountID & " AND [ID]=" & bdID
	rs=Conn.Execute("SELECT * FROM ["& szTableName &"] WHERE [AccountID]=" & AccountID & " AND [ID]=" & bdID)
	iStore = CLng(rs("Store"))
	set rs = nothing
	
	szSQL = "SELECT * FROM ["& szTableName &"List] WHERE [AccountID]=" & AccountID & " AND [ID]=" & bdID
	Set rs = Server.CreateObject("ADODB.RecordSet")
	rs.Open szSQL, Conn, 3, 3
    Do While Not rs.EOF
        szPID = CStr(rs("ProductID"))
        cQty = CCur(rs("AuditQuantity"))
		cStorePrice = CCur(rs("AuditCost"))

		rsCheck=Conn.Execute("SELECT COUNT(*) AS rc FROM Product_Store WHERE AccountID=" & AccountID & " AND Store=" & iStore & " and ProductID='" & SQLInputParam(szPID) & "'")
		iFlag=CLng(rsCheck("rc"))
		set rsCheck=nothing
		if iFlag=0 then
			Conn.Execute "INSERT INTO Product_Store(AccountID, ProductID, Store, ProductNumber) VALUES(" & AccountID & ", '" & SQLInputParam(szPID) & "', " & iStore & ", " & cQty & ")"
		else
			Conn.Execute "UPDATE Product_Store SET ProductNumber=ProductNumber+(" & cQty & ") WHERE AccountID=" & AccountID & " AND Store=" & iStore & " and ProductID='" & SQLInputParam(szPID) & "'"
		end if
		
		rsCheck=Conn.Execute("SELECT COUNT(*) AS rc FROM Product_Store_All WHERE AccountID=" & AccountID & " AND ProductID='" & SQLInputParam(szPID) & "'")
		iFlag=CLng(rsCheck("rc"))
		set rsCheck=nothing
        If iFlag > 0 Then
			Conn.Execute "UPDATE Product_Store_All SET TotalPrice=TotalPrice+(" & (cStorePrice * cQty) & "), TotalNumber=TotalNumber+(" & cQty & ") WHERE AccountID=" & AccountID & " AND ProductID='" & SQLInputParam(szPID) & "'"
		else
			Conn.Execute "INSERT INTO Product_Store_All(TotalPrice,TotalNumber,ProductID) VALUES(" & (cStorePrice * cQty) & "," & cQty & ",'" & SQLInputParam(szPID) & "')"
		end if
		rs("AuditCost")=0
		rs("AuditQuantity")=0
		rs("AuditAmount")=0
        rs.MoveNext
	Loop
    rs.Close
	set rs=nothing
    Conn.Execute "UPDATE ["& szTableName &"] SET Cost=0 WHERE AccountID=" & AccountID & " AND ID=" & bdID
	bdAuditUndo=1
	ActSale.WriteLogEx Conn, "撤銷銷售單", 1, bdID
end function


dim x,bdid
bdid=0
x=0
if IsNumeric(request("ID")) then
	bdid=request("ID")
	x=bdAuditUndo(bdType,bdid)
end if
%>
<script>
IClient('data','<%=x%>');
IClient('end','');
</script>
</HTML>