customerSave.php

@@ -238,25 +238,27 @@ foreach ($contacts as $contact) {
         if (!empty($contact[$wechat_field])) {
             $wechat = $contact[$wechat_field];
 
-            $checkStr .= " OR cc.wechat_1 LIKE '%" . $conn->real_escape_string($wechat) . "%'" .
-                            " OR cc.wechat_2 LIKE '%" . $conn->real_escape_string($wechat) . "%'" .
-                            " OR cc.wechat_3 LIKE '%" . $conn->real_escape_string($wechat) . "%'" .
-                            " OR cc.tel_1_format LIKE '%" . $conn->real_escape_string($wechat) . "%'" .
-                            " OR cc.tel_2_format LIKE '%" . $conn->real_escape_string($wechat) . "%'" .
-                            " OR cc.tel_3_format LIKE '%" . $conn->real_escape_string($wechat) . "%'";
+            $checkStr .= " OR cc.wechat_1 LIKE '%" . textEncode($conn->real_escape_string($wechat)) . "%'" .
+                            " OR cc.wechat_2 LIKE '%" .  textEncode($conn->real_escape_string($wechat)) . "%'" .
+                            " OR cc.wechat_3 LIKE '%" . textEncode( $conn->real_escape_string($wechat)) . "%'" .
+                            " OR cc.tel_1_format LIKE '%" .  $conn->real_escape_string($wechat) . "%'" .
+                            " OR cc.tel_2_format LIKE '%" .  $conn->real_escape_string($wechat). "%'" .
+                            " OR cc.tel_3_format LIKE '%" .  $conn->real_escape_string($wechat) . "%'";
+
 
             $Dupli .= "微信" . $i . ":" . $contact[$wechat_field] . " ";
         }
     }
 
+
     // Check all LinkedIn accounts
     for ($i = 1; $i <= 3; $i++) {
         $linkedin_field = 'linkedin_' . $i;
         if (!empty($contact[$linkedin_field])) {
             $linkedin = strtolower($contact[$linkedin_field]);
-            $checkStr .= " OR LOWER(cc.linkedin_1) LIKE '%" . $conn->real_escape_string($linkedin) . "%'" .
-                        " OR LOWER(cc.linkedin_2) LIKE '%" . $conn->real_escape_string($linkedin) . "%'" .
-                        " OR LOWER(cc.linkedin_3) LIKE '%" . $conn->real_escape_string($linkedin) . "%'";
+            $checkStr .= " OR LOWER(cc.linkedin_1) LIKE '%" . textEncode($conn->real_escape_string($linkedin)) . "%'" .
+                        " OR LOWER(cc.linkedin_2) LIKE '%" . textEncode($conn->real_escape_string($linkedin)) . "%'" .
+                        " OR LOWER(cc.linkedin_3) LIKE '%" . textEncode($conn->real_escape_string($linkedin)) . "%'";
             $Dupli .= "LinkedIn" . $i . ":" . $contact[$linkedin_field] . " ";
         }
     }
@@ -266,9 +268,9 @@ foreach ($contacts as $contact) {
         $facebook_field = 'facebook_' . $i;
         if (!empty($contact[$facebook_field])) {
             $facebook = strtolower($contact[$facebook_field]);
-            $checkStr .= " OR LOWER(cc.facebook_1) LIKE '%" . $conn->real_escape_string($facebook) . "%'" .
-                        " OR LOWER(cc.facebook_2) LIKE '%" . $conn->real_escape_string($facebook) . "%'" .
-                        " OR LOWER(cc.facebook_3) LIKE '%" . $conn->real_escape_string($facebook) . "%'";
+            $checkStr .= " OR LOWER(cc.facebook_1) LIKE '%" . textEncode($conn->real_escape_string($facebook)) . "%'" .
+                        " OR LOWER(cc.facebook_2) LIKE '%" . textEncode($conn->real_escape_string($facebook)) . "%'" .
+                        " OR LOWER(cc.facebook_3) LIKE '%" . textEncode($conn->real_escape_string($facebook)) . "%'";
             $Dupli .= "Facebook" . $i . ":" . $contact[$facebook_field] . " ";
         }
     }
@@ -280,16 +282,16 @@ foreach ($contacts as $contact) {
             $alibaba = strtolower($contact[$alibaba_field]);
           
             if (strlen($alibaba) < 10) {
-                $checkStr .= " OR LOWER(cc.alibaba_1) LIKE '" . $conn->real_escape_string($alibaba) . "'" .
-                            " OR LOWER(cc.alibaba_2) LIKE '" . $conn->real_escape_string($alibaba) . "'" .
-                            " OR LOWER(cc.alibaba_3) LIKE '" . $conn->real_escape_string($alibaba) . "'";
+                $checkStr .= " OR LOWER(cc.alibaba_1) LIKE '" . textEncode($conn->real_escape_string($alibaba)) . "'" .
+                            " OR LOWER(cc.alibaba_2) LIKE '" . textEncode($conn->real_escape_string($alibaba)) . "'" .
+                            " OR LOWER(cc.alibaba_3) LIKE '" . textEncode($conn->real_escape_string($alibaba)) . "'";
             } else {
                 // 修改正则表达式，仅移除特殊符号，保留中文和英文字母数字
                 $alibaba_clean = preg_replace('/[^\p{Han}0-9a-zA-Z]/u', '', $alibaba);
                 
-                $checkStr .= " OR LOWER(cc.alibaba_1) LIKE '%" . mb_substr($alibaba_clean, -9) . "%'" .
-                            " OR LOWER(cc.alibaba_2) LIKE '%" . mb_substr($alibaba_clean, -9) . "%'" .
-                            " OR LOWER(cc.alibaba_3) LIKE '%" . mb_substr($alibaba_clean, -9) . "%'";
+                $checkStr .= " OR LOWER(cc.alibaba_1) LIKE '%" . textEncode(mb_substr($alibaba_clean, -9)) . "%'" .
+                            " OR LOWER(cc.alibaba_2) LIKE '%" . textEncode(mb_substr($alibaba_clean, -9)) . "%'" .
+                            " OR LOWER(cc.alibaba_3) LIKE '%" . textEncode(mb_substr($alibaba_clean, -9)) . "%'";
             }
             $Dupli .= "阿里旺旺" . $i . ":" . $contact[$alibaba_field] . " ";
         }

order.php

@@ -202,7 +202,7 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
     <div class="fastSelect clear">
         <H1>筛选条件</H1>
         <div class="selectItem">
-            <label>出货日期</label>
+            <label style="white-space:nowrap;">出货单日期</label>
             <input type="date" name="fliterFromDate" class="date-input filterSearch" value="<?= $fliterFromDate ?>">
             <label>到</label>
             <input type="date" name="fliterToDate" class="date-input filterSearch" value="<?= $fliterToDate ?>">
@@ -225,7 +225,7 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
             <div class="col3">销售开单号</div>
             <div class="col4">客户编码</div>
             <div class="col5">客户</div>
-            <div class="col7">出货日期</div>
+            <div class="col7">出货单日期</div>
             <div class="col9">订单金额</div>
             <div class="col10">操作</div>
         </div>

order_add.php

@@ -324,7 +324,7 @@ if ($customerId > 0) {
                 <td>
                     <div style="display: flex; gap: 20px;">
                         <label style="display: flex; align-items: center;">
-                            <input type="radio" name="order_type" id="order_type_1" value="1"> 普通订单
+                            <input type="radio" name="order_type" id="order_type_1" value="1"> 美特柏品牌订单
                         </label>
                         <label style="display: flex; align-items: center;">
                             <input type="radio" name="order_type" id="order_type_2" value="2"> 定制订单
@@ -358,9 +358,13 @@ if ($customerId > 0) {
                     <?php endif; ?>
                 </td>
             </tr>
+            <tr>
+                <th width="8%" nowrap>最新出货单日期</th>
+                <td><input type="date" id="order_date" name="order_date" value="<?= date('Y-m-d') ?>" class="txt1" style="width: 20%; min-width: 200px;"  /> <span style="color: red">注:当前出货最新出货单号日期</span></td>
+            </tr>
             <tr>
                 <th width="8%" nowrap>出货日期</th>
-                <td><input type="date" id="order_date" name="order_date" value="<?= date('Y-m-d') ?>" class="txt1" /></td>
+                <td><input type="date" id="shipping_date" name="shipping_date" value="<?= date('Y-m-d') ?>" class="txt1" style="width: 20%; min-width: 200px;"  /> <span style="color: red"></span></td>
             </tr>
             <tr>
                 <th width="8%" valign="top" nowrap>产品列表</th>

order_details.php

@@ -220,7 +220,10 @@ if (!empty($id) && is_numeric($id)) {
 <!--            <span class="info-label">联系人:</span> --><?php //= htmlspecialcharsFix($order['contact_name']) ?>
 <!--        </div>-->
         <div class="info-row">
-            <span class="info-label">出货日期:</span> <?= date('Y-m-d', strtotime($order['order_date'])) ?>
+            <span class="info-label">最新出货单日期:</span> <?= date('Y-m-d', strtotime($order['order_date'])) ?>
+        </div>
+        <div class="info-row">
+            <span class="info-label">出货日期:</span> <?= date('Y-m-d', strtotime($order['shipping_date'])) ?>
         </div>
         <div class="info-row">
             <span class="info-label">创建时间:</span> <?= $order['created_at'] ?>

order_edit.php

@@ -345,7 +345,7 @@ if (!empty($id) && is_numeric($id)) {
                 <td>
                     <div style="display: flex; gap: 20px;">
                         <label style="display: flex; align-items: center;">
-                            <input type="radio" name="order_type" id="order_type_1" value="1" <?= ($order['order_type'] == 1) ? 'checked' : '' ?>> 普通订单
+                            <input type="radio" name="order_type" id="order_type_1" value="1" <?= ($order['order_type'] == 1) ? 'checked' : '' ?>> 美特柏品牌订单
                         </label>
                         <label style="display: flex; align-items: center;">
                             <input type="radio" name="order_type" id="order_type_2" value="2" <?= ($order['order_type'] == 2) ? 'checked' : '' ?>> 定制订单
@@ -367,10 +367,16 @@ if (!empty($id) && is_numeric($id)) {
                     </div>
                 </td>
             </tr>
+            <tr>
+                <th width="8%">最新出货单日期</th>
+                <td>
+                    <input type="date" id="order_date" name="order_date" value="<?= substr($order['order_date'], 0, 10) ?>" class="txt1"style="width: 20%; min-width: 200px;"  /> <span style="color: red">注:当前出货最新出货单号日期</span>
+                </td>
+            </tr>
             <tr>
                 <th width="8%">出货日期</th>
                 <td>
-                    <input type="date" id="order_date" name="order_date" value="<?= substr($order['order_date'], 0, 10) ?>" class="txt1" />
+                    <input type="date" id="shipping_date" name="shipping_date" value="<?= substr($order['shipping_date'], 0, 10) ?>" class="txt1"style="width: 20%; min-width: 200px;"  /> <span style="color: red"></span>
                 </td>
             </tr>
             <tr>

order_save.php

@@ -37,6 +37,7 @@ $customer_id = (int)$_POST['customer_id'];
 $contact_id = !empty($_POST['contact_id']) ? (int)$_POST['contact_id'] : "NULL";
 $employee_id = $_SESSION['employee_id'];
 $order_date = mysqli_real_escape_string($conn, $_POST['order_date']);
+$shipping_date = mysqli_real_escape_string($conn, $_POST['shipping_date']);
 $order_type = (int)$_POST['order_type'];
 
 // 设置已删除字段的默认值
@@ -150,7 +151,8 @@ if ($isedit) {
             customer_id = $customer_id, 
             contact_id = $contact_id, 
             employee_id = $employee_id, 
-            order_date = '$order_date', 
+            order_date = '$order_date',
+            shipping_date = '$shipping_date', 
             delivery_date = $delivery_date, 
             actual_delivery_date = $actual_delivery_date, 
             order_status = $order_status, 
@@ -201,13 +203,13 @@ if ($isedit) {
     // 创建新订单
     $sql = "INSERT INTO orders (
             order_code, order_type, customer_id, contact_id, employee_id, 
-            order_date, delivery_date, actual_delivery_date, 
+            order_date,shipping_date, delivery_date, actual_delivery_date, 
             order_status, payment_status, currency, 
             subtotal, discount_amount, total_amount, 
             notes, internal_notes, created_at, updated_at
         ) VALUES (
             '$order_code', $order_type, $customer_id, $contact_id, $employee_id, 
-            '$order_date', $delivery_date, $actual_delivery_date, 
+            '$order_date','$shipping_date', $delivery_date, $actual_delivery_date, 
             $order_status, $payment_status, '$currency', 
             $subtotal, $discount_amount, $total_amount, 
             '$notes', '$internal_notes', NOW(), NOW()

system/customers.php

@@ -150,11 +150,58 @@ if ($act == "save") {
     }
 }
 
+
 // If we have output from processing, we'll show it instead of the normal page
 if (!empty($output)) {
     echo $output;
     exit;
 }
+
+
+// 批量操作
+if ($act == "postchk") {
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $page = $_GET['Page'] ?? '';
+    $chkact = $_POST['chkact'] ?? '';
+    
+    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $ids = array_map('intval', $_POST['chkbox']);
+        $idList = implode(',', $ids);
+        
+        if (!empty($idList)) {
+            switch($chkact) {
+                case "0":
+                case "1":
+                    $sql = "UPDATE customer SET cs_state=$chkact WHERE id IN ($idList)";
+                    break;
+                default:
+                    // In delete case, let's use transactions to ensure both tables are updated
+                    $conn->begin_transaction();
+                    try {
+                        // Delete from customer_contact first (due to foreign key constraint)
+                        $sql = "DELETE FROM customer_contact WHERE customer_id IN ($idList)";
+                        $conn->query($sql);
+                        
+                        // Then delete from customer table
+                        $sql = "DELETE FROM customer WHERE id IN ($idList)";
+                        $conn->query($sql);
+                        
+                        $conn->commit();
+                    } catch (Exception $e) {
+                        $conn->rollback();
+                        echo "<script>alert('删除失败: " . $e->getMessage() . "');</script>";
+                    }
+            }
+            if ($chkact == "0" || $chkact == "1") {
+                $conn->query($sql);
+            }
+        }
+    }
+    
+    header("Location: ?Keys=$keys&Page=$page");
+    exit;
+}
+
 ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -725,49 +772,7 @@ if ($act == "edit" || $act == "add") {
     exit;
 }
 
-// 批量操作
-if ($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    $chkact = $_POST['chkact'] ?? '';
-    
-    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
-        $ids = array_map('intval', $_POST['chkbox']);
-        $idList = implode(',', $ids);
-        
-        if (!empty($idList)) {
-            switch($chkact) {
-                case "0":
-                case "1":
-                    $sql = "UPDATE customer SET cs_state=$chkact WHERE id IN ($idList)";
-                    break;
-                default:
-                    // In delete case, let's use transactions to ensure both tables are updated
-                    $conn->begin_transaction();
-                    try {
-                        // Delete from customer_contact first (due to foreign key constraint)
-                        $sql = "DELETE FROM customer_contact WHERE customer_id IN ($idList)";
-                        $conn->query($sql);
-                        
-                        // Then delete from customer table
-                        $sql = "DELETE FROM customer WHERE id IN ($idList)";
-                        $conn->query($sql);
-                        
-                        $conn->commit();
-                    } catch (Exception $e) {
-                        $conn->rollback();
-                        echo "<script>alert('删除失败: " . $e->getMessage() . "');</script>";
-                    }
-            }
-            if ($chkact == "0" || $chkact == "1") {
-                $conn->query($sql);
-            }
-        }
-    }
-    
-    header("Location: ?Keys=$keys&Page=$page");
-    exit;
-}
+
 
 // 主列表页面
 $fliterQudao = $_GET['fliterQudao'] ?? '';
@@ -845,6 +850,7 @@ $sql = "SELECT c.id, c.cs_code, c.cs_company, c.cs_country, c.cs_address,
         OR cc.email_1 LIKE '%".$conn->real_escape_string($keyscode)."%'
         OR cc.email_2 LIKE '%".$conn->real_escape_string($keyscode)."%'
         OR cc.email_3 LIKE '%".$conn->real_escape_string($keyscode)."%') 
+        AND c.cs_state=1
         $filterStr 
         ORDER BY c.cs_updatetime DESC";
 
@@ -980,7 +986,7 @@ $tempNum = $pageSize * ($page - 1);
                 $tempNum++;
                 ?>
                 <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
-                    <td align="center"><input type="checkbox" name="chkbox" value="<?php echo $row['id'] ?? ''; ?>" /></td>
+                    <td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id'] ?? ''; ?>" /></td>
                     <td align="center"><?php echo $tempNum; ?></td>
                     <td align="center" class="code" data-id="<?php echo $row['id'] ?? ''; ?>">
                         <?php
@@ -1171,7 +1177,7 @@ $tempNum = $pageSize * ($page - 1);
                             <option value="0">隐藏</option>
                             <option value="-1">删除</option>
                         </select>
-                        <input type="button" value="执行" onClick="postchk(1)" class="btn1" />
+                        <input type="button" value="执行" onClick="postchk_new(1)" class="btn1" />
                         <input type="button" value="新增" onClick="location.href='?act=add'" class="btn1" />
                     </div>
                 </td>