2020-11-19 22:47:44 +01:00
< ? php
// Datenbank-Verbindungsparameter
require_once ( 'dbutils.php' );
require_once ( 'globals.php' );
require_once ( 'utilities/TypeAndProducts/TypeAndProductFileManager.php' );
require_once ( 'utilities/userrights.php' );
require_once ( 'utilities/HistFiller.php' );
require_once ( 'utilities/basedb.php' );
2020-11-19 23:00:05 +01:00
require_once ( 'utilities/decimaldefs.php' );
2020-11-19 22:47:44 +01:00
require_once ( 'utilities/sorter.php' );
require_once ( 'utilities/Logger.php' );
require_once ( 'utilities/Emailer.php' );
2020-11-19 23:00:58 +01:00
require_once ( 'hotelinterface.php' );
2020-11-19 22:47:44 +01:00
class Admin {
var $dbutils ;
var $userrights ;
var $histfiller ;
private static $timezone = null ;
2020-11-19 22:59:47 +01:00
private static $rights = array (
" createNewUser " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" updateUser " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" deleteUser " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" changepassword " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" changeConfig " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" readlogo " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" deletelogo " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" getCurrentUser " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" tryAuthenticate " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" setLastModuleOfUser " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getViewAfterLogin " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" isUserAlreadyLoggedIn " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" isLoggedinUserAdmin " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" isLoggedinUserKitchen " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" isLoggedinUserBar " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" isLoggedinUserAdminOrManagerOrTE " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" hasUserPaydeskRight " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getJsonMenuItemsAndVersion " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" getUserList " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" setTime " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" changeOwnPassword " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" setUserLanguage " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" setUserReceiptPrinter " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" setBtnSize " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getGeneralConfigItems " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getWaiterSettings " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getPayPrintType " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getPayments " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" autobackup " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
" shutdown " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
2020-11-19 23:00:46 +01:00
" optimize " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
2020-11-19 22:59:47 +01:00
" backup " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" restore " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" golive " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" drop " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" fill " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" fillSpeisekarte " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" assignTaxes " => array ( " loggedin " => 1 , " isadmin " => 1 , " rights " => null ),
" exportConfigCsv " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
" exportUserCsv " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
2020-11-19 23:00:18 +01:00
" exportLog " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => array ( " manager_or_admin " )),
2020-11-19 22:59:47 +01:00
" setOrderVolume " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" setPreferTableMap " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" setKeepTypeLevel " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 23:02:42 +01:00
" setMobileTheme " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 22:59:47 +01:00
" setApplyExtrasBtnPos " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getOrderVolume " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getButtonSizes " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getPreferTableMap " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getKeepTypeLevel " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 23:02:42 +01:00
" getMobileTheme " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 22:59:47 +01:00
" getApplyExtrasBtnPos " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 22:59:57 +01:00
" isInstalled " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null ),
2020-11-19 23:00:58 +01:00
" isPrinterServerActive " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
2020-11-19 23:02:42 +01:00
" getWaiterMessage " => array ( " loggedin " => 1 , " isadmin " => 0 , " rights " => null ),
" getmobilecss " => array ( " loggedin " => 0 , " isadmin " => 0 , " rights " => null )
2020-11-19 22:59:47 +01:00
);
2020-11-19 22:47:44 +01:00
function __construct () {
$this -> dbutils = new DbUtils ();
$this -> userrights = new Userrights ();
$this -> histfiller = new HistFiller ();
}
2020-11-19 22:59:47 +01:00
private static function checkRights ( $command ) {
if ( session_id () == '' ) {
session_start ();
}
if ( ! array_key_exists ( $command , self :: $rights )) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_NOT_FOUND , " msg " => ERROR_COMMAND_NOT_FOUND_MSG ));
return false ;
}
$cmdRights = self :: $rights [ $command ];
if ( $cmdRights [ " loggedin " ] == 1 ) {
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_NOT_AUTHOTRIZED , " msg " => ERROR_NOT_AUTHOTRIZED_MSG ));
return false ;
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
}
if ( $cmdRights [ " isadmin " ] == 1 ) {
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_NOT_AUTHOTRIZED , " msg " => ERROR_NOT_AUTHOTRIZED_MSG ));
return false ;
} else {
if ( $_SESSION [ 'is_admin' ] == 0 ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_NOT_ADMIN , " msg " => ERROR_COMMAND_NOT_ADMIN_MSG ));
return false ;
}
}
}
if ( ! is_null ( $cmdRights [ " rights " ])) {
foreach ( $cmdRights [ " rights " ] as $aRight ) {
if ( $aRight == 'manager_or_admin' ) {
if (( $_SESSION [ 'is_admin' ] == 1 ) || ( $_SESSION [ 'right_manager' ] == 1 )) {
return true ;
2020-11-19 22:53:50 +01:00
}
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_NOT_AUTHOTRIZED , " msg " => ERROR_NOT_AUTHOTRIZED_MSG ));
return false ;
}
return true ;
}
function handleCommand ( $command ) {
if ( ! self :: checkRights ( $command )) {
return false ;
}
if ( $command == 'tryAuthenticate' ) {
2020-11-19 23:00:09 +01:00
$this -> tryAuthenticate ( $_POST [ 'userid' ], $_POST [ 'password' ], $_POST [ 'modus' ], $_POST [ 'day' ], $_POST [ 'month' ], $_POST [ 'year' ], $_POST [ 'hour' ], $_POST [ 'minute' ], $_POST [ " time " ]);
2020-11-19 22:59:47 +01:00
} else if ( $command == 'setLastModuleOfUser' ) {
$this -> setLastModuleOfUser ( $_POST [ 'view' ]);
} else if ( $command == 'getViewAfterLogin' ) {
$this -> getViewAfterLogin ();
} else if ( $command == 'isUserAlreadyLoggedIn' ) {
$this -> isUserAlreadyLoggedIn ();
} else if ( $command == 'logout' ) {
$this -> logout ();
} else if ( $command == 'getCurrentUser' ) {
$this -> getCurrentUser ();
} else if ( $command == 'isLoggedinUserAdmin' ) {
$this -> isLoggedinUserAdmin ();
} else if ( $command == 'isLoggedinUserKitchen' ) {
$this -> isLoggedinUserKitchen ();
} else if ( $command == 'isLoggedinUserBar' ) {
$this -> isLoggedinUserBar ();
} else if ( $command == 'isLoggedinUserAdminOrManagerOrTE' ) {
$this -> isLoggedinUserAdminOrManagerOrTE ();
} else if ( $command == 'hasUserPaydeskRight' ) {
$this -> hasUserPaydeskRight ();
} else if ( $command == 'getJsonMenuItemsAndVersion' ) {
$this -> getJsonMenuItemsAndVersion ();
} else if ( $command == 'getUserList' ) {
$this -> getUserList ();
} else if ( $command == 'setTime' ) {
$this -> setTime ( $_POST [ 'day' ], $_POST [ 'month' ], $_POST [ 'year' ], $_POST [ 'hour' ], $_POST [ 'minute' ]);
} else if ( $command == 'createNewUser' ) {
$this -> createNewUser ();
} else if ( $command == 'updateUser' ) {
$this -> updateUser ();
} else if ( $command == 'deleteUser' ) {
$this -> deleteUser ( $_POST [ 'userid' ]);
} else if ( $command == 'changepassword' ) {
$this -> changepassword ( $_POST [ 'userid' ], $_POST [ 'password' ]);
} else if ( $command == 'changeOwnPassword' ) {
$this -> changeOwnPassword ( $_POST [ 'oldPass' ], $_POST [ 'newPass' ]);
} else if ( $command == 'setUserLanguage' ) {
$this -> setUserLanguage ( $_POST [ 'language' ]);
} else if ( $command == 'setUserReceiptPrinter' ) {
$this -> setUserReceiptPrinter ( $_POST [ 'printer' ]);
} else if ( $command == 'setBtnSize' ) {
$this -> setBtnSize ( $_POST [ 'btn' ], $_POST [ 'size' ]);
} else if ( $command == 'changeConfig' ) {
$this -> changeConfig ( $_POST [ 'changed' ]);
} else if ( $command == 'readlogo' ) {
$this -> readlogo ();
} else if ( $command == 'deletelogo' ) {
$this -> deletelogo ();
} else if ( $command == 'getGeneralConfigItems' ) {
$this -> getGeneralConfigItems ( true , null );
} else if ( $command == 'getWaiterSettings' ) {
$this -> getWaiterSettings ();
// from here on admin rights are needed
} else if ( $command == 'getPayPrintType' ) {
$this -> getPayPrintType ();
} else if ( $command == 'getPayments' ) {
$this -> getPayments ();
} else if ( $command == 'autobackup' ) {
$this -> backup ( 'auto' , $_POST [ 'remoteaccesscode' ]);
} else if ( $command == 'fill' ) {
$this -> fillSampleContent ();
echo json_encode ( array ( " status " => " OK " ));
} else if ( $command == 'fillSpeisekarte' ) {
$this -> fillSpeisekarte ( $_POST [ 'speisekarte' ]);
} else if ( $command == 'backup' ) {
$this -> backup ( $_GET [ 'type' ], null );
return ;
} else if ( $command == 'restore' ) {
$this -> restore ();
return ;
} else if ( $command == 'golive' ) {
$this -> golive ();
return ;
} else if ( $command == 'shutdown' ) {
$this -> shutdown ();
return ;
2020-11-19 23:00:46 +01:00
} else if ( $command == 'optimize' ) {
$this -> optimize ();
return ;
2020-11-19 22:59:47 +01:00
} else if ( $command == 'assignTaxes' ) {
$this -> assignTaxes ( $_POST [ 'food' ], $_POST [ 'drinks' ]);
return ;
} else if ( $command == 'exportConfigCsv' ) {
if ( $this -> isCurrentUserAdmin () || $this -> hasCurrentUserRight ( 'right_manager' )) {
$this -> exportConfigCsv ();
}
} else if ( $command == 'exportUserCsv' ) {
if ( $this -> isCurrentUserAdmin () || $this -> hasCurrentUserRight ( 'right_manager' )) {
$this -> exportUserCsv ();
}
2020-11-19 23:00:18 +01:00
} else if ( $command == 'exportLog' ) {
if ( $this -> isCurrentUserAdmin () || $this -> hasCurrentUserRight ( 'right_manager' )) {
$this -> exportLog ();
}
2020-11-19 22:59:47 +01:00
} else if ( $command == 'setOrderVolume' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> setOrderVolume ( $_POST [ 'volume' ]);
}
} else if ( $command == 'setPreferTableMap' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> setPreferTableMap ( $_POST [ 'prefertablemap' ]);
}
} else if ( $command == 'setKeepTypeLevel' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> setKeepTypeLevel ( $_POST [ 'keeptypelevel' ]);
}
2020-11-19 23:02:42 +01:00
} else if ( $command == 'setMobileTheme' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> setMobileTheme ( $_POST [ 'mobiletheme' ]);
}
2020-11-19 22:59:47 +01:00
} else if ( $command == 'setApplyExtrasBtnPos' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> setExtrasApplyBtnPos ( $_POST [ 'applyextrasbtnpos' ]);
}
} else if ( $command == 'getOrderVolume' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getOrderVolume ();
}
} else if ( $command == 'getButtonSizes' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getButtonSizes ();
}
} else if ( $command == 'getPreferTableMap' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getPreferTableMap ();
}
} else if ( $command == 'getKeepTypeLevel' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getKeepTypeLevel ();
}
2020-11-19 23:02:42 +01:00
} else if ( $command == 'getmobilecss' ) {
$this -> getmobilecss ();
} else if ( $command == 'getMobileTheme' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getMobileTheme ();
}
2020-11-19 22:59:47 +01:00
} else if ( $command == 'getApplyExtrasBtnPos' ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
$this -> getApplyExtrasBtnPos ();
}
} else if ( $command == 'isInstalled' ) {
$this -> isInstalled ();
2020-11-19 22:59:57 +01:00
} else if ( $command == 'isPrinterServerActive' ) {
2020-11-19 23:00:58 +01:00
$this -> isPrinterServerActive ();
} else if ( $command == 'getWaiterMessage' ) {
$this -> getWaiterMessage ();
2020-11-19 22:59:47 +01:00
}
else {
echo " Command not supported. " ;
}
2020-11-19 22:47:44 +01:00
}
/***
* Is the installation already done ? Or was the html / php code overwritten , i . e . a new or updated version to install ?
*/
private function isInstalled () {
2020-11-19 22:59:47 +01:00
if ( defined ( 'INSTALLSTATUS' )){
2020-11-19 22:47:44 +01:00
if ( INSTALLSTATUS == 'new' ) {
echo json_encode ( " No " );
} else {
echo json_encode ( " Yes " );
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
} else {
echo json_encode ( " No " );
}
}
2020-11-19 22:59:57 +01:00
private function isPrinterServerActive () {
2020-11-19 23:00:58 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
Hotelinterface :: hs3sync ( $pdo );
2020-11-19 22:59:57 +01:00
$TIMEOUT = 20 ;
$active = json_encode ( array ( " status " => " OK " , " msg " => 1 ));
$notActive = json_encode ( array ( " status " => " OK " , " msg " => 0 ));
// check printmode
2020-11-19 23:00:58 +01:00
2020-11-19 23:00:35 +01:00
$printMode = CommonUtils :: getConfigValue ( $pdo , 'payprinttype' , " s " );
2020-11-19 22:59:57 +01:00
if ( $printMode != " s " ) {
echo $active ;
return ;
}
$sql = " SELECT count(id) as countid FROM %work% WHERE item=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( 'lastprtserveraccess' ));
$row = $stmt -> fetchObject ();
if ( $row -> countid == 0 ) {
echo $notActive ;
} else {
$sql = " SELECT value FROM %work% WHERE item=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( 'lastprtserveraccess' ));
$row = $stmt -> fetchObject ();
$lastaccess = $row -> value ;
date_default_timezone_set ( DbUtils :: getTimeZone ());
$date = new DateTime ();
$currentTimeStamp = $date -> getTimestamp ();
if (( $currentTimeStamp - $lastaccess ) > $TIMEOUT ) {
echo $notActive ;
} else {
echo $active ;
}
}
}
2020-11-19 22:47:44 +01:00
function isUserAlreadyLoggedInForPhp () {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
}
2020-11-19 22:47:44 +01:00
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
return false ;
} else {
return true ;
}
}
function isUserAlreadyLoggedIn () {
if ( session_id () == '' ) {
session_start ();
}
2020-11-19 22:59:47 +01:00
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
2020-11-19 22:47:44 +01:00
echo json_encode ( " NO " );
} else {
echo json_encode ( " YES " );
}
}
function logout () {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
2020-11-19 22:47:44 +01:00
session_start ();
2020-11-19 22:59:47 +01:00
session_destroy ();
2020-11-19 22:47:44 +01:00
}
echo json_encode ( " OK " );
}
static function isOnlyRatingUser ( $rightArr , $right_rating , $comparisonVal ) {
foreach ( $rightArr as $aRight ) {
if ( $aRight == $comparisonVal ) {
return false ;
}
}
if ( $right_rating == $comparisonVal ) {
return true ;
} else {
return false ;
}
}
2020-11-19 23:00:09 +01:00
function tryAuthenticate ( $userid , $password , $modus , $day , $month , $year , $hour , $minute , $unixtime ) {
2020-11-19 22:47:44 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:59:47 +01:00
$authenticated = false ;
2020-11-19 23:02:49 +01:00
$isLoginAllowed = self :: checkIsLoginAllowed ( $pdo , $userid );
if ( ! $isLoginAllowed ) {
Logger :: logcmd ( " admin " , " authentication " , " Login with id $userid failed " );
echo json_encode ( array ( " status " => " WAIT " ));
return ;
}
2020-11-19 22:47:44 +01:00
$sql = " SELECT * FROM %user% WHERE id=? AND active='1' " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $userid ));
2020-11-19 22:59:47 +01:00
$result = $stmt -> fetchAll ();
$numberOfEntries = count ( $result );
2020-11-19 22:47:44 +01:00
if ( $numberOfEntries == 1 ) {
2020-11-19 22:59:47 +01:00
$zeile = $result [ 0 ];
$pass_hash = $zeile [ 'userpassword' ];
2020-11-19 22:54:12 +01:00
if ( $zeile [ 'is_admin' ] == 0 ) {
// authentication-check
}
2020-11-19 22:59:47 +01:00
// password_verify requires PHP > 5.5, so let's use MD5 instead
// (it is no banking software...)
if ( md5 ( $password ) == $pass_hash ) {
$authenticated = true ;
}
}
2020-11-19 22:47:44 +01:00
if ( $authenticated ) {
date_default_timezone_set ( DbUtils :: getTimeZone ());
$now = getdate ();
$serverDay = $now [ " mday " ];
$serverMonth = $now [ " mon " ];
$serverYear = $now [ " year " ];
$serverHour = $now [ " hours " ];
$serverMinute = $now [ " minutes " ];
$serverTime = $now [ " 0 " ];
$timeDiff = 0 ;
if ( abs ( $serverTime - $unixtime ) > ( 60 * 60 * 2 )) {
$timeDiff = 1 ;
}
ini_set ( 'session.gc_maxlifetime' , 65535 );
session_set_cookie_params ( 65535 );
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
2020-11-19 22:47:44 +01:00
}
$username = $zeile [ " username " ];
2020-11-19 22:59:47 +01:00
$_SESSION [ 'angemeldet' ] = true ;
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$_SESSION [ 'userid' ] = $zeile [ 'id' ];
2020-11-19 22:47:44 +01:00
$_SESSION [ 'currentuser' ] = $username ;
2020-11-19 23:00:09 +01:00
$_SESSION [ 'modus' ] = $modus ;
2020-11-19 22:47:44 +01:00
$workflow = $this -> getConfigItemsAsString ( $pdo , " workflowconfig " );
$rights = array ( $zeile [ 'is_admin' ], $zeile [ 'right_waiter' ], $zeile [ 'right_kitchen' ],
$zeile [ 'right_bar' ], $zeile [ 'right_supply' ], $zeile [ 'right_paydesk' ],
$zeile [ 'right_statistics' ], $zeile [ 'right_bill' ], $zeile [ 'right_products' ],
2020-11-19 23:02:08 +01:00
$zeile [ 'right_reservation' ], $zeile [ 'right_changeprice' ], $zeile [ 'right_customers' ], $zeile [ 'right_manager' ],
2020-11-19 22:59:47 +01:00
$zeile [ 'right_closing' ]);
2020-11-19 22:47:44 +01:00
$right_rating = $zeile [ 'right_rating' ];
if ( self :: isOnlyRatingUser ( $rights , $right_rating , 1 )) {
$_SESSION [ 'right_rating' ] = true ;
$_SESSION [ 'is_admin' ] = false ;
$_SESSION [ 'right_waiter' ] = false ;
$_SESSION [ 'right_kitchen' ] = false ;
$_SESSION [ 'right_bar' ] = false ;
$_SESSION [ 'right_supply' ] = false ;
$_SESSION [ 'right_paydesk' ] = false ;
$_SESSION [ 'right_statistics' ] = false ;
$_SESSION [ 'right_bill' ] = false ;
$_SESSION [ 'right_products' ] = false ;
$_SESSION [ 'right_reservation' ] = false ;
$_SESSION [ 'right_changeprice' ] = false ;
2020-11-19 23:02:08 +01:00
$_SESSION [ 'right_customers' ] = false ;
2020-11-19 22:47:44 +01:00
$_SESSION [ 'right_manager' ] = false ;
2020-11-19 22:59:47 +01:00
$_SESSION [ 'right_closing' ] = false ;
2020-11-19 22:48:24 +01:00
$_SESSION [ 'keeptypelevel' ] = false ;
2020-11-19 22:59:47 +01:00
} else {
$_SESSION [ 'is_admin' ] = ( $zeile [ 'is_admin' ] == 1 ? true : false );
2020-11-19 22:47:44 +01:00
$_SESSION [ 'right_waiter' ] = ( $zeile [ 'right_waiter' ] == 1 ? true : false );
2020-11-19 22:55:30 +01:00
if (( $workflow == 2 ) || ( $workflow == 3 )) {
2020-11-19 22:59:47 +01:00
$_SESSION [ 'right_kitchen' ] = false ;
$_SESSION [ 'right_bar' ] = false ;
2020-11-19 22:47:44 +01:00
$_SESSION [ 'right_supply' ] = false ;
} else {
$_SESSION [ 'right_kitchen' ] = ( $zeile [ 'right_kitchen' ] == 1 ? true : false );
$_SESSION [ 'right_bar' ] = ( $zeile [ 'right_bar' ] == 1 ? true : false );
$_SESSION [ 'right_supply' ] = ( $zeile [ 'right_supply' ] == 1 ? true : false );
2020-11-19 22:59:47 +01:00
}
$_SESSION [ 'right_paydesk' ] = ( $zeile [ 'right_paydesk' ] == 1 ? true : false );
$_SESSION [ 'right_statistics' ] = ( $zeile [ 'right_statistics' ] == 1 ? true : false );
$_SESSION [ 'right_bill' ] = ( $zeile [ 'right_bill' ] == 1 ? true : false );
2020-11-19 22:47:44 +01:00
$_SESSION [ 'right_products' ] = ( $zeile [ 'right_products' ] == 1 ? true : false );
$_SESSION [ 'right_reservation' ] = ( $zeile [ 'right_reservation' ] == 1 ? true : false );
$_SESSION [ 'right_rating' ] = ( $zeile [ 'right_rating' ] == 1 ? true : false );
2020-11-19 22:59:47 +01:00
$_SESSION [ 'right_changeprice' ] = ( $zeile [ 'right_changeprice' ] == 1 ? true : false );
2020-11-19 23:02:08 +01:00
$_SESSION [ 'right_customers' ] = ( $zeile [ 'right_customers' ] == 1 ? true : false );
2020-11-19 22:47:44 +01:00
$_SESSION [ 'right_manager' ] = ( $zeile [ 'right_manager' ] == 1 ? true : false );
2020-11-19 22:59:47 +01:00
$_SESSION [ 'right_closing' ] = ( $zeile [ 'right_closing' ] == 1 ? true : false );
2020-11-19 22:48:24 +01:00
$_SESSION [ 'keeptypelevel' ] = ( $zeile [ 'keeptypelevel' ] == 1 ? true : false );
2020-11-19 22:47:44 +01:00
}
$this -> userrights -> setSession ( $_SESSION [ 'is_admin' ], $_SESSION [ 'right_waiter' ], $_SESSION [ 'right_kitchen' ],
$_SESSION [ 'right_bar' ], $_SESSION [ 'right_supply' ], $_SESSION [ 'right_paydesk' ], $_SESSION [ 'right_statistics' ],
2020-11-19 22:59:47 +01:00
$_SESSION [ 'right_bill' ], $_SESSION [ 'right_products' ], $_SESSION [ 'right_reservation' ], $_SESSION [ 'right_rating' ],
2020-11-19 23:02:08 +01:00
$_SESSION [ 'right_changeprice' ], $_SESSION [ 'right_customers' ], $_SESSION [ 'right_manager' ], $_SESSION [ 'right_closing' ]);
2020-11-19 22:47:44 +01:00
$assoc = array ( " 0 " => " roombtnsize " , " 1 " => " tablebtnsize " , " 2 " => " prodbtnsize " );
$_SESSION [ " roombtnsize " ] = $zeile [ 'roombtnsize' ];
$_SESSION [ " tablebtnsize " ] = $zeile [ 'tablebtnsize' ];
$_SESSION [ " prodbtnsize " ] = $zeile [ 'prodbtnsize' ];
$language = $zeile [ 'language' ];
if ( is_null ( $language )) {
$language = 0 ;
}
$_SESSION [ 'language' ] = intval ( $language );
$receiptprinter = $zeile [ 'receiptprinter' ];
if ( is_null ( $receiptprinter )) {
$receiptprinter = 1 ;
}
$_SESSION [ 'receiptprinter' ] = intval ( $receiptprinter );
$preferTm = $zeile [ 'prefertablemap' ];
if ( is_null ( $preferTm )) {
$preferTm = 1 ;
}
$_SESSION [ 'prefertm' ] = intval ( $preferTm );
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$_SESSION [ 'timezone' ] = $this -> getTimeZone ( $pdo );
}
if ( $authenticated ) {
Logger :: logcmd ( " admin " , " authentication " , " Login $username successful " );
2020-11-19 23:02:49 +01:00
self :: clearFailedLogins ( $pdo , $userid );
2020-11-19 22:47:44 +01:00
$loginMessage = $this -> getMessage ( null , 'loginmessage' );
echo json_encode ( array ( " status " => " YES " , " loginmessage " => $loginMessage , " timediff " => $timeDiff , " isadmin " => $zeile [ 'is_admin' ], " lang " => $_SESSION [ " language " ]));
} else {
Logger :: logcmd ( " admin " , " authentication " , " Login with id $userid failed " );
2020-11-19 23:02:49 +01:00
self :: increaseFailedLogins ( $pdo , $userid );
2020-11-19 22:47:44 +01:00
echo json_encode ( array ( " status " => " NO " ));
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:49 +01:00
private static function checkIsLoginAllowed ( $pdo , $userid ) {
date_default_timezone_set ( DbUtils :: getTimeZone ());
$now = getdate ();
$serverTime = $now [ " 0 " ];
$sql = " SELECT failedlogins FROM %user% WHERE id=? " ;
$row = CommonUtils :: getRowSqlObject ( $pdo , $sql , array ( $userid ));
if ( is_null ( $row ) || is_null ( $row -> failedlogins )) {
return true ;
} else {
$lastFailure = explode ( " _ " , $row -> failedlogins )[ 0 ];
$attempt = intval ( explode ( " _ " , $row -> failedlogins )[ 1 ]);
if ( $attempt >= 5 ) {
if ( abs ( $serverTime - $lastFailure ) > ( 60 * 3 )) {
self :: clearFailedLogins ( $pdo , $userid );
return true ;
} else {
return false ;
}
} else {
return true ;
}
}
}
private static function increaseFailedLogins ( $pdo , $userid ) {
date_default_timezone_set ( DbUtils :: getTimeZone ());
$now = getdate ();
$serverTime = $now [ " 0 " ];
$lastFailure = ( string ) $serverTime . " _ " ;
$sql = " SELECT failedlogins FROM %user% WHERE id=? " ;
$row = CommonUtils :: getRowSqlObject ( $pdo , $sql , array ( $userid ));
if ( is_null ( $row ) || is_null ( $row -> failedlogins )) {
$lastFailure .= " 1 " ;
} else {
$attempt = intval ( explode ( " _ " , $row -> failedlogins )[ 1 ]);
$lastFailure .= ( $attempt + 1 );
}
$sql = " UPDATE %user% SET failedlogins=? WHERE id=? " ;
CommonUtils :: execSql ( $pdo , $sql , array ( $lastFailure , $userid ));
}
private static function clearFailedLogins ( $pdo , $userid ) {
$sql = " UPDATE %user% SET failedlogins=? WHERE id=? " ;
CommonUtils :: execSql ( $pdo , $sql , array ( null , $userid ));
}
2020-11-19 22:47:44 +01:00
private function getMessage ( $pdo , $messageType ) {
if ( is_null ( $pdo )) {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
}
$sql = " SELECT value FROM %work% WHERE item=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $messageType ));
$row = $stmt -> fetchObject ();
$msg = " " ;
if ( $stmt -> rowCount () > 0 ) {
$msg = $row -> value ;
}
return $msg ;
}
function getButtonSizes () {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
echo json_encode ( self :: getButtonSizesCore ( $pdo ));
}
private static function getButtonSizesCore ( $pdo ) {
$userid = $_SESSION [ 'userid' ];
$sql = " SELECT roombtnsize,tablebtnsize,prodbtnsize FROM %user% WHERE id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $userid ));
$row = $stmt -> fetchObject ();
$roombtnsize = $row -> roombtnsize ;
if ( is_null ( $roombtnsize )) {
$roombtnsize = 0 ;
}
$tablebtnsize = $row -> tablebtnsize ;
if ( is_null ( $tablebtnsize )) {
$tablebtnsize = 0 ;
}
$prodbtnsize = $row -> prodbtnsize ;
if ( is_null ( $prodbtnsize )) {
$prodbtnsize = 0 ;
}
return ( array ( " roombtnsize " => $roombtnsize , " tablebtnsize " => $tablebtnsize , " prodbtnsize " => $prodbtnsize ));
}
private static function getUserValue ( $item , $defaultvalue ) {
$userid = $_SESSION [ 'userid' ];
$sql = " SELECT $item AS result FROM %user% WHERE id=? " ;
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$stmt = $pdo -> prepare ( Dbutils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $userid ));
if ( $stmt -> rowCount () == 0 ) {
return $defaultvalue ;
}
$row = $stmt -> fetchObject ();
$aVal = 0 ;
if ( $row != null ) {
$aVal = $row -> result ;
if ( $aVal == null ) {
$aVal = $defaultvalue ;
}
}
echo json_encode ( $aVal );
}
function getPreferTableMap () {
self :: getUserValue ( 'prefertablemap' , 1 );
}
2020-11-19 22:48:24 +01:00
function getKeepTypeLevel () {
self :: getUserValue ( 'keeptypelevel' , 1 );
}
2020-11-19 23:02:42 +01:00
function getmobilecss () {
$cssFile = " orderstyle.min.css " ;
if ( isset ( $_SESSION [ 'userid' ])) {
$userid = $_SESSION [ 'userid' ];
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " SELECT mobiletheme FROM %user% WHERE id=? " ;
$mobileTheme = CommonUtils :: getRowSqlObject ( $pdo , $sql , array ( $userid ));
$cssFile = " orderstyle.min.css " ;
if ( $mobileTheme -> mobiletheme == 1 ) {
$cssFile = " orderstyle-pale.min.css " ;
}
}
$file = " 3rdparty/orderstyle/ $cssFile " ;
header ( 'Content-type: text/css' );
readfile ( $file );
}
function getMobileTheme () {
self :: getUserValue ( 'mobiletheme' , 0 );
}
2020-11-19 22:53:50 +01:00
function getApplyExtrasBtnPos () {
self :: getUserValue ( 'extrasapplybtnpos' , 1 );
}
2020-11-19 22:47:44 +01:00
function getOrderVolume () {
self :: getUserValue ( 'ordervolume' , 0 );
}
private static function setUserValue ( $item , $theValue ) {
$userid = $_SESSION [ 'userid' ];
$sql = " UPDATE %user% SET $item =? WHERE id=? " ;
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$pdo -> beginTransaction ();
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theValue , $userid ));
$pdo -> commit ();
echo json_encode ( array ( " status " => " OK " ));
}
function setOrderVolume ( $volume ) {
2020-11-19 22:48:24 +01:00
self :: setUserValue ( 'ordervolume' , $volume );
2020-11-19 22:47:44 +01:00
}
function setPreferTableMap ( $preferValue ) {
self :: setUserValue ( 'prefertablemap' , $preferValue );
}
2020-11-19 22:48:24 +01:00
function setKeepTypeLevel ( $preferValue ) {
self :: setUserValue ( 'keeptypelevel' , $preferValue );
}
2020-11-19 23:02:42 +01:00
function setMobileTheme ( $preferValue ) {
self :: setUserValue ( 'mobiletheme' , $preferValue );
}
2020-11-19 22:53:50 +01:00
function setExtrasApplyBtnPos ( $preferValue ) {
self :: setUserValue ( 'extrasapplybtnpos' , $preferValue );
}
2020-11-19 22:47:44 +01:00
function setLastModuleOfUser ( $view ) {
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
if ( $view != " logout.php " ) {
$userid = $_SESSION [ 'userid' ];
2020-11-19 22:52:55 +01:00
$questPos = strpos ( $view , '?' );
if ( $questPos != false ) {
$view = substr ( $view , 0 , $questPos );
}
2020-11-19 22:47:44 +01:00
$sql = " UPDATE %user% SET lastmodule=? WHERE id=? AND active='1' " ;
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
2020-11-19 22:59:47 +01:00
$stmt = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
2020-11-19 22:47:44 +01:00
$stmt -> execute ( array ( $view , $userid ));
}
echo json_encode ( array ( " status " => " OK " ));
2020-11-19 22:55:20 +01:00
} else {
echo json_encode ( array ( " status " => " Error " , " msg " => " Benutzer nicht eingeloggt " ));
2020-11-19 22:47:44 +01:00
}
}
public function getConfigItemsAsString ( $pdo , $key ) {
$sql = " SELECT setting FROM %config% WHERE name=? " ;
if ( is_null ( $pdo )) {
return " " ;
}
$stmt = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
$stmt -> execute ( array ( $key ));
$row = $stmt -> fetchObject ();
if ( $stmt -> rowCount () == 0 ) {
return " " ;
}
$theValue = $row -> setting ;
if ( is_null ( $theValue )) {
return " " ;
} else {
return $theValue ;
}
}
public static function overruleTimeZone ( $timezone ) {
self :: $timezone = $timezone ;
DbUtils :: overruleTimeZone ( $timezone );
}
public function getTimeZone ( $pdo ) {
if ( is_null ( self :: $timezone )) {
$timezone = $this -> getConfigItemsAsString ( $pdo , " timezone " );
if ( $timezone == " " ) {
$timezone = " Europe/Berlin " ;
}
return $timezone ;
} else {
return self :: $timezone ;
}
}
public function getEnv ( $pdo ) {
$installdate = $this -> getConfigItemsAsString ( $pdo , " installdate " );
$lastupdate = $this -> getConfigItemsAsString ( $pdo , " lastupdate " );
$version = $this -> getConfigItemsAsString ( $pdo , " version " );
return ( array ( " version " => $version , " installdate " => $installdate , " lastupdate " => $lastupdate ));
}
private function getWaiterSettings () {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$userLoggedIn = $this -> isUserAlreadyLoggedInForPhp ();
if ( ! $userLoggedIn ) {
$retVal = array ( " isUserLoggedIn " => 0 );
echo json_encode ( $retVal );
return ;
}
2020-11-19 23:02:42 +01:00
$configItems = join ( " , " , array ( " 'decpoint' " , " 'version' " , " 'cancelunpaidcode' " , " 'tax' " , " 'togotax' " , " 'taxaustrianormal' " , " 'taxaustriaerm1' " , " 'taxaustriaerm2' " , " 'taxaustriaspecial' " , " 'currency' " , " 'workflowconfig' " , " 'prominentsearch' " , " 'discount1' " , " 'discount2' " , " 'discount3' " , " 'discountname1' " , " 'discountname2' " , " 'discountname3' " , " 'waitergopayprint' " , " 'cashenabled' " , " 'returntoorder' " , " 'restaurantmode' " ));
2020-11-19 22:47:44 +01:00
$sql = " select name,setting FROM %config% WHERE name in ( $configItems ) " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$configitems = $stmt -> fetchAll ();
$configresult = array ();
foreach ( $configitems as $item ) {
$configresult [ $item [ " name " ]] = $item [ " setting " ];
}
$userlang = 0 ;
$right_changeprice = 0 ;
$supplyRight = 0 ;
if ( $userLoggedIn ) {
2020-11-19 23:00:09 +01:00
$sql = " SELECT language,right_supply,right_changeprice,keeptypelevel,extrasapplybtnpos,right_paydesk FROM %user% WHERE id=? " ;
2020-11-19 22:48:24 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $_SESSION [ 'userid' ]));
$row = $stmt -> fetchObject ();
2020-11-19 22:47:44 +01:00
}
$buttonSizes = self :: getButtonSizesCore ( $pdo );
$jsonMenuItems = $this -> getJsonMenuItemsAndVersionCore ();
$retVal = array ( " config " => $configresult ,
2020-11-19 22:48:24 +01:00
" rightchangeprice " => $row -> right_changeprice ,
2020-11-19 23:00:09 +01:00
" rightpaydesk " => $row -> right_paydesk ,
2020-11-19 22:48:24 +01:00
" supplyright " => $row -> right_supply ,
" userlanguage " => $row -> language ,
2020-11-19 22:47:44 +01:00
" buttonsizes " => $buttonSizes ,
2020-11-19 22:48:24 +01:00
" keeptypelevel " => $row -> keeptypelevel ,
2020-11-19 22:53:50 +01:00
" extrasapplybtnpos " => $row -> extrasapplybtnpos ,
2020-11-19 22:47:44 +01:00
" isUserLoggedIn " => 1 ,
" jsonMenuItemsAndVersion " => $jsonMenuItems
);
echo json_encode ( $retVal );
}
public function getGeneralConfigItems ( $forHtml , $pdo ) {
$userLoggedIn = $this -> isUserAlreadyLoggedInForPhp ();
if ( $userLoggedIn || ( ! $forHtml )) {
2020-11-19 22:59:47 +01:00
if ( is_null ( $pdo )) {
2020-11-19 22:47:44 +01:00
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
2020-11-19 23:00:35 +01:00
$companyInfo = CommonUtils :: getConfigValue ( $pdo , " companyinfo " , null );
$rectemplate = CommonUtils :: getConfigValue ( $pdo , " rectemplate " , null );
$foodtemplate = CommonUtils :: getConfigValue ( $pdo , " foodtemplate " , null );
$drinktemplate = CommonUtils :: getConfigValue ( $pdo , " drinktemplate " , null );
$decpoint = CommonUtils :: getConfigValue ( $pdo , " decpoint " , null );
$version = CommonUtils :: getConfigValue ( $pdo , " version " , null );
$payprinttype = CommonUtils :: getConfigValue ( $pdo , " payprinttype " , null );
$cancelunpaidcode = CommonUtils :: getConfigValue ( $pdo , " cancelunpaidcode " , null );
2020-11-19 23:02:12 +01:00
$cancelguestcode = CommonUtils :: getConfigValue ( $pdo , " cancelguestcode " , null );
2020-11-19 23:00:35 +01:00
$tax = CommonUtils :: getConfigValue ( $pdo , " tax " , null );
$togotax = CommonUtils :: getConfigValue ( $pdo , " togotax " , null );
$taxaustrianormal = CommonUtils :: getConfigValue ( $pdo , " taxaustrianormal " , null );
$taxaustriaerm1 = CommonUtils :: getConfigValue ( $pdo , " taxaustriaerm1 " , null );
$taxaustriaerm2 = CommonUtils :: getConfigValue ( $pdo , " taxaustriaerm2 " , null );
$taxaustriaspecial = CommonUtils :: getConfigValue ( $pdo , " taxaustriaspecial " , null );
$serverurl = CommonUtils :: getConfigValue ( $pdo , " serverurl " , null );
$email = CommonUtils :: getConfigValue ( $pdo , " email " , null );
$bigfontworkreceipt = CommonUtils :: getConfigValue ( $pdo , " bigfontworkreceipt " , null );
$prominentsearch = CommonUtils :: getConfigValue ( $pdo , " prominentsearch " , null );
$discount1 = CommonUtils :: getConfigValue ( $pdo , " discount1 " , null );
$discount2 = CommonUtils :: getConfigValue ( $pdo , " discount2 " , null );
$discount3 = CommonUtils :: getConfigValue ( $pdo , " discount3 " , null );
$austria = CommonUtils :: getConfigValue ( $pdo , " austria " , null );
$digigopaysetready = CommonUtils :: getConfigValue ( $pdo , " digigopaysetready " , 1 );
$waitergopayprint = CommonUtils :: getConfigValue ( $pdo , " waitergopayprint " , 0 );
$oneprodworkreceipts = CommonUtils :: getConfigValue ( $pdo , " oneprodworkreceipts " , 0 );
$digiprintwork = CommonUtils :: getConfigValue ( $pdo , " digiprintwork " , 1 );
$groupworkitems = CommonUtils :: getConfigValue ( $pdo , " groupworkitems " , 1 );
$receiveremail = CommonUtils :: getConfigValue ( $pdo , " receiveremail " , " " );
$emailbadrating = CommonUtils :: getConfigValue ( $pdo , " emailbadrating " , " " );
$emailratingcontact = CommonUtils :: getConfigValue ( $pdo , " emailratingcontact " , " " );
$billlanguage = CommonUtils :: getConfigValue ( $pdo , " billlanguage " , null );
2020-11-19 23:00:58 +01:00
$hotelinterface = CommonUtils :: getConfigValue ( $pdo , " hotelinterface " , 0 );
$hsinfile = CommonUtils :: getConfigValue ( $pdo , " hsinfile " , null );
$hsoutfile = CommonUtils :: getConfigValue ( $pdo , " hsoutfile " , null );
$hscurrency = CommonUtils :: getConfigValue ( $pdo , " hscurrency " , null );
2020-11-19 23:00:35 +01:00
$currency = CommonUtils :: getConfigValue ( $pdo , " currency " , null );
$receiptfontsize = CommonUtils :: getConfigValue ( $pdo , " receiptfontsize " , null );
$reservationnote = CommonUtils :: getConfigValue ( $pdo , " reservationnote " , null );
$paymentconfig = CommonUtils :: getConfigValue ( $pdo , " paymentconfig " , 0 );
$workflowconfig = CommonUtils :: getConfigValue ( $pdo , " workflowconfig " , 0 );
$addreceipttoprinter = CommonUtils :: getConfigValue ( $pdo , " addreceipttoprinter " , " " );
2020-11-19 23:00:55 +01:00
$printandqueuejobs = CommonUtils :: getConfigValue ( $pdo , " printandqueuejobs " , 0 );
$cashenabled = CommonUtils :: getConfigValue ( $pdo , " cashenabled " , 1 );
2020-11-19 23:02:16 +01:00
$returntoorder = CommonUtils :: getConfigValue ( $pdo , " returntoorder " , 1 );
2020-11-19 23:00:55 +01:00
$beepcooked = CommonUtils :: getConfigValue ( $pdo , " beepcooked " , 0 );
2020-11-19 23:02:57 +01:00
$closshowci = CommonUtils :: getConfigValue ( $pdo , " closshowci " , 1 );
$closshowpaytaxes = CommonUtils :: getConfigValue ( $pdo , " closshowpaytaxes " , 1 );
$closshowprods = CommonUtils :: getConfigValue ( $pdo , " closshowprods " , 1 );
$showpayment2 = CommonUtils :: getConfigValue ( $pdo , " showpayment2 " , 1 );
$showpayment3 = CommonUtils :: getConfigValue ( $pdo , " showpayment3 " , 1 );
$showpayment4 = CommonUtils :: getConfigValue ( $pdo , " showpayment4 " , 1 );
$showpayment5 = CommonUtils :: getConfigValue ( $pdo , " showpayment5 " , 1 );
$showpayment6 = CommonUtils :: getConfigValue ( $pdo , " showpayment6 " , 1 );
$showpayment7 = CommonUtils :: getConfigValue ( $pdo , " showpayment7 " , 1 );
$showpayment8 = CommonUtils :: getConfigValue ( $pdo , " showpayment8 " , 1 );
2020-11-19 23:02:08 +01:00
$restaurantmode = CommonUtils :: getConfigValue ( $pdo , " restaurantmode " , 1 );
2020-11-19 22:47:44 +01:00
$smtphost = " " ;
$smtpauth = 1 ;
$smtpuser = " " ;
$smtppass = " " ;
$smtpsecure = 1 ;
$smtpport = " " ;
2020-11-19 23:00:46 +01:00
if ( ( isset ( $_SESSION [ 'is_admin' ]) && ( $_SESSION [ 'is_admin' ] == 1 )) || ( isset ( $_SESSION [ 'right_manager' ]) && ( $_SESSION [ 'right_manager' ] == 1 ))) {
2020-11-19 23:00:35 +01:00
$smtphost = CommonUtils :: getConfigValue ( $pdo , " smtphost " , " " );
$smtpauth = CommonUtils :: getConfigValue ( $pdo , " smtpauth " , 1 );
$smtpuser = CommonUtils :: getConfigValue ( $pdo , " smtpuser " , " " );
$smtppass = CommonUtils :: getConfigValue ( $pdo , " smtppass " , " " );
$smtpsecure = CommonUtils :: getConfigValue ( $pdo , " smtpsecure " , 1 );
$smtpport = CommonUtils :: getConfigValue ( $pdo , " smtpport " , " " );
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:42 +01:00
$discountname1 = trim ( CommonUtils :: getConfigValue ( $pdo , " discountname1 " , '' ));
$discountname2 = trim ( CommonUtils :: getConfigValue ( $pdo , " discountname2 " , '' ));
$discountname3 = trim ( CommonUtils :: getConfigValue ( $pdo , " discountname3 " , '' ));
2020-11-19 23:00:58 +01:00
$memorylimit = CommonUtils :: getConfigValue ( $pdo , " memorylimit " , 256 );
2020-11-19 23:02:33 +01:00
$updateurl = CommonUtils :: getConfigValue ( $pdo , " updateurl " , " " );
2020-11-19 23:01:04 +01:00
$hs3refresh = CommonUtils :: getConfigValue ( $pdo , " hs3refresh " , 60 );
2020-11-19 23:00:58 +01:00
2020-11-19 23:00:35 +01:00
$paydeskid = CommonUtils :: getConfigValue ( $pdo , " paydeskid " , " " );
$aeskey = CommonUtils :: getConfigValue ( $pdo , " aeskey " , " " );
$certificatesn = CommonUtils :: getConfigValue ( $pdo , " certificatesn " , " " );
2020-11-19 23:02:19 +01:00
$rksvserver = CommonUtils :: getConfigValue ( $pdo , " rksvserver " , " " );
2020-11-19 23:00:35 +01:00
$webimpressum = CommonUtils :: getConfigValue ( $pdo , " webimpressum " , " " );
2020-11-19 22:47:44 +01:00
$userlang = 0 ; // of no interest, if not called from web
$receiptprinter = 1 ; // of no interest, if not called from web
$right_changeprice = 0 ;
if ( $userLoggedIn ) {
$userlang = $_SESSION [ " language " ];
$receiptprinter = $_SESSION [ 'receiptprinter' ];
$right_changeprice = ( $_SESSION [ 'right_changeprice' ] ? 1 : 0 );
}
date_default_timezone_set ( DbUtils :: getTimeZone ());
$now = getdate ();
2020-11-19 22:59:47 +01:00
2020-11-19 22:59:54 +01:00
$retVal = array ( " companyinfo " => $companyInfo , " rectemplate " => $rectemplate , " foodtemplate " => $foodtemplate , " drinktemplate " => $drinktemplate ,
" version " => $version , " decpoint " => $decpoint ,
2020-11-19 22:59:47 +01:00
" serverurl " => $serverurl , " email " => $email , " receiveremail " => $receiveremail , " billlanguage " => $billlanguage ,
2020-11-19 23:00:58 +01:00
" hotelinterface " => $hotelinterface , " hsinfile " => $hsinfile , " hsoutfile " => $hsoutfile , " hscurrency " => $hscurrency ,
2020-11-19 22:47:44 +01:00
" payprinttype " => $payprinttype , " tax " => $tax , " togotax " => $togotax , " currency " => $currency ,
2020-11-19 23:00:31 +01:00
" taxaustrianormal " => $taxaustrianormal , " taxaustriaerm1 " => $taxaustriaerm1 , " taxaustriaerm2 " => $taxaustriaerm2 , " taxaustriaspecial " => $taxaustriaspecial ,
2020-11-19 22:47:44 +01:00
" userlanguage " => $userlang , " receiptprinter " => $receiptprinter ,
" receiptfontsize " => $receiptfontsize , " reservationnote " => $reservationnote , " paymentconfig " => $paymentconfig ,
" workflowconfig " => $workflowconfig , " emailratingcontact " => $emailratingcontact , " emailbadrating " => $emailbadrating ,
2020-11-19 22:53:50 +01:00
" rightchangeprice " => $right_changeprice , " bigfontworkreceipt " => $bigfontworkreceipt , " prominentsearch " => $prominentsearch , " groupworkitems " => $groupworkitems ,
2020-11-19 22:47:44 +01:00
" sday " => $now [ " mday " ], " smonth " => $now [ " mon " ], " syear " => $now [ " year " ], " shour " => $now [ " hours " ], " smin " => $now [ " minutes " ],
" smtphost " => $smtphost , " smtpauth " => $smtpauth , " smtpuser " => $smtpuser , " smtppass " => $smtppass , " smtpsecure " => $smtpsecure , " smtpport " => $smtpport ,
2020-11-19 23:02:12 +01:00
" webimpressum " => $webimpressum , " cancelunpaidcode " => $cancelunpaidcode , " cancelguestcode " => $cancelguestcode , " discount1 " => $discount1 , " discount2 " => $discount2 , " discount3 " => $discount3 ,
2020-11-19 23:00:05 +01:00
" austria " => $austria , " digigopaysetready " => $digigopaysetready , " waitergopayprint " => $waitergopayprint , " oneprodworkreceipts " => $oneprodworkreceipts ,
2020-11-19 23:02:33 +01:00
" digiprintwork " => $digiprintwork , " memorylimit " => $memorylimit , " updateurl " => $updateurl , " hs3refresh " => $hs3refresh ,
2020-11-19 23:02:19 +01:00
" paydeskid " => $paydeskid , " aeskey " => $aeskey , " certificatesn " => $certificatesn , " rksvserver " => $rksvserver , " addreceipttoprinter " => $addreceipttoprinter ,
2020-11-19 23:02:42 +01:00
" printandqueuejobs " => $printandqueuejobs , " cashenabled " => $cashenabled , " returntoorder " => $returntoorder , " beepcooked " => $beepcooked , " restaurantmode " => $restaurantmode ,
2020-11-19 23:02:57 +01:00
" discountname1 " => $discountname1 , " discountname2 " => $discountname2 , " discountname3 " => $discountname3 ,
" closshowci " => $closshowci , " closshowpaytaxes " => $closshowpaytaxes , " closshowprods " => $closshowprods ,
" showpayment2 " => $showpayment2 ,
" showpayment3 " => $showpayment3 ,
" showpayment4 " => $showpayment4 ,
" showpayment5 " => $showpayment5 ,
" showpayment6 " => $showpayment6 ,
" showpayment7 " => $showpayment7 ,
" showpayment8 " => $showpayment8
2020-11-19 22:58:17 +01:00
);
2020-11-19 22:47:44 +01:00
2020-11-19 23:02:57 +01:00
2020-11-19 22:47:44 +01:00
if ( $forHtml ) {
echo json_encode ( array ( " status " => " OK " , " msg " => $retVal ));
} else {
return $retVal ;
}
} else {
if ( $forHtml ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_NOT_AUTHOTRIZED , " msg " => ERROR_NOT_AUTHOTRIZED_MSG ));
} else {
return null ;
}
}
}
function getViewAfterLogin () {
2020-11-19 22:59:47 +01:00
if ( $this -> isUserAlreadyLoggedInForPhp ()) {
2020-11-19 22:47:44 +01:00
$userid = $_SESSION [ 'userid' ];
2020-11-19 23:00:09 +01:00
$modus = $_SESSION [ 'modus' ];
2020-11-19 22:47:44 +01:00
$rights = array ( $_SESSION [ 'is_admin' ], $_SESSION [ 'right_waiter' ], $_SESSION [ 'right_kitchen' ],
$_SESSION [ 'right_bar' ], $_SESSION [ 'right_supply' ], $_SESSION [ 'right_paydesk' ],
$_SESSION [ 'right_statistics' ], $_SESSION [ 'right_bill' ], $_SESSION [ 'right_products' ],
2020-11-19 23:02:08 +01:00
$_SESSION [ 'right_reservation' ], $_SESSION [ 'right_changeprice' ], $_SESSION [ 'right_customers' ], $_SESSION [ 'right_manager' ], $_SESSION [ 'right_closing' ]);
2020-11-19 22:47:44 +01:00
$right_rating = $_SESSION [ 'right_rating' ];
if ( self :: isOnlyRatingUser ( $rights , $right_rating , true )) {
echo json_encode ( " rating.html " );
return ;
}
$sql = " SELECT lastmodule FROM %user% WHERE id=? AND active='1' " ;
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
$stmt = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
2020-11-19 22:59:47 +01:00
$stmt -> execute ( array ( $userid ));
$row = $stmt -> fetchObject ();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$view = " preferences.html " ;
2020-11-19 22:47:44 +01:00
if ( $row != null ) {
$newView = $row -> lastmodule ;
if ( $newView != null ) {
$view = $newView ;
2020-11-19 23:00:09 +01:00
if ( $modus == 1 ) {
if ( $view == " waiter.html " ) {
$view = " waiterdesktop.php " ;
} else if ( $view == " paydesk.html " ) {
$view = " waiterdesktop.php " ;
}
} else {
if ( $view == " waiterdesktop.php " ) {
$view = " waiter.html " ;
}
}
2020-11-19 22:47:44 +01:00
}
}
$mapping = array (
" waiter.html " => 'right_waiter' ,
" kitchen.html " => 'right_kitchen' ,
" bar.html " => 'right_bar' ,
" supplydesk.html " => 'right_supply' ,
" paydesk.html " => 'right_paydesk' ,
" reports.html " => 'right_statistics' ,
" bill.html " => 'right_bill' ,
" products.html " => 'right_products' ,
" reservation.html " => 'right_reservation' ,
2020-11-19 23:00:09 +01:00
" rating.html " => 'right_rating' ,
2020-11-19 23:02:08 +01:00
" customers.html " => 'right_customers' ,
2020-11-19 23:00:09 +01:00
" waiterdesktop.php " => 'right_waiter'
2020-11-19 22:47:44 +01:00
);
$valid = false ;
2020-11-19 22:52:55 +01:00
if (( $view == 'preferences.html' ) || ( $view == 'feedback.html' )) {
2020-11-19 22:47:44 +01:00
$valid = true ;
} else if ( $view == 'manager.html' ) {
2020-11-19 22:59:47 +01:00
if (( $_SESSION [ 'is_admin' ] == 1 ) || ( $_SESSION [ 'right_manager' ] == 1 ) || ( $_SESSION [ 'right_closing' ] == 1 )) {
2020-11-19 22:47:44 +01:00
$valid = true ;
}
} else {
if (( $view == " index.html " ) || ( $_SESSION [ $mapping [ $view ]] == 1 )) {
$valid = true ;
}
}
if ( $valid == false ) {
$view = " preferences.html " ;
}
2020-11-19 22:59:47 +01:00
2020-11-19 23:02:57 +01:00
echo json_encode ( $view . " ?v=1.3.10 " );
2020-11-19 22:47:44 +01:00
}
}
function isLoggedinUserAdmin () {
if ( $this -> isCurrentUserAdmin ()) {
echo json_encode ( YES );
} else {
echo json_encode ( NO );
}
}
2020-11-19 23:00:09 +01:00
// public static function startsWith($txt,$key) {
// $ret = (substr($txt, 0, strlen($key)) === $key);
// return (substr($txt, 0, strlen($key)) === $key);
// }
2020-11-19 22:59:47 +01:00
function isLoggedinUserAdminOrManagerOrTE () {
if ( $this -> hasCurrentUserRight ( 'is_admin' )) {
echo json_encode ( " admin " );
} else if ( $this -> hasCurrentUserRight ( 'right_manager' )) {
echo json_encode ( " manager " );
} else if ( $this -> hasCurrentUserRight ( 'right_closing' )) {
echo json_encode ( " closing " );
} else {
echo json_encode ( NO );
}
}
function isLoggedinUserKitchen () {
if ( $this -> hasCurrentUserRight ( 'right_kitchen' )) {
2020-11-19 22:47:44 +01:00
echo json_encode ( YES );
} else {
echo json_encode ( NO );
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
function isLoggedinUserBar () {
if ( $this -> hasCurrentUserRight ( 'right_bar' )) {
echo json_encode ( YES );
} else {
echo json_encode ( NO );
}
2020-11-19 22:47:44 +01:00
}
function hasUserPaydeskRight () {
2020-11-19 22:59:47 +01:00
if ( $this -> hasCurrentUserRight ( 'right_paydesk' )) {
echo json_encode ( YES );
} else {
echo json_encode ( NO );
2020-11-19 22:47:44 +01:00
}
}
2020-11-19 22:59:47 +01:00
function hasUserReservationRight () {
if ( $this -> hasCurrentUserRight ( 'right_reservation' )) {
echo json_encode ( YES );
} else {
echo json_encode ( NO );
}
2020-11-19 22:47:44 +01:00
}
function hasCurrentUserRight ( $whichRight ) {
if ( session_id () == '' ) {
session_start ();
2020-11-19 22:59:47 +01:00
}
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
return false ;
} else {
return ( $_SESSION [ $whichRight ]);
2020-11-19 22:47:44 +01:00
}
}
function isCurrentUserAdmin () {
2020-11-19 22:59:47 +01:00
return $this -> hasCurrentUserRight ( 'is_admin' );
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:54:51 +01:00
function fillSampleContentBySqlFile ( $pdo , $sqlFile ) {
2020-11-19 22:59:47 +01:00
$handle = fopen ( $sqlFile , " r " );
while ( ! feof ( $handle )) {
2020-11-19 22:54:51 +01:00
$sql = fgets ( $handle );
2020-11-19 22:59:47 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
}
2020-11-19 22:47:44 +01:00
fclose ( $handle );
}
private function assignTaxes ( $foodTax , $drinksTax ) {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$pdo -> beginTransaction ();
2020-11-19 23:00:31 +01:00
try {
$sql = " UPDATE %products%,%prodtype% SET %products%.taxaustria=? WHERE %products%.category=%prodtype%.id AND %prodtype%.kind=? AND %products%.removed is null AND %prodtype%.removed is null " ;
2020-11-19 22:47:44 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $foodTax , 0 ));
$stmt -> execute ( array ( $drinksTax , 1 ));
2020-11-19 22:59:47 +01:00
HistFiller :: readAllProdsAndFillHistByDb ( $pdo );
2020-11-19 22:47:44 +01:00
$pdo -> commit ();
echo json_encode ( array ( " status " => " OK " ));
} catch ( Exception $e ) {
$pdo -> rollBack ();
echo json_encode ( array ( " status " => " ERROR " , " code " => NUMBERFORMAT_ERROR , " msg " => NUMBERFORMAT_ERROR_MSG ));
}
}
private function fillSpeisekarte ( $speisekarte ) {
2020-11-19 22:59:47 +01:00
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
2020-11-19 22:47:44 +01:00
$pdo -> beginTransaction ();
$ret = $this -> fillSpeisekarteCore ( $pdo , $speisekarte );
if ( $ret [ " status " ] != " OK " ) {
$pdo -> rollBack ();
} else {
$pdo -> commit ();
}
echo json_encode ( $ret );
}
public function fillSpeisekarteCore ( $pdo , $speisekarte ) {
$sql = " DELETE FROM %extrasprods% " ;
$stmt = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
$stmt -> execute ();
$speisekartenHandler = new TypeAndProductFileManager ();
$ret = $speisekartenHandler -> manageSpeisekarte ( $pdo , $speisekarte );
2020-11-19 23:00:05 +01:00
2020-11-19 22:47:44 +01:00
return $ret ;
}
private function fillSampleContent ()
{
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:59:47 +01:00
$sql = " DELETE FROM `%queue%` " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$this -> fillSampleContentBySqlFile ( $pdo , " samples/queuecontent.txt " );
2020-11-19 22:47:44 +01:00
$sql = " DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8' " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$sql = " DELETE FROM `%histuser%` " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$sql = " DELETE FROM `%user%` " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$this -> fillSampleContentBySqlFile ( $pdo , " samples/usercontent.txt " );
2020-11-19 22:47:44 +01:00
2020-11-19 22:54:51 +01:00
$this -> histfiller -> readUserTableAndSendToHist ( $pdo );
2020-11-19 22:47:44 +01:00
}
function getJsonMenuItemsAndVersion () {
echo json_encode ( $this -> getJsonMenuItemsAndVersionCore ());
}
/*
* Return all the entries for the main menu ( the modules )
*/
private function getJsonMenuItemsAndVersionCore () {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
2020-11-19 22:47:44 +01:00
}
$mainMenu = array ();
$currentUser = " " ;
$waiterMessage = " " ;
$loggedIn = true ;
2020-11-19 22:59:47 +01:00
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
2020-11-19 22:47:44 +01:00
$mainMenu [] = array ( " name " => " Startseite " , " link " => " index.html " );
2020-11-19 22:59:47 +01:00
$loggedIn = false ;
2020-11-19 22:47:44 +01:00
} else {
$lang = $_SESSION [ 'language' ];
2020-11-19 23:00:09 +01:00
$waiterdesktxt = array ( " Kellneransicht " , " Waiter's View " , " Vista de camareros " );
2020-11-19 22:47:44 +01:00
$kitchentxt = array ( " Küche " , " Kitchen " , " Cocina " );
2020-11-19 23:00:09 +01:00
$waitertxt = array ( " Bestellung " , " Orderdesk " , " Camarero " );
2020-11-19 22:47:44 +01:00
$paydesktxt = array ( " Kasse " , " Paydesk " , " Caja " );
$settingtxt = array ( " Einstellungen " , " Preferences " , " Propriedades " );
$admintxt = array ( " Verwaltung " , " Administration " , " Administrar " );
$supplytxt = array ( " Bereitstellung " , " Supply desk " , " Preparado " );
$prodtxt = array ( " Angebot " , " Products " , " Productos " );
$restxt = array ( " Reservierung " , " Reservation " , " Reserva " );
$bontxt = array ( " Kassenbons " , " Receipts " , " Tiques " );
$stattxt = array ( " Statistik " , " Statistics " , " Estadisticas " );
$ratingtxt = array ( " Bewertung " , " Rating " , " Valoración " );
2020-11-19 23:02:08 +01:00
$customerstxt = array ( " Gäste " , " Guests " , " Clientes " );
2020-11-19 22:47:44 +01:00
$logout = array ( " Abmelden " , " Log out " , " Adios " );
$rights = array ( $_SESSION [ 'is_admin' ], $_SESSION [ 'right_waiter' ], $_SESSION [ 'right_kitchen' ],
$_SESSION [ 'right_bar' ], $_SESSION [ 'right_supply' ], $_SESSION [ 'right_paydesk' ],
$_SESSION [ 'right_statistics' ], $_SESSION [ 'right_bill' ], $_SESSION [ 'right_products' ],
2020-11-19 23:02:08 +01:00
$_SESSION [ 'right_reservation' ], $_SESSION [ 'right_changeprice' ], $_SESSION [ 'right_customers' ],
$_SESSION [ 'right_manager' ], $_SESSION [ 'right_closing' ]);
2020-11-19 22:47:44 +01:00
$right_rating = $_SESSION [ 'right_rating' ];
2020-11-19 23:00:09 +01:00
if ( ! self :: isOnlyRatingUser ( $rights , $right_rating , true )) {
if ( $_SESSION [ 'modus' ] == 0 ) {
2020-11-19 23:02:57 +01:00
if ( $_SESSION [ 'right_waiter' ]) { $mainMenu [] = array ( " name " => $waitertxt [ $lang ], " link " => " waiter.html?v=1.3.10 " ); };
2020-11-19 23:00:09 +01:00
} else {
2020-11-19 23:02:57 +01:00
if ( $_SESSION [ 'right_waiter' ]) { $mainMenu [] = array ( " name " => $waiterdesktxt [ $lang ], " link " => " waiterdesktop.php?v=1.3.10 " ); };
2020-11-19 23:00:09 +01:00
}
2020-11-19 23:02:57 +01:00
if ( $_SESSION [ 'right_kitchen' ]) { $mainMenu [] = array ( " name " => $kitchentxt [ $lang ], " link " => " kitchen.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_bar' ]) { $mainMenu [] = array ( " name " => " Bar " , " link " => " bar.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_supply' ]) { $mainMenu [] = array ( " name " => $supplytxt [ $lang ], " link " => " supplydesk.html?v=1.3.10 " ); };
2020-11-19 23:00:09 +01:00
if ( $_SESSION [ 'modus' ] == 0 ) {
2020-11-19 23:02:57 +01:00
if ( $_SESSION [ 'right_paydesk' ]) { $mainMenu [] = array ( " name " => $paydesktxt [ $lang ], " link " => " paydesk.html?v=1.3.10 " ); };
2020-11-19 23:00:09 +01:00
}
2020-11-19 23:02:57 +01:00
if ( $_SESSION [ 'right_statistics' ]) { $mainMenu [] = array ( " name " => $stattxt [ $lang ], " link " => " reports.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_bill' ]) { $mainMenu [] = array ( " name " => $bontxt [ $lang ], " link " => " bill.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_products' ]) { $mainMenu [] = array ( " name " => $prodtxt [ $lang ], " link " => " products.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_reservation' ]) { $mainMenu [] = array ( " name " => $restxt [ $lang ], " link " => " reservation.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_rating' ]) { $mainMenu [] = array ( " name " => $ratingtxt [ $lang ], " link " => " rating.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_customers' ]) { $mainMenu [] = array ( " name " => $customerstxt [ $lang ], " link " => " customers.html?v=1.3.10 " ); };
if ( $_SESSION [ 'right_manager' ] || $_SESSION [ 'is_admin' ] || $_SESSION [ 'right_closing' ]) { $mainMenu [] = array ( " name " => $admintxt [ $lang ], " link " => " manager.html?v=1.3.10 " ); };
$mainMenu [] = array ( " name " => $settingtxt [ $lang ], " link " => " preferences.html?v=1.3.10 " );
$mainMenu [] = array ( " name " => " Feedback " , " link " => " feedback.html?v=1.3.10 " );
2020-11-19 22:47:44 +01:00
}
$mainMenu [] = array ( " name " => $logout [ $lang ], " link " => " logout.php " );
$currentUser = $_SESSION [ 'currentuser' ];
2020-11-19 22:59:47 +01:00
$waiterMessage = $this -> getMessage ( null , " waitermessage " );
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:57 +01:00
$mainMenuAndVersion = array ( " version " => " OrderSprinter 1.3.10 " ,
2020-11-19 22:47:44 +01:00
" user " => $currentUser ,
" menu " => $mainMenu ,
" waitermessage " => $waiterMessage ,
" loggedin " => ( $loggedIn ? 1 : 0 )
);
return ( $mainMenuAndVersion );
}
2020-11-19 23:00:58 +01:00
private function getWaiterMessage () {
try {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$waiterMessage = $this -> getMessage ( null , " waitermessage " );
echo json_encode ( array ( " status " => " OK " , " msg " => $waiterMessage ));
} catch ( Exception $e ) {
echo json_encode ( array ( " status " => " ERROR " , " msg " => " Error: $e " ));
return ;
}
}
private function getHotelInfo ( $pdo ) {
try {
$hotelinterface = CommonUtils :: getConfigValue ( $pdo , " hotelinterface " , 0 );
$guests = array ();
if ( $hotelinterface == 1 ) {
$sql = " SELECT reservationid,object,guest FROM %hsout% " ;
$guests = CommonUtils :: fetchSqlAll ( $pdo , $sql , null );
}
return ( array ( " status " => " OK " , " hotelinterface " => $hotelinterface , " guests " => $guests ));
} catch ( Exception $e ) {
return ( array ( " status " => " ERROR " , " hotelinterface " => 0 , " guests " => array ()));
}
}
2020-11-19 23:02:08 +01:00
private function getGuestInfo ( $pdo ) {
try {
$sql = " SELECT %customers%.id as id,%customers%.id as object,CONCAT(IFNULL(name,''),' - ',IFNULL(room,'')) as guest FROM %customers%,%vacations% where %customers%.id=%vacations%.customerid AND ((checkin <= CURDATE()) AND (CURDATE() <= checkout)) GROUP BY id " ;
$guests = CommonUtils :: fetchSqlAll ( $pdo , $sql , null );
return ( array ( " status " => " OK " , " guests " => $guests ));
} catch ( Exception $ex ) {
return ( array ( " status " => " ERROR " ));
}
}
2020-11-19 22:47:44 +01:00
function getUserList () {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " SELECT * FROM %user% WHERE active='1' ORDER BY is_admin " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$result = $stmt -> fetchAll ();
echo json_encode ( $result );
2020-11-19 22:47:44 +01:00
}
function setTime ( $day , $month , $year , $hour , $min ) {
if ( ! ( $this -> userrights -> hasCurrentUserRight ( 'is_admin' ))) {
echo json_encode ( array ( " status " => " ERROR " , " msg " => " Benutzerrechte nicht ausreichend! " ));
return false ;
} else {
$txt = sprintf ( " %02d " , $month ) . sprintf ( " %02d " , $day ) . sprintf ( " %02d " , $hour ) . sprintf ( " %02d " , $min ) . $year = substr ( $year , - 2 );;
try {
if ( substr ( php_uname (), 0 , 7 ) == " Windows " ){
echo json_encode ( array ( " status " => " ERROR " , " msg " => " Zeit auf Windows-Server kann nicht gesetzt werden! " ));
return false ;
}
else {
$cmd = " date \" $txt\ " " ;
shell_exec ( $cmd . " > /dev/null & " );
}
} catch ( Exception $e ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_SCRIPT_NOT_EXECUTABLE , " msg " => ERROR_SCRIPT_NOT_EXECUTABLE_MSG ));
}
$this -> getGeneralConfigItems ( true , null );
}
}
2020-11-19 22:59:47 +01:00
function createNewUser () {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:59:47 +01:00
$username = $_POST [ 'username' ];
$isAdmin = $_POST [ 'isAdmin' ];
$password = $_POST [ 'password' ];
2020-11-19 22:54:51 +01:00
$sql = " SELECT count(id) as countid FROM %user% WHERE active='1' AND username=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $username ));
$row = $stmt -> fetchObject ();
if ( $row -> countid > 0 ) {
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_NAME_EXISTS_ALREADY , " msg " => ERROR_NAME_EXISTS_ALREADY_MSG ));
2020-11-19 22:47:44 +01:00
return ;
} else {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
}
2020-11-19 22:47:44 +01:00
$lang = $_SESSION [ 'language' ];
if ( $isAdmin && ! ( $this -> isCurrentUserAdmin ())) {
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_NOT_ADMIN , " msg " => ERROR_COMMAND_NOT_ADMIN_MSG ));
2020-11-19 22:47:44 +01:00
return ;
2020-11-19 22:54:12 +01:00
} else {
2020-11-19 22:47:44 +01:00
$password_hash = md5 ( $password );
2020-11-19 22:54:51 +01:00
2020-11-19 22:59:47 +01:00
$keys = array ( 'id' , 'userpassword' , 'language' );
$vals = array ( null , $password_hash , $lang );
$quests = array ( '?' , '?' , '?' );
foreach ( DbUtils :: $userCols as $userCol ) {
if ( ! is_null ( $userCol [ " new " ])) {
$quests [] = '?' ;
$keys [] = $userCol [ " col " ];
$vals [] = $_POST [ $userCol [ 'new' ]];
} else if ( isset ( $userCol [ " default " ])) {
$quests [] = '?' ;
$keys [] = $userCol [ " col " ];
$vals [] = $userCol [ " default " ];
}
}
$keysStr = join ( " , " , $keys );
$questsStr = join ( " , " , $quests );
$userInsertSql = " INSERT INTO %user% ( " . $keysStr . " ) VALUES( " . $questsStr . " ) " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $userInsertSql ));
$stmt -> execute ( $vals );
2020-11-19 22:54:51 +01:00
$lastId = $pdo -> lastInsertId ();
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " OK " ));
2020-11-19 22:47:44 +01:00
}
}
2020-11-19 22:59:47 +01:00
HistFiller :: createUserInHist ( $pdo , $lastId );
2020-11-19 22:47:44 +01:00
}
function getPayPrintType () {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$this -> sendJsonValueFromConfigTable ( $pdo , 'payprinttype' );
2020-11-19 22:47:44 +01:00
}
function getPayments () {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
2020-11-19 22:47:44 +01:00
2020-11-19 23:00:58 +01:00
$hotelinterface = CommonUtils :: getConfigValue ( $pdo , " hotelinterface " , 0 );
$where = " WHERE id <> 7 " ;
if ( $hotelinterface != 0 ) {
$where = " " ;
}
2020-11-19 22:59:47 +01:00
$lang = $_SESSION [ 'language' ];
2020-11-19 23:00:58 +01:00
$sql = " SELECT id,name FROM %payment% $where " ;
2020-11-19 22:47:44 +01:00
if ( $lang == 1 ) {
2020-11-19 23:00:58 +01:00
$sql = " SELECT id,name_en as name FROM %payment% $where " ;
2020-11-19 22:47:44 +01:00
} else if ( $lang == 2 ) {
2020-11-19 23:00:58 +01:00
$sql = " SELECT id,name_esp as name FROM %payment% $where " ;
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
2020-11-19 22:47:44 +01:00
$stmt_query = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
2020-11-19 22:59:47 +01:00
$stmt_query -> execute ();
2020-11-19 22:47:44 +01:00
$result = $stmt_query -> fetchAll ();
$retArray = array ();
2020-11-19 22:59:47 +01:00
2020-11-19 22:47:44 +01:00
foreach ( $result as $row ) {
$entry = array ( " id " => $row [ 'id' ], " name " => $row [ 'name' ]);
$retArray [] = $entry ;
}
2020-11-19 23:00:58 +01:00
$hotelinfo = $this -> getHotelInfo ( $pdo );
2020-11-19 23:02:08 +01:00
$internalguests = $this -> getGuestInfo ( $pdo );
2020-11-19 23:00:58 +01:00
2020-11-19 23:02:08 +01:00
echo json_encode ( array ( " payments " => $retArray , " hotelinterface " => $hotelinfo [ " hotelinterface " ], " guests " => $hotelinfo [ " guests " ], " internalguests " => $internalguests [ " guests " ]));
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:54:51 +01:00
function sendJsonValueFromConfigTable ( $pdo , $whichValue ) {
2020-11-19 23:00:35 +01:00
$theVal = CommonUtils :: getConfigValue ( $pdo , $whichValue , " " );
2020-11-19 22:59:47 +01:00
if ( $theVal == null ) {
echo json_encode ( " " );
} else {
echo json_encode ( $theVal );
2020-11-19 22:47:44 +01:00
}
}
private function deletelogo () {
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
$this -> changeOneConfigDbItem ( $pdo , " logoimg " , null , " %logo% " , false );
echo json_encode ( " OK " );
}
private function readlogo () {
if ( $_FILES [ 'logofile' ][ 'error' ] != UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file ( $_FILES [ 'logofile' ][ 'tmp_name' ])) { //checks that file is uploaded
header ( " Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden. " );
exit ();
}
if ( ! file_exists ( $_FILES [ 'logofile' ][ 'tmp_name' ]) || ! is_uploaded_file ( $_FILES [ 'logofile' ][ 'tmp_name' ])) {
header ( " Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben. " );
exit ();
}
$content = file_get_contents ( $_FILES [ 'logofile' ][ 'tmp_name' ]);
if ( $_FILES [ 'logofile' ][ 'error' ] != UPLOAD_ERR_OK //checks for errors
2020-11-19 22:52:55 +01:00
&& is_uploaded_file ( $_FILES [ 'logofile' ][ 'tmp_name' ])) { //checks that file is uploaded
2020-11-19 22:47:44 +01:00
header ( " Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden. " );
exit ();
}
if ( strlen ( $content ) > 65535 ) {
header ( " Location: ../infopage.html?e=manager.html=Logobild_muss_kleiner_als_64_Kilobytes_sein! " );
exit ();
}
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
$this -> changeOneConfigDbItem ( $pdo , " logoimg " , $content , " %logo% " , false );
header ( " Location: ../infopage.html?i=manager.html=Import_war_erfolgreich. " ); /* Browser umleiten */
exit ;
}
function changeConfig ( $changedValues ) {
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
$assoc_vals = array (
" usstval " => array ( " dbcol " => " tax " , " checknum " => 1 ),
" togotaxval " => array ( " dbcol " => " togotax " , " checknum " => 1 ),
2020-11-19 23:00:31 +01:00
" taxaustrianormalval " => array ( " dbcol " => " taxaustrianormal " , " checknum " => 1 ),
" taxaustriaerm1val " => array ( " dbcol " => " taxaustriaerm1 " , " checknum " => 1 ),
" taxaustriaerm2val " => array ( " dbcol " => " taxaustriaerm2 " , " checknum " => 1 ),
" taxaustriaspecialval " => array ( " dbcol " => " taxaustriaspecial " , " checknum " => 1 ),
2020-11-19 22:47:44 +01:00
" stornocode " => array ( " dbcol " => " stornocode " , " checknum " => 0 ),
" printpass " => array ( " dbcol " => " printpass " , " checknum " => 0 ),
" companyinfo " => array ( " dbcol " => " companyinfo " , " checknum " => 0 ),
2020-11-19 22:58:39 +01:00
" rectemplate " => array ( " dbcol " => " rectemplate " , " checknum " => 0 ),
2020-11-19 22:59:54 +01:00
" foodtemplate " => array ( " dbcol " => " foodtemplate " , " checknum " => 0 ),
" drinktemplate " => array ( " dbcol " => " drinktemplate " , " checknum " => 0 ),
2020-11-19 22:47:44 +01:00
" serverUrl " => array ( " dbcol " => " serverurl " , " checknum " => 0 ),
" email " => array ( " dbcol " => " email " , " checknum " => 0 ),
" emailbadrating " => array ( " dbcol " => " emailbadrating " , " checknum " => 0 ),
" emailratingcontact " => array ( " dbcol " => " emailratingcontact " , " checknum " => 0 ),
" receiveremail " => array ( " dbcol " => " receiveremail " , " checknum " => 0 ),
" payprinttype " => array ( " dbcol " => " payprinttype " , " checknum " => 0 ),
" paymentconfig " => array ( " dbcol " => " paymentconfig " , " checknum " => 0 ),
2020-11-19 22:59:50 +01:00
" addreceipttoprinter " => array ( " dbcol " => " addreceipttoprinter " , " checknum " => 0 ),
2020-11-19 22:48:24 +01:00
" bigfontworkreceipt " => array ( " dbcol " => " bigfontworkreceipt " , " checknum " => 0 ),
2020-11-19 22:52:25 +01:00
" prominentsearch " => array ( " dbcol " => " prominentsearch " , " checknum " => 0 ),
2020-11-19 22:58:17 +01:00
" discount1 " => array ( " dbcol " => " discount1 " , " checknum " => 0 ),
" discount2 " => array ( " dbcol " => " discount2 " , " checknum " => 0 ),
" discount3 " => array ( " dbcol " => " discount3 " , " checknum " => 0 ),
" austria " => array ( " dbcol " => " austria " , " checknum " => 0 ),
2020-11-19 22:58:36 +01:00
" digigopaysetready " => array ( " dbcol " => " digigopaysetready " , " checknum " => 0 ),
2020-11-19 22:58:42 +01:00
" waitergopayprint " => array ( " dbcol " => " waitergopayprint " , " checknum " => 0 ),
2020-11-19 23:00:05 +01:00
" oneprodworkreceipts " => array ( " dbcol " => " oneprodworkreceipts " , " checknum " => 0 ),
" digiprintwork " => array ( " dbcol " => " digiprintwork " , " checknum " => 0 ),
2020-11-19 22:53:50 +01:00
" groupworkitems " => array ( " dbcol " => " groupworkitems " , " checknum " => 0 ),
2020-11-19 22:47:44 +01:00
" workflowconfig " => array ( " dbcol " => " workflowconfig " , " checknum " => 0 ),
" receiptfontsize " => array ( " dbcol " => " receiptfontsize " , " checknum " => 0 ),
" billlanguage " => array ( " dbcol " => " billlanguage " , " checknum " => 0 ),
2020-11-19 23:00:58 +01:00
" hotelinterface " => array ( " dbcol " => " hotelinterface " , " checknum " => 0 ),
" hsinfile " => array ( " dbcol " => " hsinfile " , " checknum " => 0 ),
" hsoutfile " => array ( " dbcol " => " hsoutfile " , " checknum " => 0 ),
" hscurrency " => array ( " dbcol " => " hscurrency " , " checknum " => 0 ),
2020-11-19 22:47:44 +01:00
" reservationnote " => array ( " dbcol " => " reservationnote " , " checknum " => 0 ),
" remoteaccesscode " => array ( " dbcol " => " remoteaccesscode " , " checknum " => 0 ),
" webimpressum " => array ( " dbcol " => " webimpressum " , " checknum " => 0 ),
" cancelunpaidcode " => array ( " dbcol " => " cancelunpaidcode " , " checknum " => 0 ),
2020-11-19 23:02:12 +01:00
" cancelguestcode " => array ( " dbcol " => " cancelguestcode " , " checknum " => 0 ),
2020-11-19 23:00:55 +01:00
" printandqueuejobs " => array ( " dbcol " => " printandqueuejobs " , " checknum " => 0 ),
" cashenabled " => array ( " dbcol " => " cashenabled " , " checknum " => 0 ),
2020-11-19 23:02:16 +01:00
" returntoorder " => array ( " dbcol " => " returntoorder " , " checknum " => 0 ),
2020-11-19 23:00:55 +01:00
" beepcooked " => array ( " dbcol " => " beepcooked " , " checknum " => 0 ),
2020-11-19 23:02:57 +01:00
" closshowci " => array ( " dbcol " => " closshowci " , " checknum " => 0 ),
" closshowpaytaxes " => array ( " dbcol " => " closshowpaytaxes " , " checknum " => 0 ),
" closshowprods " => array ( " dbcol " => " closshowprods " , " checknum " => 0 ),
" showpayment2 " => array ( " dbcol " => " showpayment2 " , " checknum " => 0 ),
" showpayment3 " => array ( " dbcol " => " showpayment3 " , " checknum " => 0 ),
" showpayment4 " => array ( " dbcol " => " showpayment4 " , " checknum " => 0 ),
" showpayment5 " => array ( " dbcol " => " showpayment5 " , " checknum " => 0 ),
" showpayment6 " => array ( " dbcol " => " showpayment6 " , " checknum " => 0 ),
" showpayment7 " => array ( " dbcol " => " showpayment7 " , " checknum " => 0 ),
" showpayment8 " => array ( " dbcol " => " showpayment8 " , " checknum " => 0 ),
2020-11-19 23:02:08 +01:00
" restaurantmode " => array ( " dbcol " => " restaurantmode " , " checknum " => 0 ),
2020-11-19 22:47:44 +01:00
" smtphost " => array ( " dbcol " => " smtphost " , " checknum " => 0 ),
" smtpauth " => array ( " dbcol " => " smtpauth " , " checknum " => 1 ),
" smtpuser " => array ( " dbcol " => " smtpuser " , " checknum " => 0 ),
" smtppass " => array ( " dbcol " => " smtppass " , " checknum " => 0 ),
" smtpsecure " => array ( " dbcol " => " smtpsecure " , " checknum " => 1 ),
" smtpport " => array ( " dbcol " => " smtpport " , " checknum " => 0 ),
2020-11-19 22:58:20 +01:00
2020-11-19 23:02:42 +01:00
" discountname1 " => array ( " dbcol " => " discountname1 " , " checknum " => 0 ),
" discountname2 " => array ( " dbcol " => " discountname2 " , " checknum " => 0 ),
" discountname3 " => array ( " dbcol " => " discountname3 " , " checknum " => 0 ),
2020-11-19 23:00:58 +01:00
" memorylimit " => array ( " dbcol " => " memorylimit " , " checknum " => 0 ),
2020-11-19 23:02:33 +01:00
" updateurl " => array ( " dbcol " => " updateurl " , " checknum " => 0 ),
2020-11-19 23:01:04 +01:00
" hs3refresh " => array ( " dbcol " => " hs3refresh " , " checknum " => 0 ),
2020-11-19 23:00:58 +01:00
2020-11-19 22:58:20 +01:00
" paydeskid " => array ( " dbcol " => " paydeskid " , " checknum " => 0 ),
" aeskey " => array ( " dbcol " => " aeskey " , " checknum " => 0 ),
2020-11-19 23:02:19 +01:00
" certificatesn " => array ( " dbcol " => " certificatesn " , " checksum " => 0 ),
" rksvserver " => array ( " dbcol " => " rksvserver " , " checksum " => 0 )
2020-11-19 22:47:44 +01:00
);
$problem = false ;
foreach ( $changedValues as $aChangeSet ) {
$name = $aChangeSet [ 'name' ];
$aVal = $aChangeSet [ 'value' ];
if ( $name == " payprinttype " ) {
if ((( string ) $aVal ) == " 1 " ) {
$aVal = " l " ;
}
if ((( string ) $aVal ) == " 2 " ) {
$aVal = " s " ;
}
}
2020-11-19 22:59:50 +01:00
if ( $name == 'addreceipttoprinter' ) {
if (((( string ) $aVal ) == " 0 " ) || ( ! is_numeric ( $aVal ))) {
$aVal = null ;
}
}
2020-11-19 22:47:44 +01:00
if ( $name == " remoteaccesscode " ) {
if ((( string ) $aVal ) == " " ) {
$aVal = null ;
} else {
$aVal = md5 ( $aVal );
}
}
if ( $name == " printpass " ) {
$aVal = md5 ( $aVal );
}
2020-11-19 23:00:58 +01:00
if ( $name == " memorylimit " ) {
$aVal = trim ( $aVal );
if ( $aVal != " -1 " ) {
if ( ! ctype_digit ( $aVal )) {
$aVal = " 256 " ;
}
$aVal = intval ( $aVal );
if (( $aVal < 64 ) || ( $aVal > 65535 )) {
$aVal = 256 ;
}
}
}
2020-11-19 23:02:33 +01:00
if ( $name == " updateurl " ) {
$aVal = trim ( $aVal );
}
2020-11-19 23:01:04 +01:00
if ( $name == " hs3refresh " ) {
$aVal = trim ( $aVal );
if ( ! ctype_digit ( $aVal )) {
$aVal = " 60 " ;
}
$aVal = intval ( $aVal );
if ( $aVal < 5 ) {
$aVal = 60 ;
}
}
2020-11-19 22:47:44 +01:00
$association = $assoc_vals [ $name ];
$dbcol = $association [ " dbcol " ];
$check = $association [ " checknum " ];
if ( $check == 1 ) {
if ( is_numeric ( $aVal )) {
$this -> changeOneConfigDbItem ( $pdo , $dbcol , $aVal , " %config% " , true );
} else {
$problem = true ;
}
} else {
$this -> changeOneConfigDbItem ( $pdo , $dbcol , $aVal , " %config% " , true );
}
}
2020-11-19 22:59:47 +01:00
if ( ! $problem ) {
echo json_encode ( array ( " status " => " OK " ));
2020-11-19 22:47:44 +01:00
} else {
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG ));
2020-11-19 22:47:44 +01:00
}
}
function changeOneConfigDbItem ( $pdo , $theItem , $theValue , $table , $doHist ) {
$sql = " SELECT setting from $table WHERE name=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theItem ));
$row = $stmt -> fetchObject ();
if ( $stmt -> rowCount () > 0 ) {
$sql = " UPDATE $table SET setting=? WHERE name=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theValue , $theItem ));
} else {
$sql = " INSERT INTO ` $table ` (`id` , `name`,`setting`) VALUES (NULL , ? , ?) " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theItem , $theValue ));
}
if ( $doHist ) {
$this -> histfiller -> updateConfigInHist ( $pdo , $theItem , $theValue );
}
}
private function findActiveUserWithName ( $username ) {
2020-11-19 22:59:47 +01:00
$sql_find_id = " SELECT id FROM %user% WHERE active='1' AND username=' $username ' " ;
$pdo = $this -> dbutils -> openDbAndReturnPdo ();
$stmt_query = $pdo -> query ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql_find_id ));
$row = $stmt_query -> fetchObject ();
2020-11-19 22:47:44 +01:00
$theUserId = $row -> id ;
return $theUserId ;
}
2020-11-19 22:59:47 +01:00
function updateUser () {
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$theUserId = $_POST [ 'userid' ];
$isAdmin = $_POST [ 'isAdmin' ];
2020-11-19 22:47:44 +01:00
$sql = " SELECT username,is_admin FROM %user% WHERE id=? " ;
2020-11-19 22:59:47 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
2020-11-19 22:47:44 +01:00
$stmt -> execute ( array ( $theUserId ));
2020-11-19 22:54:51 +01:00
$row = $stmt -> fetchObject ();
2020-11-19 22:47:44 +01:00
$userToModIsAdmin = $row -> is_admin ;
$doChangeAdminRights = false ;
if ( $isAdmin != $userToModIsAdmin ) {
$doChangeAdminRights = true ;
}
if ( $doChangeAdminRights && ! ( $this -> isCurrentUserAdmin ())) {
echo json_encode ( " noadmin " );
} else {
2020-11-19 22:59:47 +01:00
$keys = array ();
$vals = array ();
foreach ( DbUtils :: $userCols as $userCol ) {
if ( ! is_null ( $userCol [ " update " ])) {
$keys [] = $userCol [ " col " ] . " =? " ;
$vals [] = $_POST [ $userCol [ " update " ]];
}
}
$vals [] = $theUserId ;
$keysStr = join ( " , " , $keys );
$sql = " UPDATE %user% SET " . $keysStr . " WHERE active='1' AND id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( $vals );
HistFiller :: updateUserInHist ( $pdo , $theUserId );
echo json_encode ( " OK " );
}
2020-11-19 22:47:44 +01:00
}
function deleteUser ( $theUserId ) {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " SELECT is_admin FROM %user% WHERE active='1' AND id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theUserId ));
$row = $stmt -> fetchObject ();
$userToDelIsAdmin = ( $row -> is_admin == 1 ? true : false );
2020-11-19 22:47:44 +01:00
if ( $userToDelIsAdmin && ! ( $this -> isCurrentUserAdmin ())) {
echo json_encode ( " noadmin " );
} else {
2020-11-19 22:54:51 +01:00
$sql = " SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $theUserId ));
$row = $stmt -> fetchObject ();
$numberOfOtherAdmins = $row -> countid ;
2020-11-19 22:47:44 +01:00
if (( $numberOfOtherAdmins == 0 ) && $userToDelIsAdmin ) {
echo json_encode ( " lastadmin " );
} else {
2020-11-19 22:54:51 +01:00
$userSql = " UPDATE %user% set active='0' WHERE id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $userSql ));
$stmt -> execute ( array ( $theUserId ));
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
HistFiller :: updateUserInHist ( $pdo , $theUserId );
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
}
}
}
function getCurrentUser () {
2020-11-19 22:59:47 +01:00
if ( ! isset ( $_SESSION [ 'angemeldet' ]) || ! $_SESSION [ 'angemeldet' ]) {
echo json_encode ( " Nobody " );
2020-11-19 22:47:44 +01:00
} else {
echo json_encode ( $_SESSION [ 'currentuser' ]);
}
}
function changepassword ( $userid , $password ) {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 23:00:35 +01:00
$sql = " SELECT count(id) as countid FROM %user% WHERE active='1' AND id=? " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $userid ));
$row = $stmt -> fetchObject ();
2020-11-19 23:00:35 +01:00
if ( $row -> countid == 0 ) {
echo json_encode ( " ERROR " );
return ;
}
$sql = " SELECT is_admin FROM %user% WHERE active='1' AND id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $userid ));
$row = $stmt -> fetchObject ();
$userToChgPassIsAdm = false ;
if ( $row -> is_admin == 1 ) {
$userToChgPassIsAdm = true ;
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:00:35 +01:00
2020-11-19 22:54:51 +01:00
2020-11-19 22:47:44 +01:00
if ( session_id () == '' ) {
session_start ();
}
$otherUser = false ;
if ( $_SESSION [ 'userid' ] != $userid ) {
$otherUser = true ;
}
if ( $otherUser && $userToChgPassIsAdm && ! ( $this -> isCurrentUserAdmin ())) {
echo json_encode ( " noadmin " );
} else {
$password_hash = md5 ( $password );
2020-11-19 22:59:47 +01:00
$userSql = " UPDATE %user% set userpassword=? WHERE active='1' AND id=? " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $userSql ));
2020-11-19 22:59:47 +01:00
$stmt -> execute ( array ( $password_hash , $userid ));
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
}
}
function setUserLanguage ( $language ) {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
}
2020-11-19 22:54:51 +01:00
$currentuserid = $_SESSION [ 'userid' ];
2020-11-19 22:47:44 +01:00
$_SESSION [ 'language' ] = intval ( $language );
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " UPDATE %user% set language=? WHERE active='1' AND id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $language , $currentuserid ));
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
}
function setUserReceiptPrinter ( $printer ) {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
}
$currentuserid = $_SESSION [ 'userid' ];
$_SESSION [ 'receiptprinter' ] = intval ( $printer );
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " UPDATE %user% set receiptprinter=? WHERE active='1' AND id=? " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
2020-11-19 22:59:47 +01:00
$stmt -> execute ( array ( $printer , $currentuserid ));
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
}
function setBtnSize ( $btn , $size ) {
if ( session_id () == '' ) {
session_start ();
}
2020-11-19 22:54:51 +01:00
$currentuserid = $_SESSION [ 'userid' ];
2020-11-19 22:47:44 +01:00
$assoc = array ( " 0 " => " roombtnsize " , " 1 " => " tablebtnsize " , " 2 " => " prodbtnsize " );
$_SESSION [ $assoc [ $btn ]] = intval ( $size );
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$sql = " UPDATE %user% set " . $assoc [ $btn ] . " =? WHERE active='1' AND id=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $size , $currentuserid ));
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
}
function changeOwnPassword ( $oldpassword , $newpassword ) {
2020-11-19 22:59:47 +01:00
if ( session_id () == '' ) {
session_start ();
2020-11-19 22:47:44 +01:00
}
$currentuser = $_SESSION [ 'currentuser' ];
$oldp_hash = md5 ( $oldpassword );
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:47:44 +01:00
$ok = true ;
2020-11-19 23:00:35 +01:00
$sql = " SELECT count(id) as countid FROM %user% WHERE username=? AND active='1' " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $currentuser ));
$row = $stmt -> fetchObject ();
2020-11-19 23:00:35 +01:00
if ( $row -> countid == 0 ) {
echo json_encode ( " FAILED " );
return ;
}
2020-11-19 22:54:51 +01:00
2020-11-19 23:00:35 +01:00
$sql = " SELECT userpassword FROM %user% WHERE username=? AND active='1' " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( $currentuser ));
$row = $stmt -> fetchObject ();
if ( $row -> userpassword != $oldp_hash ) {
2020-11-19 22:47:44 +01:00
$ok = false ;
2020-11-19 22:54:51 +01:00
}
2020-11-19 22:47:44 +01:00
if ( $ok ) {
$newp_hash = md5 ( $newpassword );
2020-11-19 22:54:51 +01:00
$sql = " UPDATE %user% set userpassword=? WHERE active='1' AND username=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
2020-11-19 22:59:47 +01:00
$stmt -> execute ( array ( $newp_hash , $currentuser ));
2020-11-19 22:47:44 +01:00
echo json_encode ( " OK " );
} else {
echo json_encode ( " FAILED " );
}
}
2020-11-19 22:59:47 +01:00
private function writeCsvHeader ( $defaultFilename ) {
header ( " Content-type: text/x-csv " );
header ( " Content-Disposition: attachment; filename= $defaultFilename " );
header ( " Cache-Control: must-revalidate, post-check=0, pre-check=0 " );
header ( " Pragma: no-cache " );
2020-11-19 22:47:44 +01:00
header ( " Expires: 0 " );
}
private function exportConfigCsv () {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:47:44 +01:00
$this -> writeCsvHeader ( " datenexport-config.csv " );
2020-11-19 22:59:47 +01:00
echo ( " Eintragsid; Datum ; Konfiguration; Wert;Beschreibung \n " );
$sql = " SELECT DISTINCT %hist%.id as id,date, " ;
$sql .= " %config%.name as configitem,%histconfig%.setting as setting,description " ;
$sql .= " FROM %hist%, %histconfig%, %histactions%, %config% " ;
2020-11-19 22:47:44 +01:00
$sql .= " WHERE (refid=%histconfig%.id) " ;
2020-11-19 22:59:47 +01:00
$sql .= " AND %histconfig%.configid = %config%.id " ;
$sql .= " AND (action='2' OR action='6') " ;
$sql .= " AND (action=%histactions%.id) " ;
$sql .= " ORDER BY date,id " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$result = $stmt -> fetchAll ();
2020-11-19 22:59:47 +01:00
foreach ( $result as $zeile ) {
$val1 = $zeile [ 'id' ];
$val2 = $zeile [ 'date' ];
$val3 = $zeile [ 'configitem' ];
2020-11-19 22:47:44 +01:00
$val4 = str_replace ( " \r \n " , " <CR> " , $zeile [ 'setting' ]);
2020-11-19 22:59:47 +01:00
$val4 = str_replace ( " \n " , " <CR> " , $val4 );
$val5 = $zeile [ 'description' ];
echo " $val1 ; $val2 ; \" $val3\ " ; \ " $val4\ " ; \ " $val5\ " \n " ;
2020-11-19 22:54:51 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:00:18 +01:00
private function exportLog () {
header ( " Content-type: text/plain " );
header ( " Content-Disposition: attachment; filename=server.log " );
header ( " Cache-Control: must-revalidate, post-check=0, pre-check=0 " );
header ( " Pragma: no-cache " );
header ( " Expires: 0 " );
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
echo CommonUtils :: getLog ( $pdo );
}
2020-11-19 22:47:44 +01:00
private function exportUserCsv () {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
2020-11-19 22:47:44 +01:00
$this -> writeCsvHeader ( " datenexport-benutzer.csv " );
2020-11-19 23:02:08 +01:00
echo ( " Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Gästerechte; Tageserfassungsrecht; Managerrechte; Aktiviert \n " );
2020-11-19 22:47:44 +01:00
$sql = " SELECT DISTINCT %hist%.id as id,date, " ;
$sql .= " userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply, " ;
2020-11-19 23:02:08 +01:00
$sql .= " right_paydesk,right_statistics,right_bill,right_products,right_rating,right_changeprice,right_customers,right_closing,right_manager,active, " ;
2020-11-19 22:47:44 +01:00
$sql .= " description " ;
$sql .= " FROM %hist%, %histuser%, %histactions% " ;
$sql .= " WHERE (refid=%histuser%.id) " ;
$sql .= " AND (action='3' OR action='7' OR action='8') " ;
$sql .= " AND (action=%histactions%.id) " ;
$sql .= " ORDER BY date,id " ;
2020-11-19 22:54:51 +01:00
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$result = $stmt -> fetchAll ();
foreach ( $result as $zeile ) {
2020-11-19 22:47:44 +01:00
$val1 = $zeile [ 'id' ];
$val2 = $zeile [ 'date' ];
$val3 = $zeile [ 'userid' ];
$val4 = $zeile [ 'username' ];
$val5 = ( $zeile [ 'is_admin' ] == '1' ? " Ja " : " Nein " );
$val6 = ( $zeile [ 'right_waiter' ] == '1' ? " Ja " : " Nein " );
$val7 = ( $zeile [ 'right_kitchen' ] == '1' ? " Ja " : " Nein " );
$val8 = ( $zeile [ 'right_bar' ] == '1' ? " Ja " : " Nein " );
$val9 = ( $zeile [ 'right_supply' ] == '1' ? " Ja " : " Nein " );
$val10 = ( $zeile [ 'right_paydesk' ] == '1' ? " Ja " : " Nein " );
$val11 = ( $zeile [ 'right_statistics' ] == '1' ? " Ja " : " Nein " );
$val12 = ( $zeile [ 'right_bill' ] == '1' ? " Ja " : " Nein " );
$val13 = ( $zeile [ 'right_products' ] == '1' ? " Ja " : " Nein " );
$val14 = ( $zeile [ 'right_rating' ] == '1' ? " Ja " : " Nein " );
$val15 = ( $zeile [ 'right_changeprice' ] == '1' ? " Ja " : " Nein " );
2020-11-19 23:02:08 +01:00
$val16 = ( $zeile [ 'right_customers' ] == '1' ? " Ja " : " Nein " );
$val17 = ( $zeile [ 'right_closing' ] == '1' ? " Ja " : " Nein " );
$val18 = ( $zeile [ 'right_manager' ] == '1' ? " Ja " : " Nein " );
$val19 = ( $zeile [ 'active' ] == '1' ? " Ja " : " Nein " );
$val20 = $zeile [ 'description' ];
2020-11-19 22:47:44 +01:00
echo " $val1 ; $val2 ; $val3 ; $val4 ; $val5 ; $val6 ; $val7 ; $val8 ; $val9 ; $val10 ; " ;
2020-11-19 23:02:08 +01:00
echo " $val11 ; $val12 ; $val13 ; $val14 ; $val15 ; $val16 ; $val17 ; $val18 ; $val19 ; $val20\n " ;
2020-11-19 22:47:44 +01:00
}
}
/**
* Create a temporary directory in PHP ' s temp folder
*/
private function createDirectoryInTemp ( $tmpFolder ) {
$tmpFolder = trim ( $tmpFolder );
if ( $tmpFolder == " " ) {
$tempfile = tempnam ( sys_get_temp_dir (), '' );
} else {
$tempfile = tempnam ( $tmpFolder , '' );
}
if ( is_null ( $tempfile ) || ( $tempfile == " " )) {
return null ;
}
if ( file_exists ( $tempfile )) { unlink ( $tempfile ); }
mkdir ( $tempfile );
if ( is_dir ( $tempfile )) {
$tempfile = str_replace ( '\\' , '/' , $tempfile );
return $tempfile ;
} else {
return null ;
}
}
private function getConfigTablesToBackupRestore () {
return array ( " logo " , " work " , " payment " , " room " , " resttables " , " tablepos " , " tablemaps " , " pricelevel " , " prodtype " , " products " , " config " , " user " , " comments " , " histprod " , " histconfig " , " histuser " , " histactions " , " hist " , " extras " , " extrasprods " );
}
2020-11-19 23:02:19 +01:00
private function getConfigGuestsTablesToBackupRestore () {
return array ( " logo " , " work " , " payment " , " room " , " resttables " , " tablepos " , " tablemaps " , " pricelevel " , " prodtype " , " products " , " config " , " user " , " comments " , " histprod " , " histconfig " , " histuser " , " histactions " , " hist " , " extras " , " extrasprods " , " customers " , " groups " , " groupcustomer " , " vacations " );
}
2020-11-19 22:47:44 +01:00
private function getAllTablesToBackupRestore () {
2020-11-19 23:00:35 +01:00
return array ( " closing " , " logo " , " printjobs " , " ratings " , " work " , " payment " , " room " , " resttables " , " tablepos " , " tablemaps " , " pricelevel " , " prodtype " , " products " , " config " ,
2020-11-19 23:02:12 +01:00
" user " , " reservations " , " customers " , " groups " , " groupcustomer " , " vacations " , " bill " , " customerlog " , " queue " , " billproducts " , " hsin " , " hsout " , " comments " , " histprod " , " histconfig " , " histuser " , " histactions " , " hist " ,
2020-11-19 23:02:08 +01:00
" extras " , " extrasprods " , " queueextras " );
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:00:35 +01:00
private function getAllWithLogsTablesToBackupRestore () {
2020-11-19 23:02:08 +01:00
return array ( " log " , " closing " , " logo " , " printjobs " , " ratings " , " work " , " payment " , " room " , " resttables " , " tablepos " , " tablemaps " , " pricelevel " , " prodtype " , " products " , " config " ,
2020-11-19 23:02:12 +01:00
" user " , " reservations " , " customers " , " groups " , " groupcustomer " , " vacations " , " bill " , " customerlog " , " queue " , " billproducts " , " hsin " , " hsout " , " comments " , " histprod " , " histconfig " , " histuser " , " histactions " , " hist " ,
2020-11-19 23:02:08 +01:00
" extras " , " extrasprods " , " queueextras " );
2020-11-19 23:00:35 +01:00
}
2020-11-19 22:55:09 +01:00
public function backup ( $theType , $remoteaccesscode ) {
2020-11-19 22:47:44 +01:00
date_default_timezone_set ( DbUtils :: getTimeZone ());
$nowtime = date ( 'Y-m-d' );
2020-11-19 22:51:46 +01:00
2020-11-19 22:47:44 +01:00
$pdo = DButils :: openDbAndReturnPdoStatic ();
2020-11-19 22:55:09 +01:00
if ( $theType == " auto " ) {
2020-11-19 23:00:35 +01:00
$code = CommonUtils :: getConfigValue ( $pdo , 'remoteaccesscode' , null );
if ( is_null ( $code )) {
2020-11-19 22:55:09 +01:00
echo " No remote access code available - backup not allowed " ;
return ;
}
2020-11-19 23:00:35 +01:00
2020-11-19 22:55:09 +01:00
if ( is_null ( $code ) || ( trim ( $code ) == " " )) {
echo " No remote access code set - backup not allowed " ;
return ;
}
if ( $code != md5 ( $remoteaccesscode )) {
echo " Wrong remote access code used - backup not allowed " ;
return ;
}
}
2020-11-19 22:47:44 +01:00
$pdo -> beginTransaction ();
2020-11-19 22:51:46 +01:00
$genInfo = $this -> getGeneralConfigItems ( false , $pdo );
$version = $genInfo [ " version " ];
$fileName = " backup- " . $version . " _ " . $nowtime . " -configuration.json " ;
if ( $theType == " all " ) {
$fileName = " backup- " . $version . " _ " . $nowtime . " -all.json " ;
2020-11-19 23:00:35 +01:00
} else if ( $theType == " alllogs " ) {
$fileName = " backup- " . $version . " _ " . $nowtime . " -all-logs.json " ;
2020-11-19 23:02:19 +01:00
} else if ( $theType == " confandguests " ) {
$fileName = " backup- " . $version . " _ " . $nowtime . " -guests.json " ;
2020-11-19 22:51:46 +01:00
}
2020-11-19 22:47:44 +01:00
if ( $theType == " configuration " ) {
$tables = $this -> getConfigTablesToBackupRestore ();
2020-11-19 23:02:19 +01:00
} else if ( $theType == " confandguests " ) {
$tables = $this -> getConfigGuestsTablesToBackupRestore ();
2020-11-19 23:00:35 +01:00
} else if (( $theType == " all " ) || ( $theType == " auto " )) {
2020-11-19 22:59:47 +01:00
HistFiller :: insertSaveHistEntry ( $pdo );
2020-11-19 22:47:44 +01:00
$tables = $this -> getAllTablesToBackupRestore ();
2020-11-19 23:00:35 +01:00
} else {
HistFiller :: insertSaveHistEntry ( $pdo );
$tables = $this -> getAllWithLogsTablesToBackupRestore ();
2020-11-19 22:47:44 +01:00
}
$binaryFields = array ( " signature " , " img " , " setting " , " content " );
$dbcontent = array ();
foreach ( $tables as $table ) {
$sql = " DESCRIBE % $table % " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$fields = $stmt -> fetchAll ( PDO :: FETCH_COLUMN );
$fieldstr = implode ( " , " , $fields );
$sql = " SELECT $fieldstr from % $table % " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$result = $stmt -> fetchAll ();
$tableContent = array ();
foreach ( $result as $row ) {
$fieldContent = array ();
foreach ( $fields as $field ) {
if ( in_array ( $field , $binaryFields )) {
$aFieldEntry = array ( " fieldname " => $field , " value " => base64_encode ( $row [ $field ]));
} else {
$aFieldEntry = array ( " fieldname " => $field , " value " => $row [ $field ]);
}
$fieldContent [] = $aFieldEntry ;
};
$tableContent [] = $fieldContent ;
}
$dbcontent [] = array ( " table " => $table , " content " => $tableContent );
}
$pdo -> commit ();
$retStr = json_encode ( $dbcontent );
ob_start ();
header ( " Pragma: public " );
header ( " Expires: 0 " );
header ( " Cache-Control: must-revalidate, post-check=0, pre-check=0 " );
header ( " Cache-Control: public " );
header ( " Content-Description: File Transfer " );
header ( " Content-type: application/octet-stream " );
header ( " Content-Disposition: attachment; filename= \" $fileName\ " " );
header ( " Content-Transfer-Encoding: binary " );
header ( " Content-Length: " . strlen ( $retStr ));
echo $retStr ;
ob_end_flush ();
}
private function restore () {
2020-11-19 23:02:21 +01:00
set_time_limit ( 60 * 20 );
2020-11-19 23:00:35 +01:00
2020-11-19 22:47:44 +01:00
if ( $_FILES [ 'userfile' ][ 'error' ] != UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file ( $_FILES [ 'userfile' ][ 'tmp_name' ])) { //checks that file is uploaded
header ( " Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden. " );
exit ();
}
2020-11-19 22:55:09 +01:00
if ( ! file_exists ( $_FILES [ 'userfile' ][ 'tmp_name' ])) {
2020-11-19 23:02:19 +01:00
header ( " Location: ../infopage.html?e=manager.html=Datei_existiert_nicht._Bitte_PHP-Variablen_upload_max_filesize_und_post_max_size_checken. " );
2020-11-19 22:47:44 +01:00
exit ();
}
2020-11-19 22:55:09 +01:00
if ( ! is_uploaded_file ( $_FILES [ 'userfile' ][ 'tmp_name' ])) {
header ( " Location: ../infopage.html?e=manager.html=Datei_konnte_nicht_hochgeladen_werden. " );
exit ();
}
2020-11-19 22:47:44 +01:00
$binaryFields = array ( " signature " , " img " , " setting " , " content " );
$content = file_get_contents ( $_FILES [ 'userfile' ][ 'tmp_name' ]);
$basedb = new Basedb ();
$basedb -> setPrefix ( TAB_PREFIX );
$basedb -> setTimeZone ( DbUtils :: getTimeZone ());
$pdo = DbUtils :: openDbAndReturnPdoStatic ();
$pdo -> beginTransaction ();
$genInfo = $this -> getGeneralConfigItems ( false , $pdo );
$version = $genInfo [ " version " ];
$timezone = DbUtils :: getTimeZone ();
2020-11-19 23:02:16 +01:00
$dbContent = json_decode ( $content , true );
foreach ( $dbContent as $table ) {
if ( $table [ 'table' ] == 'config' ) {
$foundConfigItem = null ;
foreach ( $table [ 'content' ] as $aConfigItem ) {
foreach ( $aConfigItem as $aConfigDbPart ) {
if (( $aConfigDbPart [ 'fieldname' ] == 'name' ) && ( $aConfigDbPart [ 'value' ] == 'version' )) {
$foundConfigItem = $aConfigItem ;
break ;
}
}
}
if ( ! is_null ( $foundConfigItem )) {
foreach ( $foundConfigItem as $aConfigDbPart ) {
if ( $aConfigDbPart [ 'fieldname' ] == 'setting' ) {
$bakVersion = base64_decode ( $aConfigDbPart [ 'value' ]);
if ( $bakVersion != $version ) {
header ( " Location: ../infopage.html?e=manager.html=Backup_hat_die_falsche_Version:_ $bakVersion . " );
exit ();
}
}
}
}
}
}
2020-11-19 22:47:44 +01:00
$basedb -> dropTables ( $pdo );
$basedb -> createEmptyTables ( $pdo );
$typeIsOnlyConfig = true ;
foreach ( $dbContent as $table ) {
$tablename = " % " . $table [ 'table' ] . " % " ;
$tablecontent = $table [ 'content' ];
if ( $table [ 'table' ] == " queue " ) {
$typeIsOnlyConfig = false ;
}
2020-11-19 22:51:46 +01:00
if ( $table [ 'table' ] == " bill " ) {
$sql = " SET FOREIGN_KEY_CHECKS = 0 " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
}
2020-11-19 22:47:44 +01:00
foreach ( $tablecontent as $row ) {
$cols = array ();
$vals = array ();
$quests = array ();
foreach ( $row as $field ) {
$fieldname = $field [ 'fieldname' ];
$cols [] = $fieldname ;
if ( in_array ( $fieldname , $binaryFields )) {
$vals [] = base64_decode ( $field [ 'value' ]);
} else {
$vals [] = $field [ 'value' ];
}
$quests [] = '?' ;
}
$colstr = implode ( " , " , $cols );
2020-11-19 22:51:46 +01:00
2020-11-19 22:47:44 +01:00
$queststr = implode ( " , " , $quests );
$sql = " INSERT INTO $tablename ( $colstr ) VALUES ( $queststr ) " ;
$stmt = $pdo -> prepare ( $this -> dbutils -> resolveTablenamesInSqlString ( $sql ));
2020-11-19 23:00:35 +01:00
try {
$stmt -> execute ( $vals );
} catch ( Exception $e ) {
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:51:46 +01:00
if ( $table [ 'table' ] == " bill " ) {
$sql = " SET FOREIGN_KEY_CHECKS = 1 " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
}
2020-11-19 22:47:44 +01:00
}
if ( ! $typeIsOnlyConfig ) {
2020-11-19 22:59:47 +01:00
HistFiller :: insertRestoreHistEntry ( $pdo );
2020-11-19 22:47:44 +01:00
}
$basedb -> signLastBillid ( $pdo );
$setVersion = " update %config% set setting=? where name='version' " ;
$stmt = $pdo -> prepare ( $basedb -> resolveTablenamesInSqlString ( $setVersion ));
$stmt -> execute ( array ( $version ));
2020-11-19 22:50:09 +01:00
2020-11-19 22:47:44 +01:00
$sql = " SELECT name FROM %config% WHERE name=? " ;
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ( array ( " timezone " ));
$row = $stmt -> fetchObject ();
if ( $stmt -> rowCount () == 0 ) {
$this -> changeOneConfigDbItem ( $pdo , " timezone " , $timezone , " %config% " , true );
}
$pdo -> commit ();
2020-11-19 22:50:09 +01:00
2020-11-19 22:47:44 +01:00
if ( session_id () == '' ) {
session_start ();
}
$_SESSION = array ();
// Swipe via memory
if ( ini_get ( " session.use_cookies " )) {
// Prepare and swipe cookies
$params = session_get_cookie_params ();
// clear cookies and sessions
setcookie ( session_name (), '' , time () - 42000 ,
$params [ " path " ], $params [ " domain " ],
$params [ " secure " ], $params [ " httponly " ]
);
}
ini_set ( 'session.gc_max_lifetime' , 0 );
ini_set ( 'session.gc_probability' , 1 );
ini_set ( 'session.gc_divisor' , 1 );
session_destroy ();
header ( " Location: ../infopage.html?i=index.html=Import_war_erfolgreich. " ); /* Browser umleiten */
exit ;
}
private function shutdown () {
try {
if ( substr ( php_uname (), 0 , 7 ) == " Windows " ){
$comd = " shutdown /s /t 10 " ;
pclose ( popen ( " start /B " . $cmd , " r " ));
}
else {
chmod ( " shutdown.bat " , " 700 " );
$cmd = " sh < shutdown.bat " ;
exec ( $cmd . " > /dev/null & " );
}
echo json_encode ( array ( " status " => " OK " ));
} catch ( Exception $e ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_SCRIPT_NOT_EXECUTABLE , " msg " => ERROR_SCRIPT_NOT_EXECUTABLE_MSG ));
}
}
2020-11-19 22:59:47 +01:00
2020-11-19 23:00:46 +01:00
private function optimize () {
2020-11-19 23:02:19 +01:00
set_time_limit ( 60 * 10 );
try {
$pdo = DButils :: openDbAndReturnPdoStatic ();
self :: doSql ( $pdo , " OPTIMIZE TABLE %queue% " , null );
self :: doSql ( $pdo , " OPTIMIZE TABLE %billproducts% " , null );
self :: doSql ( $pdo , " OPTIMIZE TABLE %extrasprods% " , null );
self :: doSql ( $pdo , " OPTIMIZE TABLE %queueextras% " , null );
self :: doSql ( $pdo , " OPTIMIZE TABLE %log% " , null );
echo json_encode ( array ( " status " => " OK " ));
} catch ( Exception $ex ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG ));
}
2020-11-19 23:00:46 +01:00
}
2020-11-19 23:02:19 +01:00
2020-11-19 23:00:58 +01:00
private static function getForeignKeyName ( $pdo , $fromtable , $totable , $dbname , $default = null ) {
$foreignKey = null ;
2020-11-19 22:59:47 +01:00
try {
2020-11-19 23:00:58 +01:00
$sql = " SELECT constraint_name as foreignkey FROM information_schema.REFERENTIAL_CONSTRAINTS WHERE constraint_schema = ' $dbname ' AND table_name = '% $fromtable %' AND REFERENCED_TABLE_NAME='% $totable %' " ;
$test = DbUtils :: substTableAlias ( $sql );
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
$stmt -> execute ();
$result = $stmt -> fetchAll ();
if ( count ( $result ) != 1 ) {
return $default ;
}
$foreignKey = $result [ 0 ][ " foreignkey " ];
} catch ( Exception $e ) {
return $default ;
}
return $foreignKey ;
}
private function golive () {
2020-11-19 23:02:19 +01:00
set_time_limit ( 60 * 10 );
2020-11-19 22:59:47 +01:00
$pdo = DButils :: openDbAndReturnPdoStatic ();
2020-11-19 23:00:58 +01:00
try {
$billprodref_fk = self :: getForeignKeyName ( $pdo , 'billproducts' , 'bill' , MYSQL_DB );
$queuebillref_fk = self :: getForeignKeyName ( $pdo , 'queue' , 'bill' , MYSQL_DB );
$billclosingref_fk = self :: getForeignKeyName ( $pdo , 'bill' , 'closing' , MYSQL_DB );
$billbillref_fk = self :: getForeignKeyName ( $pdo , 'bill' , 'bill' , MYSQL_DB );
2020-11-19 23:02:19 +01:00
$cuslogbillref_fk = self :: getForeignKeyName ( $pdo , 'customerlog' , 'bill' , MYSQL_DB );
2020-11-19 23:00:58 +01:00
} catch ( Exception $ex ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG . " - impossible to get foreign keys: $e " ));
}
try {
2020-11-19 23:02:19 +01:00
self :: doSql ( $pdo , " DELETE FROM %customerlog% " , null );
2020-11-19 22:59:47 +01:00
self :: doSql ( $pdo , " DELETE FROM %hist% " , null );
self :: doSql ( $pdo , " DELETE FROM %histprod% " , null );
self :: doSql ( $pdo , " DELETE FROM %histconfig% " , null );
self :: doSql ( $pdo , " DELETE FROM %histuser% " , null );
HistFiller :: readUserTableAndSendToHist ( $pdo );
$products = new Products ();
$menu = $products -> getSpeisekarte ( $pdo );
if ( $menu [ 'status' ] != " OK " ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG ));
return ;
} else {
self :: doSql ( $pdo , " SET foreign_key_checks = 0; " , null );
self :: doSql ( $pdo , " DELETE FROM %queueextras% " , null );
self :: doSql ( $pdo , " DELETE FROM %extrasprods% " , null );
self :: doSql ( $pdo , " DELETE FROM %extras% " , null );
self :: doSql ( $pdo , " DELETE FROM %billproducts% " , null );
self :: doSql ( $pdo , " DELETE FROM %queue% " , null );
self :: doSql ( $pdo , " DELETE FROM %printjobs% " , null );
self :: doSql ( $pdo , " DELETE FROM %bill% " , null );
self :: doSql ( $pdo , " DELETE FROM %ratings% " , null );
self :: doSql ( $pdo , " DELETE FROM %closing% " , null );
self :: doSql ( $pdo , " SET foreign_key_checks = 1; " , null );
$ret = $this -> fillSpeisekarteCore ( $pdo , $menu [ 'msg' ]);
self :: doSql ( $pdo , " DELETE FROM %products% WHERE removed is not null " , null );
self :: doSql ( $pdo , " SET foreign_key_checks = 0; " , null );
self :: doSql ( $pdo , " DELETE FROM %prodtype% WHERE removed is not null " , null );
self :: doSql ( $pdo , " SET foreign_key_checks = 1; " , null );
if ( $ret [ " status " ] != " OK " ) {
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG ));
return ;
}
HistFiller :: readAllProdsAndFillHistByDb ( $pdo );
self :: doSql ( $pdo , " DELETE w FROM %histprod% w INNER JOIN %hist% e ON refid=w.id WHERE action='4' " , null );
self :: doSql ( $pdo , " DELETE FROM %hist% where action='4' " , null );
}
2020-11-19 23:00:58 +01:00
self :: doSql ( $pdo , " alter table %bill% drop foreign key $billbillref_fk " , null );
2020-11-19 23:02:19 +01:00
self :: doSql ( $pdo , " alter table %customerlog% drop foreign key $cuslogbillref_fk " , null );
2020-11-19 23:00:58 +01:00
self :: doSql ( $pdo , " alter table %billproducts% drop foreign key $billprodref_fk " , null );
self :: doSql ( $pdo , " alter table %queue% drop foreign key $queuebillref_fk " , null );
2020-11-19 22:59:47 +01:00
self :: doSql ( $pdo , " ALTER TABLE %bill% DROP id " , null );
self :: doSql ( $pdo , " ALTER TABLE %bill% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST " , null );
2020-11-19 23:00:58 +01:00
self :: doSql ( $pdo , " ALTER TABLE %bill% ADD CONSTRAINT $billbillref_fk FOREIGN KEY (ref) REFERENCES %bill%(id) " , null );
2020-11-19 23:02:19 +01:00
self :: doSql ( $pdo , " ALTER TABLE %customerlog% ADD CONSTRAINT $cuslogbillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id) " , null );
2020-11-19 23:00:58 +01:00
self :: doSql ( $pdo , " ALTER TABLE %billproducts% ADD CONSTRAINT $billprodref_fk FOREIGN KEY (billid) REFERENCES %bill%(id) " , null );
self :: doSql ( $pdo , " ALTER TABLE %queue% ADD CONSTRAINT $queuebillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id) " , null );
self :: doSql ( $pdo , " alter table %bill% drop foreign key $billclosingref_fk " , null );
2020-11-19 22:59:47 +01:00
self :: doSql ( $pdo , " ALTER TABLE %closing% DROP id " , null );
self :: doSql ( $pdo , " ALTER TABLE %closing% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST " , null );
2020-11-19 23:00:58 +01:00
self :: doSql ( $pdo , " ALTER TABLE %bill% ADD CONSTRAINT $billclosingref_fk FOREIGN KEY (closingid) REFERENCES %closing%(id) " , null );
2020-11-19 22:59:47 +01:00
$basedb = new Basedb ();
$basedb -> setPrefix ( TAB_PREFIX );
$basedb -> setTimeZone ( DbUtils :: getTimeZone ());
$basedb -> signLastBillid ( $pdo );
$histFiller = new HistFiller ();
$histFiller -> readConfigTableAndSendToHist ();
self :: doSql ( $pdo , " DELETE FROM %resttables% WHERE removed is not null " , null );
self :: doSql ( $pdo , " DELETE FROM %room% WHERE removed is not null " , null );
2020-11-19 23:02:08 +01:00
self :: doSql ( $pdo , " DELETE FROM %reservations% " , null );
self :: doSql ( $pdo , " DELETE FROM %groupcustomer% " , null );
self :: doSql ( $pdo , " DELETE FROM %vacations% " , null );
self :: doSql ( $pdo , " DELETE FROM %groups% " , null );
self :: doSql ( $pdo , " DELETE FROM %customers% " , null );
2020-11-19 22:59:47 +01:00
echo json_encode ( array ( " status " => " OK " ));
} catch ( Exception $e ) {
2020-11-19 23:00:58 +01:00
echo json_encode ( array ( " status " => " ERROR " , " code " => ERROR_COMMAND_ERROR , " msg " => ERROR_COMMAND_ERROR_MSG . " - Error message: $e " ));
2020-11-19 22:59:47 +01:00
}
}
private static function doSql ( $pdo , $sql , $params ) {
$stmt = $pdo -> prepare ( DbUtils :: substTableAlias ( $sql ));
if ( is_null ( $params )) {
$stmt -> execute ();
} else {
$stmt -> execute ( $params );
}
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:21 +01:00
?>