dbutils = new DbUtils(); } function handleCommand($command) { if (!$this->isUserAlreadyLoggedInForPhpAndMayReserve()) { echo json_encode(array("status" => "ERROR", "code" => ERROR_RES_NOT_AUTHOTRIZED, "msg" => ERROR_RES_NOT_AUTHOTRIZED_MSG)); } else { if ($command == 'createReservation') { $this->createReservation($_POST['day'],$_POST['month'],$_POST['year'],$_POST['start'],$_POST['name'],$_POST['email'],$_POST['persons'],$_POST['duration'],$_POST['phone'],$_POST['remark'],$_POST["tableid"]); } else if ($command == 'getReservations') { $this->getReservations($_GET['day'],$_GET['month'],$_GET['year']); } else if ($command == 'changeReservation') { $this->changeReservation($_POST['id'],$_POST['day'],$_POST['month'],$_POST['year'],$_POST['start'],$_POST['name'],$_POST['email'],$_POST['persons'],$_POST['duration'],$_POST['phone'],$_POST['remark'],$_POST["tableid"]); } else if ($command == 'delReservation') { $this->delReservation($_POST['id']); } else if ($command == 'emailConfirmReservation') { $this->emailConfirmReservation($_POST['to'],$_POST['msg']); } else if ($command == 'reservationsAsHtml') { $this->reservationsAsHtml($_GET['day'],$_GET['month'],$_GET['year']); } else { echo "Kommando nicht unterstuetzt."; } } } function isUserAlreadyLoggedInForPhpAndMayReserve() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { return false; } else { return ($_SESSION['right_reservation']); } } private function createReservation($day,$month,$year,$start,$name,$email,$persons,$duration,$phone,$remark,$tableid) { $userid = $_SESSION['userid']; date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); $scheduledDate = "$year-$month-$day 00:00:00"; if ($tableid <= 0) { $tableid = null; } $pdo = DbUtils::openDbAndReturnPdoStatic(); try { $pdo->beginTransaction(); $sql = "INSERT INTO `%reservations%` ( `id` , `creator`,`creationdate`,`scheduledate`,`name`,`email`,`starttime`,`duration`,`persons`,`phone`,`remark`,`tableid`) VALUES ( NULL , ?,?,?,?,?,?,?,?,?,?,?)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($userid,$currentTime,$scheduledDate,$name,$email,$start,$duration,$persons,$phone,$remark,$tableid)); $pdo->commit(); echo json_encode(array("status" => "OK")); } catch (PDOException $e) { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_DB_NOT_READABLE, "msg" => ERROR_GENERAL_DB_NOT_READABLE_MSG)); } } private function changeReservation($id,$day,$month,$year,$start,$name,$email,$persons,$duration,$phone,$remark,$tableid) { $userid = $_SESSION['userid']; date_default_timezone_set(DbUtils::getTimeZone()); $currentTime = date('Y-m-d H:i:s'); $scheduledDate = "$year-$month-$day 00:00:00"; $pdo = DbUtils::openDbAndReturnPdoStatic(); try { $pdo->beginTransaction(); $sql = "UPDATE `%reservations%` SET creator=?,creationdate=?,scheduledate=?,name=?,email=?,starttime=?,duration=?,persons=?,phone=?,remark=?,tableid=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($userid,$currentTime,$scheduledDate,$name,$email,$start,$duration,$persons,$phone,$remark,$tableid,$id)); $pdo->commit(); echo json_encode(array("status" => "OK")); } catch (PDOException $e) { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_DB_NOT_READABLE, "msg" => ERROR_GENERAL_DB_NOT_READABLE_MSG)); } } private function delReservation($id) { $pdo = DbUtils::openDbAndReturnPdoStatic(); try { $pdo->beginTransaction(); $sql = "DELETE FROM `%reservations%` WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($id)); $pdo->commit(); echo json_encode(array("status" => "OK")); } catch (PDOException $e) { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_DB_NOT_READABLE, "msg" => ERROR_GENERAL_DB_NOT_READABLE_MSG)); } } private function emailConfirmReservation($toEmail,$msg) { // first find sender email $pdo = $this->dbutils->openDbAndReturnPdo(); $msg = str_replace("\n", "\r\n", $msg); $topictxt = "Reservierungsbestätigung\r\n"; if (Emailer::sendEmail($pdo, $msg, $toEmail, $topictxt)) { echo json_encode("OK"); } else { echo json_encode("ERROR"); } } private static function getNoOfActiveRooms($pdo) { $sql = "SELECT COUNT(id) as countid FROM %room% WHERE removed is null"; $result = CommonUtils::fetchSqlAll($pdo, $sql, null); if (count($result) > 0) { return $result[0]["countid"]; } return 0; } private function reservationsAsHtml($day,$month,$year) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = self::getSqlForResByTime(); $timeSortedReservations = $this->getReservationsCore($pdo,$day,$month,$year,$sql . " ORDER BY starttime,roomsorting,tablesorting"); $numberOfActiveRooms = self::getNoOfActiveRooms($pdo); header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); header( "Cache-Control: no-cache, must-revalidate" ); header( "Pragma: no-cache" ); header( "Content-Type: text/html; charset=utf8" ); $txt = ""; $txt .= "Reservierungsübersicht"; $txt .= ''; $txt .= ''; $txt .= ""; $txt .= ""; $txt .= "

Reservierungsübersicht für $day.$month.$year

"; $txt .= ""; $txt .= ""; foreach ($timeSortedReservations as $row) { $txt .= ""; $txt .= ""; } $txt .= "
StartuhrzeitDauer (Std.)GastPersonenPlatzZusatzinfo
" . $row['start'] . ":00"; $txt .= "" . $row['duration']; $txt .= "" . htmlspecialchars($row['guest']); $txt .= "" . htmlspecialchars($row['persons']); if ($numberOfActiveRooms > 1) { $txt .= "" . htmlspecialchars($row['roomname']) . "/" . htmlspecialchars($row['tablename']); } else { $txt .= "" . htmlspecialchars($row['tablename']); } $txt .= "" . htmlspecialchars($row['remark']); $txt .= "
"; echo $txt; } private static function getSqlForResByTime() { // REM* roomname and tablename only for the html output $sql = "SELECT R.id,U.username as username,creationdate,scheduledate,starttime,name,email,persons,duration,phone,remark,tableid, "; $sql .= "IF(tableid is null,'-1',(SELECT RO.id as roomid FROM %room% RO,%resttables% T WHERE T.id=tableid AND T.roomid=RO.id)) as roomid, "; $sql .= "IF(tableid is null,'-1',(SELECT RO.sorting as roomsorting FROM %room% RO,%resttables% T WHERE T.id=tableid AND T.roomid=RO.id)) as roomsorting, "; $sql .= "IF(tableid is null,'',(SELECT RO.roomname as roomname FROM %room% RO,%resttables% T WHERE T.id=tableid AND T.roomid=RO.id)) as roomname, "; $sql .= "IF(tableid is null,'-1',(SELECT T.sorting as tablesorting FROM %room% RO,%resttables% T WHERE T.id=tableid AND T.roomid=RO.id)) as tablesorting, "; $sql .= "IF(tableid is null,'',(SELECT T.tableno as tablename FROM %room% RO,%resttables% T WHERE T.id=tableid AND T.roomid=RO.id)) as tablename "; $sql .= "FROM %reservations% R,%user% U "; $sql .= "WHERE DATE(scheduledate)=? AND R.creator=U.id "; return $sql; } private function getReservations($day,$month,$year) { $pdo = DbUtils::openDbAndReturnPdoStatic(); // REM* the many sortings in the sql allow the sorting by time, room-sort and table-sort $sql = self::getSqlForResByTime(); $timeSortedReservations = $this->getReservationsCore($pdo,$day,$month,$year,$sql . " ORDER BY starttime,roomsorting,tablesorting"); // REM* and now by table $sql = "SELECT DISTINCT R.tableid as tableid,ROOM.id as roomid,ROOM.sorting as roomsorting,T.sorting as tablesorting FROM %reservations% R,%room% ROOM,%resttables% T "; $sql .= " WHERE DATE(scheduledate)=? AND tableid is not null AND tableid >= '0' "; $sql .= " AND R.tableid = T.id AND T.roomid=ROOM.id "; $sql .= " ORDER BY ROOM.sorting,T.sorting "; $day = sprintf("%02s", $day); $month = sprintf("%02s", $month); $scheduledDate = "$year-$month-$day"; $allTablesOfResAtThatDate = CommonUtils::fetchSqlAll($pdo, $sql, array($scheduledDate)); $byTables = array(); foreach($allTablesOfResAtThatDate as $tableRes) { $sql = "SELECT R.id,U.username as creator,creationdate,scheduledate,starttime as start,name as guest,email,persons,duration,(starttime + duration) as endhour,"; $sql .= " phone,remark,tableid,'" . $tableRes["roomid"] . "' as roomid "; $sql .= "FROM %reservations% R,%user% U "; $sql .= "WHERE DATE(scheduledate)=? AND R.creator=U.id AND tableid=? "; $sql .= "ORDER BY starttime"; $allResOfThatTable = CommonUtils::fetchSqlAll($pdo, $sql, array($scheduledDate,$tableRes["tableid"])); $byTables[] = array("tableid" => $tableRes["tableid"],"roomid" => $tableRes["roomid"], "reservations" => $allResOfThatTable); } // REM* these were all reservations by table at the given date. Let's add all reservations without a table assignment $sql = "SELECT R.id,U.username as creator,creationdate,scheduledate,starttime as start,name as guest,email,persons,duration,(starttime + duration) as endhour,"; $sql .= " phone,remark,'-1' as tableid,'-1' as roomid "; $sql .= "FROM %reservations% R,%user% U "; $sql .= "WHERE DATE(scheduledate)=? AND R.creator=U.id AND (tableid is null OR tableid='-1') "; $sql .= "ORDER BY starttime"; $allResOfUndefinedTable = CommonUtils::fetchSqlAll($pdo, $sql, array($scheduledDate)); if (count($allResOfUndefinedTable) > 0) { $byTables[] = array("tableid" => '-1',"roomid" => '-1', "reservations" => $allResOfUndefinedTable); } $msg = array("bytimes" => $timeSortedReservations,"bytables" => $byTables); // REM* now attach a list of rooms and tables to select for new reservations $tableoverview = self::gettablesoverview($pdo); echo json_encode(array("status" => "OK", "msg" => $msg,"tableoverview" => $tableoverview)); } private function getReservationsCore($pdo,$day,$month,$year,$sql) { $day = sprintf("%02s", $day); $month = sprintf("%02s", $month); $scheduledDate = "$year-$month-$day"; try { $pdo = DbUtils::openDbAndReturnPdoStatic(); $result = CommonUtils::fetchSqlAll($pdo, $sql, array($scheduledDate)); $resArray = array(); foreach($result as $row) { $datetimeparts = explode(" ",$row['scheduledate']); $thedate = $datetimeparts[0]; $thedateparts = explode("-",$thedate); $resArray[] = array( "id" => $row['id'], "creator" => $row['username'], "creationdate" => $row['creationdate'], "day" => $thedateparts[2], "month" => $thedateparts[1], "year" => $thedateparts[0], "start" => $row['starttime'], "guest" => $row['name'], "email" => $row['email'], "persons" => $row['persons'], "duration" => $row['duration'], "phone" => $row['phone'], "remark" => $row['remark'], "roomid" => $row['roomid'], "tableid" => $row['tableid'], "roomname" => $row['roomname'], "tablename" => $row['tablename'] ); } return $resArray; } catch (PDOException $e) { return array(); } } private static function gettablesoverview($pdo) { try { $tableoverview = array(); // REM* get only the rooms with not removed tables (active flag is ignored because it may be that the room is active at date for reservation) $sql = "SELECT R.id as roomid,R.roomname as roomname,IFNULL(R.abbreviation,'') as abbreviation from %room% R WHERE R.removed is null HAVING (SELECT COUNT(id) FROM %resttables% T WHERE T.roomid=R.id AND T.removed is null) > 0 ORDER BY sorting"; $rooms = CommonUtils::fetchSqlAll($pdo, $sql); foreach($rooms as $aRoom) { $sql = "SELECT id,tableno as tablename FROM %resttables% WHERE roomid=? ORDER BY sorting"; $tablesOfRoom = CommonUtils::fetchSqlAll($pdo, $sql, array($aRoom['roomid'])); $tableoverview[$aRoom['roomid']] = array("roomid" => $aRoom['roomid'], "roomname" => $aRoom["roomname"],"roomabbreviation" => $aRoom["abbreviation"], "tables" => $tablesOfRoom); } return $tableoverview; } catch (Exception $ex) { return array(); } } }