dbutils = new DbUtils(); } function handleCommand($command) { if ($command == 'exportCsv') { if ($this->hasCurrentUserAdminOrManagerRights()) { // yes, we can export the data $this->exportCsv($_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']); } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG)); } return; } if ($command == 'exportCsvOfClosing') { if ($this->hasCurrentUserAdminOrManagerRights()) { // yes, we can export the data $this->exportCsvOfClosing($_GET['closingid']); } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_MANAGER_NOT_AUTHOTRIZED, "msg" => ERROR_MANAGER_NOT_AUTHOTRIZED_MSG)); } return; } if ($this->hasCurrentUserBillRights()) { if ($command == 'getLastBillsWithContent') { $this->getLastBillsWithContent(); } else if ($command == 'cancelBill') { $this->cancelBill($_POST['billid'],$_POST['stornocode']); } else if ($command == 'doCashAction') { $this->doCashAction($_POST['money']); } else if ($command == 'getCashOverviewOfUser') { $this->getCashOverviewOfUser(); } else { echo "Command not supported."; } } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG)); } } // for internal request private function hasCurrentUserBillRights() { session_start(); if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in return false; } else { return ($_SESSION['right_bill']); } } // for internal request private function hasCurrentUserAdminOrManagerRights() { session_start(); if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in return false; } else { return ($_SESSION['right_manager'] || $_SESSION['is_admin']); } } private function billWithId($billid) { $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); $sql = "SELECT content FROM %bill% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($billid)); $row =$stmt->fetchObject(); if ($row != null) { return stripslashes($row->content); } } // TODO: needed??? function getBillWithId($billid) { echo json_encode($this->billWithId($billid)); } /* * insert or take out cash money. The direction done by sign of $money value */ private function doCashAction($money) { // current time date_default_timezone_set('Europe/Berlin'); $currentTime = date('Y-m-d H:i:s'); $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); $sql = "SELECT sum(brutto) as bruttosum FROM %bill% WHERE closingid is null AND paymentid='1'"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { $sum = $row->bruttosum; if (is_null($sum)) { // no transaction after last closing $sum = 0.0; } if (($sum + floatval($money)) >= 0.0) { $userId = $this->getUserId(); $sql = "INSERT INTO `%bill%` (`id` , `billdate`,`content`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`) VALUES ( NULL, ? , ?, ?,?,?, ?, 'c', ?,?,?)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($currentTime,NULL,$money,$money,'0.00',-1,1,$userId,NULL)); $pdo->commit(); echo json_encode(array("status" => "OK")); } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT, "msg" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT_MSG)); } } else { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_PAYDESK_SUM, "msg" => ERROR_GENERAL_PAYDESK_SUM_MSG)); return; } } /* * User may ask what money he should have in his pocket by serving the guests. If the inserts and * take outs are in in his waiter paydesk then this value is of interest, too. Return both. */ function getCashOverviewOfUser() { $userId = $this->getUserId(); // without cash insert and cash takeout $onlyCashByGuests = 0.0; $pdo = $this->dbutils->openDbAndReturnPdo(); $sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND status is null AND paymentid=1 AND userid='$userId'"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { if ($row->sumtotal != null) { $onlyCashByGuests = $row->sumtotal; } } // with cash $cashByGuestsAndInsertTakeOut = 0.0; $sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND paymentid='1' AND userid='$userId' AND (status is null OR status ='c')"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { if ($row->sumtotal != null) { $cashByGuestsAndInsertTakeOut = $row->sumtotal; } } echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut)); } function getLastBillsWithContent() { $commonUtils = new CommonUtils(); $sql = "SELECT id,billdate,brutto,tableid,closingid,status FROM %bill% WHERE tableid >= '0' AND status is null ORDER BY billdate DESC LIMIT 20;"; $dbresult = $this->dbutils->performSqlCommand($sql); $resultarray = array(); while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $theId = $zeile['id']; $theHtmlContentOfBill = $this->billWithId($theId); $date = new DateTime($zeile['billdate']); $shortdate = $date->format('H:i'); $closingID = $zeile['closingid']; $isClosed = (is_null($closingID) ? 0 : 1); $arr = array("id" => $theId, "longdate" => $zeile['billdate'], "shortdate" => $shortdate, "brutto" => $zeile['brutto'], "tablename" => $commonUtils->getTableNameFromId($zeile['tableid']), "billcontent" => $theHtmlContentOfBill, "isClosed" => $isClosed ); $resultarray[] = $arr; } mysqli_free_result( $dbresult ); echo json_encode(array("status" => "OK", "code" => OK, "msg" => $resultarray)); } private function getUserId() { if(session_id() == '') { session_start(); } return $_SESSION['userid']; } /* * Cancel a bill - set all queue items to not paid and drop the bill entry */ private function cancelBill($billid,$stornocode) { // current time date_default_timezone_set('Europe/Berlin'); $currentTime = date('Y-m-d H:i:s'); // check if stornocode is correct $sql = "SELECT setting FROM %config% WHERE name='stornocode'"; $dbresult = $this->dbutils->performSqlCommand($sql); $numberOfVals = mysqli_num_rows($dbresult); if ($numberOfVals != 1) { // stornocode not fixed mysqli_free_result( $dbresult ); echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG)); return; } $zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC); $stornocodeInDb = $zeile['setting']; mysqli_free_result( $dbresult ); if ($stornocode != $stornocodeInDb) { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG)); return; } if (!is_numeric($billid)) { // this may be an attack... echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_NUMERIC_VALUE, "msg" => ERROR_BILL_WRONG_NUMERIC_VALUE_MSG)); return; } // Do transactional cancel $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); // is the bill already closed? In this case no cancel is allowed! $sql = "SELECT content,brutto,netto,tax,tableid,closingid,status,paymentid FROM %bill% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($billid)); $row =$stmt->fetchObject(); $closingId = null; if ($row != null) { $closingId = $row->closingid; // save the next data for a copy! $content = $row->content; $brutto = $row->brutto; $netto = $row->netto; $tax = $row->tax; $tableid = $row->tableid; $status = $row->status; $paymentid = $row->paymentid; } if (!is_null($closingId) || ($status == 's') || ($status == 'x')) { // no cancel possible anymore! $pdo->rollBack(); if (($status == 's') || ($status == 'x')) { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CANCELLED, "msg" => ERROR_BILL_ALREADY_CANCELLED_MSG)); } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CLOSED, "msg" => ERROR_BILL_ALREADY_CLOSED_MSG)); } return; } // 0. find the queueitems that are related to that bill $sql = "SELECT id FROM %queue% WHERE billid=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($billid)); $result = $stmt->fetchAll(); $queueIdArray = array(); foreach($result as $row) { $queueIdArray[] = $row['id']; } // 1. clear connection between queue item and bill $sql = "UPDATE %queue% SET paidtime=null WHERE billid=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($billid)); // 2. copy bill with negativ brutto as part of storno $userIdOfStornoUser = $this->getUserId(); $stornval = 0.0 - floatval($brutto); $stornonettoval = 0.0 - floatval($netto); $sql = "INSERT INTO `%bill%` (`id` , `billdate`,`content`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`) VALUES ( NULL, ? , ?, ?, ?,?,?, 's', ?,?,?)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($currentTime,$content,$stornval,$stornonettoval,$tax,$tableid,$paymentid,$userIdOfStornoUser,$billid)); $refIdOfStornoEntry = $pdo->lastInsertId(); // 3. mark bill as part of storno $sql = "UPDATE %bill% SET status='x', closingid=null, ref=? WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($refIdOfStornoEntry,$billid)); // 4. now put the queue items into the billproducts so that later storno is evaluable foreach ($queueIdArray as $aQueueid) { $billProdsSql = "INSERT INTO `%billproducts%` (`queueid` , `billid`) VALUES ( ?,?)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($billProdsSql)); $stmt->execute(array($aQueueid,$refIdOfStornoEntry)); } $pdo->commit(); // end of transactional cancel echo json_encode(array("status" => "OK", "code" => OK)); return; } private function exportCsv($startMonth,$startYear,$endMonth,$endYear) { $this->exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,null); } /* * Method to export data of a special closing */ private function exportCsvOfClosing($closingid) { $this->exportCsv_bin(null,null,null,null,$closingid); } private function exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,$onlyClosingId) { if ($onlyClosingId == null) { if ($startMonth < 10) { $startMonth = "0" . $startMonth; } if ($endMonth < 10) { $endMonth = "0" . $endMonth; } $startDate = $startYear . "-" . $startMonth . "-01 00:00:00"; // now find last day of month of end date! $endDate = $endYear . "-" . $endMonth . "-01"; $lastdayOfMonth = date("t", strtotime($endDate)); $endDate = $endYear . "-" . $endMonth . "-" . $lastdayOfMonth . " 23:59:59"; } $file_name = "datenexport.csv"; header("Content-type: text/x-csv"); header("Content-Disposition: attachment; filename=$file_name"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); header("Expires: 0"); if ($onlyClosingId == null) { echo("Bonid;Bondatum;Brutto;Netto;MwSt;Status;Referenzbon-ID;Benutzerid;Benutzername;Tageslosung-ID; Tageslosung-Datum; Zahlungsart; Tageslosung-Bemerkung\n"); } else { // closing id is know - do not output unnecessary info echo("Bonid;Bondatum;Brutto;Netto;MwSt;Status;Referenzbon-ID;Benutzerid;Benutzername;Zahlungsart\n"); } // first get the billids for that closing $billIdsForThatClosing = array(); $sql = "SELECT DISTINCT %bill%.id,billdate,brutto,netto,tax,status,closingdate,remark,%bill%.closingid,%payment%.name,userid,ref,username FROM %bill%,%closing%,%payment%,%user% "; $sql .= "WHERE closingid is not null AND %bill%.closingid=%closing%.id "; $sql .= " AND %bill%.paymentid=%payment%.id "; if ($onlyClosingId == null) { // search for time span $sql .= " AND %bill%.billdate BETWEEN '$startDate' AND '$endDate' "; } else { // search for a special closing id $sql .= " AND closingid='$onlyClosingId' "; } $sql .= " AND %bill%.userid = %user%.id "; $sql .= "ORDER BY billdate"; $dbresult = $this->dbutils->performSqlCommand($sql); $retValues = array(); while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) { $billid = $zeile['id']; $billdate = $zeile['billdate']; $brutto = str_replace(".",",",$zeile['brutto']); $netto = str_replace(".",",",$zeile['netto']); $tax = str_replace(".",",",$zeile['tax']); $status = $zeile['status']; if ($status == 'x') { $status = "nachher storniert"; } else if ($status == 's') { $status = "Stornierungsbuchung"; } else if ($status == 'c') { $status = "Bareinlage/-entnahme"; } else { $status = ""; } $ref = ($zeile['ref'] == null ? "" : $zeile['ref']); $userid = $zeile['userid']; $username = $zeile['username']; $closingid = $zeile['closingid']; $closingdate = $zeile['closingdate']; $remark = '"' . addslashes($zeile['remark']) . '"'; $paymentname = '"' . addslashes($zeile['name']) . '"'; if ($billid == null) { $billid = "-"; } if ($onlyClosingId == null) { echo "$billid ; $billdate; $brutto; $netto; $tax; $status; $ref; $userid; $username ; $closingid; $closingdate; $paymentname; $remark\n"; } else { echo "$billid ; $billdate; $brutto; $netto; $tax; $status; $ref; $userid; $username ; $paymentname\n"; } } mysqli_free_result( $dbresult ); } } ?>