array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "deleteCustomer" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "changeCustomer" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "getCustomers" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "createNewGroup" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "getGroups" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "changeGroup" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "deleteGroup" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "getVacations" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "newVacation" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "delVacation" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "getCustomersForReserv" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("reservation")), "getBills" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "pay" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "unpay" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "printbill" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "payallbills" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "printallbills" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")), "emailGroup" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("customers")) ); private static function checkRights($command) { if(session_id() == '') { session_start(); } if (!array_key_exists($command, self::$rights)) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_FOUND, "msg" => ERROR_COMMAND_NOT_FOUND_MSG)); return false; } $cmdRights = self::$rights[$command]; if ($cmdRights["loggedin"] == 1) { if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } } if ($cmdRights["isadmin"] == 1) { if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } else { if ($_SESSION['is_admin'] == 0) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG)); return false; } } } if (!is_null($cmdRights["rights"])) { foreach($cmdRights["rights"] as $aRight) { if ($aRight == 'customers') { if ($_SESSION['right_customers'] == 1) { return true; } } if ($aRight == 'reservation') { if ($_SESSION['right_reservation'] == 1) { return true; } } } echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } return true; } function __construct() { // } function handleCommand($command) { if (!self::checkRights($command)) { return false; } $pdo = DbUtils::openDbAndReturnPdoStatic(); if ($command == 'createNewCustomer') { echo json_encode($this->createNewCustomer($pdo,$_POST['name'],$_POST['email'],$_POST['addr'],$_POST['remark'],$_POST['phone'],$_POST['mobil'],$_POST['www'],$_POST['checkin'],$_POST['checkout'],$_POST['room'])); } else if ($command == 'deleteCustomer') { echo json_encode($this->deleteCustomer($pdo,$_POST['id'])); } else if ($command == 'changeCustomer') { echo json_encode($this->changeCustomer($pdo,$_POST["id"],$_POST['name'],$_POST['email'],$_POST['addr'],$_POST['remark'],$_POST['phone'],$_POST['mobil'],$_POST['www'],$_POST["groups"])); } else if ($command == 'getCustomers') { echo json_encode($this->getCustomers($pdo,$_POST['search'],$_POST['date'],$_POST['onlyopenbills'])); } else if ($command == 'createNewGroup') { echo json_encode($this->createNewGroup($pdo,$_POST['name'],$_POST['remark'])); } else if ($command == 'getGroups') { echo json_encode($this->getGroups($pdo,$_POST['search'])); } else if ($command == 'changeGroup') { echo json_encode($this->changeGroup($pdo,$_POST["id"],$_POST['name'],$_POST['remark'])); } else if ($command == 'deleteGroup') { echo json_encode($this->deleteGroup($pdo,$_POST['id'])); } else if ($command == 'getCustomersForReserv') { echo json_encode($this->getCustomersForReserv($pdo,$_POST['search'])); } else if ($command == 'getVacations') { echo json_encode($this->getVacations($pdo,$_GET['cusid'])); } else if ($command == 'newVacation') { echo json_encode($this->newVacation($pdo,$_POST['id'],$_POST['checkin'],$_POST['checkout'],$_POST['room'],$_POST['remark'])); } else if ($command == 'delVacation') { echo json_encode($this->delVacation($pdo,$_POST['id'])); } else if ($command == 'getBills') { echo json_encode($this->getBills($pdo,$_GET['cusid'])); } else if ($command == 'pay') { echo json_encode($this->pay($pdo,$_POST['id'])); } else if ($command == 'unpay') { echo json_encode($this->unpay($pdo,$_POST['id'])); } else if ($command == 'printbill') { echo json_encode($this->printBill($pdo,$_POST['id'])); } else if ($command == 'payallbills') { echo json_encode($this->payallbills($pdo,$_POST['id'])); } else if ($command == 'printallbills') { echo json_encode($this->printallbills($pdo,$_POST['id'])); } else if ($command == 'emailGroup') { echo json_encode($this->emailGroup($pdo,$_POST['groupid'],$_POST["subject"],$_POST["text"])); } else { echo "Command not supported."; } } // for internal request private function hasCurrentUserCustomersRights() { session_start(); if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in return false; } else { return ($_SESSION['right_customers']); } } private function createNewCustomer($pdo,$name,$email,$addr,$remark,$phone,$mobil,$www,$checkin,$checkout,$room) { date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); if ($checkin == '') { $checkin = null; } if ($checkout == '') { $checkout = null; } if ($room == '') { $room = null; } try { $pdo->beginTransaction(); $sql = "SELECT count(id) as countid from %customers% WHERE name=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($name)); $number = $row->countid; if ($row->countid > 0) { $code = 1; } else { $code = 0; } $sql = "INSERT INTO %customers% (name,email,address,remark,phone,mobil,www,created,lastmodified) VALUES(?,?,?,?,?,?,?,?,?)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($name,$email,$addr,$remark,$phone,$mobil,$www,$currentTime,$currentTime)); $cusid = $pdo->lastInsertId(); self::addVacationsCore($pdo,$cusid,$checkin,$checkout,$room,null); $pdo->commit();; return array("status" => "OK","code" => $code, "value" => $number); } catch (Exception $e) { $pdo->rollBack(); return array("status" => "ERROR","msg" => $e->getMessage()); } } private static function addVacationsCore($pdo,$cusid,$checkin,$checkout,$room,$remark) { if ($checkin == '') { $checkin = null; } if ($checkout == '') { $checkout = null; } if (!is_null($checkin) || !is_null($checkout)) { $sql = "INSERT INTO %vacations% (customerid,checkin,checkout,room,remark) VALUES(?,?,?,?,?)"; CommonUtils::execSql($pdo, $sql, array($cusid,$checkin,$checkout,$room,$remark)); } } private function createNewGroup($pdo,$name,$remark) { date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); try { $sql = "SELECT count(id) as countid from %groups% WHERE name=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($name)); if ($row->countid > 0) { return array("status" => "ERROR","msg" => "Group name already exists","code" => 1); } $sql = "INSERT INTO %groups% (name,remark,created) VALUES(?,?,?)"; CommonUtils::execSql($pdo, $sql, array($name,$remark,$currentTime)); return array("status" => "OK"); } catch (Exception $e) { return array("status" => "ERROR","msg" => $e->getMessage(),"code" => 2); } } private function changeCustomer($pdo,$id,$name,$email,$addr,$remark,$phone,$mobil,$www,$groups) { date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); try { $sql = "UPDATE %customers% SET name=?,email=?,address=?, remark=?, phone=?, mobil=?, www=?,lastmodified=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($name,$email,$addr,$remark,$phone,$mobil,$www,$currentTime,$id)); $sql = "DELETE FROM %groupcustomer% WHERE customerid=?"; CommonUtils::execSql($pdo, $sql, array($id)); if ($groups != '') { foreach($groups as $aGroupId) { $sql = "INSERT INTO %groupcustomer% (customerid,groupid) VALUES(?,?)"; CommonUtils::execSql($pdo, $sql, array($id,$aGroupId)); } } return array("status" => "OK"); } catch (Exception $e) { return array("status" => "ERROR","msg" => $e->getMessage()); } } private function newVacation($pdo,$cusid,$checkin,$checkout,$room,$remark) { try { self::addVacationsCore($pdo,$cusid,$checkin,$checkout,$room,$remark); return array("status" => "OK","cusid" => $cusid); } catch (Exception $e) { return array("status" => "ERROR","msg" => $e->getMessage()); } } private function delVacation($pdo,$id) { try { $pdo->beginTransaction(); $sql = "SELECT count(id) as countid FROM %vacations% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($id)); if ($row->countid != 1) { $pdo->rollBack(); return array("status" => "ERROR","msg" => "Vacations entry not found"); } else { $sql = "SELECT customerid FROM %vacations% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($id)); $cusid = $row->customerid; $sql = "DELETE FROM %vacations% WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($id)); $pdo->commit(); return array("status" => "OK","cusid" => $cusid); } } catch (Exception $ex) { $pdo->rollBack(); return array("status" => "ERROR","msg" => $ex->getMessage()); } } private static function payOrUnpay($pdo,$id,$value) { try { $pdo->beginTransaction(); $sql = "SELECT count(id) as countid FROM %bill% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($id)); if ($row->countid != 1) { $pdo->rollBack(); return array("status" => "ERROR","msg" => "Bill entry not found"); } else { $sql = "SELECT intguestid FROM %bill% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($id)); $cusid = $row->intguestid; $sql = "UPDATE %bill% SET intguestpaid=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($value,$id)); $pdo->commit(); return array("status" => "OK","cusid" => $cusid); } } catch (Exception $ex) { $pdo->rollBack(); return array("status" => "ERROR","msg" => $ex->getMessage()); } } private function pay($pdo,$id) { return (self::payOrUnpay($pdo, $id, 1)); } private function unpay($pdo,$id) { return (self::payOrUnpay($pdo, $id, null)); } private function printBill($pdo,$billid) { if(session_id() == '') { session_start(); } $printer = $_SESSION['receiptprinter']; // now get receipt info from bill table CommonUtils::log($pdo, "PRINTQUEUE", "Insert bill with id=$billid for printer=$printer into queue for customer."); $printInsertSql = "INSERT INTO `%printjobs%` (`id` , `content`,`type`,`printer`) VALUES ( NULL,?,?,?)"; CommonUtils::execSql($pdo, $printInsertSql, array((string)($billid),'3',$printer)); return array("status" => "OK"); } private function printallbills($pdo,$cusid) { $sql = "SELECT id FROM %bill% WHERE intguestid=?"; $result = CommonUtils::fetchSqlAll($pdo, $sql, array($cusid)); foreach($result as $aBill) { $this->printBill($pdo, $aBill["id"]); } return array("status" => "OK"); } private function payallbills($pdo,$cusid) { try { $pdo->beginTransaction(); $sql = "UPDATE %bill% SET intguestpaid=? WHERE intguestid=?"; CommonUtils::execSql($pdo, $sql, array(1,$cusid)); $pdo->commit(); return array("status" => "OK","cusid" => $cusid); } catch (Exception $ex) { $pdo->rollBack(); return array("status" => "ERROR","msg" => $ex->getMessage()); } } private function deleteCustomer($pdo,$id) { try { $sql = "SELECT count(id) as countid FROM %bill% WHERE intguestid=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($id)); if ($row->countid > 0) { return array("status" => "ERROR","msg" => "Der Gast hat zugewiesene Rechnungen"); } $pdo->beginTransaction(); $sql = "DELETE FROM %groupcustomer% WHERE customerid=?"; CommonUtils::execSql($pdo, $sql, array($id)); $sql = "DELETE FROM %vacations% WHERE customerid=?"; CommonUtils::execSql($pdo, $sql, array($id)); $sql = "DELETE FROM %customers% WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($id)); $pdo->commit(); return array("status" => "OK"); } catch (Exception $e) { $pdo->rollBack(); return array("status" => "ERROR","msg" => $e->getMessage()); } } private function getCustomersForReserv($pdo,$search) { if ($search == '') { return array("status" => "OK","msg" => array()); } $s = '%' . $search . '%'; try { $allcustomers = array(); $sql = "SELECT id,name,email,address,remark,phone,mobil FROM %customers% WHERE (name like ?) OR (mobil like ?) OR (phone like ?) ORDER BY name"; $result = CommonUtils::fetchSqlAll($pdo, $sql, array($s,$s,$s)); foreach($result as $aCustomer) { $id = $aCustomer["id"]; $name = $aCustomer["name"]; $email = $aCustomer["email"]; $phone = $aCustomer["phone"]; $mobil = $aCustomer["mobil"]; $finalPhone = ""; $summary = $aCustomer["name"]; if ($phone != "") { $summary .= " - " . $phone; $finalPhone = $phone; } if ($mobil != "") { $summary .= " - " . $mobil; $finalPhone = $mobil; } if ($email != "") { $summary .= " - " . $email; } $allcustomers[] = array("summary" => $summary,"id" => $id,"name" => $name,"email" => $email,"phone" => $finalPhone); } return array("status" => "OK","msg" => $allcustomers); } catch (Exception $ex) { return array("status" => "ERROR","msg" => $ex->getMessage()); } } private static function isCustomerPresent($pdo,$cusid,$date) { if ($date == '') { return true; } $sql = "SELECT count(id) as countid FROM %vacations% WHERE customerid=? AND (checkin is not null OR checkout is not null) AND (IFNULL(checkin,'$date') <= ? AND IFNULL(checkout,'$date') >= ?)"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($cusid,$date,$date)); if ($row->countid == 0) { return false; } else { return true; } } private function getCustomers($pdo,$search,$date,$onlyOpenBills) { $s = '%' . $search . '%'; try { $allcustomers = array(); //$sql = "SELECT id,name,email,address,remark,phone,mobil,www,IFNULL(checkin,'') as checkin,IFNULL(checkout,'') as checkout,IFNULL(room,'') as room,DATE_FORMAT(created,'%e %b %Y - %k:%i') as created,DATE_FORMAT(lastmodified,'%e %b %Y - %k:%i') as lastmodified FROM %customers% WHERE (name like ?) OR (email like ?) ORDER BY name"; $sql = "SELECT %customers%.id as id,name,email,address,remark,phone,mobil,www,DATE_FORMAT(created,'%e %b %Y - %k:%i') as created,DATE_FORMAT(lastmodified,'%e %b %Y - %k:%i') as lastmodified FROM %customers% WHERE (name like ?) OR (email like ?) ORDER BY name"; $result = CommonUtils::fetchSqlAll($pdo, $sql, array($s,$s)); foreach ($result as $aCustomer) { if (!self::isCustomerPresent($pdo,$aCustomer["id"],$date)) { continue; } $sql = "SELECT groupid,name FROM %groupcustomer%,%groups% WHERE groupid=%groups%.id AND customerid=? ORDER BY name"; $assgroups = CommonUtils::fetchSqlAll($pdo, $sql, array($aCustomer["id"])); if ($onlyOpenBills == 1) { $sql = "SELECT count(id) as countid FROM %bill% WHERE intguestid=? AND intguestpaid is null"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($aCustomer["id"])); if ($row->countid == 0) { continue; } } $sql = "SELECT SUM(brutto) as openbillsum FROM %bill% WHERE intguestid=? AND intguestpaid is null"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($aCustomer["id"])); $aCust = array("id" => $aCustomer["id"], "name" => $aCustomer["name"], "email" => $aCustomer["email"], "address" => $aCustomer["address"], "remark" => $aCustomer["remark"], "phone" => $aCustomer["phone"], "mobil" => $aCustomer["mobil"], "www" => $aCustomer["www"], "created" => $aCustomer["created"], "lastmodified" => $aCustomer["lastmodified"], "groups" => $assgroups, "openbillsum" => $row->openbillsum ); $allcustomers[] = $aCust; } return array("status" => "OK","msg" => $allcustomers); } catch (Exception $ex) { return array("status" => "ERROR","msg" => $ex->getMessage()); } } private function getVacations($pdo,$cusid) { $sql = "SELECT id,IFNULL(checkin,'') as checkin,IFNULL(checkout,'') as checkout,IFNULL(room,'') as room,IFNULL(remark,'') as remark FROM %vacations% WHERE customerid=?"; $result = CommonUtils::fetchSqlAll($pdo, $sql, array($cusid)); return array("status" => "OK","msg" => array("vacations" => $result,"cusid" => $cusid)); } private function getBills($pdo,$cusid) { $sql = "SELECT id,billdate,brutto,IFNULL(guestinfo,'') as guestinfo,IFNULL(intguestpaid,'0') as paid FROM %bill% WHERE intguestid=?"; $result = CommonUtils::fetchSqlAll($pdo, $sql, array($cusid)); return array("status" => "OK","msg" => array("bills" => $result,"cusid" => $cusid)); } private function getGroups($pdo,$search) { $s = '%' . $search . '%'; try { $sql = "SELECT id,name,remark,DATE_FORMAT(created,'%e %b %Y - %k:%i') as created FROM %groups% WHERE name like ? ORDER BY name"; $resultFiltered = CommonUtils::fetchSqlAll($pdo, $sql, array($s)); $resultFoundGroups = array(); foreach ($resultFiltered as $aFilteredGroup) { $groupid = $aFilteredGroup["id"]; $sql = "SELECT %customers%.name as name from %customers%,%groupcustomer% WHERE %groupcustomer%.groupid=? AND %groupcustomer%.customerid=%customers%.id ORDER by name"; $customersInGroup = CommonUtils::fetchSqlAll($pdo, $sql, array($groupid)); $resultFoundGroups[] = array( "id" => $groupid, "name" => $aFilteredGroup["name"], "remark" => $aFilteredGroup["remark"], "created" => $aFilteredGroup["created"], "customers" => $customersInGroup); } $sql = "SELECT id,name FROM %groups% ORDER BY name"; $resultAll = CommonUtils::fetchSqlAll($pdo, $sql, array($s)); $result = array("filtered" => $resultFoundGroups,"all" => $resultAll); return array("status" => "OK","msg" => $result); } catch (Exception $ex) { return array("status" => "ERROR","msg" => $ex->getMessage()); } } private function changeGroup($pdo,$id,$name,$remark) { try { $sql = "UPDATE %groups% SET name=?,remark=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($name,$remark,$id)); return array("status" => "OK"); } catch (Exception $e) { return array("status" => "ERROR","msg" => $e->getMessage()); } } private function deleteGroup($pdo,$id) { try { $sql = "DELETE FROM %groupcustomer% WHERE groupid=?"; CommonUtils::execSql($pdo, $sql, array($id)); $sql = "DELETE FROM %groups% WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($id)); return array("status" => "OK"); } catch (Exception $e) { return array("status" => "ERROR","msg" => $e->getMessage()); } } private function emailGroup($pdo,$grpid,$subject,$text) { $sql = "SELECT %customers%.name as name ,%customers%.email as email from %customers%,%groupcustomer% WHERE %groupcustomer%.groupid=? AND %groupcustomer%.customerid=%customers%.id ORDER by name"; $customersInGroup = CommonUtils::fetchSqlAll($pdo, $sql, array($grpid)); $emails = array(); foreach ($customersInGroup as $aCustomer) { $email = $aCustomer["email"]; if (!is_null($email)) { $email = trim($email); if ($email != '') { $emails[] = $email; } } } $ok = true; foreach($emails as $anEmail) { if (!Emailer::sendEmail($pdo, $text, $anEmail, $subject)) { $ok = false; } } if ($ok) { return array("status" => "OK"); } else { return array("status" => "ERROR","msg" => 'Not all emails could be sent'); } } }