From 8f6f59e47afc16609e6a02d976259afa30055961 Mon Sep 17 00:00:00 2001 From: Geno Date: Thu, 19 Nov 2020 22:54:51 +0100 Subject: [PATCH] OrderSprinter 1.1.11 --- printserver/OrderSprinterPrintserver.exe | Bin 260096 -> 260096 bytes webapp/OrderSprinterPrintserver.exe | Bin 260096 -> 260096 bytes webapp/bar.html | 2 +- webapp/bill.html | 2 +- webapp/feedback.html | 2 +- webapp/index.html | 4 +- webapp/install.html | 2 +- webapp/install/installer.php | 18 +- webapp/kitchen.html | 2 +- webapp/manager.html | 2 +- webapp/paydesk.html | 2 +- webapp/php/admin.php | 271 ++++++++++++----------- webapp/php/bill.php | 25 +-- webapp/php/closing.php | 117 +++++----- webapp/php/commonutils.php | 33 ++- webapp/php/config.php | 0 webapp/php/dbutils.php | 100 --------- webapp/php/products.php | 183 +++++---------- webapp/php/queuecontent.php | 96 ++++---- webapp/php/roomtables.php | 50 +---- webapp/php/utilities/HistFiller.php | 24 +- webapp/preferences.html | 2 +- webapp/products.html | 2 +- webapp/rating.html | 2 +- webapp/reports.html | 2 +- webapp/reservation.html | 2 +- webapp/supplydesk.html | 2 +- webapp/waiter.html | 10 +- 28 files changed, 360 insertions(+), 597 deletions(-) mode change 100755 => 100644 webapp/php/config.php diff --git a/printserver/OrderSprinterPrintserver.exe b/printserver/OrderSprinterPrintserver.exe index e22062990c59838627780df841478ef953bcb239..5475577caa1dcb30daf34efd4ad9b62082975360 100644 GIT binary patch delta 162 zcmZqpz~AtJe?kZI%~NX{yIZ>%Tf3RIb~DTOGIDQU-OId2RmIH0#mUgn+)~%k)WBHR z#KqW1*U8YtP}juB$k^D$$;8RU%xQb|W@aXBM#JrO_n7Cg3RDW-&R||@t=&vpyP4&C8M(Hv?qy!1s$yX3WMN_K^g MDsN}{#{7>F0AA!YwEzGB diff --git a/webapp/OrderSprinterPrintserver.exe b/webapp/OrderSprinterPrintserver.exe index e22062990c59838627780df841478ef953bcb239..5475577caa1dcb30daf34efd4ad9b62082975360 100644 GIT binary patch delta 162 zcmZqpz~AtJe?kZI%~NX{yIZ>%Tf3RIb~DTOGIDQU-OId2RmIH0#mUgn+)~%k)WBHR z#KqW1*U8YtP}juB$k^D$$;8RU%xQb|W@aXBM#JrO_n7Cg3RDW-&R||@t=&vpyP4&C8M(Hv?qy!1s$yX3WMN_K^g MDsN}{#{7>F0AA!YwEzGB diff --git a/webapp/bar.html b/webapp/bar.html index da78d28..7a6b615 100644 --- a/webapp/bar.html +++ b/webapp/bar.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/bill.html b/webapp/bill.html index 65af5dc..e4999fc 100644 --- a/webapp/bill.html +++ b/webapp/bill.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/feedback.html b/webapp/feedback.html index e4b57c4..2db66b4 100644 --- a/webapp/feedback.html +++ b/webapp/feedback.html @@ -4,7 +4,7 @@ - + diff --git a/webapp/index.html b/webapp/index.html index dcdb985..51512a8 100644 --- a/webapp/index.html +++ b/webapp/index.html @@ -7,8 +7,8 @@ - - + + diff --git a/webapp/install.html b/webapp/install.html index a5d594e..56deb8a 100644 --- a/webapp/install.html +++ b/webapp/install.html @@ -679,7 +679,7 @@ $(document).ready(function() {   - +   diff --git a/webapp/install/installer.php b/webapp/install/installer.php index 43ea192..ed2b864 100644 --- a/webapp/install/installer.php +++ b/webapp/install/installer.php @@ -766,6 +766,18 @@ $ret &= $this->setVersion($prefix, '1.1.10'); return $ret; } +function updateUserTable1110_1111($prefix,$version) { +$ret = true; +if ($version != "1.1.10") { +$ret = $this->updateUserTable1109_1110($prefix,$version); +if (!$ret) { +return false; +} +} +$ret &= $this->setVersion($prefix, '1.1.11'); +return $ret; +} + function setVersion($prefix,$theVersion) { $pdo = $this->pdo; try { @@ -837,7 +849,7 @@ $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VAL $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'billlanguage', $billlanguage)"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'currency', '$currency')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'receiptfontsize', '12')"); -$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.10')"); +$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.11')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'paymentconfig', '0')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'remoteaccesscode', null)"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'decpoint', '$decpoint')"); @@ -1210,7 +1222,7 @@ return; $supportedVersions = array("1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29", "1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39", "1.0.40", -"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9" +"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9","1.1.10" ); if (!in_array($version, $supportedVersions)) { @@ -1218,7 +1230,7 @@ echo json_encode("Quellversion nicht unterstützt"); return; } -$ret = $admin->updateUserTable1109_1110($_POST['prefix'], $version); +$ret = $admin->updateUserTable1110_1111($_POST['prefix'], $version); if(session_id() == '') { session_start(); diff --git a/webapp/kitchen.html b/webapp/kitchen.html index a4bd4f0..16aac9c 100644 --- a/webapp/kitchen.html +++ b/webapp/kitchen.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/manager.html b/webapp/manager.html index 607c311..31c7aff 100644 --- a/webapp/manager.html +++ b/webapp/manager.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/paydesk.html b/webapp/paydesk.html index cd780c3..9b5483f 100644 --- a/webapp/paydesk.html +++ b/webapp/paydesk.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/php/admin.php b/webapp/php/admin.php index 9eebeec..33dc53f 100644 --- a/webapp/php/admin.php +++ b/webapp/php/admin.php @@ -3,7 +3,6 @@ require_once ('dbutils.php'); require_once ('globals.php'); require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php'); -require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php'); require_once ('utilities/userrights.php'); require_once ('utilities/HistFiller.php'); require_once ('utilities/basedb.php'); @@ -960,11 +959,12 @@ class Admin { } - function fillSampleContentBySqlFile($sqlFile) { + function fillSampleContentBySqlFile($pdo,$sqlFile) { $handle = fopen ($sqlFile, "r"); while (!feof($handle)) { - $sql = fgets($handle); - $this->dbutils->performSqlCommand($sql); + $sql = fgets($handle); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); } fclose ($handle); } @@ -1038,30 +1038,29 @@ class Admin { return $ret; } - /* obsolete: not needed any more after replacement by matrix in manager.html */ - private function fillSampleRoomsAndTable($fileName) { - $roomsAndTableHandler = new RoomsAndTableFileManager(); - $roomsAndTableHandler->readRoomTableDefinition($fileName); - } - private function fillSampleContent() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); // first remove previous content, then fill the SQL file $sql = "DELETE FROM `%queue%`"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $this->fillSampleContentBySqlFile("samples/queuecontent.txt"); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt"); $sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'"; - $dbresult = $this->dbutils->performSqlCommand($sql); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); $sql = "DELETE FROM `%histuser%`"; - $dbresult = $this->dbutils->performSqlCommand($sql); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); $sql = "DELETE FROM `%user%`"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $this->fillSampleContentBySqlFile("samples/usercontent.txt"); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt"); - $this->histfiller->readUserTableAndSendToHist(); + $this->histfiller->readUserTableAndSendToHist($pdo); } function getJsonMenuItemsAndVersion() { @@ -1105,19 +1104,19 @@ class Admin { $right_rating = $_SESSION['right_rating']; if (!self::isOnlyRatingUser($rights, $right_rating, true)) { - if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.10"); }; - if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.10"); }; - if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.10"); }; - if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.10"); }; + if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.11"); }; + if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.11"); }; + if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.11"); }; + if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.11"); }; if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); }; - if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.10"); }; - if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.10"); }; - if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.10"); }; - if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.10"); }; - if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.10"); }; - if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.10"); }; - $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.10"); - $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.10"); + if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.11"); }; + if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.11"); }; + if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.11"); }; + if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.11"); }; + if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.11"); }; + if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.11"); }; + $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.11"); + $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.11"); } $mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php"); @@ -1126,7 +1125,7 @@ class Admin { $waiterMessage = $this->getMessage(null, "waitermessage"); } // CAUTION: change version also in config.txt!!! - $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.10", + $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.11", "user" => $currentUser, "menu" => $mainMenu, "waitermessage" => $waiterMessage, @@ -1136,32 +1135,12 @@ class Admin { } function getUserList() { - $userInfo = array(); - $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { - $userEntry = array ("username" => $zeile['username'], - "id" => $zeile['id'], - "is_admin" => $zeile['is_admin'], - "right_waiter" => $zeile['right_waiter'], - "right_kitchen" => $zeile['right_kitchen'], - "right_bar" => $zeile['right_bar'], - "right_supply" => $zeile['right_supply'], - "right_paydesk" => $zeile['right_paydesk'], - "right_statistics" => $zeile['right_statistics'], - "right_bill" => $zeile['right_bill'], - "right_products" => $zeile['right_products'], - "right_reservation" => $zeile['right_reservation'], - "right_rating" => $zeile['right_rating'], - "right_changeprice" => $zeile['right_changeprice'], - "right_manager" => $zeile['right_manager'] - ); - $userInfo[] = $userEntry; - } - - mysqli_free_result($dbresult); - echo json_encode($userInfo); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + echo json_encode($result); } function setTime($day,$month,$year,$hour,$min) { @@ -1191,13 +1170,14 @@ class Admin { function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) { - // check if the user with that name already exists - $sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); - mysqli_free_result($dbresult); - - if ($numberOfEntries > 0) { + $pdo = DbUtils::openDbAndReturnPdoStatic(); + + $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($username)); + $row = $stmt->fetchObject(); + + if ($row->countid > 0) { echo json_encode("exists"); return; } else { @@ -1215,20 +1195,24 @@ class Admin { // instead if password_hash (PHP > 5.5) use MD5... $password_hash = md5($password); $userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES ("; - $userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rReservation', '$rRating', '$rChangeprice', '$rManager', '$lang','1','1','1','1','1')"; - $dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql); - $lastId = $dbresult['id']; + $userInsertSql .= " NULL, ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql)); + $stmt->execute(array($username,$password_hash,$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager,$lang,1,1,1,1,1)); + + $lastId = $pdo->lastInsertId(); + echo json_encode("OK"); } } // now this has to be logged in the history tables... - $this->histfiller->createUserInHist($lastId,$username, + $this->histfiller->createUserInHist($pdo,$lastId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager); } function getPayPrintType() { - $this->sendJsonValueFromConfigTable('payprinttype'); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $this->sendJsonValueFromConfigTable($pdo,'payprinttype'); } function getPayments() { @@ -1258,8 +1242,8 @@ class Admin { echo json_encode($retArray); } - function sendJsonValueFromConfigTable($whichValue) { - $theVal = $this->getValueFromConfigTable($whichValue); + function sendJsonValueFromConfigTable($pdo,$whichValue) { + $theVal = $this->getValueFromConfigTable($pdo,$whichValue); if ($theVal == null) { echo json_encode(""); } else { @@ -1267,16 +1251,17 @@ class Admin { } } - function getValueFromConfigTable($whichValue) { - $sql = "SELECT setting FROM %config% WHERE name='$whichValue'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); + function getValueFromConfigTable($pdo,$whichValue) { + $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($whichValue)); + $row = $stmt->fetchObject(); + + $numberOfEntries = $row->countid; $theValue = null; if ($numberOfEntries == 1) { - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $theValue = $zeile['setting']; + $theValue = $row->setting; } - mysqli_free_result($dbresult); return $theValue; } @@ -1438,7 +1423,7 @@ class Admin { $sql = "SELECT username,is_admin FROM %user% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($theUserId)); - $row =$stmt->fetchObject(); + $row = $stmt->fetchObject(); $username = $row->username; $userToModIsAdmin = $row->is_admin; @@ -1456,7 +1441,7 @@ class Admin { // now this has to be logged in the history tables... - $this->histfiller->updateUserInHist($theUserId,$username, + $this->histfiller->updateUserInHist($pdo,$theUserId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1'); echo json_encode("OK"); @@ -1464,32 +1449,31 @@ class Admin { } function deleteUser($theUserId) { - $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$theUserId'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); - $userToDelIsAdmin = false; - if ($numberOfEntries == 1) { - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - if(intval($zeile['is_admin']) == 1) { - $userToDelIsAdmin = true; - } - } - mysqli_free_result($dbresult); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + + $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($theUserId)); + $row =$stmt->fetchObject(); + $userToDelIsAdmin = ($row->is_admin == 1 ? true : false); if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { - $sql = "SELECT id FROM %user% WHERE active='1' AND is_admin='1' AND id <> '$theUserId'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfOtherAdmins = mysqli_num_rows($dbresult); - mysqli_free_result($dbresult); + $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($theUserId)); + $row = $stmt->fetchObject(); + $numberOfOtherAdmins = $row->countid; + if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) { echo json_encode("lastadmin"); } else { - $userSql = "UPDATE %user% set active='0' WHERE id='$theUserId'"; - $dbresult = $this->dbutils->performSqlCommand($userSql); + $userSql = "UPDATE %user% set active='0' WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); + $stmt->execute(array($theUserId)); - $this->histfiller->updateOneUser($theUserId); + $this->histfiller->updateOneUser($pdo,$theUserId); echo json_encode("OK"); } @@ -1509,18 +1493,19 @@ class Admin { } function changepassword($userid,$password) { - $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$userid'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + + $sql = "SELECT count(id) as countid, is_admin FROM %user% WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($userid)); + $row = $stmt->fetchObject(); $userToChgPassIsAdm = false; - if ($numberOfEntries == 1) { - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - if(intval($zeile['is_admin']) == 1) { + if ($row->countid == 1) { + if ($row->is_admin == 1) { $userToChgPassIsAdm = true; } } - mysqli_free_result($dbresult); - + if(session_id() == '') { session_start(); } @@ -1533,8 +1518,9 @@ class Admin { echo json_encode("noadmin"); } else { $password_hash = md5($password); - $userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND id='$userid'"; - $dbresult = $this->dbutils->performSqlCommand($userSql); + $userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); + $stmt->execute(array($password_hash,$userid)); echo json_encode("OK"); } } @@ -1543,11 +1529,13 @@ class Admin { if(session_id() == '') { session_start(); } - $currentuser = $_SESSION['currentuser']; + $currentuserid = $_SESSION['userid']; $_SESSION['language'] = intval($language); - - $userSql = "UPDATE %user% set language='$language' WHERE active='1' AND username='$currentuser'"; - $dbresult = $this->dbutils->performSqlCommand($userSql); + + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $sql = "UPDATE %user% set language=? WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($language,$currentuserid)); echo json_encode("OK"); } @@ -1555,11 +1543,13 @@ class Admin { if(session_id() == '') { session_start(); } - $currentuser = $_SESSION['currentuser']; + $currentuserid = $_SESSION['userid']; $_SESSION['receiptprinter'] = intval($printer); - - $userSql = "UPDATE %user% set receiptprinter='$printer' WHERE active='1' AND username='$currentuser'"; - $dbresult = $this->dbutils->performSqlCommand($userSql); + + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($printer,$currentuserid)); echo json_encode("OK"); } @@ -1567,12 +1557,14 @@ class Admin { if(session_id() == '') { session_start(); } - $currentuser = $_SESSION['currentuser']; + $currentuserid = $_SESSION['userid']; $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $_SESSION[$assoc[$btn]] = intval($size); - $userSql = "UPDATE %user% set " . $assoc[$btn] . "='$size' WHERE active='1' AND username='$currentuser'"; - $dbresult = $this->dbutils->performSqlCommand($userSql); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($size,$currentuserid)); echo json_encode("OK"); } @@ -1583,28 +1575,31 @@ class Admin { $currentuser = $_SESSION['currentuser']; $oldp_hash = md5($oldpassword); + $pdo = DbUtils::openDbAndReturnPdoStatic(); $ok = true; // is old password correct? - $sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntries = mysqli_num_rows($dbresult); + $sql = "SELECT count(id) as countid,userpassword FROM %user% WHERE username=? AND active='1'"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($currentuser)); + $row = $stmt->fetchObject(); + + $numberOfEntries = $row->countid; if ($numberOfEntries == 1) { - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - if ($zeile['userpassword'] != $oldp_hash) { + if ($row->userpassword != $oldp_hash) { $ok = false; } } else { // user not found $ok = false; - } - mysqli_free_result($dbresult); + } if ($ok) { // allowed to change password $newp_hash = md5($newpassword); - $sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'"; - $dbresult = $this->dbutils->performSqlCommand($sql); + $sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($newp_hash,$currentuser)); echo json_encode("OK"); } else { echo json_encode("FAILED"); @@ -1620,6 +1615,7 @@ class Admin { } private function exportConfigCsv() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-config.csv"); echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n"); @@ -1632,9 +1628,12 @@ class Admin { $sql .= " AND (action='2' OR action='6') "; $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; - - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + + foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['configitem']; @@ -1643,11 +1642,11 @@ class Admin { $val5 = $zeile['description']; echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n"; - } - mysqli_free_result( $dbresult ); + } } private function exportUserCsv() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-benutzer.csv"); echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n"); @@ -1662,8 +1661,11 @@ class Admin { $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + + foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['userid']; @@ -1686,7 +1688,6 @@ class Admin { echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;"; echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n"; } - mysqli_free_result( $dbresult ); } /** diff --git a/webapp/php/bill.php b/webapp/php/bill.php index d66f7b3..6a0f839 100644 --- a/webapp/php/bill.php +++ b/webapp/php/bill.php @@ -360,7 +360,7 @@ class Bill { echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut)); } - function getLastBillsWithContent($day,$month,$year) { + function getLastBillsWithContent($day,$month,$year) { date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); $startDate = "$year-$month-$day 00:00:00"; @@ -385,7 +385,6 @@ class Bill { foreach($result as $zeile) { $theId = $zeile['id']; if (!$commonUtils->verifyBill($pdo, $theId)) { - mysqli_free_result( $dbresult ); echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG)); return; } @@ -399,7 +398,7 @@ class Bill { "longdate" => $zeile['billdate'], "shortdate" => $shortdate, "brutto" => $zeile['brutto'], - "tablename" => $commonUtils->getTableNameFromId($zeile['tableid']), + "tablename" => $commonUtils->getTableNameFromId($pdo,$zeile['tableid']), "billcontent" => $this->getBillWithId($theId,$l,0), "isClosed" => $isClosed ); @@ -447,25 +446,25 @@ class Bill { * Cancel a bill - set all queue items to not paid and drop the bill entry */ private function cancelBill($billid,$stornocode,$reason) { + $pdo = DbUtils::openDbAndReturnPdoStatic(); // current time date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); // check if stornocode is correct - $sql = "SELECT setting FROM %config% WHERE name='stornocode'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfVals = mysqli_num_rows($dbresult); + $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name='stornocode'"; + $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); + $stmt->execute(); + $row = $stmt->fetchObject(); + $numberOfVals = $row->countid; if ($numberOfVals != 1) { // stornocode not fixed - mysqli_free_result( $dbresult ); echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG)); return; } - - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $stornocodeInDb = $zeile['setting']; - - mysqli_free_result( $dbresult ); + + $stornocodeInDb = $row->setting; + if ($stornocode != $stornocodeInDb) { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG)); return; @@ -478,8 +477,6 @@ class Bill { } // Do transactional cancel - - $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); // is the bill already closed? In this case no cancel is allowed! diff --git a/webapp/php/closing.php b/webapp/php/closing.php index eb22a23..d57ebfc 100644 --- a/webapp/php/closing.php +++ b/webapp/php/closing.php @@ -72,7 +72,6 @@ $remark = ""; $decpoint = $this->getDecPoint(); // first create a closing entry -$remark = $this->dbutils->filterString($remark); date_default_timezone_set(DbUtils::getTimeZone()); $closingTime = date('Y-m-d H:i:s'); @@ -204,19 +203,20 @@ $newversionavailable = @file_get_contents($url, false, $ctx); echo json_encode(array("status" => "OK", "msg" => $content)); } -private function getSumOfBillsWithClosingId($closingid,$onlyBar) { -$sql = "SELECT sum(brutto) as billsum FROM %bill% WHERE closingid='$closingid'"; +private function getSumOfBillsWithClosingId($pdo,$closingid,$onlyBar) { +$sql = "SELECT count(id) as countid,sum(brutto) as billsum FROM %bill% WHERE closingid=?"; if ($onlyBar) { $sql .= " AND paymentid='1'"; } -$dbresult = $this->dbutils->performSqlCommand($sql); -$numberOfReturns = mysqli_num_rows($dbresult); +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(array($closingid)); +$row = $stmt->fetchObject(); + +$numberOfReturns = $row->countid; $sum = 0.0; -if ($numberOfReturns == 1) { -$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); -$sum = floatval($zeile["billsum"]); +if ($numberOfReturns > 0) { +$sum = floatval($row->billsum); } -mysqli_free_result( $dbresult ); return $sum; } @@ -254,48 +254,49 @@ $lastDayInMonth = date("t", mktime(0, 0, 0, $month, 1, $year)); $dateStart = $year . $monthText . "01"; $dateEnd = $year . $monthText . $lastDayInMonth; -$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN '" . $dateStart . "' AND '" . $dateEnd . "' ORDER BY closingdate DESC LIMIT 30;"; -$dbresult = $this->dbutils->performSqlCommand($sql); - -$resultarray = array(); -while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) -{ -$theId = $zeile['id']; -$closingDate = $zeile['closingdate']; +$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN ? AND ? ORDER BY closingdate DESC;"; +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(array($dateStart,$dateEnd)); +$result = $stmt->fetchAll(); + +$resultarray = array(); +foreach($result as $zeile) { +$theId = $zeile['id']; $closingDate = $zeile['closingdate']; $remark = $zeile['remark']; -$totalSum = $this->getSumOfBillsWithClosingId($theId, false); -$cashSum = $this->getSumOfBillsWithClosingId($theId, true); +$totalSum = $this->getSumOfBillsWithClosingId($pdo,$theId, false); +$cashSum = $this->getSumOfBillsWithClosingId($pdo,$theId, true); $userSums = $this->getUserGroupedSumOfClosing($pdo, $theId); $closingEntry = array("id" => $theId, "closingDate" => $closingDate, "remark" => $remark, "totalsum" => $totalSum, "cashsum" => $cashSum, "usersums" => $userSums); $resultarray[] = $closingEntry; -} -mysqli_free_result( $dbresult ); +} echo json_encode(array("status" => "OK", "msg" => $resultarray)); } -private function getPaymentArray() { +private function getPaymentArray($pdo) { $sql = "SELECT id,name FROM %payment%"; -$dbresult = $this->dbutils->performSqlCommand($sql); +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(); +$result = $stmt->fetchAll(); $retArray = array(); -while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) -{ +foreach($result as $zeile) { $retArray[$zeile['id']] = $zeile['name']; } -mysqli_free_result( $dbresult ); return $retArray; } private function getClosing($closingid) { -$this->retrieveClosingFromDb($closingid, false, false); +$pdo = DbUtils::openDbAndReturnPdoStatic(); +$this->retrieveClosingFromDb($pdo,$closingid, false, false); } private function exportCsv($closingid) { -$this->retrieveClosingFromDb($closingid, true, false); +$pdo = DbUtils::openDbAndReturnPdoStatic(); +$this->retrieveClosingFromDb($pdo,$closingid, true, false); } private function emailCsvCore($pdo,$closingid,$toEmail,$topic,$startdate,$enddate,$billsum,$billcount) { -$msg = $this->retrieveClosingFromDb($closingid, false, true); +$msg = $this->retrieveClosingFromDb($pdo,$closingid, false, true); $msg = "Zeitraum: $startdate - $enddate\nBrutto-Summe: $billsum\nEnthaltene Bons: $billcount\n\n" . $msg; $msg = str_replace("\n", "\r\n", $msg); @@ -391,7 +392,7 @@ echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "ms } } -private function retrieveClosingFromDb($closingid,$doCsvExport,$onlyresultreturn) { +private function retrieveClosingFromDb($pdo,$closingid,$doCsvExport,$onlyresultreturn) { if(session_id() == '') { session_start(); } @@ -401,7 +402,7 @@ $commonUtils = new CommonUtils(); $currency = $commonUtils->getCurrency(); $decpoint = $this->getDecPoint(); -$paymentArray = $this->getPaymentArray(); +$paymentArray = $this->getPaymentArray($pdo); $previousClosingDate = self::getDateOfPreviousClosing(null,$closingid); $csv = ""; @@ -424,33 +425,20 @@ $csv .= $this->t['Ref'][$l] . "\n"; } -$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id='$closingid'"; -$dbresult = $this->dbutils->performSqlCommand($sql); -$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); -$closingdate = $zeile['closingdate']; -$remark = $zeile['remark']; -$billsum = $zeile['billsum']; -$billcount = $zeile['billcount']; -$signature = $zeile['signature']; -mysqli_free_result( $dbresult ); +$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id=?"; +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(array($closingid)); +$row = $stmt->fetchObject(); +$closingdate = $row->closingdate; +$remark = $row->remark; +$billsum = $row->billsum; +$billcount = $row->billcount; +$signature = $row->signature; -$billIdsAndPaymentsForThatClosing = array(); -$sql = "SELECT %bill%.id as billid,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=$closingid AND %bill%.userid = %user%.id ORDER BY billdate"; -$dbresult = $this->dbutils->performSqlCommand($sql); -while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { -$billIdsAndPaymentsForThatClosing[] = array( -"id" => $zeile['billid'], -"payment" => $zeile['paymentid'], -"userid" => $zeile['userid'], -"username" => $zeile['username'], -"status" => $zeile['status'], -"brutto" => $zeile['brutto'], -"netto" => $zeile['netto'], -"tax" => $zeile['tax'], -"ref" => $zeile['ref'], -"billdate" => $zeile['billdate']); -} -mysqli_free_result( $dbresult ); +$sql = "SELECT %bill%.id as id,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=? AND %bill%.userid = %user%.id ORDER BY billdate"; +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(array($closingid)); +$billIdsAndPaymentsForThatClosing = $stmt->fetchAll(); $foundBillCount = count($billIdsAndPaymentsForThatClosing); @@ -462,7 +450,6 @@ $startDate = $previousClosingDate; $billsumstr = number_format($billsum, 2, ".", ''); $data = "I($closingid)-S($startDate)-E($closingdate)-D($billcount)-S($billsumstr)"; -$pdo = $this->dbutils->openDbAndReturnPdo(); $pubkeyid = $commonUtils->getCert($pdo); $ok = openssl_verify($data, $signature, $pubkeyid); openssl_free_key($pubkeyid); @@ -514,19 +501,20 @@ $csv .= "$aBillId; \"$billdate\" ; \"" . $this->t['cashaction'][$l] . "\" ; \"$b } } else { -$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid='$aBillId' AND %billproducts%.queueid=%queue%.id"; +$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid=?' AND %billproducts%.queueid=%queue%.id"; if ($status == 'x') { $statusTxt = $this->t["laterCancelled"][$l]; } else if ($status == 's') { $statusTxt = $this->t["storno"][$l]; } else { $statusTxt = ""; -$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=$aBillId"; +$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=?"; } - -$dbresult = $this->dbutils->performSqlCommand($sql); - -while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + +$stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); +$stmt->execute(array($aBillId)); +$result = $stmt->fetchAll(); +foreach ($result as $zeile) { $productname = $zeile['productname']; $tax = $zeile['tax']; @@ -555,7 +543,6 @@ if ($doCsvExport || $onlyresultreturn) { $csv .= "$aBillId; \"$paidtime\" ; \"$productname\" ; \"$price\" ; \"$netto\" ; \"$formattedtax\" ; \"$paymentArray[$paymentid]\"; $userid; \"$username\"; \"$statusTxt\"; $ref\n"; } } -mysqli_free_result( $dbresult ); } } if ($doCsvExport) { diff --git a/webapp/php/commonutils.php b/webapp/php/commonutils.php index e73386e..4cdee55 100644 --- a/webapp/php/commonutils.php +++ b/webapp/php/commonutils.php @@ -191,30 +191,29 @@ class CommonUtils { $this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy'); } - function getTableNameFromId($tableid) { + function getTableNameFromId($pdo,$tableid) { if (is_null($tableid) || ($tableid == 0)) { return "-"; // togo } - $sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $tablename = $zeile['tableno']; - mysqli_free_result( $dbresult ); - return $tablename; + $sql = "SELECT tableno FROM %resttables% WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($tableid)); + $row = $stmt->fetchObject(); + return $row->tableno; } - function getCurrentPriceLevel() { + function getCurrentPriceLevel($pdo) { $sql = "SELECT setting FROM %config% WHERE name='pricelevel'"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $pricelevelid = $zeile['setting']; - mysqli_free_result( $dbresult ); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $row = $stmt->fetchObject(); + $pricelevelid = $row->setting; - $sql = "SELECT id,name FROM %pricelevel% WHERE id=$pricelevelid"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $pricelevelname = $zeile['name']; - mysqli_free_result( $dbresult ); + $sql = "SELECT id,name FROM %pricelevel% WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($pricelevelid)); + $row = $stmt->fetchObject(); + $pricelevelname = $row->name; return (array("id" => $pricelevelid, "name" => $pricelevelname)); } diff --git a/webapp/php/config.php b/webapp/php/config.php old mode 100755 new mode 100644 diff --git a/webapp/php/dbutils.php b/webapp/php/dbutils.php index be17e80..40d699d 100644 --- a/webapp/php/dbutils.php +++ b/webapp/php/dbutils.php @@ -92,106 +92,6 @@ class DbUtils { } } - function performSqlCommand($sqlCommand) { - $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand); - - $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); - // Check connection - - if (mysqli_connect_errno()) - { - echo "Failed to connect to MySQL: " . mysqli_connect_error(); - } - - $result = mysqli_query($con,$sqlCommand); - // Execute query - if ($result) - { - //echo "SQL command could be executed successful"; - } - else - { - echo "Error executing SQL command: " . mysqli_error($con); - } - - mysqli_close($con); - return $result; - } - - /* - * A prepared statement has several advantages. In this SW it is mainly - * used to avoid quoting of strings - */ - function performPreparedStatementCreateClosing($closingTime,$remark) { - date_default_timezone_set(self::getTimeZone()); - $closingTime = date('Y-m-d H:i:s'); - $closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)"); - - $mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); - if ($mysqli->connect_errno) { - echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; - } - - if (!($stmt = $mysqli->prepare($closingEntrySql))) { - echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; - } - - if (!$stmt->bind_param("ss", $closingTime, $remark)) { - echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; - } - - if (!$stmt->execute()) { - echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; - } - $id = mysqli_insert_id($mysqli); - $stmt->close(); - mysqli_close($mysqli); - return $id; - } - - function performSqlCommandRetLastId($sqlCommand) { - $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand); - - $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); - // Check connection - - if (mysqli_connect_errno()) - { - echo "Failed to connect to MySQL: " . mysqli_connect_error(); - } - - $result = mysqli_query($con,$sqlCommand); - // Execute query - if ($result) - { - //echo "SQL command could be executed successful"; - } - else - { - echo "Error executing SQL command: " . mysqli_error($con); - } - - $id = mysqli_insert_id($con); - - mysqli_close($con); - return array("result" => $result, "id" => $id); - } - - /* - * Filter out escape sequences. The method requires an open db connection - */ - function filterString($aString) { - $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); - - /* check connection */ - if (mysqli_connect_errno()) { - exit(); - } - $filteredString = $mysqli->real_escape_string($aString); - $mysqli->close(); - return $filteredString; - } - /* * To use sql strings that are easy to read the table names are used * without variables. But since the user can specify a prefix for all diff --git a/webapp/php/products.php b/webapp/php/products.php index 6db0e02..3f750f9 100644 --- a/webapp/php/products.php +++ b/webapp/php/products.php @@ -73,7 +73,8 @@ class Products { } else if ($command == 'getAllExtrasAlphaSorted') { $this->getAllExtrasAlphaSorted(); } else if ($command == 'getSingleProdData') { - $this->getSingleProdData($_GET['id']); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $this->getSingleProdData($pdo,$_GET['id']); } else if ($command == 'getSingleTypeData') { $this->getSingleTypeData($_GET['id']); } else if ($command == 'applySingleProdData') { @@ -237,45 +238,7 @@ class Products { $result = $stmt->fetchAll(PDO::FETCH_OBJ); return $result; } - - // ************************************************************ - // * Start OLD part - // ************************************************************ - - // Utility function: find the roomid if the tableid is known - function getRoomFromTableid($tableid) { - // Find roomid for table (variable roomid works in the one direction, but if called by back-button, not) - $sql = "select " . DB_ROOM_TABLE . ".id as id from " . DB_ROOM_TABLE . ", " . DB_RESTTABLES_TABLE . " where " . DB_RESTTABLES_TABLE . ".id = '" . $tableid . "' and " . DB_ROOM_TABLE . ".id = " . DB_RESTTABLES_TABLE . ".roomid;"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $roomid = $zeile['id']; - mysqli_free_result( $dbresult ); - return $roomid; - } - - function areThereProductsInTheCategory($categoryid) { - $sql = "SELECT id FROM " . DB_PRODUCTS_TABLE . " WHERE category = " . $categoryid . " AND available='1';"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEnttry = mysqli_num_rows($dbresult); - mysqli_free_result( $dbresult ); - if ($numberOfEnttry > 0) { - return true; - } else { - return false; - } - } - function areThereCategoriesInTheCategory($categoryid) { - $sql = "SELECT id FROM %prodtype% WHERE removed is null AND reference = $categoryid"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $numberOfEntry = mysqli_num_rows($dbresult); - mysqli_free_result( $dbresult ); - if ($numberOfEntry > 0) { - return true; - } else { - return false; - } - } /* * Return in array all products with their id and longname that have a reference to @@ -285,14 +248,17 @@ class Products { * ["id" => 1, "longname" => "Whatever Product"], * ["id" => 2, "longname" => "Whatever Other Product"], ... */ - private function getProductsWithReferenz($ref) { + private function getProductsWithReferenz($pdo,$ref) { $prods = array(); $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category is null ORDER BY sorting"; if ($ref > 0) { $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category=$ref ORDER BY sorting"; } - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + + foreach($result as $zeile) { $prod_entry = array( "id" => $zeile['id'], "shortname" => $zeile['shortname'], @@ -306,7 +272,6 @@ class Products { "type" => "p"); $prods[] = $prod_entry; } - mysqli_free_result( $dbresult ); return $prods; } @@ -354,30 +319,23 @@ class Products { * ["id" => 1, "name" => "Meal"], * ["id" => 2, "name" => "Drinks"], ... */ - private function getProdTypesWithReferenz($ref) { - $types = array(); - $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference is null"; + private function getProdTypesWithReferenz($pdo,$ref) { + + $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference is null"; if ($ref > 0) { - $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference=$ref"; + $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference=$ref"; } - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { - $prod_entry = array( - "id" => $zeile['id'], - "name" => $zeile['name'], - "kind" => $zeile['kind'], - "usekitchen" => $zeile['usekitchen'], - "usesupplydesk" => $zeile['usesupplydesk'], - "printer" => $zeile['printer'], - "type" => "t"); - $types[] = $prod_entry; - } - mysqli_free_result( $dbresult ); + + $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); + $stmt->execute(); + $types = $stmt->fetchAll(); + return $types; } function showDbProducts() { - $productArray = $this->getDbProductsWithRef_json_version(0,0); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $productArray = $this->getDbProductsWithRef_json_version($pdo,0,0); echo json_encode($productArray); } @@ -429,8 +387,8 @@ class Products { echo json_encode(array("status" => "OK", "msg" => $msg)); } - function readDbProducts() { - $speisekarte = $this->readDbProductsWithRef_json_version(0,0); + function readDbProducts($pdo) { + $speisekarte = $this->readDbProductsWithRef_json_version($pdo,0,0); $speisekarte .= $this->readExtrasFromDb(null); return $speisekarte; } @@ -475,6 +433,8 @@ class Products { } private function exportCsv() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $decpoint = $this->getDecPoint(); $file_name = "datenexport-produkte.csv"; header("Content-type: text/x-csv"); @@ -494,8 +454,10 @@ class Products { $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['prodid']; @@ -512,30 +474,17 @@ class Products { echo "$val1; $val2; $val3; \"$val4\"; \"$val5\"; $val6; $val7; $val8; $val9; $val10; $val11; $val12; $val13\n"; } - mysqli_free_result( $dbresult ); } - function getSingleProdData($id) { + function getSingleProdData($pdo,$id) { if (is_numeric($id)) { - $sql = "SELECT shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=$id"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); + $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=?"; - $prod_entry = array( - "id" => $id, - "shortname" => $zeile['shortname'], - "longname" => $zeile['longname'], - "available" => $zeile['available'], - "priceA" => $zeile['priceA'], - "priceB" => $zeile['priceB'], - "priceC" => $zeile['priceC'], - "tax" => $zeile['tax'], - "audio" => $zeile['audio'], - "favorite" => $zeile['favorite'] - ); - - mysqli_free_result( $dbresult ); - echo json_encode($prod_entry); + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($id)); + $row = $stmt->fetchObject(); + + echo json_encode($row); } } @@ -946,9 +895,6 @@ class Products { if (!is_numeric($id) || !is_numeric($available) || !is_numeric($favorite) ||!is_numeric($priceA) || !is_numeric($priceB) || !is_numeric($priceC) || (!is_numeric($tax) && ($tax != "null")) ) { return; } - $priceA = $this->dbutils->filterString($priceA); - $priceB = $this->dbutils->filterString($priceB); - $priceC = $this->dbutils->filterString($priceC); if ($tax == "null") { $tax = null; @@ -984,7 +930,7 @@ class Products { } $pdo->commit(); - $this->getSingleProdData($id); + $this->getSingleProdData($pdo,$id); } private static function updateHistOnlyForExtrasOfProd($pdo,$aProdId,$histextra) { @@ -1125,12 +1071,12 @@ class Products { function delTypeCore($pdo,$id) { - $allTypesInThisLevel = $this->getProdTypesWithReferenz($id); + $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$id); foreach ($allTypesInThisLevel as $aType) { $this->delTypeCore($pdo, $aType["id"]); } - $allProdsInThisLevel = $this->getProductsWithReferenz($id); + $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$id); foreach ($allProdsInThisLevel as $aProd) { self::declareProductAsDeletedWithoutResort($pdo, $aProd["id"]); } @@ -1153,11 +1099,11 @@ class Products { /* * Return a html table with all products in a structured way */ - private function getDbProductsWithRef_json_version($ref,$depth) { + private function getDbProductsWithRef_json_version($pdo,$ref,$depth) { $allProdsAndTypesInThisLevel = array(); - $allProdsInThisLevel = $this->getProductsWithReferenz($ref); - $allTypesInThisLevel = $this->getProdTypesWithReferenz($ref); + $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref); + $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref); for ($index_prod=0;$index_prod $aProdType,"content" => $this->getDbProductsWithRef_json_version($typeRef,$depth+1)); + $allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($pdo,$typeRef,$depth+1)); } return $allProdsAndTypesInThisLevel; } // return in text format - private function readDbProductsWithRef_json_version($ref,$depth) { + private function readDbProductsWithRef_json_version($pdo,$ref,$depth) { $decpoint = $this->getDecPoint(); $text = ""; $allProdsAndTypesInThisLevel = array(); - $allProdsInThisLevel = $this->getProductsWithReferenz($ref); - $allTypesInThisLevel = $this->getProdTypesWithReferenz($ref); + $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref); + $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref); for ($index_prod=0;$index_prodreadDbProductsWithRef_json_version($typeRef,$depth+1); + $text .= $this->readDbProductsWithRef_json_version($pdo,$typeRef,$depth+1); } return $text; } - private function numberOfProdsInProdType($theId) { - // how many prods are related to this type? - $sql = "SELECT COUNT(id) FROM %products% WHERE removed is null AND category=$theId"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $noProdsInThisProdType = $zeile['COUNT(id)']; - mysqli_free_result( $dbresult ); - - // iterate over all prodtypes in this prodtype - $prodtypesInside = $this->getProdTypesWithReferenz($theId); - for ($i=0;$i < count($prodtypesInside);$i++) { - $anInsideProdType = $prodtypesInside[i]; - // recursive - $noProdsInThisProdType += $this->numberOfProdsInProdType($anInsideProdType["id"]); - } - return $noProdsInThisProdType; - } - private function getPriceLevelInfo() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); if(session_id() == '') { session_start(); } $lang = $_SESSION['language']; - $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel(); + $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo); $currentPriceLevelId = $currentPriceLevel["id"]; $currentPriceLevelName = $currentPriceLevel["name"]; @@ -1267,8 +1196,11 @@ class Products { } else if ($lang == 2) { $sql = "SELECT id,name,info_esp as info FROM %pricelevel%"; } - $dbresult = $this->dbutils->performSqlCommand($sql); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + foreach($result as $zeile) { $theId = $zeile['id']; $selected = "0"; if ($theId == $currentPriceLevelId) { @@ -1282,7 +1214,6 @@ class Products { "selected" => $selected); $pricelevels[] = $levels_entry; } - mysqli_free_result( $dbresult ); $retArray = array("currentId" => $currentPriceLevelId, "currentName" => $currentPriceLevelName, "levels" => $pricelevels); echo json_encode($retArray); @@ -1290,13 +1221,17 @@ class Products { private function setPriceLevelInfo($levelId) { if (is_numeric($levelId)) { - $updateSql = "UPDATE %config% SET setting=$levelId WHERE name='pricelevel'"; - $dbresult = $this->dbutils->performSqlCommand($updateSql); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $updateSql = "UPDATE %config% SET setting=? WHERE name='pricelevel'"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql)); + $stmt->execute(array($levelId)); + echo json_encode("OK"); } } private function getSpeisekarte() { + $pdo = DbUtils::openDbAndReturnPdoStatic(); $legend = file_get_contents("../customer/menulegend.txt"); $decpoint = $this->getDecPoint(); @@ -1318,7 +1253,7 @@ class Products { // no products defined yet - present Beispiel $text = $legend; } else { - $text = $legend . $this->readDbProducts(); + $text = $legend . $this->readDbProducts($pdo); } echo json_encode(array("status" => "OK","msg" => $text, "predef" => $predef)); diff --git a/webapp/php/queuecontent.php b/webapp/php/queuecontent.php index 18b9db9..4416ccb 100644 --- a/webapp/php/queuecontent.php +++ b/webapp/php/queuecontent.php @@ -104,22 +104,12 @@ class QueueContent { echo "Command not supported."; } } - - function getTableNameFromId($tableid) { - if ($tableid == 0) { - return ""; - } - $sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $tablename = $zeile['tableno']; - mysqli_free_result( $dbresult ); - return $tablename; - } // needed if paydesk gets the tableid by direct call function getJsonTableNameFromId($tableid) { - echo json_encode($this->getTableNameFromId($tableid)); + $pdo = DbUtils::openDbAndReturnPdoStatic(); + $commonUtils = new CommonUtils(); + echo json_encode($commonUtils->getTableNameFromId($pdo,$tableid)); } function getDateValueAsBoolInterpretatedIcon($aValue) { @@ -558,7 +548,7 @@ class QueueContent { $extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']); $productid = $zeile['prodid']; - $useConditions = $this->getUseKitchenAndSupplyForProd($productid); + $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid); if ($useConditions["usekitchen"] == 1) { // yes, display it in kitchen view as cooked $arr = array("id" => $zeile['id'], @@ -590,7 +580,7 @@ class QueueContent { $sql .= "AND %queue%.readytime <> '0000-00-00 00:00:00' "; $sql .= "AND toremove <> '1' AND "; $sql .= "ordertime is not null AND "; - $sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind='$kind' AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND "; + $sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind=? AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND "; $sql .= "%queue%.workprinted='0') "; // now remove closed items @@ -598,10 +588,11 @@ class QueueContent { $sql .= "%queue%.billid=%bill%.id AND %bill%.closingid is null)) "; $sql = $sql . "ORDER BY delivertime DESC LIMIT 10"; - - $dbresult = $this->dbutils->performSqlCommand($sql); - - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($kind)); + $result = $stmt->fetchAll(); + foreach ($result as $zeile) { $productid = $zeile['prodid']; $extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']); $deliveredProd = array( @@ -614,7 +605,6 @@ class QueueContent { ); $resultarray[] = $deliveredProd; } - mysqli_free_result( $dbresult ); return($resultarray); } @@ -643,7 +633,7 @@ class QueueContent { echo json_encode(array("status" => "ERROR", "code" => ERROR_DB_PAR_ACCESS, "msg" => ERROR_DB_PAR_ACCESS_MSG)); } else { $this->reallyDeclareAsCooked($pdo,$queueid); - $useConditions = $this->getUseKitchenAndSupplyForProd($productid); + $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid); if ($useConditions["usesupply"] == 0) { // can bypass the supplydesk $this->declareProductBeDeliveredWithGivenPdo($pdo,$queueid); @@ -716,28 +706,25 @@ class QueueContent { } } - private function findCategoryOfProd($prodid) { - $sql = "SELECT category FROM %products% WHERE id=$prodid"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $categoryid = $zeile['category']; - mysqli_free_result( $dbresult ); - return $categoryid; + private function findCategoryOfProd($pdo,$prodid) { + $sql = "SELECT category FROM %products% WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($prodid)); + $row = $stmt->fetchObject(); + return $row->category; } - private function getUseKitchenAndSupplyForProdInCat($catid) { - $sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=$catid"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $useKit = $zeile['usekitchen']; - $useSupply = $zeile['usesupplydesk']; - mysqli_free_result( $dbresult ); - return array("usekitchen" => $useKit, "usesupply" => $useSupply); + private function getUseKitchenAndSupplyForProdInCat($pdo,$catid) { + $sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(array($catid)); + $row = $stmt->fetchObject(); + return array("usekitchen" => $row->usekitchen, "usesupply" => $row->usesupplydesk); } - private function getUseKitchenAndSupplyForProd($prodid) { - $catid = $this->findCategoryOfProd($prodid); - return $this->getUseKitchenAndSupplyForProdInCat($catid); + private function getUseKitchenAndSupplyForProd($pdo,$prodid) { + $catid = $this->findCategoryOfProd($pdo,$prodid); + return $this->getUseKitchenAndSupplyForProdInCat($pdo,$catid); } private function getUseKitchenAndSupplyForProdWithPdo($pdo,$prodid) { @@ -782,7 +769,7 @@ class QueueContent { $normaltax = $row->setting; // get current pricelevel - $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel(); + $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo); $currentPriceLevelId = $currentPriceLevel["id"]; $insertedQueueIds = array(); @@ -1104,11 +1091,9 @@ class QueueContent { } - // ********************************** - // * Kassenfunktionen * - // ********************************** function getJsonProductsOfTableToPay($tableid) { + $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT %queue%.id as id,longname,%queue%.price as price,%queue%.tax,%pricelevel%.name as pricelevelname,%products%.id as prodid FROM %queue% INNER JOIN %products% ON %queue%.productid = %products%.id @@ -1120,22 +1105,21 @@ class QueueContent { } $sql .= "AND paidtime is null AND toremove <> '1' AND ordertime is not null AND isclosed is null ORDER BY ordertime;"; - $dbresult = $this->dbutils->performSqlCommand($sql); - - $prodsToPay = array(); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { + $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); + $stmt->execute(); + $result = $stmt->fetchAll(); + foreach ($result as $zeile) { $thePrice = $zeile['price']; $theTax = $zeile['tax']; $thePriceLevelName = $zeile['pricelevelname']; $longName = $zeile['longname']; $queueid = $zeile['id']; - $extras = $this->getExtrasOfQueueItem(null,$queueid); + $extras = $this->getExtrasOfQueueItem($pdo,$queueid); $prodId = $zeile['prodid']; $prodsToPay[] = array("id" => $queueid, "prodid" => $prodId, "longname" => $longName, "pricelevelname" => $thePriceLevelName, "price" => $thePrice, "tax" => $theTax, "extras" => $extras); } - mysqli_free_result( $dbresult ); echo json_encode(array("status" => "OK", "msg" => $prodsToPay)); } @@ -1202,11 +1186,13 @@ class QueueContent { } function declareProductNotBeDelivered($queueid) { + $pdo = DbUtils::openDbAndReturnPdoStatic(); if (is_numeric($queueid)) { date_default_timezone_set(DbUtils::getTimeZone()); $delivertime = date('Y-m-d H:i:s'); - $updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id='" . $queueid . "';"; - $dbresult = $this->dbutils->performSqlCommand($updateSql); + $updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id=?"; + $stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql)); + $stmt->execute(array($queueid)); } } @@ -1388,7 +1374,7 @@ class QueueContent { if ($numberOfReadyProducts >= $numberOfProductsTotalToServe) { $tablestatus = "complete"; - $tableheadeline = $commonUtils->getTableNameFromId($tableid); + $tableheadeline = $commonUtils->getTableNameFromId($pdo,$tableid); $preparedProds[] = array( "tableheadline" => $tableheadeline, "tableid" => $tableid, @@ -1397,7 +1383,7 @@ class QueueContent { "prodsOfTable" => $arrayOfProdsOfATable); } else { $tablestatus = "incomplete"; - $tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($tableid); + $tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($pdo,$tableid); $preparedProds_incomplete_tables[] = array( "tableheadline" => $tableheadeline, "tableid" => $tableid, @@ -1472,7 +1458,7 @@ class QueueContent { $lastDeliveredProds = array(); foreach($result as $zeile) { $productid = $zeile['prodid']; - $useConditions = $this->getUseKitchenAndSupplyForProd($productid); + $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid); if ($useConditions["usesupply"] == 1) { // yes, display it in supplydesk view as cooked @@ -1568,11 +1554,9 @@ class QueueContent { $this->commonUtils->setLastBillIdInWorkTable($pdo, $billid); } - $brutto = $this->dbutils->filterString($brutto); if (is_null($tableid)) { $tableid = 0; } - $tableid = $this->dbutils->filterString($tableid); // now calculate the signature for the bill entry $signature = $this->commonUtils->calcSignatureForBill($pdo,$currentTime, $brutto, $netto, '0.00', $userid); diff --git a/webapp/php/roomtables.php b/webapp/php/roomtables.php index c86cd56..6fd468a 100644 --- a/webapp/php/roomtables.php +++ b/webapp/php/roomtables.php @@ -32,9 +32,7 @@ class Roomtables { } else if ($command == 'showAllRoomsAndTablesWithUnpaidItems') { $this->showAllRoomsAndTablesWithUnpaidItems(); } else if ($command == 'getUnpaidTables') { - $this->getUnpaidTables($_GET['roomid']); - } else if ($command == 'showAllTablesOfRoom') { - $this->showAllTablesOfRoom(); + $this->getUnpaidTables($_GET['roomid']); } else if ($command == 'getRoomfield') { $this->getRoomfield(); } else if ($command == 'setRoomInfo') { @@ -249,51 +247,7 @@ class Roomtables { return array(); } } - - - // Part of chain to choose a product, here we know the room and show all tables there - function showAllTablesOfRoom() - { - // Parameter for this method - $roomid = $_GET['roomid']; - - // Find name of room to display in table header - $sql = "SELECT id,roomname FROM %room% WHERE id='$roomid' AND removed is null"; - $dbresult = $this->dbutils->performSqlCommand($sql); - $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); - $roomid = $zeile['id']; - $roomname = $zeile['roomname']; - mysqli_free_result( $dbresult ); - - // Navigation table - home - back - echo ''; - echo ''; - echo '
'; - echo '' . $roomname; - echo '
'; - - $nextFunction = $_GET['nextfunction']; - - $sql = "SELECT id,tableno FROM " . DB_RESTTABLES_TABLE . " WHERE roomid=" . $roomid; - $dbresult = $this->dbutils->performSqlCommand($sql); - - - // create a table that is optimal (sqrt-like size) - $numberOfIcons = mysqli_num_rows($dbresult); - $arrayOfButtons = array(); - while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { - $roomid = $zeile['id']; - - $onClickMethod = $nextFunction . '(' . $zeile['id'] . ',' . $roomid . ');'; - $aButtonEntry = array ("textOfButton" => $zeile['tableno'], - "onClickMethod" => $onClickMethod); - $arrayOfButtons[] = $aButtonEntry; - - } - mysqli_free_result( $dbresult ); - $commonUtils = new CommonUtils(); - $commonUtils->createGridTableWithSqrtSizeOfButtons($arrayOfButtons); - } + function setRoomInfo($rooms) { $pdo = $this->dbutils->openDbAndReturnPdo(); diff --git a/webapp/php/utilities/HistFiller.php b/webapp/php/utilities/HistFiller.php index a5d1077..afcfefa 100644 --- a/webapp/php/utilities/HistFiller.php +++ b/webapp/php/utilities/HistFiller.php @@ -27,26 +27,25 @@ class HistFiller { $stmt->execute(array('10', 'DbRestore', 'Wiederherstellung der Datenbank aus einer Sicherungskopie')); } - public function readUserTableAndSendToHist() { + public function readUserTableAndSendToHist($pdo) { $sql = "SELECT * FROM %user%"; - $this->readSqlUserTableAndSendToHist($sql,'3'); + $this->readSqlUserTableAndSendToHist($pdo,$sql,'3'); } - public function updateOneUser($userid) { + public function updateOneUser($pdo,$userid) { $sql = "SELECT * FROM %user% WHERE id='$userid'"; - $this->readSqlUserTableAndSendToHist($sql,'8'); + $this->readSqlUserTableAndSendToHist($pdo,$sql,'8'); } /* * Read the complete user table and fill in these values to the histtable */ - private function readSqlUserTableAndSendToHist($sql_query, $histaction) { + private function readSqlUserTableAndSendToHist($pdo,$sql_query, $histaction) { $sql_insert_histuser = "INSERT INTO %histuser% (id,userid,username, is_admin,right_waiter,right_kitchen,right_bar,right_supply,right_paydesk,right_statistics, right_bill,right_products,right_reservation,right_rating,right_changeprice,right_manager,active) VALUES ( NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; - - $pdo = $this->dbutils->openDbAndReturnPdo(); + $pdo->beginTransaction(); $stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_query)); @@ -65,23 +64,23 @@ class HistFiller { $pdo->commit(); } - public function updateUserInHist($userid,$username, + public function updateUserInHist($pdo,$userid,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active) { - $this->updateOrCreateUserInHist($userid,$username, + $this->updateOrCreateUserInHist($pdo,$userid,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat, $rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active,'8'); } - public function createUserInHist($lastId,$username, + public function createUserInHist($pdo,$lastId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager) { - $this->updateOrCreateUserInHist($lastId,$username, + $this->updateOrCreateUserInHist($pdo,$lastId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat, $rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,'1','7'); } - public function updateOrCreateUserInHist($id,$username, + public function updateOrCreateUserInHist($pdo,$id,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager, $active,$histaction) { @@ -90,7 +89,6 @@ class HistFiller { `right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`active`) VALUES ( NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; - $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); $stmt_insert_histuser = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_insert_histuser)); $stmt_insert_histuser->execute(array($id,$username, diff --git a/webapp/preferences.html b/webapp/preferences.html index c406fa9..9e0b01a 100644 --- a/webapp/preferences.html +++ b/webapp/preferences.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/products.html b/webapp/products.html index f91120d..4cb19a4 100644 --- a/webapp/products.html +++ b/webapp/products.html @@ -7,7 +7,7 @@ - + diff --git a/webapp/rating.html b/webapp/rating.html index e1643cd..637a46b 100644 --- a/webapp/rating.html +++ b/webapp/rating.html @@ -7,7 +7,7 @@ - + diff --git a/webapp/reports.html b/webapp/reports.html index 761f266..5445eb4 100644 --- a/webapp/reports.html +++ b/webapp/reports.html @@ -7,7 +7,7 @@ - + diff --git a/webapp/reservation.html b/webapp/reservation.html index d9fb51d..a5d8b5a 100644 --- a/webapp/reservation.html +++ b/webapp/reservation.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/supplydesk.html b/webapp/supplydesk.html index 9b27b12..2bb3f1d 100644 --- a/webapp/supplydesk.html +++ b/webapp/supplydesk.html @@ -5,7 +5,7 @@ - + diff --git a/webapp/waiter.html b/webapp/waiter.html index 6c3f970..cc7b874 100644 --- a/webapp/waiter.html +++ b/webapp/waiter.html @@ -4,7 +4,7 @@ - + @@ -440,8 +440,7 @@ function hasUserPaydeskRight(userRight) { function hideMenuRoom() { $( "#modulepanel-room" ).panel( "close" ); - $("#menuswitchroom").off("click").on("click", function (e) { - $("#menuswitch").trigger("mouseout"); + $("#menuswitch").off("click").on("click", function (e) { e.stopImmediatePropagation(); e.preventDefault(); $( "#modulepanel-room" ).panel( "open" );; @@ -451,7 +450,6 @@ function hideMenuRoom() { function hideMenuTable() { $( "#modulepanel-table" ).panel( "close" ); $("#menuswitchtable").off("click").on("click", function (e) { - $("#menuswitch").trigger("mouseout"); e.stopImmediatePropagation(); e.preventDefault(); $( "#modulepanel-table" ).panel( "open" );; @@ -461,7 +459,6 @@ function hideMenuTable() { function hideMenuProd() { $( "#modulepanel-prod" ).panel( "close" ); $("#menuswitchprod").off("click").on("click", function (e) { - $("#menuswitch").trigger("mouseout"); e.stopImmediatePropagation(); e.preventDefault(); $( "#modulepanel-prod" ).panel( "open" );; @@ -772,7 +769,6 @@ function insertTableList(roominfo) { function initializeEverything() { lastSelectedProduct = ""; $(".modules").off("click").on("click", function (e) { - $("#menuswitch").trigger("mouseout"); e.stopImmediatePropagation(); e.preventDefault(); moduleForward(this.id); @@ -2316,7 +2312,7 @@ function bindSendNewOrdersButton() {

Raum-Tisch

- Module + Module