709 lines
26 KiB
PHP
709 lines
26 KiB
PHP
|
<?php
|
||
|
// Datenbank-Verbindungsparameter
|
||
|
require_once ('dbutils.php');
|
||
|
require_once ('commonutils.php');
|
||
|
require_once ('admin.php');
|
||
|
require_once ('reports.php');
|
||
|
require_once ('utilities/pdfexport.php');
|
||
|
|
||
|
define('FPDF_FONTPATH','3rdparty/fpdf/font/');
|
||
|
|
||
|
class Bill {
|
||
|
var $dbutils;
|
||
|
var $t;
|
||
|
|
||
|
private $P_SUM = array("Summe:","Sum:","Todo:");
|
||
|
private $P_TOTAL = array("Total","Total","Total");
|
||
|
private $P_MWST = array("MwSt","Tax","IVA");
|
||
|
private $P_NETTO = array("Netto","Net","Neto");
|
||
|
private $P_BRUTTO = array("Brutto","Gross","Bruto");
|
||
|
private $P_ID = array("Id:","Id:","Id:");
|
||
|
private $P_TABLE = array("Tisch:","Table:","Mesa:");
|
||
|
private $P_WAITER = array("Es bediente Sie:", "Waiter:", "Camarero:");
|
||
|
private $P_NO = array("Anz.", "No.", "Nú.");
|
||
|
private $P_DESCR = array("Beschreibung","Description","Descripción");
|
||
|
private $P_PRICE = array("Preis","Price","Precio");
|
||
|
|
||
|
function __construct() {
|
||
|
$this->dbutils = new DbUtils();
|
||
|
require_once 'translations.php';
|
||
|
}
|
||
|
|
||
|
function handleCommand($command) {
|
||
|
if ($command == 'exportCsv') {
|
||
|
if ($this->hasCurrentUserAdminOrManagerRights()) {
|
||
|
// yes, we can export the data
|
||
|
$this->exportCsv($_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG));
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
if ($command == 'exportPdfReport') {
|
||
|
if ($this->hasCurrentUserAdminOrManagerRights()) {
|
||
|
$this->exportPdfReport($_GET['lang'],$_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
|
||
|
} else {
|
||
|
echo "Benutzer nicht berechtigt";
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
if ($command == 'exportPdfSummary') {
|
||
|
if ($this->hasCurrentUserAdminOrManagerRights()) {
|
||
|
$this->exportPdfSummary($_GET['lang'],$_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
|
||
|
} else {
|
||
|
echo "Benutzer nicht berechtigt";
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ($command == 'exportCsvOfClosing') {
|
||
|
if ($this->hasCurrentUserAdminOrManagerRights()) {
|
||
|
// yes, we can export the data
|
||
|
$this->exportCsvOfClosing($_GET['closingid']);
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_MANAGER_NOT_AUTHOTRIZED, "msg" => ERROR_MANAGER_NOT_AUTHOTRIZED_MSG));
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ($command == 'doCashAction') {
|
||
|
if ($this->hasCurrentUserPaydeskRights()) {
|
||
|
$this->doCashAction($_POST['money']);
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_PAYDESK_NOT_AUTHOTRIZED, "msg" => ERROR_PAYDESK_NOT_AUTHOTRIZED_MSG));
|
||
|
}
|
||
|
return;
|
||
|
} else if ($command == 'getCashOverviewOfUser') {
|
||
|
if ($this->hasCurrentUserPaydeskRights()) {
|
||
|
$this->getCashOverviewOfUser();
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_PAYDESK_NOT_AUTHOTRIZED, "msg" => ERROR_PAYDESK_NOT_AUTHOTRIZED_MSG));
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ($this->hasCurrentUserBillRights()) {
|
||
|
if ($command == 'getLastBillsWithContent') {
|
||
|
$this->getLastBillsWithContent($_GET['day'],$_GET['month'],$_GET['year']);
|
||
|
} else if ($command == 'cancelBill') {
|
||
|
$this->cancelBill($_POST['billid'],$_POST['stornocode']);
|
||
|
}
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG));
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// for internal request
|
||
|
private function hasCurrentUserBillRights() {
|
||
|
session_start();
|
||
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
||
|
// no user logged in
|
||
|
return false;
|
||
|
} else {
|
||
|
return ($_SESSION['right_bill']);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
private function hasCurrentUserPaydeskRights() {
|
||
|
session_start();
|
||
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
||
|
// no user logged in
|
||
|
return false;
|
||
|
} else {
|
||
|
return ($_SESSION['right_paydesk']);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// for internal request
|
||
|
private function hasCurrentUserAdminOrManagerRights() {
|
||
|
session_start();
|
||
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
||
|
// no user logged in
|
||
|
return false;
|
||
|
} else {
|
||
|
return ($_SESSION['right_manager'] || $_SESSION['is_admin']);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* get the content of a bill (to be used for printserver etc.)
|
||
|
*
|
||
|
* @param unknown $billid
|
||
|
*/
|
||
|
function getBillWithId($billid,$language,$printer) {
|
||
|
set_time_limit(120);
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
|
||
|
// is bill correct with signature?
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$correct = $commonUtils->verifyBill($pdo, $billid);
|
||
|
if (!$correct) {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// first: get the bill overall data
|
||
|
|
||
|
// is the bill for a table or togo
|
||
|
$sql = "SELECT tableid FROM %bill% WHERE id=?";
|
||
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$row = $stmt->fetchObject();
|
||
|
|
||
|
$sql = "SELECT count(id) as countid FROM %queue% WHERE billid=?";
|
||
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$qrow = $stmt->fetchObject();
|
||
|
|
||
|
if ($qrow->countid == 0) {
|
||
|
if ($row->tableid == 0) {
|
||
|
// togo
|
||
|
$sql = "SELECT DISTINCT billdate,brutto,netto,'-' as tablename,username,host FROM %bill%,%user% WHERE %bill%.id=? AND userid=%user%.id AND tableid='0' ";
|
||
|
} else {
|
||
|
$sql = "SELECT DISTINCT billdate,brutto,netto,tableno as tablename,username,host FROM %bill%,%user%,%resttables% WHERE %bill%.id=? AND userid=%user%.id AND tableid=%resttables%.id ";
|
||
|
}
|
||
|
} else {
|
||
|
if ($row->tableid == 0) {
|
||
|
// togo
|
||
|
$sql = "SELECT DISTINCT billdate,brutto,netto,'-' as tablename,username,host FROM %bill%,%user%,%queue% WHERE %bill%.id=? AND %bill%.id=%queue%.billid AND userid=%user%.id AND tableid='0' AND paidtime is not null ";
|
||
|
} else {
|
||
|
$sql = "SELECT DISTINCT billdate,brutto,netto,tableno as tablename,username,host FROM %bill%,%user%,%resttables%,%queue% WHERE %bill%.id=? AND %bill%.id=%queue%.billid AND userid=%user%.id AND tableid=%resttables%.id AND paidtime is not null ";
|
||
|
}
|
||
|
}
|
||
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$row = $stmt->fetchObject();
|
||
|
|
||
|
if ($row == null) {
|
||
|
// no rows found -> deliver no content
|
||
|
echo json_encode(array("billoverallinfo" => array()));
|
||
|
return;
|
||
|
} else {
|
||
|
if (is_null($row->host)) {
|
||
|
$host = 0; // default
|
||
|
} else {
|
||
|
$host = $row->host;
|
||
|
}
|
||
|
$thetimedate = $row->billdate;
|
||
|
$thetimedate_arr = explode ( ' ', $thetimedate );
|
||
|
$thedate = $thetimedate_arr[0];
|
||
|
$datearr = explode ( '-', $thedate );
|
||
|
$day = sprintf("%02s", $datearr[2]);
|
||
|
$month = sprintf("%02s", $datearr[1]);
|
||
|
$year = sprintf("%04s", $datearr[0]);
|
||
|
$thetime = $thetimedate_arr[1];
|
||
|
$thetimearr = explode ( ':', $thetime );
|
||
|
$hour = $thetimearr[0];
|
||
|
$min = $thetimearr[1];
|
||
|
$thetimedate = "$day.$month.$year $hour:$min";
|
||
|
|
||
|
$billoverallinfo = array(
|
||
|
"id" => $billid,
|
||
|
"billdate" => $thetimedate,
|
||
|
"billday" => $day,
|
||
|
"billmonth" => $month,
|
||
|
"billyear" => $year,
|
||
|
"billhour" => $hour,
|
||
|
"billmin" => $min,
|
||
|
"brutto" => $row->brutto,
|
||
|
"netto" => $row->netto,
|
||
|
"table" => $row->tablename,
|
||
|
"username" => $row->username,
|
||
|
"printer" => $printer,
|
||
|
"host" => $host
|
||
|
);
|
||
|
|
||
|
$billtranslations = array(
|
||
|
"sum" => $this->P_SUM[$language],
|
||
|
"total" => $this->P_TOTAL[$language],
|
||
|
"mwst" => $this->P_MWST[$language],
|
||
|
"netto" => $this->P_NETTO[$language],
|
||
|
"brutto" => $this->P_BRUTTO[$language],
|
||
|
"id" => $this->P_ID[$language],
|
||
|
"table" => $this->P_TABLE[$language],
|
||
|
"waiter" => $this->P_WAITER[$language],
|
||
|
"no" => $this->P_NO[$language],
|
||
|
"descr" => $this->P_DESCR[$language],
|
||
|
"price" => $this->P_PRICE[$language]
|
||
|
);
|
||
|
}
|
||
|
|
||
|
// now get all products of this bill
|
||
|
$sql = "select productname,price,%pricelevel%.name as pricelevelname,count(%queue%.productname) as count from %bill%,%queue%,%pricelevel% where %bill%.id=? and %queue%.billid=%bill%.id AND paidtime is not null AND %queue%.pricelevel = %pricelevel%.id group by productname,price,pricelevelname";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$result = $stmt->fetchAll();
|
||
|
|
||
|
$prodarray = array();
|
||
|
foreach($result as $zeile) {
|
||
|
$prodarray[] = array("count" => $zeile['count'],
|
||
|
"productname" => $zeile['productname'],
|
||
|
"pricelevel" => $zeile['pricelevelname'],
|
||
|
"price" => $zeile['price']
|
||
|
);
|
||
|
}
|
||
|
|
||
|
|
||
|
$sql = "select tax,round(sum(price) - sum(price / (1.0 + tax/100.0)),2) as mwst, round(sum(price / (1.0 + tax/100.0)),2) as netto, sum(price) as brutto FROM %queue% WHERE billid=? group by tax ORDER BY tax";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$result = $stmt->fetchAll(PDO::FETCH_OBJ);
|
||
|
|
||
|
$out = array("billoverallinfo" => $billoverallinfo,"translations" => $billtranslations,"products" => $prodarray, "taxes" => $result);
|
||
|
return $out;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* insert or take out cash money. The direction done by sign of $money value
|
||
|
*/
|
||
|
private function doCashAction($money) {
|
||
|
// current time
|
||
|
date_default_timezone_set(DbUtils::getTimeZone());
|
||
|
$currentTime = date('Y-m-d H:i:s');
|
||
|
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
$pdo->beginTransaction();
|
||
|
|
||
|
$sql = "SELECT sum(brutto) as bruttosum FROM %bill% WHERE closingid is null AND paymentid='1'";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute();
|
||
|
$row =$stmt->fetchObject();
|
||
|
if ($row != null) {
|
||
|
$sum = $row->bruttosum;
|
||
|
if (is_null($sum)) {
|
||
|
// no transaction after last closing
|
||
|
$sum = 0.0;
|
||
|
}
|
||
|
if (($sum + floatval($money)) >= 0.0) {
|
||
|
|
||
|
// Test if it is allowed to insert new bill as storno bill or if manipulation has happened
|
||
|
$nextbillid = $this->testForNewBillIdAndUpdateWorkTable($pdo);
|
||
|
if ($nextbillid < 0) {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
|
||
|
$pdo->rollBack();
|
||
|
}
|
||
|
|
||
|
$userId = $this->getUserId();
|
||
|
// now calculate the signature for the bill entry
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$signature = $commonUtils->calcSignatureForBill($pdo,$currentTime, $money, $money, 0.0, $userId);
|
||
|
|
||
|
$sql = "INSERT INTO `%bill%` (`id` , `billdate`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`,`signature`) VALUES ( ?, ? , ?,?,?, ?, 'c', ?,?,?,?)";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($nextbillid,$currentTime,$money,$money,'0.00',-1,1,$userId,NULL,$signature));
|
||
|
|
||
|
$pdo->commit();
|
||
|
echo json_encode(array("status" => "OK"));
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT, "msg" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT_MSG));
|
||
|
}
|
||
|
} else {
|
||
|
$pdo->rollBack();
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_PAYDESK_SUM, "msg" => ERROR_GENERAL_PAYDESK_SUM_MSG));
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* User may ask what money he should have in his pocket by serving the guests. If the inserts and
|
||
|
* take outs are in in his waiter paydesk then this value is of interest, too. Return both.
|
||
|
*/
|
||
|
function getCashOverviewOfUser() {
|
||
|
$userId = $this->getUserId();
|
||
|
|
||
|
// without cash insert and cash takeout
|
||
|
$onlyCashByGuests = 0.0;
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
$sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND status is null AND paymentid=1 AND userid='$userId'";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute();
|
||
|
$row =$stmt->fetchObject();
|
||
|
if ($row != null) {
|
||
|
if ($row->sumtotal != null) {
|
||
|
$onlyCashByGuests = $row->sumtotal;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// with cash
|
||
|
$cashByGuestsAndInsertTakeOut = 0.0;
|
||
|
$sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND paymentid='1' AND userid='$userId' AND (status is null OR status ='c')";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute();
|
||
|
$row =$stmt->fetchObject();
|
||
|
if ($row != null) {
|
||
|
if ($row->sumtotal != null) {
|
||
|
$cashByGuestsAndInsertTakeOut = $row->sumtotal;
|
||
|
}
|
||
|
}
|
||
|
echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut));
|
||
|
}
|
||
|
|
||
|
function getLastBillsWithContent($day,$month,$year) {
|
||
|
date_default_timezone_set(DbUtils::getTimeZone());
|
||
|
$currentTime = date('Y-m-d H:i:s');
|
||
|
$startDate = "$year-$month-$day 00:00:00";
|
||
|
$endDate = "$year-$month-$day 23:59:59";
|
||
|
|
||
|
$whenClause = " (billdate >= ? AND billdate <= ?)";
|
||
|
|
||
|
// search for the bill language
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
$admin = new Admin();
|
||
|
$genValues = $admin->getGeneralConfigItems(false, $pdo);
|
||
|
$l = $genValues['billlanguage'];
|
||
|
|
||
|
$commonUtils = new CommonUtils();
|
||
|
|
||
|
$sql = "SELECT id,billdate,brutto,tableid,closingid,status FROM %bill% WHERE tableid >= '0' AND status is null AND $whenClause ORDER BY billdate DESC ";
|
||
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
||
|
$stmt->execute(array($startDate,$endDate));
|
||
|
$result = $stmt->fetchAll();
|
||
|
|
||
|
$resultarray = array();
|
||
|
foreach($result as $zeile) {
|
||
|
$theId = $zeile['id'];
|
||
|
if (!$commonUtils->verifyBill($pdo, $theId)) {
|
||
|
mysqli_free_result( $dbresult );
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
|
||
|
return;
|
||
|
}
|
||
|
date_default_timezone_set(DbUtils::getTimeZone());
|
||
|
$date = new DateTime($zeile['billdate']);
|
||
|
$shortdate = $date->format('H:i');
|
||
|
$closingID = $zeile['closingid'];
|
||
|
$isClosed = (is_null($closingID) ? 0 : 1);
|
||
|
|
||
|
$arr = array("id" => $theId,
|
||
|
"longdate" => $zeile['billdate'],
|
||
|
"shortdate" => $shortdate,
|
||
|
"brutto" => $zeile['brutto'],
|
||
|
"tablename" => $commonUtils->getTableNameFromId($zeile['tableid']),
|
||
|
"billcontent" => $this->getBillWithId($theId,$l,0),
|
||
|
"isClosed" => $isClosed
|
||
|
);
|
||
|
|
||
|
$resultarray[] = $arr;
|
||
|
}
|
||
|
|
||
|
// insert also the host-html just in case it is needed
|
||
|
$hosthtml = file_get_contents("../customer/bon-bewirtungsvorlage.html");
|
||
|
|
||
|
ob_start();
|
||
|
echo json_encode(array("status" => "OK", "code" => OK, "msg" => $resultarray, "hosthtml" => $hosthtml));
|
||
|
ob_end_flush();
|
||
|
}
|
||
|
|
||
|
private function getUserId() {
|
||
|
if(session_id() == '') {
|
||
|
session_start();
|
||
|
}
|
||
|
return $_SESSION['userid'];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Test if it is allowed to insert new bill as storno bill or if manipulation has happened
|
||
|
*
|
||
|
* Returns (-1) in case of an error, a positive return value is the new id, (which is already updated in work table)
|
||
|
*/
|
||
|
private function testForNewBillIdAndUpdateWorkTable($pdo) {
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$sql = "SELECT MAX(id) as maxbillid FROM %bill%";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute();
|
||
|
$row = $stmt->fetchObject();
|
||
|
$nextbillid = intval($row->maxbillid) + 1;
|
||
|
if (!$commonUtils->verifyLastBillId($pdo, $nextbillid)) {
|
||
|
return (-1);
|
||
|
} else {
|
||
|
// ok - then increment that last id in the work table
|
||
|
$commonUtils->setLastBillIdInWorkTable($pdo, $nextbillid);
|
||
|
return $nextbillid;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Cancel a bill - set all queue items to not paid and drop the bill entry
|
||
|
*/
|
||
|
private function cancelBill($billid,$stornocode) {
|
||
|
// current time
|
||
|
date_default_timezone_set(DbUtils::getTimeZone());
|
||
|
$currentTime = date('Y-m-d H:i:s');
|
||
|
|
||
|
// check if stornocode is correct
|
||
|
$sql = "SELECT setting FROM %config% WHERE name='stornocode'";
|
||
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
||
|
$numberOfVals = mysqli_num_rows($dbresult);
|
||
|
if ($numberOfVals != 1) {
|
||
|
// stornocode not fixed
|
||
|
mysqli_free_result( $dbresult );
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
|
||
|
$stornocodeInDb = $zeile['setting'];
|
||
|
|
||
|
mysqli_free_result( $dbresult );
|
||
|
if ($stornocode != $stornocodeInDb) {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if (!is_numeric($billid)) {
|
||
|
// this may be an attack...
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_NUMERIC_VALUE, "msg" => ERROR_BILL_WRONG_NUMERIC_VALUE_MSG));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// Do transactional cancel
|
||
|
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
$pdo->beginTransaction();
|
||
|
|
||
|
// is the bill already closed? In this case no cancel is allowed!
|
||
|
$sql = "SELECT brutto,netto,tax,tableid,closingid,status,paymentid FROM %bill% WHERE id=?";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$row =$stmt->fetchObject();
|
||
|
$closingId = null;
|
||
|
if ($row != null) {
|
||
|
$closingId = $row->closingid;
|
||
|
|
||
|
// save the next data for a copy!
|
||
|
$brutto = $row->brutto;
|
||
|
$netto = $row->netto;
|
||
|
$tax = $row->tax;
|
||
|
$tableid = $row->tableid;
|
||
|
$status = $row->status;
|
||
|
$paymentid = $row->paymentid;
|
||
|
}
|
||
|
|
||
|
if (!is_null($closingId) || ($status == 's') || ($status == 'x')) {
|
||
|
// no cancel possible anymore!
|
||
|
$pdo->rollBack();
|
||
|
if (($status == 's') || ($status == 'x')) {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CANCELLED, "msg" => ERROR_BILL_ALREADY_CANCELLED_MSG));
|
||
|
} else {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CLOSED, "msg" => ERROR_BILL_ALREADY_CLOSED_MSG));
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// is bill correct with signature?
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$correct = $commonUtils->verifyBill($pdo, $billid);
|
||
|
if (!$correct) {
|
||
|
$pdo->rollBack();
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// Test if it is allowed to insert new bill as storno bill or if manipulation has happened
|
||
|
$nextbillid = $this->testForNewBillIdAndUpdateWorkTable($pdo);
|
||
|
if ($nextbillid < 0) {
|
||
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
|
||
|
$pdo->rollBack();
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
// 0. find the queueitems that are related to that bill
|
||
|
$sql = "SELECT id FROM %queue% WHERE billid=?";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
$result = $stmt->fetchAll();
|
||
|
$queueIdArray = array();
|
||
|
|
||
|
foreach($result as $row) {
|
||
|
$queueIdArray[] = $row['id'];
|
||
|
}
|
||
|
|
||
|
// 1. clear connection between queue item and bill
|
||
|
$sql = "UPDATE %queue% SET paidtime=null,billid=null WHERE billid=?";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($billid));
|
||
|
|
||
|
// 2. copy bill with negativ brutto as part of storno
|
||
|
$userIdOfStornoUser = $this->getUserId();
|
||
|
$stornval = 0.0 - floatval($brutto);
|
||
|
$stornonettoval = 0.0 - floatval($netto);
|
||
|
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$signature = $commonUtils->calcSignatureForBill($pdo,$currentTime, $stornval, $stornonettoval, $tax, $userIdOfStornoUser);
|
||
|
|
||
|
$sql = "INSERT INTO `%bill%` (`id` , `billdate`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`,`host`,`signature`) VALUES ( ?, ? , ?, ?,?,?, 's', ?,?,?,?,?)";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($nextbillid,$currentTime,$stornval,$stornonettoval,$tax,$tableid,$paymentid,$userIdOfStornoUser,$billid,0,$signature));
|
||
|
$refIdOfStornoEntry = $pdo->lastInsertId();
|
||
|
|
||
|
// 3. mark bill as part of storno
|
||
|
$sql = "UPDATE %bill% SET status='x', closingid=null, ref=? WHERE id=?";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array($refIdOfStornoEntry,$billid));
|
||
|
|
||
|
// 4. now put the queue items into the billproducts so that later storno is evaluable
|
||
|
foreach ($queueIdArray as $aQueueid) {
|
||
|
$billProdsSql = "INSERT INTO `%billproducts%` (`queueid` , `billid`) VALUES ( ?,?)";
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($billProdsSql));
|
||
|
$stmt->execute(array($aQueueid,$refIdOfStornoEntry));
|
||
|
}
|
||
|
|
||
|
$pdo->commit();
|
||
|
// end of transactional cancel
|
||
|
|
||
|
echo json_encode(array("status" => "OK", "code" => OK));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
private function exportPdfReport($startMonth,$startYear,$endMonth,$endYear) {
|
||
|
$pdfExport = new PdfExport();
|
||
|
$pdfExport->exportPdfReport($_GET['lang'],$_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
|
||
|
}
|
||
|
private function exportPdfSummary($startMonth,$startYear,$endMonth,$endYear) {
|
||
|
$pdfExport = new PdfExport();
|
||
|
$pdfExport->exportPdfSummary($_GET['lang'],$_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
|
||
|
}
|
||
|
|
||
|
private function exportCsv($startMonth,$startYear,$endMonth,$endYear) {
|
||
|
$this->exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,null);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Method to export data of a special closing
|
||
|
*/
|
||
|
private function exportCsvOfClosing($closingid) {
|
||
|
$this->exportCsv_bin(null,null,null,null,$closingid);
|
||
|
}
|
||
|
|
||
|
private function getDecPoint() {
|
||
|
$sql = "SELECT name,setting FROM %config% WHERE name=?";
|
||
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
||
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
||
|
$stmt->execute(array("decpoint"));
|
||
|
$row = $stmt->fetchObject();
|
||
|
return($row->setting);
|
||
|
}
|
||
|
|
||
|
private function exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,$onlyClosingId) {
|
||
|
if(session_id() == '') {
|
||
|
session_start();
|
||
|
}
|
||
|
$l = $_SESSION['language'];
|
||
|
|
||
|
$commonUtils = new CommonUtils();
|
||
|
$currency = $commonUtils->getCurrency();
|
||
|
|
||
|
$decpoint = $this->getDecPoint();
|
||
|
if ($onlyClosingId == null) {
|
||
|
if ($startMonth < 10) {
|
||
|
$startMonth = "0" . $startMonth;
|
||
|
}
|
||
|
if ($endMonth < 10) {
|
||
|
$endMonth = "0" . $endMonth;
|
||
|
}
|
||
|
$startDate = $startYear . "-" . $startMonth . "-01 00:00:00";
|
||
|
// now find last day of month of end date!
|
||
|
$endDate = $endYear . "-" . $endMonth . "-01";
|
||
|
$lastdayOfMonth = date("t", strtotime($endDate));
|
||
|
$endDate = $endYear . "-" . $endMonth . "-" . $lastdayOfMonth . " 23:59:59";
|
||
|
}
|
||
|
|
||
|
$file_name = "datenexport.csv";
|
||
|
header("Content-type: text/x-csv");
|
||
|
header("Content-Disposition: attachment; filename=$file_name");
|
||
|
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
|
||
|
header("Pragma: no-cache");
|
||
|
header("Expires: 0");
|
||
|
|
||
|
$firstCsvPart = $this->t['ID'][$l] . ";" . $this->t['Date'][$l] . ";" . $this->t['Brutto'][$l] . "($currency);";
|
||
|
$firstCsvPart .= $this->t['Netto'][$l] . "($currency);";
|
||
|
$firstCsvPart .= $this->t['State'][$l] . ";" . $this->t['Ref'][$l] . ";";
|
||
|
$firstCsvPart .= $this->t['host'][$l] . ";";
|
||
|
$firstCsvPart .= $this->t['Userid'][$l] . ";" . $this->t['User'][$l] . ";";
|
||
|
|
||
|
if ($onlyClosingId == null) {
|
||
|
$ret = $firstCsvPart . $this->t['ClosId'][$l] . ";" . $this->t['ClosDate'][$l] . ";" . $this->t['PayWay'][$l] . ";" . $this->t['ClosRemark'][$l] . "\n";
|
||
|
echo $ret;
|
||
|
} else {
|
||
|
// closing id is know - do not output unnecessary info
|
||
|
$ret = $firstCsvPart . $this->t['PayWay'][$l] . "\n";
|
||
|
echo $ret;
|
||
|
}
|
||
|
|
||
|
// first get the billids for that closing
|
||
|
$billIdsForThatClosing = array();
|
||
|
|
||
|
$payment_lang = array("name","name_en","name_esp");
|
||
|
$payment_col = $payment_lang[$l];
|
||
|
|
||
|
$sql = "SELECT DISTINCT %bill%.id,%bill%.signature,billdate,brutto,netto,IF(tax is not null, tax, '0.00') as tax,status,closingdate,remark,%bill%.host,%bill%.closingid,%payment%.$payment_col as payway,userid,ref,username FROM %bill%,%closing%,%payment%,%user% ";
|
||
|
$sql .= "WHERE closingid is not null AND %bill%.closingid=%closing%.id ";
|
||
|
$sql .= " AND %bill%.paymentid=%payment%.id ";
|
||
|
if ($onlyClosingId == null) {
|
||
|
// search for time span
|
||
|
$sql .= " AND %bill%.billdate BETWEEN '$startDate' AND '$endDate' ";
|
||
|
} else {
|
||
|
// search for a special closing id
|
||
|
$sql .= " AND closingid='$onlyClosingId' ";
|
||
|
}
|
||
|
|
||
|
$sql .= " AND %bill%.userid = %user%.id ";
|
||
|
$sql .= "ORDER BY billdate";
|
||
|
|
||
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
||
|
|
||
|
$retValues = array();
|
||
|
|
||
|
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
|
||
|
$billid = $zeile['id'];
|
||
|
$billdate = $zeile['billdate'];
|
||
|
|
||
|
$brutto_orig = $zeile['brutto'];
|
||
|
$netto_orig = $zeile['netto'];
|
||
|
$tax_orig = $zeile['tax'];
|
||
|
|
||
|
$brutto = str_replace(".",$decpoint,$brutto_orig);
|
||
|
$netto = str_replace(".",$decpoint,$netto_orig);
|
||
|
$tax = str_replace(".",$decpoint,$tax_orig);
|
||
|
$signature = $zeile['signature'];
|
||
|
$status = $zeile['status'];
|
||
|
if ($status == 'x') {
|
||
|
$status = $this->t["laterCancelled"][$l];
|
||
|
} else if ($status == 's') {
|
||
|
$status = $this->t["storno"][$l];
|
||
|
} else if ($status == 'c') {
|
||
|
$status = $this->t["cashact"][$l];
|
||
|
} else {
|
||
|
$status = "";
|
||
|
}
|
||
|
$ref = ($zeile['ref'] == null ? "" : $zeile['ref']);
|
||
|
$userid = $zeile['userid'];
|
||
|
$username = $zeile['username'];
|
||
|
$closingid = $zeile['closingid'];
|
||
|
$closingdate = $zeile['closingdate'];
|
||
|
$remark = '"' . addslashes($zeile['remark']) . '"';
|
||
|
$paymentname = '"' . addslashes($zeile['payway']) . '"';
|
||
|
$host = ($zeile['host'] == 1 ? "x" : "-");
|
||
|
|
||
|
// verifyBillByValues($billdate,$brutto,$netto,$tax,$userid,$signature) {
|
||
|
if (!$commonUtils->verifyBillByValues(null,$billdate, $brutto_orig, $netto_orig, $tax_orig, $userid, $signature)) {
|
||
|
echo "Inconsistent Data Base Content!\n";
|
||
|
mysqli_free_result( $dbresult );
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ($billid == null) {
|
||
|
$billid = "-";
|
||
|
}
|
||
|
|
||
|
if ($onlyClosingId == null) {
|
||
|
echo "$billid ; $billdate; $brutto; $netto; $status; $ref; $host; $userid;$username ; $closingid; $closingdate; $paymentname; $remark\n";
|
||
|
} else {
|
||
|
echo "$billid ; $billdate; $brutto; $netto; $status; $ref; $host; $userid;$username ; $paymentname\n";
|
||
|
}
|
||
|
}
|
||
|
mysqli_free_result( $dbresult );
|
||
|
}
|
||
|
}
|
||
|
?>
|