<?php
// Datenbank-Verbindungsparameter
require_once ('dbutils.php');
require_once ('globals.php');
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
require_once ('utilities/userrights.php');
require_once ('utilities/HistFiller.php');

class Admin {
	var $dbutils;
	var $userrights;
	var $histfiller;
	
	function __construct() {
		$this->dbutils = new DbUtils();
		$this->userrights = new Userrights();
		$this->histfiller = new HistFiller();
	}
	
	function handleCommand($command) {
		// these command are only allowed for user with manager or admin rights
		$cmdArray = array('createNewUser', 'updateUser', 'deleteUser','changepassword' , 'changeConfig');
		if (in_array($command, $cmdArray)) {
			if (!($this->userrights->hasCurrentUserRight('right_manager')) && !($this->userrights->hasCurrentUserRight('is_admin'))) {
				echo "Benutzerrechte nicht ausreichend!";
				return false;
			}
		}

		if ($command == 'tryAuthenticate') {
			$this->tryAuthenticate($_POST['username'],$_POST['password']);
		} else if ($command == 'setLastModuleOfUser') {
			$this->setLastModuleOfUser($_POST['view']);
		} else if ($command == 'getViewAfterLogin') {
			$this->getViewAfterLogin();
		} else if ($command == 'isUserAlreadyLoggedIn') {
			$this->isUserAlreadyLoggedIn();
		} else if ($command == 'logout') {
			$this->logout();
		} else if ($command == 'getCurrentUser') {
			$this->getCurrentUser();
		} else if ($command == 'isLoggedinUserAdmin') {
			$this->isLoggedinUserAdmin();
		} else if ($command == 'isLoggedinUserKitchen') {
			$this->isLoggedinUserKitchen();
		} else if ($command == 'isLoggedinUserBar') {
			$this->isLoggedinUserBar();
		} else if ($command == 'isLoggedinUserAdminOrManager') {
			$this->isLoggedinUserAdminOrManager();
		} else if ($command == 'hasUserPaydeskRight') {
			$this->hasUserPaydeskRight();
		} else if ($command == 'getJsonMenuItemsAndVersion') {
			$this->getJsonMenuItemsAndVersion();
		} else if ($command == 'getUserList') {
			$this->getUserList();
		} else if ($command == 'createNewUser') {
			$this->createNewUser(
					$_POST['username'],
					$_POST['password'],
					$_POST['isAdmin'],
					$_POST['rWaiter'],
					$_POST['rKitchen'],
					$_POST['rBar'],
					$_POST['rSupply'],
					$_POST['rPayDesk'],
					$_POST['rStat'],
					$_POST['rBill'],
					$_POST['rProducts'],
					$_POST['rManager']
					);
		} else if ($command == 'updateUser') {
			$this->updateUser(
					$_POST['username'],
					$_POST['isAdmin'],
					$_POST['rWaiter'],
					$_POST['rKitchen'],
					$_POST['rBar'],
					$_POST['rSupply'],
					$_POST['rPayDesk'],
					$_POST['rStat'],
					$_POST['rBill'],
					$_POST['rProducts'],
					$_POST['rManager']
			);
		} else if ($command == 'deleteUser') {
			$this->deleteUser($_POST['username']);
		} else if ($command == 'changepassword') {
			$this->changepassword($_POST['username'],$_POST['password']);
		} else if ($command == 'changeOwnPassword') {
			$this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']);
		} else if ($command == 'changeConfig') {
			$this->changeConfig(
					$_POST['taxChanged'],
					$_POST['togoTaxChanged'],
					$_POST['stornocodeChanged'],
					$_POST['printpassChanged'],
					$_POST['companyInfoChanged'],
					$_POST['serverUrlChanged'],
					$_POST['logoUrlChanged'],
					$_POST['payPrintTypeChanged'],
					$_POST['emailChanged'],
					$_POST['tax'],
					$_POST['togoTax'],
					$_POST['stornocode'],
					$_POST['printpass'],
					$_POST['companyinfo'],
					$_POST['serverUrl'],
					$_POST['logoUrl'],
					$_POST['payPrintType'],
					$_POST['email']);
		} else if ($command == 'getTax') {
			$this->getTax();
		} else if ($command == 'getTogoTax') {
			$this->getTogoTax();
		// from here on admin rights are needed
		} else if ($command == 'getCompanyInfo') {
			$this->getCompanyInfo();
		} else if ($command == 'getServerUrl') {
			$this->getServerUrl();
		} else if ($command == 'getLogoUrl') {
			$this->getLogoUrl();
		} else if ($command == 'getPayPrintType') {
			$this->getPayPrintType();
		} else if ($command == 'getPayments') {
			$this->getPayments();
		} else if ($command == 'getEmail') {
			$this->getEmail();
		} else if (($command == 'new') || ($command == 'new') || ($command == 'drop') || ($command == 'fill') || ($command == 'fillSampleProdType') || ($command == 'fillSpeisekarte')) {
			if ($this->isCurrentUserAdmin()) {
				if ($command == 'fill') {
					$this->fillSampleContent();
				} else if ($command == 'fillSampleProdType') {
					$this->fillSampleProdType("samples/speisekarte.txt");
				} else if ($command == 'fillSpeisekarte') {
					$this->fillSpeisekarte($_POST['speisekarte']);
				}
				//else if ($command == 'readRoomsTables') {
				//	$this->fillSampleRoomsAndTable("samples/roomstables.txt");
				//}
				echo json_encode(array("status" => "OK"));
			} else {
				echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
			}
		// end area for admins
		} else if ($command == 'exportConfigCsv') {
			if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
				$this->exportConfigCsv();
			}
		} else if ($command == 'exportUserCsv') {
			if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
				$this->exportUserCsv();
			}
		} else if ($command == 'setOrderVolume') {
			if ($this->isUserAlreadyLoggedInForPhp()) {
				$this->setOrderVolume($_POST['volume']);
			}
		} else if ($command == 'getOrderVolume') {
			if ($this->isUserAlreadyLoggedInForPhp()) {
				$this->getOrderVolume();
			}
		}
		else {
			echo "Command not supported.";
		}
	}
	
	function isUserAlreadyLoggedInForPhp() {
		if(session_id() == '') {
			session_start();
		}
		if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
			return false;
		} else {
			return true;
		}
	}
	
	function isUserAlreadyLoggedIn() {
		if(session_id() == '') {
	    	session_start();
		}
		if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
			// no user logged in
			echo json_encode("NO");
		} else {
			echo json_encode("YES");
		}
	}
	
	function logout() {
		if(session_id() == '') {
			session_start();
			session_destroy();
		}
		echo json_encode("OK");
	}
	
	// for the login mask - if user is authenticated then the first page works different
	function tryAuthenticate($username,$password) {
		$authenticated = false;
		$sql = "SELECT userpassword FROM %user% WHERE username='$username' AND active='1'";
		$dbutils = new DbUtils();
		$dbresult = $dbutils->performSqlCommand($sql);
		$numberOfEntries = mysqli_num_rows($dbresult);
		
		if ($numberOfEntries == 1) {
			$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
			$pass_hash = $zeile['userpassword'];
	
			// password_verify requires PHP > 5.5, so let's use MD5 instead
			// (it is no banking software...)
			if (md5($password) == $pass_hash) {
				$authenticated = true;
			}
		}
		mysqli_free_result( $dbresult );
		
		if ($authenticated) {
			if(session_id() == '') {
				session_start();
			}
			$_SESSION['angemeldet'] = true;
			 
			// now read the rights of the user
			$sql = "SELECT * FROM %user% WHERE username='$username' AND active='1'";
			$dbutils = new DbUtils();
			$dbresult = $dbutils->performSqlCommand($sql);
			$numberOfEntries = mysqli_num_rows($dbresult);
			if ($numberOfEntries == 1) {
				$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
				$_SESSION['userid'] = $zeile['id'];
				$_SESSION['currentuser'] = $username;
				$_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false);
				$_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false);
				$_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false);
				$_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false);
				$_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false);
				$_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false);
				$_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false);
				$_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false);
				$_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false);
				$_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false);
			}
			mysqli_free_result($dbresult);
		}
		
		if ($authenticated) {
			echo json_encode("YES");
		} else {
			echo json_encode("NO");
		}
	}
	
	function getOrderVolume() {
		$userid = $_SESSION['userid'];
			
		$sql = "SELECT ordervolume FROM %user% WHERE id=?";
		$pdo = $this->dbutils->openDbAndReturnPdo();
		
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute(array($userid));
		$row =$stmt->fetchObject();
		$volume = 0;
		if ($row != null) {
			$volume = $row->ordervolume;
			if ($volume == null) {
				$volume = 0;
			}
		}
		
		echo json_encode($volume);
	}
	
	function setOrderVolume($volume) {
		$userid = $_SESSION['userid'];
			
		$sql = "UPDATE %user% SET ordervolume=? WHERE id=?";
		$pdo = $this->dbutils->openDbAndReturnPdo();
		$pdo->beginTransaction();
			
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute(array($volume,$userid));
		$pdo->commit();
		echo json_encode(array("status" => "OK"));
	}
	
	function setLastModuleOfUser($view) {
		if ($this->isUserAlreadyLoggedInForPhp()) {
			$userid = $_SESSION['userid'];
			
			$sql = "UPDATE %user% SET lastmodule=? WHERE id=?";
			$pdo = $this->dbutils->openDbAndReturnPdo();
			$pdo->beginTransaction();
			
			$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
			$stmt->execute(array($view,$userid));
			$pdo->commit();
			echo json_encode(array("status" => "OK"));
		}
	}
	
	function getViewAfterLogin() {
		if ($this->isUserAlreadyLoggedInForPhp()) {
			$userid = $_SESSION['userid'];
			
			$sql = "SELECT lastmodule FROM %user% WHERE id=?";
			$pdo = $this->dbutils->openDbAndReturnPdo();
			$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
			$stmt->execute(array($userid));
			$row =$stmt->fetchObject();
			
			$view = "preferences.html";
			if ($row != null) {
				$newView = $row->lastmodule;
				if ($newView != null) {
					$view = $newView;
				}
			}
			
			// test if user has still the right to go into that view
			$mapping = array (
					"waiter.html" => 'right_waiter',
					"kitchen.html" => 'right_kitchen',
					"bar.html" => 'right_bar',
					"supplydesk.html" => 'right_supply',
					"paydesk.html" => 'right_paydesk',
					"reports.html" => 'right_statistics',
					"bill.html" => 'right_bill',
					"products.html" => 'right_products');
			
			$valid = false;
			if ($view == 'preferences.html') {
				// always ok
				$valid = true;
			} else if ($view == 'manager.html') {
				if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1)) {
					$valid = true;
				}
			} else {
				if ($_SESSION[$mapping[$view]] == 1) {
					$valid = true;
				}
			}
			if ($valid == false) {
				$view = "preferences.html";
			}
			
			echo json_encode($view);
		}
	}
	
	// for client request
	function isLoggedinUserAdmin() {
		if ($this->isCurrentUserAdmin()) {
			echo json_encode(YES);
		} else {
			echo json_encode(NO);
		}
	}
	
	function isLoggedinUserAdminOrManager() {
		if ($this->hasCurrentUserRight('is_admin') || $this->hasCurrentUserRight('right_manager')) {
			echo json_encode(YES);
		} else {
			echo json_encode(NO);
		}
	}
	
	function isLoggedinUserKitchen() {
		if ($this->hasCurrentUserRight('right_kitchen')) {
			echo json_encode(YES);
		} else {
			echo json_encode(NO);
		}
	}
	
	function isLoggedinUserBar() {
		if ($this->hasCurrentUserRight('right_bar')) {
			echo json_encode(YES);
		} else {
			echo json_encode(NO);
		}
	}
	
	function hasUserPaydeskRight() {
		if ($this->hasCurrentUserRight('right_paydesk')) {
			echo json_encode(YES);
		} else {
			echo json_encode(NO);
		}
	}
	
	function hasCurrentUserRight($whichRight) {
		if(session_id() == '') {
	    	session_start();
		}
		if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
			// no user logged in
			return false;
		} else {
			return ($_SESSION[$whichRight]);
		}
	}
	
	// for internal request
	function isCurrentUserAdmin() {
		return $this->hasCurrentUserRight('is_admin');
	}


	function fillSampleContentBySqlFile($sqlFile) {
		$handle = fopen ($sqlFile, "r");
		while (!feof($handle)) {
			$sql = fgets($handle);
			$this->dbutils->performSqlCommand($sql);
		}
		fclose ($handle);
	}
	
	private function fillSampleProdType($fileName) {	
		$speisekartenHandler = new TypeAndProductFileManager();
		$speisekartenHandler->manageSpeisekarteFile($fileName);
		
		$this->histfiller->readProdTableAndSendToHist();
	}
	
	private function fillSpeisekarte($speisekarte) {
		$pdo = $this->dbutils->openDbAndReturnPdo();
		$pdo->beginTransaction();
		
		$speisekartenHandler = new TypeAndProductFileManager();
		$speisekartenHandler->manageSpeisekarte($pdo,$speisekarte);
		
		$this->histfiller->readProdTableAndSendToHist($pdo);
		$pdo->commit();
	}
	
	/* obsolete: not needed any more after replacement by matrix in manager.html */
	private function fillSampleRoomsAndTable($fileName) {
		$roomsAndTableHandler = new RoomsAndTableFileManager();
		$roomsAndTableHandler->readRoomTableDefinition($fileName);
	}
	
	private function fillSampleContent()
	{
		// first remove previous content, then fill the SQL file
		$sql = "DELETE FROM `%queue%`";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$this->fillSampleContentBySqlFile("samples/queuecontent.txt");
		
		$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		
		$sql = "DELETE FROM `%histuser%`";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		
		$sql = "DELETE FROM `%user%`";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$this->fillSampleContentBySqlFile("samples/usercontent.txt");

		$this->histfiller->readUserTableAndSendToHist();
	}
	
	function dropProdTypeTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_PRODTYPE_TABLE . "`;");
	}
	
	function dropQueueTable()
	{	
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_QUEUE_TABLE . "`;");
	}
	
	function dropProductsTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_PRODUCTS_TABLE . "`;");
	}
	
	function dropUserTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_USER_TABLE . "`;");
	}
	
	function dropRoomTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_ROOM_TABLE . "`;");
	}
	
	function dropPaymentTable() {
		$this->dbutils->performSqlCommand("drop TABLE `%payment%`;");
	}
	
	function dropRestTables()
	{
		$this->dbutils->performSqlCommand("drop TABLE `" . DB_RESTTABLES_TABLE . "`;");
	}
	
	function dropBillTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `%bill%`;");
	}
	
	function dropPriceLevelTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `%pricelevel%`;");
	}
	
	function dropConfigTable() 
	{
		$this->dbutils->performSqlCommand("drop TABLE `%config%`;");
	}
	
	function dropClosingTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `%closing%`;");
	}
	
	function dropPrintJobsTable()
	{
		$this->dbutils->performSqlCommand("drop TABLE `%printjobs%`;");
	}
	
	function dropBillProductsTable() {
		$this->dbutils->performSqlCommand("drop TABLE `%billproducts%`;");
	}
	
	function dropHistTables() {
		$pdo = $this->dbutils->openDbAndReturnPdo();
		$sql = "DROP TABLE `%hist%`";
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute();
		
		$sql = "DROP TABLE `%histprod%`";
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute();
		
		$sql = "DROP TABLE `%histconfig%`";
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute();
		
		$sql = "DROP TABLE `%histuser%`";
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute();
		
		$sql = "DROP TABLE `%histactions%`";
		$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		$stmt->execute();
	}
	/*
	 * Return all the entries for the main menu (the modules)
	 */
	function getJsonMenuItemsAndVersion() {
		if(session_id() == '') {
			session_start();
		}
		$mainMenu = array();
		$currentUser = "";
		if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
			// no user logged in
			$mainMenu[] = array("name" => "Startseite", "link" => "index.html");
		} else {
			if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => "Kellner", "link" => "waiter.html"); };
			if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => "K&uuml;che", "link" => "kitchen.html"); };
			if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html"); };
			if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => "Bereitstellung", "link" => "supplydesk.html"); };
			if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => "Kasse", "link" => "paydesk.html"); };
			if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => "Statistik", "link" => "reports.html"); };
			if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => "Kassenbons", "link" => "bill.html"); };
			if ($_SESSION['right_products']) { $mainMenu[] = array("name" => "Angebot", "link" => "products.html");	};
			if ($_SESSION['right_manager']) { $mainMenu[] = array("name" => "Verwaltung", "link" => "manager.html"); };
			$mainMenu[] = array("name" => "Einstellung", "link" => "preferences.html");
			$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html");
			$mainMenu[] = array("name" => "Abmelden", "link" => "logout.php");
			$currentUser = $_SESSION['currentuser'];
		}
		// CAUTION: change version also in config.txt!!!
		$mainMenuAndVersion = array ("version" => "1.0", "user" => $currentUser, "menu" => $mainMenu);
		echo json_encode($mainMenuAndVersion);
	}
	
	function getUserList() {
		$userInfo = array();
		$sql = "SELECT * FROM %user% WHERE active='1'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$numberOfEntries = mysqli_num_rows($dbresult);
		while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
			$userEntry = array ("username" => $zeile['username'],
					"is_admin" => $zeile['is_admin'],
					"right_waiter" => $zeile['right_waiter'],
					"right_kitchen" => $zeile['right_kitchen'],
					"right_bar" => $zeile['right_bar'],
					"right_supply" => $zeile['right_supply'],
					"right_paydesk" => $zeile['right_paydesk'],
					"right_statistics" => $zeile['right_statistics'],
					"right_bill" => $zeile['right_bill'],
					"right_products" => $zeile['right_products'],
					"right_manager" => $zeile['right_manager']
			);
			$userInfo[] = $userEntry;
		}
		
		mysqli_free_result($dbresult);
		echo json_encode($userInfo);
	}
	
	function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rManager) {
		// check if the user with that name already exists
		$sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$numberOfEntries = mysqli_num_rows($dbresult);
		mysqli_free_result($dbresult);
		
		if ($numberOfEntries > 0) {
			echo json_encode("exists"); 
		} else {
			// create the new user
			// instead if password_hash (PHP > 5.5) use MD5...
			$password_hash = md5($password);
			$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_manager`,`active`) VALUES (";
			$userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rManager', '1')";
			$dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql);
			$lastId = $dbresult['id'];
			echo json_encode("OK");
		}
		
		// now this has to be logged in the history tables...
		$this->histfiller->createUserInHist($lastId,$username, 
				$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rManager);
	}
	
	function getTax() {
		$this->sendJsonValueFromConfigTable('tax');
	}
	
	function getTogoTax() {
		$this->sendJsonValueFromConfigTable('togotax');
	}
	
	function getCompanyInfo() {
		$this->sendJsonValueFromConfigTable('companyinfo');
	}
	
	function getServerUrl() {
		$this->sendJsonValueFromConfigTable('serverurl');
	}
	
	function getLogoUrl() {
		$this->sendJsonValueFromConfigTable('logourl');
	}
	
	function getPayPrintType() {
		$this->sendJsonValueFromConfigTable('payprinttype');
	}
	
	function getEmail() {
		$this->sendJsonValueFromConfigTable('email');
	}
	
	function getPayments() {
		$pdo = $this->dbutils->openDbAndReturnPdo();
		
		$sql = "SELECT id,name FROM %payment%";
		$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
		
		$stmt_query->execute();
		$result = $stmt_query->fetchAll();
		$retArray = array();
		
		foreach($result as $row) {
			$entry = array("id"=> $row['id'], "name" => $row['name']);
			$retArray[] = $entry;
		}
		echo json_encode($retArray);
	}
	
	function sendJsonValueFromConfigTable($whichValue) {
		$theVal = $this->getValueFromConfigTable($whichValue);
		if ($theVal == null) {
			echo json_encode("");
		} else {
			echo json_encode($theVal);
		}
	}
	
	function getValueFromConfigTable($whichValue) {
		$sql = "SELECT setting FROM %config% WHERE name='$whichValue'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$numberOfEntries = mysqli_num_rows($dbresult);
		$theValue = null;
		if ($numberOfEntries == 1) {
			$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
			$theValue = $zeile['setting'];
		}
		mysqli_free_result($dbresult);
		return $theValue;
	}
	
	function changeConfig(
			$taxChanged,$togoTaxChanged,$stornocodeChanged,$printpassChanged,$companyInfoChanged,$serverUrlChanged,$logoUrlChanged,$payPrintTypeChanged,$emailChanged,
			$tax,$togoTax,$stornocode,$printpass,$companyInfo,$serverUrl,$logoUrl,$payPrintType,$email) {	
		
		$problem = false;
		if ($stornocodeChanged == 1) {
			$this->changeOneConfigDbItem('stornocode',$stornocode);
		}
		
		if ($printpassChanged == 1) {
			$this->changeOneConfigDbItem('printpass',md5($printpass));
		}
		
		if ($companyInfoChanged == 1) {
			$this->changeOneConfigDbItem('companyinfo',$companyInfo);
		}
		
		if ($serverUrlChanged == 1) {
			$this->changeOneConfigDbItem('serverurl', $serverUrl);
		}
		
		if ($logoUrlChanged == 1) {
			$this->changeOneConfigDbItem('logourl', $logoUrl);
		}
		
		if ($payPrintTypeChanged == 1) {
			$this->changeOneConfigDbItem('payprinttype', $payPrintType);
		}
		if ($emailChanged == 1) {
			$this->changeOneConfigDbItem('email', $email);
		}
		if ($taxChanged == 1) {
			if (is_numeric($tax)) {
				$this->changeOneConfigDbItem('tax',$tax);
			} else {
				$problem = true;
			}
		}

		if ($togoTaxChanged == 1) {
			if (is_numeric($togoTax)) {
				$this->changeOneConfigDbItem('togotax',$togoTax);
			} else {
				$problem = true;
			}
		} 
		
		if ($problem) {
			echo json_encode("FAILED");
		} else {
			echo json_encode("OK");
		}
	}
	
	function changeOneConfigDbItem($theItem,$theValue) {
		$sql = "UPDATE %config% SET setting='$theValue' WHERE name='$theItem'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		
		// now this has to be logged in the history tables...
		$this->histfiller->updateConfigInHist($theItem, $theValue);
	}
	
	private function findActiveUserWithName($username) {
		$sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'";
		$pdo = $this->dbutils->openDbAndReturnPdo();
		$stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id));
		$row =$stmt_query->fetchObject();
		$theUserId = $row->id;
		return $theUserId;
	}
	
	function updateUser($username, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rManager) {
		$theUserId = $this->findActiveUserWithName($username);
		
		// check if the user with that name already exists
		$sql = "UPDATE %user% SET is_admin='$isAdmin', right_waiter='$rWaiter',right_kitchen='$rKitchen',right_bar='$rBar',right_supply='$rSupply',right_paydesk='$rPayDesk',right_statistics='$rStat',right_bill='$rBill',right_products='$rProducts',right_manager='$rManager' WHERE active='1' AND username='$username'";
				
		$dbresult = $this->dbutils->performSqlCommand($sql);
		
		// now this has to be logged in the history tables...
		
		$this->histfiller->updateUserInHist($theUserId,$username,
				$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rManager,'1');
		
		echo json_encode("OK");
	}
	
	function deleteUser($username) {
		$theUserId = $this->findActiveUserWithName($username);
		
		$userSql = "UPDATE %user% set active='0' WHERE username='$username'";
		$dbresult = $this->dbutils->performSqlCommand($userSql);
		
		$this->histfiller->updateOneUser($theUserId);
		
		echo json_encode("OK");
	}
	
	function getCurrentUser() {
		if(session_id() == '') {
			session_start();
		}
		if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
			// no user logged in
			echo json_encode("Nobody");
		} else {
			echo json_encode($_SESSION['currentuser']);
		}
	}
	
	function changepassword($username,$password) {
		$password_hash = md5($password);
		$userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND username='$username'";
		$dbresult = $this->dbutils->performSqlCommand($userSql);
		echo json_encode("OK");
	}
	
	function changeOwnPassword($oldpassword,$newpassword) {
		if(session_id() == '') {
			session_start();
		}
		$currentuser = $_SESSION['currentuser'];
		$oldp_hash = md5($oldpassword);

		$ok = true;
		
		// is old password correct?
		$sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'";
		$dbresult = $this->dbutils->performSqlCommand($sql);
		$numberOfEntries = mysqli_num_rows($dbresult);
		if ($numberOfEntries == 1) {
			$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
			if ($zeile['userpassword'] != $oldp_hash) {
				$ok = false;
			}
		} else {
			// user not found
			$ok = false;
		}
		mysqli_free_result($dbresult);
		
		if ($ok) {
			// allowed to change password
			$newp_hash = md5($newpassword);
			$sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'";
			$dbresult = $this->dbutils->performSqlCommand($sql);
			echo json_encode("OK");
		} else {
			echo json_encode("FAILED");
		}
	}
	
	private function writeCsvHeader($defaultFilename) {
		header("Content-type: text/x-csv");
		header("Content-Disposition: attachment; filename=$defaultFilename");
		header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
		header("Pragma: no-cache");
		header("Expires: 0");
	}
	
	private function exportConfigCsv() {
		$this->writeCsvHeader("datenexport-config.csv");
		
		echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
		
		$sql = "SELECT DISTINCT %hist%.id as id,date,";
		$sql .= "%config%.name as configitem,%histconfig%.setting as setting,description ";
		$sql .= " FROM %hist%, %histconfig%, %histactions%, %config% ";
		$sql .= " WHERE (refid=%histconfig%.id) ";
		$sql .= " AND %histconfig%.configid = %config%.id ";
		$sql .= " AND (action='2' OR action='6') ";
		$sql .= " AND (action=%histactions%.id) ";
		$sql .= " ORDER BY date,id";
		
		$dbresult = $this->dbutils->performSqlCommand($sql);
		while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
			$val1 = $zeile['id'];
			$val2 = $zeile['date'];
			$val3 = $zeile['configitem'];
			$val4 = str_replace("\r\n","<CR>",$zeile['setting']);
			$val4 = str_replace("\n","<CR>",$val4);
			$val5 = $zeile['description'];
		
			echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
		}
		mysqli_free_result( $dbresult );
	}
	
	private function exportUserCsv() {
		$this->writeCsvHeader("datenexport-benutzer.csv");
		
		echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Managerrechte; Aktiviert\n");
		
		$sql = "SELECT DISTINCT %hist%.id as id,date,";
		$sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,";
		$sql .= "right_paydesk,right_statistics,right_bill,right_products,right_manager,active,";
		$sql .= "description ";
		$sql .= " FROM %hist%, %histuser%, %histactions% ";
		$sql .= " WHERE (refid=%histuser%.id) ";
		$sql .= " AND (action='3' OR action='7' OR action='8') ";
		$sql .= " AND (action=%histactions%.id) ";
		$sql .= " ORDER BY date,id";
		
		$dbresult = $this->dbutils->performSqlCommand($sql);
		while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
			$val1 = $zeile['id'];
			$val2 = $zeile['date'];
			$val3 = $zeile['userid'];
			$val4 = $zeile['username'];
			$val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein");
			$val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein");
			$val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein");
			$val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein");
			$val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein");
			$val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein");
			$val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein");
			$val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein");
			$val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein");
			$val14 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein");
			$val15 = ($zeile['active'] == '1' ? "Ja" : "Nein");
			$val16 = $zeile['description'];

			echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
			echo "$val11;$val12;$val13;$val14;$val15;$val16\n";
		}
		mysqli_free_result( $dbresult );
	}

}

?>