dbutils = new DbUtils(); $this->userrights = new Userrights(); } function handleCommand($command) { // these command are only allowed for user with waiter rights if ($command == 'queuePrintJob') { $this->queuePrintJob($_POST['content'],$_POST['type']); } else if ($command == 'getNextPrintJob') { $this->getNextPrintJob($_POST['pass']); } else if ($command == 'deletePrintJob') { $this->deletePrintJob($_POST['pass'],$_POST['id']); } else if ($command == 'getPrintJobAsHtml') { $this->getPrintJobAsHtml($_GET['id'],$_POST['pass']); } else if ($command == 'getNextPrintJobIdType') { $this->getNextPrintJobIdType($_POST['pass']); } else { echo "Kommando nicht erkannt!"; } } /* * Insert a job into ther printjob queue. The POS Print Server will * pick these jobs and delete them after successful printing */ function queuePrintJob($htmlContent,$printType) { if (($printType == FOOD_PRINT_TYPE) || ($printType == DRINK_PRINT_TYPE)){ // waiter rights required if (!($this->userrights->hasCurrentUserRight('right_waiter'))) { echo "Benutzerrechte nicht ausreichend!"; return false; } } if ($printType == PAY_PRINT_TYPE){ // waiter, or manager, bill, admin rights required if (!($this->userrights->hasCurrentUserRight('right_paydesk')) && !($this->userrights->hasCurrentUserRight('right_manager')) && !($this->userrights->hasCurrentUserRight('right_bill')) && !($this->userrights->hasCurrentUserRight('right_waiter')) && !($this->userrights->hasCurrentUserRight('is_admin')) ) { echo "Benutzerrechte nicht ausreichend!"; return false; } } // from here on user is authorized $printInsertSql = "INSERT INTO `%printjobs%` (`id` , `content`,`type`) VALUES ( NULL, '$htmlContent' , '$printType')"; $dbresult = $this->dbutils->performSqlCommand($printInsertSql); echo json_encode("OK"); } function isPasswordCorrect($pass) { $sql = "SELECT setting FROM %config% WHERE name=?"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array("printpass")); $row =$stmt->fetchObject(); if ($row != null) { $passInDb = $row->setting; if ($passInDb != null) { // plain comparison if ($pass == $passInDb) { return true; } else { echo "Error: Falscher Printpass!"; } } else { echo "Error: kein Printpass in DB gesetzt!"; } } echo "Error: DB konnte nicht abgefragt werden!"; return false; } function getNextPrintJob($pass) { $isCorrect = $this->isPasswordCorrect($pass); if ($isCorrect) { $sql = "SELECT id,content,type FROM %printjobs% ORDER BY id ASC LIMIT 1"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { echo json_encode(array("id" => $row->id, "content" => $row->content, "type" => $row->type)); } } } function getNextPrintJobIdType($md5pass) { $isCorrect = $this->isPasswordCorrect($md5pass); if ($isCorrect) { $sql = "SELECT id,type FROM %printjobs% ORDER BY id ASC LIMIT 1"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { $id = $row->id; $theType = $row->type; if ($id != null) { header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); header( "Cache-Control: no-cache, must-revalidate" ); header( "Pragma: no-cache" ); header( "Content-Type: text/html; charset=utf8" ); echo "" . $id . "-" . $theType . ""; } } } } function getPrintJobAsHtml($id,$md5pass) { $isCorrect = $this->isPasswordCorrect($md5pass); if ($isCorrect) { $sql = "SELECT content FROM %printjobs% WHERE id=?"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($id)); $row =$stmt->fetchObject(); if ($row != null) { $content = $row->content; if ($content != null) { header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); header( "Cache-Control: no-cache, must-revalidate" ); header( "Pragma: no-cache" ); header( "Content-Type: text/html; charset=utf8" ); echo "" . $content . ""; } } } } function deletePrintJob($pass,$id) { $isCorrect = $this->isPasswordCorrect($pass); if ($isCorrect) { $sql = "DELETE FROM %printjobs% WHERE id=?"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($id)); } } } ?>