dbutils = new DbUtils();
// $this->products = new Products(); --> endless loop!
// $this->lastSettingOfDisplayMode = "all";
//error_reporting(E_ALL);
}
function verifyLastBillId($pdo,$nextIdToUse) {
if ($nextIdToUse == 1) {
return true;
}
if (is_null($pdo)) {
$pdo = $this->dbutils->openDbAndReturnPdo();
}
$nextIdToUse = intval($nextIdToUse);
$sql = "SELECT value,signature FROM %work% WHERE item=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array("lastbillid"));
$row =$stmt->fetchObject();
$lastBillid = intval($row->value);
$lastBillInc = $lastBillid+1;
$signature = base64_decode($row->signature);
if ($lastBillInc != $nextIdToUse) {
return false;
} else {
// test for correct signature
$pubkeyid = $this->getCert($pdo);
$ok = openssl_verify("B($lastBillid)", $signature, $pubkeyid);
openssl_free_key($pubkeyid);
if ($ok == 0) {
return false;
} else {
// is id already used in bill table?
$sql = "SELECT id FROM %bill% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($nextIdToUse));
if ($stmt->rowCount() > 0) {
return false;
} else {
// is there a gap or does the previous id exist?
$sql = "SELECT id FROM %bill% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($nextIdToUse - 1));
if ($stmt->rowCount() != 1) {
return false;
} else {
return true;
}
}
}
}
}
function getPrivkey($pdo) {
$privkey = $this->getKeyFromWorkTable($pdo, "privkey");
return(openssl_get_privatekey($privkey)); // private key
}
function getCert($pdo) {
$pubKey = $this->getKeyFromWorkTable($pdo, "cert");
return(openssl_get_publickey($pubKey));
}
function getKeyFromWorkTable($pdo,$key) {
$sql = "SELECT signature FROM %work% WHERE item=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($key));
$row =$stmt->fetchObject();
return($row->signature);
}
function setLastBillIdInWorkTable($pdo,$lastBillId) {
if (is_null($pdo)) {
$pdo = $this->dbutils->openDbAndReturnPdo();
}
$pkeyid = $this->getPrivkey($pdo);
openssl_sign("B($lastBillId)", $signature, $pkeyid);
openssl_free_key($pkeyid);
$sql = "UPDATE %work% SET value=?, signature=? WHERE item=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$signature = base64_encode($signature);
$stmt->execute(array($lastBillId,$signature,"lastbillid"));
}
function verifyBill($pdo,$id) {
if (is_null($pdo)) {
$pdo = $this->dbutils->openDbAndReturnPdo();
}
$sql = "SELECT billdate,brutto,netto,userid,IF(tax is not null, tax, '0.00') as tax,signature FROM %bill% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($id));
$row = $stmt->fetchObject();
$billdate = $row->billdate;
$brutto = $row->brutto;
$netto = $row->netto;
$tax = $row->tax;
$userid = $row->userid;
$signature = $row->signature;
return($this->verifyBillByValues($pdo,$billdate, $brutto, $netto, $tax, $userid, $signature));
}
function verifyBillByValues($pdo,$billdate,$brutto,$netto,$tax,$userid,$signature) {
if (is_null($signature)) {
return false;
}
if (is_null($pdo)) {
$pdo = $this->dbutils->openDbAndReturnPdo();
}
$brutto = number_format($brutto, 2, ".", '');
$netto = number_format($netto, 2, ".", '');
$tax = number_format($tax, 2, ".", '');
$data = "D($billdate)B($brutto)N($netto)T($tax)U($userid)";
$pubkeyid = $this->getCert($pdo);
$ok = openssl_verify($data, $signature, $pubkeyid);
openssl_free_key($pubkeyid);
if ($ok == 0) {
return false;
} else {
return true;
}
}
function calcSignatureForBill($pdo,$theTime,$brutto,$netto,$tax,$userid) {
// now calculate the signature for the bill entry
$bruttostr = number_format($brutto, 2, ".", '');
$nettostr = number_format($netto, 2, ".", '');
if (is_null($tax)) {
$taxstr = "0.00";
} else {
$taxstr = number_format($tax, 2, ".", '');
}
$data = "D($theTime)B($bruttostr)N($nettostr)T($taxstr)U($userid)";
$pkeyid = $this->getPrivkey($pdo);
openssl_sign($data, $signature, $pkeyid);
openssl_free_key($pkeyid);
return $signature;
}
function createGridTableWithSqrtSizeOfButtons ($inputArray) {
// create a table that is optimal (sqrt-like size)
$numberOfIcons = count($inputArray);
if ($numberOfIcons == 0) {
// no items to display
return;
}
$numberOfCols = ceil(sqrt($numberOfIcons));
$porcentageWidth = floor(100/$numberOfCols);
echo '
";
}
function createGridTableWithSqrtSizeOfStyleButtons($inputArray) {
$this->createGridTableWithSqrtSizeOfStyleButtonsAndHeader($inputArray,'','dummy');
}
function getTableNameFromId($tableid) {
if (is_null($tableid) || ($tableid == 0)) {
return "-"; // togo
}
$sql = "SELECT tableno FROM " . DB_RESTTABLES_TABLE . " WHERE id=". $tableid;
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$tablename = $zeile['tableno'];
mysqli_free_result( $dbresult );
return $tablename;
}
function getCurrentPriceLevel() {
$sql = "SELECT setting FROM %config% WHERE name='pricelevel'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$pricelevelid = $zeile['setting'];
mysqli_free_result( $dbresult );
$sql = "SELECT id,name FROM %pricelevel% WHERE id=$pricelevelid";
$dbresult = $this->dbutils->performSqlCommand($sql);
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$pricelevelname = $zeile['name'];
mysqli_free_result( $dbresult );
return (array("id" => $pricelevelid, "name" => $pricelevelname));
}
function createGridTableWithSqrtSizeOfStyleButtonsAndHeader ($inputArray,$headline,$headercolor) {
// create a table that is optimal (sqrt-like size)
$numberOfIcons = count($inputArray);
if ($numberOfIcons == 0) {
// no items to display
return;
}
$numberOfCols = ceil(sqrt($numberOfIcons));
$porcentageWidth = floor(100.0/$numberOfCols);
echo '";
}
function getCurrency() {
$pdo = $this->dbutils->openDbAndReturnPdo();
$sql = "SELECT setting from %config% where name='currency'";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
return $row->setting;
} else {
return "Euro";
}
}
}
?>