OrderSprinter 1.1.11

This commit is contained in:
Geno 2020-11-19 22:54:51 +01:00
parent cdcb55771d
commit 8f6f59e47a
28 changed files with 360 additions and 597 deletions

Binary file not shown.

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -4,7 +4,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,8 +7,8 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/numfield.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" type="text/css" href="css/numfield.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -679,7 +679,7 @@ $(document).ready(function() {
<tr id=updateline>
<td>&nbsp;</td>
<td align=center>
<button id="updatebtn">Update -> 1.1.10</button>
<button id="updatebtn">Update -> 1.1.11</button>
</td>
<td>&nbsp;</td>
</tr>

View File

@ -766,6 +766,18 @@ $ret &= $this->setVersion($prefix, '1.1.10');
return $ret;
}
function updateUserTable1110_1111($prefix,$version) {
$ret = true;
if ($version != "1.1.10") {
$ret = $this->updateUserTable1109_1110($prefix,$version);
if (!$ret) {
return false;
}
}
$ret &= $this->setVersion($prefix, '1.1.11');
return $ret;
}
function setVersion($prefix,$theVersion) {
$pdo = $this->pdo;
try {
@ -837,7 +849,7 @@ $this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VAL
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'billlanguage', $billlanguage)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'currency', '$currency')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'receiptfontsize', '12')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.10')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'version', '1.1.11')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'paymentconfig', '0')");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'remoteaccesscode', null)");
$this->basedb->doSQL($pdo,"INSERT INTO `%config%` (`id` , `name`, `setting`) VALUES (NULL , 'decpoint', '$decpoint')");
@ -1210,7 +1222,7 @@ return;
$supportedVersions = array("1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29",
"1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39",
"1.0.40",
"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9"
"1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8", "1.1.9","1.1.10"
);
if (!in_array($version, $supportedVersions)) {
@ -1218,7 +1230,7 @@ echo json_encode("Quellversion nicht unterstützt");
return;
}
$ret = $admin->updateUserTable1109_1110($_POST['prefix'], $version);
$ret = $admin->updateUserTable1110_1111($_POST['prefix'], $version);
if(session_id() == '') {
session_start();

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -3,7 +3,6 @@
require_once ('dbutils.php');
require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php');
require_once ('utilities/basedb.php');
@ -960,11 +959,12 @@ class Admin {
}
function fillSampleContentBySqlFile($sqlFile) {
function fillSampleContentBySqlFile($pdo,$sqlFile) {
$handle = fopen ($sqlFile, "r");
while (!feof($handle)) {
$sql = fgets($handle);
$this->dbutils->performSqlCommand($sql);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
}
fclose ($handle);
}
@ -1038,30 +1038,29 @@ class Admin {
return $ret;
}
/* obsolete: not needed any more after replacement by matrix in manager.html */
private function fillSampleRoomsAndTable($fileName) {
$roomsAndTableHandler = new RoomsAndTableFileManager();
$roomsAndTableHandler->readRoomTableDefinition($fileName);
}
private function fillSampleContent()
{
$pdo = DbUtils::openDbAndReturnPdoStatic();
// first remove previous content, then fill the SQL file
$sql = "DELETE FROM `%queue%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$this->fillSampleContentBySqlFile("samples/queuecontent.txt");
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt");
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$sql = "DELETE FROM `%histuser%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$sql = "DELETE FROM `%user%`";
$dbresult = $this->dbutils->performSqlCommand($sql);
$this->fillSampleContentBySqlFile("samples/usercontent.txt");
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt");
$this->histfiller->readUserTableAndSendToHist();
$this->histfiller->readUserTableAndSendToHist($pdo);
}
function getJsonMenuItemsAndVersion() {
@ -1105,19 +1104,19 @@ class Admin {
$right_rating = $_SESSION['right_rating'];
if (!self::isOnlyRatingUser($rights, $right_rating, true)) {
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.10"); };
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.10"); };
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.10"); };
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.10"); };
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.11"); };
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.11"); };
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.11"); };
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.11"); };
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); };
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.10"); };
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.10"); };
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.10"); };
if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.10"); };
if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.10"); };
if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.10"); };
$mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.10");
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.10");
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.11"); };
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.11"); };
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.11"); };
if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.11"); };
if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.11"); };
if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.11"); };
$mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.11");
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.11");
}
$mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php");
@ -1126,7 +1125,7 @@ class Admin {
$waiterMessage = $this->getMessage(null, "waitermessage");
}
// CAUTION: change version also in config.txt!!!
$mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.10",
$mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.11",
"user" => $currentUser,
"menu" => $mainMenu,
"waitermessage" => $waiterMessage,
@ -1136,32 +1135,12 @@ class Admin {
}
function getUserList() {
$userInfo = array();
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$userEntry = array ("username" => $zeile['username'],
"id" => $zeile['id'],
"is_admin" => $zeile['is_admin'],
"right_waiter" => $zeile['right_waiter'],
"right_kitchen" => $zeile['right_kitchen'],
"right_bar" => $zeile['right_bar'],
"right_supply" => $zeile['right_supply'],
"right_paydesk" => $zeile['right_paydesk'],
"right_statistics" => $zeile['right_statistics'],
"right_bill" => $zeile['right_bill'],
"right_products" => $zeile['right_products'],
"right_reservation" => $zeile['right_reservation'],
"right_rating" => $zeile['right_rating'],
"right_changeprice" => $zeile['right_changeprice'],
"right_manager" => $zeile['right_manager']
);
$userInfo[] = $userEntry;
}
mysqli_free_result($dbresult);
echo json_encode($userInfo);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
echo json_encode($result);
}
function setTime($day,$month,$year,$hour,$min) {
@ -1191,13 +1170,14 @@ class Admin {
function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) {
// check if the user with that name already exists
$sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
mysqli_free_result($dbresult);
$pdo = DbUtils::openDbAndReturnPdoStatic();
if ($numberOfEntries > 0) {
$sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($username));
$row = $stmt->fetchObject();
if ($row->countid > 0) {
echo json_encode("exists");
return;
} else {
@ -1215,20 +1195,24 @@ class Admin {
// instead if password_hash (PHP > 5.5) use MD5...
$password_hash = md5($password);
$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES (";
$userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rReservation', '$rRating', '$rChangeprice', '$rManager', '$lang','1','1','1','1','1')";
$dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql);
$lastId = $dbresult['id'];
$userInsertSql .= " NULL, ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql));
$stmt->execute(array($username,$password_hash,$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager,$lang,1,1,1,1,1));
$lastId = $pdo->lastInsertId();
echo json_encode("OK");
}
}
// now this has to be logged in the history tables...
$this->histfiller->createUserInHist($lastId,$username,
$this->histfiller->createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager);
}
function getPayPrintType() {
$this->sendJsonValueFromConfigTable('payprinttype');
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->sendJsonValueFromConfigTable($pdo,'payprinttype');
}
function getPayments() {
@ -1258,8 +1242,8 @@ class Admin {
echo json_encode($retArray);
}
function sendJsonValueFromConfigTable($whichValue) {
$theVal = $this->getValueFromConfigTable($whichValue);
function sendJsonValueFromConfigTable($pdo,$whichValue) {
$theVal = $this->getValueFromConfigTable($pdo,$whichValue);
if ($theVal == null) {
echo json_encode("");
} else {
@ -1267,16 +1251,17 @@ class Admin {
}
}
function getValueFromConfigTable($whichValue) {
$sql = "SELECT setting FROM %config% WHERE name='$whichValue'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
function getValueFromConfigTable($pdo,$whichValue) {
$sql = "SELECT count(id) as countid,setting FROM %config% WHERE name=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($whichValue));
$row = $stmt->fetchObject();
$numberOfEntries = $row->countid;
$theValue = null;
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$theValue = $zeile['setting'];
$theValue = $row->setting;
}
mysqli_free_result($dbresult);
return $theValue;
}
@ -1438,7 +1423,7 @@ class Admin {
$sql = "SELECT username,is_admin FROM %user% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($theUserId));
$row =$stmt->fetchObject();
$row = $stmt->fetchObject();
$username = $row->username;
$userToModIsAdmin = $row->is_admin;
@ -1456,7 +1441,7 @@ class Admin {
// now this has to be logged in the history tables...
$this->histfiller->updateUserInHist($theUserId,$username,
$this->histfiller->updateUserInHist($pdo,$theUserId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1');
echo json_encode("OK");
@ -1464,32 +1449,31 @@ class Admin {
}
function deleteUser($theUserId) {
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$theUserId'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
$userToDelIsAdmin = false;
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
if(intval($zeile['is_admin']) == 1) {
$userToDelIsAdmin = true;
}
}
mysqli_free_result($dbresult);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theUserId));
$row =$stmt->fetchObject();
$userToDelIsAdmin = ($row->is_admin == 1 ? true : false);
if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) {
echo json_encode("noadmin");
} else {
$sql = "SELECT id FROM %user% WHERE active='1' AND is_admin='1' AND id <> '$theUserId'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfOtherAdmins = mysqli_num_rows($dbresult);
mysqli_free_result($dbresult);
$sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($theUserId));
$row = $stmt->fetchObject();
$numberOfOtherAdmins = $row->countid;
if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) {
echo json_encode("lastadmin");
} else {
$userSql = "UPDATE %user% set active='0' WHERE id='$theUserId'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$userSql = "UPDATE %user% set active='0' WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
$stmt->execute(array($theUserId));
$this->histfiller->updateOneUser($theUserId);
$this->histfiller->updateOneUser($pdo,$theUserId);
echo json_encode("OK");
}
@ -1509,17 +1493,18 @@ class Admin {
}
function changepassword($userid,$password) {
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$userid'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT count(id) as countid, is_admin FROM %user% WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($userid));
$row = $stmt->fetchObject();
$userToChgPassIsAdm = false;
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
if(intval($zeile['is_admin']) == 1) {
if ($row->countid == 1) {
if ($row->is_admin == 1) {
$userToChgPassIsAdm = true;
}
}
mysqli_free_result($dbresult);
if(session_id() == '') {
session_start();
@ -1533,8 +1518,9 @@ class Admin {
echo json_encode("noadmin");
} else {
$password_hash = md5($password);
$userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND id='$userid'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($userSql));
$stmt->execute(array($password_hash,$userid));
echo json_encode("OK");
}
}
@ -1543,11 +1529,13 @@ class Admin {
if(session_id() == '') {
session_start();
}
$currentuser = $_SESSION['currentuser'];
$currentuserid = $_SESSION['userid'];
$_SESSION['language'] = intval($language);
$userSql = "UPDATE %user% set language='$language' WHERE active='1' AND username='$currentuser'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set language=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($language,$currentuserid));
echo json_encode("OK");
}
@ -1555,11 +1543,13 @@ class Admin {
if(session_id() == '') {
session_start();
}
$currentuser = $_SESSION['currentuser'];
$currentuserid = $_SESSION['userid'];
$_SESSION['receiptprinter'] = intval($printer);
$userSql = "UPDATE %user% set receiptprinter='$printer' WHERE active='1' AND username='$currentuser'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($printer,$currentuserid));
echo json_encode("OK");
}
@ -1567,12 +1557,14 @@ class Admin {
if(session_id() == '') {
session_start();
}
$currentuser = $_SESSION['currentuser'];
$currentuserid = $_SESSION['userid'];
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
$_SESSION[$assoc[$btn]] = intval($size);
$userSql = "UPDATE %user% set " . $assoc[$btn] . "='$size' WHERE active='1' AND username='$currentuser'";
$dbresult = $this->dbutils->performSqlCommand($userSql);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($size,$currentuserid));
echo json_encode("OK");
}
@ -1583,28 +1575,31 @@ class Admin {
$currentuser = $_SESSION['currentuser'];
$oldp_hash = md5($oldpassword);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$ok = true;
// is old password correct?
$sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntries = mysqli_num_rows($dbresult);
$sql = "SELECT count(id) as countid,userpassword FROM %user% WHERE username=? AND active='1'";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($currentuser));
$row = $stmt->fetchObject();
$numberOfEntries = $row->countid;
if ($numberOfEntries == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
if ($zeile['userpassword'] != $oldp_hash) {
if ($row->userpassword != $oldp_hash) {
$ok = false;
}
} else {
// user not found
$ok = false;
}
mysqli_free_result($dbresult);
if ($ok) {
// allowed to change password
$newp_hash = md5($newpassword);
$sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($newp_hash,$currentuser));
echo json_encode("OK");
} else {
echo json_encode("FAILED");
@ -1620,6 +1615,7 @@ class Admin {
}
private function exportConfigCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-config.csv");
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
@ -1633,8 +1629,11 @@ class Admin {
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['configitem'];
@ -1644,10 +1643,10 @@ class Admin {
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
}
mysqli_free_result( $dbresult );
}
private function exportUserCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->writeCsvHeader("datenexport-benutzer.csv");
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n");
@ -1662,8 +1661,11 @@ class Admin {
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['userid'];
@ -1686,7 +1688,6 @@ class Admin {
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n";
}
mysqli_free_result( $dbresult );
}
/**

View File

@ -385,7 +385,6 @@ class Bill {
foreach($result as $zeile) {
$theId = $zeile['id'];
if (!$commonUtils->verifyBill($pdo, $theId)) {
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "msg" => ERROR_INCONSISTENT_DB_MSG));
return;
}
@ -399,7 +398,7 @@ class Bill {
"longdate" => $zeile['billdate'],
"shortdate" => $shortdate,
"brutto" => $zeile['brutto'],
"tablename" => $commonUtils->getTableNameFromId($zeile['tableid']),
"tablename" => $commonUtils->getTableNameFromId($pdo,$zeile['tableid']),
"billcontent" => $this->getBillWithId($theId,$l,0),
"isClosed" => $isClosed
);
@ -447,25 +446,25 @@ class Bill {
* Cancel a bill - set all queue items to not paid and drop the bill entry
*/
private function cancelBill($billid,$stornocode,$reason) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
// current time
date_default_timezone_set(DbUtils::getTimeZone());
$currentTime = date('Y-m-d H:i:s');
// check if stornocode is correct
$sql = "SELECT setting FROM %config% WHERE name='stornocode'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfVals = mysqli_num_rows($dbresult);
$sql = "SELECT count(id) as countid,setting FROM %config% WHERE name='stornocode'";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row = $stmt->fetchObject();
$numberOfVals = $row->countid;
if ($numberOfVals != 1) {
// stornocode not fixed
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG));
return;
}
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$stornocodeInDb = $zeile['setting'];
$stornocodeInDb = $row->setting;
mysqli_free_result( $dbresult );
if ($stornocode != $stornocodeInDb) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG));
return;
@ -478,8 +477,6 @@ class Bill {
}
// Do transactional cancel
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
// is the bill already closed? In this case no cancel is allowed!

View File

@ -72,7 +72,6 @@ $remark = "";
$decpoint = $this->getDecPoint();
// first create a closing entry
$remark = $this->dbutils->filterString($remark);
date_default_timezone_set(DbUtils::getTimeZone());
$closingTime = date('Y-m-d H:i:s');
@ -204,19 +203,20 @@ $newversionavailable = @file_get_contents($url, false, $ctx);
echo json_encode(array("status" => "OK", "msg" => $content));
}
private function getSumOfBillsWithClosingId($closingid,$onlyBar) {
$sql = "SELECT sum(brutto) as billsum FROM %bill% WHERE closingid='$closingid'";
private function getSumOfBillsWithClosingId($pdo,$closingid,$onlyBar) {
$sql = "SELECT count(id) as countid,sum(brutto) as billsum FROM %bill% WHERE closingid=?";
if ($onlyBar) {
$sql .= " AND paymentid='1'";
}
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfReturns = mysqli_num_rows($dbresult);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($closingid));
$row = $stmt->fetchObject();
$numberOfReturns = $row->countid;
$sum = 0.0;
if ($numberOfReturns == 1) {
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$sum = floatval($zeile["billsum"]);
if ($numberOfReturns > 0) {
$sum = floatval($row->billsum);
}
mysqli_free_result( $dbresult );
return $sum;
}
@ -254,48 +254,49 @@ $lastDayInMonth = date("t", mktime(0, 0, 0, $month, 1, $year));
$dateStart = $year . $monthText . "01";
$dateEnd = $year . $monthText . $lastDayInMonth;
$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN '" . $dateStart . "' AND '" . $dateEnd . "' ORDER BY closingdate DESC LIMIT 30;";
$dbresult = $this->dbutils->performSqlCommand($sql);
$sql = "SELECT id,closingdate,remark FROM %closing% WHERE DATE(closingdate) BETWEEN ? AND ? ORDER BY closingdate DESC;";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($dateStart,$dateEnd));
$result = $stmt->fetchAll();
$resultarray = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
{
$theId = $zeile['id'];
$closingDate = $zeile['closingdate'];
foreach($result as $zeile) {
$theId = $zeile['id']; $closingDate = $zeile['closingdate'];
$remark = $zeile['remark'];
$totalSum = $this->getSumOfBillsWithClosingId($theId, false);
$cashSum = $this->getSumOfBillsWithClosingId($theId, true);
$totalSum = $this->getSumOfBillsWithClosingId($pdo,$theId, false);
$cashSum = $this->getSumOfBillsWithClosingId($pdo,$theId, true);
$userSums = $this->getUserGroupedSumOfClosing($pdo, $theId);
$closingEntry = array("id" => $theId, "closingDate" => $closingDate, "remark" => $remark, "totalsum" => $totalSum, "cashsum" => $cashSum, "usersums" => $userSums);
$resultarray[] = $closingEntry;
}
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "msg" => $resultarray));
}
private function getPaymentArray() {
private function getPaymentArray($pdo) {
$sql = "SELECT id,name FROM %payment%";
$dbresult = $this->dbutils->performSqlCommand($sql);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
$retArray = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
{
foreach($result as $zeile) {
$retArray[$zeile['id']] = $zeile['name'];
}
mysqli_free_result( $dbresult );
return $retArray;
}
private function getClosing($closingid) {
$this->retrieveClosingFromDb($closingid, false, false);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->retrieveClosingFromDb($pdo,$closingid, false, false);
}
private function exportCsv($closingid) {
$this->retrieveClosingFromDb($closingid, true, false);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->retrieveClosingFromDb($pdo,$closingid, true, false);
}
private function emailCsvCore($pdo,$closingid,$toEmail,$topic,$startdate,$enddate,$billsum,$billcount) {
$msg = $this->retrieveClosingFromDb($closingid, false, true);
$msg = $this->retrieveClosingFromDb($pdo,$closingid, false, true);
$msg = "Zeitraum: $startdate - $enddate\nBrutto-Summe: $billsum\nEnthaltene Bons: $billcount\n\n" . $msg;
$msg = str_replace("\n", "\r\n", $msg);
@ -391,7 +392,7 @@ echo json_encode(array("status" => "ERROR", "code" => ERROR_INCONSISTENT_DB, "ms
}
}
private function retrieveClosingFromDb($closingid,$doCsvExport,$onlyresultreturn) {
private function retrieveClosingFromDb($pdo,$closingid,$doCsvExport,$onlyresultreturn) {
if(session_id() == '') {
session_start();
}
@ -401,7 +402,7 @@ $commonUtils = new CommonUtils();
$currency = $commonUtils->getCurrency();
$decpoint = $this->getDecPoint();
$paymentArray = $this->getPaymentArray();
$paymentArray = $this->getPaymentArray($pdo);
$previousClosingDate = self::getDateOfPreviousClosing(null,$closingid);
$csv = "";
@ -424,33 +425,20 @@ $csv .= $this->t['Ref'][$l] . "\n";
}
$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id='$closingid'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$closingdate = $zeile['closingdate'];
$remark = $zeile['remark'];
$billsum = $zeile['billsum'];
$billcount = $zeile['billcount'];
$signature = $zeile['signature'];
mysqli_free_result( $dbresult );
$sql = "SELECT closingdate,remark,signature,billsum,billcount FROM %closing% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($closingid));
$row = $stmt->fetchObject();
$closingdate = $row->closingdate;
$remark = $row->remark;
$billsum = $row->billsum;
$billcount = $row->billcount;
$signature = $row->signature;
$billIdsAndPaymentsForThatClosing = array();
$sql = "SELECT %bill%.id as billid,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=$closingid AND %bill%.userid = %user%.id ORDER BY billdate";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$billIdsAndPaymentsForThatClosing[] = array(
"id" => $zeile['billid'],
"payment" => $zeile['paymentid'],
"userid" => $zeile['userid'],
"username" => $zeile['username'],
"status" => $zeile['status'],
"brutto" => $zeile['brutto'],
"netto" => $zeile['netto'],
"tax" => $zeile['tax'],
"ref" => $zeile['ref'],
"billdate" => $zeile['billdate']);
}
mysqli_free_result( $dbresult );
$sql = "SELECT %bill%.id as id,paymentid,billdate,userid,ref,username,status,brutto,netto,IF(tax is not null, tax, '0.00') as tax FROM %bill%,%user% WHERE closingid=? AND %bill%.userid = %user%.id ORDER BY billdate";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($closingid));
$billIdsAndPaymentsForThatClosing = $stmt->fetchAll();
$foundBillCount = count($billIdsAndPaymentsForThatClosing);
@ -462,7 +450,6 @@ $startDate = $previousClosingDate;
$billsumstr = number_format($billsum, 2, ".", '');
$data = "I($closingid)-S($startDate)-E($closingdate)-D($billcount)-S($billsumstr)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pubkeyid = $commonUtils->getCert($pdo);
$ok = openssl_verify($data, $signature, $pubkeyid);
openssl_free_key($pubkeyid);
@ -514,19 +501,20 @@ $csv .= "$aBillId; \"$billdate\" ; \"" . $this->t['cashaction'][$l] . "\" ; \"$b
}
} else {
$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid='$aBillId' AND %billproducts%.queueid=%queue%.id";
$sql = "SELECT DISTINCT productname,price,%queue%.tax as tax FROM %queue%,%billproducts% WHERE %billproducts%.billid=?' AND %billproducts%.queueid=%queue%.id";
if ($status == 'x') {
$statusTxt = $this->t["laterCancelled"][$l];
} else if ($status == 's') {
$statusTxt = $this->t["storno"][$l];
} else {
$statusTxt = "";
$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=$aBillId";
$sql = "SELECT productname,paidtime,price,tax FROM %queue% WHERE billid=?";
}
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($aBillId));
$result = $stmt->fetchAll();
foreach ($result as $zeile) {
$productname = $zeile['productname'];
$tax = $zeile['tax'];
@ -555,7 +543,6 @@ if ($doCsvExport || $onlyresultreturn) {
$csv .= "$aBillId; \"$paidtime\" ; \"$productname\" ; \"$price\" ; \"$netto\" ; \"$formattedtax\" ; \"$paymentArray[$paymentid]\"; $userid; \"$username\"; \"$statusTxt\"; $ref\n";
}
}
mysqli_free_result( $dbresult );
}
}
if ($doCsvExport) {

View File

@ -191,30 +191,29 @@ class CommonUtils {
$this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy');
}
function getTableNameFromId($tableid) {
function getTableNameFromId($pdo,$tableid) {
if (is_null($tableid) || ($tableid == 0)) {
return "-"; // togo
}
$sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$tablename = $zeile['tableno'];
mysqli_free_result( $dbresult );
return $tablename;
$sql = "SELECT tableno FROM %resttables% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($tableid));
$row = $stmt->fetchObject();
return $row->tableno;
}
function getCurrentPriceLevel() {
function getCurrentPriceLevel($pdo) {
$sql = "SELECT setting FROM %config% WHERE name='pricelevel'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$pricelevelid = $zeile['setting'];
mysqli_free_result( $dbresult );
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$row = $stmt->fetchObject();
$pricelevelid = $row->setting;
$sql = "SELECT id,name FROM %pricelevel% WHERE id=$pricelevelid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$pricelevelname = $zeile['name'];
mysqli_free_result( $dbresult );
$sql = "SELECT id,name FROM %pricelevel% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($pricelevelid));
$row = $stmt->fetchObject();
$pricelevelname = $row->name;
return (array("id" => $pricelevelid, "name" => $pricelevelname));
}

0
webapp/php/config.php Executable file → Normal file
View File

View File

@ -92,106 +92,6 @@ class DbUtils {
}
}
function performSqlCommand($sqlCommand) {
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,$sqlCommand);
// Execute query
if ($result)
{
//echo "SQL command could be executed successful";
}
else
{
echo "Error executing SQL command: " . mysqli_error($con);
}
mysqli_close($con);
return $result;
}
/*
* A prepared statement has several advantages. In this SW it is mainly
* used to avoid quoting of strings
*/
function performPreparedStatementCreateClosing($closingTime,$remark) {
date_default_timezone_set(self::getTimeZone());
$closingTime = date('Y-m-d H:i:s');
$closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");
$mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
if (!($stmt = $mysqli->prepare($closingEntrySql))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if (!$stmt->bind_param("ss", $closingTime, $remark)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$id = mysqli_insert_id($mysqli);
$stmt->close();
mysqli_close($mysqli);
return $id;
}
function performSqlCommandRetLastId($sqlCommand) {
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,$sqlCommand);
// Execute query
if ($result)
{
//echo "SQL command could be executed successful";
}
else
{
echo "Error executing SQL command: " . mysqli_error($con);
}
$id = mysqli_insert_id($con);
mysqli_close($con);
return array("result" => $result, "id" => $id);
}
/*
* Filter out escape sequences. The method requires an open db connection
*/
function filterString($aString) {
$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
/* check connection */
if (mysqli_connect_errno()) {
exit();
}
$filteredString = $mysqli->real_escape_string($aString);
$mysqli->close();
return $filteredString;
}
/*
* To use sql strings that are easy to read the table names are used
* without variables. But since the user can specify a prefix for all

View File

@ -73,7 +73,8 @@ class Products {
} else if ($command == 'getAllExtrasAlphaSorted') {
$this->getAllExtrasAlphaSorted();
} else if ($command == 'getSingleProdData') {
$this->getSingleProdData($_GET['id']);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$this->getSingleProdData($pdo,$_GET['id']);
} else if ($command == 'getSingleTypeData') {
$this->getSingleTypeData($_GET['id']);
} else if ($command == 'applySingleProdData') {
@ -238,44 +239,6 @@ class Products {
return $result;
}
// ************************************************************
// * Start OLD part
// ************************************************************
// Utility function: find the roomid if the tableid is known
function getRoomFromTableid($tableid) {
// Find roomid for table (variable roomid works in the one direction, but if called by back-button, not)
$sql = "select " . DB_ROOM_TABLE . ".id as id from " . DB_ROOM_TABLE . ", " . DB_RESTTABLES_TABLE . " where " . DB_RESTTABLES_TABLE . ".id = '" . $tableid . "' and " . DB_ROOM_TABLE . ".id = " . DB_RESTTABLES_TABLE . ".roomid;";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$roomid = $zeile['id'];
mysqli_free_result( $dbresult );
return $roomid;
}
function areThereProductsInTheCategory($categoryid) {
$sql = "SELECT id FROM " . DB_PRODUCTS_TABLE . " WHERE category = " . $categoryid . " AND available='1';";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEnttry = mysqli_num_rows($dbresult);
mysqli_free_result( $dbresult );
if ($numberOfEnttry > 0) {
return true;
} else {
return false;
}
}
function areThereCategoriesInTheCategory($categoryid) {
$sql = "SELECT id FROM %prodtype% WHERE removed is null AND reference = $categoryid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfEntry = mysqli_num_rows($dbresult);
mysqli_free_result( $dbresult );
if ($numberOfEntry > 0) {
return true;
} else {
return false;
}
}
/*
* Return in array all products with their id and longname that have a reference to
@ -285,14 +248,17 @@ class Products {
* ["id" => 1, "longname" => "Whatever Product"],
* ["id" => 2, "longname" => "Whatever Other Product"], ...
*/
private function getProductsWithReferenz($ref) {
private function getProductsWithReferenz($pdo,$ref) {
$prods = array();
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category is null ORDER BY sorting";
if ($ref > 0) {
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio from %products% where removed is null AND category=$ref ORDER BY sorting";
}
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$prod_entry = array(
"id" => $zeile['id'],
"shortname" => $zeile['shortname'],
@ -306,7 +272,6 @@ class Products {
"type" => "p");
$prods[] = $prod_entry;
}
mysqli_free_result( $dbresult );
return $prods;
}
@ -354,30 +319,23 @@ class Products {
* ["id" => 1, "name" => "Meal"],
* ["id" => 2, "name" => "Drinks"], ...
*/
private function getProdTypesWithReferenz($ref) {
$types = array();
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference is null";
private function getProdTypesWithReferenz($pdo,$ref) {
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference is null";
if ($ref > 0) {
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer from %prodtype% where removed is null AND reference=$ref";
$sql = "SELECT id,name,kind,usekitchen,usesupplydesk,printer,'t' as type from %prodtype% where removed is null AND reference=$ref";
}
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$prod_entry = array(
"id" => $zeile['id'],
"name" => $zeile['name'],
"kind" => $zeile['kind'],
"usekitchen" => $zeile['usekitchen'],
"usesupplydesk" => $zeile['usesupplydesk'],
"printer" => $zeile['printer'],
"type" => "t");
$types[] = $prod_entry;
}
mysqli_free_result( $dbresult );
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$types = $stmt->fetchAll();
return $types;
}
function showDbProducts() {
$productArray = $this->getDbProductsWithRef_json_version(0,0);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$productArray = $this->getDbProductsWithRef_json_version($pdo,0,0);
echo json_encode($productArray);
}
@ -429,8 +387,8 @@ class Products {
echo json_encode(array("status" => "OK", "msg" => $msg));
}
function readDbProducts() {
$speisekarte = $this->readDbProductsWithRef_json_version(0,0);
function readDbProducts($pdo) {
$speisekarte = $this->readDbProductsWithRef_json_version($pdo,0,0);
$speisekarte .= $this->readExtrasFromDb(null);
return $speisekarte;
}
@ -475,6 +433,8 @@ class Products {
}
private function exportCsv() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$decpoint = $this->getDecPoint();
$file_name = "datenexport-produkte.csv";
header("Content-type: text/x-csv");
@ -494,8 +454,10 @@ class Products {
$sql .= " AND (action=%histactions%.id) ";
$sql .= " ORDER BY date,id";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$val1 = $zeile['id'];
$val2 = $zeile['date'];
$val3 = $zeile['prodid'];
@ -512,30 +474,17 @@ class Products {
echo "$val1; $val2; $val3; \"$val4\"; \"$val5\"; $val6; $val7; $val8; $val9; $val10; $val11; $val12; $val13\n";
}
mysqli_free_result( $dbresult );
}
function getSingleProdData($id) {
function getSingleProdData($pdo,$id) {
if (is_numeric($id)) {
$sql = "SELECT shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=$id";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$sql = "SELECT id,shortname,longname,priceA,priceB,priceC,IF(tax is not null, tax, 'null') as tax,available,audio,favorite from %products% where id=?";
$prod_entry = array(
"id" => $id,
"shortname" => $zeile['shortname'],
"longname" => $zeile['longname'],
"available" => $zeile['available'],
"priceA" => $zeile['priceA'],
"priceB" => $zeile['priceB'],
"priceC" => $zeile['priceC'],
"tax" => $zeile['tax'],
"audio" => $zeile['audio'],
"favorite" => $zeile['favorite']
);
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($id));
$row = $stmt->fetchObject();
mysqli_free_result( $dbresult );
echo json_encode($prod_entry);
echo json_encode($row);
}
}
@ -946,9 +895,6 @@ class Products {
if (!is_numeric($id) || !is_numeric($available) || !is_numeric($favorite) ||!is_numeric($priceA) || !is_numeric($priceB) || !is_numeric($priceC) || (!is_numeric($tax) && ($tax != "null")) ) {
return;
}
$priceA = $this->dbutils->filterString($priceA);
$priceB = $this->dbutils->filterString($priceB);
$priceC = $this->dbutils->filterString($priceC);
if ($tax == "null") {
$tax = null;
@ -984,7 +930,7 @@ class Products {
}
$pdo->commit();
$this->getSingleProdData($id);
$this->getSingleProdData($pdo,$id);
}
private static function updateHistOnlyForExtrasOfProd($pdo,$aProdId,$histextra) {
@ -1125,12 +1071,12 @@ class Products {
function delTypeCore($pdo,$id) {
$allTypesInThisLevel = $this->getProdTypesWithReferenz($id);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$id);
foreach ($allTypesInThisLevel as $aType) {
$this->delTypeCore($pdo, $aType["id"]);
}
$allProdsInThisLevel = $this->getProductsWithReferenz($id);
$allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$id);
foreach ($allProdsInThisLevel as $aProd) {
self::declareProductAsDeletedWithoutResort($pdo, $aProd["id"]);
}
@ -1153,11 +1099,11 @@ class Products {
/*
* Return a html table with all products in a structured way
*/
private function getDbProductsWithRef_json_version($ref,$depth) {
private function getDbProductsWithRef_json_version($pdo,$ref,$depth) {
$allProdsAndTypesInThisLevel = array();
$allProdsInThisLevel = $this->getProductsWithReferenz($ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($ref);
$allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) {
$aProd = $allProdsInThisLevel[$index_prod];
@ -1166,19 +1112,19 @@ class Products {
for ($index_type=0;$index_type < count($allTypesInThisLevel);$index_type++) {
$aProdType = $allTypesInThisLevel[$index_type];
$typeRef = $aProdType['id'];
$allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($typeRef,$depth+1));
$allProdsAndTypesInThisLevel[] = array("entry" => $aProdType,"content" => $this->getDbProductsWithRef_json_version($pdo,$typeRef,$depth+1));
}
return $allProdsAndTypesInThisLevel;
}
// return in text format
private function readDbProductsWithRef_json_version($ref,$depth) {
private function readDbProductsWithRef_json_version($pdo,$ref,$depth) {
$decpoint = $this->getDecPoint();
$text = "";
$allProdsAndTypesInThisLevel = array();
$allProdsInThisLevel = $this->getProductsWithReferenz($ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($ref);
$allProdsInThisLevel = $this->getProductsWithReferenz($pdo,$ref);
$allTypesInThisLevel = $this->getProdTypesWithReferenz($pdo,$ref);
for ($index_prod=0;$index_prod<count($allProdsInThisLevel);$index_prod++) {
$aProd = $allProdsInThisLevel[$index_prod];
@ -1227,36 +1173,19 @@ class Products {
$text .= $indent . $prodTypeName . " = $usekitchen$usesupplydesk$kind = $printer\n";
$text .= $this->readDbProductsWithRef_json_version($typeRef,$depth+1);
$text .= $this->readDbProductsWithRef_json_version($pdo,$typeRef,$depth+1);
}
return $text;
}
private function numberOfProdsInProdType($theId) {
// how many prods are related to this type?
$sql = "SELECT COUNT(id) FROM %products% WHERE removed is null AND category=$theId";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$noProdsInThisProdType = $zeile['COUNT(id)'];
mysqli_free_result( $dbresult );
// iterate over all prodtypes in this prodtype
$prodtypesInside = $this->getProdTypesWithReferenz($theId);
for ($i=0;$i < count($prodtypesInside);$i++) {
$anInsideProdType = $prodtypesInside[i];
// recursive
$noProdsInThisProdType += $this->numberOfProdsInProdType($anInsideProdType["id"]);
}
return $noProdsInThisProdType;
}
private function getPriceLevelInfo() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
if(session_id() == '') {
session_start();
}
$lang = $_SESSION['language'];
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel();
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"];
$currentPriceLevelName = $currentPriceLevel["name"];
@ -1267,8 +1196,11 @@ class Products {
} else if ($lang == 2) {
$sql = "SELECT id,name,info_esp as info FROM %pricelevel%";
}
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach($result as $zeile) {
$theId = $zeile['id'];
$selected = "0";
if ($theId == $currentPriceLevelId) {
@ -1282,7 +1214,6 @@ class Products {
"selected" => $selected);
$pricelevels[] = $levels_entry;
}
mysqli_free_result( $dbresult );
$retArray = array("currentId" => $currentPriceLevelId, "currentName" => $currentPriceLevelName, "levels" => $pricelevels);
echo json_encode($retArray);
@ -1290,13 +1221,17 @@ class Products {
private function setPriceLevelInfo($levelId) {
if (is_numeric($levelId)) {
$updateSql = "UPDATE %config% SET setting=$levelId WHERE name='pricelevel'";
$dbresult = $this->dbutils->performSqlCommand($updateSql);
$pdo = DbUtils::openDbAndReturnPdoStatic();
$updateSql = "UPDATE %config% SET setting=? WHERE name='pricelevel'";
$stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
$stmt->execute(array($levelId));
echo json_encode("OK");
}
}
private function getSpeisekarte() {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$legend = file_get_contents("../customer/menulegend.txt");
$decpoint = $this->getDecPoint();
@ -1318,7 +1253,7 @@ class Products {
// no products defined yet - present Beispiel
$text = $legend;
} else {
$text = $legend . $this->readDbProducts();
$text = $legend . $this->readDbProducts($pdo);
}
echo json_encode(array("status" => "OK","msg" => $text, "predef" => $predef));

View File

@ -105,21 +105,11 @@ class QueueContent {
}
}
function getTableNameFromId($tableid) {
if ($tableid == 0) {
return "";
}
$sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$tablename = $zeile['tableno'];
mysqli_free_result( $dbresult );
return $tablename;
}
// needed if paydesk gets the tableid by direct call
function getJsonTableNameFromId($tableid) {
echo json_encode($this->getTableNameFromId($tableid));
$pdo = DbUtils::openDbAndReturnPdoStatic();
$commonUtils = new CommonUtils();
echo json_encode($commonUtils->getTableNameFromId($pdo,$tableid));
}
function getDateValueAsBoolInterpretatedIcon($aValue) {
@ -558,7 +548,7 @@ class QueueContent {
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$productid = $zeile['prodid'];
$useConditions = $this->getUseKitchenAndSupplyForProd($productid);
$useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usekitchen"] == 1) {
// yes, display it in kitchen view as cooked
$arr = array("id" => $zeile['id'],
@ -590,7 +580,7 @@ class QueueContent {
$sql .= "AND %queue%.readytime <> '0000-00-00 00:00:00' ";
$sql .= "AND toremove <> '1' AND ";
$sql .= "ordertime is not null AND ";
$sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind='$kind' AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND ";
$sql .= "(%queue%.productid = %products%.id AND %products%.category = %prodtype%.id AND %prodtype%.kind=? AND %prodtype%.usesupplydesk='0' AND %prodtype%.usekitchen='1') AND ";
$sql .= "%queue%.workprinted='0') ";
// now remove closed items
@ -599,9 +589,10 @@ class QueueContent {
$sql = $sql . "ORDER BY delivertime DESC LIMIT 10";
$dbresult = $this->dbutils->performSqlCommand($sql);
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($kind));
$result = $stmt->fetchAll();
foreach ($result as $zeile) {
$productid = $zeile['prodid'];
$extras = $this->getExtrasOfQueueItem($pdo,$zeile['id']);
$deliveredProd = array(
@ -614,7 +605,6 @@ class QueueContent {
);
$resultarray[] = $deliveredProd;
}
mysqli_free_result( $dbresult );
return($resultarray);
}
@ -643,7 +633,7 @@ class QueueContent {
echo json_encode(array("status" => "ERROR", "code" => ERROR_DB_PAR_ACCESS, "msg" => ERROR_DB_PAR_ACCESS_MSG));
} else {
$this->reallyDeclareAsCooked($pdo,$queueid);
$useConditions = $this->getUseKitchenAndSupplyForProd($productid);
$useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 0) {
// can bypass the supplydesk
$this->declareProductBeDeliveredWithGivenPdo($pdo,$queueid);
@ -716,28 +706,25 @@ class QueueContent {
}
}
private function findCategoryOfProd($prodid) {
$sql = "SELECT category FROM %products% WHERE id=$prodid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$categoryid = $zeile['category'];
mysqli_free_result( $dbresult );
return $categoryid;
private function findCategoryOfProd($pdo,$prodid) {
$sql = "SELECT category FROM %products% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($prodid));
$row = $stmt->fetchObject();
return $row->category;
}
private function getUseKitchenAndSupplyForProdInCat($catid) {
$sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=$catid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$useKit = $zeile['usekitchen'];
$useSupply = $zeile['usesupplydesk'];
mysqli_free_result( $dbresult );
return array("usekitchen" => $useKit, "usesupply" => $useSupply);
private function getUseKitchenAndSupplyForProdInCat($pdo,$catid) {
$sql = "SELECT usekitchen, usesupplydesk FROM %prodtype% WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute(array($catid));
$row = $stmt->fetchObject();
return array("usekitchen" => $row->usekitchen, "usesupply" => $row->usesupplydesk);
}
private function getUseKitchenAndSupplyForProd($prodid) {
$catid = $this->findCategoryOfProd($prodid);
return $this->getUseKitchenAndSupplyForProdInCat($catid);
private function getUseKitchenAndSupplyForProd($pdo,$prodid) {
$catid = $this->findCategoryOfProd($pdo,$prodid);
return $this->getUseKitchenAndSupplyForProdInCat($pdo,$catid);
}
private function getUseKitchenAndSupplyForProdWithPdo($pdo,$prodid) {
@ -782,7 +769,7 @@ class QueueContent {
$normaltax = $row->setting;
// get current pricelevel
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel();
$currentPriceLevel = $this->commonUtils->getCurrentPriceLevel($pdo);
$currentPriceLevelId = $currentPriceLevel["id"];
$insertedQueueIds = array();
@ -1104,11 +1091,9 @@ class QueueContent {
}
// **********************************
// * Kassenfunktionen *
// **********************************
function getJsonProductsOfTableToPay($tableid) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
$sql = "SELECT %queue%.id as id,longname,%queue%.price as price,%queue%.tax,%pricelevel%.name as pricelevelname,%products%.id as prodid
FROM %queue%
INNER JOIN %products% ON %queue%.productid = %products%.id
@ -1120,22 +1105,21 @@ class QueueContent {
}
$sql .= "AND paidtime is null AND toremove <> '1' AND ordertime is not null AND isclosed is null ORDER BY ordertime;";
$dbresult = $this->dbutils->performSqlCommand($sql);
$prodsToPay = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $zeile) {
$thePrice = $zeile['price'];
$theTax = $zeile['tax'];
$thePriceLevelName = $zeile['pricelevelname'];
$longName = $zeile['longname'];
$queueid = $zeile['id'];
$extras = $this->getExtrasOfQueueItem(null,$queueid);
$extras = $this->getExtrasOfQueueItem($pdo,$queueid);
$prodId = $zeile['prodid'];
$prodsToPay[] = array("id" => $queueid, "prodid" => $prodId, "longname" => $longName, "pricelevelname" => $thePriceLevelName, "price" => $thePrice, "tax" => $theTax, "extras" => $extras);
}
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "msg" => $prodsToPay));
}
@ -1202,11 +1186,13 @@ class QueueContent {
}
function declareProductNotBeDelivered($queueid) {
$pdo = DbUtils::openDbAndReturnPdoStatic();
if (is_numeric($queueid)) {
date_default_timezone_set(DbUtils::getTimeZone());
$delivertime = date('Y-m-d H:i:s');
$updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id='" . $queueid . "';";
$dbresult = $this->dbutils->performSqlCommand($updateSql);
$updateSql = "UPDATE %queue% SET delivertime='0000-00-00 00:00:00' WHERE id=?";
$stmt = $pdo->prepare(DbUtils::substTableAlias($updateSql));
$stmt->execute(array($queueid));
}
}
@ -1388,7 +1374,7 @@ class QueueContent {
if ($numberOfReadyProducts >= $numberOfProductsTotalToServe) {
$tablestatus = "complete";
$tableheadeline = $commonUtils->getTableNameFromId($tableid);
$tableheadeline = $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds[] = array(
"tableheadline" => $tableheadeline,
"tableid" => $tableid,
@ -1397,7 +1383,7 @@ class QueueContent {
"prodsOfTable" => $arrayOfProdsOfATable);
} else {
$tablestatus = "incomplete";
$tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($tableid);
$tableheadeline = "Tisch: " . $commonUtils->getTableNameFromId($pdo,$tableid);
$preparedProds_incomplete_tables[] = array(
"tableheadline" => $tableheadeline,
"tableid" => $tableid,
@ -1472,7 +1458,7 @@ class QueueContent {
$lastDeliveredProds = array();
foreach($result as $zeile) {
$productid = $zeile['prodid'];
$useConditions = $this->getUseKitchenAndSupplyForProd($productid);
$useConditions = $this->getUseKitchenAndSupplyForProd($pdo,$productid);
if ($useConditions["usesupply"] == 1) {
// yes, display it in supplydesk view as cooked
@ -1568,11 +1554,9 @@ class QueueContent {
$this->commonUtils->setLastBillIdInWorkTable($pdo, $billid);
}
$brutto = $this->dbutils->filterString($brutto);
if (is_null($tableid)) {
$tableid = 0;
}
$tableid = $this->dbutils->filterString($tableid);
// now calculate the signature for the bill entry
$signature = $this->commonUtils->calcSignatureForBill($pdo,$currentTime, $brutto, $netto, '0.00', $userid);

View File

@ -33,8 +33,6 @@ class Roomtables {
$this->showAllRoomsAndTablesWithUnpaidItems();
} else if ($command == 'getUnpaidTables') {
$this->getUnpaidTables($_GET['roomid']);
} else if ($command == 'showAllTablesOfRoom') {
$this->showAllTablesOfRoom();
} else if ($command == 'getRoomfield') {
$this->getRoomfield();
} else if ($command == 'setRoomInfo') {
@ -251,50 +249,6 @@ class Roomtables {
}
// Part of chain to choose a product, here we know the room and show all tables there
function showAllTablesOfRoom()
{
// Parameter for this method
$roomid = $_GET['roomid'];
// Find name of room to display in table header
$sql = "SELECT id,roomname FROM %room% WHERE id='$roomid' AND removed is null";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$roomid = $zeile['id'];
$roomname = $zeile['roomname'];
mysqli_free_result( $dbresult );
// Navigation table - home - back
echo '<table class=navitable>';
echo '<tr>';
echo '<td><input type="image" src="img/home.png" onclick="showAllRooms();" />';
echo '<td>' . $roomname;
echo '</tr></table>';
$nextFunction = $_GET['nextfunction'];
$sql = "SELECT id,tableno FROM " . DB_RESTTABLES_TABLE . " WHERE roomid=" . $roomid;
$dbresult = $this->dbutils->performSqlCommand($sql);
// create a table that is optimal (sqrt-like size)
$numberOfIcons = mysqli_num_rows($dbresult);
$arrayOfButtons = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$roomid = $zeile['id'];
$onClickMethod = $nextFunction . '(' . $zeile['id'] . ',' . $roomid . ');';
$aButtonEntry = array ("textOfButton" => $zeile['tableno'],
"onClickMethod" => $onClickMethod);
$arrayOfButtons[] = $aButtonEntry;
}
mysqli_free_result( $dbresult );
$commonUtils = new CommonUtils();
$commonUtils->createGridTableWithSqrtSizeOfButtons($arrayOfButtons);
}
function setRoomInfo($rooms) {
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();

View File

@ -27,26 +27,25 @@ class HistFiller {
$stmt->execute(array('10', 'DbRestore', 'Wiederherstellung der Datenbank aus einer Sicherungskopie'));
}
public function readUserTableAndSendToHist() {
public function readUserTableAndSendToHist($pdo) {
$sql = "SELECT * FROM %user%";
$this->readSqlUserTableAndSendToHist($sql,'3');
$this->readSqlUserTableAndSendToHist($pdo,$sql,'3');
}
public function updateOneUser($userid) {
public function updateOneUser($pdo,$userid) {
$sql = "SELECT * FROM %user% WHERE id='$userid'";
$this->readSqlUserTableAndSendToHist($sql,'8');
$this->readSqlUserTableAndSendToHist($pdo,$sql,'8');
}
/*
* Read the complete user table and fill in these values to the histtable
*/
private function readSqlUserTableAndSendToHist($sql_query, $histaction) {
private function readSqlUserTableAndSendToHist($pdo,$sql_query, $histaction) {
$sql_insert_histuser = "INSERT INTO %histuser% (id,userid,username,
is_admin,right_waiter,right_kitchen,right_bar,right_supply,right_paydesk,right_statistics,
right_bill,right_products,right_reservation,right_rating,right_changeprice,right_manager,active) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_query));
@ -65,23 +64,23 @@ class HistFiller {
$pdo->commit();
}
public function updateUserInHist($userid,$username,
public function updateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active)
{
$this->updateOrCreateUserInHist($userid,$username,
$this->updateOrCreateUserInHist($pdo,$userid,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$active,'8');
}
public function createUserInHist($lastId,$username,
public function createUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager)
{
$this->updateOrCreateUserInHist($lastId,$username,
$this->updateOrCreateUserInHist($pdo,$lastId,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,
$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,'1','7');
}
public function updateOrCreateUserInHist($id,$username,
public function updateOrCreateUserInHist($pdo,$id,$username,
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rRes,$rRat,$rChangeprice,$rManager,
$active,$histaction) {
@ -90,7 +89,6 @@ class HistFiller {
`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`active`) VALUES (
NULL,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$stmt_insert_histuser = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql_insert_histuser));
$stmt_insert_histuser->execute(array($id,$username,

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -7,7 +7,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -5,7 +5,7 @@
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />

View File

@ -4,7 +4,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="author" content="Stefan Pichel">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.10">
<link rel="stylesheet" type="text/css" href="css/bestformat.css?v=1.1.11">
<link rel="stylesheet" href="php/3rdparty/orderstyle/orderstyle.min.css" />
<link rel="stylesheet" href="php/3rdparty/orderstyle/jquery.mobile.icons.min.css" />
@ -440,8 +440,7 @@ function hasUserPaydeskRight(userRight) {
function hideMenuRoom() {
$( "#modulepanel-room" ).panel( "close" );
$("#menuswitchroom").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
$("#menuswitch").off("click").on("click", function (e) {
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-room" ).panel( "open" );;
@ -451,7 +450,6 @@ function hideMenuRoom() {
function hideMenuTable() {
$( "#modulepanel-table" ).panel( "close" );
$("#menuswitchtable").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-table" ).panel( "open" );;
@ -461,7 +459,6 @@ function hideMenuTable() {
function hideMenuProd() {
$( "#modulepanel-prod" ).panel( "close" );
$("#menuswitchprod").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
$( "#modulepanel-prod" ).panel( "open" );;
@ -772,7 +769,6 @@ function insertTableList(roominfo) {
function initializeEverything() {
lastSelectedProduct = "";
$(".modules").off("click").on("click", function (e) {
$("#menuswitch").trigger("mouseout");
e.stopImmediatePropagation();
e.preventDefault();
moduleForward(this.id);
@ -2316,7 +2312,7 @@ function bindSendNewOrdersButton() {
<div data-role="header" data-theme="b" data-position="fixed">
<h1><span id="roomtableheader2">Raum-Tisch</span></h1>
<div data-type="horizontal" style="top:0px;position:absolute;float:right;z-index:10;display:inline;" align="right" class="ui-btn-right">
<a href="#" data-role="button" data-icon="arrow-d" data-ajax="false" id="menuswitchroom">Module</a>
<a href="#" data-role="button" data-icon="arrow-d" data-ajax="false" id="menuswitch">Module</a>
</div>
</div>
<div data-role="content">