ordersprinter/webapp/php/feedback.php

154 lines
5.1 KiB
PHP
Raw Normal View History

2020-11-19 22:44:19 +01:00
<?php
require_once ('dbutils.php');
2020-11-19 22:47:44 +01:00
require_once ('utilities/Emailer.php');
2020-11-19 22:44:19 +01:00
class Feedback {
var $dbutils;
function __construct() {
$this->dbutils = new DbUtils();
}
function handleCommand($command) {
if ($command == 'sendMail') {
$this->sendMail($_POST['role'],$_POST['topic'],$_POST['email'],$_POST['tel'],$_POST['allowSendRights'],$_POST['content']);
}
else {
echo "Kommando nicht unterstuetzt.";
}
}
function isUserAlreadyLoggedInForPhp() {
if(session_id() == '') {
session_start();
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
return false;
} else {
return true;
}
}
2020-11-19 22:47:44 +01:00
private function getGeneralItemFromDb($field) {
2020-11-19 22:44:19 +01:00
$pdo = $this->dbutils->openDbAndReturnPdo();
2020-11-19 22:47:44 +01:00
$aValue="";
$sql = "SELECT setting FROM %config% where name='$field'";
2020-11-19 22:44:19 +01:00
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
2020-11-19 22:47:44 +01:00
$aValue = $row->setting;
}
return $aValue;
2020-11-19 22:44:19 +01:00
}
function spamcheck($field) {
// Sanitize e-mail address
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
function sqlresult($pdo,$sql,$sqlval) {
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
return($row->$sqlval);
} else {
return 0;
}
}
function getdbinfo() {
$pdo = $this->dbutils->openDbAndReturnPdo();
$info = "\n\nWaiting print jobs:\n";
// workprintjobswaiting
$foodjobs = $this->sqlresult($pdo,"select count(id) as number from %printjobs% where type=1","number");
$drinkjobs = $this->sqlresult($pdo,"select count(id) as number from %printjobs% where type=2","number");
$payjobs = $this->sqlresult($pdo,"select count(id) as number from %printjobs% where type=3","number");
$info .= "Speisebons: $foodjobs\n";
2020-11-19 22:47:44 +01:00
$info .= "Getr<EFBFBD>nkebons: $drinkjobs\n";
2020-11-19 22:44:19 +01:00
$info .= "Kassenbons: $payjobs\n\n";
// db sizes
$info .= $this->getDatabaseSizes($pdo);
return $info;
}
function getDatabaseSizes($pdo) {
$sql = 'SELECT table_schema "Data Base Name",
sum( data_length + index_length ) / 1024 / 1024 "Data Base Size in MB",
sum( data_free )/ 1024 / 1024 "Free Space in MB"
FROM information_schema.TABLES
GROUP BY table_schema';
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$result = $stmt->fetchAll();
$dbInfo = "DB-info:\n";
foreach($result as $row) {
$dbInfo .= "Database '$row[0]', db size in MB: $row[1], free space in MB: $row[2]\n";
}
$dbInfo .= "used DB '" . MYSQL_DB . "'\n\n";
return $dbInfo;
}
function sendMail($role,$topic,$email,$tel,$allowSendRights,$content) {
2020-11-19 22:47:44 +01:00
2020-11-19 22:44:19 +01:00
if (!$this->spamcheck($email)) {
echo json_encode("Falsche Emailadresse eingegeben!");
return;
}
2020-11-19 22:47:44 +01:00
2020-11-19 22:44:19 +01:00
$rights = "Keine Rechteinformation";
2020-11-19 22:47:44 +01:00
$from = $this->getGeneralItemFromDb('email');
$version = $this->getGeneralItemFromDb('version');
2020-11-19 22:44:19 +01:00
if ($this->spamcheck($from)) {
2020-11-19 22:47:44 +01:00
2020-11-19 22:44:19 +01:00
if ($this->isUserAlreadyLoggedInForPhp()) {
if ($allowSendRights) {
$rights = "Userid = " . $_SESSION['userid'] . "\n";
$rights .= "Username = " . $_SESSION['currentuser'] . "\n";
$rights .= "isAdmin = " . ($_SESSION['is_admin'] ? "ja" : "nein") . "\n";
$rights .= "right_waiter = " . ($_SESSION['right_waiter'] ? "ja" : "nein") . "\n";
$rights .= "right_kitchen = " . ($_SESSION['right_kitchen'] ? "ja" : "nein") . "\n";
$rights .= "right_bar = " . ($_SESSION['right_bar'] ? "ja" : "nein") . "\n";
$rights .= "right_supply = " . ($_SESSION['right_supply'] ? "ja" : "nein") . "\n";
$rights .= "right_paydesk = " . ($_SESSION['right_paydesk'] ? "ja" : "nein") . "\n";
$rights .= "right_statistics = " . ($_SESSION['right_statistics'] ? "ja" : "nein") . "\n";
$rights .= "right_bill = " . ($_SESSION['right_bill'] ? "ja" : "nein") . "\n";
$rights .= "right_products = " . ($_SESSION['right_products'] ? "ja" : "nein") . "\n";
$rights .= "right_manager = " . ($_SESSION['right_manager'] ? "ja" : "nein");
$rights .= $this->getdbinfo();
}
$server = $_SERVER['HTTP_USER_AGENT'];
2020-11-19 22:47:44 +01:00
$msg = "Rolle: $role\nEmail: $email\nTel.: $tel\nRechte: $rights\nServer:$server\n\nOrderSprinter-Version:$version\n\nNachricht:\n$content";
2020-11-19 22:44:19 +01:00
$msg = wordwrap($msg, 70);
// Verarbeitet \r\n's zuerst, so dass sie nicht doppelt konvertiert werden
$msg = str_replace("\n", "\r\n", $msg);
2020-11-19 22:47:44 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
if (Emailer::sendEmail($pdo, $msg, "feedback@ordersprinter.de", $topic)) {
2020-11-19 22:44:19 +01:00
echo json_encode("OK");
} else {
echo json_encode("Fehler: Mail konnte nicht verschickt werden! Stimmt die PHP-Konfiguration auf dem Server?");
}
} else {
echo json_encode("Fehler: Benutzer nicht eingeloggt!");
}
} else {
echo json_encode("Mailkonfiguration von OrderSprinter fehlerhaft!");
}
}
}
?>