ordersprinter/webapp/php/admin.php

3140 lines
115 KiB
PHP
Raw Normal View History

2020-11-19 22:47:44 +01:00
<?php
// Datenbank-Verbindungsparameter
require_once ('dbutils.php');
require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php');
require_once ('utilities/basedb.php');
2020-11-19 23:00:05 +01:00
require_once ('utilities/decimaldefs.php');
2020-11-19 22:47:44 +01:00
require_once ('utilities/sorter.php');
require_once ('utilities/Logger.php');
require_once ('utilities/Emailer.php');
2020-11-19 23:00:58 +01:00
require_once ('hotelinterface.php');
2020-11-19 22:47:44 +01:00
class Admin {
var $dbutils;
var $userrights;
var $histfiller;
private static $timezone = null;
2020-11-19 22:59:47 +01:00
private static $rights = array(
"createNewUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 23:03:48 +01:00
"createNewRole" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 22:59:47 +01:00
"updateUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 23:03:48 +01:00
"updateRole" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 22:59:47 +01:00
"deleteUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 23:03:48 +01:00
"deleteRole" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 22:59:47 +01:00
"changepassword" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"changeConfig" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"readlogo" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"deletelogo" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"getCurrentUser" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"tryAuthenticate" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"setLastModuleOfUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getViewAfterLogin" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"isUserAlreadyLoggedIn" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"isLoggedinUserAdmin" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"isLoggedinUserKitchen" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"isLoggedinUserBar" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"isLoggedinUserAdminOrManagerOrTE" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"hasUserPaydeskRight" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getJsonMenuItemsAndVersion" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"getUserList" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:48 +01:00
"getRoleList" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:47 +01:00
"setTime" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"changeOwnPassword" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setUserLanguage" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setUserReceiptPrinter" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setBtnSize" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getGeneralConfigItems" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getWaiterSettings" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getPayPrintType" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getPayments" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"autobackup" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:43 +01:00
"autoftpbackup" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:47 +01:00
"shutdown" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
2020-11-19 23:00:46 +01:00
"optimize" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
2020-11-19 23:03:43 +01:00
"ftpbackup" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
2020-11-19 22:59:47 +01:00
"backup" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"restore" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"golive" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"drop" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"fill" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"fillSpeisekarte" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
"assignTaxes" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
2020-11-19 23:03:07 +01:00
"getDbStat" => array("loggedin" => 1, "isadmin" => 1, "rights" => null),
2020-11-19 22:59:47 +01:00
"exportConfigCsv" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"exportUserCsv" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 23:00:18 +01:00
"exportLog" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
2020-11-19 22:59:47 +01:00
"setOrderVolume" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setPreferTableMap" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setKeepTypeLevel" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:02:42 +01:00
"setMobileTheme" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:47 +01:00
"setApplyExtrasBtnPos" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:35 +01:00
"setPreferimgdesk" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"setPreferimgmobile" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:38 +01:00
"setPrefershowplusminus" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:47 +01:00
"getOrderVolume" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getButtonSizes" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getPreferTableMap" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getKeepTypeLevel" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:02:42 +01:00
"getMobileTheme" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:47 +01:00
"getApplyExtrasBtnPos" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:35 +01:00
"getPreferimgdesk" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
"getPreferimgmobile" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:38 +01:00
"getPrefershowplusminus" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 22:59:57 +01:00
"isInstalled" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
2020-11-19 23:00:58 +01:00
"isPrinterServerActive" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:02:42 +01:00
"getWaiterMessage" => array("loggedin" => 1, "isadmin" => 0, "rights" => null),
2020-11-19 23:03:20 +01:00
"getmobilecss" => array("loggedin" => 0, "isadmin" => 0, "rights" => null),
"getprinterinstances" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"setprinterinstances" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")),
"getdashreports" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("dash"))
2020-11-19 22:59:47 +01:00
);
2020-11-19 22:47:44 +01:00
function __construct() {
$this->dbutils = new DbUtils();
$this->userrights = new Userrights();
$this->histfiller = new HistFiller();
}
2020-11-19 22:59:47 +01:00
private static function checkRights($command) {
if(session_id() == '') {
session_start();
}
if (!array_key_exists($command, self::$rights)) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_FOUND, "msg" => ERROR_COMMAND_NOT_FOUND_MSG));
return false;
}
$cmdRights = self::$rights[$command];
if ($cmdRights["loggedin"] == 1) {
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
}
if ($cmdRights["isadmin"] == 1) {
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
} else {
2020-11-19 23:03:48 +01:00
if ($_SESSION['is_admin'] == false) {
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG));
return false;
}
}
}
if (!is_null($cmdRights["rights"])) {
foreach($cmdRights["rights"] as $aRight) {
if ($aRight == 'manager_or_admin') {
2020-11-19 23:03:48 +01:00
if (($_SESSION['is_admin']) || ($_SESSION['right_manager'])) {
2020-11-19 22:59:47 +01:00
return true;
2020-11-19 22:53:50 +01:00
}
2020-11-19 23:03:20 +01:00
} else if ($aRight == 'dash') {
2020-11-19 23:03:48 +01:00
if ($_SESSION['right_dash']) {
2020-11-19 23:03:20 +01:00
return true;
}
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
return false;
}
return true;
}
function handleCommand($command) {
if (!self::checkRights($command)) {
return false;
}
if ($command == 'tryAuthenticate') {
2020-11-19 23:00:09 +01:00
$this->tryAuthenticate($_POST['userid'],$_POST['password'],$_POST['modus'],$_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute'],$_POST["time"]);
2020-11-19 22:59:47 +01:00
} else if ($command == 'setLastModuleOfUser') {
$this->setLastModuleOfUser($_POST['view']);
} else if ($command == 'getViewAfterLogin') {
$this->getViewAfterLogin();
} else if ($command == 'isUserAlreadyLoggedIn') {
$this->isUserAlreadyLoggedIn();
} else if ($command == 'logout') {
$this->logout();
} else if ($command == 'getCurrentUser') {
$this->getCurrentUser();
} else if ($command == 'isLoggedinUserAdmin') {
$this->isLoggedinUserAdmin();
} else if ($command == 'isLoggedinUserKitchen') {
$this->isLoggedinUserKitchen();
} else if ($command == 'isLoggedinUserBar') {
$this->isLoggedinUserBar();
} else if ($command == 'isLoggedinUserAdminOrManagerOrTE') {
$this->isLoggedinUserAdminOrManagerOrTE();
} else if ($command == 'hasUserPaydeskRight') {
$this->hasUserPaydeskRight();
} else if ($command == 'getJsonMenuItemsAndVersion') {
$this->getJsonMenuItemsAndVersion();
} else if ($command == 'getUserList') {
$this->getUserList();
2020-11-19 23:03:48 +01:00
} else if ($command == 'getRoleList') {
$this->getRoleList();
2020-11-19 22:59:47 +01:00
} else if ($command == 'setTime') {
$this->setTime($_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute']);
} else if ($command == 'createNewUser') {
$this->createNewUser();
2020-11-19 23:03:48 +01:00
} else if ($command == 'createNewRole') {
$this->createNewRole();
2020-11-19 22:59:47 +01:00
} else if ($command == 'updateUser') {
$this->updateUser();
2020-11-19 23:03:48 +01:00
} else if ($command == 'updateRole') {
$this->updateRole();
2020-11-19 22:59:47 +01:00
} else if ($command == 'deleteUser') {
$this->deleteUser($_POST['userid']);
2020-11-19 23:03:48 +01:00
} else if ($command == 'deleteRole') {
$this->deleteRole($_POST['roleid']);
2020-11-19 22:59:47 +01:00
} else if ($command == 'changepassword') {
$this->changepassword($_POST['userid'],$_POST['password']);
} else if ($command == 'changeOwnPassword') {
$this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']);
} else if ($command == 'setUserLanguage') {
$this->setUserLanguage($_POST['language']);
} else if ($command == 'setUserReceiptPrinter') {
$this->setUserReceiptPrinter($_POST['printer']);
} else if ($command == 'setBtnSize') {
$this->setBtnSize($_POST['btn'],$_POST['size']);
} else if ($command == 'changeConfig') {
$this->changeConfig($_POST['changed']);
} else if ($command == 'readlogo') {
$this->readlogo();
} else if ($command == 'deletelogo') {
$this->deletelogo();
} else if ($command == 'getGeneralConfigItems') {
$this->getGeneralConfigItems(true,null);
} else if ($command == 'getWaiterSettings') {
$this->getWaiterSettings();
// from here on admin rights are needed
} else if ($command == 'getPayPrintType') {
$this->getPayPrintType();
} else if ($command == 'getPayments') {
$this->getPayments();
} else if ($command == 'autobackup') {
$this->backup('auto',$_POST['remoteaccesscode']);
2020-11-19 23:03:43 +01:00
} else if ($command == 'autoftpbackup') {
$this->ftpbackup('auto',$_POST['remoteaccesscode']);
2020-11-19 22:59:47 +01:00
} else if ($command == 'fill') {
$this->fillSampleContent();
echo json_encode(array("status" => "OK"));
} else if ($command == 'fillSpeisekarte') {
$this->fillSpeisekarte($_POST['speisekarte']);
} else if ($command == 'backup') {
$this->backup($_GET['type'],null);
return;
2020-11-19 23:03:43 +01:00
} else if ($command == 'ftpbackup') {
$this->ftpbackup($_GET['type'],null);
return;
2020-11-19 22:59:47 +01:00
} else if ($command == 'restore') {
$this->restore();
return;
} else if ($command == 'golive') {
$this->golive();
return;
} else if ($command == 'shutdown') {
$this->shutdown();
return;
2020-11-19 23:00:46 +01:00
} else if ($command == 'optimize') {
$this->optimize();
return;
2020-11-19 22:59:47 +01:00
} else if ($command == 'assignTaxes') {
$this->assignTaxes($_POST['food'],$_POST['drinks']);
return;
} else if ($command == 'exportConfigCsv') {
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
$this->exportConfigCsv();
}
} else if ($command == 'exportUserCsv') {
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
$this->exportUserCsv();
}
2020-11-19 23:00:18 +01:00
} else if ($command == 'exportLog') {
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
$this->exportLog();
}
2020-11-19 22:59:47 +01:00
} else if ($command == 'setOrderVolume') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setOrderVolume($_POST['volume']);
}
2020-11-19 23:03:38 +01:00
} else if ($command == 'setPreferTableMap') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setPreferTableMap($_POST['prefertablemap']);
}
} else if ($command == 'setPreferimgdesk') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setPreferimgdesk($_POST['preferredvalue']);
}
} else if ($command == 'setPreferimgmobile') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setPreferimgmobile($_POST['preferredvalue']);
}
} else if ($command == 'setPrefershowplusminus') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setShowplusminus($_POST['preferredvalue']);
}
} else if ($command == 'setKeepTypeLevel') {
2020-11-19 22:59:47 +01:00
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setKeepTypeLevel($_POST['keeptypelevel']);
}
2020-11-19 23:02:42 +01:00
} else if ($command == 'setMobileTheme') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setMobileTheme($_POST['mobiletheme']);
}
2020-11-19 22:59:47 +01:00
} else if ($command == 'setApplyExtrasBtnPos') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->setExtrasApplyBtnPos($_POST['applyextrasbtnpos']);
}
} else if ($command == 'getOrderVolume') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getOrderVolume();
}
} else if ($command == 'getButtonSizes') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getButtonSizes();
}
} else if ($command == 'getPreferTableMap') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getPreferTableMap();
}
2020-11-19 23:03:35 +01:00
} else if ($command == 'getPreferimgdesk') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getPreferimgdesk();
}
} else if ($command == 'getPreferimgmobile') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getPreferimgmobile();
2020-11-19 23:03:38 +01:00
}
} else if ($command == 'getPrefershowplusminus') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getShowplusminus();
}
2020-11-19 22:59:47 +01:00
} else if ($command == 'getKeepTypeLevel') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getKeepTypeLevel();
}
2020-11-19 23:02:42 +01:00
} else if ($command == 'getmobilecss') {
$this->getmobilecss();
} else if ($command == 'getMobileTheme') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getMobileTheme();
}
2020-11-19 22:59:47 +01:00
} else if ($command == 'getApplyExtrasBtnPos') {
if ($this->isUserAlreadyLoggedInForPhp()) {
$this->getApplyExtrasBtnPos();
}
} else if ($command == 'isInstalled') {
$this->isInstalled();
2020-11-19 22:59:57 +01:00
} else if ($command == 'isPrinterServerActive') {
2020-11-19 23:00:58 +01:00
$this->isPrinterServerActive();
} else if ($command == 'getWaiterMessage') {
$this->getWaiterMessage();
2020-11-19 23:03:07 +01:00
} else if ($command == 'getDbStat') {
$this->getDbStat();
2020-11-19 23:03:20 +01:00
} else if ($command == 'getprinterinstances') {
$this->getPrinterInstances();
} else if ($command == 'setprinterinstances') {
$this->setprinterinstances($_POST["k1"],$_POST["k2"],$_POST["k3"],$_POST["k4"],$_POST["k5"],$_POST["k6"],$_POST["f1"],$_POST["f2"],$_POST["d1"],$_POST["d2"]);
} else if ($command == 'getdashreports') {
$this->getdashreports();
2020-11-19 22:59:47 +01:00
}
else {
echo "Command not supported.";
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:03:38 +01:00
2020-11-19 22:47:44 +01:00
/***
* Is the installation already done? Or was the html/php code overwritten, i.e. a new or updated version to install?
*/
private function isInstalled() {
2020-11-19 22:59:47 +01:00
if(defined('INSTALLSTATUS')){
2020-11-19 22:47:44 +01:00
if (INSTALLSTATUS == 'new') {
echo json_encode("No");
} else {
echo json_encode("Yes");
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
} else {
echo json_encode("No");
}
}
2020-11-19 22:59:57 +01:00
private function isPrinterServerActive() {
2020-11-19 23:00:58 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
Hotelinterface::hs3sync($pdo);
2020-11-19 22:59:57 +01:00
$TIMEOUT = 20;
$active = json_encode(array("status" => "OK","msg" => 1));
$notActive = json_encode(array("status" => "OK","msg" => 0));
// check printmode
2020-11-19 23:00:58 +01:00
2020-11-19 23:00:35 +01:00
$printMode = CommonUtils::getConfigValue($pdo, 'payprinttype', "s");
2020-11-19 22:59:57 +01:00
if ($printMode != "s") {
echo $active;
return;
}
$sql = "SELECT count(id) as countid FROM %work% WHERE item=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array('lastprtserveraccess'));
$row = $stmt->fetchObject();
if ($row->countid == 0) {
echo $notActive;
} else {
$sql = "SELECT value FROM %work% WHERE item=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array('lastprtserveraccess'));
$row = $stmt->fetchObject();
$lastaccess = $row->value;
date_default_timezone_set(DbUtils::getTimeZone());
$date = new DateTime();
$currentTimeStamp = $date->getTimestamp();
if (($currentTimeStamp - $lastaccess) > $TIMEOUT) {
echo $notActive;
} else {
echo $active;
}
}
}
2020-11-19 22:47:44 +01:00
function isUserAlreadyLoggedInForPhp() {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
}
2020-11-19 22:47:44 +01:00
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
return false;
} else {
return true;
}
}
function isUserAlreadyLoggedIn() {
if(session_id() == '') {
session_start();
}
2020-11-19 22:59:47 +01:00
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
2020-11-19 22:47:44 +01:00
echo json_encode("NO");
} else {
echo json_encode("YES");
}
}
function logout() {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
2020-11-19 22:47:44 +01:00
session_start();
2020-11-19 22:59:47 +01:00
session_destroy();
2020-11-19 22:47:44 +01:00
}
echo json_encode("OK");
}
static function isOnlyRatingUser($rightArr,$right_rating,$comparisonVal) {
foreach($rightArr as $aRight) {
if ($aRight == $comparisonVal) {
return false;
}
}
if ($right_rating == $comparisonVal) {
return true;
} else {
return false;
}
}
2020-11-19 23:00:09 +01:00
function tryAuthenticate($userid,$password,$modus,$day,$month,$year,$hour,$minute,$unixtime) {
2020-11-19 22:47:44 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 22:59:47 +01:00
$authenticated = false;
2020-11-19 23:02:49 +01:00
$isLoginAllowed = self::checkIsLoginAllowed($pdo,$userid);
if (!$isLoginAllowed) {
Logger::logcmd("admin","authentication","Login with id $userid failed");
echo json_encode(array("status" => "WAIT"));
return;
}
2020-11-19 23:03:48 +01:00
$sql = "SELECT *,%user%.id as id FROM %user%,%roles% WHERE %user%.id=? AND active='1' AND %user%.roleid=%roles%.id";
2020-11-19 22:47:44 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($userid));
2020-11-19 22:59:47 +01:00
$result = $stmt->fetchAll();
$numberOfEntries = count($result);
2020-11-19 22:47:44 +01:00
if ($numberOfEntries == 1) {
2020-11-19 22:59:47 +01:00
$zeile = $result[0];
$pass_hash = $zeile['userpassword'];
2020-11-19 22:54:12 +01:00
if ($zeile['is_admin'] == 0) {
// authentication-check
}
2020-11-19 22:59:47 +01:00
// password_verify requires PHP > 5.5, so let's use MD5 instead
// (it is no banking software...)
if (md5($password) == $pass_hash) {
$authenticated = true;
}
}
2020-11-19 22:47:44 +01:00
if ($authenticated) {
date_default_timezone_set(DbUtils::getTimeZone());
$now = getdate();
$serverDay = $now["mday"];
$serverMonth = $now["mon"];
$serverYear = $now["year"];
$serverHour = $now["hours"];
$serverMinute = $now["minutes"];
$serverTime = $now["0"];
$timeDiff = 0;
if (abs($serverTime - $unixtime) > (60*60*2)) {
$timeDiff = 1;
}
ini_set('session.gc_maxlifetime',65535);
session_set_cookie_params(65535);
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
2020-11-19 22:47:44 +01:00
}
$username = $zeile["username"];
2020-11-19 22:59:47 +01:00
$_SESSION['angemeldet'] = true;
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$_SESSION['userid'] = $zeile['id'];
2020-11-19 22:47:44 +01:00
$_SESSION['currentuser'] = $username;
2020-11-19 23:00:09 +01:00
$_SESSION['modus'] = $modus;
2020-11-19 22:47:44 +01:00
$workflow = $this->getConfigItemsAsString($pdo, "workflowconfig");
$rights = array($zeile['is_admin'],$zeile['right_waiter'],$zeile['right_kitchen'],
$zeile['right_bar'],$zeile['right_supply'],$zeile['right_paydesk'],
$zeile['right_statistics'],$zeile['right_bill'],$zeile['right_products'],
2020-11-19 23:02:08 +01:00
$zeile['right_reservation'],$zeile['right_changeprice'],$zeile['right_customers'],$zeile['right_manager'],
2020-11-19 23:03:20 +01:00
$zeile['right_closing'],$zeile['right_dash']);
2020-11-19 22:47:44 +01:00
$right_rating = $zeile['right_rating'];
if (self::isOnlyRatingUser($rights,$right_rating, 1)) {
$_SESSION['right_rating'] = true;
$_SESSION['is_admin'] = false;
$_SESSION['right_waiter'] = false;
$_SESSION['right_kitchen'] = false;
$_SESSION['right_bar'] = false;
$_SESSION['right_supply'] = false;
$_SESSION['right_paydesk'] = false;
$_SESSION['right_statistics'] = false;
$_SESSION['right_bill'] = false;
$_SESSION['right_products'] = false;
$_SESSION['right_reservation'] = false;
$_SESSION['right_changeprice'] = false;
2020-11-19 23:02:08 +01:00
$_SESSION['right_customers'] = false;
2020-11-19 22:47:44 +01:00
$_SESSION['right_manager'] = false;
2020-11-19 22:59:47 +01:00
$_SESSION['right_closing'] = false;
2020-11-19 23:03:20 +01:00
$_SESSION['right_dash'] = false;
2020-11-19 22:48:24 +01:00
$_SESSION['keeptypelevel'] = false;
2020-11-19 22:59:47 +01:00
} else {
$_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false);
2020-11-19 22:47:44 +01:00
$_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false);
2020-11-19 22:55:30 +01:00
if (($workflow == 2) || ($workflow == 3)) {
2020-11-19 22:59:47 +01:00
$_SESSION['right_kitchen'] = false;
$_SESSION['right_bar'] = false;
2020-11-19 22:47:44 +01:00
$_SESSION['right_supply'] = false;
} else {
$_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false);
$_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false);
$_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false);
2020-11-19 22:59:47 +01:00
}
$_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false);
$_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false);
$_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false);
2020-11-19 22:47:44 +01:00
$_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false);
$_SESSION['right_reservation'] = ($zeile['right_reservation'] == 1 ? true : false);
$_SESSION['right_rating'] = ($zeile['right_rating'] == 1 ? true : false);
2020-11-19 22:59:47 +01:00
$_SESSION['right_changeprice'] = ($zeile['right_changeprice'] == 1 ? true : false);
2020-11-19 23:02:08 +01:00
$_SESSION['right_customers'] = ($zeile['right_customers'] == 1 ? true : false);
2020-11-19 22:47:44 +01:00
$_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false);
2020-11-19 22:59:47 +01:00
$_SESSION['right_closing'] = ($zeile['right_closing'] == 1 ? true : false);
2020-11-19 23:03:20 +01:00
$_SESSION['right_dash'] = ($zeile['right_dash'] == 1 ? true : false);
2020-11-19 22:48:24 +01:00
$_SESSION['keeptypelevel'] = ($zeile['keeptypelevel'] == 1 ? true : false);
2020-11-19 22:47:44 +01:00
}
$this->userrights->setSession($_SESSION['is_admin'], $_SESSION['right_waiter'], $_SESSION['right_kitchen'],
$_SESSION['right_bar'], $_SESSION['right_supply'], $_SESSION['right_paydesk'], $_SESSION['right_statistics'],
2020-11-19 22:59:47 +01:00
$_SESSION['right_bill'], $_SESSION['right_products'], $_SESSION['right_reservation'], $_SESSION['right_rating'],
2020-11-19 23:03:20 +01:00
$_SESSION['right_changeprice'], $_SESSION['right_customers'],$_SESSION['right_manager'], $_SESSION['right_closing'],
$_SESSION['right_dash']);
2020-11-19 22:47:44 +01:00
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
$_SESSION["roombtnsize"] = $zeile['roombtnsize'];
$_SESSION["tablebtnsize"] = $zeile['tablebtnsize'];
$_SESSION["prodbtnsize"] = $zeile['prodbtnsize'];
$language = $zeile['language'];
if (is_null($language)) {
$language = 0;
}
$_SESSION['language'] = intval($language);
$receiptprinter = $zeile['receiptprinter'];
if (is_null($receiptprinter)) {
$receiptprinter = 1;
}
$_SESSION['receiptprinter'] = intval($receiptprinter);
$preferTm = $zeile['prefertablemap'];
if (is_null($preferTm)) {
$preferTm = 1;
}
$_SESSION['prefertm'] = intval($preferTm);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$_SESSION['timezone'] = $this->getTimeZone($pdo);
}
if ($authenticated) {
Logger::logcmd("admin","authentication","Login $username successful");
2020-11-19 23:02:49 +01:00
self::clearFailedLogins($pdo, $userid);
2020-11-19 22:47:44 +01:00
$loginMessage = $this->getMessage(null,'loginmessage');
echo json_encode(array("status" => "YES","loginmessage" => $loginMessage, "timediff" => $timeDiff, "isadmin" => $zeile['is_admin'],"lang" => $_SESSION["language"]));
} else {
Logger::logcmd("admin","authentication","Login with id $userid failed");
2020-11-19 23:02:49 +01:00
self::increaseFailedLogins($pdo,$userid);
2020-11-19 22:47:44 +01:00
echo json_encode(array("status" => "NO"));
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:49 +01:00
private static function checkIsLoginAllowed($pdo,$userid) {
date_default_timezone_set(DbUtils::getTimeZone());
$now = getdate();
$serverTime = $now["0"];
$sql = "SELECT failedlogins FROM %user% WHERE id=?";
$row = CommonUtils::getRowSqlObject($pdo, $sql, array($userid));
if (is_null($row) || is_null($row->failedlogins)) {
return true;
} else {
$lastFailure = explode("_",$row->failedlogins)[0];
$attempt = intval(explode("_",$row->failedlogins)[1]);
if ($attempt >= 5) {
if (abs($serverTime - $lastFailure) > (60*3)) {
self::clearFailedLogins($pdo, $userid);
return true;
} else {
return false;
}
} else {
return true;
}
}
}
private static function increaseFailedLogins($pdo,$userid) {
date_default_timezone_set(DbUtils::getTimeZone());
$now = getdate();
$serverTime = $now["0"];
$lastFailure = (string) $serverTime . "_";
$sql = "SELECT failedlogins FROM %user% WHERE id=?";
$row = CommonUtils::getRowSqlObject($pdo, $sql, array($userid));
if (is_null($row) || is_null($row->failedlogins)) {
$lastFailure .= "1";
} else {
$attempt = intval(explode("_",$row->failedlogins)[1]);
$lastFailure .= ($attempt + 1);
}
$sql = "UPDATE %user% SET failedlogins=? WHERE id=?";
CommonUtils::execSql($pdo, $sql, array($lastFailure,$userid));
}
private static function clearFailedLogins($pdo,$userid) {
$sql = "UPDATE %user% SET failedlogins=? WHERE id=?";
CommonUtils::execSql($pdo, $sql, array(null,$userid));
}
2020-11-19 22:47:44 +01:00
private function getMessage($pdo,$messageType) {
if (is_null($pdo)) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
}
$sql = "SELECT value FROM %work% WHERE item=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($messageType));
$row = $stmt->fetchObject();
$msg = "";
if ($stmt->rowCount() > 0) {
$msg = $row->value;
}
return $msg;
}
function getButtonSizes() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
echo json_encode(self::getButtonSizesCore($pdo));
}
private static function getButtonSizesCore($pdo) {
$userid = $_SESSION['userid'];
$sql = "SELECT roombtnsize,tablebtnsize,prodbtnsize FROM %user% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($userid));
$row =$stmt->fetchObject();
$roombtnsize = $row->roombtnsize;
if (is_null($roombtnsize)) {
$roombtnsize = 0;
}
$tablebtnsize = $row->tablebtnsize;
if (is_null($tablebtnsize)) {
$tablebtnsize = 0;
}
$prodbtnsize = $row->prodbtnsize;
if (is_null($prodbtnsize)) {
$prodbtnsize = 0;
}
return(array("roombtnsize" => $roombtnsize,"tablebtnsize" => $tablebtnsize,"prodbtnsize" => $prodbtnsize));
}
private static function getUserValue($item,$defaultvalue) {
$userid = $_SESSION['userid'];
$sql = "SELECT $item AS result FROM %user% WHERE id=?";
$pdo = DbUtils::openDbAndReturnPdoStatic();
$stmt = $pdo->prepare(Dbutils::substTableAlias($sql));
$stmt->execute(array($userid));
if ($stmt->rowCount() == 0) {
return $defaultvalue;
}
$row = $stmt->fetchObject();
$aVal = 0;
if ($row != null) {
$aVal = $row->result;
if ($aVal == null) {
$aVal = $defaultvalue;
}
}
echo json_encode($aVal);
}
function getPreferTableMap() {
self::getUserValue('prefertablemap',1);
}
2020-11-19 23:03:35 +01:00
function getPreferimgdesk() {
self::getUserValue('preferimgdesk', 0);
}
function getPreferimgmobile() {
self::getUserValue('preferimgmobile', 0);
}
2020-11-19 23:03:38 +01:00
function getShowplusminus() {
$userid = $_SESSION['userid'];
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT IFNULL(showplusminus,0) AS result FROM %user% WHERE id=?";
$row = CommonUtils::getRowSqlObject($pdo, $sql, array($userid));
$pdo = null;
echo json_encode($row->result);
}
2020-11-19 22:48:24 +01:00
function getKeepTypeLevel() {
self::getUserValue('keeptypelevel',1);
}
2020-11-19 23:02:42 +01:00
function getmobilecss() {
$cssFile = "orderstyle.min.css";
if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT mobiletheme FROM %user% WHERE id=?";
$mobileTheme = CommonUtils::getRowSqlObject($pdo, $sql, array($userid));
$cssFile = "orderstyle.min.css";
if ($mobileTheme->mobiletheme == 1) {
$cssFile = "orderstyle-pale.min.css";
}
}
$file = "3rdparty/orderstyle/$cssFile";
header('Content-type: text/css');
readfile($file);
}
function getMobileTheme() {
self::getUserValue('mobiletheme', 0);
}
2020-11-19 22:53:50 +01:00
function getApplyExtrasBtnPos() {
self::getUserValue('extrasapplybtnpos', 1);
}
2020-11-19 22:47:44 +01:00
function getOrderVolume() {
self::getUserValue('ordervolume',0);
}
private static function setUserValue($item,$theValue) {
$userid = $_SESSION['userid'];
$sql = "UPDATE %user% SET $item=? WHERE id=?";
$pdo = DbUtils::openDbAndReturnPdoStatic();
$pdo->beginTransaction();
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theValue,$userid));
$pdo->commit();
echo json_encode(array("status" => "OK"));
}
function setOrderVolume($volume) {
2020-11-19 22:48:24 +01:00
self::setUserValue('ordervolume', $volume);
2020-11-19 22:47:44 +01:00
}
function setPreferTableMap($preferValue) {
self::setUserValue('prefertablemap',$preferValue);
}
2020-11-19 23:03:35 +01:00
function setPreferimgdesk($preferValue) {
if ($preferValue == 0) {
$preferValue = null;
}
self::setUserValue('preferimgdesk',$preferValue);
}
function setPreferimgmobile($preferValue) {
if ($preferValue == 0) {
$preferValue = null;
}
self::setUserValue('preferimgmobile',$preferValue);
}
2020-11-19 23:03:38 +01:00
function setShowplusminus($preferValue) {
if ($preferValue == 0) {
$preferValue = null;
}
self::setUserValue('showplusminus',$preferValue);
}
2020-11-19 22:48:24 +01:00
function setKeepTypeLevel($preferValue) {
self::setUserValue('keeptypelevel',$preferValue);
}
2020-11-19 23:02:42 +01:00
function setMobileTheme($preferValue) {
self::setUserValue('mobiletheme', $preferValue);
}
2020-11-19 22:53:50 +01:00
function setExtrasApplyBtnPos($preferValue) {
self::setUserValue('extrasapplybtnpos',$preferValue);
}
2020-11-19 22:47:44 +01:00
function setLastModuleOfUser($view) {
if ($this->isUserAlreadyLoggedInForPhp()) {
if ($view != "logout.php") {
$userid = $_SESSION['userid'];
2020-11-19 22:52:55 +01:00
$questPos = strpos($view,'?');
if ($questPos != false) {
$view = substr($view,0,$questPos);
}
2020-11-19 22:47:44 +01:00
$sql = "UPDATE %user% SET lastmodule=? WHERE id=? AND active='1'";
$pdo = $this->dbutils->openDbAndReturnPdo();
2020-11-19 22:59:47 +01:00
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
2020-11-19 22:47:44 +01:00
$stmt->execute(array($view,$userid));
}
echo json_encode(array("status" => "OK"));
2020-11-19 22:55:20 +01:00
} else {
echo json_encode(array("status" => "Error","msg" => "Benutzer nicht eingeloggt"));
2020-11-19 22:47:44 +01:00
}
}
public function getConfigItemsAsString($pdo,$key) {
$sql = "SELECT setting FROM %config% WHERE name=?";
if (is_null($pdo)) {
return "";
}
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($key));
$row = $stmt->fetchObject();
if ($stmt->rowCount() == 0) {
return "";
}
$theValue = $row->setting;
if (is_null($theValue)) {
return "";
} else {
return $theValue;
}
}
public static function overruleTimeZone($timezone) {
self::$timezone = $timezone;
DbUtils::overruleTimeZone($timezone);
}
public function getTimeZone($pdo) {
if (is_null(self::$timezone)) {
$timezone = $this->getConfigItemsAsString($pdo, "timezone");
if ($timezone == "") {
$timezone = "Europe/Berlin";
}
return $timezone;
} else {
return self::$timezone;
}
}
public function getEnv($pdo) {
$installdate = $this->getConfigItemsAsString($pdo, "installdate");
$lastupdate = $this->getConfigItemsAsString($pdo, "lastupdate");
$version = $this->getConfigItemsAsString($pdo, "version");
return(array("version" => $version, "installdate" => $installdate, "lastupdate" => $lastupdate));
}
private function getWaiterSettings() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$userLoggedIn = $this->isUserAlreadyLoggedInForPhp();
if (!$userLoggedIn) {
$retVal = array("isUserLoggedIn" => 0);
echo json_encode($retVal);
return;
}
2020-11-19 23:03:35 +01:00
$configItems = join(",",array("'decpoint'","'version'","'cancelunpaidcode'","'tax'","'togotax'","'taxaustrianormal'","'taxaustriaerm1'","'taxaustriaerm2'","'taxaustriaspecial'","'currency'","'workflowconfig'","'prominentsearch'","'discount1'","'discount2'","'discount3'","'discountname1'","'discountname2'","'discountname3'","'waitergopayprint'","'cashenabled'","'returntoorder'","'restaurantmode'","'startprodsearch'","'priceinlist'"));
2020-11-19 22:47:44 +01:00
$sql = "select name,setting FROM %config% WHERE name in ($configItems)";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$configitems = $stmt->fetchAll();
$configresult = array();
foreach($configitems as $item) {
$configresult[$item["name"]] = $item["setting"];
}
$userlang = 0;
$right_changeprice = 0;
$supplyRight = 0;
if ($userLoggedIn) {
2020-11-19 23:03:48 +01:00
$sql = "SELECT language,right_supply,right_changeprice,keeptypelevel,extrasapplybtnpos,right_paydesk,IFNULL(preferimgdesk,0) as preferimgdesk,IFNULL(preferimgmobile,0) as preferimgmobile,IFNULL(showplusminus,0) as showplusminus FROM %user%,%roles% WHERE %user%.id=? AND %user%.roleid=%roles%.id";
2020-11-19 22:48:24 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($_SESSION['userid']));
$row = $stmt->fetchObject();
2020-11-19 22:47:44 +01:00
}
$buttonSizes = self::getButtonSizesCore($pdo);
$jsonMenuItems = $this->getJsonMenuItemsAndVersionCore();
$retVal = array("config" => $configresult,
2020-11-19 22:48:24 +01:00
"rightchangeprice" => $row->right_changeprice,
2020-11-19 23:00:09 +01:00
"rightpaydesk" => $row->right_paydesk,
2020-11-19 22:48:24 +01:00
"supplyright" => $row->right_supply,
"userlanguage" => $row->language,
2020-11-19 22:47:44 +01:00
"buttonsizes" => $buttonSizes,
2020-11-19 22:48:24 +01:00
"keeptypelevel" => $row->keeptypelevel,
2020-11-19 22:53:50 +01:00
"extrasapplybtnpos" => $row->extrasapplybtnpos,
2020-11-19 22:47:44 +01:00
"isUserLoggedIn" => 1,
2020-11-19 23:03:35 +01:00
"jsonMenuItemsAndVersion" => $jsonMenuItems,
"preferimgdesk" => $row->preferimgdesk,
2020-11-19 23:03:38 +01:00
"preferimgmobile" => $row->preferimgmobile,
"showplusminus" => $row->showplusminus
2020-11-19 22:47:44 +01:00
);
echo json_encode($retVal);
}
public function getGeneralConfigItems($forHtml,$pdo) {
$userLoggedIn = $this->isUserAlreadyLoggedInForPhp();
if ($userLoggedIn || (!$forHtml)) {
2020-11-19 22:59:47 +01:00
if (is_null($pdo)) {
2020-11-19 22:47:44 +01:00
$pdo = $this->dbutils->openDbAndReturnPdo();
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:23 +01:00
$sql = "SELECT count(id) as countid FROM %config% WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$companyInfo = CommonUtils::getConfigValueStmt($pdo,$stmt,"companyinfo",null);
$hosttext = CommonUtils::getConfigValueStmt($pdo,$stmt,"hosttext",null);
$rectemplate = CommonUtils::getConfigValueStmt($pdo,$stmt,"rectemplate",null);
$foodtemplate = CommonUtils::getConfigValueStmt($pdo,$stmt,"foodtemplate",null);
$drinktemplate = CommonUtils::getConfigValueStmt($pdo,$stmt,"drinktemplate",null);
2020-11-19 23:03:48 +01:00
$canceltemplate = CommonUtils::getConfigValueStmt($pdo,$stmt,"canceltemplate",null);
2020-11-19 23:03:23 +01:00
$decpoint = CommonUtils::getConfigValueStmt($pdo,$stmt,"decpoint",null);
$version = CommonUtils::getConfigValueStmt($pdo,$stmt,"version",null);
$payprinttype = CommonUtils::getConfigValueStmt($pdo,$stmt,"payprinttype",null);
$cancelunpaidcode = CommonUtils::getConfigValueStmt($pdo,$stmt,"cancelunpaidcode",null);
$cancelguestcode = CommonUtils::getConfigValueStmt($pdo,$stmt,"cancelguestcode",null);
$tax = CommonUtils::getConfigValueStmt($pdo,$stmt,"tax",null);
$togotax = CommonUtils::getConfigValueStmt($pdo,$stmt,"togotax",null);
$taxaustrianormal = CommonUtils::getConfigValueStmt($pdo,$stmt,"taxaustrianormal",null);
$taxaustriaerm1 = CommonUtils::getConfigValueStmt($pdo,$stmt,"taxaustriaerm1",null);
$taxaustriaerm2 = CommonUtils::getConfigValueStmt($pdo,$stmt,"taxaustriaerm2",null);
$taxaustriaspecial = CommonUtils::getConfigValueStmt($pdo,$stmt,"taxaustriaspecial",null);
$serverurl = CommonUtils::getConfigValueStmt($pdo,$stmt,"serverurl",null);
$email = CommonUtils::getConfigValueStmt($pdo,$stmt,"email",null);
$bigfontworkreceipt = CommonUtils::getConfigValueStmt($pdo,$stmt,"bigfontworkreceipt",null);
$prominentsearch = CommonUtils::getConfigValueStmt($pdo,$stmt,"prominentsearch",null);
$discount1 = CommonUtils::getConfigValueStmt($pdo,$stmt,"discount1",null);
$discount2 = CommonUtils::getConfigValueStmt($pdo,$stmt,"discount2",null);
$discount3 = CommonUtils::getConfigValueStmt($pdo,$stmt,"discount3",null);
$austria = CommonUtils::getConfigValueStmt($pdo,$stmt,"austria",null);
$digigopaysetready = CommonUtils::getConfigValueStmt($pdo,$stmt,"digigopaysetready",1);
$waitergopayprint = CommonUtils::getConfigValueStmt($pdo,$stmt,"waitergopayprint",0);
2020-11-19 23:03:26 +01:00
$oneprodworkrecf = CommonUtils::getConfigValueStmt($pdo,$stmt,"oneprodworkrecf",0);
$oneprodworkrecd = CommonUtils::getConfigValueStmt($pdo,$stmt,"oneprodworkrecd",0);
2020-11-19 23:03:23 +01:00
$digiprintwork = CommonUtils::getConfigValueStmt($pdo,$stmt,"digiprintwork",1);
2020-11-19 23:03:26 +01:00
$groupworkitemsf = CommonUtils::getConfigValueStmt($pdo,$stmt,"groupworkitemsf",1);
$groupworkitemsd = CommonUtils::getConfigValueStmt($pdo,$stmt,"groupworkitemsd",1);
2020-11-19 23:03:23 +01:00
$receiveremail = CommonUtils::getConfigValueStmt($pdo,$stmt,"receiveremail","");
$emailbadrating = CommonUtils::getConfigValueStmt($pdo,$stmt,"emailbadrating","");
$emailratingcontact = CommonUtils::getConfigValueStmt($pdo,$stmt,"emailratingcontact","");
$billlanguage = CommonUtils::getConfigValueStmt($pdo,$stmt,"billlanguage",null);
$hotelinterface = CommonUtils::getConfigValueStmt($pdo,$stmt,"hotelinterface",0);
$hsinfile = CommonUtils::getConfigValueStmt($pdo,$stmt,"hsinfile",null);
$hsoutfile = CommonUtils::getConfigValueStmt($pdo,$stmt,"hsoutfile",null);
$hscurrency = CommonUtils::getConfigValueStmt($pdo,$stmt,"hscurrency",null);
$currency = CommonUtils::getConfigValueStmt($pdo,$stmt,"currency",null);
$receiptfontsize = CommonUtils::getConfigValueStmt($pdo,$stmt,"receiptfontsize",null);
$reservationnote = CommonUtils::getConfigValueStmt($pdo,$stmt,"reservationnote",null);
$paymentconfig = CommonUtils::getConfigValueStmt($pdo,$stmt,"paymentconfig",0);
$workflowconfig = CommonUtils::getConfigValueStmt($pdo,$stmt,"workflowconfig",0);
$dashslot1 = CommonUtils::getConfigValueStmt($pdo,$stmt,"dashslot1",1);
$dashslot2 = CommonUtils::getConfigValueStmt($pdo,$stmt,"dashslot2",2);
$dashslot3 = CommonUtils::getConfigValueStmt($pdo,$stmt,"dashslot3",3);
$addreceipttoprinter = CommonUtils::getConfigValueStmt($pdo,$stmt,"addreceipttoprinter","");
$printandqueuejobs = CommonUtils::getConfigValueStmt($pdo,$stmt,"printandqueuejobs",0);
$cashenabled = CommonUtils::getConfigValueStmt($pdo,$stmt,"cashenabled",1);
$returntoorder = CommonUtils::getConfigValueStmt($pdo,$stmt,"returntoorder",1);
$beepcooked = CommonUtils::getConfigValueStmt($pdo,$stmt,"beepcooked",0);
2020-11-19 23:02:57 +01:00
2020-11-19 23:03:23 +01:00
$closshowci = CommonUtils::getConfigValueStmt($pdo,$stmt,"closshowci",1);
$closshowpaytaxes = CommonUtils::getConfigValueStmt($pdo,$stmt,"closshowpaytaxes",1);
$closshowprods = CommonUtils::getConfigValueStmt($pdo,$stmt,"closshowprods",1);
$showpayment2 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment2",1);
$showpayment3 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment3",1);
$showpayment4 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment4",1);
$showpayment5 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment5",1);
$showpayment6 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment6",1);
$showpayment7 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment7",1);
$showpayment8 = CommonUtils::getConfigValueStmt($pdo,$stmt,"showpayment8",1);
2020-11-19 23:02:57 +01:00
2020-11-19 23:03:23 +01:00
$restaurantmode = CommonUtils::getConfigValueStmt($pdo,$stmt,"restaurantmode",1);
2020-11-19 23:03:29 +01:00
$dblog = CommonUtils::getConfigValueStmt($pdo,$stmt,"dblog",1);
2020-11-19 23:03:35 +01:00
$priceinlist = CommonUtils::getConfigValueStmt($pdo,$stmt,"priceinlist",0);
2020-11-19 23:03:31 +01:00
$startprodsearch = CommonUtils::getConfigValueStmt($pdo,$stmt,"startprodsearch",3);
2020-11-19 22:47:44 +01:00
$smtphost = "";
$smtpauth = 1;
$smtpuser = "";
$smtppass = "";
$smtpsecure = 1;
$smtpport = "";
2020-11-19 23:03:48 +01:00
if ( (isset($_SESSION['is_admin']) && ($_SESSION['is_admin'] == 1)) || (isset($_SESSION['right_manager']) && ($_SESSION['right_manager']))) {
2020-11-19 23:03:23 +01:00
$smtphost = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtphost","");
$smtpauth = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtpauth",1);
$smtpuser = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtpuser","");
$smtppass = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtppass","");
$smtpsecure = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtpsecure",1);
$smtpport = CommonUtils::getConfigValueStmt($pdo,$stmt,"smtpport","");
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:03:23 +01:00
$discountname1 = trim(CommonUtils::getConfigValueStmt($pdo,$stmt, "discountname1", ''));
$discountname2 = trim(CommonUtils::getConfigValueStmt($pdo,$stmt, "discountname2", ''));
$discountname3 = trim(CommonUtils::getConfigValueStmt($pdo,$stmt, "discountname3", ''));
2020-11-19 23:02:42 +01:00
2020-11-19 23:03:23 +01:00
$memorylimit = CommonUtils::getConfigValueStmt($pdo,$stmt,"memorylimit",256);
$updateurl = CommonUtils::getConfigValueStmt($pdo,$stmt,"updateurl","");
2020-11-19 23:03:43 +01:00
$tmpdir = CommonUtils::getConfigValueStmt($pdo,$stmt,"tmpdir","");
$ftphost = CommonUtils::getConfigValueStmt($pdo,$stmt,"ftphost","");
$ftpuser = CommonUtils::getConfigValueStmt($pdo,$stmt,"ftpuser","");
$ftppass = CommonUtils::getConfigValueStmt($pdo,$stmt,"ftppass","");
2020-11-19 23:03:23 +01:00
$hs3refresh = CommonUtils::getConfigValueStmt($pdo,$stmt, "hs3refresh", 60);
2020-11-19 23:00:58 +01:00
2020-11-19 23:03:23 +01:00
$paydeskid = CommonUtils::getConfigValueStmt($pdo,$stmt,"paydeskid","");
$aeskey = CommonUtils::getConfigValueStmt($pdo,$stmt,"aeskey","");
$certificatesn = CommonUtils::getConfigValueStmt($pdo,$stmt,"certificatesn","");
$rksvserver = CommonUtils::getConfigValueStmt($pdo,$stmt,"rksvserver","");
$webimpressum = CommonUtils::getConfigValueStmt($pdo,$stmt,"webimpressum","");
2020-11-19 22:47:44 +01:00
$userlang = 0; // of no interest, if not called from web
$receiptprinter = 1; // of no interest, if not called from web
$right_changeprice = 0;
if ($userLoggedIn) {
$userlang = $_SESSION["language"];
$receiptprinter = $_SESSION['receiptprinter'];
$right_changeprice = ($_SESSION['right_changeprice'] ? 1 : 0);
}
2020-11-19 23:03:43 +01:00
$defaultTmp = sys_get_temp_dir();
2020-11-19 22:47:44 +01:00
date_default_timezone_set(DbUtils::getTimeZone());
$now = getdate();
2020-11-19 22:59:47 +01:00
2020-11-19 23:03:48 +01:00
$retVal = array("companyinfo" => $companyInfo, "rectemplate" => $rectemplate, "foodtemplate" => $foodtemplate, "drinktemplate" => $drinktemplate, "canceltemplate" => $canceltemplate,
2020-11-19 22:59:54 +01:00
"version" => $version, "decpoint" => $decpoint,
2020-11-19 22:59:47 +01:00
"serverurl" => $serverurl, "email" => $email, "receiveremail" => $receiveremail, "billlanguage" => $billlanguage,
2020-11-19 23:00:58 +01:00
"hotelinterface" => $hotelinterface, "hsinfile" => $hsinfile, "hsoutfile" => $hsoutfile, "hscurrency" => $hscurrency,
2020-11-19 22:47:44 +01:00
"payprinttype" => $payprinttype, "tax" => $tax, "togotax" => $togotax, "currency" => $currency,
2020-11-19 23:00:31 +01:00
"taxaustrianormal" => $taxaustrianormal, "taxaustriaerm1" => $taxaustriaerm1, "taxaustriaerm2" => $taxaustriaerm2, "taxaustriaspecial" => $taxaustriaspecial,
2020-11-19 22:47:44 +01:00
"userlanguage" => $userlang, "receiptprinter" => $receiptprinter,
"receiptfontsize" => $receiptfontsize, "reservationnote" => $reservationnote, "paymentconfig" => $paymentconfig,
"workflowconfig" => $workflowconfig, "emailratingcontact" => $emailratingcontact,"emailbadrating" => $emailbadrating,
2020-11-19 23:03:26 +01:00
"rightchangeprice" => $right_changeprice, "bigfontworkreceipt" => $bigfontworkreceipt, "prominentsearch" => $prominentsearch,"groupworkitemsf" => $groupworkitemsf,"groupworkitemsd" => $groupworkitemsd,
2020-11-19 22:47:44 +01:00
"sday" => $now["mday"],"smonth" => $now["mon"], "syear" => $now["year"], "shour" => $now["hours"], "smin" => $now["minutes"],
"smtphost" => $smtphost,"smtpauth" => $smtpauth,"smtpuser" => $smtpuser,"smtppass" => $smtppass,"smtpsecure" => $smtpsecure,"smtpport" => $smtpport,
2020-11-19 23:02:12 +01:00
"webimpressum" => $webimpressum, "cancelunpaidcode" => $cancelunpaidcode, "cancelguestcode" => $cancelguestcode, "discount1" => $discount1,"discount2" => $discount2,"discount3" => $discount3,
2020-11-19 23:03:26 +01:00
"austria" => $austria, "digigopaysetready" => $digigopaysetready, "waitergopayprint" => $waitergopayprint, "oneprodworkrecf" => $oneprodworkrecf, "oneprodworkrecd" => $oneprodworkrecd,
2020-11-19 23:03:43 +01:00
"digiprintwork" => $digiprintwork, "memorylimit" => $memorylimit, "updateurl" => $updateurl, "tmpdir" => $tmpdir, "hs3refresh" => $hs3refresh,
2020-11-19 23:02:19 +01:00
"paydeskid" => $paydeskid, "aeskey" => $aeskey, "certificatesn" => $certificatesn, "rksvserver" => $rksvserver, "addreceipttoprinter" => $addreceipttoprinter,
2020-11-19 23:02:42 +01:00
"printandqueuejobs" => $printandqueuejobs, "cashenabled" => $cashenabled, "returntoorder" => $returntoorder, "beepcooked" => $beepcooked,"restaurantmode" => $restaurantmode,
2020-11-19 23:03:31 +01:00
"discountname1" => $discountname1,"discountname2" => $discountname2,"discountname3" => $discountname3, "dblog" => $dblog,"startprodsearch" => $startprodsearch,
2020-11-19 23:03:04 +01:00
"closshowci" => $closshowci, "closshowpaytaxes" => $closshowpaytaxes, "closshowprods" => $closshowprods,"hosttext" => $hosttext,
2020-11-19 23:02:57 +01:00
"showpayment2" => $showpayment2,
"showpayment3" => $showpayment3,
"showpayment4" => $showpayment4,
"showpayment5" => $showpayment5,
"showpayment6" => $showpayment6,
"showpayment7" => $showpayment7,
2020-11-19 23:03:20 +01:00
"showpayment8" => $showpayment8,
2020-11-19 23:03:35 +01:00
"dashslot1" => $dashslot1,"dashslot2" => $dashslot2,"dashslot3" => $dashslot3,
2020-11-19 23:03:43 +01:00
"priceinlist" => $priceinlist,
"defaulttmp" => $defaultTmp,
"ftphost" => $ftphost,"ftpuser" => $ftpuser, "ftppass" => $ftppass
2020-11-19 22:58:17 +01:00
);
2020-11-19 22:47:44 +01:00
2020-11-19 23:02:57 +01:00
2020-11-19 22:47:44 +01:00
if ($forHtml) {
echo json_encode(array("status" => "OK", "msg" => $retVal));
} else {
return $retVal;
}
} else {
if ($forHtml) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
} else {
return null;
}
}
}
function getViewAfterLogin() {
2020-11-19 22:59:47 +01:00
if ($this->isUserAlreadyLoggedInForPhp()) {
2020-11-19 22:47:44 +01:00
$userid = $_SESSION['userid'];
2020-11-19 23:00:09 +01:00
$modus = $_SESSION['modus'];
2020-11-19 22:47:44 +01:00
$rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'],
$_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'],
$_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'],
2020-11-19 23:03:20 +01:00
$_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_customers'],
$_SESSION['right_manager'],$_SESSION['right_closing'],$_SESSION['right_dash']);
2020-11-19 22:47:44 +01:00
$right_rating = $_SESSION['right_rating'];
if (self::isOnlyRatingUser($rights, $right_rating, true)) {
echo json_encode("rating.html");
return;
}
$sql = "SELECT lastmodule FROM %user% WHERE id=? AND active='1'";
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
2020-11-19 22:59:47 +01:00
$stmt->execute(array($userid));
$row =$stmt->fetchObject();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$view = "preferences.html";
2020-11-19 22:47:44 +01:00
if ($row != null) {
$newView = $row->lastmodule;
if ($newView != null) {
$view = $newView;
2020-11-19 23:00:09 +01:00
if ($modus == 1) {
if ($view == "waiter.html") {
$view = "waiterdesktop.php";
} else if ($view == "paydesk.html") {
$view = "waiterdesktop.php";
}
} else {
if ($view == "waiterdesktop.php") {
$view = "waiter.html";
}
}
2020-11-19 22:47:44 +01:00
}
}
$mapping = array (
"waiter.html" => 'right_waiter',
"kitchen.html" => 'right_kitchen',
"bar.html" => 'right_bar',
"supplydesk.html" => 'right_supply',
"paydesk.html" => 'right_paydesk',
"reports.html" => 'right_statistics',
"bill.html" => 'right_bill',
"products.html" => 'right_products',
"reservation.html" => 'right_reservation',
2020-11-19 23:00:09 +01:00
"rating.html" => 'right_rating',
2020-11-19 23:02:08 +01:00
"customers.html" => 'right_customers',
2020-11-19 23:03:20 +01:00
"waiterdesktop.php" => 'right_waiter',
"dash.php" => 'right_dash'
2020-11-19 22:47:44 +01:00
);
$valid = false;
2020-11-19 23:03:31 +01:00
if (($view == 'preferences.html') || ($view == 'feedback.html') || ($view == 'help.php')) {
2020-11-19 22:47:44 +01:00
$valid = true;
} else if ($view == 'manager.html') {
2020-11-19 23:03:48 +01:00
if (($_SESSION['is_admin']) || ($_SESSION['right_manager']) || ($_SESSION['right_closing'])) {
2020-11-19 22:47:44 +01:00
$valid = true;
}
} else {
2020-11-19 23:03:48 +01:00
if (($view == "index.html") || ($_SESSION[$mapping[$view]])) {
2020-11-19 22:47:44 +01:00
$valid = true;
}
}
if ($valid == false) {
$view = "preferences.html";
}
2020-11-19 22:59:47 +01:00
2020-11-19 23:03:59 +01:00
echo json_encode($view . "?v=1.3.26");
2020-11-19 22:47:44 +01:00
}
}
function isLoggedinUserAdmin() {
if ($this->isCurrentUserAdmin()) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
}
2020-11-19 23:00:09 +01:00
// public static function startsWith($txt,$key) {
// $ret = (substr($txt, 0, strlen($key)) === $key);
// return (substr($txt, 0, strlen($key)) === $key);
// }
2020-11-19 22:59:47 +01:00
function isLoggedinUserAdminOrManagerOrTE() {
if ($this->hasCurrentUserRight('is_admin')) {
echo json_encode("admin");
} else if ($this->hasCurrentUserRight('right_manager')) {
echo json_encode("manager");
} else if ($this->hasCurrentUserRight('right_closing')) {
echo json_encode("closing");
} else {
echo json_encode(NO);
}
}
function isLoggedinUserKitchen() {
if ($this->hasCurrentUserRight('right_kitchen')) {
2020-11-19 22:47:44 +01:00
echo json_encode(YES);
} else {
echo json_encode(NO);
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
function isLoggedinUserBar() {
if ($this->hasCurrentUserRight('right_bar')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
2020-11-19 22:47:44 +01:00
}
function hasUserPaydeskRight() {
2020-11-19 22:59:47 +01:00
if ($this->hasCurrentUserRight('right_paydesk')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
2020-11-19 22:47:44 +01:00
}
}
2020-11-19 22:59:47 +01:00
function hasUserReservationRight() {
if ($this->hasCurrentUserRight('right_reservation')) {
echo json_encode(YES);
} else {
echo json_encode(NO);
}
2020-11-19 22:47:44 +01:00
}
function hasCurrentUserRight($whichRight) {
if(session_id() == '') {
session_start();
2020-11-19 22:59:47 +01:00
}
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
return false;
} else {
return ($_SESSION[$whichRight]);
2020-11-19 22:47:44 +01:00
}
}
function isCurrentUserAdmin() {
2020-11-19 22:59:47 +01:00
return $this->hasCurrentUserRight('is_admin');
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:54:51 +01:00
function fillSampleContentBySqlFile($pdo,$sqlFile) {
2020-11-19 22:59:47 +01:00
$handle = fopen ($sqlFile, "r");
while (!feof($handle)) {
2020-11-19 22:54:51 +01:00
$sql = fgets($handle);
2020-11-19 22:59:47 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
2020-11-19 22:47:44 +01:00
fclose ($handle);
}
private function assignTaxes($foodTax,$drinksTax) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$pdo->beginTransaction();
2020-11-19 23:00:31 +01:00
try {
$sql = "UPDATE %products%,%prodtype% SET %products%.taxaustria=? WHERE %products%.category=%prodtype%.id AND %prodtype%.kind=? AND %products%.removed is null AND %prodtype%.removed is null";
2020-11-19 22:47:44 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($foodTax,0));
$stmt->execute(array($drinksTax,1));
2020-11-19 22:59:47 +01:00
HistFiller::readAllProdsAndFillHistByDb($pdo);
2020-11-19 22:47:44 +01:00
$pdo->commit();
echo json_encode (array("status" => "OK"));
} catch (Exception $e) {
$pdo->rollBack();
echo json_encode(array("status" => "ERROR", "code" => NUMBERFORMAT_ERROR, "msg" => NUMBERFORMAT_ERROR_MSG));
}
}
private function fillSpeisekarte($speisekarte) {
2020-11-19 22:59:47 +01:00
$pdo = $this->dbutils->openDbAndReturnPdo();
2020-11-19 22:47:44 +01:00
$pdo->beginTransaction();
$ret = $this->fillSpeisekarteCore($pdo,$speisekarte);
if ($ret["status"] != "OK") {
$pdo->rollBack();
} else {
$pdo->commit();
}
echo json_encode($ret);
}
2020-11-19 23:03:38 +01:00
public function fillSpeisekarteCore($pdo,$speisekarte,$doCleanProdImages = true) {
2020-11-19 22:47:44 +01:00
$sql = "DELETE FROM %extrasprods%";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$speisekartenHandler = new TypeAndProductFileManager();
$ret = $speisekartenHandler->manageSpeisekarte($pdo,$speisekarte);
2020-11-19 23:00:05 +01:00
2020-11-19 23:03:38 +01:00
if ($doCleanProdImages) {
Products::cleanProdImagesTable($pdo);
}
2020-11-19 23:03:35 +01:00
2020-11-19 22:47:44 +01:00
return $ret;
}
private function fillSampleContent()
{
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 22:59:47 +01:00
$sql = "DELETE FROM `%queue%`";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt");
2020-11-19 22:47:44 +01:00
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$sql = "DELETE FROM `%histuser%`";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
$sql = "DELETE FROM `%user%`";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt");
2020-11-19 22:47:44 +01:00
2020-11-19 22:54:51 +01:00
$this->histfiller->readUserTableAndSendToHist($pdo);
2020-11-19 22:47:44 +01:00
}
function getJsonMenuItemsAndVersion() {
echo json_encode($this->getJsonMenuItemsAndVersionCore());
}
/*
* Return all the entries for the main menu (the modules)
*/
private function getJsonMenuItemsAndVersionCore() {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
2020-11-19 22:47:44 +01:00
}
$mainMenu = array();
$currentUser = "";
$waiterMessage = "";
$loggedIn = true;
2020-11-19 22:59:47 +01:00
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
2020-11-19 22:47:44 +01:00
$mainMenu[] = array("name" => "Startseite", "link" => "index.html");
2020-11-19 22:59:47 +01:00
$loggedIn = false;
2020-11-19 22:47:44 +01:00
} else {
$lang = $_SESSION['language'];
2020-11-19 23:00:09 +01:00
$waiterdesktxt = array("Kellneransicht","Waiter's View","Vista de camareros");
2020-11-19 22:47:44 +01:00
$kitchentxt = array("K&uuml;che","Kitchen","Cocina");
2020-11-19 23:00:09 +01:00
$waitertxt = array("Bestellung","Orderdesk","Camarero");
2020-11-19 22:47:44 +01:00
$paydesktxt = array("Kasse","Paydesk","Caja");
$settingtxt = array("Einstellungen","Preferences","Propriedades");
$admintxt = array("Verwaltung","Administration","Administrar");
$supplytxt = array("Bereitstellung","Supply desk","Preparado");
$prodtxt = array("Angebot","Products","Productos");
$restxt = array("Reservierung","Reservation","Reserva");
$bontxt = array("Kassenbons","Receipts","Tiques");
$stattxt = array("Statistik","Statistics","Estadisticas");
$ratingtxt = array("Bewertung","Rating","Valoración");
2020-11-19 23:02:08 +01:00
$customerstxt = array("Gäste","Guests","Clientes");
2020-11-19 23:03:20 +01:00
$dashtxt = array("Dashboard","Dashboard","Dashboard");
2020-11-19 22:47:44 +01:00
$logout = array("Abmelden","Log out","Adios");
$rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'],
$_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'],
$_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'],
2020-11-19 23:02:08 +01:00
$_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_customers'],
2020-11-19 23:03:20 +01:00
$_SESSION['right_manager'],$_SESSION['right_closing'],$_SESSION['right_dash']);
2020-11-19 22:47:44 +01:00
$right_rating = $_SESSION['right_rating'];
2020-11-19 23:00:09 +01:00
if (!self::isOnlyRatingUser($rights, $right_rating, true)) {
if ($_SESSION['modus'] == 0) {
2020-11-19 23:03:59 +01:00
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.3.26"); };
2020-11-19 23:00:09 +01:00
} else {
2020-11-19 23:03:59 +01:00
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waiterdesktxt[$lang], "link" => "waiterdesktop.php?v=1.3.26"); };
2020-11-19 23:00:09 +01:00
}
2020-11-19 23:03:59 +01:00
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.3.26"); };
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.3.26"); };
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.3.26"); };
2020-11-19 23:00:09 +01:00
if ($_SESSION['modus'] == 0) {
2020-11-19 23:03:59 +01:00
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html?v=1.3.26"); };
2020-11-19 23:00:09 +01:00
}
2020-11-19 23:03:59 +01:00
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.3.26"); };
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.3.26"); };
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.3.26"); };
if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.3.26"); };
if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.3.26"); };
if ($_SESSION['right_customers']) { $mainMenu[] = array("name" => $customerstxt[$lang], "link" => "customers.html?v=1.3.26"); };
if ($_SESSION['right_dash']) { $mainMenu[] = array("name" => $dashtxt[$lang], "link" => "dash.php?v=1.3.26"); };
if ($_SESSION['right_manager'] || $_SESSION['is_admin'] || $_SESSION['right_closing']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.3.26"); };
$mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.3.26");
$mainMenu[] = array("name" => "Hilfe", "link" => "help.php?v=1.3.26");
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.3.26");
2020-11-19 22:47:44 +01:00
}
$mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php");
$currentUser = $_SESSION['currentuser'];
2020-11-19 22:59:47 +01:00
$waiterMessage = $this->getMessage(null, "waitermessage");
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:03:59 +01:00
$mainMenuAndVersion = array ("version" => "OrderSprinter 1.3.26",
2020-11-19 22:47:44 +01:00
"user" => $currentUser,
"menu" => $mainMenu,
"waitermessage" => $waiterMessage,
"loggedin" => ($loggedIn ? 1:0)
);
return($mainMenuAndVersion);
}
2020-11-19 23:03:20 +01:00
private function getPrinterInstances() {
try {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$k1 = CommonUtils::getConfigValue($pdo, 'k1prinstance', 1);
$k2 = CommonUtils::getConfigValue($pdo, 'k2prinstance', 1);
$k3 = CommonUtils::getConfigValue($pdo, 'k3prinstance', 1);
$k4 = CommonUtils::getConfigValue($pdo, 'k4prinstance', 1);
$k5 = CommonUtils::getConfigValue($pdo, 'k5prinstance', 1);
$k6 = CommonUtils::getConfigValue($pdo, 'k6prinstance', 1);
$f1 = CommonUtils::getConfigValue($pdo, 'f1prinstance', 1);
$f2 = CommonUtils::getConfigValue($pdo, 'f2prinstance', 1);
$d1 = CommonUtils::getConfigValue($pdo, 'd1prinstance', 1);
$d2 = CommonUtils::getConfigValue($pdo, 'd2prinstance', 1);
$ret = array("k1" => $k1,"k2" => $k2,"k3" => $k3, "k4" => $k4,"k5" => $k5,"k6" => $k6,"d1" => $d1,"d2" => $d2,"f1" => $f1,"f2" => $f2);
echo json_encode(array("status" => "OK","msg" => $ret));
} catch (Exception $ex) {
echo json_encode(array("status" => "ERROR","msg" => "Error: $e"));
return;
}
}
private function setprinterinstances($k1,$k2,$k3,$k4,$k5,$k6,$f1,$f2,$d1,$d2) {
try {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %config% SET setting=? WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($k1,"k1prinstance"));
$stmt->execute(array($k2,"k2prinstance"));
$stmt->execute(array($k3,"k3prinstance"));
$stmt->execute(array($k4,"k4prinstance"));
$stmt->execute(array($k5,"k5prinstance"));
$stmt->execute(array($k6,"k6prinstance"));
$stmt->execute(array($f1,"f1prinstance"));
$stmt->execute(array($f2,"f2prinstance"));
$stmt->execute(array($d1,"d1prinstance"));
$stmt->execute(array($d2,"d2prinstance"));
echo json_encode(array("status" => "OK"));
} catch (Exception $ex) {
}
}
private function getdashreports() {
try {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$reports = new Reports();
$stat = $reports->getStatsCore($pdo,true);
echo json_encode(array("status" => "OK","msg" => array("stat" => $stat)));
} catch (Exception $ex) {
echo json_encode(array("status" => "ERROR","msg" => "Error: " . $ex->getMessage()));
return;
}
}
2020-11-19 23:03:07 +01:00
private function getDbStat() {
try {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT table_name, round(sum( data_length + index_length ) / 1024) as tablesizeinmb FROM information_schema.TABLES ";
$sql .= " WHERE table_schema=? AND table_name like ? group by table_name order by table_name";
$result = CommonUtils::fetchSqlAll($pdo, $sql, array(MYSQL_DB,TAB_PREFIX . "%"));
$max = 0;
foreach ($result as $aTableResult) {
$size = intval($aTableResult["tablesizeinmb"]);
if ($max < $size) {
$max = $size;
}
}
echo json_encode(array("status" => "OK","msg" => array("max" => $max,"tablesizes" => $result)));
} catch (Exception $e) {
echo json_encode(array("status" => "ERROR","msg" => "Error: $e"));
return;
}
}
2020-11-19 23:00:58 +01:00
private function getWaiterMessage() {
try {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$waiterMessage = $this->getMessage(null, "waitermessage");
echo json_encode(array("status" => "OK","msg" => $waiterMessage));
} catch (Exception $e) {
echo json_encode(array("status" => "ERROR","msg" => "Error: $e"));
return;
}
}
private function getHotelInfo($pdo) {
try {
$hotelinterface = CommonUtils::getConfigValue($pdo, "hotelinterface", 0);
$guests = array();
if ($hotelinterface == 1) {
$sql = "SELECT reservationid,object,guest FROM %hsout%";
$guests = CommonUtils::fetchSqlAll($pdo, $sql, null);
}
return(array("status" => "OK","hotelinterface" => $hotelinterface,"guests" => $guests));
} catch (Exception $e) {
return(array("status" => "ERROR","hotelinterface" => 0,"guests" => array()));
}
}
2020-11-19 23:02:08 +01:00
private function getGuestInfo($pdo) {
try {
2020-11-19 23:03:04 +01:00
$sql = "SELECT %customers%.id as id,%customers%.id as object,CONCAT(IFNULL(name,''),' - ',IFNULL(room,'')) as guest ";
$sql .= " FROM %customers%,%vacations% ";
$sql .= " WHERE %customers%.id=%vacations%.customerid AND (";
$sql .= " ((checkin <= CURDATE()) AND (CURDATE() <= checkout)) ";
$sql .= " OR (checkin is null AND (CURDATE() <= checkout)) ";
$sql .= " OR ((checkin <= CURDATE()) AND checkout is null) ";
2020-11-19 23:03:26 +01:00
$sql .= ") GROUP BY id,object,guest";
2020-11-19 23:02:08 +01:00
$guests = CommonUtils::fetchSqlAll($pdo, $sql, null);
return(array("status" => "OK","guests" => $guests));
} catch (Exception $ex) {
return(array("status" => "ERROR"));
}
}
2020-11-19 23:03:48 +01:00
function getRoleList() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$roles = $this->getRoleListCore($pdo);
echo json_encode(array("status" => "OK","msg" => $roles));
}
function getRoleListCore($pdo) {
2020-11-19 23:03:51 +01:00
$sql = "SELECT * from %roles% ORDER BY is_admin,right_manager,right_waiter DESC,right_kitchen DESC,right_bar DESC,right_paydesk DESC,right_bill DESC,right_supply DESC";
2020-11-19 23:03:48 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$roles = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $roles;
}
2020-11-19 22:47:44 +01:00
function getUserList() {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 23:03:51 +01:00
$sql = "SELECT *,%user%.id as id,is_admin,right_manager FROM %user%,%roles% WHERE active='1' AND %user%.roleid=%roles%.id ORDER BY is_admin,right_manager,right_waiter DESC,right_kitchen DESC,right_bar DESC,right_paydesk DESC,right_bill DESC,right_supply DESC";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
2020-11-19 23:03:48 +01:00
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
$roles = $this->getRoleListCore($pdo);
echo json_encode(array("users" => $users,"roles" => $roles));
2020-11-19 22:47:44 +01:00
}
function setTime($day,$month,$year,$hour,$min) {
if (!($this->userrights->hasCurrentUserRight('is_admin'))) {
echo json_encode (array("status" => "ERROR","msg" => "Benutzerrechte nicht ausreichend!"));
return false;
} else {
$txt = sprintf("%02d", $month) . sprintf("%02d", $day) . sprintf("%02d", $hour) . sprintf("%02d", $min) . $year = substr($year, -2);;
try {
if (substr(php_uname(), 0, 7) == "Windows"){
echo json_encode (array("status" => "ERROR","msg" => "Zeit auf Windows-Server kann nicht gesetzt werden!"));
return false;
}
else {
$cmd = "date \"$txt\"";
shell_exec($cmd . " > /dev/null &");
}
} catch(Exception $e) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG));
}
$this->getGeneralConfigItems(true,null);
}
}
2020-11-19 23:03:48 +01:00
function updateRole() {
if(session_id() == '') {
session_start();
}
$pdo = DbUtils::openDbAndReturnPdoStatic();
if ($_POST["isAdmin"] == 1) {
echo json_encode(array("status" => "ERROR","msg" => "Nicht-Admins dürfen keine Rollen mit Admin-Rechten setzen!"));
return;
}
$roleid = $_POST["roleid"];
$roleIsAdmin = self::isRoleAdmin($pdo, $roleid);
if ($roleIsAdmin && !($this->isCurrentUserAdmin())) {
echo json_encode(array("status" => "ERROR","msg" => "Benutzer ist kein Admin und darf keine Admin-Rollen bearbeiten!"));
return;
}
$sql = "SELECT id FROM %user% WHERE roleid=? AND active='1'";
$effectedUsers = CommonUtils::fetchSqlAll($pdo, $sql, array($roleid));
$keys = array();
$vals = array();
foreach(DbUtils::$userCols as $userCol) {
if (!is_null($userCol["update"])) {
$key = $userCol["col"];
$keys[] = $key . "=?";
$vals[] = $_POST[$userCol["update"]];
}
}
$keys[] = "name=?";
$vals[] = $_POST["username"];
$vals[] = $roleid;
$keysStr = join(",",$keys);
$sql = "UPDATE %roles% SET " . $keysStr . " WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute($vals);
foreach( $effectedUsers as $aUser) {
$userid = $aUser["id"];
HistFiller::updateUserInHist($pdo, $userid);
}
echo json_encode(array("status" => "OK"));
}
function createNewRole() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$keys = array();
$vals = array();
$quests = array();
foreach(DbUtils::$userCols as $userCol) {
if (!is_null($userCol["new"])) {
$quests[] = '?';
$key = $userCol["col"];
if ($key == "username") {
$key = "name";
}
$keys[] = $key;
$vals[] = $_POST[$userCol['new']];
}
}
$keysStr = join(",",$keys);
$questsStr = join(",",$quests);
$sql = "INSERT INTO %roles% (" . $keysStr . ") VALUES(" . $questsStr . ")";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute($vals);
echo json_encode(array("status" => "OK"));
}
2020-11-19 22:47:44 +01:00
2020-11-19 22:59:47 +01:00
function createNewUser() {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 23:03:48 +01:00
$username = $_POST['name'];
2020-11-19 22:59:47 +01:00
$password = $_POST['password'];
2020-11-19 23:03:48 +01:00
$roleid = $_POST['roleid'];
2020-11-19 22:54:51 +01:00
$sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($username));
$row = $stmt->fetchObject();
if ($row->countid > 0) {
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_NAME_EXISTS_ALREADY, "msg" => ERROR_NAME_EXISTS_ALREADY_MSG));
2020-11-19 22:47:44 +01:00
return;
} else {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
}
2020-11-19 22:47:44 +01:00
$lang = $_SESSION['language'];
2020-11-19 23:03:48 +01:00
$roleIsAdmin = self::isRoleAdmin($pdo, $roleid);
if ($roleIsAdmin && !($this->isCurrentUserAdmin())) {
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG));
2020-11-19 22:47:44 +01:00
return;
2020-11-19 22:54:12 +01:00
} else {
2020-11-19 22:47:44 +01:00
$password_hash = md5($password);
2020-11-19 22:54:51 +01:00
2020-11-19 23:03:48 +01:00
$sql = "INSERT INTO %user% (username,userpassword,roleid,language,showplusminus,keeptypelevel,extrasapplybtnpos,prefertablemap,preferimgdesk,preferimgmobile,active) VALUES(?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($username,$password_hash,$roleid,$lang,1,1,1,1,1,1,1));
2020-11-19 22:54:51 +01:00
$lastId = $pdo->lastInsertId();
2020-11-19 23:03:38 +01:00
2020-11-19 23:03:48 +01:00
HistFiller::createUserInHist($pdo, $lastId);
2020-11-19 22:54:51 +01:00
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "OK"));
2020-11-19 22:47:44 +01:00
}
}
}
function getPayPrintType() {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->sendJsonValueFromConfigTable($pdo,'payprinttype');
2020-11-19 22:47:44 +01:00
}
function getPayments() {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
$pdo = $this->dbutils->openDbAndReturnPdo();
2020-11-19 22:47:44 +01:00
2020-11-19 23:00:58 +01:00
$hotelinterface = CommonUtils::getConfigValue($pdo, "hotelinterface", 0);
$where = " WHERE id <> 7";
if ($hotelinterface != 0) {
$where = "";
}
2020-11-19 22:59:47 +01:00
$lang = $_SESSION['language'];
2020-11-19 23:00:58 +01:00
$sql = "SELECT id,name FROM %payment% $where";
2020-11-19 22:47:44 +01:00
if ($lang == 1) {
2020-11-19 23:00:58 +01:00
$sql = "SELECT id,name_en as name FROM %payment% $where";
2020-11-19 22:47:44 +01:00
} else if ($lang == 2) {
2020-11-19 23:00:58 +01:00
$sql = "SELECT id,name_esp as name FROM %payment% $where";
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:59:47 +01:00
2020-11-19 22:47:44 +01:00
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
2020-11-19 22:59:47 +01:00
$stmt_query->execute();
2020-11-19 22:47:44 +01:00
$result = $stmt_query->fetchAll();
$retArray = array();
2020-11-19 22:59:47 +01:00
2020-11-19 22:47:44 +01:00
foreach($result as $row) {
$entry = array("id"=> $row['id'], "name" => $row['name']);
$retArray[] = $entry;
}
2020-11-19 23:00:58 +01:00
$hotelinfo = $this->getHotelInfo($pdo);
2020-11-19 23:02:08 +01:00
$internalguests = $this->getGuestInfo($pdo);
2020-11-19 23:00:58 +01:00
2020-11-19 23:02:08 +01:00
echo json_encode(array("payments" => $retArray, "hotelinterface" => $hotelinfo["hotelinterface"],"guests" => $hotelinfo["guests"],"internalguests" => $internalguests["guests"]));
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:54:51 +01:00
function sendJsonValueFromConfigTable($pdo,$whichValue) {
2020-11-19 23:00:35 +01:00
$theVal = CommonUtils::getConfigValue($pdo, $whichValue, "");
2020-11-19 22:59:47 +01:00
if ($theVal == null) {
echo json_encode("");
} else {
echo json_encode($theVal);
2020-11-19 22:47:44 +01:00
}
}
private function deletelogo() {
$pdo = $this->dbutils->openDbAndReturnPdo();
$this->changeOneConfigDbItem($pdo, "logoimg", null,"%logo%",false);
echo json_encode("OK");
}
private function readlogo() {
if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded
header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden.");
exit();
}
if(!file_exists($_FILES['logofile']['tmp_name']) || !is_uploaded_file($_FILES['logofile']['tmp_name'])) {
header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben.");
exit();
}
$content = file_get_contents($_FILES['logofile']['tmp_name']);
if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors
2020-11-19 22:52:55 +01:00
&& is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded
2020-11-19 22:47:44 +01:00
header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden.");
exit();
}
if (strlen($content) > 65535) {
header("Location: ../infopage.html?e=manager.html=Logobild_muss_kleiner_als_64_Kilobytes_sein!");
exit();
}
$pdo = $this->dbutils->openDbAndReturnPdo();
$this->changeOneConfigDbItem($pdo, "logoimg", $content,"%logo%",false);
header("Location: ../infopage.html?i=manager.html=Import_war_erfolgreich."); /* Browser umleiten */
exit;
}
function changeConfig($changedValues) {
$pdo = $this->dbutils->openDbAndReturnPdo();
$assoc_vals = array(
"usstval" => array("dbcol" => "tax","checknum" => 1),
"togotaxval" => array("dbcol" => "togotax","checknum" => 1),
2020-11-19 23:00:31 +01:00
"taxaustrianormalval" => array("dbcol" => "taxaustrianormal","checknum" => 1),
"taxaustriaerm1val" => array("dbcol" => "taxaustriaerm1","checknum" => 1),
"taxaustriaerm2val" => array("dbcol" => "taxaustriaerm2","checknum" => 1),
"taxaustriaspecialval" => array("dbcol" => "taxaustriaspecial","checknum" => 1),
2020-11-19 22:47:44 +01:00
"stornocode" => array("dbcol" => "stornocode","checknum" => 0),
"printpass" => array("dbcol" => "printpass","checknum" => 0),
"companyinfo" => array("dbcol" => "companyinfo","checknum" => 0),
2020-11-19 23:03:04 +01:00
"hosttext" => array("dbcol" => "hosttext","checknum" => 0),
2020-11-19 22:58:39 +01:00
"rectemplate" => array("dbcol" => "rectemplate","checknum" => 0),
2020-11-19 22:59:54 +01:00
"foodtemplate" => array("dbcol" => "foodtemplate","checknum" => 0),
"drinktemplate" => array("dbcol" => "drinktemplate","checknum" => 0),
2020-11-19 23:03:48 +01:00
"canceltemplate" => array("dbcol" => "canceltemplate","checknum" => 0),
2020-11-19 22:47:44 +01:00
"serverUrl" => array("dbcol" => "serverurl","checknum" => 0),
"email" => array("dbcol" => "email","checknum" => 0),
"emailbadrating" => array("dbcol" => "emailbadrating","checknum" => 0),
"emailratingcontact" => array("dbcol" => "emailratingcontact","checknum" => 0),
"receiveremail" => array("dbcol" => "receiveremail","checknum" => 0),
"payprinttype" => array("dbcol" => "payprinttype","checknum" => 0),
"paymentconfig" => array("dbcol" => "paymentconfig","checknum" => 0),
2020-11-19 22:59:50 +01:00
"addreceipttoprinter" => array("dbcol" => "addreceipttoprinter", "checknum" => 0),
2020-11-19 22:48:24 +01:00
"bigfontworkreceipt" => array("dbcol" => "bigfontworkreceipt","checknum" => 0),
2020-11-19 22:52:25 +01:00
"prominentsearch" => array("dbcol" => "prominentsearch","checknum" => 0),
2020-11-19 22:58:17 +01:00
"discount1" => array("dbcol" => "discount1","checknum" => 0),
"discount2" => array("dbcol" => "discount2","checknum" => 0),
"discount3" => array("dbcol" => "discount3","checknum" => 0),
"austria" => array("dbcol" => "austria","checknum" => 0),
2020-11-19 22:58:36 +01:00
"digigopaysetready" => array("dbcol" => "digigopaysetready","checknum" => 0),
2020-11-19 22:58:42 +01:00
"waitergopayprint" => array("dbcol" => "waitergopayprint","checknum" => 0),
2020-11-19 23:03:26 +01:00
"oneprodworkrecf" => array("dbcol" => "oneprodworkrecf","checknum" => 0),
"oneprodworkrecd" => array("dbcol" => "oneprodworkrecd","checknum" => 0),
2020-11-19 23:00:05 +01:00
"digiprintwork" => array("dbcol" => "digiprintwork","checknum" => 0),
2020-11-19 23:03:26 +01:00
"groupworkitemsf" => array("dbcol" => "groupworkitemsf","checknum" => 0),
"groupworkitemsd" => array("dbcol" => "groupworkitemsd","checknum" => 0),
2020-11-19 22:47:44 +01:00
"workflowconfig" => array("dbcol" => "workflowconfig","checknum" => 0),
2020-11-19 23:03:20 +01:00
"dashslot1" => array("dbcol" => "dashslot1","checknum" => 0),
"dashslot2" => array("dbcol" => "dashslot2","checknum" => 0),
"dashslot3" => array("dbcol" => "dashslot3","checknum" => 0),
2020-11-19 22:47:44 +01:00
"receiptfontsize" => array("dbcol" => "receiptfontsize","checknum" => 0),
"billlanguage" => array("dbcol" => "billlanguage","checknum" => 0),
2020-11-19 23:00:58 +01:00
"hotelinterface" => array("dbcol" => "hotelinterface","checknum" => 0),
"hsinfile" => array("dbcol" => "hsinfile","checknum" => 0),
"hsoutfile" => array("dbcol" => "hsoutfile","checknum" => 0),
"hscurrency" => array("dbcol" => "hscurrency","checknum" => 0),
2020-11-19 22:47:44 +01:00
"reservationnote" => array("dbcol" => "reservationnote","checknum" => 0),
"remoteaccesscode" => array("dbcol" => "remoteaccesscode","checknum" => 0),
"webimpressum" => array("dbcol" => "webimpressum","checknum" => 0),
"cancelunpaidcode" => array("dbcol" => "cancelunpaidcode","checknum" => 0),
2020-11-19 23:02:12 +01:00
"cancelguestcode" => array("dbcol" => "cancelguestcode","checknum" => 0),
2020-11-19 23:00:55 +01:00
"printandqueuejobs" => array("dbcol" => "printandqueuejobs","checknum" => 0),
"cashenabled" => array("dbcol" => "cashenabled","checknum" => 0),
2020-11-19 23:02:16 +01:00
"returntoorder" => array("dbcol" => "returntoorder","checknum" => 0),
2020-11-19 23:00:55 +01:00
"beepcooked" => array("dbcol" => "beepcooked","checknum" => 0),
2020-11-19 23:02:57 +01:00
"closshowci" => array("dbcol" => "closshowci","checknum" => 0),
"closshowpaytaxes" => array("dbcol" => "closshowpaytaxes","checknum" => 0),
"closshowprods" => array("dbcol" => "closshowprods","checknum" => 0),
"showpayment2" => array("dbcol" => "showpayment2","checknum" => 0),
"showpayment3" => array("dbcol" => "showpayment3","checknum" => 0),
"showpayment4" => array("dbcol" => "showpayment4","checknum" => 0),
"showpayment5" => array("dbcol" => "showpayment5","checknum" => 0),
"showpayment6" => array("dbcol" => "showpayment6","checknum" => 0),
"showpayment7" => array("dbcol" => "showpayment7","checknum" => 0),
"showpayment8" => array("dbcol" => "showpayment8","checknum" => 0),
2020-11-19 23:02:08 +01:00
"restaurantmode" => array("dbcol" => "restaurantmode","checknum" => 0),
2020-11-19 23:03:29 +01:00
"dblog" => array("dbcol" => "dblog","checknum" => 0),
2020-11-19 23:03:35 +01:00
"priceinlist" => array("dbcol" => "priceinlist","checknum" => 0),
2020-11-19 22:47:44 +01:00
"smtphost" => array("dbcol" => "smtphost","checknum" => 0),
"smtpauth" => array("dbcol" => "smtpauth","checknum" => 1),
"smtpuser" => array("dbcol" => "smtpuser","checknum" => 0),
"smtppass" => array("dbcol" => "smtppass","checknum" => 0),
"smtpsecure" => array("dbcol" => "smtpsecure","checknum" => 1),
"smtpport" => array("dbcol" => "smtpport","checknum" => 0),
2020-11-19 23:03:31 +01:00
"startprodsearch" => array("dbcol" => "startprodsearch","checknum" => 1),
2020-11-19 23:02:42 +01:00
"discountname1" => array("dbcol" => "discountname1","checknum" => 0),
"discountname2" => array("dbcol" => "discountname2","checknum" => 0),
"discountname3" => array("dbcol" => "discountname3","checknum" => 0),
2020-11-19 23:00:58 +01:00
"memorylimit" => array("dbcol" => "memorylimit","checknum" => 0),
2020-11-19 23:02:33 +01:00
"updateurl" => array("dbcol" => "updateurl","checknum" => 0),
2020-11-19 23:03:43 +01:00
"tmpdir" => array("dbcol" => "tmpdir","checknum" => 0),
"ftphost" => array("dbcol" => "ftphost","checknum" => 0),
"ftpuser" => array("dbcol" => "ftpuser","checknum" => 0),
"ftppass" => array("dbcol" => "ftppass","checknum" => 0),
2020-11-19 23:01:04 +01:00
"hs3refresh" => array("dbcol" => "hs3refresh","checknum" => 0),
2020-11-19 23:00:58 +01:00
2020-11-19 22:58:20 +01:00
"paydeskid" => array("dbcol" => "paydeskid","checknum" => 0),
"aeskey" => array("dbcol" => "aeskey","checknum" => 0),
2020-11-19 23:02:19 +01:00
"certificatesn" => array("dbcol" => "certificatesn","checksum" => 0),
"rksvserver" => array("dbcol" => "rksvserver","checksum" => 0)
2020-11-19 22:47:44 +01:00
);
$problem = false;
foreach ($changedValues as $aChangeSet) {
$name = $aChangeSet['name'];
$aVal = $aChangeSet['value'];
if ($name == "payprinttype") {
if (((string)$aVal) == "1") {
$aVal = "l";
}
if (((string)$aVal) == "2") {
$aVal = "s";
}
}
2020-11-19 22:59:50 +01:00
if ($name == 'addreceipttoprinter') {
if ((((string)$aVal) == "0") || (!is_numeric($aVal))) {
$aVal = null;
}
}
2020-11-19 22:47:44 +01:00
if ($name == "remoteaccesscode") {
if (((string)$aVal) == "") {
$aVal = null;
} else {
$aVal = md5($aVal);
}
}
if ($name == "printpass") {
$aVal = md5($aVal);
}
2020-11-19 23:03:31 +01:00
if ($name == "startprodsearch") {
if (is_numeric($aVal)) {
$aVal = round($aVal);
}
}
2020-11-19 23:00:58 +01:00
if ($name == "memorylimit") {
$aVal = trim($aVal);
if ($aVal != "-1") {
if (!ctype_digit($aVal)) {
$aVal = "256";
}
$aVal = intval($aVal);
if (($aVal < 64) || ($aVal > 65535)) {
$aVal = 256;
}
}
}
2020-11-19 23:03:43 +01:00
if (($name == "updateurl") || ($name == "tmpdir") || ($name == "ftphost") || ($name == "ftpuser")) {
2020-11-19 23:02:33 +01:00
$aVal = trim($aVal);
}
2020-11-19 23:01:04 +01:00
if ($name == "hs3refresh") {
$aVal = trim($aVal);
if (!ctype_digit($aVal)) {
$aVal = "60";
}
$aVal = intval($aVal);
if ($aVal < 5) {
$aVal = 60;
}
}
2020-11-19 22:47:44 +01:00
$association = $assoc_vals[$name];
$dbcol = $association["dbcol"];
$check = $association["checknum"];
if ($check == 1) {
if (is_numeric($aVal)) {
$this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true);
} else {
$problem = true;
}
} else {
$this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true);
}
}
2020-11-19 22:59:47 +01:00
if (!$problem) {
echo json_encode(array("status" => "OK"));
2020-11-19 22:47:44 +01:00
} else {
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG));
2020-11-19 22:47:44 +01:00
}
}
function changeOneConfigDbItem($pdo,$theItem,$theValue,$table,$doHist) {
$sql = "SELECT setting from $table WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theItem));
$row = $stmt->fetchObject();
if ($stmt->rowCount() > 0) {
$sql = "UPDATE $table SET setting=? WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theValue,$theItem));
} else {
$sql = "INSERT INTO `$table` (`id` , `name`,`setting`) VALUES (NULL , ? , ?)";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theItem,$theValue));
}
if ($doHist) {
$this->histfiller->updateConfigInHist($pdo,$theItem, $theValue);
}
}
private function findActiveUserWithName($username) {
2020-11-19 22:59:47 +01:00
$sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'";
$pdo = $this->dbutils->openDbAndReturnPdo();
$stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id));
$row =$stmt_query->fetchObject();
2020-11-19 22:47:44 +01:00
$theUserId = $row->id;
return $theUserId;
}
2020-11-19 23:03:48 +01:00
public static function isRoleAdmin($pdo,$roleid) {
$sql = "SELECT is_admin FROM %roles% WHERE id=?";
$is_admin_role = CommonUtils::getRowSqlObject($pdo, $sql, array($roleid));
return ($is_admin_role->is_admin == 1 ? true : false);
}
public static function isRoleOfUserAdmin($pdo,$userid) {
$sql = "SELECT roleid FROM %user% WHERE id=?";
$role = CommonUtils::getRowSqlObject($pdo, $sql, array($userid));
$roleid = $role->roleid;
return self::isRoleAdmin($pdo, $roleid);
}
2020-11-19 22:59:47 +01:00
function updateUser() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$theUserId = $_POST['userid'];
2020-11-19 23:03:48 +01:00
$roleid = $_POST['roleid'];
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:48 +01:00
$is_admin_role = self::isRoleAdmin($pdo, $roleid);
if (!$this->isCurrentUserAdmin() && $is_admin_role) {
2020-11-19 22:47:44 +01:00
echo json_encode("noadmin");
} else {
2020-11-19 23:03:48 +01:00
$sql = "UPDATE %user% SET roleid=? WHERE id=?";
CommonUtils::execSql($pdo, $sql, array($roleid,$theUserId));
HistFiller::updateUserInHist($pdo,$theUserId);
echo json_encode("OK");
}
}
function deleteRole($roleid) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT id FROM %user% WHERE roleid=? AND active='1'";
$result = CommonUtils::fetchSqlAll($pdo, $sql, array($roleid));
if (count($result) > 0) {
echo json_encode(array("status" => "ERROR","msg" => "Rolle ist noch Benutzern zugewiesen!"));
} else {
$sql = "DELETE FROM %roles% WHERE id=?";
CommonUtils::execSql($pdo, $sql, array($roleid));
echo json_encode(array("status" => "OK"));
2020-11-19 22:59:47 +01:00
}
2020-11-19 22:47:44 +01:00
}
function deleteUser($theUserId) {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 23:03:48 +01:00
$is_admin_role = self::isRoleOfUserAdmin($pdo, $theUserId);
if (!$this->isCurrentUserAdmin() && $is_admin_role) {
2020-11-19 22:47:44 +01:00
echo json_encode("noadmin");
} else {
2020-11-19 23:03:48 +01:00
$sql = "UPDATE %user% set active='0' WHERE id=?";
CommonUtils::execSql($pdo, $sql, array($theUserId));
2020-11-19 22:54:51 +01:00
2020-11-19 23:03:48 +01:00
HistFiller::updateUserInHist($pdo,$theUserId);
$sql = "UPDATE %user% set roleid=? WHERE id=?";
CommonUtils::execSql($pdo, $sql, array(null,$theUserId));
echo json_encode("OK");
}
2020-11-19 22:47:44 +01:00
}
function getCurrentUser() {
2020-11-19 22:59:47 +01:00
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
echo json_encode("Nobody");
2020-11-19 22:47:44 +01:00
} else {
echo json_encode($_SESSION['currentuser']);
}
}
function changepassword($userid,$password) {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 23:00:35 +01:00
$sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND id=?";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($userid));
$row = $stmt->fetchObject();
2020-11-19 23:00:35 +01:00
if ($row->countid == 0) {
echo json_encode("ERROR");
return;
}
2020-11-19 23:03:48 +01:00
$userToChgPassIsAdm = self::isRoleOfUserAdmin($pdo, $userid);
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:48 +01:00
$currentUserAdmin = $this->isCurrentUserAdmin();
if (!$currentUserAdmin && $userToChgPassIsAdm) {
2020-11-19 22:47:44 +01:00
echo json_encode("noadmin");
} else {
2020-11-19 23:03:48 +01:00
if(session_id() == '') {
session_start();
}
$otherUser = false;
if ($_SESSION['userid'] != $userid) {
$otherUser = true;
}
if ($otherUser && $userToChgPassIsAdm && !($this->isCurrentUserAdmin())) {
echo json_encode("noadmin");
} else {
$password_hash = md5($password);
$sql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?";
CommonUtils::execSql($pdo, $sql, array($password_hash,$userid));
echo json_encode("OK");
}
2020-11-19 22:47:44 +01:00
}
}
function setUserLanguage($language) {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
}
2020-11-19 22:54:51 +01:00
$currentuserid = $_SESSION['userid'];
2020-11-19 22:47:44 +01:00
$_SESSION['language'] = intval($language);
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set language=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($language,$currentuserid));
2020-11-19 22:47:44 +01:00
echo json_encode("OK");
}
function setUserReceiptPrinter($printer) {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
}
$currentuserid = $_SESSION['userid'];
$_SESSION['receiptprinter'] = intval($printer);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
2020-11-19 22:59:47 +01:00
$stmt->execute(array($printer,$currentuserid));
2020-11-19 22:47:44 +01:00
echo json_encode("OK");
}
function setBtnSize($btn,$size) {
if(session_id() == '') {
session_start();
}
2020-11-19 22:54:51 +01:00
$currentuserid = $_SESSION['userid'];
2020-11-19 22:47:44 +01:00
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
$_SESSION[$assoc[$btn]] = intval($size);
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($size,$currentuserid));
2020-11-19 22:47:44 +01:00
echo json_encode("OK");
}
function changeOwnPassword($oldpassword,$newpassword) {
2020-11-19 22:59:47 +01:00
if(session_id() == '') {
session_start();
2020-11-19 22:47:44 +01:00
}
$currentuser = $_SESSION['currentuser'];
$oldp_hash = md5($oldpassword);
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 22:47:44 +01:00
$ok = true;
2020-11-19 23:00:35 +01:00
$sql = "SELECT count(id) as countid FROM %user% WHERE username=? AND active='1'";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($currentuser));
$row = $stmt->fetchObject();
2020-11-19 23:00:35 +01:00
if ($row->countid == 0) {
echo json_encode("FAILED");
return;
}
2020-11-19 22:54:51 +01:00
2020-11-19 23:00:35 +01:00
$sql = "SELECT userpassword FROM %user% WHERE username=? AND active='1'";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($currentuser));
$row = $stmt->fetchObject();
if ($row->userpassword != $oldp_hash) {
2020-11-19 22:47:44 +01:00
$ok = false;
2020-11-19 22:54:51 +01:00
}
2020-11-19 22:47:44 +01:00
if ($ok) {
$newp_hash = md5($newpassword);
2020-11-19 22:54:51 +01:00
$sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
2020-11-19 22:59:47 +01:00
$stmt->execute(array($newp_hash,$currentuser));
2020-11-19 22:47:44 +01:00
echo json_encode("OK");
} else {
echo json_encode("FAILED");
}
}
2020-11-19 22:59:47 +01:00
private function writeCsvHeader($defaultFilename) {
header("Content-type: text/x-csv");
header("Content-Disposition: attachment; filename=$defaultFilename");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
2020-11-19 22:47:44 +01:00
header("Expires: 0");
}
private function exportConfigCsv() {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 22:47:44 +01:00
$this->writeCsvHeader("datenexport-config.csv");
2020-11-19 22:59:47 +01:00
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
$sql = "SELECT DISTINCT %hist%.id as id,date,";
$sql .= "%config%.name as configitem,%histconfig%.setting as setting,description ";
$sql .= " FROM %hist%, %histconfig%, %histactions%, %config% ";
2020-11-19 22:47:44 +01:00
$sql .= " WHERE (refid=%histconfig%.id) ";
2020-11-19 22:59:47 +01:00
$sql .= " AND %histconfig%.configid = %config%.id ";
$sql .= " AND (action='2' OR action='6') ";
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
2020-11-19 22:59:47 +01:00
foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['configitem'];
2020-11-19 22:47:44 +01:00
$val4 = str_replace("\r\n","<CR>",$zeile['setting']);
2020-11-19 22:59:47 +01:00
$val4 = str_replace("\n","<CR>",$val4);
$val5 = $zeile['description'];
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
2020-11-19 22:54:51 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:00:18 +01:00
private function exportLog() {
header("Content-type: text/plain");
header("Content-Disposition: attachment; filename=server.log");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
header("Expires: 0");
$pdo = DbUtils::openDbAndReturnPdoStatic();
echo CommonUtils::getLog($pdo);
}
2020-11-19 22:47:44 +01:00
private function exportUserCsv() {
2020-11-19 22:54:51 +01:00
$pdo = DbUtils::openDbAndReturnPdoStatic();
2020-11-19 22:47:44 +01:00
$this->writeCsvHeader("datenexport-benutzer.csv");
2020-11-19 23:03:20 +01:00
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Gästerechte; Tageserfassungsrecht; Dashboardrechte; Managerrechte; Aktiviert\n");
2020-11-19 22:47:44 +01:00
$sql = "SELECT DISTINCT %hist%.id as id,date,";
$sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,";
2020-11-19 23:03:20 +01:00
$sql .= "right_paydesk,right_statistics,right_bill,right_products,right_rating,right_changeprice,right_customers,right_closing,right_dash,right_manager,active,";
2020-11-19 22:47:44 +01:00
$sql .= "description ";
$sql .= " FROM %hist%, %histuser%, %histactions% ";
$sql .= " WHERE (refid=%histuser%.id) ";
$sql .= " AND (action='3' OR action='7' OR action='8') ";
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
2020-11-19 22:54:51 +01:00
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
2020-11-19 22:47:44 +01:00
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['userid'];
$val4 = $zeile['username'];
$val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein");
$val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein");
$val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein");
$val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein");
$val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein");
$val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein");
$val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein");
$val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein");
$val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein");
$val14 = ($zeile['right_rating'] == '1' ? "Ja" : "Nein");
$val15 = ($zeile['right_changeprice'] == '1' ? "Ja" : "Nein");
2020-11-19 23:02:08 +01:00
$val16 = ($zeile['right_customers'] == '1' ? "Ja" : "Nein");
$val17 = ($zeile['right_closing'] == '1' ? "Ja" : "Nein");
2020-11-19 23:03:20 +01:00
$val18 = ($zeile['right_dash'] == '1' ? "Ja" : "Nein");
$val19 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein");
$val20 = ($zeile['active'] == '1' ? "Ja" : "Nein");
$val21 = $zeile['description'];
2020-11-19 22:47:44 +01:00
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
2020-11-19 23:03:20 +01:00
echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18;$val19;$val20; $val21\n";
2020-11-19 22:47:44 +01:00
}
}
/**
* Create a temporary directory in PHP's temp folder
*/
private function createDirectoryInTemp($tmpFolder) {
$tmpFolder = trim($tmpFolder);
if ($tmpFolder == "") {
$tempfile=tempnam(sys_get_temp_dir(),'');
} else {
$tempfile=tempnam($tmpFolder,'');
}
if (is_null($tempfile) || ($tempfile== "")) {
return null;
}
if (file_exists($tempfile)) { unlink($tempfile); }
mkdir($tempfile);
if (is_dir($tempfile)) {
$tempfile = str_replace('\\','/',$tempfile);
return $tempfile;
} else {
return null;
}
}
private function getConfigTablesToBackupRestore() {
2020-11-19 23:03:48 +01:00
return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","prodimages","products","config","roles","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods");
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:19 +01:00
private function getConfigGuestsTablesToBackupRestore() {
2020-11-19 23:03:48 +01:00
return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","prodimages","products","config","roles","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods","customers","groups","groupcustomer","vacations");
2020-11-19 23:02:19 +01:00
}
2020-11-19 22:47:44 +01:00
private function getAllTablesToBackupRestore() {
2020-11-19 23:03:35 +01:00
return array("closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","prodimages","products","config",
2020-11-19 23:03:48 +01:00
"roles","user","reservations","customers","groups","groupcustomer","vacations","bill","customerlog","queue","billproducts","hsin","hsout","comments","histprod","histconfig","histuser","histactions","hist",
2020-11-19 23:02:08 +01:00
"extras","extrasprods","queueextras");
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:00:35 +01:00
private function getAllWithLogsTablesToBackupRestore() {
2020-11-19 23:03:35 +01:00
return array("log","closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","prodimages","products","config",
2020-11-19 23:03:48 +01:00
"roles","user","reservations","customers","groups","groupcustomer","vacations","bill","customerlog","queue","billproducts","hsin","hsout","comments","histprod","histconfig","histuser","histactions","hist",
2020-11-19 23:02:08 +01:00
"extras","extrasprods","queueextras");
2020-11-19 23:00:35 +01:00
}
2020-11-19 23:03:43 +01:00
public function ftpbackup($theType,$remoteaccesscode) {
if (!extension_loaded("ftp")) {
echo json_encode(array("status" => "ERROR","msg" => "PHP-Extension ftp ist nicht installiert"));
return;
}
$pdo = DbUtils::openDbAndReturnPdoStatic();
$ftphost = CommonUtils::getConfigValue($pdo, 'ftphost', '');
$ftpuser = CommonUtils::getConfigValue($pdo, 'ftpuser', '');
$ftppass = CommonUtils::getConfigValue($pdo, 'ftppass', '');
$pdo = null;
if (($ftphost == '') || ($ftpuser == '') || ($ftppass = '')) {
echo json_encode(array("status" => "ERROR","msg" => "Ftp-Verbindung wurde nicht konfiguriert"));
} else {
$ok = $this->backup($theType, $remoteaccesscode,true);
echo json_encode($ok);
}
}
public function backup($theType,$remoteaccesscode,$doFtp = false) {
2020-11-19 23:03:04 +01:00
set_time_limit(60*60);
2020-11-19 22:47:44 +01:00
date_default_timezone_set(DbUtils::getTimeZone());
$nowtime = date('Y-m-d');
2020-11-19 22:51:46 +01:00
2020-11-19 23:03:43 +01:00
$zipExtension = true;
if (!extension_loaded("zip")) {
$zipExtension = false;
}
2020-11-19 22:47:44 +01:00
$pdo = DButils::openDbAndReturnPdoStatic();
2020-11-19 22:55:09 +01:00
2020-11-19 23:03:43 +01:00
$tmpdir = CommonUtils::getConfigValue($pdo, 'tmpdir', '');
2020-11-19 22:55:09 +01:00
if ($theType == "auto") {
2020-11-19 23:00:35 +01:00
$code = CommonUtils::getConfigValue($pdo, 'remoteaccesscode', null);
if (is_null($code)) {
2020-11-19 22:55:09 +01:00
echo "No remote access code available - backup not allowed";
return;
}
2020-11-19 23:00:35 +01:00
2020-11-19 22:55:09 +01:00
if (is_null($code) || (trim($code) == "")) {
echo "No remote access code set - backup not allowed";
return;
}
if ($code != md5($remoteaccesscode)) {
echo "Wrong remote access code used - backup not allowed";
return;
}
}
2020-11-19 22:47:44 +01:00
$pdo->beginTransaction();
2020-11-19 22:51:46 +01:00
$genInfo = $this->getGeneralConfigItems(false, $pdo);
$version = $genInfo["version"];
2020-11-19 23:03:43 +01:00
$extension = "json";
if (($tmpdir != '') && $zipExtension) {
$extension = "zip";
}
$fileName = "backup-" . $version . "_" . $nowtime . "-configuration.$extension";
2020-11-19 22:51:46 +01:00
if ($theType == "all") {
2020-11-19 23:03:43 +01:00
$fileName = "backup-" . $version . "_" . $nowtime . "-all.$extension";
2020-11-19 23:00:35 +01:00
} else if ($theType == "alllogs") {
2020-11-19 23:03:43 +01:00
$fileName = "backup-" . $version . "_" . $nowtime . "-all-logs.$extension";
2020-11-19 23:02:19 +01:00
} else if ($theType == "confandguests") {
2020-11-19 23:03:43 +01:00
$fileName = "backup-" . $version . "_" . $nowtime . "-guests.$extension";
2020-11-19 22:51:46 +01:00
}
2020-11-19 22:47:44 +01:00
if ($theType == "configuration") {
$tables = $this->getConfigTablesToBackupRestore();
2020-11-19 23:02:19 +01:00
} else if ($theType == "confandguests") {
$tables = $this->getConfigGuestsTablesToBackupRestore();
2020-11-19 23:00:35 +01:00
} else if (($theType == "all") || ($theType == "auto")) {
2020-11-19 22:59:47 +01:00
HistFiller::insertSaveHistEntry($pdo);
2020-11-19 22:47:44 +01:00
$tables = $this->getAllTablesToBackupRestore();
2020-11-19 23:00:35 +01:00
} else {
HistFiller::insertSaveHistEntry($pdo);
$tables = $this->getAllWithLogsTablesToBackupRestore();
2020-11-19 22:47:44 +01:00
}
$binaryFields = array("signature","img","setting","content");
$dbcontent = array();
2020-11-19 23:03:43 +01:00
$filenames = array();
2020-11-19 22:47:44 +01:00
foreach($tables as $table) {
$sql = "DESCRIBE %$table%";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$fields = $stmt->fetchAll(PDO::FETCH_COLUMN);
$fieldstr = implode(",",$fields);
$sql = "SELECT $fieldstr from %$table%";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
2020-11-19 23:03:43 +01:00
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
2020-11-19 22:47:44 +01:00
$tableContent = array();
foreach($result as $row) {
$fieldContent = array();
foreach($fields as $field) {
if (in_array($field,$binaryFields)) {
2020-11-19 23:03:43 +01:00
$aFieldEntry = array("f" => $field,"v" => base64_encode($row[$field]));
2020-11-19 22:47:44 +01:00
} else {
2020-11-19 23:03:43 +01:00
$aFieldEntry = array("f" => $field,"v" => $row[$field]);
2020-11-19 22:47:44 +01:00
}
$fieldContent[] = $aFieldEntry;
};
$tableContent[] = $fieldContent;
}
2020-11-19 23:03:43 +01:00
if (($tmpdir == '') || !$zipExtension) {
$dbcontent[] = array("t" => $table, "c" => $tableContent);
} else {
try {
$tempfile=tempnam($tmpdir,"$table");
$contentToWrite = json_encode($tableContent);
$success = file_put_contents($tempfile, $contentToWrite);
if ($success == FALSE) {
echo "Fehler: Ist das PHP-Tmp-Verzeichnis richtig gesetzt?";
}
$filenames[] = array("table" => $table,"file" => $tempfile);
} catch (Exception $ex) {
echo "Fehler: " . $ex->getMessage() . " - Ist das PHP-Tmp-Verzeichnis richtig gesetzt?";
}
}
2020-11-19 22:47:44 +01:00
}
$pdo->commit();
2020-11-19 23:03:43 +01:00
if (($tmpdir == '') || !$zipExtension) {
$retStr = json_encode($dbcontent);
if ($doFtp) {
return $this->doFtp($pdo, $fileName, $retStr, null);
} else {
ob_start();
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$fileName\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ". strlen($retStr));
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:43 +01:00
echo $retStr;
ob_end_flush();
}
} else {
$zipfile = tempnam($tmpdir,"zip");
$zip = new ZipArchive();
if ($zip->open($zipfile, ZipArchive::CREATE)!==TRUE) {
exit("cannot open <$zipfile>\n");
}
foreach($filenames as $afilename) {
$theTable = $afilename["table"];
$theFilename = $afilename["file"];
$str = file_get_contents($theFilename);
$substr = substr($str, 1,10);
$zip->addFile($theFilename,$theTable);
}
$zip->addFromString("version",$version);
$zip->close();
if ($doFtp) {
return $this->doFtp($pdo, $fileName, null,$zipfile);
} else {
header('Content-Description: File Transfer');
header('Content-Type: application/zip');
header('Content-Disposition: attachment; filename="'.basename($fileName).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($zipfile));
readfile($zipfile);
}
// REM now clean up
foreach($filenames as $afilename) {
unlink($afilename["file"]);
}
unlink($zipfile);
exit;
}
}
private function doFtp($pdo,$filename,$content,$zipfile) {
try {
$ftphost = CommonUtils::getConfigValue($pdo, 'ftphost', '');
$ftpuser = CommonUtils::getConfigValue($pdo, 'ftpuser', '');
$ftppass = CommonUtils::getConfigValue($pdo, 'ftppass', '');
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:43 +01:00
$conn_id = ftp_connect($ftphost);
$login_result = ftp_login($conn_id, $ftpuser, $ftppass);
ftp_pasv($conn_id, true);
if ((!$conn_id) || (!$login_result)) {
return array("status" => "ERROR","msg" => "Ftp-Verbindung zum Server $ftphost konnte nicht hergestellt werden!");
}
if (is_null($zipfile)) {
$fp = fopen('php://temp', 'r+');
//fwrite($fp, $content);
fwrite($fp,$content);
rewind($fp);
$upload = ftp_fput($conn_id, $filename, $fp, FTP_BINARY);
} else {
$upload = ftp_put($conn_id, $filename, $zipfile, FTP_BINARY);
}
ftp_close($conn_id);
if (!$upload) {
return array("status" => "ERROR","msg" => "Ftp-Upload war nicht erfolgreich");
} else {
return array("status" => "OK");
}
} catch (Exception $ex) {
return array("status" => "ERROR","msg" => "Ftp-Upload war nicht erfolgreich: " . $ex->getMessage());
}
2020-11-19 22:47:44 +01:00
}
private function restore() {
2020-11-19 23:03:04 +01:00
set_time_limit(60*60);
2020-11-19 23:00:35 +01:00
2020-11-19 22:47:44 +01:00
if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK //checks for errors
&& is_uploaded_file($_FILES['userfile']['tmp_name'])) { //checks that file is uploaded
2020-11-19 23:03:35 +01:00
echo json_encode(array("status" => "ERROR","msg" => "Kann Datei nicht laden."));
2020-11-19 22:47:44 +01:00
exit();
}
2020-11-19 22:55:09 +01:00
if(!file_exists($_FILES['userfile']['tmp_name'])) {
2020-11-19 23:03:35 +01:00
echo json_encode(array("status" => "ERROR","msg" => "Datei existiert nicht. Bitte PHP-Variablen upload_max_filesize und post_max_size_checken."));
2020-11-19 22:47:44 +01:00
exit();
}
2020-11-19 22:55:09 +01:00
if(!is_uploaded_file($_FILES['userfile']['tmp_name'])) {
2020-11-19 23:03:35 +01:00
echo json_encode(array("status" => "ERROR","msg" => "Datei konnte nicht hochgeladen werden."));
2020-11-19 22:55:09 +01:00
exit();
}
2020-11-19 23:03:43 +01:00
$zipExtension = true;
if (!extension_loaded("zip")) {
$zipExtension = false;
}
$origname = $_FILES['userfile']['name'];
$pdo = DbUtils::openDbAndReturnPdoStatic();
if (CommonUtils::strEndsWith($origname, '.zip')) {
if ($zipExtension) {
$this->restoreFromZip($pdo);
} else {
echo json_encode(array("status" => "ERROR","msg" => "PHP-Zip-Extension ist nicht installiert."));
exit();
}
} else {
$this->restoreFromJson($pdo);
}
}
private function restoreFromJson($pdo) {
2020-11-19 22:47:44 +01:00
$binaryFields = array("signature","img","setting","content");
$content = file_get_contents($_FILES['userfile']['tmp_name']);
$basedb = new Basedb();
$basedb->setPrefix(TAB_PREFIX);
$basedb->setTimeZone(DbUtils::getTimeZone());
$pdo->beginTransaction();
$genInfo = $this->getGeneralConfigItems(false, $pdo);
$version = $genInfo["version"];
$timezone = DbUtils::getTimeZone();
2020-11-19 23:02:16 +01:00
$dbContent = json_decode($content,true);
2020-11-19 23:03:35 +01:00
2020-11-19 23:02:16 +01:00
foreach($dbContent as $table) {
if ($table['table'] == 'config') {
$foundConfigItem = null;
foreach($table['content'] as $aConfigItem) {
foreach($aConfigItem as $aConfigDbPart) {
2020-11-19 23:03:43 +01:00
if (($aConfigDbPart['f'] == 'name') && ($aConfigDbPart['v'] == 'version')) {
2020-11-19 23:02:16 +01:00
$foundConfigItem = $aConfigItem;
break;
}
}
}
if (!is_null($foundConfigItem)) {
foreach($foundConfigItem as $aConfigDbPart) {
2020-11-19 23:03:43 +01:00
if ($aConfigDbPart['f'] == 'setting') {
$bakVersion = base64_decode($aConfigDbPart['v']);
2020-11-19 23:02:16 +01:00
if ($bakVersion != $version) {
2020-11-19 23:03:35 +01:00
echo json_encode(array("status" => "ERROR","msg" => "Backup hat die falsche Version $bakVersion."));
2020-11-19 23:02:16 +01:00
exit();
}
}
}
}
}
}
2020-11-19 22:47:44 +01:00
$basedb->dropTables($pdo);
$basedb->createEmptyTables($pdo);
$typeIsOnlyConfig = true;
2020-11-19 23:03:35 +01:00
self::doSql($pdo, "SET foreign_key_checks = 0;", null);
2020-11-19 22:47:44 +01:00
foreach($dbContent as $table) {
2020-11-19 23:03:43 +01:00
$tablename = "%" . $table['t'] . "%";
$tablecontent = $table['c'];
2020-11-19 22:47:44 +01:00
2020-11-19 23:03:43 +01:00
if ($table['t'] == "queue") {
2020-11-19 22:47:44 +01:00
$typeIsOnlyConfig = false;
}
2020-11-19 22:51:46 +01:00
2020-11-19 23:03:43 +01:00
if ($table['t'] == "bill") {
2020-11-19 22:51:46 +01:00
$sql = "SET FOREIGN_KEY_CHECKS = 0";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
2020-11-19 22:47:44 +01:00
foreach($tablecontent as $row) {
$cols = array();
$vals = array();
$quests = array();
foreach ($row as $field) {
2020-11-19 23:03:43 +01:00
$fieldname = $field['f'];
2020-11-19 22:47:44 +01:00
$cols[] = $fieldname;
if (in_array($fieldname, $binaryFields)) {
2020-11-19 23:03:43 +01:00
$vals[] = base64_decode($field['v']);
2020-11-19 22:47:44 +01:00
} else {
2020-11-19 23:03:43 +01:00
$vals[] = $field['v'];
2020-11-19 22:47:44 +01:00
}
$quests[] = '?';
}
$colstr = implode(",",$cols);
2020-11-19 22:51:46 +01:00
2020-11-19 22:47:44 +01:00
$queststr = implode(",",$quests);
$sql = "INSERT INTO $tablename ($colstr) VALUES ($queststr)";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
2020-11-19 23:00:35 +01:00
try {
$stmt->execute($vals);
} catch (Exception $e) {
2020-11-19 23:03:35 +01:00
$errorMsg = $e->getMessage();
2020-11-19 23:00:35 +01:00
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 22:51:46 +01:00
2020-11-19 23:03:43 +01:00
if ($table['t'] == "bill") {
$sql = "SET FOREIGN_KEY_CHECKS = 1";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
}
if (!$typeIsOnlyConfig) {
HistFiller::insertRestoreHistEntry($pdo);
}
self::doSql($pdo, "SET foreign_key_checks = 1;", null);
$basedb->signLastBillid($pdo);
$setVersion = "update %config% set setting=? where name='version'";
$stmt = $pdo->prepare($basedb->resolveTablenamesInSqlString($setVersion));
$stmt->execute(array($version));
$sql = "SELECT name FROM %config% WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array("timezone"));
$row = $stmt->fetchObject();
if ($stmt->rowCount() == 0) {
$this->changeOneConfigDbItem($pdo, "timezone", $timezone, "%config%", true);
}
$pdo->commit();
if(session_id() == '') {
session_start();
}
$_SESSION = array();
// Swipe via memory
if (ini_get("session.use_cookies")) {
// Prepare and swipe cookies
$params = session_get_cookie_params();
// clear cookies and sessions
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
session_destroy();
echo json_encode(array("status" => "OK"));
}
private function restoreFromZip($pdo) {
$tmpdir = CommonUtils::getConfigValue($pdo, 'tmpdir', '');
if ($tmpdir == '') {
echo json_encode(array("status" => "ERROR","msg" => "Zip-Files können nur importiert werden, wenn ein PHP Temp. Directory konfiguriert ist."));
exit();
}
$zip = new ZipArchive;
$zipFile = $_FILES['userfile']['tmp_name'];
$jsonFiles = array();
if ($zip->open($zipFile) == TRUE) {
for ($i = 0; $i < $zip->numFiles; $i++) {
$jsonFiles[] = $zip->getNameIndex($i);
}
$zip->extractTo($tmpdir, $jsonFiles);
$zip->close();
} else {
echo json_encode(array("status" => "ERROR","msg" => "Hochgeladenes Zip-File kann nicht geöffnet werden."));
exit();
}
$binaryFields = array("signature","img","setting","content");
$basedb = new Basedb();
$basedb->setPrefix(TAB_PREFIX);
$basedb->setTimeZone(DbUtils::getTimeZone());
$genInfo = $this->getGeneralConfigItems(false, $pdo);
$version = $genInfo["version"];
$timezone = DbUtils::getTimeZone();
$versionOfUploadedFile = file_get_contents($tmpdir . "/version");
if ($versionOfUploadedFile != $version) {
echo json_encode(array("status" => "ERROR","msg" => "Backup hat die falsche Version $versionOfUploadedFile."));
exit();
}
$pdo->beginTransaction();
$basedb->dropTables($pdo);
$basedb->createEmptyTables($pdo);
$typeIsOnlyConfig = true;
self::doSql($pdo, "SET foreign_key_checks = 0;", null);
foreach($jsonFiles as $table) {
if ($table == "version") {
continue;
}
$tablename = "%" . $table . "%";
$tablecontent = json_decode(file_get_contents($tmpdir . "/" . $table),true);
if ($table == "queue") {
$typeIsOnlyConfig = false;
}
if ($table == "bill") {
$sql = "SET FOREIGN_KEY_CHECKS = 0";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
foreach($tablecontent as $row) {
$cols = array();
$vals = array();
$quests = array();
foreach ($row as $field) {
try {
$fieldname = $field['f'];
$cols[] = $fieldname;
if (in_array($fieldname, $binaryFields)) {
$vals[] = base64_decode($field['v']);
} else {
$vals[] = $field['v'];
}
$quests[] = '?';
} catch (Exception $ex) {
echo $ex->getMessage();
exit;
}
}
$colstr = implode(",",$cols);
$queststr = implode(",",$quests);
$sql = "INSERT INTO $tablename ($colstr) VALUES ($queststr)";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
try {
$stmt->execute($vals);
} catch (Exception $e) {
$errorMsg = $e->getMessage();
}
}
if ($table == "bill") {
2020-11-19 22:51:46 +01:00
$sql = "SET FOREIGN_KEY_CHECKS = 1";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:03:43 +01:00
foreach($jsonFiles as $table) {
unlink($tmpdir . "/" . $table);
}
2020-11-19 22:47:44 +01:00
if (!$typeIsOnlyConfig) {
2020-11-19 22:59:47 +01:00
HistFiller::insertRestoreHistEntry($pdo);
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:03:35 +01:00
self::doSql($pdo, "SET foreign_key_checks = 1;", null);
2020-11-19 22:47:44 +01:00
$basedb->signLastBillid($pdo);
$setVersion = "update %config% set setting=? where name='version'";
$stmt = $pdo->prepare($basedb->resolveTablenamesInSqlString($setVersion));
$stmt->execute(array($version));
2020-11-19 22:50:09 +01:00
2020-11-19 22:47:44 +01:00
$sql = "SELECT name FROM %config% WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array("timezone"));
$row = $stmt->fetchObject();
if ($stmt->rowCount() == 0) {
$this->changeOneConfigDbItem($pdo, "timezone", $timezone, "%config%", true);
}
$pdo->commit();
2020-11-19 22:50:09 +01:00
2020-11-19 22:47:44 +01:00
if(session_id() == '') {
session_start();
}
$_SESSION = array();
// Swipe via memory
if (ini_get("session.use_cookies")) {
// Prepare and swipe cookies
$params = session_get_cookie_params();
// clear cookies and sessions
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
session_destroy();
2020-11-19 23:03:35 +01:00
echo json_encode(array("status" => "OK"));
2020-11-19 22:47:44 +01:00
}
private function shutdown() {
try {
if (substr(php_uname(), 0, 7) == "Windows"){
$comd = "shutdown /s /t 10";
pclose(popen("start /B ". $cmd, "r"));
}
else {
chmod("shutdown.bat", "700");
$cmd = "sh < shutdown.bat";
exec($cmd . " > /dev/null &");
}
echo json_encode(array("status" => "OK"));
} catch(Exception $e) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG));
}
}
2020-11-19 22:59:47 +01:00
2020-11-19 23:00:46 +01:00
private function optimize() {
2020-11-19 23:03:35 +01:00
set_time_limit(60 * 20);
2020-11-19 23:02:19 +01:00
try {
$pdo = DButils::openDbAndReturnPdoStatic();
self::doSql($pdo, "OPTIMIZE TABLE %queue%", null);
self::doSql($pdo, "OPTIMIZE TABLE %billproducts%", null);
2020-11-19 23:03:35 +01:00
self::doSql($pdo, "OPTIMIZE TABLE %products%", null);
self::doSql($pdo, "OPTIMIZE TABLE %prodimages%", null);
2020-11-19 23:02:19 +01:00
self::doSql($pdo, "OPTIMIZE TABLE %extrasprods%", null);
self::doSql($pdo, "OPTIMIZE TABLE %queueextras%", null);
self::doSql($pdo, "OPTIMIZE TABLE %log%", null);
2020-11-19 23:03:48 +01:00
self::doSql($pdo, "OPTIMIZE TABLE %roles%", null);
2020-11-19 23:02:19 +01:00
echo json_encode(array("status" => "OK"));
} catch (Exception $ex) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG));
}
2020-11-19 23:00:46 +01:00
}
2020-11-19 23:02:19 +01:00
2020-11-19 23:00:58 +01:00
private static function getForeignKeyName($pdo,$fromtable,$totable,$dbname,$default = null) {
$foreignKey = null;
2020-11-19 22:59:47 +01:00
try {
2020-11-19 23:00:58 +01:00
$sql = "SELECT constraint_name as foreignkey FROM information_schema.REFERENTIAL_CONSTRAINTS WHERE constraint_schema = '$dbname' AND table_name = '%$fromtable%' AND REFERENCED_TABLE_NAME='%$totable%'";
$test = DbUtils::substTableAlias($sql);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
if (count($result) != 1) {
return $default;
}
$foreignKey = $result[0]["foreignkey"];
} catch (Exception $e) {
return $default;
}
return $foreignKey;
}
private function golive() {
2020-11-19 23:02:19 +01:00
set_time_limit(60*10);
2020-11-19 22:59:47 +01:00
$pdo = DButils::openDbAndReturnPdoStatic();
2020-11-19 23:00:58 +01:00
try {
$billprodref_fk = self::getForeignKeyName($pdo, 'billproducts', 'bill', MYSQL_DB);
$queuebillref_fk = self::getForeignKeyName($pdo, 'queue', 'bill', MYSQL_DB);
$billclosingref_fk = self::getForeignKeyName($pdo, 'bill', 'closing', MYSQL_DB);
$billbillref_fk = self::getForeignKeyName($pdo, 'bill', 'bill', MYSQL_DB);
2020-11-19 23:02:19 +01:00
$cuslogbillref_fk = self::getForeignKeyName($pdo, 'customerlog', 'bill', MYSQL_DB);
2020-11-19 23:00:58 +01:00
} catch (Exception $ex) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG . " - impossible to get foreign keys: $e"));
}
try {
2020-11-19 23:02:19 +01:00
self::doSql($pdo, "DELETE FROM %customerlog%", null);
2020-11-19 22:59:47 +01:00
self::doSql($pdo, "DELETE FROM %hist%", null);
self::doSql($pdo, "DELETE FROM %histprod%", null);
self::doSql($pdo, "DELETE FROM %histconfig%", null);
self::doSql($pdo, "DELETE FROM %histuser%", null);
HistFiller::readUserTableAndSendToHist($pdo);
$products = new Products();
$menu = $products->getSpeisekarte($pdo);
if ($menu['status'] != "OK") {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG));
return;
} else {
self::doSql($pdo, "SET foreign_key_checks = 0;", null);
self::doSql($pdo, "DELETE FROM %queueextras%", null);
self::doSql($pdo, "DELETE FROM %extrasprods%", null);
self::doSql($pdo, "DELETE FROM %extras%", null);
self::doSql($pdo, "DELETE FROM %billproducts%", null);
self::doSql($pdo, "DELETE FROM %queue%", null);
self::doSql($pdo, "DELETE FROM %printjobs%", null);
self::doSql($pdo, "DELETE FROM %bill%", null);
self::doSql($pdo, "DELETE FROM %ratings%", null);
self::doSql($pdo, "DELETE FROM %closing%", null);
self::doSql($pdo, "SET foreign_key_checks = 1;", null);
$ret = $this->fillSpeisekarteCore($pdo, $menu['msg']);
self::doSql($pdo, "DELETE FROM %products% WHERE removed is not null", null);
self::doSql($pdo, "SET foreign_key_checks = 0;", null);
self::doSql($pdo, "DELETE FROM %prodtype% WHERE removed is not null", null);
self::doSql($pdo, "SET foreign_key_checks = 1;", null);
if ($ret["status"] != "OK") {
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG));
return;
}
HistFiller::readAllProdsAndFillHistByDb($pdo);
self::doSql($pdo, "DELETE w FROM %histprod% w INNER JOIN %hist% e ON refid=w.id WHERE action='4'", null);
self::doSql($pdo, "DELETE FROM %hist% where action='4'", null);
}
2020-11-19 23:00:58 +01:00
self::doSql($pdo, "alter table %bill% drop foreign key $billbillref_fk", null);
2020-11-19 23:02:19 +01:00
self::doSql($pdo, "alter table %customerlog% drop foreign key $cuslogbillref_fk", null);
2020-11-19 23:00:58 +01:00
self::doSql($pdo, "alter table %billproducts% drop foreign key $billprodref_fk", null);
self::doSql($pdo, "alter table %queue% drop foreign key $queuebillref_fk", null);
2020-11-19 22:59:47 +01:00
self::doSql($pdo, "ALTER TABLE %bill% DROP id", null);
self::doSql($pdo, "ALTER TABLE %bill% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST", null);
2020-11-19 23:00:58 +01:00
self::doSql($pdo, "ALTER TABLE %bill% ADD CONSTRAINT $billbillref_fk FOREIGN KEY (ref) REFERENCES %bill%(id)", null);
2020-11-19 23:02:19 +01:00
self::doSql($pdo, "ALTER TABLE %customerlog% ADD CONSTRAINT $cuslogbillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null);
2020-11-19 23:00:58 +01:00
self::doSql($pdo, "ALTER TABLE %billproducts% ADD CONSTRAINT $billprodref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null);
self::doSql($pdo, "ALTER TABLE %queue% ADD CONSTRAINT $queuebillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null);
self::doSql($pdo, "alter table %bill% drop foreign key $billclosingref_fk", null);
2020-11-19 22:59:47 +01:00
self::doSql($pdo, "ALTER TABLE %closing% DROP id", null);
self::doSql($pdo, "ALTER TABLE %closing% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST", null);
2020-11-19 23:00:58 +01:00
self::doSql($pdo, "ALTER TABLE %bill% ADD CONSTRAINT $billclosingref_fk FOREIGN KEY (closingid) REFERENCES %closing%(id)", null);
2020-11-19 22:59:47 +01:00
$basedb = new Basedb();
$basedb->setPrefix(TAB_PREFIX);
$basedb->setTimeZone(DbUtils::getTimeZone());
$basedb->signLastBillid($pdo);
$histFiller = new HistFiller();
$histFiller->readConfigTableAndSendToHist();
self::doSql($pdo, "DELETE FROM %resttables% WHERE removed is not null", null);
self::doSql($pdo, "DELETE FROM %room% WHERE removed is not null", null);
2020-11-19 23:02:08 +01:00
self::doSql($pdo, "DELETE FROM %reservations%", null);
self::doSql($pdo, "DELETE FROM %groupcustomer%", null);
self::doSql($pdo, "DELETE FROM %vacations%", null);
self::doSql($pdo, "DELETE FROM %groups%", null);
self::doSql($pdo, "DELETE FROM %customers%", null);
2020-11-19 23:03:48 +01:00
Workreceipts::resetWorkReceiptId($pdo);
2020-11-19 23:02:08 +01:00
2020-11-19 22:59:47 +01:00
echo json_encode(array("status" => "OK"));
} catch(Exception $e) {
2020-11-19 23:00:58 +01:00
echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG . " - Error message: $e"));
2020-11-19 22:59:47 +01:00
}
}
private static function doSql($pdo,$sql,$params) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
if (is_null($params)) {
$stmt->execute();
} else {
$stmt->execute($params);
}
}
2020-11-19 22:47:44 +01:00
}
2020-11-19 23:02:21 +01:00
?>