ordersprinter/php/admin.php

929 lines
30 KiB
PHP
Raw Normal View History

2020-11-19 22:44:19 +01:00
<?php
// Datenbank-Verbindungsparameter
require_once ('dbutils.php');
require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php');
class Admin {
var $dbutils;
var $userrights;
var $histfiller;
function __construct() {
$this->dbutils = new DbUtils();
$this->userrights = new Userrights();
$this->histfiller = new HistFiller();
}
function handleCommand($command) {
// these command are only allowed for user with manager or admin rights
$cmdArray = array('createNewUser', 'updateUser', 'deleteUser','changepassword' , 'changeConfig');
if (in_array($command, $cmdArray)) {
if (!($this->userrights->hasCurrentUserRight('right_manager')) && !($this->userrights->hasCurrentUserRight('is_admin'))) {
echo "Benutzerrechte nicht ausreichend!";
return false;
}
}
if ($command == 'tryAuthenticate') {
$this->tryAuthenticate($_POST['username'],$_POST['password']);
} else if ($command == 'setLastModuleOfUser') {
$this->setLastModuleOfUser($_POST['view']);
} else if ($command == 'getViewAfterLogin') {
$this->getViewAfterLogin();
} else if ($command == 'isUserAlreadyLoggedIn') {
$this->isUserAlreadyLoggedIn();
} else if ($command == 'logout') {
$this->logout();
} else if ($command == 'getCurrentUser') {
$this->getCurrentUser();
} else if ($command == 'isLoggedinUserAdmin') {
$this->isLoggedinUserAdmin();
} else if ($command == 'isLoggedinUserKitchen') {
$this->isLoggedinUserKitchen();
} else if ($command == 'isLoggedinUserBar') {
$this->isLoggedinUserBar();
} else if ($command == 'isLoggedinUserAdminOrManager') {
$this->isLoggedinUserAdminOrManager();
} else if ($command == 'hasUserPaydeskRight') {
$this->hasUserPaydeskRight();
} else if ($command == 'getJsonMenuItemsAndVersion') {
$this->getJsonMenuItemsAndVersion();
} else if ($command == 'getUserList') {
$this->getUserList();
} else if ($command == 'createNewUser') {
$this->createNewUser(
$_POST['username'],
$_POST['password'],
$_POST['isAdmin'],
$_POST['rWaiter'],
$_POST['rKitchen'],
$_POST['rBar'],
$_POST['rSupply'],
$_POST['rPayDesk'],
$_POST['rStat'],
$_POST['rBill'],
$_POST['rProducts'],
$_POST['rManager']
);
} else if ($command == 'updateUser') {
$this->updateUser(
$_POST['username'],
$_POST['isAdmin'],
$_POST['rWaiter'],
$_POST['rKitchen'],
$_POST['rBar'],
$_POST['rSupply'],
$_POST['rPayDesk'],
$_POST['rStat'],
$_POST['rBill'],
$_POST['rProducts'],
$_POST['rManager']
);
} else if ($command == 'deleteUser') {
$this->deleteUser($_POST['username']);
} else if ($command == 'changepassword') {
$this->changepassword($_POST['username'],$_POST['password']);
} else if ($command == 'changeOwnPassword') {
$this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']);
} else if ($command == 'changeConfig') {
$this->changeConfig(
$_POST['taxChanged'],
$_POST['togoTaxChanged'],
$_POST['stornocodeChanged'],
$_POST['printpassChanged'],
$_POST['companyInfoChanged'],
$_POST['serverUrlChanged'],
$_POST['logoUrlChanged'],
$_POST['payPrintTypeChanged'],
$_POST['emailChanged'],
$_POST['tax'],
$_POST['togoTax'],
$_POST['stornocode'],
$_POST['printpass'],
$_POST['companyinfo'],
$_POST['serverUrl'],
$_POST['logoUrl'],
$_POST['payPrintType'],
$_POST['email']);
} else if ($command == 'getTax') {
$this->getTax();
} else if ($command == 'getTogoTax') {
$this->getTogoTax();
// from here on admin rights are needed
} else if ($command == 'getCompanyInfo') {
$this->getCompanyInfo();
} else if ($command == 'getServerUrl') {
$this->getServerUrl();
} else if ($command == 'getLogoUrl') {
$this->getLogoUrl();
} else if ($command == 'getPayPrintType') {
$this->getPayPrintType();
} else if ($command == 'getPayments') {
$this->getPayments();
} else if ($command == 'getEmail') {
$this->getEmail();
} else if (($command == 'new') || ($command == 'new') || ($command == 'drop') || ($command == 'fill') || ($command == 'fillSampleProdType') || ($command == 'fillSpeisekarte')) {
if ($this->isCurrentUserAdmin()) {
if ($command == 'fill') {
$this->fillSampleContent();
} else if ($command == 'fillSampleProdType') {
$this->fillSampleProdType("samples/speisekarte.txt");
} else if ($command == 'fillSpeisekarte') {
$this->fillSpeisekarte($_POST['speisekarte']);
}
//else if ($command == 'readRoomsTables') {
// $this->fillSampleRoomsAndTable("samples/roomstables.txt");
//}
echo json_encode(array("status" => "OK"));
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
}
// end area for admins
} else if ($command == 'exportConfigCsv') {
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
$this->exportConfigCsv();
}
} else if ($command == 'exportUserCsv') {
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
$this->exportUserCsv();
}
} else if ($command == 'setOrderVolume') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setOrderVolume($_POST['volume']);
}
} else if ($command == 'getOrderVolume') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getOrderVolume();
}
}
else {
echo "Command not supported.";
}
}
function isUserAlreadyLoggedInForPhp() {
if(session_id() == '') {
session_start();
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
return false;
} else {
return true;
}
}
function isUserAlreadyLoggedIn() {
if(session_id() == '') {
session_start();
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
echo json_encode("NO");
} else {
echo json_encode("YES");
}
}
function logout() {
if(session_id() == '') {
session_start();
session_destroy();
}
echo json_encode("OK");
}
// for the login mask - if user is authenticated then the first page works different
function tryAuthenticate($username,$password) {
$authenticated = false;
$sql = "SELECT userpassword FROM %user% WHERE username='$username' AND active='1'";
$dbutils = new DbUtils();
$dbresult = $dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$pass_hash = $zeile['userpassword'];
// password_verify requires PHP > 5.5, so let's use MD5 instead
// (it is no banking software...)
if (md5($password) == $pass_hash) {
$authenticated = true;
}
}
mysqli_free_result( $dbresult );
if ($authenticated) {
if(session_id() == '') {
session_start();
}
$_SESSION['angemeldet'] = true;
// now read the rights of the user
$sql = "SELECT * FROM %user% WHERE username='$username' AND active='1'";
$dbutils = new DbUtils();
$dbresult = $dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$_SESSION['userid'] = $zeile['id'];
$_SESSION['currentuser'] = $username;
$_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false);
$_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false);
$_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false);
$_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false);
$_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false);
$_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false);
$_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false);
$_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false);
$_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false);
$_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false);
}
mysqli_free_result($dbresult);
}
if ($authenticated) {
echo json_encode("YES");
} else {
echo json_encode("NO");
}
}
function getOrderVolume() {
$userid = $_SESSION['userid'];
$sql = "SELECT ordervolume FROM %user% WHERE id=?";
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($userid));
$row =$stmt->fetchObject();
$volume = 0;
if ($row != null) {
$volume = $row->ordervolume;
if ($volume == null) {
$volume = 0;
}
}
echo json_encode($volume);
}
function setOrderVolume($volume) {
$userid = $_SESSION['userid'];
$sql = "UPDATE %user% SET ordervolume=? WHERE id=?";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($volume,$userid));
$pdo->commit();
echo json_encode(array("status" => "OK"));
}
function setLastModuleOfUser($view) {
if ($this->isUserAlreadyLoggedInForPhp()) {
$userid = $_SESSION['userid'];
$sql = "UPDATE %user% SET lastmodule=? WHERE id=?";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($view,$userid));
$pdo->commit();
echo json_encode(array("status" => "OK"));
}
}
function getViewAfterLogin() {
if ($this->isUserAlreadyLoggedInForPhp()) {
$userid = $_SESSION['userid'];
$sql = "SELECT lastmodule FROM %user% WHERE id=?";
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($userid));
$row =$stmt->fetchObject();
$view = "preferences.html";
if ($row != null) {
$newView = $row->lastmodule;
if ($newView != null) {
$view = $newView;
}
}
// test if user has still the right to go into that view
$mapping = array (
"waiter.html" => 'right_waiter',
"kitchen.html" => 'right_kitchen',
"bar.html" => 'right_bar',
"supplydesk.html" => 'right_supply',
"paydesk.html" => 'right_paydesk',
"reports.html" => 'right_statistics',
"bill.html" => 'right_bill',
"products.html" => 'right_products');
$valid = false;
if ($view == 'preferences.html') {
// always ok
$valid = true;
} else if ($view == 'manager.html') {
if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1)) {
$valid = true;
}
} else {
if ($_SESSION[$mapping[$view]] == 1) {
$valid = true;
}
}
if ($valid == false) {
$view = "preferences.html";
}
echo json_encode($view);
}
}
// for client request
function isLoggedinUserAdmin() {
if ($this->isCurrentUserAdmin()) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
function isLoggedinUserAdminOrManager() {
if ($this->hasCurrentUserRight('is_admin') || $this->hasCurrentUserRight('right_manager')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
function isLoggedinUserKitchen() {
if ($this->hasCurrentUserRight('right_kitchen')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
function isLoggedinUserBar() {
if ($this->hasCurrentUserRight('right_bar')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
function hasUserPaydeskRight() {
if ($this->hasCurrentUserRight('right_paydesk')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
function hasCurrentUserRight($whichRight) {
if(session_id() == '') {
session_start();
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
return false;
} else {
return ($_SESSION[$whichRight]);
}
}
// for internal request
function isCurrentUserAdmin() {
return $this->hasCurrentUserRight('is_admin');
}
function fillSampleContentBySqlFile($sqlFile) {
$handle = fopen ($sqlFile, "r");
while (!feof($handle)) {
$sql = fgets($handle);
$this->dbutils->performSqlCommand($sql);
}
fclose ($handle);
}
private function fillSampleProdType($fileName) {
$speisekartenHandler = new TypeAndProductFileManager();
$speisekartenHandler->manageSpeisekarteFile($fileName);
$this->histfiller->readProdTableAndSendToHist();
}
private function fillSpeisekarte($speisekarte) {
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$speisekartenHandler = new TypeAndProductFileManager();
$speisekartenHandler->manageSpeisekarte($pdo,$speisekarte);
$this->histfiller->readProdTableAndSendToHist($pdo);
$pdo->commit();
}
/* obsolete: not needed any more after replacement by matrix in manager.html */
private function fillSampleRoomsAndTable($fileName) {
$roomsAndTableHandler = new RoomsAndTableFileManager();
$roomsAndTableHandler->readRoomTableDefinition($fileName);
}
private function fillSampleContent()
{
// first remove previous content, then fill the SQL file
$sql = "DELETE FROM `%queue%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$this->fillSampleContentBySqlFile("samples/queuecontent.txt");
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$sql = "DELETE FROM `%histuser%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$sql = "DELETE FROM `%user%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$this->fillSampleContentBySqlFile("samples/usercontent.txt");
$this->histfiller->readUserTableAndSendToHist();
}
function dropProdTypeTable()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_PRODTYPE_TABLE . "`;");
}
function dropQueueTable()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_QUEUE_TABLE . "`;");
}
function dropProductsTable()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_PRODUCTS_TABLE . "`;");
}
function dropUserTable()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_USER_TABLE . "`;");
}
function dropRoomTable()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_ROOM_TABLE . "`;");
}
function dropPaymentTable() {
$this->dbutils->performSqlCommand("drop TABLE `%payment%`;");
}
function dropRestTables()
{
$this->dbutils->performSqlCommand("drop TABLE `" . DB_RESTTABLES_TABLE . "`;");
}
function dropBillTable()
{
$this->dbutils->performSqlCommand("drop TABLE `%bill%`;");
}
function dropPriceLevelTable()
{
$this->dbutils->performSqlCommand("drop TABLE `%pricelevel%`;");
}
function dropConfigTable()
{
$this->dbutils->performSqlCommand("drop TABLE `%config%`;");
}
function dropClosingTable()
{
$this->dbutils->performSqlCommand("drop TABLE `%closing%`;");
}
function dropPrintJobsTable()
{
$this->dbutils->performSqlCommand("drop TABLE `%printjobs%`;");
}
function dropBillProductsTable() {
$this->dbutils->performSqlCommand("drop TABLE `%billproducts%`;");
}
function dropHistTables() {
$pdo = $this->dbutils->openDbAndReturnPdo();
$sql = "DROP TABLE `%hist%`";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$sql = "DROP TABLE `%histprod%`";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$sql = "DROP TABLE `%histconfig%`";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$sql = "DROP TABLE `%histuser%`";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$sql = "DROP TABLE `%histactions%`";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
}
/*
* Return all the entries for the main menu (the modules)
*/
function getJsonMenuItemsAndVersion() {
if(session_id() == '') {
session_start();
}
$mainMenu = array();
$currentUser = "";
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
$mainMenu[] = array("name" => "Startseite", "link" => "index.html");
} else {
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => "Kellner", "link" => "waiter.html"); };
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => "K&uuml;che", "link" => "kitchen.html"); };
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html"); };
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => "Bereitstellung", "link" => "supplydesk.html"); };
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => "Kasse", "link" => "paydesk.html"); };
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => "Statistik", "link" => "reports.html"); };
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => "Kassenbons", "link" => "bill.html"); };
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => "Angebot", "link" => "products.html"); };
if ($_SESSION['right_manager']) { $mainMenu[] = array("name" => "Verwaltung", "link" => "manager.html"); };
$mainMenu[] = array("name" => "Einstellung", "link" => "preferences.html");
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html");
$mainMenu[] = array("name" => "Abmelden", "link" => "logout.php");
$currentUser = $_SESSION['currentuser'];
}
// CAUTION: change version also in config.txt!!!
$mainMenuAndVersion = array ("version" => "1.0", "user" => $currentUser, "menu" => $mainMenu);
echo json_encode($mainMenuAndVersion);
}
function getUserList() {
$userInfo = array();
$sql = "SELECT * FROM %user% WHERE active='1'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$userEntry = array ("username" => $zeile['username'],
"is_admin" => $zeile['is_admin'],
"right_waiter" => $zeile['right_waiter'],
"right_kitchen" => $zeile['right_kitchen'],
"right_bar" => $zeile['right_bar'],
"right_supply" => $zeile['right_supply'],
"right_paydesk" => $zeile['right_paydesk'],
"right_statistics" => $zeile['right_statistics'],
"right_bill" => $zeile['right_bill'],
"right_products" => $zeile['right_products'],
"right_manager" => $zeile['right_manager']
);
$userInfo[] = $userEntry;
}
mysqli_free_result($dbresult);
echo json_encode($userInfo);
}
function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rManager) {
// check if the user with that name already exists
$sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
mysqli_free_result($dbresult);
if ($numberOfEntries > 0) {
echo json_encode("exists");
} else {
// create the new user
// instead if password_hash (PHP > 5.5) use MD5...
$password_hash = md5($password);
$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_manager`,`active`) VALUES (";
$userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rManager', '1')";
$dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql);
$lastId = $dbresult['id'];
echo json_encode("OK");
}
// now this has to be logged in the history tables...
$this->histfiller->createUserInHist($lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rManager);
}
function getTax() {
$this->sendJsonValueFromConfigTable('tax');
}
function getTogoTax() {
$this->sendJsonValueFromConfigTable('togotax');
}
function getCompanyInfo() {
$this->sendJsonValueFromConfigTable('companyinfo');
}
function getServerUrl() {
$this->sendJsonValueFromConfigTable('serverurl');
}
function getLogoUrl() {
$this->sendJsonValueFromConfigTable('logourl');
}
function getPayPrintType() {
$this->sendJsonValueFromConfigTable('payprinttype');
}
function getEmail() {
$this->sendJsonValueFromConfigTable('email');
}
function getPayments() {
$pdo = $this->dbutils->openDbAndReturnPdo();
$sql = "SELECT id,name FROM %payment%";
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt_query->execute();
$result = $stmt_query->fetchAll();
$retArray = array();
foreach($result as $row) {
$entry = array("id"=> $row['id'], "name" => $row['name']);
$retArray[] = $entry;
}
echo json_encode($retArray);
}
function sendJsonValueFromConfigTable($whichValue) {
$theVal = $this->getValueFromConfigTable($whichValue);
if ($theVal == null) {
echo json_encode("");
} else {
echo json_encode($theVal);
}
}
function getValueFromConfigTable($whichValue) {
$sql = "SELECT setting FROM %config% WHERE name='$whichValue'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
$theValue = null;
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$theValue = $zeile['setting'];
}
mysqli_free_result($dbresult);
return $theValue;
}
function changeConfig(
$taxChanged,$togoTaxChanged,$stornocodeChanged,$printpassChanged,$companyInfoChanged,$serverUrlChanged,$logoUrlChanged,$payPrintTypeChanged,$emailChanged,
$tax,$togoTax,$stornocode,$printpass,$companyInfo,$serverUrl,$logoUrl,$payPrintType,$email) {
$problem = false;
if ($stornocodeChanged == 1) {
$this->changeOneConfigDbItem('stornocode',$stornocode);
}
if ($printpassChanged == 1) {
$this->changeOneConfigDbItem('printpass',md5($printpass));
}
if ($companyInfoChanged == 1) {
$this->changeOneConfigDbItem('companyinfo',$companyInfo);
}
if ($serverUrlChanged == 1) {
$this->changeOneConfigDbItem('serverurl', $serverUrl);
}
if ($logoUrlChanged == 1) {
$this->changeOneConfigDbItem('logourl', $logoUrl);
}
if ($payPrintTypeChanged == 1) {
$this->changeOneConfigDbItem('payprinttype', $payPrintType);
}
if ($emailChanged == 1) {
$this->changeOneConfigDbItem('email', $email);
}
if ($taxChanged == 1) {
if (is_numeric($tax)) {
$this->changeOneConfigDbItem('tax',$tax);
} else {
$problem = true;
}
}
if ($togoTaxChanged == 1) {
if (is_numeric($togoTax)) {
$this->changeOneConfigDbItem('togotax',$togoTax);
} else {
$problem = true;
}
}
if ($problem) {
echo json_encode("FAILED");
} else {
echo json_encode("OK");
}
}
function changeOneConfigDbItem($theItem,$theValue) {
$sql = "UPDATE %config% SET setting='$theValue' WHERE name='$theItem'";
$dbresult = $this->dbutils->performSqlCommand($sql);
// now this has to be logged in the history tables...
$this->histfiller->updateConfigInHist($theItem, $theValue);
}
private function findActiveUserWithName($username) {
$sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'";
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id));
$row =$stmt_query->fetchObject();
$theUserId = $row->id;
return $theUserId;
}
function updateUser($username, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rManager) {
$theUserId = $this->findActiveUserWithName($username);
// check if the user with that name already exists
$sql = "UPDATE %user% SET is_admin='$isAdmin', right_waiter='$rWaiter',right_kitchen='$rKitchen',right_bar='$rBar',right_supply='$rSupply',right_paydesk='$rPayDesk',right_statistics='$rStat',right_bill='$rBill',right_products='$rProducts',right_manager='$rManager' WHERE active='1' AND username='$username'";
$dbresult = $this->dbutils->performSqlCommand($sql);
// now this has to be logged in the history tables...
$this->histfiller->updateUserInHist($theUserId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rManager,'1');
echo json_encode("OK");
}
function deleteUser($username) {
$theUserId = $this->findActiveUserWithName($username);
$userSql = "UPDATE %user% set active='0' WHERE username='$username'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$this->histfiller->updateOneUser($theUserId);
echo json_encode("OK");
}
function getCurrentUser() {
if(session_id() == '') {
session_start();
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
echo json_encode("Nobody");
} else {
echo json_encode($_SESSION['currentuser']);
}
}
function changepassword($username,$password) {
$password_hash = md5($password);
$userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND username='$username'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
echo json_encode("OK");
}
function changeOwnPassword($oldpassword,$newpassword) {
if(session_id() == '') {
session_start();
}
$currentuser = $_SESSION['currentuser'];
$oldp_hash = md5($oldpassword);
$ok = true;
// is old password correct?
$sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
if ($zeile['userpassword'] != $oldp_hash) {
$ok = false;
}
} else {
// user not found
$ok = false;
}
mysqli_free_result($dbresult);
if ($ok) {
// allowed to change password
$newp_hash = md5($newpassword);
$sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'";
$dbresult = $this->dbutils->performSqlCommand($sql);
echo json_encode("OK");
} else {
echo json_encode("FAILED");
}
}
private function writeCsvHeader($defaultFilename) {
header("Content-type: text/x-csv");
header("Content-Disposition: attachment; filename=$defaultFilename");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
header("Expires: 0");
}
private function exportConfigCsv() {
$this->writeCsvHeader("datenexport-config.csv");
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
$sql = "SELECT DISTINCT %hist%.id as id,date,";
$sql .= "%config%.name as configitem,%histconfig%.setting as setting,description ";
$sql .= " FROM %hist%, %histconfig%, %histactions%, %config% ";
$sql .= " WHERE (refid=%histconfig%.id) ";
$sql .= " AND %histconfig%.configid = %config%.id ";
$sql .= " AND (action='2' OR action='6') ";
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['configitem'];
$val4 = str_replace("\r\n","<CR>",$zeile['setting']);
$val4 = str_replace("\n","<CR>",$val4);
$val5 = $zeile['description'];
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
}
mysqli_free_result( $dbresult );
}
private function exportUserCsv() {
$this->writeCsvHeader("datenexport-benutzer.csv");
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Managerrechte; Aktiviert\n");
$sql = "SELECT DISTINCT %hist%.id as id,date,";
$sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,";
$sql .= "right_paydesk,right_statistics,right_bill,right_products,right_manager,active,";
$sql .= "description ";
$sql .= " FROM %hist%, %histuser%, %histactions% ";
$sql .= " WHERE (refid=%histuser%.id) ";
$sql .= " AND (action='3' OR action='7' OR action='8') ";
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['userid'];
$val4 = $zeile['username'];
$val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein");
$val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein");
$val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein");
$val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein");
$val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein");
$val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein");
$val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein");
$val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein");
$val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein");
$val14 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein");
$val15 = ($zeile['active'] == '1' ? "Ja" : "Nein");
$val16 = $zeile['description'];
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
echo "$val11;$val12;$val13;$val14;$val15;$val16\n";
}
mysqli_free_result( $dbresult );
}
}
?>