diff --git a/printserver/OrderSprinterPrintserver.exe b/printserver/OrderSprinterPrintserver.exe
index e220629..5475577 100644
Binary files a/printserver/OrderSprinterPrintserver.exe and b/printserver/OrderSprinterPrintserver.exe differ
diff --git a/webapp/OrderSprinterPrintserver.exe b/webapp/OrderSprinterPrintserver.exe
index e220629..5475577 100644
Binary files a/webapp/OrderSprinterPrintserver.exe and b/webapp/OrderSprinterPrintserver.exe differ
diff --git a/webapp/bar.html b/webapp/bar.html
index da78d28..7a6b615 100644
--- a/webapp/bar.html
+++ b/webapp/bar.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/bill.html b/webapp/bill.html
index 65af5dc..e4999fc 100644
--- a/webapp/bill.html
+++ b/webapp/bill.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/feedback.html b/webapp/feedback.html
index e4b57c4..2db66b4 100644
--- a/webapp/feedback.html
+++ b/webapp/feedback.html
@@ -4,7 +4,7 @@
-
+
diff --git a/webapp/index.html b/webapp/index.html
index dcdb985..51512a8 100644
--- a/webapp/index.html
+++ b/webapp/index.html
@@ -7,8 +7,8 @@
-
-
+
+
diff --git a/webapp/install.html b/webapp/install.html
index a5d594e..56deb8a 100644
--- a/webapp/install.html
+++ b/webapp/install.html
@@ -679,7 +679,7 @@ $(document).ready(function() {
|
-
+
|
|
diff --git a/webapp/install/installer.php b/webapp/install/installer.php
index 43ea192..ed2b864 100644
--- a/webapp/install/installer.php
+++ b/webapp/install/installer.php
@@ -766,6 +766,18 @@ $ret &= $this->setVersion($prefix, '1.1.10');
return $ret;
}
+function updateUserTable1110_1111($prefix,$version) {
+$ret = true;
+if ($version != "1.1.10") {
+$ret = $this->updateUserTable1109_1110($prefix,$version);
+if (!$ret) {
+return false;
+}
+}
+$ret &= $this->setVersion($prefix, '1.1.11');
+return $ret;
+}
+
function setVersion($prefix,$theVersion) {
$pdo = $this->pdo;
try {
@@ -837,7 +849,7 @@ $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VAL
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'billlanguage', $billlanguage)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'currency', '$currency')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'receiptfontsize', '12')");
-$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.10')");
+$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.11')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'paymentconfig', '0')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'remoteaccesscode', null)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'decpoint', '$decpoint')");
@@ -1210,7 +1222,7 @@ return;
$supportedVersions = array("1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29",
"1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39",
"1.0.40",
-"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9"
+"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9","1.1.10"
);
if (!in_array($version, $supportedVersions)) {
@@ -1218,7 +1230,7 @@ echo json_encode("Quellversion nicht unterstützt");
return;
}
-$ret = $admin->updateUserTable1109_1110($_POST['prefix'], $version);
+$ret = $admin->updateUserTable1110_1111($_POST['prefix'], $version);
if(session_id() == '') {
session_start();
diff --git a/webapp/kitchen.html b/webapp/kitchen.html
index a4bd4f0..16aac9c 100644
--- a/webapp/kitchen.html
+++ b/webapp/kitchen.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/manager.html b/webapp/manager.html
index 607c311..31c7aff 100644
--- a/webapp/manager.html
+++ b/webapp/manager.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/paydesk.html b/webapp/paydesk.html
index cd780c3..9b5483f 100644
--- a/webapp/paydesk.html
+++ b/webapp/paydesk.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/php/admin.php b/webapp/php/admin.php
index 9eebeec..33dc53f 100644
--- a/webapp/php/admin.php
+++ b/webapp/php/admin.php
@@ -3,7 +3,6 @@
require_once ('dbutils.php');
require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
-require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php');
require_once ('utilities/basedb.php');
@@ -960,11 +959,12 @@ class Admin {
}
- function fillSampleContentBySqlFile($sqlFile) {
+ function fillSampleContentBySqlFile($pdo,$sqlFile) {
$handle = fopen ($sqlFile, "r");
while (!feof($handle)) {
- $sql = fgets($handle);
- $this->dbutils->performSqlCommand($sql);
+ $sql = fgets($handle);
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
}
fclose ($handle);
}
@@ -1038,30 +1038,29 @@ class Admin {
return $ret;
}
- /* obsolete: not needed any more after replacement by matrix in manager.html */
- private function fillSampleRoomsAndTable($fileName) {
- $roomsAndTableHandler = new RoomsAndTableFileManager();
- $roomsAndTableHandler->readRoomTableDefinition($fileName);
- }
-
private function fillSampleContent()
{
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
// first remove previous content, then fill the SQL file
$sql = "DELETE FROM `%queue%`";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $this->fillSampleContentBySqlFile("samples/queuecontent.txt");
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt");
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
$sql = "DELETE FROM `%histuser%`";
- $dbresult = $this->dbutils->performSqlCommand($sql);
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
$sql = "DELETE FROM `%user%`";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $this->fillSampleContentBySqlFile("samples/usercontent.txt");
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt");
- $this->histfiller->readUserTableAndSendToHist();
+ $this->histfiller->readUserTableAndSendToHist($pdo);
}
function getJsonMenuItemsAndVersion() {
@@ -1105,19 +1104,19 @@ class Admin {
$right_rating = $_SESSION['right_rating'];
if (!self::isOnlyRatingUser($rights, $right_rating, true)) {
- if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.10"); };
- if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.10"); };
- if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.10"); };
- if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.10"); };
+ if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.11"); };
+ if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.11"); };
+ if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.11"); };
+ if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.11"); };
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); };
- if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.10"); };
- if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.10"); };
- if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.10"); };
- if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.10"); };
- if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.10"); };
- if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.10"); };
- $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.10");
- $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.10");
+ if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.11"); };
+ if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.11"); };
+ if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.11"); };
+ if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.11"); };
+ if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.11"); };
+ if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.11"); };
+ $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.11");
+ $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.11");
}
$mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php");
@@ -1126,7 +1125,7 @@ class Admin {
$waiterMessage = $this->getMessage(null, "waitermessage");
}
// CAUTION: change version also in config.txt!!!
- $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.10",
+ $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.11",
"user" => $currentUser,
"menu" => $mainMenu,
"waitermessage" => $waiterMessage,
@@ -1136,32 +1135,12 @@ class Admin {
}
function getUserList() {
- $userInfo = array();
- $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
- $userEntry = array ("username" => $zeile['username'],
- "id" => $zeile['id'],
- "is_admin" => $zeile['is_admin'],
- "right_waiter" => $zeile['right_waiter'],
- "right_kitchen" => $zeile['right_kitchen'],
- "right_bar" => $zeile['right_bar'],
- "right_supply" => $zeile['right_supply'],
- "right_paydesk" => $zeile['right_paydesk'],
- "right_statistics" => $zeile['right_statistics'],
- "right_bill" => $zeile['right_bill'],
- "right_products" => $zeile['right_products'],
- "right_reservation" => $zeile['right_reservation'],
- "right_rating" => $zeile['right_rating'],
- "right_changeprice" => $zeile['right_changeprice'],
- "right_manager" => $zeile['right_manager']
- );
- $userInfo[] = $userEntry;
- }
-
- mysqli_free_result($dbresult);
- echo json_encode($userInfo);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+ echo json_encode($result);
}
function setTime($day,$month,$year,$hour,$min) {
@@ -1191,13 +1170,14 @@ class Admin {
function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) {
- // check if the user with that name already exists
- $sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
- mysqli_free_result($dbresult);
-
- if ($numberOfEntries > 0) {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+
+ $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($username));
+ $row = $stmt->fetchObject();
+
+ if ($row->countid > 0) {
echo json_encode("exists");
return;
} else {
@@ -1215,20 +1195,24 @@ class Admin {
// instead if password_hash (PHP > 5.5) use MD5...
$password_hash = md5($password);
$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES (";
- $userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rReservation', '$rRating', '$rChangeprice', '$rManager', '$lang','1','1','1','1','1')";
- $dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql);
- $lastId = $dbresult['id'];
+ $userInsertSql .= " NULL, ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql));
+ $stmt->execute(array($username,$password_hash,$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager,$lang,1,1,1,1,1));
+
+ $lastId = $pdo->lastInsertId();
+
echo json_encode("OK");
}
}
// now this has to be logged in the history tables...
- $this->histfiller->createUserInHist($lastId,$username,
+ $this->histfiller->createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager);
}
function getPayPrintType() {
- $this->sendJsonValueFromConfigTable('payprinttype');
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $this->sendJsonValueFromConfigTable($pdo,'payprinttype');
}
function getPayments() {
@@ -1258,8 +1242,8 @@ class Admin {
echo json_encode($retArray);
}
- function sendJsonValueFromConfigTable($whichValue) {
- $theVal = $this->getValueFromConfigTable($whichValue);
+ function sendJsonValueFromConfigTable($pdo,$whichValue) {
+ $theVal = $this->getValueFromConfigTable($pdo,$whichValue);
if ($theVal == null) {
echo json_encode("");
} else {
@@ -1267,16 +1251,17 @@ class Admin {
}
}
- function getValueFromConfigTable($whichValue) {
- $sql = "SELECT setting FROM %config% WHERE name='$whichValue'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
+ function getValueFromConfigTable($pdo,$whichValue) {
+ $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($whichValue));
+ $row = $stmt->fetchObject();
+
+ $numberOfEntries = $row->countid;
$theValue = null;
if ($numberOfEntries == 1) {
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $theValue = $zeile['setting'];
+ $theValue = $row->setting;
}
- mysqli_free_result($dbresult);
return $theValue;
}
@@ -1438,7 +1423,7 @@ class Admin {
$sql = "SELECT username,is_admin FROM %user% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($theUserId));
- $row =$stmt->fetchObject();
+ $row = $stmt->fetchObject();
$username = $row->username;
$userToModIsAdmin = $row->is_admin;
@@ -1456,7 +1441,7 @@ class Admin {
// now this has to be logged in the history tables...
- $this->histfiller->updateUserInHist($theUserId,$username,
+ $this->histfiller->updateUserInHist($pdo,$theUserId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1');
echo json_encode("OK");
@@ -1464,32 +1449,31 @@ class Admin {
}
function deleteUser($theUserId) {
- $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$theUserId'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
- $userToDelIsAdmin = false;
- if ($numberOfEntries == 1) {
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- if(intval($zeile['is_admin']) == 1) {
- $userToDelIsAdmin = true;
- }
- }
- mysqli_free_result($dbresult);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+
+ $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($theUserId));
+ $row =$stmt->fetchObject();
+ $userToDelIsAdmin = ($row->is_admin == 1 ? true : false);
if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) {
echo json_encode("noadmin");
} else {
- $sql = "SELECT id FROM %user% WHERE active='1' AND is_admin='1' AND id <> '$theUserId'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfOtherAdmins = mysqli_num_rows($dbresult);
- mysqli_free_result($dbresult);
+ $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($theUserId));
+ $row = $stmt->fetchObject();
+ $numberOfOtherAdmins = $row->countid;
+
if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) {
echo json_encode("lastadmin");
} else {
- $userSql = "UPDATE %user% set active='0' WHERE id='$theUserId'";
- $dbresult = $this->dbutils->performSqlCommand($userSql);
+ $userSql = "UPDATE %user% set active='0' WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
+ $stmt->execute(array($theUserId));
- $this->histfiller->updateOneUser($theUserId);
+ $this->histfiller->updateOneUser($pdo,$theUserId);
echo json_encode("OK");
}
@@ -1509,18 +1493,19 @@ class Admin {
}
function changepassword($userid,$password) {
- $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$userid'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+
+ $sql = "SELECT count(id) as countid, is_admin FROM %user% WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($userid));
+ $row = $stmt->fetchObject();
$userToChgPassIsAdm = false;
- if ($numberOfEntries == 1) {
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- if(intval($zeile['is_admin']) == 1) {
+ if ($row->countid == 1) {
+ if ($row->is_admin == 1) {
$userToChgPassIsAdm = true;
}
}
- mysqli_free_result($dbresult);
-
+
if(session_id() == '') {
session_start();
}
@@ -1533,8 +1518,9 @@ class Admin {
echo json_encode("noadmin");
} else {
$password_hash = md5($password);
- $userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND id='$userid'";
- $dbresult = $this->dbutils->performSqlCommand($userSql);
+ $userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
+ $stmt->execute(array($password_hash,$userid));
echo json_encode("OK");
}
}
@@ -1543,11 +1529,13 @@ class Admin {
if(session_id() == '') {
session_start();
}
- $currentuser = $_SESSION['currentuser'];
+ $currentuserid = $_SESSION['userid'];
$_SESSION['language'] = intval($language);
-
- $userSql = "UPDATE %user% set language='$language' WHERE active='1' AND username='$currentuser'";
- $dbresult = $this->dbutils->performSqlCommand($userSql);
+
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $sql = "UPDATE %user% set language=? WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($language,$currentuserid));
echo json_encode("OK");
}
@@ -1555,11 +1543,13 @@ class Admin {
if(session_id() == '') {
session_start();
}
- $currentuser = $_SESSION['currentuser'];
+ $currentuserid = $_SESSION['userid'];
$_SESSION['receiptprinter'] = intval($printer);
-
- $userSql = "UPDATE %user% set receiptprinter='$printer' WHERE active='1' AND username='$currentuser'";
- $dbresult = $this->dbutils->performSqlCommand($userSql);
+
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($printer,$currentuserid));
echo json_encode("OK");
}
@@ -1567,12 +1557,14 @@ class Admin {
if(session_id() == '') {
session_start();
}
- $currentuser = $_SESSION['currentuser'];
+ $currentuserid = $_SESSION['userid'];
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
$_SESSION[$assoc[$btn]] = intval($size);
- $userSql = "UPDATE %user% set " . $assoc[$btn] . "='$size' WHERE active='1' AND username='$currentuser'";
- $dbresult = $this->dbutils->performSqlCommand($userSql);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($size,$currentuserid));
echo json_encode("OK");
}
@@ -1583,28 +1575,31 @@ class Admin {
$currentuser = $_SESSION['currentuser'];
$oldp_hash = md5($oldpassword);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
$ok = true;
// is old password correct?
- $sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntries = mysqli_num_rows($dbresult);
+ $sql = "SELECT count(id) as countid,userpassword FROM %user% WHERE username=? AND active='1'";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($currentuser));
+ $row = $stmt->fetchObject();
+
+ $numberOfEntries = $row->countid;
if ($numberOfEntries == 1) {
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- if ($zeile['userpassword'] != $oldp_hash) {
+ if ($row->userpassword != $oldp_hash) {
$ok = false;
}
} else {
// user not found
$ok = false;
- }
- mysqli_free_result($dbresult);
+ }
if ($ok) {
// allowed to change password
$newp_hash = md5($newpassword);
- $sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
+ $sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($newp_hash,$currentuser));
echo json_encode("OK");
} else {
echo json_encode("FAILED");
@@ -1620,6 +1615,7 @@ class Admin {
}
private function exportConfigCsv() {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-config.csv");
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
@@ -1632,9 +1628,12 @@ class Admin {
$sql .= " AND (action='2' OR action='6') ";
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
-
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+
+ foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['configitem'];
@@ -1643,11 +1642,11 @@ class Admin {
$val5 = $zeile['description'];
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
- }
- mysqli_free_result( $dbresult );
+ }
}
private function exportUserCsv() {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-benutzer.csv");
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n");
@@ -1662,8 +1661,11 @@ class Admin {
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+
+ foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['userid'];
@@ -1686,7 +1688,6 @@ class Admin {
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n";
}
- mysqli_free_result( $dbresult );
}
/**
diff --git a/webapp/php/bill.php b/webapp/php/bill.php
index d66f7b3..6a0f839 100644
--- a/webapp/php/bill.php
+++ b/webapp/php/bill.php
@@ -360,7 +360,7 @@ class Bill {
echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut));
}
- function getLastBillsWithContent($day,$month,$year) {
+ function getLastBillsWithContent($day,$month,$year) {
date_default_timezone_set(DbUtils::getTimeZone());
$currentTime = date('Y-m-d H:i:s');
$startDate = "$year-$month-$day 00:00:00";
@@ -385,7 +385,6 @@ class Bill {
foreach($result as $zeile) {
$theId = $zeile['id'];
if (!$commonUtils->verifyBill($pdo, $theId)) {
- mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
return;
}
@@ -399,7 +398,7 @@ class Bill {
"longdate" => $zeile['billdate'],
"shortdate" => $shortdate,
"brutto" => $zeile['brutto'],
- "tablename" => $commonUtils->getTableNameFromId($zeile['tableid']),
+ "tablename" => $commonUtils->getTableNameFromId($pdo,$zeile['tableid']),
"billcontent" => $this->getBillWithId($theId,$l,0),
"isClosed" => $isClosed
);
@@ -447,25 +446,25 @@ class Bill {
* Cancel a bill - set all queue items to not paid and drop the bill entry
*/
private function cancelBill($billid,$stornocode,$reason) {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
// current time
date_default_timezone_set(DbUtils::getTimeZone());
$currentTime = date('Y-m-d H:i:s');
// check if stornocode is correct
- $sql = "SELECT setting FROM %config% WHERE name='stornocode'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfVals = mysqli_num_rows($dbresult);
+ $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name='stornocode'";
+ $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
+ $stmt->execute();
+ $row = $stmt->fetchObject();
+ $numberOfVals = $row->countid;
if ($numberOfVals != 1) {
// stornocode not fixed
- mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG));
return;
}
-
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $stornocodeInDb = $zeile['setting'];
-
- mysqli_free_result( $dbresult );
+
+ $stornocodeInDb = $row->setting;
+
if ($stornocode != $stornocodeInDb) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG));
return;
@@ -478,8 +477,6 @@ class Bill {
}
// Do transactional cancel
-
- $pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
// is the bill already closed? In this case no cancel is allowed!
diff --git a/webapp/php/closing.php b/webapp/php/closing.php
index eb22a23..d57ebfc 100644
--- a/webapp/php/closing.php
+++ b/webapp/php/closing.php
@@ -72,7 +72,6 @@ $remark = "";
$decpoint = $this->getDecPoint();
// first create a closing entry
-$remark = $this->dbutils->filterString($remark);
date_default_timezone_set(DbUtils::getTimeZone());
$closingTime = date('Y-m-d H:i:s');
@@ -204,19 +203,20 @@ $newversionavailable = @file_get_contents($url, false, $ctx);
echo json_encode(array("status" => "OK", "msg" => $content));
}
-private function getSumOfBillsWithClosingId($closingid,$onlyBar) {
-$sql = "SELECT sum(brutto) as billsum FROM %bill% WHERE closingid='$closingid'";
+private function getSumOfBillsWithClosingId($pdo,$closingid,$onlyBar) {
+$sql = "SELECT count(id) as countid,sum(brutto) as billsum FROM %bill% WHERE closingid=?";
if ($onlyBar) {
$sql .= " AND paymentid='1'";
}
-$dbresult = $this->dbutils->performSqlCommand($sql);
-$numberOfReturns = mysqli_num_rows($dbresult);
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute(array($closingid));
+$row = $stmt->fetchObject();
+
+$numberOfReturns = $row->countid;
$sum = 0.0;
-if ($numberOfReturns == 1) {
-$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
-$sum = floatval($zeile["billsum"]);
+if ($numberOfReturns > 0) {
+$sum = floatval($row->billsum);
}
-mysqli_free_result( $dbresult );
return $sum;
}
@@ -254,48 +254,49 @@ $lastDayInMonth = date("t", mktime(0, 0, 0, $month, 1, $year));
$dateStart = $year . $monthText . "01";
$dateEnd = $year . $monthText . $lastDayInMonth;
-$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN '" . $dateStart . "' AND '" . $dateEnd . "' ORDER BY closingdate DESC LIMIT 30;";
-$dbresult = $this->dbutils->performSqlCommand($sql);
-
-$resultarray = array();
-while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
-{
-$theId = $zeile['id'];
-$closingDate = $zeile['closingdate'];
+$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN ? AND ? ORDER BY closingdate DESC;";
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute(array($dateStart,$dateEnd));
+$result = $stmt->fetchAll();
+
+$resultarray = array();
+foreach($result as $zeile) {
+$theId = $zeile['id']; $closingDate = $zeile['closingdate'];
$remark = $zeile['remark'];
-$totalSum = $this->getSumOfBillsWithClosingId($theId, false);
-$cashSum = $this->getSumOfBillsWithClosingId($theId, true);
+$totalSum = $this->getSumOfBillsWithClosingId($pdo,$theId, false);
+$cashSum = $this->getSumOfBillsWithClosingId($pdo,$theId, true);
$userSums = $this->getUserGroupedSumOfClosing($pdo, $theId);
$closingEntry = array("id" => $theId, "closingDate" => $closingDate, "remark" => $remark, "totalsum" => $totalSum, "cashsum" => $cashSum, "usersums" => $userSums);
$resultarray[] = $closingEntry;
-}
-mysqli_free_result( $dbresult );
+}
echo json_encode(array("status" => "OK", "msg" => $resultarray));
}
-private function getPaymentArray() {
+private function getPaymentArray($pdo) {
$sql = "SELECT id,name FROM %payment%";
-$dbresult = $this->dbutils->performSqlCommand($sql);
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute();
+$result = $stmt->fetchAll();
$retArray = array();
-while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
-{
+foreach($result as $zeile) {
$retArray[$zeile['id']] = $zeile['name'];
}
-mysqli_free_result( $dbresult );
return $retArray;
}
private function getClosing($closingid) {
-$this->retrieveClosingFromDb($closingid, false, false);
+$pdo = DbUtils::openDbAndReturnPdoStatic();
+$this->retrieveClosingFromDb($pdo,$closingid, false, false);
}
private function exportCsv($closingid) {
-$this->retrieveClosingFromDb($closingid, true, false);
+$pdo = DbUtils::openDbAndReturnPdoStatic();
+$this->retrieveClosingFromDb($pdo,$closingid, true, false);
}
private function emailCsvCore($pdo,$closingid,$toEmail,$topic,$startdate,$enddate,$billsum,$billcount) {
-$msg = $this->retrieveClosingFromDb($closingid, false, true);
+$msg = $this->retrieveClosingFromDb($pdo,$closingid, false, true);
$msg = "Zeitraum: $startdate - $enddate\nBrutto-Summe: $billsum\nEnthaltene Bons: $billcount\n\n" . $msg;
$msg = str_replace("\n", "\r\n", $msg);
@@ -391,7 +392,7 @@ echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "ms
}
}
-private function retrieveClosingFromDb($closingid,$doCsvExport,$onlyresultreturn) {
+private function retrieveClosingFromDb($pdo,$closingid,$doCsvExport,$onlyresultreturn) {
if(session_id() == '') {
session_start();
}
@@ -401,7 +402,7 @@ $commonUtils = new CommonUtils();
$currency = $commonUtils->getCurrency();
$decpoint = $this->getDecPoint();
-$paymentArray = $this->getPaymentArray();
+$paymentArray = $this->getPaymentArray($pdo);
$previousClosingDate = self::getDateOfPreviousClosing(null,$closingid);
$csv = "";
@@ -424,33 +425,20 @@ $csv .= $this->t['Ref'][$l] . "\n";
}
-$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id='$closingid'";
-$dbresult = $this->dbutils->performSqlCommand($sql);
-$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
-$closingdate = $zeile['closingdate'];
-$remark = $zeile['remark'];
-$billsum = $zeile['billsum'];
-$billcount = $zeile['billcount'];
-$signature = $zeile['signature'];
-mysqli_free_result( $dbresult );
+$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id=?";
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute(array($closingid));
+$row = $stmt->fetchObject();
+$closingdate = $row->closingdate;
+$remark = $row->remark;
+$billsum = $row->billsum;
+$billcount = $row->billcount;
+$signature = $row->signature;
-$billIdsAndPaymentsForThatClosing = array();
-$sql = "SELECT %bill%.id as billid,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=$closingid AND %bill%.userid = %user%.id ORDER BY billdate";
-$dbresult = $this->dbutils->performSqlCommand($sql);
-while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
-$billIdsAndPaymentsForThatClosing[] = array(
-"id" => $zeile['billid'],
-"payment" => $zeile['paymentid'],
-"userid" => $zeile['userid'],
-"username" => $zeile['username'],
-"status" => $zeile['status'],
-"brutto" => $zeile['brutto'],
-"netto" => $zeile['netto'],
-"tax" => $zeile['tax'],
-"ref" => $zeile['ref'],
-"billdate" => $zeile['billdate']);
-}
-mysqli_free_result( $dbresult );
+$sql = "SELECT %bill%.id as id,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=? AND %bill%.userid = %user%.id ORDER BY billdate";
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute(array($closingid));
+$billIdsAndPaymentsForThatClosing = $stmt->fetchAll();
$foundBillCount = count($billIdsAndPaymentsForThatClosing);
@@ -462,7 +450,6 @@ $startDate = $previousClosingDate;
$billsumstr = number_format($billsum, 2, ".", '');
$data = "I($closingid)-S($startDate)-E($closingdate)-D($billcount)-S($billsumstr)";
-$pdo = $this->dbutils->openDbAndReturnPdo();
$pubkeyid = $commonUtils->getCert($pdo);
$ok = openssl_verify($data, $signature, $pubkeyid);
openssl_free_key($pubkeyid);
@@ -514,19 +501,20 @@ $csv .= "$aBillId; \"$billdate\" ; \"" . $this->t['cashaction'][$l] . "\" ; \"$b
}
} else {
-$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid='$aBillId' AND %billproducts%.queueid=%queue%.id";
+$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid=?' AND %billproducts%.queueid=%queue%.id";
if ($status == 'x') {
$statusTxt = $this->t["laterCancelled"][$l];
} else if ($status == 's') {
$statusTxt = $this->t["storno"][$l];
} else {
$statusTxt = "";
-$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=$aBillId";
+$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=?";
}
-
-$dbresult = $this->dbutils->performSqlCommand($sql);
-
-while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+
+$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+$stmt->execute(array($aBillId));
+$result = $stmt->fetchAll();
+foreach ($result as $zeile) {
$productname = $zeile['productname'];
$tax = $zeile['tax'];
@@ -555,7 +543,6 @@ if ($doCsvExport || $onlyresultreturn) {
$csv .= "$aBillId; \"$paidtime\" ; \"$productname\" ; \"$price\" ; \"$netto\" ; \"$formattedtax\" ; \"$paymentArray[$paymentid]\"; $userid; \"$username\"; \"$statusTxt\"; $ref\n";
}
}
-mysqli_free_result( $dbresult );
}
}
if ($doCsvExport) {
diff --git a/webapp/php/commonutils.php b/webapp/php/commonutils.php
index e73386e..4cdee55 100644
--- a/webapp/php/commonutils.php
+++ b/webapp/php/commonutils.php
@@ -191,30 +191,29 @@ class CommonUtils {
$this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy');
}
- function getTableNameFromId($tableid) {
+ function getTableNameFromId($pdo,$tableid) {
if (is_null($tableid) || ($tableid == 0)) {
return "-"; // togo
}
- $sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $tablename = $zeile['tableno'];
- mysqli_free_result( $dbresult );
- return $tablename;
+ $sql = "SELECT tableno FROM %resttables% WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($tableid));
+ $row = $stmt->fetchObject();
+ return $row->tableno;
}
- function getCurrentPriceLevel() {
+ function getCurrentPriceLevel($pdo) {
$sql = "SELECT setting FROM %config% WHERE name='pricelevel'";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $pricelevelid = $zeile['setting'];
- mysqli_free_result( $dbresult );
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $row = $stmt->fetchObject();
+ $pricelevelid = $row->setting;
- $sql = "SELECT id,name FROM %pricelevel% WHERE id=$pricelevelid";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $pricelevelname = $zeile['name'];
- mysqli_free_result( $dbresult );
+ $sql = "SELECT id,name FROM %pricelevel% WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($pricelevelid));
+ $row = $stmt->fetchObject();
+ $pricelevelname = $row->name;
return (array("id" => $pricelevelid, "name" => $pricelevelname));
}
diff --git a/webapp/php/config.php b/webapp/php/config.php
old mode 100755
new mode 100644
diff --git a/webapp/php/dbutils.php b/webapp/php/dbutils.php
index be17e80..40d699d 100644
--- a/webapp/php/dbutils.php
+++ b/webapp/php/dbutils.php
@@ -92,106 +92,6 @@ class DbUtils {
}
}
- function performSqlCommand($sqlCommand) {
- $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
-
- $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
- // Check connection
-
- if (mysqli_connect_errno())
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
-
- $result = mysqli_query($con,$sqlCommand);
- // Execute query
- if ($result)
- {
- //echo "SQL command could be executed successful";
- }
- else
- {
- echo "Error executing SQL command: " . mysqli_error($con);
- }
-
- mysqli_close($con);
- return $result;
- }
-
- /*
- * A prepared statement has several advantages. In this SW it is mainly
- * used to avoid quoting of strings
- */
- function performPreparedStatementCreateClosing($closingTime,$remark) {
- date_default_timezone_set(self::getTimeZone());
- $closingTime = date('Y-m-d H:i:s');
- $closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");
-
- $mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
- if ($mysqli->connect_errno) {
- echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
- }
-
- if (!($stmt = $mysqli->prepare($closingEntrySql))) {
- echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
- }
-
- if (!$stmt->bind_param("ss", $closingTime, $remark)) {
- echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
- }
-
- if (!$stmt->execute()) {
- echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
- }
- $id = mysqli_insert_id($mysqli);
- $stmt->close();
- mysqli_close($mysqli);
- return $id;
- }
-
- function performSqlCommandRetLastId($sqlCommand) {
- $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
-
- $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
- // Check connection
-
- if (mysqli_connect_errno())
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
-
- $result = mysqli_query($con,$sqlCommand);
- // Execute query
- if ($result)
- {
- //echo "SQL command could be executed successful";
- }
- else
- {
- echo "Error executing SQL command: " . mysqli_error($con);
- }
-
- $id = mysqli_insert_id($con);
-
- mysqli_close($con);
- return array("result" => $result, "id" => $id);
- }
-
- /*
- * Filter out escape sequences. The method requires an open db connection
- */
- function filterString($aString) {
- $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
-
- /* check connection */
- if (mysqli_connect_errno()) {
- exit();
- }
- $filteredString = $mysqli->real_escape_string($aString);
- $mysqli->close();
- return $filteredString;
- }
-
/*
* To use sql strings that are easy to read the table names are used
* without variables. But since the user can specify a prefix for all
diff --git a/webapp/php/products.php b/webapp/php/products.php
index 6db0e02..3f750f9 100644
--- a/webapp/php/products.php
+++ b/webapp/php/products.php
@@ -73,7 +73,8 @@ class Products {
} else if ($command == 'getAllExtrasAlphaSorted') {
$this->getAllExtrasAlphaSorted();
} else if ($command == 'getSingleProdData') {
- $this->getSingleProdData($_GET['id']);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $this->getSingleProdData($pdo,$_GET['id']);
} else if ($command == 'getSingleTypeData') {
$this->getSingleTypeData($_GET['id']);
} else if ($command == 'applySingleProdData') {
@@ -237,45 +238,7 @@ class Products {
$result = $stmt->fetchAll(PDO::FETCH_OBJ);
return $result;
}
-
- // ************************************************************
- // * Start OLD part
- // ************************************************************
-
- // Utility function: find the roomid if the tableid is known
- function getRoomFromTableid($tableid) {
- // Find roomid for table (variable roomid works in the one direction, but if called by back-button, not)
- $sql = "select " . DB_ROOM_TABLE . ".id as id from " . DB_ROOM_TABLE . ", " . DB_RESTTABLES_TABLE . " where " . DB_RESTTABLES_TABLE . ".id = '" . $tableid . "' and " . DB_ROOM_TABLE . ".id = " . DB_RESTTABLES_TABLE . ".roomid;";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $roomid = $zeile['id'];
- mysqli_free_result( $dbresult );
- return $roomid;
- }
-
- function areThereProductsInTheCategory($categoryid) {
- $sql = "SELECT id FROM " . DB_PRODUCTS_TABLE . " WHERE category = " . $categoryid . " AND available='1';";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEnttry = mysqli_num_rows($dbresult);
- mysqli_free_result( $dbresult );
- if ($numberOfEnttry > 0) {
- return true;
- } else {
- return false;
- }
- }
- function areThereCategoriesInTheCategory($categoryid) {
- $sql = "SELECT id FROM %prodtype% WHERE removed is null AND reference = $categoryid";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $numberOfEntry = mysqli_num_rows($dbresult);
- mysqli_free_result( $dbresult );
- if ($numberOfEntry > 0) {
- return true;
- } else {
- return false;
- }
- }
/*
* Return in array all products with their id and longname that have a reference to
@@ -285,14 +248,17 @@ class Products {
* ["id" => 1, "longname" => "Whatever Product"],
* ["id" => 2, "longname" => "Whatever Other Product"], ...
*/
- private function getProductsWithReferenz($ref) {
+ private function getProductsWithReferenz($pdo,$ref) {
$prods = array();
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category is null ORDER BY sorting";
if ($ref > 0) {
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category=$ref ORDER BY sorting";
}
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+
+ foreach($result as $zeile) {
$prod_entry = array(
"id" => $zeile['id'],
"shortname" => $zeile['shortname'],
@@ -306,7 +272,6 @@ class Products {
"type" => "p");
$prods[] = $prod_entry;
}
- mysqli_free_result( $dbresult );
return $prods;
}
@@ -354,30 +319,23 @@ class Products {
* ["id" => 1, "name" => "Meal"],
* ["id" => 2, "name" => "Drinks"], ...
*/
- private function getProdTypesWithReferenz($ref) {
- $types = array();
- $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference is null";
+ private function getProdTypesWithReferenz($pdo,$ref) {
+
+ $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference is null";
if ($ref > 0) {
- $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference=$ref";
+ $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference=$ref";
}
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
- $prod_entry = array(
- "id" => $zeile['id'],
- "name" => $zeile['name'],
- "kind" => $zeile['kind'],
- "usekitchen" => $zeile['usekitchen'],
- "usesupplydesk" => $zeile['usesupplydesk'],
- "printer" => $zeile['printer'],
- "type" => "t");
- $types[] = $prod_entry;
- }
- mysqli_free_result( $dbresult );
+
+ $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
+ $stmt->execute();
+ $types = $stmt->fetchAll();
+
return $types;
}
function showDbProducts() {
- $productArray = $this->getDbProductsWithRef_json_version(0,0);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $productArray = $this->getDbProductsWithRef_json_version($pdo,0,0);
echo json_encode($productArray);
}
@@ -429,8 +387,8 @@ class Products {
echo json_encode(array("status" => "OK", "msg" => $msg));
}
- function readDbProducts() {
- $speisekarte = $this->readDbProductsWithRef_json_version(0,0);
+ function readDbProducts($pdo) {
+ $speisekarte = $this->readDbProductsWithRef_json_version($pdo,0,0);
$speisekarte .= $this->readExtrasFromDb(null);
return $speisekarte;
}
@@ -475,6 +433,8 @@ class Products {
}
private function exportCsv() {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+
$decpoint = $this->getDecPoint();
$file_name = "datenexport-produkte.csv";
header("Content-type: text/x-csv");
@@ -494,8 +454,10 @@ class Products {
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+ foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['prodid'];
@@ -512,30 +474,17 @@ class Products {
echo "$val1; $val2; $val3; \"$val4\"; \"$val5\"; $val6; $val7; $val8; $val9; $val10; $val11; $val12; $val13\n";
}
- mysqli_free_result( $dbresult );
}
- function getSingleProdData($id) {
+ function getSingleProdData($pdo,$id) {
if (is_numeric($id)) {
- $sql = "SELECT shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=$id";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
+ $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=?";
- $prod_entry = array(
- "id" => $id,
- "shortname" => $zeile['shortname'],
- "longname" => $zeile['longname'],
- "available" => $zeile['available'],
- "priceA" => $zeile['priceA'],
- "priceB" => $zeile['priceB'],
- "priceC" => $zeile['priceC'],
- "tax" => $zeile['tax'],
- "audio" => $zeile['audio'],
- "favorite" => $zeile['favorite']
- );
-
- mysqli_free_result( $dbresult );
- echo json_encode($prod_entry);
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($id));
+ $row = $stmt->fetchObject();
+
+ echo json_encode($row);
}
}
@@ -946,9 +895,6 @@ class Products {
if (!is_numeric($id) || !is_numeric($available) || !is_numeric($favorite) ||!is_numeric($priceA) || !is_numeric($priceB) || !is_numeric($priceC) || (!is_numeric($tax) && ($tax != "null")) ) {
return;
}
- $priceA = $this->dbutils->filterString($priceA);
- $priceB = $this->dbutils->filterString($priceB);
- $priceC = $this->dbutils->filterString($priceC);
if ($tax == "null") {
$tax = null;
@@ -984,7 +930,7 @@ class Products {
}
$pdo->commit();
- $this->getSingleProdData($id);
+ $this->getSingleProdData($pdo,$id);
}
private static function updateHistOnlyForExtrasOfProd($pdo,$aProdId,$histextra) {
@@ -1125,12 +1071,12 @@ class Products {
function delTypeCore($pdo,$id) {
- $allTypesInThisLevel = $this->getProdTypesWithReferenz($id);
+ $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$id);
foreach ($allTypesInThisLevel as $aType) {
$this->delTypeCore($pdo, $aType["id"]);
}
- $allProdsInThisLevel = $this->getProductsWithReferenz($id);
+ $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$id);
foreach ($allProdsInThisLevel as $aProd) {
self::declareProductAsDeletedWithoutResort($pdo, $aProd["id"]);
}
@@ -1153,11 +1099,11 @@ class Products {
/*
* Return a html table with all products in a structured way
*/
- private function getDbProductsWithRef_json_version($ref,$depth) {
+ private function getDbProductsWithRef_json_version($pdo,$ref,$depth) {
$allProdsAndTypesInThisLevel = array();
- $allProdsInThisLevel = $this->getProductsWithReferenz($ref);
- $allTypesInThisLevel = $this->getProdTypesWithReferenz($ref);
+ $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
+ $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prod $aProdType,"content" => $this->getDbProductsWithRef_json_version($typeRef,$depth+1));
+ $allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($pdo,$typeRef,$depth+1));
}
return $allProdsAndTypesInThisLevel;
}
// return in text format
- private function readDbProductsWithRef_json_version($ref,$depth) {
+ private function readDbProductsWithRef_json_version($pdo,$ref,$depth) {
$decpoint = $this->getDecPoint();
$text = "";
$allProdsAndTypesInThisLevel = array();
- $allProdsInThisLevel = $this->getProductsWithReferenz($ref);
- $allTypesInThisLevel = $this->getProdTypesWithReferenz($ref);
+ $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
+ $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prodreadDbProductsWithRef_json_version($typeRef,$depth+1);
+ $text .= $this->readDbProductsWithRef_json_version($pdo,$typeRef,$depth+1);
}
return $text;
}
- private function numberOfProdsInProdType($theId) {
- // how many prods are related to this type?
- $sql = "SELECT COUNT(id) FROM %products% WHERE removed is null AND category=$theId";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $noProdsInThisProdType = $zeile['COUNT(id)'];
- mysqli_free_result( $dbresult );
-
- // iterate over all prodtypes in this prodtype
- $prodtypesInside = $this->getProdTypesWithReferenz($theId);
- for ($i=0;$i < count($prodtypesInside);$i++) {
- $anInsideProdType = $prodtypesInside[i];
- // recursive
- $noProdsInThisProdType += $this->numberOfProdsInProdType($anInsideProdType["id"]);
- }
- return $noProdsInThisProdType;
- }
-
private function getPriceLevelInfo() {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
if(session_id() == '') {
session_start();
}
$lang = $_SESSION['language'];
- $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel();
+ $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"];
$currentPriceLevelName = $currentPriceLevel["name"];
@@ -1267,8 +1196,11 @@ class Products {
} else if ($lang == 2) {
$sql = "SELECT id,name,info_esp as info FROM %pricelevel%";
}
- $dbresult = $this->dbutils->performSqlCommand($sql);
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+ foreach($result as $zeile) {
$theId = $zeile['id'];
$selected = "0";
if ($theId == $currentPriceLevelId) {
@@ -1282,7 +1214,6 @@ class Products {
"selected" => $selected);
$pricelevels[] = $levels_entry;
}
- mysqli_free_result( $dbresult );
$retArray = array("currentId" => $currentPriceLevelId, "currentName" => $currentPriceLevelName, "levels" => $pricelevels);
echo json_encode($retArray);
@@ -1290,13 +1221,17 @@ class Products {
private function setPriceLevelInfo($levelId) {
if (is_numeric($levelId)) {
- $updateSql = "UPDATE %config% SET setting=$levelId WHERE name='pricelevel'";
- $dbresult = $this->dbutils->performSqlCommand($updateSql);
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $updateSql = "UPDATE %config% SET setting=? WHERE name='pricelevel'";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
+ $stmt->execute(array($levelId));
+
echo json_encode("OK");
}
}
private function getSpeisekarte() {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
$legend = file_get_contents("../customer/menulegend.txt");
$decpoint = $this->getDecPoint();
@@ -1318,7 +1253,7 @@ class Products {
// no products defined yet - present Beispiel
$text = $legend;
} else {
- $text = $legend . $this->readDbProducts();
+ $text = $legend . $this->readDbProducts($pdo);
}
echo json_encode(array("status" => "OK","msg" => $text, "predef" => $predef));
diff --git a/webapp/php/queuecontent.php b/webapp/php/queuecontent.php
index 18b9db9..4416ccb 100644
--- a/webapp/php/queuecontent.php
+++ b/webapp/php/queuecontent.php
@@ -104,22 +104,12 @@ class QueueContent {
echo "Command not supported.";
}
}
-
- function getTableNameFromId($tableid) {
- if ($tableid == 0) {
- return "";
- }
- $sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $tablename = $zeile['tableno'];
- mysqli_free_result( $dbresult );
- return $tablename;
- }
// needed if paydesk gets the tableid by direct call
function getJsonTableNameFromId($tableid) {
- echo json_encode($this->getTableNameFromId($tableid));
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
+ $commonUtils = new CommonUtils();
+ echo json_encode($commonUtils->getTableNameFromId($pdo,$tableid));
}
function getDateValueAsBoolInterpretatedIcon($aValue) {
@@ -558,7 +548,7 @@ class QueueContent {
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$productid = $zeile['prodid'];
- $useConditions = $this->getUseKitchenAndSupplyForProd($productid);
+ $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usekitchen"] == 1) {
// yes, display it in kitchen view as cooked
$arr = array("id" => $zeile['id'],
@@ -590,7 +580,7 @@ class QueueContent {
$sql .= "AND %queue%.readytime <> '0000-00-00 00:00:00' ";
$sql .= "AND toremove <> '1' AND ";
$sql .= "ordertime is not null AND ";
- $sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind='$kind' AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND ";
+ $sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind=? AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND ";
$sql .= "%queue%.workprinted='0') ";
// now remove closed items
@@ -598,10 +588,11 @@ class QueueContent {
$sql .= "%queue%.billid=%bill%.id AND %bill%.closingid is null)) ";
$sql = $sql . "ORDER BY delivertime DESC LIMIT 10";
-
- $dbresult = $this->dbutils->performSqlCommand($sql);
-
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($kind));
+ $result = $stmt->fetchAll();
+ foreach ($result as $zeile) {
$productid = $zeile['prodid'];
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$deliveredProd = array(
@@ -614,7 +605,6 @@ class QueueContent {
);
$resultarray[] = $deliveredProd;
}
- mysqli_free_result( $dbresult );
return($resultarray);
}
@@ -643,7 +633,7 @@ class QueueContent {
echo json_encode(array("status" => "ERROR", "code" => ERROR_DB_PAR_ACCESS, "msg" => ERROR_DB_PAR_ACCESS_MSG));
} else {
$this->reallyDeclareAsCooked($pdo,$queueid);
- $useConditions = $this->getUseKitchenAndSupplyForProd($productid);
+ $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 0) {
// can bypass the supplydesk
$this->declareProductBeDeliveredWithGivenPdo($pdo,$queueid);
@@ -716,28 +706,25 @@ class QueueContent {
}
}
- private function findCategoryOfProd($prodid) {
- $sql = "SELECT category FROM %products% WHERE id=$prodid";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $categoryid = $zeile['category'];
- mysqli_free_result( $dbresult );
- return $categoryid;
+ private function findCategoryOfProd($pdo,$prodid) {
+ $sql = "SELECT category FROM %products% WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($prodid));
+ $row = $stmt->fetchObject();
+ return $row->category;
}
- private function getUseKitchenAndSupplyForProdInCat($catid) {
- $sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=$catid";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $useKit = $zeile['usekitchen'];
- $useSupply = $zeile['usesupplydesk'];
- mysqli_free_result( $dbresult );
- return array("usekitchen" => $useKit, "usesupply" => $useSupply);
+ private function getUseKitchenAndSupplyForProdInCat($pdo,$catid) {
+ $sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute(array($catid));
+ $row = $stmt->fetchObject();
+ return array("usekitchen" => $row->usekitchen, "usesupply" => $row->usesupplydesk);
}
- private function getUseKitchenAndSupplyForProd($prodid) {
- $catid = $this->findCategoryOfProd($prodid);
- return $this->getUseKitchenAndSupplyForProdInCat($catid);
+ private function getUseKitchenAndSupplyForProd($pdo,$prodid) {
+ $catid = $this->findCategoryOfProd($pdo,$prodid);
+ return $this->getUseKitchenAndSupplyForProdInCat($pdo,$catid);
}
private function getUseKitchenAndSupplyForProdWithPdo($pdo,$prodid) {
@@ -782,7 +769,7 @@ class QueueContent {
$normaltax = $row->setting;
// get current pricelevel
- $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel();
+ $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"];
$insertedQueueIds = array();
@@ -1104,11 +1091,9 @@ class QueueContent {
}
- // **********************************
- // * Kassenfunktionen *
- // **********************************
function getJsonProductsOfTableToPay($tableid) {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT %queue%.id as id,longname,%queue%.price as price,%queue%.tax,%pricelevel%.name as pricelevelname,%products%.id as prodid
FROM %queue%
INNER JOIN %products% ON %queue%.productid = %products%.id
@@ -1120,22 +1105,21 @@ class QueueContent {
}
$sql .= "AND paidtime is null AND toremove <> '1' AND ordertime is not null AND isclosed is null ORDER BY ordertime;";
- $dbresult = $this->dbutils->performSqlCommand($sql);
-
- $prodsToPay = array();
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
+ $stmt->execute();
+ $result = $stmt->fetchAll();
+ foreach ($result as $zeile) {
$thePrice = $zeile['price'];
$theTax = $zeile['tax'];
$thePriceLevelName = $zeile['pricelevelname'];
$longName = $zeile['longname'];
$queueid = $zeile['id'];
- $extras = $this->getExtrasOfQueueItem(null,$queueid);
+ $extras = $this->getExtrasOfQueueItem($pdo,$queueid);
$prodId = $zeile['prodid'];
$prodsToPay[] = array("id" => $queueid, "prodid" => $prodId, "longname" => $longName, "pricelevelname" => $thePriceLevelName, "price" => $thePrice, "tax" => $theTax, "extras" => $extras);
}
- mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "msg" => $prodsToPay));
}
@@ -1202,11 +1186,13 @@ class QueueContent {
}
function declareProductNotBeDelivered($queueid) {
+ $pdo = DbUtils::openDbAndReturnPdoStatic();
if (is_numeric($queueid)) {
date_default_timezone_set(DbUtils::getTimeZone());
$delivertime = date('Y-m-d H:i:s');
- $updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id='" . $queueid . "';";
- $dbresult = $this->dbutils->performSqlCommand($updateSql);
+ $updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id=?";
+ $stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
+ $stmt->execute(array($queueid));
}
}
@@ -1388,7 +1374,7 @@ class QueueContent {
if ($numberOfReadyProducts >= $numberOfProductsTotalToServe) {
$tablestatus = "complete";
- $tableheadeline = $commonUtils->getTableNameFromId($tableid);
+ $tableheadeline = $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds[] = array(
"tableheadline" => $tableheadeline,
"tableid" => $tableid,
@@ -1397,7 +1383,7 @@ class QueueContent {
"prodsOfTable" => $arrayOfProdsOfATable);
} else {
$tablestatus = "incomplete";
- $tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($tableid);
+ $tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds_incomplete_tables[] = array(
"tableheadline" => $tableheadeline,
"tableid" => $tableid,
@@ -1472,7 +1458,7 @@ class QueueContent {
$lastDeliveredProds = array();
foreach($result as $zeile) {
$productid = $zeile['prodid'];
- $useConditions = $this->getUseKitchenAndSupplyForProd($productid);
+ $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 1) {
// yes, display it in supplydesk view as cooked
@@ -1568,11 +1554,9 @@ class QueueContent {
$this->commonUtils->setLastBillIdInWorkTable($pdo, $billid);
}
- $brutto = $this->dbutils->filterString($brutto);
if (is_null($tableid)) {
$tableid = 0;
}
- $tableid = $this->dbutils->filterString($tableid);
// now calculate the signature for the bill entry
$signature = $this->commonUtils->calcSignatureForBill($pdo,$currentTime, $brutto, $netto, '0.00', $userid);
diff --git a/webapp/php/roomtables.php b/webapp/php/roomtables.php
index c86cd56..6fd468a 100644
--- a/webapp/php/roomtables.php
+++ b/webapp/php/roomtables.php
@@ -32,9 +32,7 @@ class Roomtables {
} else if ($command == 'showAllRoomsAndTablesWithUnpaidItems') {
$this->showAllRoomsAndTablesWithUnpaidItems();
} else if ($command == 'getUnpaidTables') {
- $this->getUnpaidTables($_GET['roomid']);
- } else if ($command == 'showAllTablesOfRoom') {
- $this->showAllTablesOfRoom();
+ $this->getUnpaidTables($_GET['roomid']);
} else if ($command == 'getRoomfield') {
$this->getRoomfield();
} else if ($command == 'setRoomInfo') {
@@ -249,51 +247,7 @@ class Roomtables {
return array();
}
}
-
-
- // Part of chain to choose a product, here we know the room and show all tables there
- function showAllTablesOfRoom()
- {
- // Parameter for this method
- $roomid = $_GET['roomid'];
-
- // Find name of room to display in table header
- $sql = "SELECT id,roomname FROM %room% WHERE id='$roomid' AND removed is null";
- $dbresult = $this->dbutils->performSqlCommand($sql);
- $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
- $roomid = $zeile['id'];
- $roomname = $zeile['roomname'];
- mysqli_free_result( $dbresult );
-
- // Navigation table - home - back
- echo '';
-
- $nextFunction = $_GET['nextfunction'];
-
- $sql = "SELECT id,tableno FROM " . DB_RESTTABLES_TABLE . " WHERE roomid=" . $roomid;
- $dbresult = $this->dbutils->performSqlCommand($sql);
-
-
- // create a table that is optimal (sqrt-like size)
- $numberOfIcons = mysqli_num_rows($dbresult);
- $arrayOfButtons = array();
- while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
- $roomid = $zeile['id'];
-
- $onClickMethod = $nextFunction . '(' . $zeile['id'] . ',' . $roomid . ');';
- $aButtonEntry = array ("textOfButton" => $zeile['tableno'],
- "onClickMethod" => $onClickMethod);
- $arrayOfButtons[] = $aButtonEntry;
-
- }
- mysqli_free_result( $dbresult );
- $commonUtils = new CommonUtils();
- $commonUtils->createGridTableWithSqrtSizeOfButtons($arrayOfButtons);
- }
+
function setRoomInfo($rooms) {
$pdo = $this->dbutils->openDbAndReturnPdo();
diff --git a/webapp/php/utilities/HistFiller.php b/webapp/php/utilities/HistFiller.php
index a5d1077..afcfefa 100644
--- a/webapp/php/utilities/HistFiller.php
+++ b/webapp/php/utilities/HistFiller.php
@@ -27,26 +27,25 @@ class HistFiller {
$stmt->execute(array('10', 'DbRestore', 'Wiederherstellung der Datenbank aus einer Sicherungskopie'));
}
- public function readUserTableAndSendToHist() {
+ public function readUserTableAndSendToHist($pdo) {
$sql = "SELECT * FROM %user%";
- $this->readSqlUserTableAndSendToHist($sql,'3');
+ $this->readSqlUserTableAndSendToHist($pdo,$sql,'3');
}
- public function updateOneUser($userid) {
+ public function updateOneUser($pdo,$userid) {
$sql = "SELECT * FROM %user% WHERE id='$userid'";
- $this->readSqlUserTableAndSendToHist($sql,'8');
+ $this->readSqlUserTableAndSendToHist($pdo,$sql,'8');
}
/*
* Read the complete user table and fill in these values to the histtable
*/
- private function readSqlUserTableAndSendToHist($sql_query, $histaction) {
+ private function readSqlUserTableAndSendToHist($pdo,$sql_query, $histaction) {
$sql_insert_histuser = "INSERT INTO %histuser% (id,userid,username,
is_admin,right_waiter,right_kitchen,right_bar,right_supply,right_paydesk,right_statistics,
right_bill,right_products,right_reservation,right_rating,right_changeprice,right_manager,active) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
-
- $pdo = $this->dbutils->openDbAndReturnPdo();
+
$pdo->beginTransaction();
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_query));
@@ -65,23 +64,23 @@ class HistFiller {
$pdo->commit();
}
- public function updateUserInHist($userid,$username,
+ public function updateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active)
{
- $this->updateOrCreateUserInHist($userid,$username,
+ $this->updateOrCreateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active,'8');
}
- public function createUserInHist($lastId,$username,
+ public function createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager)
{
- $this->updateOrCreateUserInHist($lastId,$username,
+ $this->updateOrCreateUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,'1','7');
}
- public function updateOrCreateUserInHist($id,$username,
+ public function updateOrCreateUserInHist($pdo,$id,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,
$active,$histaction) {
@@ -90,7 +89,6 @@ class HistFiller {
`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`active`) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
- $pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$stmt_insert_histuser = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_insert_histuser));
$stmt_insert_histuser->execute(array($id,$username,
diff --git a/webapp/preferences.html b/webapp/preferences.html
index c406fa9..9e0b01a 100644
--- a/webapp/preferences.html
+++ b/webapp/preferences.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/products.html b/webapp/products.html
index f91120d..4cb19a4 100644
--- a/webapp/products.html
+++ b/webapp/products.html
@@ -7,7 +7,7 @@
-
+
diff --git a/webapp/rating.html b/webapp/rating.html
index e1643cd..637a46b 100644
--- a/webapp/rating.html
+++ b/webapp/rating.html
@@ -7,7 +7,7 @@
-
+
diff --git a/webapp/reports.html b/webapp/reports.html
index 761f266..5445eb4 100644
--- a/webapp/reports.html
+++ b/webapp/reports.html
@@ -7,7 +7,7 @@
-
+
diff --git a/webapp/reservation.html b/webapp/reservation.html
index d9fb51d..a5d8b5a 100644
--- a/webapp/reservation.html
+++ b/webapp/reservation.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/supplydesk.html b/webapp/supplydesk.html
index 9b27b12..2bb3f1d 100644
--- a/webapp/supplydesk.html
+++ b/webapp/supplydesk.html
@@ -5,7 +5,7 @@
-
+
diff --git a/webapp/waiter.html b/webapp/waiter.html
index 6c3f970..cc7b874 100644
--- a/webapp/waiter.html
+++ b/webapp/waiter.html
@@ -4,7 +4,7 @@
-
+
@@ -440,8 +440,7 @@ function hasUserPaydeskRight(userRight) {
function hideMenuRoom() {
$( "#modulepanel-room" ).panel( "close" );
- $("#menuswitchroom").off("click").on("click", function (e) {
- $("#menuswitch").trigger("mouseout");
+ $("#menuswitch").off("click").on("click", function (e) {
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-room" ).panel( "open" );;
@@ -451,7 +450,6 @@ function hideMenuRoom() {
function hideMenuTable() {
$( "#modulepanel-table" ).panel( "close" );
$("#menuswitchtable").off("click").on("click", function (e) {
- $("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-table" ).panel( "open" );;
@@ -461,7 +459,6 @@ function hideMenuTable() {
function hideMenuProd() {
$( "#modulepanel-prod" ).panel( "close" );
$("#menuswitchprod").off("click").on("click", function (e) {
- $("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-prod" ).panel( "open" );;
@@ -772,7 +769,6 @@ function insertTableList(roominfo) {
function initializeEverything() {
lastSelectedProduct = "";
$(".modules").off("click").on("click", function (e) {
- $("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
moduleForward(this.id);
@@ -2316,7 +2312,7 @@ function bindSendNewOrdersButton() {