OrderSprinter 1.1.11

This commit is contained in:
Geno 2020-11-19 22:54:51 +01:00
parent cdcb55771d
commit 8f6f59e47a
28 changed files with 360 additions and 597 deletions

Binary file not shown.

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -4,7 +4,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,8 +7,8 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" type="text/css" href="css/numfield.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/numfield.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -679,7 +679,7 @@ $(document).ready(function() {
<tr id=updateline> <tr id=updateline>
<td>&nbsp;</td> <td>&nbsp;</td>
<td align=center> <td align=center>
<button id="updatebtn">Update -> 1.1.10</button> <button id="updatebtn">Update -> 1.1.11</button>
</td> </td>
<td>&nbsp;</td> <td>&nbsp;</td>
</tr> </tr>

View File

@ -766,6 +766,18 @@ $ret &= $this->setVersion($prefix, '1.1.10');
return $ret; return $ret;
} }
function updateUserTable1110_1111($prefix,$version) {
$ret = true;
if ($version != "1.1.10") {
$ret = $this->updateUserTable1109_1110($prefix,$version);
if (!$ret) {
return false;
}
}
$ret &= $this->setVersion($prefix, '1.1.11');
return $ret;
}
function setVersion($prefix,$theVersion) { function setVersion($prefix,$theVersion) {
$pdo = $this->pdo; $pdo = $this->pdo;
try { try {
@ -837,7 +849,7 @@ $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VAL
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'billlanguage', $billlanguage)"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'billlanguage', $billlanguage)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'currency', '$currency')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'currency', '$currency')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'receiptfontsize', '12')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'receiptfontsize', '12')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.10')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.11')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'paymentconfig', '0')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'paymentconfig', '0')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'remoteaccesscode', null)"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'remoteaccesscode', null)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'decpoint', '$decpoint')"); $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'decpoint', '$decpoint')");
@ -1210,7 +1222,7 @@ return;
$supportedVersions = array("1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29", $supportedVersions = array("1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29",
"1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39", "1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39",
"1.0.40", "1.0.40",
"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9" "1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9","1.1.10"
); );
if (!in_array($version, $supportedVersions)) { if (!in_array($version, $supportedVersions)) {
@ -1218,7 +1230,7 @@ echo json_encode("Quellversion nicht unterstützt");
return; return;
} }
$ret = $admin->updateUserTable1109_1110($_POST['prefix'], $version); $ret = $admin->updateUserTable1110_1111($_POST['prefix'], $version);
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -3,7 +3,6 @@
require_once ('dbutils.php'); require_once ('dbutils.php');
require_once ('globals.php'); require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php'); require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
require_once ('utilities/userrights.php'); require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php'); require_once ('utilities/HistFiller.php');
require_once ('utilities/basedb.php'); require_once ('utilities/basedb.php');
@ -960,11 +959,12 @@ class Admin {
} }
function fillSampleContentBySqlFile($sqlFile) { function fillSampleContentBySqlFile($pdo,$sqlFile) {
$handle = fopen ($sqlFile, "r"); $handle = fopen ($sqlFile, "r");
while (!feof($handle)) { while (!feof($handle)) {
$sql = fgets($handle); $sql = fgets($handle);
$this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
} }
fclose ($handle); fclose ($handle);
} }
@ -1038,30 +1038,29 @@ class Admin {
return $ret; return $ret;
} }
/* obsolete: not needed any more after replacement by matrix in manager.html */
private function fillSampleRoomsAndTable($fileName) {
$roomsAndTableHandler = new RoomsAndTableFileManager();
$roomsAndTableHandler->readRoomTableDefinition($fileName);
}
private function fillSampleContent() private function fillSampleContent()
{ {
$pdo = DbUtils::openDbAndReturnPdoStatic();
// first remove previous content, then fill the SQL file // first remove previous content, then fill the SQL file
$sql = "DELETE FROM `%queue%`"; $sql = "DELETE FROM `%queue%`";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$this->fillSampleContentBySqlFile("samples/queuecontent.txt"); $stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt");
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'"; $sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$sql = "DELETE FROM `%histuser%`"; $sql = "DELETE FROM `%histuser%`";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$sql = "DELETE FROM `%user%`"; $sql = "DELETE FROM `%user%`";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$this->fillSampleContentBySqlFile("samples/usercontent.txt"); $stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt");
$this->histfiller->readUserTableAndSendToHist(); $this->histfiller->readUserTableAndSendToHist($pdo);
} }
function getJsonMenuItemsAndVersion() { function getJsonMenuItemsAndVersion() {
@ -1105,19 +1104,19 @@ class Admin {
$right_rating = $_SESSION['right_rating']; $right_rating = $_SESSION['right_rating'];
if (!self::isOnlyRatingUser($rights, $right_rating, true)) { if (!self::isOnlyRatingUser($rights, $right_rating, true)) {
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.10"); }; if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.11"); };
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.10"); }; if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.11"); };
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.10"); }; if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.11"); };
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.10"); }; if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.11"); };
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); }; if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); };
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.10"); }; if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.11"); };
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.10"); }; if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.11"); };
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.10"); }; if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.11"); };
if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.10"); }; if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.11"); };
if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.10"); }; if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.11"); };
if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.10"); }; if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.11"); };
$mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.10"); $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.11");
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.10"); $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.11");
} }
$mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php"); $mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php");
@ -1126,7 +1125,7 @@ class Admin {
$waiterMessage = $this->getMessage(null, "waitermessage"); $waiterMessage = $this->getMessage(null, "waitermessage");
} }
// CAUTION: change version also in config.txt!!! // CAUTION: change version also in config.txt!!!
$mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.10", $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.11",
"user" => $currentUser, "user" => $currentUser,
"menu" => $mainMenu, "menu" => $mainMenu,
"waitermessage" => $waiterMessage, "waitermessage" => $waiterMessage,
@ -1136,32 +1135,12 @@ class Admin {
} }
function getUserList() { function getUserList() {
$userInfo = array(); $pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin"; $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$numberOfEntries = mysqli_num_rows($dbresult); $stmt->execute();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $result = $stmt->fetchAll();
$userEntry = array ("username" => $zeile['username'], echo json_encode($result);
"id" => $zeile['id'],
"is_admin" => $zeile['is_admin'],
"right_waiter" => $zeile['right_waiter'],
"right_kitchen" => $zeile['right_kitchen'],
"right_bar" => $zeile['right_bar'],
"right_supply" => $zeile['right_supply'],
"right_paydesk" => $zeile['right_paydesk'],
"right_statistics" => $zeile['right_statistics'],
"right_bill" => $zeile['right_bill'],
"right_products" => $zeile['right_products'],
"right_reservation" => $zeile['right_reservation'],
"right_rating" => $zeile['right_rating'],
"right_changeprice" => $zeile['right_changeprice'],
"right_manager" => $zeile['right_manager']
);
$userInfo[] = $userEntry;
}
mysqli_free_result($dbresult);
echo json_encode($userInfo);
} }
function setTime($day,$month,$year,$hour,$min) { function setTime($day,$month,$year,$hour,$min) {
@ -1191,13 +1170,14 @@ class Admin {
function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) { function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) {
// check if the user with that name already exists $pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
$dbresult = $this->dbutils->performSqlCommand($sql); $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?";
$numberOfEntries = mysqli_num_rows($dbresult); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
mysqli_free_result($dbresult); $stmt->execute(array($username));
$row = $stmt->fetchObject();
if ($numberOfEntries > 0) {
if ($row->countid > 0) {
echo json_encode("exists"); echo json_encode("exists");
return; return;
} else { } else {
@ -1215,20 +1195,24 @@ class Admin {
// instead if password_hash (PHP > 5.5) use MD5... // instead if password_hash (PHP > 5.5) use MD5...
$password_hash = md5($password); $password_hash = md5($password);
$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES ("; $userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES (";
$userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rReservation', '$rRating', '$rChangeprice', '$rManager', '$lang','1','1','1','1','1')"; $userInsertSql .= " NULL, ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql); $stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql));
$lastId = $dbresult['id']; $stmt->execute(array($username,$password_hash,$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager,$lang,1,1,1,1,1));
$lastId = $pdo->lastInsertId();
echo json_encode("OK"); echo json_encode("OK");
} }
} }
// now this has to be logged in the history tables... // now this has to be logged in the history tables...
$this->histfiller->createUserInHist($lastId,$username, $this->histfiller->createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager); $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager);
} }
function getPayPrintType() { function getPayPrintType() {
$this->sendJsonValueFromConfigTable('payprinttype'); $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->sendJsonValueFromConfigTable($pdo,'payprinttype');
} }
function getPayments() { function getPayments() {
@ -1258,8 +1242,8 @@ class Admin {
echo json_encode($retArray); echo json_encode($retArray);
} }
function sendJsonValueFromConfigTable($whichValue) { function sendJsonValueFromConfigTable($pdo,$whichValue) {
$theVal = $this->getValueFromConfigTable($whichValue); $theVal = $this->getValueFromConfigTable($pdo,$whichValue);
if ($theVal == null) { if ($theVal == null) {
echo json_encode(""); echo json_encode("");
} else { } else {
@ -1267,16 +1251,17 @@ class Admin {
} }
} }
function getValueFromConfigTable($whichValue) { function getValueFromConfigTable($pdo,$whichValue) {
$sql = "SELECT setting FROM %config% WHERE name='$whichValue'"; $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$numberOfEntries = mysqli_num_rows($dbresult); $stmt->execute(array($whichValue));
$row = $stmt->fetchObject();
$numberOfEntries = $row->countid;
$theValue = null; $theValue = null;
if ($numberOfEntries == 1) { if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $theValue = $row->setting;
$theValue = $zeile['setting'];
} }
mysqli_free_result($dbresult);
return $theValue; return $theValue;
} }
@ -1438,7 +1423,7 @@ class Admin {
$sql = "SELECT username,is_admin FROM %user% WHERE id=?"; $sql = "SELECT username,is_admin FROM %user% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($theUserId)); $stmt->execute(array($theUserId));
$row =$stmt->fetchObject(); $row = $stmt->fetchObject();
$username = $row->username; $username = $row->username;
$userToModIsAdmin = $row->is_admin; $userToModIsAdmin = $row->is_admin;
@ -1456,7 +1441,7 @@ class Admin {
// now this has to be logged in the history tables... // now this has to be logged in the history tables...
$this->histfiller->updateUserInHist($theUserId,$username, $this->histfiller->updateUserInHist($pdo,$theUserId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1'); $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1');
echo json_encode("OK"); echo json_encode("OK");
@ -1464,32 +1449,31 @@ class Admin {
} }
function deleteUser($theUserId) { function deleteUser($theUserId) {
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$theUserId'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult); $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?";
$userToDelIsAdmin = false; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
if ($numberOfEntries == 1) { $stmt->execute(array($theUserId));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $row =$stmt->fetchObject();
if(intval($zeile['is_admin']) == 1) { $userToDelIsAdmin = ($row->is_admin == 1 ? true : false);
$userToDelIsAdmin = true;
}
}
mysqli_free_result($dbresult);
if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) { if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) {
echo json_encode("noadmin"); echo json_encode("noadmin");
} else { } else {
$sql = "SELECT id FROM %user% WHERE active='1' AND is_admin='1' AND id <> '$theUserId'"; $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$numberOfOtherAdmins = mysqli_num_rows($dbresult); $stmt->execute(array($theUserId));
mysqli_free_result($dbresult); $row = $stmt->fetchObject();
$numberOfOtherAdmins = $row->countid;
if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) { if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) {
echo json_encode("lastadmin"); echo json_encode("lastadmin");
} else { } else {
$userSql = "UPDATE %user% set active='0' WHERE id='$theUserId'"; $userSql = "UPDATE %user% set active='0' WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($userSql); $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
$stmt->execute(array($theUserId));
$this->histfiller->updateOneUser($theUserId); $this->histfiller->updateOneUser($pdo,$theUserId);
echo json_encode("OK"); echo json_encode("OK");
} }
@ -1509,18 +1493,19 @@ class Admin {
} }
function changepassword($userid,$password) { function changepassword($userid,$password) {
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$userid'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult); $sql = "SELECT count(id) as countid, is_admin FROM %user% WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($userid));
$row = $stmt->fetchObject();
$userToChgPassIsAdm = false; $userToChgPassIsAdm = false;
if ($numberOfEntries == 1) { if ($row->countid == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); if ($row->is_admin == 1) {
if(intval($zeile['is_admin']) == 1) {
$userToChgPassIsAdm = true; $userToChgPassIsAdm = true;
} }
} }
mysqli_free_result($dbresult);
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
@ -1533,8 +1518,9 @@ class Admin {
echo json_encode("noadmin"); echo json_encode("noadmin");
} else { } else {
$password_hash = md5($password); $password_hash = md5($password);
$userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND id='$userid'"; $userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?";
$dbresult = $this->dbutils->performSqlCommand($userSql); $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
$stmt->execute(array($password_hash,$userid));
echo json_encode("OK"); echo json_encode("OK");
} }
} }
@ -1543,11 +1529,13 @@ class Admin {
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
$currentuser = $_SESSION['currentuser']; $currentuserid = $_SESSION['userid'];
$_SESSION['language'] = intval($language); $_SESSION['language'] = intval($language);
$userSql = "UPDATE %user% set language='$language' WHERE active='1' AND username='$currentuser'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($userSql); $sql = "UPDATE %user% set language=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($language,$currentuserid));
echo json_encode("OK"); echo json_encode("OK");
} }
@ -1555,11 +1543,13 @@ class Admin {
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
$currentuser = $_SESSION['currentuser']; $currentuserid = $_SESSION['userid'];
$_SESSION['receiptprinter'] = intval($printer); $_SESSION['receiptprinter'] = intval($printer);
$userSql = "UPDATE %user% set receiptprinter='$printer' WHERE active='1' AND username='$currentuser'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($userSql); $sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($printer,$currentuserid));
echo json_encode("OK"); echo json_encode("OK");
} }
@ -1567,12 +1557,14 @@ class Admin {
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
$currentuser = $_SESSION['currentuser']; $currentuserid = $_SESSION['userid'];
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
$_SESSION[$assoc[$btn]] = intval($size); $_SESSION[$assoc[$btn]] = intval($size);
$userSql = "UPDATE %user% set " . $assoc[$btn] . "='$size' WHERE active='1' AND username='$currentuser'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($userSql); $sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($size,$currentuserid));
echo json_encode("OK"); echo json_encode("OK");
} }
@ -1583,28 +1575,31 @@ class Admin {
$currentuser = $_SESSION['currentuser']; $currentuser = $_SESSION['currentuser'];
$oldp_hash = md5($oldpassword); $oldp_hash = md5($oldpassword);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$ok = true; $ok = true;
// is old password correct? // is old password correct?
$sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'"; $sql = "SELECT count(id) as countid,userpassword FROM %user% WHERE username=? AND active='1'";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$numberOfEntries = mysqli_num_rows($dbresult); $stmt->execute(array($currentuser));
$row = $stmt->fetchObject();
$numberOfEntries = $row->countid;
if ($numberOfEntries == 1) { if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); if ($row->userpassword != $oldp_hash) {
if ($zeile['userpassword'] != $oldp_hash) {
$ok = false; $ok = false;
} }
} else { } else {
// user not found // user not found
$ok = false; $ok = false;
} }
mysqli_free_result($dbresult);
if ($ok) { if ($ok) {
// allowed to change password // allowed to change password
$newp_hash = md5($newpassword); $newp_hash = md5($newpassword);
$sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'"; $sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($newp_hash,$currentuser));
echo json_encode("OK"); echo json_encode("OK");
} else { } else {
echo json_encode("FAILED"); echo json_encode("FAILED");
@ -1620,6 +1615,7 @@ class Admin {
} }
private function exportConfigCsv() { private function exportConfigCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-config.csv"); $this->writeCsvHeader("datenexport-config.csv");
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n"); echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
@ -1632,9 +1628,12 @@ class Admin {
$sql .= " AND (action='2' OR action='6') "; $sql .= " AND (action='2' OR action='6') ";
$sql .= " AND (action=%histactions%.id) "; $sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id"; $sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id']; $val1 = $zeile['id'];
$val2 = $zeile['date']; $val2 = $zeile['date'];
$val3 = $zeile['configitem']; $val3 = $zeile['configitem'];
@ -1643,11 +1642,11 @@ class Admin {
$val5 = $zeile['description']; $val5 = $zeile['description'];
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n"; echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
} }
mysqli_free_result( $dbresult );
} }
private function exportUserCsv() { private function exportUserCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-benutzer.csv"); $this->writeCsvHeader("datenexport-benutzer.csv");
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n"); echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n");
@ -1662,8 +1661,11 @@ class Admin {
$sql .= " AND (action=%histactions%.id) "; $sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id"; $sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id']; $val1 = $zeile['id'];
$val2 = $zeile['date']; $val2 = $zeile['date'];
$val3 = $zeile['userid']; $val3 = $zeile['userid'];
@ -1686,7 +1688,6 @@ class Admin {
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;"; echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n"; echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n";
} }
mysqli_free_result( $dbresult );
} }
/** /**

View File

@ -360,7 +360,7 @@ class Bill {
echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut)); echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut));
} }
function getLastBillsWithContent($day,$month,$year) { function getLastBillsWithContent($day,$month,$year) {
date_default_timezone_set(DbUtils::getTimeZone()); date_default_timezone_set(DbUtils::getTimeZone());
$currentTime = date('Y-m-d H:i:s'); $currentTime = date('Y-m-d H:i:s');
$startDate = "$year-$month-$day 00:00:00"; $startDate = "$year-$month-$day 00:00:00";
@ -385,7 +385,6 @@ class Bill {
foreach($result as $zeile) { foreach($result as $zeile) {
$theId = $zeile['id']; $theId = $zeile['id'];
if (!$commonUtils->verifyBill($pdo, $theId)) { if (!$commonUtils->verifyBill($pdo, $theId)) {
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG)); echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
return; return;
} }
@ -399,7 +398,7 @@ class Bill {
"longdate" => $zeile['billdate'], "longdate" => $zeile['billdate'],
"shortdate" => $shortdate, "shortdate" => $shortdate,
"brutto" => $zeile['brutto'], "brutto" => $zeile['brutto'],
"tablename" => $commonUtils->getTableNameFromId($zeile['tableid']), "tablename" => $commonUtils->getTableNameFromId($pdo,$zeile['tableid']),
"billcontent" => $this->getBillWithId($theId,$l,0), "billcontent" => $this->getBillWithId($theId,$l,0),
"isClosed" => $isClosed "isClosed" => $isClosed
); );
@ -447,25 +446,25 @@ class Bill {
* Cancel a bill - set all queue items to not paid and drop the bill entry * Cancel a bill - set all queue items to not paid and drop the bill entry
*/ */
private function cancelBill($billid,$stornocode,$reason) { private function cancelBill($billid,$stornocode,$reason) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
// current time // current time
date_default_timezone_set(DbUtils::getTimeZone()); date_default_timezone_set(DbUtils::getTimeZone());
$currentTime = date('Y-m-d H:i:s'); $currentTime = date('Y-m-d H:i:s');
// check if stornocode is correct // check if stornocode is correct
$sql = "SELECT setting FROM %config% WHERE name='stornocode'"; $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name='stornocode'";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$numberOfVals = mysqli_num_rows($dbresult); $stmt->execute();
$row = $stmt->fetchObject();
$numberOfVals = $row->countid;
if ($numberOfVals != 1) { if ($numberOfVals != 1) {
// stornocode not fixed // stornocode not fixed
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG)); echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG));
return; return;
} }
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stornocodeInDb = $row->setting;
$stornocodeInDb = $zeile['setting'];
mysqli_free_result( $dbresult );
if ($stornocode != $stornocodeInDb) { if ($stornocode != $stornocodeInDb) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG)); echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG));
return; return;
@ -478,8 +477,6 @@ class Bill {
} }
// Do transactional cancel // Do transactional cancel
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction(); $pdo->beginTransaction();
// is the bill already closed? In this case no cancel is allowed! // is the bill already closed? In this case no cancel is allowed!

View File

@ -72,7 +72,6 @@ $remark = "";
$decpoint = $this->getDecPoint(); $decpoint = $this->getDecPoint();
// first create a closing entry // first create a closing entry
$remark = $this->dbutils->filterString($remark);
date_default_timezone_set(DbUtils::getTimeZone()); date_default_timezone_set(DbUtils::getTimeZone());
$closingTime = date('Y-m-d H:i:s'); $closingTime = date('Y-m-d H:i:s');
@ -204,19 +203,20 @@ $newversionavailable = @file_get_contents($url, false, $ctx);
echo json_encode(array("status" => "OK", "msg" => $content)); echo json_encode(array("status" => "OK", "msg" => $content));
} }
private function getSumOfBillsWithClosingId($closingid,$onlyBar) { private function getSumOfBillsWithClosingId($pdo,$closingid,$onlyBar) {
$sql = "SELECT sum(brutto) as billsum FROM %bill% WHERE closingid='$closingid'"; $sql = "SELECT count(id) as countid,sum(brutto) as billsum FROM %bill% WHERE closingid=?";
if ($onlyBar) { if ($onlyBar) {
$sql .= " AND paymentid='1'"; $sql .= " AND paymentid='1'";
} }
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$numberOfReturns = mysqli_num_rows($dbresult); $stmt->execute(array($closingid));
$row = $stmt->fetchObject();
$numberOfReturns = $row->countid;
$sum = 0.0; $sum = 0.0;
if ($numberOfReturns == 1) { if ($numberOfReturns > 0) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $sum = floatval($row->billsum);
$sum = floatval($zeile["billsum"]);
} }
mysqli_free_result( $dbresult );
return $sum; return $sum;
} }
@ -254,48 +254,49 @@ $lastDayInMonth = date("t", mktime(0, 0, 0, $month, 1, $year));
$dateStart = $year . $monthText . "01"; $dateStart = $year . $monthText . "01";
$dateEnd = $year . $monthText . $lastDayInMonth; $dateEnd = $year . $monthText . $lastDayInMonth;
$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN '" . $dateStart . "' AND '" . $dateEnd . "' ORDER BY closingdate DESC LIMIT 30;"; $sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN ? AND ? ORDER BY closingdate DESC;";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($dateStart,$dateEnd));
$resultarray = array(); $result = $stmt->fetchAll();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
{ $resultarray = array();
$theId = $zeile['id']; foreach($result as $zeile) {
$closingDate = $zeile['closingdate']; $theId = $zeile['id']; $closingDate = $zeile['closingdate'];
$remark = $zeile['remark']; $remark = $zeile['remark'];
$totalSum = $this->getSumOfBillsWithClosingId($theId, false); $totalSum = $this->getSumOfBillsWithClosingId($pdo,$theId, false);
$cashSum = $this->getSumOfBillsWithClosingId($theId, true); $cashSum = $this->getSumOfBillsWithClosingId($pdo,$theId, true);
$userSums = $this->getUserGroupedSumOfClosing($pdo, $theId); $userSums = $this->getUserGroupedSumOfClosing($pdo, $theId);
$closingEntry = array("id" => $theId, "closingDate" => $closingDate, "remark" => $remark, "totalsum" => $totalSum, "cashsum" => $cashSum, "usersums" => $userSums); $closingEntry = array("id" => $theId, "closingDate" => $closingDate, "remark" => $remark, "totalsum" => $totalSum, "cashsum" => $cashSum, "usersums" => $userSums);
$resultarray[] = $closingEntry; $resultarray[] = $closingEntry;
} }
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "msg" => $resultarray)); echo json_encode(array("status" => "OK", "msg" => $resultarray));
} }
private function getPaymentArray() { private function getPaymentArray($pdo) {
$sql = "SELECT id,name FROM %payment%"; $sql = "SELECT id,name FROM %payment%";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
$retArray = array(); $retArray = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) foreach($result as $zeile) {
{
$retArray[$zeile['id']] = $zeile['name']; $retArray[$zeile['id']] = $zeile['name'];
} }
mysqli_free_result( $dbresult );
return $retArray; return $retArray;
} }
private function getClosing($closingid) { private function getClosing($closingid) {
$this->retrieveClosingFromDb($closingid, false, false); $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->retrieveClosingFromDb($pdo,$closingid, false, false);
} }
private function exportCsv($closingid) { private function exportCsv($closingid) {
$this->retrieveClosingFromDb($closingid, true, false); $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->retrieveClosingFromDb($pdo,$closingid, true, false);
} }
private function emailCsvCore($pdo,$closingid,$toEmail,$topic,$startdate,$enddate,$billsum,$billcount) { private function emailCsvCore($pdo,$closingid,$toEmail,$topic,$startdate,$enddate,$billsum,$billcount) {
$msg = $this->retrieveClosingFromDb($closingid, false, true); $msg = $this->retrieveClosingFromDb($pdo,$closingid, false, true);
$msg = "Zeitraum: $startdate - $enddate\nBrutto-Summe: $billsum\nEnthaltene Bons: $billcount\n\n" . $msg; $msg = "Zeitraum: $startdate - $enddate\nBrutto-Summe: $billsum\nEnthaltene Bons: $billcount\n\n" . $msg;
$msg = str_replace("\n", "\r\n", $msg); $msg = str_replace("\n", "\r\n", $msg);
@ -391,7 +392,7 @@ echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "ms
} }
} }
private function retrieveClosingFromDb($closingid,$doCsvExport,$onlyresultreturn) { private function retrieveClosingFromDb($pdo,$closingid,$doCsvExport,$onlyresultreturn) {
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
@ -401,7 +402,7 @@ $commonUtils = new CommonUtils();
$currency = $commonUtils->getCurrency(); $currency = $commonUtils->getCurrency();
$decpoint = $this->getDecPoint(); $decpoint = $this->getDecPoint();
$paymentArray = $this->getPaymentArray(); $paymentArray = $this->getPaymentArray($pdo);
$previousClosingDate = self::getDateOfPreviousClosing(null,$closingid); $previousClosingDate = self::getDateOfPreviousClosing(null,$closingid);
$csv = ""; $csv = "";
@ -424,33 +425,20 @@ $csv .= $this->t['Ref'][$l] . "\n";
} }
$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id='$closingid'"; $sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute(array($closingid));
$closingdate = $zeile['closingdate']; $row = $stmt->fetchObject();
$remark = $zeile['remark']; $closingdate = $row->closingdate;
$billsum = $zeile['billsum']; $remark = $row->remark;
$billcount = $zeile['billcount']; $billsum = $row->billsum;
$signature = $zeile['signature']; $billcount = $row->billcount;
mysqli_free_result( $dbresult ); $signature = $row->signature;
$billIdsAndPaymentsForThatClosing = array(); $sql = "SELECT %bill%.id as id,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=? AND %bill%.userid = %user%.id ORDER BY billdate";
$sql = "SELECT %bill%.id as billid,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=$closingid AND %bill%.userid = %user%.id ORDER BY billdate"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt->execute(array($closingid));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $billIdsAndPaymentsForThatClosing = $stmt->fetchAll();
$billIdsAndPaymentsForThatClosing[] = array(
"id" => $zeile['billid'],
"payment" => $zeile['paymentid'],
"userid" => $zeile['userid'],
"username" => $zeile['username'],
"status" => $zeile['status'],
"brutto" => $zeile['brutto'],
"netto" => $zeile['netto'],
"tax" => $zeile['tax'],
"ref" => $zeile['ref'],
"billdate" => $zeile['billdate']);
}
mysqli_free_result( $dbresult );
$foundBillCount = count($billIdsAndPaymentsForThatClosing); $foundBillCount = count($billIdsAndPaymentsForThatClosing);
@ -462,7 +450,6 @@ $startDate = $previousClosingDate;
$billsumstr = number_format($billsum, 2, ".", ''); $billsumstr = number_format($billsum, 2, ".", '');
$data = "I($closingid)-S($startDate)-E($closingdate)-D($billcount)-S($billsumstr)"; $data = "I($closingid)-S($startDate)-E($closingdate)-D($billcount)-S($billsumstr)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pubkeyid = $commonUtils->getCert($pdo); $pubkeyid = $commonUtils->getCert($pdo);
$ok = openssl_verify($data, $signature, $pubkeyid); $ok = openssl_verify($data, $signature, $pubkeyid);
openssl_free_key($pubkeyid); openssl_free_key($pubkeyid);
@ -514,19 +501,20 @@ $csv .= "$aBillId; \"$billdate\" ; \"" . $this->t['cashaction'][$l] . "\" ; \"$b
} }
} else { } else {
$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid='$aBillId' AND %billproducts%.queueid=%queue%.id"; $sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid=?' AND %billproducts%.queueid=%queue%.id";
if ($status == 'x') { if ($status == 'x') {
$statusTxt = $this->t["laterCancelled"][$l]; $statusTxt = $this->t["laterCancelled"][$l];
} else if ($status == 's') { } else if ($status == 's') {
$statusTxt = $this->t["storno"][$l]; $statusTxt = $this->t["storno"][$l];
} else { } else {
$statusTxt = ""; $statusTxt = "";
$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=$aBillId"; $sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=?";
} }
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($aBillId));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $result = $stmt->fetchAll();
foreach ($result as $zeile) {
$productname = $zeile['productname']; $productname = $zeile['productname'];
$tax = $zeile['tax']; $tax = $zeile['tax'];
@ -555,7 +543,6 @@ if ($doCsvExport || $onlyresultreturn) {
$csv .= "$aBillId; \"$paidtime\" ; \"$productname\" ; \"$price\" ; \"$netto\" ; \"$formattedtax\" ; \"$paymentArray[$paymentid]\"; $userid; \"$username\"; \"$statusTxt\"; $ref\n"; $csv .= "$aBillId; \"$paidtime\" ; \"$productname\" ; \"$price\" ; \"$netto\" ; \"$formattedtax\" ; \"$paymentArray[$paymentid]\"; $userid; \"$username\"; \"$statusTxt\"; $ref\n";
} }
} }
mysqli_free_result( $dbresult );
} }
} }
if ($doCsvExport) { if ($doCsvExport) {

View File

@ -191,30 +191,29 @@ class CommonUtils {
$this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy'); $this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy');
} }
function getTableNameFromId($tableid) { function getTableNameFromId($pdo,$tableid) {
if (is_null($tableid) || ($tableid == 0)) { if (is_null($tableid) || ($tableid == 0)) {
return "-"; // togo return "-"; // togo
} }
$sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid; $sql = "SELECT tableno FROM %resttables% WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute(array($tableid));
$tablename = $zeile['tableno']; $row = $stmt->fetchObject();
mysqli_free_result( $dbresult ); return $row->tableno;
return $tablename;
} }
function getCurrentPriceLevel() { function getCurrentPriceLevel($pdo) {
$sql = "SELECT setting FROM %config% WHERE name='pricelevel'"; $sql = "SELECT setting FROM %config% WHERE name='pricelevel'";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute();
$pricelevelid = $zeile['setting']; $row = $stmt->fetchObject();
mysqli_free_result( $dbresult ); $pricelevelid = $row->setting;
$sql = "SELECT id,name FROM %pricelevel% WHERE id=$pricelevelid"; $sql = "SELECT id,name FROM %pricelevel% WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute(array($pricelevelid));
$pricelevelname = $zeile['name']; $row = $stmt->fetchObject();
mysqli_free_result( $dbresult ); $pricelevelname = $row->name;
return (array("id" => $pricelevelid, "name" => $pricelevelname)); return (array("id" => $pricelevelid, "name" => $pricelevelname));
} }

0
webapp/php/config.php Executable file → Normal file
View File

View File

@ -92,106 +92,6 @@ class DbUtils {
} }
} }
function performSqlCommand($sqlCommand) {
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,$sqlCommand);
// Execute query
if ($result)
{
//echo "SQL command could be executed successful";
}
else
{
echo "Error executing SQL command: " . mysqli_error($con);
}
mysqli_close($con);
return $result;
}
/*
* A prepared statement has several advantages. In this SW it is mainly
* used to avoid quoting of strings
*/
function performPreparedStatementCreateClosing($closingTime,$remark) {
date_default_timezone_set(self::getTimeZone());
$closingTime = date('Y-m-d H:i:s');
$closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");
$mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
if (!($stmt = $mysqli->prepare($closingEntrySql))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if (!$stmt->bind_param("ss", $closingTime, $remark)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$id = mysqli_insert_id($mysqli);
$stmt->close();
mysqli_close($mysqli);
return $id;
}
function performSqlCommandRetLastId($sqlCommand) {
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,$sqlCommand);
// Execute query
if ($result)
{
//echo "SQL command could be executed successful";
}
else
{
echo "Error executing SQL command: " . mysqli_error($con);
}
$id = mysqli_insert_id($con);
mysqli_close($con);
return array("result" => $result, "id" => $id);
}
/*
* Filter out escape sequences. The method requires an open db connection
*/
function filterString($aString) {
$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
/* check connection */
if (mysqli_connect_errno()) {
exit();
}
$filteredString = $mysqli->real_escape_string($aString);
$mysqli->close();
return $filteredString;
}
/* /*
* To use sql strings that are easy to read the table names are used * To use sql strings that are easy to read the table names are used
* without variables. But since the user can specify a prefix for all * without variables. But since the user can specify a prefix for all

View File

@ -73,7 +73,8 @@ class Products {
} else if ($command == 'getAllExtrasAlphaSorted') { } else if ($command == 'getAllExtrasAlphaSorted') {
$this->getAllExtrasAlphaSorted(); $this->getAllExtrasAlphaSorted();
} else if ($command == 'getSingleProdData') { } else if ($command == 'getSingleProdData') {
$this->getSingleProdData($_GET['id']); $pdo = DbUtils::openDbAndReturnPdoStatic();
$this->getSingleProdData($pdo,$_GET['id']);
} else if ($command == 'getSingleTypeData') { } else if ($command == 'getSingleTypeData') {
$this->getSingleTypeData($_GET['id']); $this->getSingleTypeData($_GET['id']);
} else if ($command == 'applySingleProdData') { } else if ($command == 'applySingleProdData') {
@ -237,45 +238,7 @@ class Products {
$result = $stmt->fetchAll(PDO::FETCH_OBJ); $result = $stmt->fetchAll(PDO::FETCH_OBJ);
return $result; return $result;
} }
// ************************************************************
// * Start OLD part
// ************************************************************
// Utility function: find the roomid if the tableid is known
function getRoomFromTableid($tableid) {
// Find roomid for table (variable roomid works in the one direction, but if called by back-button, not)
$sql = "select " . DB_ROOM_TABLE . ".id as id from " . DB_ROOM_TABLE . ", " . DB_RESTTABLES_TABLE . " where " . DB_RESTTABLES_TABLE . ".id = '" . $tableid . "' and " . DB_ROOM_TABLE . ".id = " . DB_RESTTABLES_TABLE . ".roomid;";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$roomid = $zeile['id'];
mysqli_free_result( $dbresult );
return $roomid;
}
function areThereProductsInTheCategory($categoryid) {
$sql = "SELECT id FROM " . DB_PRODUCTS_TABLE . " WHERE category = " . $categoryid . " AND available='1';";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEnttry = mysqli_num_rows($dbresult);
mysqli_free_result( $dbresult );
if ($numberOfEnttry > 0) {
return true;
} else {
return false;
}
}
function areThereCategoriesInTheCategory($categoryid) {
$sql = "SELECT id FROM %prodtype% WHERE removed is null AND reference = $categoryid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntry = mysqli_num_rows($dbresult);
mysqli_free_result( $dbresult );
if ($numberOfEntry > 0) {
return true;
} else {
return false;
}
}
/* /*
* Return in array all products with their id and longname that have a reference to * Return in array all products with their id and longname that have a reference to
@ -285,14 +248,17 @@ class Products {
* ["id" => 1, "longname" => "Whatever Product"], * ["id" => 1, "longname" => "Whatever Product"],
* ["id" => 2, "longname" => "Whatever Other Product"], ... * ["id" => 2, "longname" => "Whatever Other Product"], ...
*/ */
private function getProductsWithReferenz($ref) { private function getProductsWithReferenz($pdo,$ref) {
$prods = array(); $prods = array();
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category is null ORDER BY sorting"; $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category is null ORDER BY sorting";
if ($ref > 0) { if ($ref > 0) {
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category=$ref ORDER BY sorting"; $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category=$ref ORDER BY sorting";
} }
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$prod_entry = array( $prod_entry = array(
"id" => $zeile['id'], "id" => $zeile['id'],
"shortname" => $zeile['shortname'], "shortname" => $zeile['shortname'],
@ -306,7 +272,6 @@ class Products {
"type" => "p"); "type" => "p");
$prods[] = $prod_entry; $prods[] = $prod_entry;
} }
mysqli_free_result( $dbresult );
return $prods; return $prods;
} }
@ -354,30 +319,23 @@ class Products {
* ["id" => 1, "name" => "Meal"], * ["id" => 1, "name" => "Meal"],
* ["id" => 2, "name" => "Drinks"], ... * ["id" => 2, "name" => "Drinks"], ...
*/ */
private function getProdTypesWithReferenz($ref) { private function getProdTypesWithReferenz($pdo,$ref) {
$types = array();
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference is null"; $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference is null";
if ($ref > 0) { if ($ref > 0) {
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference=$ref"; $sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference=$ref";
} }
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$prod_entry = array( $stmt->execute();
"id" => $zeile['id'], $types = $stmt->fetchAll();
"name" => $zeile['name'],
"kind" => $zeile['kind'],
"usekitchen" => $zeile['usekitchen'],
"usesupplydesk" => $zeile['usesupplydesk'],
"printer" => $zeile['printer'],
"type" => "t");
$types[] = $prod_entry;
}
mysqli_free_result( $dbresult );
return $types; return $types;
} }
function showDbProducts() { function showDbProducts() {
$productArray = $this->getDbProductsWithRef_json_version(0,0); $pdo = DbUtils::openDbAndReturnPdoStatic();
$productArray = $this->getDbProductsWithRef_json_version($pdo,0,0);
echo json_encode($productArray); echo json_encode($productArray);
} }
@ -429,8 +387,8 @@ class Products {
echo json_encode(array("status" => "OK", "msg" => $msg)); echo json_encode(array("status" => "OK", "msg" => $msg));
} }
function readDbProducts() { function readDbProducts($pdo) {
$speisekarte = $this->readDbProductsWithRef_json_version(0,0); $speisekarte = $this->readDbProductsWithRef_json_version($pdo,0,0);
$speisekarte .= $this->readExtrasFromDb(null); $speisekarte .= $this->readExtrasFromDb(null);
return $speisekarte; return $speisekarte;
} }
@ -475,6 +433,8 @@ class Products {
} }
private function exportCsv() { private function exportCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$decpoint = $this->getDecPoint(); $decpoint = $this->getDecPoint();
$file_name = "datenexport-produkte.csv"; $file_name = "datenexport-produkte.csv";
header("Content-type: text/x-csv"); header("Content-type: text/x-csv");
@ -494,8 +454,10 @@ class Products {
$sql .= " AND (action=%histactions%.id) "; $sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id"; $sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id']; $val1 = $zeile['id'];
$val2 = $zeile['date']; $val2 = $zeile['date'];
$val3 = $zeile['prodid']; $val3 = $zeile['prodid'];
@ -512,30 +474,17 @@ class Products {
echo "$val1; $val2; $val3; \"$val4\"; \"$val5\"; $val6; $val7; $val8; $val9; $val10; $val11; $val12; $val13\n"; echo "$val1; $val2; $val3; \"$val4\"; \"$val5\"; $val6; $val7; $val8; $val9; $val10; $val11; $val12; $val13\n";
} }
mysqli_free_result( $dbresult );
} }
function getSingleProdData($id) { function getSingleProdData($pdo,$id) {
if (is_numeric($id)) { if (is_numeric($id)) {
$sql = "SELECT shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=$id"; $sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=?";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$prod_entry = array( $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
"id" => $id, $stmt->execute(array($id));
"shortname" => $zeile['shortname'], $row = $stmt->fetchObject();
"longname" => $zeile['longname'],
"available" => $zeile['available'], echo json_encode($row);
"priceA" => $zeile['priceA'],
"priceB" => $zeile['priceB'],
"priceC" => $zeile['priceC'],
"tax" => $zeile['tax'],
"audio" => $zeile['audio'],
"favorite" => $zeile['favorite']
);
mysqli_free_result( $dbresult );
echo json_encode($prod_entry);
} }
} }
@ -946,9 +895,6 @@ class Products {
if (!is_numeric($id) || !is_numeric($available) || !is_numeric($favorite) ||!is_numeric($priceA) || !is_numeric($priceB) || !is_numeric($priceC) || (!is_numeric($tax) && ($tax != "null")) ) { if (!is_numeric($id) || !is_numeric($available) || !is_numeric($favorite) ||!is_numeric($priceA) || !is_numeric($priceB) || !is_numeric($priceC) || (!is_numeric($tax) && ($tax != "null")) ) {
return; return;
} }
$priceA = $this->dbutils->filterString($priceA);
$priceB = $this->dbutils->filterString($priceB);
$priceC = $this->dbutils->filterString($priceC);
if ($tax == "null") { if ($tax == "null") {
$tax = null; $tax = null;
@ -984,7 +930,7 @@ class Products {
} }
$pdo->commit(); $pdo->commit();
$this->getSingleProdData($id); $this->getSingleProdData($pdo,$id);
} }
private static function updateHistOnlyForExtrasOfProd($pdo,$aProdId,$histextra) { private static function updateHistOnlyForExtrasOfProd($pdo,$aProdId,$histextra) {
@ -1125,12 +1071,12 @@ class Products {
function delTypeCore($pdo,$id) { function delTypeCore($pdo,$id) {
$allTypesInThisLevel = $this->getProdTypesWithReferenz($id); $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$id);
foreach ($allTypesInThisLevel as $aType) { foreach ($allTypesInThisLevel as $aType) {
$this->delTypeCore($pdo, $aType["id"]); $this->delTypeCore($pdo, $aType["id"]);
} }
$allProdsInThisLevel = $this->getProductsWithReferenz($id); $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$id);
foreach ($allProdsInThisLevel as $aProd) { foreach ($allProdsInThisLevel as $aProd) {
self::declareProductAsDeletedWithoutResort($pdo, $aProd["id"]); self::declareProductAsDeletedWithoutResort($pdo, $aProd["id"]);
} }
@ -1153,11 +1099,11 @@ class Products {
/* /*
* Return a html table with all products in a structured way * Return a html table with all products in a structured way
*/ */
private function getDbProductsWithRef_json_version($ref,$depth) { private function getDbProductsWithRef_json_version($pdo,$ref,$depth) {
$allProdsAndTypesInThisLevel = array(); $allProdsAndTypesInThisLevel = array();
$allProdsInThisLevel = $this->getProductsWithReferenz($ref); $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($ref); $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) { for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) {
$aProd = $allProdsInThisLevel[$index_prod]; $aProd = $allProdsInThisLevel[$index_prod];
@ -1166,19 +1112,19 @@ class Products {
for ($index_type=0;$index_type < count($allTypesInThisLevel);$index_type++) { for ($index_type=0;$index_type < count($allTypesInThisLevel);$index_type++) {
$aProdType = $allTypesInThisLevel[$index_type]; $aProdType = $allTypesInThisLevel[$index_type];
$typeRef = $aProdType['id']; $typeRef = $aProdType['id'];
$allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($typeRef,$depth+1)); $allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($pdo,$typeRef,$depth+1));
} }
return $allProdsAndTypesInThisLevel; return $allProdsAndTypesInThisLevel;
} }
// return in text format // return in text format
private function readDbProductsWithRef_json_version($ref,$depth) { private function readDbProductsWithRef_json_version($pdo,$ref,$depth) {
$decpoint = $this->getDecPoint(); $decpoint = $this->getDecPoint();
$text = ""; $text = "";
$allProdsAndTypesInThisLevel = array(); $allProdsAndTypesInThisLevel = array();
$allProdsInThisLevel = $this->getProductsWithReferenz($ref); $allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($ref); $allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) { for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) {
$aProd = $allProdsInThisLevel[$index_prod]; $aProd = $allProdsInThisLevel[$index_prod];
@ -1227,36 +1173,19 @@ class Products {
$text .= $indent . $prodTypeName . " = $usekitchen$usesupplydesk$kind = $printer\n"; $text .= $indent . $prodTypeName . " = $usekitchen$usesupplydesk$kind = $printer\n";
$text .= $this->readDbProductsWithRef_json_version($typeRef,$depth+1); $text .= $this->readDbProductsWithRef_json_version($pdo,$typeRef,$depth+1);
} }
return $text; return $text;
} }
private function numberOfProdsInProdType($theId) {
// how many prods are related to this type?
$sql = "SELECT COUNT(id) FROM %products% WHERE removed is null AND category=$theId";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$noProdsInThisProdType = $zeile['COUNT(id)'];
mysqli_free_result( $dbresult );
// iterate over all prodtypes in this prodtype
$prodtypesInside = $this->getProdTypesWithReferenz($theId);
for ($i=0;$i < count($prodtypesInside);$i++) {
$anInsideProdType = $prodtypesInside[i];
// recursive
$noProdsInThisProdType += $this->numberOfProdsInProdType($anInsideProdType["id"]);
}
return $noProdsInThisProdType;
}
private function getPriceLevelInfo() { private function getPriceLevelInfo() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
if(session_id() == '') { if(session_id() == '') {
session_start(); session_start();
} }
$lang = $_SESSION['language']; $lang = $_SESSION['language'];
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel(); $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"]; $currentPriceLevelId = $currentPriceLevel["id"];
$currentPriceLevelName = $currentPriceLevel["name"]; $currentPriceLevelName = $currentPriceLevel["name"];
@ -1267,8 +1196,11 @@ class Products {
} else if ($lang == 2) { } else if ($lang == 2) {
$sql = "SELECT id,name,info_esp as info FROM %pricelevel%"; $sql = "SELECT id,name,info_esp as info FROM %pricelevel%";
} }
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$theId = $zeile['id']; $theId = $zeile['id'];
$selected = "0"; $selected = "0";
if ($theId == $currentPriceLevelId) { if ($theId == $currentPriceLevelId) {
@ -1282,7 +1214,6 @@ class Products {
"selected" => $selected); "selected" => $selected);
$pricelevels[] = $levels_entry; $pricelevels[] = $levels_entry;
} }
mysqli_free_result( $dbresult );
$retArray = array("currentId" => $currentPriceLevelId, "currentName" => $currentPriceLevelName, "levels" => $pricelevels); $retArray = array("currentId" => $currentPriceLevelId, "currentName" => $currentPriceLevelName, "levels" => $pricelevels);
echo json_encode($retArray); echo json_encode($retArray);
@ -1290,13 +1221,17 @@ class Products {
private function setPriceLevelInfo($levelId) { private function setPriceLevelInfo($levelId) {
if (is_numeric($levelId)) { if (is_numeric($levelId)) {
$updateSql = "UPDATE %config% SET setting=$levelId WHERE name='pricelevel'"; $pdo = DbUtils::openDbAndReturnPdoStatic();
$dbresult = $this->dbutils->performSqlCommand($updateSql); $updateSql = "UPDATE %config% SET setting=? WHERE name='pricelevel'";
$stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
$stmt->execute(array($levelId));
echo json_encode("OK"); echo json_encode("OK");
} }
} }
private function getSpeisekarte() { private function getSpeisekarte() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$legend = file_get_contents("../customer/menulegend.txt"); $legend = file_get_contents("../customer/menulegend.txt");
$decpoint = $this->getDecPoint(); $decpoint = $this->getDecPoint();
@ -1318,7 +1253,7 @@ class Products {
// no products defined yet - present Beispiel // no products defined yet - present Beispiel
$text = $legend; $text = $legend;
} else { } else {
$text = $legend . $this->readDbProducts(); $text = $legend . $this->readDbProducts($pdo);
} }
echo json_encode(array("status" => "OK","msg" => $text, "predef" => $predef)); echo json_encode(array("status" => "OK","msg" => $text, "predef" => $predef));

View File

@ -104,22 +104,12 @@ class QueueContent {
echo "Command not supported."; echo "Command not supported.";
} }
} }
function getTableNameFromId($tableid) {
if ($tableid == 0) {
return "";
}
$sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$tablename = $zeile['tableno'];
mysqli_free_result( $dbresult );
return $tablename;
}
// needed if paydesk gets the tableid by direct call // needed if paydesk gets the tableid by direct call
function getJsonTableNameFromId($tableid) { function getJsonTableNameFromId($tableid) {
echo json_encode($this->getTableNameFromId($tableid)); $pdo = DbUtils::openDbAndReturnPdoStatic();
$commonUtils = new CommonUtils();
echo json_encode($commonUtils->getTableNameFromId($pdo,$tableid));
} }
function getDateValueAsBoolInterpretatedIcon($aValue) { function getDateValueAsBoolInterpretatedIcon($aValue) {
@ -558,7 +548,7 @@ class QueueContent {
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']); $extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$productid = $zeile['prodid']; $productid = $zeile['prodid'];
$useConditions = $this->getUseKitchenAndSupplyForProd($productid); $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usekitchen"] == 1) { if ($useConditions["usekitchen"] == 1) {
// yes, display it in kitchen view as cooked // yes, display it in kitchen view as cooked
$arr = array("id" => $zeile['id'], $arr = array("id" => $zeile['id'],
@ -590,7 +580,7 @@ class QueueContent {
$sql .= "AND %queue%.readytime <> '0000-00-00 00:00:00' "; $sql .= "AND %queue%.readytime <> '0000-00-00 00:00:00' ";
$sql .= "AND toremove <> '1' AND "; $sql .= "AND toremove <> '1' AND ";
$sql .= "ordertime is not null AND "; $sql .= "ordertime is not null AND ";
$sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind='$kind' AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND "; $sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind=? AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND ";
$sql .= "%queue%.workprinted='0') "; $sql .= "%queue%.workprinted='0') ";
// now remove closed items // now remove closed items
@ -598,10 +588,11 @@ class QueueContent {
$sql .= "%queue%.billid=%bill%.id AND %bill%.closingid is null)) "; $sql .= "%queue%.billid=%bill%.id AND %bill%.closingid is null)) ";
$sql = $sql . "ORDER BY delivertime DESC LIMIT 10"; $sql = $sql . "ORDER BY delivertime DESC LIMIT 10";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($kind));
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $result = $stmt->fetchAll();
foreach ($result as $zeile) {
$productid = $zeile['prodid']; $productid = $zeile['prodid'];
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']); $extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$deliveredProd = array( $deliveredProd = array(
@ -614,7 +605,6 @@ class QueueContent {
); );
$resultarray[] = $deliveredProd; $resultarray[] = $deliveredProd;
} }
mysqli_free_result( $dbresult );
return($resultarray); return($resultarray);
} }
@ -643,7 +633,7 @@ class QueueContent {
echo json_encode(array("status" => "ERROR", "code" => ERROR_DB_PAR_ACCESS, "msg" => ERROR_DB_PAR_ACCESS_MSG)); echo json_encode(array("status" => "ERROR", "code" => ERROR_DB_PAR_ACCESS, "msg" => ERROR_DB_PAR_ACCESS_MSG));
} else { } else {
$this->reallyDeclareAsCooked($pdo,$queueid); $this->reallyDeclareAsCooked($pdo,$queueid);
$useConditions = $this->getUseKitchenAndSupplyForProd($productid); $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 0) { if ($useConditions["usesupply"] == 0) {
// can bypass the supplydesk // can bypass the supplydesk
$this->declareProductBeDeliveredWithGivenPdo($pdo,$queueid); $this->declareProductBeDeliveredWithGivenPdo($pdo,$queueid);
@ -716,28 +706,25 @@ class QueueContent {
} }
} }
private function findCategoryOfProd($prodid) { private function findCategoryOfProd($pdo,$prodid) {
$sql = "SELECT category FROM %products% WHERE id=$prodid"; $sql = "SELECT category FROM %products% WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute(array($prodid));
$categoryid = $zeile['category']; $row = $stmt->fetchObject();
mysqli_free_result( $dbresult ); return $row->category;
return $categoryid;
} }
private function getUseKitchenAndSupplyForProdInCat($catid) { private function getUseKitchenAndSupplyForProdInCat($pdo,$catid) {
$sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=$catid"; $sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stmt->execute(array($catid));
$useKit = $zeile['usekitchen']; $row = $stmt->fetchObject();
$useSupply = $zeile['usesupplydesk']; return array("usekitchen" => $row->usekitchen, "usesupply" => $row->usesupplydesk);
mysqli_free_result( $dbresult );
return array("usekitchen" => $useKit, "usesupply" => $useSupply);
} }
private function getUseKitchenAndSupplyForProd($prodid) { private function getUseKitchenAndSupplyForProd($pdo,$prodid) {
$catid = $this->findCategoryOfProd($prodid); $catid = $this->findCategoryOfProd($pdo,$prodid);
return $this->getUseKitchenAndSupplyForProdInCat($catid); return $this->getUseKitchenAndSupplyForProdInCat($pdo,$catid);
} }
private function getUseKitchenAndSupplyForProdWithPdo($pdo,$prodid) { private function getUseKitchenAndSupplyForProdWithPdo($pdo,$prodid) {
@ -782,7 +769,7 @@ class QueueContent {
$normaltax = $row->setting; $normaltax = $row->setting;
// get current pricelevel // get current pricelevel
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel(); $currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"]; $currentPriceLevelId = $currentPriceLevel["id"];
$insertedQueueIds = array(); $insertedQueueIds = array();
@ -1104,11 +1091,9 @@ class QueueContent {
} }
// **********************************
// * Kassenfunktionen *
// **********************************
function getJsonProductsOfTableToPay($tableid) { function getJsonProductsOfTableToPay($tableid) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT %queue%.id as id,longname,%queue%.price as price,%queue%.tax,%pricelevel%.name as pricelevelname,%products%.id as prodid $sql = "SELECT %queue%.id as id,longname,%queue%.price as price,%queue%.tax,%pricelevel%.name as pricelevelname,%products%.id as prodid
FROM %queue% FROM %queue%
INNER JOIN %products% ON %queue%.productid = %products%.id INNER JOIN %products% ON %queue%.productid = %products%.id
@ -1120,22 +1105,21 @@ class QueueContent {
} }
$sql .= "AND paidtime is null AND toremove <> '1' AND ordertime is not null AND isclosed is null ORDER BY ordertime;"; $sql .= "AND paidtime is null AND toremove <> '1' AND ordertime is not null AND isclosed is null ORDER BY ordertime;";
$dbresult = $this->dbutils->performSqlCommand($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$prodsToPay = array(); $result = $stmt->fetchAll();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { foreach ($result as $zeile) {
$thePrice = $zeile['price']; $thePrice = $zeile['price'];
$theTax = $zeile['tax']; $theTax = $zeile['tax'];
$thePriceLevelName = $zeile['pricelevelname']; $thePriceLevelName = $zeile['pricelevelname'];
$longName = $zeile['longname']; $longName = $zeile['longname'];
$queueid = $zeile['id']; $queueid = $zeile['id'];
$extras = $this->getExtrasOfQueueItem(null,$queueid); $extras = $this->getExtrasOfQueueItem($pdo,$queueid);
$prodId = $zeile['prodid']; $prodId = $zeile['prodid'];
$prodsToPay[] = array("id" => $queueid, "prodid" => $prodId, "longname" => $longName, "pricelevelname" => $thePriceLevelName, "price" => $thePrice, "tax" => $theTax, "extras" => $extras); $prodsToPay[] = array("id" => $queueid, "prodid" => $prodId, "longname" => $longName, "pricelevelname" => $thePriceLevelName, "price" => $thePrice, "tax" => $theTax, "extras" => $extras);
} }
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "msg" => $prodsToPay)); echo json_encode(array("status" => "OK", "msg" => $prodsToPay));
} }
@ -1202,11 +1186,13 @@ class QueueContent {
} }
function declareProductNotBeDelivered($queueid) { function declareProductNotBeDelivered($queueid) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
if (is_numeric($queueid)) { if (is_numeric($queueid)) {
date_default_timezone_set(DbUtils::getTimeZone()); date_default_timezone_set(DbUtils::getTimeZone());
$delivertime = date('Y-m-d H:i:s'); $delivertime = date('Y-m-d H:i:s');
$updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id='" . $queueid . "';"; $updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id=?";
$dbresult = $this->dbutils->performSqlCommand($updateSql); $stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
$stmt->execute(array($queueid));
} }
} }
@ -1388,7 +1374,7 @@ class QueueContent {
if ($numberOfReadyProducts >= $numberOfProductsTotalToServe) { if ($numberOfReadyProducts >= $numberOfProductsTotalToServe) {
$tablestatus = "complete"; $tablestatus = "complete";
$tableheadeline = $commonUtils->getTableNameFromId($tableid); $tableheadeline = $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds[] = array( $preparedProds[] = array(
"tableheadline" => $tableheadeline, "tableheadline" => $tableheadeline,
"tableid" => $tableid, "tableid" => $tableid,
@ -1397,7 +1383,7 @@ class QueueContent {
"prodsOfTable" => $arrayOfProdsOfATable); "prodsOfTable" => $arrayOfProdsOfATable);
} else { } else {
$tablestatus = "incomplete"; $tablestatus = "incomplete";
$tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($tableid); $tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds_incomplete_tables[] = array( $preparedProds_incomplete_tables[] = array(
"tableheadline" => $tableheadeline, "tableheadline" => $tableheadeline,
"tableid" => $tableid, "tableid" => $tableid,
@ -1472,7 +1458,7 @@ class QueueContent {
$lastDeliveredProds = array(); $lastDeliveredProds = array();
foreach($result as $zeile) { foreach($result as $zeile) {
$productid = $zeile['prodid']; $productid = $zeile['prodid'];
$useConditions = $this->getUseKitchenAndSupplyForProd($productid); $useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 1) { if ($useConditions["usesupply"] == 1) {
// yes, display it in supplydesk view as cooked // yes, display it in supplydesk view as cooked
@ -1568,11 +1554,9 @@ class QueueContent {
$this->commonUtils->setLastBillIdInWorkTable($pdo, $billid); $this->commonUtils->setLastBillIdInWorkTable($pdo, $billid);
} }
$brutto = $this->dbutils->filterString($brutto);
if (is_null($tableid)) { if (is_null($tableid)) {
$tableid = 0; $tableid = 0;
} }
$tableid = $this->dbutils->filterString($tableid);
// now calculate the signature for the bill entry // now calculate the signature for the bill entry
$signature = $this->commonUtils->calcSignatureForBill($pdo,$currentTime, $brutto, $netto, '0.00', $userid); $signature = $this->commonUtils->calcSignatureForBill($pdo,$currentTime, $brutto, $netto, '0.00', $userid);

View File

@ -32,9 +32,7 @@ class Roomtables {
} else if ($command == 'showAllRoomsAndTablesWithUnpaidItems') { } else if ($command == 'showAllRoomsAndTablesWithUnpaidItems') {
$this->showAllRoomsAndTablesWithUnpaidItems(); $this->showAllRoomsAndTablesWithUnpaidItems();
} else if ($command == 'getUnpaidTables') { } else if ($command == 'getUnpaidTables') {
$this->getUnpaidTables($_GET['roomid']); $this->getUnpaidTables($_GET['roomid']);
} else if ($command == 'showAllTablesOfRoom') {
$this->showAllTablesOfRoom();
} else if ($command == 'getRoomfield') { } else if ($command == 'getRoomfield') {
$this->getRoomfield(); $this->getRoomfield();
} else if ($command == 'setRoomInfo') { } else if ($command == 'setRoomInfo') {
@ -249,51 +247,7 @@ class Roomtables {
return array(); return array();
} }
} }
// Part of chain to choose a product, here we know the room and show all tables there
function showAllTablesOfRoom()
{
// Parameter for this method
$roomid = $_GET['roomid'];
// Find name of room to display in table header
$sql = "SELECT id,roomname FROM %room% WHERE id='$roomid' AND removed is null";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$roomid = $zeile['id'];
$roomname = $zeile['roomname'];
mysqli_free_result( $dbresult );
// Navigation table - home - back
echo '<table class=navitable>';
echo '<tr>';
echo '<td><input type="image" src="img/home.png" onclick="showAllRooms();" />';
echo '<td>' . $roomname;
echo '</tr></table>';
$nextFunction = $_GET['nextfunction'];
$sql = "SELECT id,tableno FROM " . DB_RESTTABLES_TABLE . " WHERE roomid=" . $roomid;
$dbresult = $this->dbutils->performSqlCommand($sql);
// create a table that is optimal (sqrt-like size)
$numberOfIcons = mysqli_num_rows($dbresult);
$arrayOfButtons = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$roomid = $zeile['id'];
$onClickMethod = $nextFunction . '(' . $zeile['id'] . ',' . $roomid . ');';
$aButtonEntry = array ("textOfButton" => $zeile['tableno'],
"onClickMethod" => $onClickMethod);
$arrayOfButtons[] = $aButtonEntry;
}
mysqli_free_result( $dbresult );
$commonUtils = new CommonUtils();
$commonUtils->createGridTableWithSqrtSizeOfButtons($arrayOfButtons);
}
function setRoomInfo($rooms) { function setRoomInfo($rooms) {
$pdo = $this->dbutils->openDbAndReturnPdo(); $pdo = $this->dbutils->openDbAndReturnPdo();

View File

@ -27,26 +27,25 @@ class HistFiller {
$stmt->execute(array('10', 'DbRestore', 'Wiederherstellung der Datenbank aus einer Sicherungskopie')); $stmt->execute(array('10', 'DbRestore', 'Wiederherstellung der Datenbank aus einer Sicherungskopie'));
} }
public function readUserTableAndSendToHist() { public function readUserTableAndSendToHist($pdo) {
$sql = "SELECT * FROM %user%"; $sql = "SELECT * FROM %user%";
$this->readSqlUserTableAndSendToHist($sql,'3'); $this->readSqlUserTableAndSendToHist($pdo,$sql,'3');
} }
public function updateOneUser($userid) { public function updateOneUser($pdo,$userid) {
$sql = "SELECT * FROM %user% WHERE id='$userid'"; $sql = "SELECT * FROM %user% WHERE id='$userid'";
$this->readSqlUserTableAndSendToHist($sql,'8'); $this->readSqlUserTableAndSendToHist($pdo,$sql,'8');
} }
/* /*
* Read the complete user table and fill in these values to the histtable * Read the complete user table and fill in these values to the histtable
*/ */
private function readSqlUserTableAndSendToHist($sql_query, $histaction) { private function readSqlUserTableAndSendToHist($pdo,$sql_query, $histaction) {
$sql_insert_histuser = "INSERT INTO %histuser% (id,userid,username, $sql_insert_histuser = "INSERT INTO %histuser% (id,userid,username,
is_admin,right_waiter,right_kitchen,right_bar,right_supply,right_paydesk,right_statistics, is_admin,right_waiter,right_kitchen,right_bar,right_supply,right_paydesk,right_statistics,
right_bill,right_products,right_reservation,right_rating,right_changeprice,right_manager,active) VALUES ( right_bill,right_products,right_reservation,right_rating,right_changeprice,right_manager,active) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction(); $pdo->beginTransaction();
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_query)); $stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_query));
@ -65,23 +64,23 @@ class HistFiller {
$pdo->commit(); $pdo->commit();
} }
public function updateUserInHist($userid,$username, public function updateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active) $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active)
{ {
$this->updateOrCreateUserInHist($userid,$username, $this->updateOrCreateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active,'8'); $rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active,'8');
} }
public function createUserInHist($lastId,$username, public function createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager) $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager)
{ {
$this->updateOrCreateUserInHist($lastId,$username, $this->updateOrCreateUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,'1','7'); $rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,'1','7');
} }
public function updateOrCreateUserInHist($id,$username, public function updateOrCreateUserInHist($pdo,$id,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,
$active,$histaction) { $active,$histaction) {
@ -90,7 +89,6 @@ class HistFiller {
`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`active`) VALUES ( `right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`active`) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction(); $pdo->beginTransaction();
$stmt_insert_histuser = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_insert_histuser)); $stmt_insert_histuser = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_insert_histuser));
$stmt_insert_histuser->execute(array($id,$username, $stmt_insert_histuser->execute(array($id,$username,

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -4,7 +4,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel"> <meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10"> <link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" /> <link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />
@ -440,8 +440,7 @@ function hasUserPaydeskRight(userRight) {
function hideMenuRoom() { function hideMenuRoom() {
$( "#modulepanel-room" ).panel( "close" ); $( "#modulepanel-room" ).panel( "close" );
$("#menuswitchroom").off("click").on("click", function (e) { $("#menuswitch").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation(); e.stopImmediatePropagation();
e.preventDefault(); e.preventDefault();
$( "#modulepanel-room" ).panel( "open" );; $( "#modulepanel-room" ).panel( "open" );;
@ -451,7 +450,6 @@ function hideMenuRoom() {
function hideMenuTable() { function hideMenuTable() {
$( "#modulepanel-table" ).panel( "close" ); $( "#modulepanel-table" ).panel( "close" );
$("#menuswitchtable").off("click").on("click", function (e) { $("#menuswitchtable").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation(); e.stopImmediatePropagation();
e.preventDefault(); e.preventDefault();
$( "#modulepanel-table" ).panel( "open" );; $( "#modulepanel-table" ).panel( "open" );;
@ -461,7 +459,6 @@ function hideMenuTable() {
function hideMenuProd() { function hideMenuProd() {
$( "#modulepanel-prod" ).panel( "close" ); $( "#modulepanel-prod" ).panel( "close" );
$("#menuswitchprod").off("click").on("click", function (e) { $("#menuswitchprod").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation(); e.stopImmediatePropagation();
e.preventDefault(); e.preventDefault();
$( "#modulepanel-prod" ).panel( "open" );; $( "#modulepanel-prod" ).panel( "open" );;
@ -772,7 +769,6 @@ function insertTableList(roominfo) {
function initializeEverything() { function initializeEverything() {
lastSelectedProduct = ""; lastSelectedProduct = "";
$(".modules").off("click").on("click", function (e) { $(".modules").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation(); e.stopImmediatePropagation();
e.preventDefault(); e.preventDefault();
moduleForward(this.id); moduleForward(this.id);
@ -2316,7 +2312,7 @@ function bindSendNewOrdersButton() {
<div data-role="header" data-theme="b" data-position="fixed"> <div data-role="header" data-theme="b" data-position="fixed">
<h1><span id="roomtableheader2">Raum-Tisch</span></h1> <h1><span id="roomtableheader2">Raum-Tisch</span></h1>
<div data-type="horizontal" style="top:0px;position:absolute;float:right;z-index:10;display:inline;" align="right" class="ui-btn-right"> <div data-type="horizontal" style="top:0px;position:absolute;float:right;z-index:10;display:inline;" align="right" class="ui-btn-right">
<a href="#" data-role="button" data-icon="arrow-d" data-ajax="false" id="menuswitchroom">Module</a> <a href="#" data-role="button" data-icon="arrow-d" data-ajax="false" id="menuswitch">Module</a>
</div> </div>
</div> </div>
<div data-role="content"> <div data-role="content">