dbutils = new DbUtils(); $this->userrights = new Userrights(); $this->histfiller = new HistFiller(); } function handleCommand($command) { // these command are only allowed for user with manager or admin rights $cmdArray = array('createNewUser', 'updateUser', 'deleteUser','changepassword' , 'changeConfig', 'readlogo','deletelogo'); if (in_array($command, $cmdArray)) { if (!($this->userrights->hasCurrentUserRight('right_manager')) && !($this->userrights->hasCurrentUserRight('is_admin'))) { echo "Benutzerrechte nicht ausreichend!"; return false; } } if ($command == 'tryAuthenticate') { $this->tryAuthenticate($_POST['userid'],$_POST['password'],$_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute'],$_POST["time"]); } else if ($command == 'setLastModuleOfUser') { $this->setLastModuleOfUser($_POST['view']); } else if ($command == 'getViewAfterLogin') { $this->getViewAfterLogin(); } else if ($command == 'isUserAlreadyLoggedIn') { $this->isUserAlreadyLoggedIn(); } else if ($command == 'logout') { $this->logout(); } else if ($command == 'getCurrentUser') { $this->getCurrentUser(); } else if ($command == 'isLoggedinUserAdmin') { $this->isLoggedinUserAdmin(); } else if ($command == 'isLoggedinUserKitchen') { $this->isLoggedinUserKitchen(); } else if ($command == 'isLoggedinUserBar') { $this->isLoggedinUserBar(); } else if ($command == 'isLoggedinUserAdminOrManager') { $this->isLoggedinUserAdminOrManager(); } else if ($command == 'hasUserPaydeskRight') { $this->hasUserPaydeskRight(); } else if ($command == 'getJsonMenuItemsAndVersion') { $this->getJsonMenuItemsAndVersion(); } else if ($command == 'getUserList') { $this->getUserList(); } else if ($command == 'setTime') { $this->setTime($_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute']); } else if ($command == 'createNewUser') { $this->createNewUser( $_POST['username'], $_POST['password'], $_POST['isAdmin'], $_POST['rWaiter'], $_POST['rKitchen'], $_POST['rBar'], $_POST['rSupply'], $_POST['rPayDesk'], $_POST['rStat'], $_POST['rBill'], $_POST['rProducts'], $_POST['rReservation'], $_POST['rRating'], $_POST['rChangeprice'], $_POST['rManager'] ); } else if ($command == 'updateUser') { $this->updateUser( $_POST['userid'], $_POST['isAdmin'], $_POST['rWaiter'], $_POST['rKitchen'], $_POST['rBar'], $_POST['rSupply'], $_POST['rPayDesk'], $_POST['rStat'], $_POST['rBill'], $_POST['rProducts'], $_POST['rReservation'], $_POST['rRating'], $_POST['rChangeprice'], $_POST['rManager'] ); } else if ($command == 'deleteUser') { $this->deleteUser($_POST['userid']); } else if ($command == 'changepassword') { $this->changepassword($_POST['userid'],$_POST['password']); } else if ($command == 'changeOwnPassword') { $this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']); } else if ($command == 'setUserLanguage') { $this->setUserLanguage($_POST['language']); } else if ($command == 'setUserReceiptPrinter') { $this->setUserReceiptPrinter($_POST['printer']); } else if ($command == 'setBtnSize') { $this->setBtnSize($_POST['btn'],$_POST['size']); } else if ($command == 'changeConfig') { $this->changeConfig($_POST['changed']); } else if ($command == 'readlogo') { $this->readlogo(); } else if ($command == 'deletelogo') { $this->deletelogo(); } else if ($command == 'getGeneralConfigItems') { $this->getGeneralConfigItems(true,null); } else if ($command == 'getWaiterSettings') { $this->getWaiterSettings(); // from here on admin rights are needed } else if ($command == 'getPayPrintType') { $this->getPayPrintType(); } else if ($command == 'getPayments') { $this->getPayments(); } else if (($command == 'new') || ($command == 'shutdown') || ($command == 'backup') || ($command == 'restore') || ($command == 'drop') || ($command == 'fill') || ($command == 'fillSampleProdType') || ($command == 'fillSpeisekarte') || ($command == 'assignTaxes')) { if ($this->isCurrentUserAdmin()) { if ($command == 'fill') { $this->fillSampleContent(); echo json_encode(array("status" => "OK")); } else if ($command == 'fillSampleProdType') { $this->fillSampleProdType("samples/speisekarte.txt"); echo json_encode(array("status" => "OK")); } else if ($command == 'fillSpeisekarte') { $this->fillSpeisekarte($_POST['speisekarte']); } else if ($command == 'backup') { $this->backup($_GET['type']); return; } else if ($command == 'restore') { $this->restore(); return; } else if ($command == 'shutdown') { $this->shutdown(); return; } else if ($command == 'assignTaxes') { $this->assignTaxes($_POST['food'],$_POST['drinks']); return; } } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); } // end area for admins } else if ($command == 'exportConfigCsv') { if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) { $this->exportConfigCsv(); } } else if ($command == 'exportUserCsv') { if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) { $this->exportUserCsv(); } } else if ($command == 'setOrderVolume') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setOrderVolume($_POST['volume']); } } else if ($command == 'setPreferTableMap') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setPreferTableMap($_POST['prefertablemap']); } } else if ($command == 'setKeepTypeLevel') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setKeepTypeLevel($_POST['keeptypelevel']); } } else if ($command == 'setApplyExtrasBtnPos') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setExtrasApplyBtnPos($_POST['applyextrasbtnpos']); } } else if ($command == 'getOrderVolume') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getOrderVolume(); } } else if ($command == 'getButtonSizes') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getButtonSizes(); } } else if ($command == 'getPreferTableMap') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getPreferTableMap(); } } else if ($command == 'getKeepTypeLevel') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getKeepTypeLevel(); } } else if ($command == 'getApplyExtrasBtnPos') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getApplyExtrasBtnPos(); } } else if ($command == 'isInstalled') { $this->isInstalled(); } else { echo "Command not supported."; } } /*** * Is the installation already done? Or was the html/php code overwritten, i.e. a new or updated version to install? */ private function isInstalled() { if(defined('INSTALLSTATUS')){ if (INSTALLSTATUS == 'new') { echo json_encode("No"); } else { echo json_encode("Yes"); } } else { // not defined -> it must be version 1.0.3 or lower --> since this is file of 1.0.4: not installed... echo json_encode("No"); } } function isUserAlreadyLoggedInForPhp() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { return false; } else { return true; } } function isUserAlreadyLoggedIn() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in echo json_encode("NO"); } else { echo json_encode("YES"); } } function logout() { if(session_id() == '') { session_start(); session_destroy(); } echo json_encode("OK"); } static function isOnlyRatingUser($rightArr,$right_rating,$comparisonVal) { foreach($rightArr as $aRight) { if ($aRight == $comparisonVal) { return false; } } if ($right_rating == $comparisonVal) { return true; } else { return false; } } // for the login mask - if user is authenticated then the first page works different function tryAuthenticate($userid,$password,$day,$month,$year,$hour,$minute,$unixtime) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $authenticated = false; $sql = "SELECT * FROM %user% WHERE id=? AND active='1'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $result = $stmt->fetchAll(); $numberOfEntries = count($result); if ($numberOfEntries == 1) { $zeile = $result[0]; $pass_hash = $zeile['userpassword']; if ($zeile['is_admin'] == 0) { // authentication-check } // password_verify requires PHP > 5.5, so let's use MD5 instead // (it is no banking software...) if (md5($password) == $pass_hash) { $authenticated = true; } } if ($authenticated) { date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $serverDay = $now["mday"]; $serverMonth = $now["mon"]; $serverYear = $now["year"]; $serverHour = $now["hours"]; $serverMinute = $now["minutes"]; $serverTime = $now["0"]; $timeDiff = 0; if (abs($serverTime - $unixtime) > (60*60*2)) { $timeDiff = 1; } ini_set('session.gc_maxlifetime',65535); session_set_cookie_params(65535); if(session_id() == '') { session_start(); } $username = $zeile["username"]; $_SESSION['angemeldet'] = true; // now read the rights of the user $_SESSION['userid'] = $zeile['id']; $_SESSION['currentuser'] = $username; $workflow = $this->getConfigItemsAsString($pdo, "workflowconfig"); $rights = array($zeile['is_admin'],$zeile['right_waiter'],$zeile['right_kitchen'], $zeile['right_bar'],$zeile['right_supply'],$zeile['right_paydesk'], $zeile['right_statistics'],$zeile['right_bill'],$zeile['right_products'], $zeile['right_reservation'],$zeile['right_changeprice'],$zeile['right_manager']); $right_rating = $zeile['right_rating']; if (self::isOnlyRatingUser($rights,$right_rating, 1)) { $_SESSION['right_rating'] = true; $_SESSION['is_admin'] = false; $_SESSION['right_waiter'] = false; $_SESSION['right_kitchen'] = false; $_SESSION['right_bar'] = false; $_SESSION['right_supply'] = false; $_SESSION['right_paydesk'] = false; $_SESSION['right_statistics'] = false; $_SESSION['right_bill'] = false; $_SESSION['right_products'] = false; $_SESSION['right_reservation'] = false; $_SESSION['right_changeprice'] = false; $_SESSION['right_manager'] = false; $_SESSION['keeptypelevel'] = false; } else { $_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false); $_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false); if ($workflow == 2) { $_SESSION['right_kitchen'] = false; $_SESSION['right_bar'] = false; $_SESSION['right_supply'] = false; } else { $_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false); $_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false); $_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false); } $_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false); $_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false); $_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false); $_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false); $_SESSION['right_reservation'] = ($zeile['right_reservation'] == 1 ? true : false); $_SESSION['right_rating'] = ($zeile['right_rating'] == 1 ? true : false); $_SESSION['right_changeprice'] = ($zeile['right_changeprice'] == 1 ? true : false); $_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false); $_SESSION['keeptypelevel'] = ($zeile['keeptypelevel'] == 1 ? true : false); } $this->userrights->setSession($_SESSION['is_admin'], $_SESSION['right_waiter'], $_SESSION['right_kitchen'], $_SESSION['right_bar'], $_SESSION['right_supply'], $_SESSION['right_paydesk'], $_SESSION['right_statistics'], $_SESSION['right_bill'], $_SESSION['right_products'], $_SESSION['right_reservation'], $_SESSION['right_rating'], $_SESSION['right_changeprice'], $_SESSION['right_manager']); $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $_SESSION["roombtnsize"] = $zeile['roombtnsize']; $_SESSION["tablebtnsize"] = $zeile['tablebtnsize']; $_SESSION["prodbtnsize"] = $zeile['prodbtnsize']; $language = $zeile['language']; if (is_null($language)) { $language = 0; } $_SESSION['language'] = intval($language); $receiptprinter = $zeile['receiptprinter']; if (is_null($receiptprinter)) { $receiptprinter = 1; } $_SESSION['receiptprinter'] = intval($receiptprinter); $preferTm = $zeile['prefertablemap']; if (is_null($preferTm)) { $preferTm = 1; } $_SESSION['prefertm'] = intval($preferTm); $pdo = DbUtils::openDbAndReturnPdoStatic(); $_SESSION['timezone'] = $this->getTimeZone($pdo); } if ($authenticated) { Logger::logcmd("admin","authentication","Login $username successful"); $loginMessage = $this->getMessage(null,'loginmessage'); echo json_encode(array("status" => "YES","loginmessage" => $loginMessage, "timediff" => $timeDiff, "isadmin" => $zeile['is_admin'],"lang" => $_SESSION["language"])); } else { Logger::logcmd("admin","authentication","Login with id $userid failed"); echo json_encode(array("status" => "NO")); } } private function getMessage($pdo,$messageType) { if (is_null($pdo)) { $pdo = DbUtils::openDbAndReturnPdoStatic(); } $sql = "SELECT value FROM %work% WHERE item=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($messageType)); $row = $stmt->fetchObject(); $msg = ""; if ($stmt->rowCount() > 0) { $msg = $row->value; } return $msg; } function getButtonSizes() { $pdo = DbUtils::openDbAndReturnPdoStatic(); echo json_encode(self::getButtonSizesCore($pdo)); } private static function getButtonSizesCore($pdo) { $userid = $_SESSION['userid']; $sql = "SELECT roombtnsize,tablebtnsize,prodbtnsize FROM %user% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $row =$stmt->fetchObject(); $roombtnsize = $row->roombtnsize; if (is_null($roombtnsize)) { $roombtnsize = 0; } $tablebtnsize = $row->tablebtnsize; if (is_null($tablebtnsize)) { $tablebtnsize = 0; } $prodbtnsize = $row->prodbtnsize; if (is_null($prodbtnsize)) { $prodbtnsize = 0; } return(array("roombtnsize" => $roombtnsize,"tablebtnsize" => $tablebtnsize,"prodbtnsize" => $prodbtnsize)); } private static function getUserValue($item,$defaultvalue) { $userid = $_SESSION['userid']; $sql = "SELECT $item AS result FROM %user% WHERE id=?"; $pdo = DbUtils::openDbAndReturnPdoStatic(); $stmt = $pdo->prepare(Dbutils::substTableAlias($sql)); $stmt->execute(array($userid)); if ($stmt->rowCount() == 0) { return $defaultvalue; } $row = $stmt->fetchObject(); $aVal = 0; if ($row != null) { $aVal = $row->result; if ($aVal == null) { $aVal = $defaultvalue; } } echo json_encode($aVal); } function getPreferTableMap() { self::getUserValue('prefertablemap',1); } function getKeepTypeLevel() { self::getUserValue('keeptypelevel',1); } function getApplyExtrasBtnPos() { self::getUserValue('extrasapplybtnpos', 1); } function getOrderVolume() { self::getUserValue('ordervolume',0); } private static function setUserValue($item,$theValue) { $userid = $_SESSION['userid']; $sql = "UPDATE %user% SET $item=? WHERE id=?"; $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theValue,$userid)); $pdo->commit(); echo json_encode(array("status" => "OK")); } function setOrderVolume($volume) { self::setUserValue('ordervolume', $volume); } function setPreferTableMap($preferValue) { self::setUserValue('prefertablemap',$preferValue); } function setKeepTypeLevel($preferValue) { self::setUserValue('keeptypelevel',$preferValue); } function setExtrasApplyBtnPos($preferValue) { self::setUserValue('extrasapplybtnpos',$preferValue); } function setLastModuleOfUser($view) { if ($this->isUserAlreadyLoggedInForPhp()) { if ($view != "logout.php") { $userid = $_SESSION['userid']; $questPos = strpos($view,'?'); if ($questPos != false) { $view = substr($view,0,$questPos); } $sql = "UPDATE %user% SET lastmodule=? WHERE id=? AND active='1'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($view,$userid)); } echo json_encode(array("status" => "OK")); } } public function getConfigItemsAsString($pdo,$key) { $sql = "SELECT setting FROM %config% WHERE name=?"; if (is_null($pdo)) { return ""; } $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($key)); $row = $stmt->fetchObject(); if ($stmt->rowCount() == 0) { return ""; } $theValue = $row->setting; if (is_null($theValue)) { return ""; } else { return $theValue; } } public static function overruleTimeZone($timezone) { self::$timezone = $timezone; DbUtils::overruleTimeZone($timezone); } public function getTimeZone($pdo) { if (is_null(self::$timezone)) { $timezone = $this->getConfigItemsAsString($pdo, "timezone"); if ($timezone == "") { $timezone = "Europe/Berlin"; } return $timezone; } else { return self::$timezone; } } public function getEnv($pdo) { $installdate = $this->getConfigItemsAsString($pdo, "installdate"); $lastupdate = $this->getConfigItemsAsString($pdo, "lastupdate"); $version = $this->getConfigItemsAsString($pdo, "version"); return(array("version" => $version, "installdate" => $installdate, "lastupdate" => $lastupdate)); } private function getWaiterSettings() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $userLoggedIn = $this->isUserAlreadyLoggedInForPhp(); if (!$userLoggedIn) { $retVal = array("isUserLoggedIn" => 0); echo json_encode($retVal); return; } $configItems = join(",",array("'decpoint'","'version'","'cancelunpaidcode'","'tax'","'togotax'","'currency'","'workflowconfig'","'prominentsearch'")); $sql = "select name,setting FROM %config% WHERE name in ($configItems)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $configitems = $stmt->fetchAll(); $configresult = array(); foreach($configitems as $item) { $configresult[$item["name"]] = $item["setting"]; } $userlang = 0; $right_changeprice = 0; $supplyRight = 0; if ($userLoggedIn) { $sql = "SELECT language,right_supply,right_changeprice,keeptypelevel,extrasapplybtnpos FROM %user% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($_SESSION['userid'])); $row = $stmt->fetchObject(); } $buttonSizes = self::getButtonSizesCore($pdo); $jsonMenuItems = $this->getJsonMenuItemsAndVersionCore(); $retVal = array("config" => $configresult, "rightchangeprice" => $row->right_changeprice, "supplyright" => $row->right_supply, "userlanguage" => $row->language, "buttonsizes" => $buttonSizes, "keeptypelevel" => $row->keeptypelevel, "extrasapplybtnpos" => $row->extrasapplybtnpos, "isUserLoggedIn" => 1, "jsonMenuItemsAndVersion" => $jsonMenuItems ); echo json_encode($retVal); } public function getGeneralConfigItems($forHtml,$pdo) { $userLoggedIn = $this->isUserAlreadyLoggedInForPhp(); if ($userLoggedIn || (!$forHtml)) { $sql = "SELECT count(id) as number,setting FROM %config% WHERE name=?"; if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array("companyinfo")); $row = $stmt->fetchObject(); $companyInfo = $row->setting; $stmt->execute(array("decpoint")); $row = $stmt->fetchObject(); $decpoint = $row->setting; $stmt->execute(array("version")); $row = $stmt->fetchObject(); $version = $row->setting; $stmt->execute(array("payprinttype")); $row = $stmt->fetchObject(); $payprinttype = $row->setting; $stmt->execute(array("cancelunpaidcode")); $row = $stmt->fetchObject(); $cancelunpaidcode = $row->setting; $stmt->execute(array("tax")); $row = $stmt->fetchObject(); $tax = $row->setting; $stmt->execute(array("togotax")); $row = $stmt->fetchObject(); $togotax = $row->setting; $stmt->execute(array("serverurl")); $row = $stmt->fetchObject(); $serverurl = $row->setting; $stmt->execute(array("email")); $row = $stmt->fetchObject(); $email = $row->setting; $stmt->execute(array("bigfontworkreceipt")); $row = $stmt->fetchObject(); $bigfontworkreceipt = $row->setting; $stmt->execute(array("prominentsearch")); $row = $stmt->fetchObject(); $prominentsearch = $row->setting; $stmt->execute(array("groupworkitems")); $row = $stmt->fetchObject(); $groupworkitems = $row->setting; if (is_null($groupworkitems)) { $groupworkitems = 1; } // for update reasons check for null $stmt->execute(array("receiveremail")); $row = $stmt->fetchObject(); $receiveremail = ""; if (!is_null($row)) { $receiveremail = $row->setting; } set_error_handler(function() { /* ignore errors */ }); try { $stmt->execute(array("emailbadrating")); $row = $stmt->fetchObject(); $emailbadrating = ""; if (!is_null($row)) { $emailbadrating = $row->setting; } } catch (Exception $e) { // in previous version this was not configurable $emailbadrating = ""; } try { $stmt->execute(array("emailratingcontact")); $row = $stmt->fetchObject(); $emailratingcontact = ""; if (!is_null($row)) { $emailratingcontact = $row->setting; } } catch (Exception $e) { // in previous version this was not configurable $emailratingcontact = ""; } restore_error_handler(); $stmt->execute(array("billlanguage")); $row = $stmt->fetchObject(); $billlanguage = $row->setting; $stmt->execute(array("currency")); $row = $stmt->fetchObject(); $currency = $row->setting; $stmt->execute(array("receiptfontsize")); $row = $stmt->fetchObject(); $receiptfontsize = $row->setting; $stmt->execute(array("reservationnote")); $row = $stmt->fetchObject(); $reservationnote = $row->setting; set_error_handler(function() { /* ignore errors */ }); $paymentconfig = $this->getConfigItemOrDefault("paymentconfig", $stmt, 0); $workflowconfig = $this->getConfigItemOrDefault("workflowconfig", $stmt, 0); $smtphost = ""; $smtpauth = 1; $smtpuser = ""; $smtppass = ""; $smtpsecure = 1; $smtpport = ""; if ($_SESSION['is_admin'] || $_SESSION['right_manager']) { $smtphost = $this->getConfigItemOrDefault("smtphost",$stmt,""); $smtpauth = $this->getConfigItemOrDefault("smtpauth",$stmt,1); $smtpuser = $this->getConfigItemOrDefault("smtpuser",$stmt,""); $smtppass = $this->getConfigItemOrDefault("smtppass",$stmt,""); $smtpsecure = $this->getConfigItemOrDefault("smtpsecure",$stmt,1); $smtpport = $this->getConfigItemOrDefault("smtpport",$stmt,""); } $webimpressum = $this->getConfigItemOrDefault("webimpressum",$stmt,""); restore_error_handler(); $userlang = 0; // of no interest, if not called from web $receiptprinter = 1; // of no interest, if not called from web $right_changeprice = 0; if ($userLoggedIn) { $userlang = $_SESSION["language"]; $receiptprinter = $_SESSION['receiptprinter']; $right_changeprice = ($_SESSION['right_changeprice'] ? 1 : 0); } date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $retVal = array("companyinfo" => $companyInfo, "version" => $version, "decpoint" => $decpoint, "serverurl" => $serverurl, "email" => $email, "receiveremail" => $receiveremail, "billlanguage" => $billlanguage, "payprinttype" => $payprinttype, "tax" => $tax, "togotax" => $togotax, "currency" => $currency, "userlanguage" => $userlang, "receiptprinter" => $receiptprinter, "receiptfontsize" => $receiptfontsize, "reservationnote" => $reservationnote, "paymentconfig" => $paymentconfig, "workflowconfig" => $workflowconfig, "emailratingcontact" => $emailratingcontact,"emailbadrating" => $emailbadrating, "rightchangeprice" => $right_changeprice, "bigfontworkreceipt" => $bigfontworkreceipt, "prominentsearch" => $prominentsearch,"groupworkitems" => $groupworkitems, "sday" => $now["mday"],"smonth" => $now["mon"], "syear" => $now["year"], "shour" => $now["hours"], "smin" => $now["minutes"], "smtphost" => $smtphost,"smtpauth" => $smtpauth,"smtpuser" => $smtpuser,"smtppass" => $smtppass,"smtpsecure" => $smtpsecure,"smtpport" => $smtpport, "webimpressum" => $webimpressum, "cancelunpaidcode" => $cancelunpaidcode); if ($forHtml) { echo json_encode(array("status" => "OK", "msg" => $retVal)); } else { return $retVal; } } else { if ($forHtml) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); } else { return null; } } } function getConfigItemOrDefault($item,$stmt,$default) { try { $stmt->execute(array($item)); $row = $stmt->fetchObject(); $ret = $default; if ($row) { if (($row->number) > 0) { $ret = $row->setting; } else { $ret = $default; } } } catch (Exception $e) { $ret = $default; } return $ret; } function getViewAfterLogin() { if ($this->isUserAlreadyLoggedInForPhp()) { $userid = $_SESSION['userid']; $rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'], $_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'], $_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'], $_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_manager']); $right_rating = $_SESSION['right_rating']; if (self::isOnlyRatingUser($rights, $right_rating, true)) { // rating user always goes into that view - important setting after creation of user echo json_encode("rating.html"); return; } $sql = "SELECT lastmodule FROM %user% WHERE id=? AND active='1'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($userid)); $row =$stmt->fetchObject(); $view = "preferences.html"; if ($row != null) { $newView = $row->lastmodule; if ($newView != null) { $view = $newView; } } // test if user has still the right to go into that view $mapping = array ( "waiter.html" => 'right_waiter', "kitchen.html" => 'right_kitchen', "bar.html" => 'right_bar', "supplydesk.html" => 'right_supply', "paydesk.html" => 'right_paydesk', "reports.html" => 'right_statistics', "bill.html" => 'right_bill', "products.html" => 'right_products', "reservation.html" => 'right_reservation', "rating.html" => 'right_rating' ); $valid = false; if (($view == 'preferences.html') || ($view == 'feedback.html')) { // always ok $valid = true; } else if ($view == 'manager.html') { if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1)) { $valid = true; } } else { if (($view == "index.html") || ($_SESSION[$mapping[$view]] == 1)) { $valid = true; } } if ($valid == false) { $view = "preferences.html"; } echo json_encode($view); } } // for client request function isLoggedinUserAdmin() { if ($this->isCurrentUserAdmin()) { echo json_encode(YES); } else { echo json_encode(NO); } } function isLoggedinUserAdminOrManager() { if ($this->hasCurrentUserRight('is_admin') || $this->hasCurrentUserRight('right_manager')) { echo json_encode(YES); } else { echo json_encode(NO); } } function isLoggedinUserKitchen() { if ($this->hasCurrentUserRight('right_kitchen')) { echo json_encode(YES); } else { echo json_encode(NO); } } function isLoggedinUserBar() { if ($this->hasCurrentUserRight('right_bar')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasUserPaydeskRight() { if ($this->hasCurrentUserRight('right_paydesk')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasUserReservationRight() { if ($this->hasCurrentUserRight('right_reservation')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasCurrentUserRight($whichRight) { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in return false; } else { return ($_SESSION[$whichRight]); } } // for internal request function isCurrentUserAdmin() { return $this->hasCurrentUserRight('is_admin'); } function fillSampleContentBySqlFile($pdo,$sqlFile) { $handle = fopen ($sqlFile, "r"); while (!feof($handle)) { $sql = fgets($handle); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } fclose ($handle); } private function fillSampleProdType($fileName) { $speisekartenHandler = new TypeAndProductFileManager(); $speisekartenHandler->manageSpeisekarteFile($fileName); $this->histfiller->readProdTableAndSendToHist(); } private function assignTaxes($foodTax,$drinksTax) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); try { if ($foodTax < 0) { $foodTax = null; } else { $foodTax = str_replace(",",".",$foodTax); } if ($drinksTax < 0) { $drinksTax = null; } else { $drinksTax = str_replace(",",".",$drinksTax); } $sql = "UPDATE %products%,%prodtype% SET %products%.tax=? WHERE %products%.category=%prodtype%.id AND %prodtype%.kind=? AND %products%.removed is null AND %prodtype%.removed is null"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($foodTax,0)); $stmt->execute(array($drinksTax,1)); $this->histfiller->readAllProdsAndFillHistByDb($pdo); $pdo->commit(); echo json_encode (array("status" => "OK")); } catch (Exception $e) { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => NUMBERFORMAT_ERROR, "msg" => NUMBERFORMAT_ERROR_MSG)); } } private function fillSpeisekarte($speisekarte) { $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); $ret = $this->fillSpeisekarteCore($pdo,$speisekarte); if ($ret["status"] != "OK") { $pdo->rollBack(); } else { $pdo->commit(); } echo json_encode($ret); } public function fillSpeisekarteCore($pdo,$speisekarte) { $sql = "DELETE FROM %extrasprods%"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $speisekartenHandler = new TypeAndProductFileManager(); $ret = $speisekartenHandler->manageSpeisekarte($pdo,$speisekarte); if ($ret["status"] == "OK") { $sorter = new Sorter(); $sorter->initSortCurrentProductTable($pdo); } return $ret; } private function fillSampleContent() { $pdo = DbUtils::openDbAndReturnPdoStatic(); // first remove previous content, then fill the SQL file $sql = "DELETE FROM `%queue%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt"); $sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $sql = "DELETE FROM `%histuser%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $sql = "DELETE FROM `%user%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt"); $this->histfiller->readUserTableAndSendToHist($pdo); } function getJsonMenuItemsAndVersion() { echo json_encode($this->getJsonMenuItemsAndVersionCore()); } /* * Return all the entries for the main menu (the modules) */ private function getJsonMenuItemsAndVersionCore() { if(session_id() == '') { session_start(); } $mainMenu = array(); $currentUser = ""; $waiterMessage = ""; $loggedIn = true; if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in $mainMenu[] = array("name" => "Startseite", "link" => "index.html"); $loggedIn = false; } else { $lang = $_SESSION['language']; $kitchentxt = array("Küche","Kitchen","Cocina"); $waitertxt = array("Kellner","Waiter","Camarero"); $paydesktxt = array("Kasse","Paydesk","Caja"); $settingtxt = array("Einstellungen","Preferences","Propriedades"); $admintxt = array("Verwaltung","Administration","Administrar"); $supplytxt = array("Bereitstellung","Supply desk","Preparado"); $prodtxt = array("Angebot","Products","Productos"); $restxt = array("Reservierung","Reservation","Reserva"); $bontxt = array("Kassenbons","Receipts","Tiques"); $stattxt = array("Statistik","Statistics","Estadisticas"); $ratingtxt = array("Bewertung","Rating","Valoración"); $logout = array("Abmelden","Log out","Adios"); $rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'], $_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'], $_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'], $_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_manager']); $right_rating = $_SESSION['right_rating']; if (!self::isOnlyRatingUser($rights, $right_rating, true)) { if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.11"); }; if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.11"); }; if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.11"); }; if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.11"); }; if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); }; if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.11"); }; if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.11"); }; if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.11"); }; if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.11"); }; if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.11"); }; if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.11"); }; $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.11"); $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.11"); } $mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php"); $currentUser = $_SESSION['currentuser']; $waiterMessage = $this->getMessage(null, "waitermessage"); } // CAUTION: change version also in config.txt!!! $mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.11", "user" => $currentUser, "menu" => $mainMenu, "waitermessage" => $waiterMessage, "loggedin" => ($loggedIn ? 1:0) ); return($mainMenuAndVersion); } function getUserList() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); echo json_encode($result); } function setTime($day,$month,$year,$hour,$min) { if (!($this->userrights->hasCurrentUserRight('is_admin'))) { echo json_encode (array("status" => "ERROR","msg" => "Benutzerrechte nicht ausreichend!")); return false; } else { $txt = sprintf("%02d", $month) . sprintf("%02d", $day) . sprintf("%02d", $hour) . sprintf("%02d", $min) . $year = substr($year, -2);; try { if (substr(php_uname(), 0, 7) == "Windows"){ echo json_encode (array("status" => "ERROR","msg" => "Zeit auf Windows-Server kann nicht gesetzt werden!")); return false; } else { $cmd = "date \"$txt\""; shell_exec($cmd . " > /dev/null &"); } } catch(Exception $e) { echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG)); } $this->getGeneralConfigItems(true,null); } } function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($username)); $row = $stmt->fetchObject(); if ($row->countid > 0) { echo json_encode("exists"); return; } else { // create the new user if(session_id() == '') { session_start(); } $lang = $_SESSION['language']; if ($isAdmin && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); return; } else { // instead if password_hash (PHP > 5.5) use MD5... $password_hash = md5($password); $userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`extrasapplybtnpos`,`active`) VALUES ("; $userInsertSql .= " NULL, ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql)); $stmt->execute(array($username,$password_hash,$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager,$lang,1,1,1,1,1)); $lastId = $pdo->lastInsertId(); echo json_encode("OK"); } } // now this has to be logged in the history tables... $this->histfiller->createUserInHist($pdo,$lastId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager); } function getPayPrintType() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->sendJsonValueFromConfigTable($pdo,'payprinttype'); } function getPayments() { if(session_id() == '') { session_start(); } $pdo = $this->dbutils->openDbAndReturnPdo(); $lang = $_SESSION['language']; $sql = "SELECT id,name FROM %payment%"; if ($lang == 1) { $sql = "SELECT id,name_en as name FROM %payment%"; } else if ($lang == 2) { $sql = "SELECT id,name_esp as name FROM %payment%"; } $stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt_query->execute(); $result = $stmt_query->fetchAll(); $retArray = array(); foreach($result as $row) { $entry = array("id"=> $row['id'], "name" => $row['name']); $retArray[] = $entry; } echo json_encode($retArray); } function sendJsonValueFromConfigTable($pdo,$whichValue) { $theVal = $this->getValueFromConfigTable($pdo,$whichValue); if ($theVal == null) { echo json_encode(""); } else { echo json_encode($theVal); } } function getValueFromConfigTable($pdo,$whichValue) { $sql = "SELECT count(id) as countid,setting FROM %config% WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($whichValue)); $row = $stmt->fetchObject(); $numberOfEntries = $row->countid; $theValue = null; if ($numberOfEntries == 1) { $theValue = $row->setting; } return $theValue; } private function deletelogo() { $pdo = $this->dbutils->openDbAndReturnPdo(); $this->changeOneConfigDbItem($pdo, "logoimg", null,"%logo%",false); echo json_encode("OK"); } private function readlogo() { if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if(!file_exists($_FILES['logofile']['tmp_name']) || !is_uploaded_file($_FILES['logofile']['tmp_name'])) { header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben."); exit(); } $content = file_get_contents($_FILES['logofile']['tmp_name']); if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if (strlen($content) > 65535) { header("Location: ../infopage.html?e=manager.html=Logobild_muss_kleiner_als_64_Kilobytes_sein!"); exit(); } $pdo = $this->dbutils->openDbAndReturnPdo(); $this->changeOneConfigDbItem($pdo, "logoimg", $content,"%logo%",false); header("Location: ../infopage.html?i=manager.html=Import_war_erfolgreich."); /* Browser umleiten */ exit; } function changeConfig($changedValues) { $pdo = $this->dbutils->openDbAndReturnPdo(); $assoc_vals = array( "usstval" => array("dbcol" => "tax","checknum" => 1), "togotaxval" => array("dbcol" => "togotax","checknum" => 1), "stornocode" => array("dbcol" => "stornocode","checknum" => 0), "printpass" => array("dbcol" => "printpass","checknum" => 0), "companyinfo" => array("dbcol" => "companyinfo","checknum" => 0), "serverUrl" => array("dbcol" => "serverurl","checknum" => 0), "email" => array("dbcol" => "email","checknum" => 0), "emailbadrating" => array("dbcol" => "emailbadrating","checknum" => 0), "emailratingcontact" => array("dbcol" => "emailratingcontact","checknum" => 0), "receiveremail" => array("dbcol" => "receiveremail","checknum" => 0), "payprinttype" => array("dbcol" => "payprinttype","checknum" => 0), "paymentconfig" => array("dbcol" => "paymentconfig","checknum" => 0), "bigfontworkreceipt" => array("dbcol" => "bigfontworkreceipt","checknum" => 0), "prominentsearch" => array("dbcol" => "prominentsearch","checknum" => 0), "groupworkitems" => array("dbcol" => "groupworkitems","checknum" => 0), "workflowconfig" => array("dbcol" => "workflowconfig","checknum" => 0), "receiptfontsize" => array("dbcol" => "receiptfontsize","checknum" => 0), "billlanguage" => array("dbcol" => "billlanguage","checknum" => 0), "reservationnote" => array("dbcol" => "reservationnote","checknum" => 0), "remoteaccesscode" => array("dbcol" => "remoteaccesscode","checknum" => 0), "webimpressum" => array("dbcol" => "webimpressum","checknum" => 0), "cancelunpaidcode" => array("dbcol" => "cancelunpaidcode","checknum" => 0), "smtphost" => array("dbcol" => "smtphost","checknum" => 0), "smtpauth" => array("dbcol" => "smtpauth","checknum" => 1), "smtpuser" => array("dbcol" => "smtpuser","checknum" => 0), "smtppass" => array("dbcol" => "smtppass","checknum" => 0), "smtpsecure" => array("dbcol" => "smtpsecure","checknum" => 1), "smtpport" => array("dbcol" => "smtpport","checknum" => 0), ); $problem = false; foreach ($changedValues as $aChangeSet) { $name = $aChangeSet['name']; $aVal = $aChangeSet['value']; if ($name == "payprinttype") { // special care: 1->l 2->s if (((string)$aVal) == "1") { $aVal = "l"; } if (((string)$aVal) == "2") { $aVal = "s"; } } if ($name == "remoteaccesscode") { if (((string)$aVal) == "") { $aVal = null; } else { $aVal = md5($aVal); } } if ($name == "printpass") { $aVal = md5($aVal); } $association = $assoc_vals[$name]; $dbcol = $association["dbcol"]; $check = $association["checknum"]; if ($check == 1) { if (is_numeric($aVal)) { $this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true); } else { $problem = true; } } else { $this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true); } } if ($problem) { echo json_encode("FAILED"); } else { echo json_encode("OK"); } } function changeOneConfigDbItem($pdo,$theItem,$theValue,$table,$doHist) { // is the value already there, or has it to be created? $sql = "SELECT setting from $table WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theItem)); $row = $stmt->fetchObject(); if ($stmt->rowCount() > 0) { $sql = "UPDATE $table SET setting=? WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theValue,$theItem)); } else { $sql = "INSERT INTO `$table` (`id` , `name`,`setting`) VALUES (NULL , ? , ?)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theItem,$theValue)); } if ($doHist) { // now this has to be logged in the history tables... $this->histfiller->updateConfigInHist($pdo,$theItem, $theValue); } } private function findActiveUserWithName($username) { $sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id)); $row =$stmt_query->fetchObject(); $theUserId = $row->id; return $theUserId; } function updateUser($theUserId, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRat, $rChangeprice, $rManager) { // get the name of the user $pdo = $this->dbutils->openDbAndReturnPdo(); $sql = "SELECT username,is_admin FROM %user% WHERE id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($theUserId)); $row = $stmt->fetchObject(); $username = $row->username; $userToModIsAdmin = $row->is_admin; $doChangeAdminRights = false; if ($isAdmin != $userToModIsAdmin) { $doChangeAdminRights = true; } if ($doChangeAdminRights && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $sql = "UPDATE %user% SET is_admin=?, right_waiter=?,right_kitchen=?,right_bar=?,right_supply=?,right_paydesk=?,right_statistics=?,right_bill=?,right_products=?,right_reservation=?,right_rating=?,right_changeprice=?,right_manager=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$theUserId)); // now this has to be logged in the history tables... $this->histfiller->updateUserInHist($pdo,$theUserId,$username, $isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1'); echo json_encode("OK"); } } function deleteUser($theUserId) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theUserId)); $row =$stmt->fetchObject(); $userToDelIsAdmin = ($row->is_admin == 1 ? true : false); if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theUserId)); $row = $stmt->fetchObject(); $numberOfOtherAdmins = $row->countid; if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) { echo json_encode("lastadmin"); } else { $userSql = "UPDATE %user% set active='0' WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); $stmt->execute(array($theUserId)); $this->histfiller->updateOneUser($pdo,$theUserId); echo json_encode("OK"); } } } function getCurrentUser() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { // no user logged in echo json_encode("Nobody"); } else { echo json_encode($_SESSION['currentuser']); } } function changepassword($userid,$password) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT count(id) as countid, is_admin FROM %user% WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $row = $stmt->fetchObject(); $userToChgPassIsAdm = false; if ($row->countid == 1) { if ($row->is_admin == 1) { $userToChgPassIsAdm = true; } } if(session_id() == '') { session_start(); } $otherUser = false; if ($_SESSION['userid'] != $userid) { $otherUser = true; } if ($otherUser && $userToChgPassIsAdm && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $password_hash = md5($password); $userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); $stmt->execute(array($password_hash,$userid)); echo json_encode("OK"); } } function setUserLanguage($language) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $_SESSION['language'] = intval($language); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set language=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($language,$currentuserid)); echo json_encode("OK"); } function setUserReceiptPrinter($printer) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $_SESSION['receiptprinter'] = intval($printer); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($printer,$currentuserid)); echo json_encode("OK"); } function setBtnSize($btn,$size) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $_SESSION[$assoc[$btn]] = intval($size); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($size,$currentuserid)); echo json_encode("OK"); } function changeOwnPassword($oldpassword,$newpassword) { if(session_id() == '') { session_start(); } $currentuser = $_SESSION['currentuser']; $oldp_hash = md5($oldpassword); $pdo = DbUtils::openDbAndReturnPdoStatic(); $ok = true; // is old password correct? $sql = "SELECT count(id) as countid,userpassword FROM %user% WHERE username=? AND active='1'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($currentuser)); $row = $stmt->fetchObject(); $numberOfEntries = $row->countid; if ($numberOfEntries == 1) { if ($row->userpassword != $oldp_hash) { $ok = false; } } else { // user not found $ok = false; } if ($ok) { // allowed to change password $newp_hash = md5($newpassword); $sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($newp_hash,$currentuser)); echo json_encode("OK"); } else { echo json_encode("FAILED"); } } private function writeCsvHeader($defaultFilename) { header("Content-type: text/x-csv"); header("Content-Disposition: attachment; filename=$defaultFilename"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); header("Expires: 0"); } private function exportConfigCsv() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-config.csv"); echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n"); $sql = "SELECT DISTINCT %hist%.id as id,date,"; $sql .= "%config%.name as configitem,%histconfig%.setting as setting,description "; $sql .= " FROM %hist%, %histconfig%, %histactions%, %config% "; $sql .= " WHERE (refid=%histconfig%.id) "; $sql .= " AND %histconfig%.configid = %config%.id "; $sql .= " AND (action='2' OR action='6') "; $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['configitem']; $val4 = str_replace("\r\n","",$zeile['setting']); $val4 = str_replace("\n","",$val4); $val5 = $zeile['description']; echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n"; } } private function exportUserCsv() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-benutzer.csv"); echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n"); $sql = "SELECT DISTINCT %hist%.id as id,date,"; $sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,"; $sql .= "right_paydesk,right_statistics,right_bill,right_products,right_rating,right_changeprice,right_manager,active,"; $sql .= "description "; $sql .= " FROM %hist%, %histuser%, %histactions% "; $sql .= " WHERE (refid=%histuser%.id) "; $sql .= " AND (action='3' OR action='7' OR action='8') "; $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['userid']; $val4 = $zeile['username']; $val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein"); $val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein"); $val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein"); $val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein"); $val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein"); $val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein"); $val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein"); $val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein"); $val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein"); $val14 = ($zeile['right_rating'] == '1' ? "Ja" : "Nein"); $val15 = ($zeile['right_changeprice'] == '1' ? "Ja" : "Nein"); $val16 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein"); $val17 = ($zeile['active'] == '1' ? "Ja" : "Nein"); $val18 = $zeile['description']; echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;"; echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n"; } } /** * Create a temporary directory in PHP's temp folder */ private function createDirectoryInTemp($tmpFolder) { $tmpFolder = trim($tmpFolder); if ($tmpFolder == "") { $tempfile=tempnam(sys_get_temp_dir(),''); } else { $tempfile=tempnam($tmpFolder,''); } if (is_null($tempfile) || ($tempfile== "")) { return null; } if (file_exists($tempfile)) { unlink($tempfile); } mkdir($tempfile); if (is_dir($tempfile)) { $tempfile = str_replace('\\','/',$tempfile); return $tempfile; } else { return null; } } private function getConfigTablesToBackupRestore() { return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods"); } private function getAllTablesToBackupRestore() { return array("closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config", "user","reservations","bill","queue","billproducts","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods","queueextras"); } public function backup($theType) { date_default_timezone_set(DbUtils::getTimeZone()); $nowtime = date('Y-m-d'); ini_set('memory_limit', '1000M'); $pdo = DButils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); $genInfo = $this->getGeneralConfigItems(false, $pdo); $version = $genInfo["version"]; $fileName = "backup-" . $version . "_" . $nowtime . "-configuration.json"; if ($theType == "all") { $fileName = "backup-" . $version . "_" . $nowtime . "-all.json"; } if ($theType == "configuration") { $tables = $this->getConfigTablesToBackupRestore(); } else { $histFiller = new HistFiller(); $histFiller->insertSaveHistEntry($pdo); $tables = $this->getAllTablesToBackupRestore(); } $binaryFields = array("signature","img","setting","content"); $dbcontent = array(); foreach($tables as $table) { $sql = "DESCRIBE %$table%"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $fields = $stmt->fetchAll(PDO::FETCH_COLUMN); $fieldstr = implode(",",$fields); $sql = "SELECT $fieldstr from %$table%"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); $tableContent = array(); foreach($result as $row) { $fieldContent = array(); foreach($fields as $field) { if (in_array($field,$binaryFields)) { $aFieldEntry = array("fieldname" => $field,"value" => base64_encode($row[$field])); } else { $aFieldEntry = array("fieldname" => $field,"value" => $row[$field]); } $fieldContent[] = $aFieldEntry; }; $tableContent[] = $fieldContent; } $dbcontent[] = array("table" => $table, "content" => $tableContent); } $pdo->commit(); $retStr = json_encode($dbcontent); ob_start(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"$fileName\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: ". strlen($retStr)); echo $retStr; ob_end_flush(); } private function restore() { if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['userfile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if(!file_exists($_FILES['userfile']['tmp_name']) || !is_uploaded_file($_FILES['userfile']['tmp_name'])) { header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben."); exit(); } ini_set('memory_limit', '1000M'); $binaryFields = array("signature","img","setting","content"); $content = file_get_contents($_FILES['userfile']['tmp_name']); $basedb = new Basedb(); $basedb->setPrefix(TAB_PREFIX); $basedb->setTimeZone(DbUtils::getTimeZone()); set_time_limit(60*5); $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); $genInfo = $this->getGeneralConfigItems(false, $pdo); $version = $genInfo["version"]; $timezone = DbUtils::getTimeZone(); $basedb->dropTables($pdo); $basedb->createEmptyTables($pdo); $dbContent = json_decode($content,true); $typeIsOnlyConfig = true; foreach($dbContent as $table) { $tablename = "%" . $table['table'] . "%"; $tablecontent = $table['content']; if ($table['table'] == "queue") { $typeIsOnlyConfig = false; } if ($table['table'] == "bill") { $sql = "SET FOREIGN_KEY_CHECKS = 0"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } foreach($tablecontent as $row) { $cols = array(); $vals = array(); $quests = array(); foreach ($row as $field) { $fieldname = $field['fieldname']; $cols[] = $fieldname; if (in_array($fieldname, $binaryFields)) { $vals[] = base64_decode($field['value']); } else { $vals[] = $field['value']; } $quests[] = '?'; } $colstr = implode(",",$cols); $queststr = implode(",",$quests); $sql = "INSERT INTO $tablename ($colstr) VALUES ($queststr)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute($vals); } if ($table['table'] == "bill") { $sql = "SET FOREIGN_KEY_CHECKS = 1"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } } if (!$typeIsOnlyConfig) { $histFiller = new HistFiller(); $histFiller->insertRestoreHistEntry($pdo); } $basedb->signLastBillid($pdo); $setVersion = "update %config% set setting=? where name='version'"; $stmt = $pdo->prepare($basedb->resolveTablenamesInSqlString($setVersion)); $stmt->execute(array($version)); $sql = "SELECT name FROM %config% WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array("timezone")); $row = $stmt->fetchObject(); if ($stmt->rowCount() == 0) { $this->changeOneConfigDbItem($pdo, "timezone", $timezone, "%config%", true); } $pdo->commit(); // logout (by the restore other user or rights may have been applied) if(session_id() == '') { session_start(); } $_SESSION = array(); // Swipe via memory if (ini_get("session.use_cookies")) { // Prepare and swipe cookies $params = session_get_cookie_params(); // clear cookies and sessions setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } ini_set('session.gc_max_lifetime', 0); ini_set('session.gc_probability', 1); ini_set('session.gc_divisor', 1); session_destroy(); header("Location: ../infopage.html?i=index.html=Import_war_erfolgreich."); /* Browser umleiten */ exit; } private function shutdown() { try { if (substr(php_uname(), 0, 7) == "Windows"){ $comd = "shutdown /s /t 10"; pclose(popen("start /B ". $cmd, "r")); } else { chmod("shutdown.bat", "700"); $cmd = "sh < shutdown.bat"; exec($cmd . " > /dev/null &"); } echo json_encode(array("status" => "OK")); } catch(Exception $e) { echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG)); } } } ?>