dbutils = new DbUtils(); // $this->products = new Products(); --> endless loop! // $this->lastSettingOfDisplayMode = "all"; //error_reporting(E_ALL); } public static function setPluginConfig($plugins) { self::$plugins = $plugins; } function verifyLastBillId($pdo,$nextIdToUse) { if ($nextIdToUse == 1) { return true; } if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $nextIdToUse = intval($nextIdToUse); $sql = "SELECT value,signature FROM %work% WHERE item=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array("lastbillid")); $row =$stmt->fetchObject(); $lastBillid = intval($row->value); $lastBillInc = $lastBillid+1; $signature = base64_decode($row->signature); if ($lastBillInc != $nextIdToUse) { return false; } else { // test for correct signature $pubkeyid = $this->getCert($pdo); $ok = openssl_verify("B($lastBillid)", $signature, $pubkeyid); openssl_free_key($pubkeyid); if ($ok == 0) { return false; } else { // is id already used in bill table? $sql = "SELECT id FROM %bill% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($nextIdToUse)); if ($stmt->rowCount() > 0) { return false; } else { // is there a gap or does the previous id exist? $sql = "SELECT id FROM %bill% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($nextIdToUse - 1)); if ($stmt->rowCount() != 1) { return false; } else { return true; } } } } } function getPrivkey($pdo) { $privkey = $this->getKeyFromWorkTable($pdo, "privkey"); return(openssl_get_privatekey($privkey)); // private key } function getCert($pdo) { $pubKey = $this->getKeyFromWorkTable($pdo, "cert"); return(openssl_get_publickey($pubKey)); } function getKeyFromWorkTable($pdo,$key) { $sql = "SELECT signature FROM %work% WHERE item=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($key)); $row =$stmt->fetchObject(); return($row->signature); } function setLastBillIdInWorkTable($pdo,$lastBillId) { if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $pkeyid = $this->getPrivkey($pdo); openssl_sign("B($lastBillId)", $signature, $pkeyid); openssl_free_key($pkeyid); $sql = "UPDATE %work% SET value=?, signature=? WHERE item=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $signature = base64_encode($signature); $stmt->execute(array($lastBillId,$signature,"lastbillid")); } function verifyBill($pdo,$id) { if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $sql = "SELECT billdate,brutto,netto,userid,IF(tax is not null, tax, '0.00') as tax,signature FROM %bill% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($id)); $row = $stmt->fetchObject(); $billdate = $row->billdate; $brutto = $row->brutto; $netto = $row->netto; $tax = $row->tax; $userid = $row->userid; $signature = $row->signature; return($this->verifyBillByValues($pdo,$billdate, $brutto, $netto, $tax, $userid, $signature)); } function verifyBillByValues($pdo,$billdate,$brutto,$netto,$tax,$userid,$signature) { if (is_null($signature)) { return false; } if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $brutto = number_format($brutto, 2, ".", ''); $netto = number_format($netto, 2, ".", ''); $tax = number_format($tax, 2, ".", ''); $data = "D($billdate)B($brutto)N($netto)T($tax)U($userid)"; $pubkeyid = $this->getCert($pdo); $ok = openssl_verify($data, $signature, $pubkeyid); openssl_free_key($pubkeyid); if ($ok == 0) { return false; } else { return true; } } function calcSignatureForBill($pdo,$theTime,$brutto,$netto,$tax,$userid) { // now calculate the signature for the bill entry $bruttostr = number_format($brutto, 2, ".", ''); $nettostr = number_format($netto, 2, ".", ''); if (is_null($tax)) { $taxstr = "0.00"; } else { $taxstr = number_format($tax, 2, ".", ''); } $data = "D($theTime)B($bruttostr)N($nettostr)T($taxstr)U($userid)"; $pkeyid = $this->getPrivkey($pdo); openssl_sign($data, $signature, $pkeyid); openssl_free_key($pkeyid); return $signature; } function createGridTableWithSqrtSizeOfButtons ($inputArray) { // create a table that is optimal (sqrt-like size) $numberOfIcons = count($inputArray); if ($numberOfIcons == 0) { // no items to display return; } $numberOfCols = ceil(sqrt($numberOfIcons)); $porcentageWidth = floor(100/$numberOfCols); echo ''; $colcounter = 0; for ($index=0;$index<$numberOfIcons;$index++) { if ($colcounter == 0) { echo ""; } } echo ""; echo "
"; } $anEntry = $inputArray[$index]; $textOfButton = $anEntry["textOfButton"]; # $onClickMethod = $anEntry["onClickMethod"]; // With parameters! $button = ''; echo $button; $colcounter++; if ($colcounter == $numberOfCols) { $colcounter = 0; echo "
"; } function createGridTableWithSqrtSizeOfStyleButtons($inputArray) { $this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy'); } function getTableNameFromId($pdo,$tableid) { if (is_null($tableid) || ($tableid == 0)) { return "-"; // togo } $sql = "SELECT tableno FROM %resttables% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($tableid)); $row = $stmt->fetchObject(); return $row->tableno; } function getCurrentPriceLevel($pdo) { $sql = "SELECT setting FROM %config% WHERE name='pricelevel'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $row = $stmt->fetchObject(); $pricelevelid = $row->setting; $sql = "SELECT id,name FROM %pricelevel% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($pricelevelid)); $row = $stmt->fetchObject(); $pricelevelname = $row->name; return (array("id" => $pricelevelid, "name" => $pricelevelname)); } function createGridTableWithSqrtSizeOfStyleButtonsAndHeader ($inputArray,$headline,$headercolor) { // create a table that is optimal (sqrt-like size) $numberOfIcons = count($inputArray); if ($numberOfIcons == 0) { // no items to display return; } $numberOfCols = ceil(sqrt($numberOfIcons)); $porcentageWidth = floor(100.0/$numberOfCols); echo ''; // Headline if ($headline <> '') { echo ''; } $colcounter = 0; for ($index=0;$index<$numberOfIcons;$index++) { if ($colcounter == 0) { echo ""; } } echo ""; echo "
' . $headline . '
"; } $anEntry = $inputArray[$index]; $textOfButton = $anEntry["textOfButton"]; # $onClickMethod = $anEntry["onClickMethod"]; // With parameters! $style = $anEntry["style"]; $button = ''; echo $button; $colcounter++; if ($colcounter == $numberOfCols) { $colcounter = 0; echo "
"; } function getCurrency() { $pdo = $this->dbutils->openDbAndReturnPdo(); $sql = "SELECT setting from %config% where name='currency'"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $row =$stmt->fetchObject(); if ($row != null) { return $row->setting; } else { return "Euro"; } } public static function getRowSqlObject($pdo,$sql,$params) { $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); if (is_null($params)) { $stmt->execute(); } else { $stmt->execute($params); } return ($stmt->fetchObject()); } public static function execSql($pdo,$sql,$params) { $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); if (is_null($params)) { $stmt->execute(); } else { $stmt->execute($params); } } public static function getConfigValue($pdo,$item,$default) { $sql = "SELECT count(id) as countid FROM %config% WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($item)); $row =$stmt->fetchObject(); if ($row->countid == 0) { return $default; } else { return self::getExistingConfigValue($pdo, $item); } } public static function getExistingConfigValue($pdo,$item) { $sql = "SELECT setting FROM %config% WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($item)); $row = $stmt->fetchObject(); return $row->setting; } public static function callPlugin($pdo,$fct,$condition) { try { if (!is_null(self::$plugins)) { if (array_key_exists($fct,self::$plugins)) { $plugin = self::$plugins->$fct; if (($plugin->execution) === $condition) { $cls = $plugin->PluginClass; $fct=$plugin->PluginFct; $call = "Plugin\\$cls::$fct"; call_user_func($call,$pdo); return true; } } } } catch(Exception $e) { } return false; } public static function log($pdo,$component,$message) { date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); $sql = "INSERT INTO %log% (date,component,message) VALUES(?,?,?)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($currentTime,$component,$message)); } public static function getLog($pdo) { $sql = "SELECT date,component,message FROM %log%"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); $txt = ""; foreach ($result as $aLogLine) { $txt .= $aLogLine["date"] . ";" . $aLogLine["component"] . ";" . $aLogLine["message"] . "\n"; } return $txt; } public static function getLastLog($pdo) { $sql = "SELECT date,component,message FROM %log% WHERE DATE_SUB(NOW(),INTERVAL 2 HOUR) <= date"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); $txt = ""; foreach ($result as $aLogLine) { $txt .= $aLogLine["date"] . ";" . $aLogLine["component"] . ";" . $aLogLine["message"] . "\n"; } return $txt; } public static function keepOnlyLastLog($pdo) { $sql = "DELETE FROM %log% WHERE DATE_SUB(NOW(),INTERVAL 2 HOUR) > date"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } } ?>