array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "updateUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "deleteUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "changepassword" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "changeConfig" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "readlogo" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "deletelogo" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "getCurrentUser" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "tryAuthenticate" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "setLastModuleOfUser" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getViewAfterLogin" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "isUserAlreadyLoggedIn" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "isLoggedinUserAdmin" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "isLoggedinUserKitchen" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "isLoggedinUserBar" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "isLoggedinUserAdminOrManagerOrTE" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "hasUserPaydeskRight" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getJsonMenuItemsAndVersion" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "getUserList" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "setTime" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "changeOwnPassword" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setUserLanguage" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setUserReceiptPrinter" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setBtnSize" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getGeneralConfigItems" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getWaiterSettings" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getPayPrintType" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getPayments" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "autobackup" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "shutdown" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "optimize" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "backup" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "restore" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "golive" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "drop" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "fill" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "fillSpeisekarte" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "assignTaxes" => array("loggedin" => 1, "isadmin" => 1, "rights" => null), "exportConfigCsv" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "exportUserCsv" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "exportLog" => array("loggedin" => 1, "isadmin" => 0, "rights" => array("manager_or_admin")), "setOrderVolume" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setPreferTableMap" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setKeepTypeLevel" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setMobileTheme" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "setApplyExtrasBtnPos" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getOrderVolume" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getButtonSizes" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getPreferTableMap" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getKeepTypeLevel" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getMobileTheme" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getApplyExtrasBtnPos" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "isInstalled" => array("loggedin" => 0, "isadmin" => 0, "rights" => null), "isPrinterServerActive" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getWaiterMessage" => array("loggedin" => 1, "isadmin" => 0, "rights" => null), "getmobilecss" => array("loggedin" => 0, "isadmin" => 0, "rights" => null) ); function __construct() { $this->dbutils = new DbUtils(); $this->userrights = new Userrights(); $this->histfiller = new HistFiller(); } private static function checkRights($command) { if(session_id() == '') { session_start(); } if (!array_key_exists($command, self::$rights)) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_FOUND, "msg" => ERROR_COMMAND_NOT_FOUND_MSG)); return false; } $cmdRights = self::$rights[$command]; if ($cmdRights["loggedin"] == 1) { if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } } if ($cmdRights["isadmin"] == 1) { if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } else { if ($_SESSION['is_admin'] == 0) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG)); return false; } } } if (!is_null($cmdRights["rights"])) { foreach($cmdRights["rights"] as $aRight) { if ($aRight == 'manager_or_admin') { if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1)) { return true; } } } echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); return false; } return true; } function handleCommand($command) { if (!self::checkRights($command)) { return false; } if ($command == 'tryAuthenticate') { $this->tryAuthenticate($_POST['userid'],$_POST['password'],$_POST['modus'],$_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute'],$_POST["time"]); } else if ($command == 'setLastModuleOfUser') { $this->setLastModuleOfUser($_POST['view']); } else if ($command == 'getViewAfterLogin') { $this->getViewAfterLogin(); } else if ($command == 'isUserAlreadyLoggedIn') { $this->isUserAlreadyLoggedIn(); } else if ($command == 'logout') { $this->logout(); } else if ($command == 'getCurrentUser') { $this->getCurrentUser(); } else if ($command == 'isLoggedinUserAdmin') { $this->isLoggedinUserAdmin(); } else if ($command == 'isLoggedinUserKitchen') { $this->isLoggedinUserKitchen(); } else if ($command == 'isLoggedinUserBar') { $this->isLoggedinUserBar(); } else if ($command == 'isLoggedinUserAdminOrManagerOrTE') { $this->isLoggedinUserAdminOrManagerOrTE(); } else if ($command == 'hasUserPaydeskRight') { $this->hasUserPaydeskRight(); } else if ($command == 'getJsonMenuItemsAndVersion') { $this->getJsonMenuItemsAndVersion(); } else if ($command == 'getUserList') { $this->getUserList(); } else if ($command == 'setTime') { $this->setTime($_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute']); } else if ($command == 'createNewUser') { $this->createNewUser(); } else if ($command == 'updateUser') { $this->updateUser(); } else if ($command == 'deleteUser') { $this->deleteUser($_POST['userid']); } else if ($command == 'changepassword') { $this->changepassword($_POST['userid'],$_POST['password']); } else if ($command == 'changeOwnPassword') { $this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']); } else if ($command == 'setUserLanguage') { $this->setUserLanguage($_POST['language']); } else if ($command == 'setUserReceiptPrinter') { $this->setUserReceiptPrinter($_POST['printer']); } else if ($command == 'setBtnSize') { $this->setBtnSize($_POST['btn'],$_POST['size']); } else if ($command == 'changeConfig') { $this->changeConfig($_POST['changed']); } else if ($command == 'readlogo') { $this->readlogo(); } else if ($command == 'deletelogo') { $this->deletelogo(); } else if ($command == 'getGeneralConfigItems') { $this->getGeneralConfigItems(true,null); } else if ($command == 'getWaiterSettings') { $this->getWaiterSettings(); // from here on admin rights are needed } else if ($command == 'getPayPrintType') { $this->getPayPrintType(); } else if ($command == 'getPayments') { $this->getPayments(); } else if ($command == 'autobackup') { $this->backup('auto',$_POST['remoteaccesscode']); } else if ($command == 'fill') { $this->fillSampleContent(); echo json_encode(array("status" => "OK")); } else if ($command == 'fillSpeisekarte') { $this->fillSpeisekarte($_POST['speisekarte']); } else if ($command == 'backup') { $this->backup($_GET['type'],null); return; } else if ($command == 'restore') { $this->restore(); return; } else if ($command == 'golive') { $this->golive(); return; } else if ($command == 'shutdown') { $this->shutdown(); return; } else if ($command == 'optimize') { $this->optimize(); return; } else if ($command == 'assignTaxes') { $this->assignTaxes($_POST['food'],$_POST['drinks']); return; } else if ($command == 'exportConfigCsv') { if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) { $this->exportConfigCsv(); } } else if ($command == 'exportUserCsv') { if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) { $this->exportUserCsv(); } } else if ($command == 'exportLog') { if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) { $this->exportLog(); } } else if ($command == 'setOrderVolume') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setOrderVolume($_POST['volume']); } } else if ($command == 'setPreferTableMap') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setPreferTableMap($_POST['prefertablemap']); } } else if ($command == 'setKeepTypeLevel') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setKeepTypeLevel($_POST['keeptypelevel']); } } else if ($command == 'setMobileTheme') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setMobileTheme($_POST['mobiletheme']); } } else if ($command == 'setApplyExtrasBtnPos') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->setExtrasApplyBtnPos($_POST['applyextrasbtnpos']); } } else if ($command == 'getOrderVolume') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getOrderVolume(); } } else if ($command == 'getButtonSizes') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getButtonSizes(); } } else if ($command == 'getPreferTableMap') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getPreferTableMap(); } } else if ($command == 'getKeepTypeLevel') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getKeepTypeLevel(); } } else if ($command == 'getmobilecss') { $this->getmobilecss(); } else if ($command == 'getMobileTheme') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getMobileTheme(); } } else if ($command == 'getApplyExtrasBtnPos') { if ($this->isUserAlreadyLoggedInForPhp()) { $this->getApplyExtrasBtnPos(); } } else if ($command == 'isInstalled') { $this->isInstalled(); } else if ($command == 'isPrinterServerActive') { $this->isPrinterServerActive(); } else if ($command == 'getWaiterMessage') { $this->getWaiterMessage(); } else { echo "Command not supported."; } } /*** * Is the installation already done? Or was the html/php code overwritten, i.e. a new or updated version to install? */ private function isInstalled() { if(defined('INSTALLSTATUS')){ if (INSTALLSTATUS == 'new') { echo json_encode("No"); } else { echo json_encode("Yes"); } } else { echo json_encode("No"); } } private function isPrinterServerActive() { $pdo = DbUtils::openDbAndReturnPdoStatic(); Hotelinterface::hs3sync($pdo); $TIMEOUT = 20; $active = json_encode(array("status" => "OK","msg" => 1)); $notActive = json_encode(array("status" => "OK","msg" => 0)); // check printmode $printMode = CommonUtils::getConfigValue($pdo, 'payprinttype', "s"); if ($printMode != "s") { echo $active; return; } $sql = "SELECT count(id) as countid FROM %work% WHERE item=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array('lastprtserveraccess')); $row = $stmt->fetchObject(); if ($row->countid == 0) { echo $notActive; } else { $sql = "SELECT value FROM %work% WHERE item=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array('lastprtserveraccess')); $row = $stmt->fetchObject(); $lastaccess = $row->value; date_default_timezone_set(DbUtils::getTimeZone()); $date = new DateTime(); $currentTimeStamp = $date->getTimestamp(); if (($currentTimeStamp - $lastaccess) > $TIMEOUT) { echo $notActive; } else { echo $active; } } } function isUserAlreadyLoggedInForPhp() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { return false; } else { return true; } } function isUserAlreadyLoggedIn() { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode("NO"); } else { echo json_encode("YES"); } } function logout() { if(session_id() == '') { session_start(); session_destroy(); } echo json_encode("OK"); } static function isOnlyRatingUser($rightArr,$right_rating,$comparisonVal) { foreach($rightArr as $aRight) { if ($aRight == $comparisonVal) { return false; } } if ($right_rating == $comparisonVal) { return true; } else { return false; } } function tryAuthenticate($userid,$password,$modus,$day,$month,$year,$hour,$minute,$unixtime) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $authenticated = false; $isLoginAllowed = self::checkIsLoginAllowed($pdo,$userid); if (!$isLoginAllowed) { Logger::logcmd("admin","authentication","Login with id $userid failed"); echo json_encode(array("status" => "WAIT")); return; } $sql = "SELECT * FROM %user% WHERE id=? AND active='1'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $result = $stmt->fetchAll(); $numberOfEntries = count($result); if ($numberOfEntries == 1) { $zeile = $result[0]; $pass_hash = $zeile['userpassword']; if ($zeile['is_admin'] == 0) { // authentication-check } // password_verify requires PHP > 5.5, so let's use MD5 instead // (it is no banking software...) if (md5($password) == $pass_hash) { $authenticated = true; } } if ($authenticated) { date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $serverDay = $now["mday"]; $serverMonth = $now["mon"]; $serverYear = $now["year"]; $serverHour = $now["hours"]; $serverMinute = $now["minutes"]; $serverTime = $now["0"]; $timeDiff = 0; if (abs($serverTime - $unixtime) > (60*60*2)) { $timeDiff = 1; } ini_set('session.gc_maxlifetime',65535); session_set_cookie_params(65535); if(session_id() == '') { session_start(); } $username = $zeile["username"]; $_SESSION['angemeldet'] = true; $_SESSION['userid'] = $zeile['id']; $_SESSION['currentuser'] = $username; $_SESSION['modus'] = $modus; $workflow = $this->getConfigItemsAsString($pdo, "workflowconfig"); $rights = array($zeile['is_admin'],$zeile['right_waiter'],$zeile['right_kitchen'], $zeile['right_bar'],$zeile['right_supply'],$zeile['right_paydesk'], $zeile['right_statistics'],$zeile['right_bill'],$zeile['right_products'], $zeile['right_reservation'],$zeile['right_changeprice'],$zeile['right_customers'],$zeile['right_manager'], $zeile['right_closing']); $right_rating = $zeile['right_rating']; if (self::isOnlyRatingUser($rights,$right_rating, 1)) { $_SESSION['right_rating'] = true; $_SESSION['is_admin'] = false; $_SESSION['right_waiter'] = false; $_SESSION['right_kitchen'] = false; $_SESSION['right_bar'] = false; $_SESSION['right_supply'] = false; $_SESSION['right_paydesk'] = false; $_SESSION['right_statistics'] = false; $_SESSION['right_bill'] = false; $_SESSION['right_products'] = false; $_SESSION['right_reservation'] = false; $_SESSION['right_changeprice'] = false; $_SESSION['right_customers'] = false; $_SESSION['right_manager'] = false; $_SESSION['right_closing'] = false; $_SESSION['keeptypelevel'] = false; } else { $_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false); $_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false); if (($workflow == 2) || ($workflow == 3)) { $_SESSION['right_kitchen'] = false; $_SESSION['right_bar'] = false; $_SESSION['right_supply'] = false; } else { $_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false); $_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false); $_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false); } $_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false); $_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false); $_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false); $_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false); $_SESSION['right_reservation'] = ($zeile['right_reservation'] == 1 ? true : false); $_SESSION['right_rating'] = ($zeile['right_rating'] == 1 ? true : false); $_SESSION['right_changeprice'] = ($zeile['right_changeprice'] == 1 ? true : false); $_SESSION['right_customers'] = ($zeile['right_customers'] == 1 ? true : false); $_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false); $_SESSION['right_closing'] = ($zeile['right_closing'] == 1 ? true : false); $_SESSION['keeptypelevel'] = ($zeile['keeptypelevel'] == 1 ? true : false); } $this->userrights->setSession($_SESSION['is_admin'], $_SESSION['right_waiter'], $_SESSION['right_kitchen'], $_SESSION['right_bar'], $_SESSION['right_supply'], $_SESSION['right_paydesk'], $_SESSION['right_statistics'], $_SESSION['right_bill'], $_SESSION['right_products'], $_SESSION['right_reservation'], $_SESSION['right_rating'], $_SESSION['right_changeprice'], $_SESSION['right_customers'],$_SESSION['right_manager'], $_SESSION['right_closing']); $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $_SESSION["roombtnsize"] = $zeile['roombtnsize']; $_SESSION["tablebtnsize"] = $zeile['tablebtnsize']; $_SESSION["prodbtnsize"] = $zeile['prodbtnsize']; $language = $zeile['language']; if (is_null($language)) { $language = 0; } $_SESSION['language'] = intval($language); $receiptprinter = $zeile['receiptprinter']; if (is_null($receiptprinter)) { $receiptprinter = 1; } $_SESSION['receiptprinter'] = intval($receiptprinter); $preferTm = $zeile['prefertablemap']; if (is_null($preferTm)) { $preferTm = 1; } $_SESSION['prefertm'] = intval($preferTm); $pdo = DbUtils::openDbAndReturnPdoStatic(); $_SESSION['timezone'] = $this->getTimeZone($pdo); } if ($authenticated) { Logger::logcmd("admin","authentication","Login $username successful"); self::clearFailedLogins($pdo, $userid); $loginMessage = $this->getMessage(null,'loginmessage'); echo json_encode(array("status" => "YES","loginmessage" => $loginMessage, "timediff" => $timeDiff, "isadmin" => $zeile['is_admin'],"lang" => $_SESSION["language"])); } else { Logger::logcmd("admin","authentication","Login with id $userid failed"); self::increaseFailedLogins($pdo,$userid); echo json_encode(array("status" => "NO")); } } private static function checkIsLoginAllowed($pdo,$userid) { date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $serverTime = $now["0"]; $sql = "SELECT failedlogins FROM %user% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($userid)); if (is_null($row) || is_null($row->failedlogins)) { return true; } else { $lastFailure = explode("_",$row->failedlogins)[0]; $attempt = intval(explode("_",$row->failedlogins)[1]); if ($attempt >= 5) { if (abs($serverTime - $lastFailure) > (60*3)) { self::clearFailedLogins($pdo, $userid); return true; } else { return false; } } else { return true; } } } private static function increaseFailedLogins($pdo,$userid) { date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $serverTime = $now["0"]; $lastFailure = (string) $serverTime . "_"; $sql = "SELECT failedlogins FROM %user% WHERE id=?"; $row = CommonUtils::getRowSqlObject($pdo, $sql, array($userid)); if (is_null($row) || is_null($row->failedlogins)) { $lastFailure .= "1"; } else { $attempt = intval(explode("_",$row->failedlogins)[1]); $lastFailure .= ($attempt + 1); } $sql = "UPDATE %user% SET failedlogins=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array($lastFailure,$userid)); } private static function clearFailedLogins($pdo,$userid) { $sql = "UPDATE %user% SET failedlogins=? WHERE id=?"; CommonUtils::execSql($pdo, $sql, array(null,$userid)); } private function getMessage($pdo,$messageType) { if (is_null($pdo)) { $pdo = DbUtils::openDbAndReturnPdoStatic(); } $sql = "SELECT value FROM %work% WHERE item=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($messageType)); $row = $stmt->fetchObject(); $msg = ""; if ($stmt->rowCount() > 0) { $msg = $row->value; } return $msg; } function getButtonSizes() { $pdo = DbUtils::openDbAndReturnPdoStatic(); echo json_encode(self::getButtonSizesCore($pdo)); } private static function getButtonSizesCore($pdo) { $userid = $_SESSION['userid']; $sql = "SELECT roombtnsize,tablebtnsize,prodbtnsize FROM %user% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $row =$stmt->fetchObject(); $roombtnsize = $row->roombtnsize; if (is_null($roombtnsize)) { $roombtnsize = 0; } $tablebtnsize = $row->tablebtnsize; if (is_null($tablebtnsize)) { $tablebtnsize = 0; } $prodbtnsize = $row->prodbtnsize; if (is_null($prodbtnsize)) { $prodbtnsize = 0; } return(array("roombtnsize" => $roombtnsize,"tablebtnsize" => $tablebtnsize,"prodbtnsize" => $prodbtnsize)); } private static function getUserValue($item,$defaultvalue) { $userid = $_SESSION['userid']; $sql = "SELECT $item AS result FROM %user% WHERE id=?"; $pdo = DbUtils::openDbAndReturnPdoStatic(); $stmt = $pdo->prepare(Dbutils::substTableAlias($sql)); $stmt->execute(array($userid)); if ($stmt->rowCount() == 0) { return $defaultvalue; } $row = $stmt->fetchObject(); $aVal = 0; if ($row != null) { $aVal = $row->result; if ($aVal == null) { $aVal = $defaultvalue; } } echo json_encode($aVal); } function getPreferTableMap() { self::getUserValue('prefertablemap',1); } function getKeepTypeLevel() { self::getUserValue('keeptypelevel',1); } function getmobilecss() { $cssFile = "orderstyle.min.css"; if (isset($_SESSION['userid'])) { $userid = $_SESSION['userid']; $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT mobiletheme FROM %user% WHERE id=?"; $mobileTheme = CommonUtils::getRowSqlObject($pdo, $sql, array($userid)); $cssFile = "orderstyle.min.css"; if ($mobileTheme->mobiletheme == 1) { $cssFile = "orderstyle-pale.min.css"; } } $file = "3rdparty/orderstyle/$cssFile"; header('Content-type: text/css'); readfile($file); } function getMobileTheme() { self::getUserValue('mobiletheme', 0); } function getApplyExtrasBtnPos() { self::getUserValue('extrasapplybtnpos', 1); } function getOrderVolume() { self::getUserValue('ordervolume',0); } private static function setUserValue($item,$theValue) { $userid = $_SESSION['userid']; $sql = "UPDATE %user% SET $item=? WHERE id=?"; $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theValue,$userid)); $pdo->commit(); echo json_encode(array("status" => "OK")); } function setOrderVolume($volume) { self::setUserValue('ordervolume', $volume); } function setPreferTableMap($preferValue) { self::setUserValue('prefertablemap',$preferValue); } function setKeepTypeLevel($preferValue) { self::setUserValue('keeptypelevel',$preferValue); } function setMobileTheme($preferValue) { self::setUserValue('mobiletheme', $preferValue); } function setExtrasApplyBtnPos($preferValue) { self::setUserValue('extrasapplybtnpos',$preferValue); } function setLastModuleOfUser($view) { if ($this->isUserAlreadyLoggedInForPhp()) { if ($view != "logout.php") { $userid = $_SESSION['userid']; $questPos = strpos($view,'?'); if ($questPos != false) { $view = substr($view,0,$questPos); } $sql = "UPDATE %user% SET lastmodule=? WHERE id=? AND active='1'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($view,$userid)); } echo json_encode(array("status" => "OK")); } else { echo json_encode(array("status" => "Error","msg" => "Benutzer nicht eingeloggt")); } } public function getConfigItemsAsString($pdo,$key) { $sql = "SELECT setting FROM %config% WHERE name=?"; if (is_null($pdo)) { return ""; } $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($key)); $row = $stmt->fetchObject(); if ($stmt->rowCount() == 0) { return ""; } $theValue = $row->setting; if (is_null($theValue)) { return ""; } else { return $theValue; } } public static function overruleTimeZone($timezone) { self::$timezone = $timezone; DbUtils::overruleTimeZone($timezone); } public function getTimeZone($pdo) { if (is_null(self::$timezone)) { $timezone = $this->getConfigItemsAsString($pdo, "timezone"); if ($timezone == "") { $timezone = "Europe/Berlin"; } return $timezone; } else { return self::$timezone; } } public function getEnv($pdo) { $installdate = $this->getConfigItemsAsString($pdo, "installdate"); $lastupdate = $this->getConfigItemsAsString($pdo, "lastupdate"); $version = $this->getConfigItemsAsString($pdo, "version"); return(array("version" => $version, "installdate" => $installdate, "lastupdate" => $lastupdate)); } private function getWaiterSettings() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $userLoggedIn = $this->isUserAlreadyLoggedInForPhp(); if (!$userLoggedIn) { $retVal = array("isUserLoggedIn" => 0); echo json_encode($retVal); return; } $configItems = join(",",array("'decpoint'","'version'","'cancelunpaidcode'","'tax'","'togotax'","'taxaustrianormal'","'taxaustriaerm1'","'taxaustriaerm2'","'taxaustriaspecial'","'currency'","'workflowconfig'","'prominentsearch'","'discount1'","'discount2'","'discount3'","'discountname1'","'discountname2'","'discountname3'","'waitergopayprint'","'cashenabled'","'returntoorder'","'restaurantmode'")); $sql = "select name,setting FROM %config% WHERE name in ($configItems)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $configitems = $stmt->fetchAll(); $configresult = array(); foreach($configitems as $item) { $configresult[$item["name"]] = $item["setting"]; } $userlang = 0; $right_changeprice = 0; $supplyRight = 0; if ($userLoggedIn) { $sql = "SELECT language,right_supply,right_changeprice,keeptypelevel,extrasapplybtnpos,right_paydesk FROM %user% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($_SESSION['userid'])); $row = $stmt->fetchObject(); } $buttonSizes = self::getButtonSizesCore($pdo); $jsonMenuItems = $this->getJsonMenuItemsAndVersionCore(); $retVal = array("config" => $configresult, "rightchangeprice" => $row->right_changeprice, "rightpaydesk" => $row->right_paydesk, "supplyright" => $row->right_supply, "userlanguage" => $row->language, "buttonsizes" => $buttonSizes, "keeptypelevel" => $row->keeptypelevel, "extrasapplybtnpos" => $row->extrasapplybtnpos, "isUserLoggedIn" => 1, "jsonMenuItemsAndVersion" => $jsonMenuItems ); echo json_encode($retVal); } public function getGeneralConfigItems($forHtml,$pdo) { $userLoggedIn = $this->isUserAlreadyLoggedInForPhp(); if ($userLoggedIn || (!$forHtml)) { if (is_null($pdo)) { $pdo = $this->dbutils->openDbAndReturnPdo(); } $companyInfo = CommonUtils::getConfigValue($pdo,"companyinfo",null); $rectemplate = CommonUtils::getConfigValue($pdo,"rectemplate",null); $foodtemplate = CommonUtils::getConfigValue($pdo,"foodtemplate",null); $drinktemplate = CommonUtils::getConfigValue($pdo,"drinktemplate",null); $decpoint = CommonUtils::getConfigValue($pdo,"decpoint",null); $version = CommonUtils::getConfigValue($pdo,"version",null); $payprinttype = CommonUtils::getConfigValue($pdo,"payprinttype",null); $cancelunpaidcode = CommonUtils::getConfigValue($pdo,"cancelunpaidcode",null); $cancelguestcode = CommonUtils::getConfigValue($pdo,"cancelguestcode",null); $tax = CommonUtils::getConfigValue($pdo,"tax",null); $togotax = CommonUtils::getConfigValue($pdo,"togotax",null); $taxaustrianormal = CommonUtils::getConfigValue($pdo,"taxaustrianormal",null); $taxaustriaerm1 = CommonUtils::getConfigValue($pdo,"taxaustriaerm1",null); $taxaustriaerm2 = CommonUtils::getConfigValue($pdo,"taxaustriaerm2",null); $taxaustriaspecial = CommonUtils::getConfigValue($pdo,"taxaustriaspecial",null); $serverurl = CommonUtils::getConfigValue($pdo,"serverurl",null); $email = CommonUtils::getConfigValue($pdo,"email",null); $bigfontworkreceipt = CommonUtils::getConfigValue($pdo,"bigfontworkreceipt",null); $prominentsearch = CommonUtils::getConfigValue($pdo,"prominentsearch",null); $discount1 = CommonUtils::getConfigValue($pdo,"discount1",null); $discount2 = CommonUtils::getConfigValue($pdo,"discount2",null); $discount3 = CommonUtils::getConfigValue($pdo,"discount3",null); $austria = CommonUtils::getConfigValue($pdo,"austria",null); $digigopaysetready = CommonUtils::getConfigValue($pdo,"digigopaysetready",1); $waitergopayprint = CommonUtils::getConfigValue($pdo,"waitergopayprint",0); $oneprodworkreceipts = CommonUtils::getConfigValue($pdo,"oneprodworkreceipts",0); $digiprintwork = CommonUtils::getConfigValue($pdo,"digiprintwork",1); $groupworkitems = CommonUtils::getConfigValue($pdo,"groupworkitems",1); $receiveremail = CommonUtils::getConfigValue($pdo,"receiveremail",""); $emailbadrating = CommonUtils::getConfigValue($pdo,"emailbadrating",""); $emailratingcontact = CommonUtils::getConfigValue($pdo,"emailratingcontact",""); $billlanguage = CommonUtils::getConfigValue($pdo,"billlanguage",null); $hotelinterface = CommonUtils::getConfigValue($pdo,"hotelinterface",0); $hsinfile = CommonUtils::getConfigValue($pdo,"hsinfile",null); $hsoutfile = CommonUtils::getConfigValue($pdo,"hsoutfile",null); $hscurrency = CommonUtils::getConfigValue($pdo,"hscurrency",null); $currency = CommonUtils::getConfigValue($pdo,"currency",null); $receiptfontsize = CommonUtils::getConfigValue($pdo,"receiptfontsize",null); $reservationnote = CommonUtils::getConfigValue($pdo,"reservationnote",null); $paymentconfig = CommonUtils::getConfigValue($pdo,"paymentconfig",0); $workflowconfig = CommonUtils::getConfigValue($pdo,"workflowconfig",0); $addreceipttoprinter = CommonUtils::getConfigValue($pdo,"addreceipttoprinter",""); $printandqueuejobs = CommonUtils::getConfigValue($pdo,"printandqueuejobs",0); $cashenabled = CommonUtils::getConfigValue($pdo,"cashenabled",1); $returntoorder = CommonUtils::getConfigValue($pdo,"returntoorder",1); $beepcooked = CommonUtils::getConfigValue($pdo,"beepcooked",0); $restaurantmode = CommonUtils::getConfigValue($pdo,"restaurantmode",1); $smtphost = ""; $smtpauth = 1; $smtpuser = ""; $smtppass = ""; $smtpsecure = 1; $smtpport = ""; if ( (isset($_SESSION['is_admin']) && ($_SESSION['is_admin'] == 1)) || (isset($_SESSION['right_manager']) && ($_SESSION['right_manager'] == 1))) { $smtphost = CommonUtils::getConfigValue($pdo,"smtphost",""); $smtpauth = CommonUtils::getConfigValue($pdo,"smtpauth",1); $smtpuser = CommonUtils::getConfigValue($pdo,"smtpuser",""); $smtppass = CommonUtils::getConfigValue($pdo,"smtppass",""); $smtpsecure = CommonUtils::getConfigValue($pdo,"smtpsecure",1); $smtpport = CommonUtils::getConfigValue($pdo,"smtpport",""); } $discountname1 = trim(CommonUtils::getConfigValue($pdo, "discountname1", '')); $discountname2 = trim(CommonUtils::getConfigValue($pdo, "discountname2", '')); $discountname3 = trim(CommonUtils::getConfigValue($pdo, "discountname3", '')); $memorylimit = CommonUtils::getConfigValue($pdo,"memorylimit",256); $updateurl = CommonUtils::getConfigValue($pdo,"updateurl",""); $hs3refresh = CommonUtils::getConfigValue($pdo, "hs3refresh", 60); $paydeskid = CommonUtils::getConfigValue($pdo,"paydeskid",""); $aeskey = CommonUtils::getConfigValue($pdo,"aeskey",""); $certificatesn = CommonUtils::getConfigValue($pdo,"certificatesn",""); $rksvserver = CommonUtils::getConfigValue($pdo,"rksvserver",""); $webimpressum = CommonUtils::getConfigValue($pdo,"webimpressum",""); $userlang = 0; // of no interest, if not called from web $receiptprinter = 1; // of no interest, if not called from web $right_changeprice = 0; if ($userLoggedIn) { $userlang = $_SESSION["language"]; $receiptprinter = $_SESSION['receiptprinter']; $right_changeprice = ($_SESSION['right_changeprice'] ? 1 : 0); } date_default_timezone_set(DbUtils::getTimeZone()); $now = getdate(); $retVal = array("companyinfo" => $companyInfo, "rectemplate" => $rectemplate, "foodtemplate" => $foodtemplate, "drinktemplate" => $drinktemplate, "version" => $version, "decpoint" => $decpoint, "serverurl" => $serverurl, "email" => $email, "receiveremail" => $receiveremail, "billlanguage" => $billlanguage, "hotelinterface" => $hotelinterface, "hsinfile" => $hsinfile, "hsoutfile" => $hsoutfile, "hscurrency" => $hscurrency, "payprinttype" => $payprinttype, "tax" => $tax, "togotax" => $togotax, "currency" => $currency, "taxaustrianormal" => $taxaustrianormal, "taxaustriaerm1" => $taxaustriaerm1, "taxaustriaerm2" => $taxaustriaerm2, "taxaustriaspecial" => $taxaustriaspecial, "userlanguage" => $userlang, "receiptprinter" => $receiptprinter, "receiptfontsize" => $receiptfontsize, "reservationnote" => $reservationnote, "paymentconfig" => $paymentconfig, "workflowconfig" => $workflowconfig, "emailratingcontact" => $emailratingcontact,"emailbadrating" => $emailbadrating, "rightchangeprice" => $right_changeprice, "bigfontworkreceipt" => $bigfontworkreceipt, "prominentsearch" => $prominentsearch,"groupworkitems" => $groupworkitems, "sday" => $now["mday"],"smonth" => $now["mon"], "syear" => $now["year"], "shour" => $now["hours"], "smin" => $now["minutes"], "smtphost" => $smtphost,"smtpauth" => $smtpauth,"smtpuser" => $smtpuser,"smtppass" => $smtppass,"smtpsecure" => $smtpsecure,"smtpport" => $smtpport, "webimpressum" => $webimpressum, "cancelunpaidcode" => $cancelunpaidcode, "cancelguestcode" => $cancelguestcode, "discount1" => $discount1,"discount2" => $discount2,"discount3" => $discount3, "austria" => $austria, "digigopaysetready" => $digigopaysetready, "waitergopayprint" => $waitergopayprint, "oneprodworkreceipts" => $oneprodworkreceipts, "digiprintwork" => $digiprintwork, "memorylimit" => $memorylimit, "updateurl" => $updateurl, "hs3refresh" => $hs3refresh, "paydeskid" => $paydeskid, "aeskey" => $aeskey, "certificatesn" => $certificatesn, "rksvserver" => $rksvserver, "addreceipttoprinter" => $addreceipttoprinter, "printandqueuejobs" => $printandqueuejobs, "cashenabled" => $cashenabled, "returntoorder" => $returntoorder, "beepcooked" => $beepcooked,"restaurantmode" => $restaurantmode, "discountname1" => $discountname1,"discountname2" => $discountname2,"discountname3" => $discountname3 ); if ($forHtml) { echo json_encode(array("status" => "OK", "msg" => $retVal)); } else { return $retVal; } } else { if ($forHtml) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG)); } else { return null; } } } function getViewAfterLogin() { if ($this->isUserAlreadyLoggedInForPhp()) { $userid = $_SESSION['userid']; $modus = $_SESSION['modus']; $rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'], $_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'], $_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'], $_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_customers'],$_SESSION['right_manager'],$_SESSION['right_closing']); $right_rating = $_SESSION['right_rating']; if (self::isOnlyRatingUser($rights, $right_rating, true)) { echo json_encode("rating.html"); return; } $sql = "SELECT lastmodule FROM %user% WHERE id=? AND active='1'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(array($userid)); $row =$stmt->fetchObject(); $view = "preferences.html"; if ($row != null) { $newView = $row->lastmodule; if ($newView != null) { $view = $newView; if ($modus == 1) { if ($view == "waiter.html") { $view = "waiterdesktop.php"; } else if ($view == "paydesk.html") { $view = "waiterdesktop.php"; } } else { if ($view == "waiterdesktop.php") { $view = "waiter.html"; } } } } $mapping = array ( "waiter.html" => 'right_waiter', "kitchen.html" => 'right_kitchen', "bar.html" => 'right_bar', "supplydesk.html" => 'right_supply', "paydesk.html" => 'right_paydesk', "reports.html" => 'right_statistics', "bill.html" => 'right_bill', "products.html" => 'right_products', "reservation.html" => 'right_reservation', "rating.html" => 'right_rating', "customers.html" => 'right_customers', "waiterdesktop.php" => 'right_waiter' ); $valid = false; if (($view == 'preferences.html') || ($view == 'feedback.html')) { $valid = true; } else if ($view == 'manager.html') { if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1) || ($_SESSION['right_closing'] == 1)) { $valid = true; } } else { if (($view == "index.html") || ($_SESSION[$mapping[$view]] == 1)) { $valid = true; } } if ($valid == false) { $view = "preferences.html"; } echo json_encode($view . "?v=1.3.9"); } } function isLoggedinUserAdmin() { if ($this->isCurrentUserAdmin()) { echo json_encode(YES); } else { echo json_encode(NO); } } // public static function startsWith($txt,$key) { // $ret = (substr($txt, 0, strlen($key)) === $key); // return (substr($txt, 0, strlen($key)) === $key); // } function isLoggedinUserAdminOrManagerOrTE() { if ($this->hasCurrentUserRight('is_admin')) { echo json_encode("admin"); } else if ($this->hasCurrentUserRight('right_manager')) { echo json_encode("manager"); } else if ($this->hasCurrentUserRight('right_closing')) { echo json_encode("closing"); } else { echo json_encode(NO); } } function isLoggedinUserKitchen() { if ($this->hasCurrentUserRight('right_kitchen')) { echo json_encode(YES); } else { echo json_encode(NO); } } function isLoggedinUserBar() { if ($this->hasCurrentUserRight('right_bar')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasUserPaydeskRight() { if ($this->hasCurrentUserRight('right_paydesk')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasUserReservationRight() { if ($this->hasCurrentUserRight('right_reservation')) { echo json_encode(YES); } else { echo json_encode(NO); } } function hasCurrentUserRight($whichRight) { if(session_id() == '') { session_start(); } if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { return false; } else { return ($_SESSION[$whichRight]); } } function isCurrentUserAdmin() { return $this->hasCurrentUserRight('is_admin'); } function fillSampleContentBySqlFile($pdo,$sqlFile) { $handle = fopen ($sqlFile, "r"); while (!feof($handle)) { $sql = fgets($handle); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } fclose ($handle); } private function assignTaxes($foodTax,$drinksTax) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); try { $sql = "UPDATE %products%,%prodtype% SET %products%.taxaustria=? WHERE %products%.category=%prodtype%.id AND %prodtype%.kind=? AND %products%.removed is null AND %prodtype%.removed is null"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($foodTax,0)); $stmt->execute(array($drinksTax,1)); HistFiller::readAllProdsAndFillHistByDb($pdo); $pdo->commit(); echo json_encode (array("status" => "OK")); } catch (Exception $e) { $pdo->rollBack(); echo json_encode(array("status" => "ERROR", "code" => NUMBERFORMAT_ERROR, "msg" => NUMBERFORMAT_ERROR_MSG)); } } private function fillSpeisekarte($speisekarte) { $pdo = $this->dbutils->openDbAndReturnPdo(); $pdo->beginTransaction(); $ret = $this->fillSpeisekarteCore($pdo,$speisekarte); if ($ret["status"] != "OK") { $pdo->rollBack(); } else { $pdo->commit(); } echo json_encode($ret); } public function fillSpeisekarteCore($pdo,$speisekarte) { $sql = "DELETE FROM %extrasprods%"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt->execute(); $speisekartenHandler = new TypeAndProductFileManager(); $ret = $speisekartenHandler->manageSpeisekarte($pdo,$speisekarte); return $ret; } private function fillSampleContent() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "DELETE FROM `%queue%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $this->fillSampleContentBySqlFile($pdo,"samples/queuecontent.txt"); $sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $sql = "DELETE FROM `%histuser%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $sql = "DELETE FROM `%user%`"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $this->fillSampleContentBySqlFile($pdo,"samples/usercontent.txt"); $this->histfiller->readUserTableAndSendToHist($pdo); } function getJsonMenuItemsAndVersion() { echo json_encode($this->getJsonMenuItemsAndVersionCore()); } /* * Return all the entries for the main menu (the modules) */ private function getJsonMenuItemsAndVersionCore() { if(session_id() == '') { session_start(); } $mainMenu = array(); $currentUser = ""; $waiterMessage = ""; $loggedIn = true; if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { $mainMenu[] = array("name" => "Startseite", "link" => "index.html"); $loggedIn = false; } else { $lang = $_SESSION['language']; $waiterdesktxt = array("Kellneransicht","Waiter's View","Vista de camareros"); $kitchentxt = array("Küche","Kitchen","Cocina"); $waitertxt = array("Bestellung","Orderdesk","Camarero"); $paydesktxt = array("Kasse","Paydesk","Caja"); $settingtxt = array("Einstellungen","Preferences","Propriedades"); $admintxt = array("Verwaltung","Administration","Administrar"); $supplytxt = array("Bereitstellung","Supply desk","Preparado"); $prodtxt = array("Angebot","Products","Productos"); $restxt = array("Reservierung","Reservation","Reserva"); $bontxt = array("Kassenbons","Receipts","Tiques"); $stattxt = array("Statistik","Statistics","Estadisticas"); $ratingtxt = array("Bewertung","Rating","Valoración"); $customerstxt = array("Gäste","Guests","Clientes"); $logout = array("Abmelden","Log out","Adios"); $rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'], $_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'], $_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'], $_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_customers'], $_SESSION['right_manager'],$_SESSION['right_closing']); $right_rating = $_SESSION['right_rating']; if (!self::isOnlyRatingUser($rights, $right_rating, true)) { if ($_SESSION['modus'] == 0) { if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.3.9"); }; } else { if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waiterdesktxt[$lang], "link" => "waiterdesktop.php?v=1.3.9"); }; } if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.3.9"); }; if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.3.9"); }; if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.3.9"); }; if ($_SESSION['modus'] == 0) { if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html?v=1.3.9"); }; } if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.3.9"); }; if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.3.9"); }; if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.3.9"); }; if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.3.9"); }; if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.3.9"); }; if ($_SESSION['right_customers']) { $mainMenu[] = array("name" => $customerstxt[$lang], "link" => "customers.html?v=1.3.9"); }; if ($_SESSION['right_manager'] || $_SESSION['is_admin'] || $_SESSION['right_closing']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.3.9"); }; $mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.3.9"); $mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.3.9"); } $mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php"); $currentUser = $_SESSION['currentuser']; $waiterMessage = $this->getMessage(null, "waitermessage"); } $mainMenuAndVersion = array ("version" => "OrderSprinter 1.3.9", "user" => $currentUser, "menu" => $mainMenu, "waitermessage" => $waiterMessage, "loggedin" => ($loggedIn ? 1:0) ); return($mainMenuAndVersion); } private function getWaiterMessage() { try { $pdo = DbUtils::openDbAndReturnPdoStatic(); $waiterMessage = $this->getMessage(null, "waitermessage"); echo json_encode(array("status" => "OK","msg" => $waiterMessage)); } catch (Exception $e) { echo json_encode(array("status" => "ERROR","msg" => "Error: $e")); return; } } private function getHotelInfo($pdo) { try { $hotelinterface = CommonUtils::getConfigValue($pdo, "hotelinterface", 0); $guests = array(); if ($hotelinterface == 1) { $sql = "SELECT reservationid,object,guest FROM %hsout%"; $guests = CommonUtils::fetchSqlAll($pdo, $sql, null); } return(array("status" => "OK","hotelinterface" => $hotelinterface,"guests" => $guests)); } catch (Exception $e) { return(array("status" => "ERROR","hotelinterface" => 0,"guests" => array())); } } private function getGuestInfo($pdo) { try { $sql = "SELECT %customers%.id as id,%customers%.id as object,CONCAT(IFNULL(name,''),' - ',IFNULL(room,'')) as guest FROM %customers%,%vacations% where %customers%.id=%vacations%.customerid AND ((checkin <= CURDATE()) AND (CURDATE() <= checkout)) GROUP BY id"; $guests = CommonUtils::fetchSqlAll($pdo, $sql, null); return(array("status" => "OK","guests" => $guests)); } catch (Exception $ex) { return(array("status" => "ERROR")); } } function getUserList() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); echo json_encode($result); } function setTime($day,$month,$year,$hour,$min) { if (!($this->userrights->hasCurrentUserRight('is_admin'))) { echo json_encode (array("status" => "ERROR","msg" => "Benutzerrechte nicht ausreichend!")); return false; } else { $txt = sprintf("%02d", $month) . sprintf("%02d", $day) . sprintf("%02d", $hour) . sprintf("%02d", $min) . $year = substr($year, -2);; try { if (substr(php_uname(), 0, 7) == "Windows"){ echo json_encode (array("status" => "ERROR","msg" => "Zeit auf Windows-Server kann nicht gesetzt werden!")); return false; } else { $cmd = "date \"$txt\""; shell_exec($cmd . " > /dev/null &"); } } catch(Exception $e) { echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG)); } $this->getGeneralConfigItems(true,null); } } function createNewUser() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $username = $_POST['username']; $isAdmin = $_POST['isAdmin']; $password = $_POST['password']; $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND username=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($username)); $row = $stmt->fetchObject(); if ($row->countid > 0) { echo json_encode(array("status" => "ERROR", "code" => ERROR_NAME_EXISTS_ALREADY, "msg" => ERROR_NAME_EXISTS_ALREADY_MSG)); return; } else { if(session_id() == '') { session_start(); } $lang = $_SESSION['language']; if ($isAdmin && !($this->isCurrentUserAdmin())) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_NOT_ADMIN, "msg" => ERROR_COMMAND_NOT_ADMIN_MSG)); return; } else { $password_hash = md5($password); $keys = array('id','userpassword','language'); $vals = array(null,$password_hash,$lang); $quests = array('?','?','?'); foreach(DbUtils::$userCols as $userCol) { if (!is_null($userCol["new"])) { $quests[] = '?'; $keys[] = $userCol["col"]; $vals[] = $_POST[$userCol['new']]; } else if (isset($userCol["default"])) { $quests[] = '?'; $keys[] = $userCol["col"]; $vals[] = $userCol["default"]; } } $keysStr = join(",",$keys); $questsStr = join(",",$quests); $userInsertSql = "INSERT INTO %user% (" . $keysStr . ") VALUES(" . $questsStr . ")"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userInsertSql)); $stmt->execute($vals); $lastId = $pdo->lastInsertId(); echo json_encode(array("status" => "OK")); } } HistFiller::createUserInHist($pdo,$lastId); } function getPayPrintType() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->sendJsonValueFromConfigTable($pdo,'payprinttype'); } function getPayments() { if(session_id() == '') { session_start(); } $pdo = $this->dbutils->openDbAndReturnPdo(); $hotelinterface = CommonUtils::getConfigValue($pdo, "hotelinterface", 0); $where = " WHERE id <> 7"; if ($hotelinterface != 0) { $where = ""; } $lang = $_SESSION['language']; $sql = "SELECT id,name FROM %payment% $where"; if ($lang == 1) { $sql = "SELECT id,name_en as name FROM %payment% $where"; } else if ($lang == 2) { $sql = "SELECT id,name_esp as name FROM %payment% $where"; } $stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); $stmt_query->execute(); $result = $stmt_query->fetchAll(); $retArray = array(); foreach($result as $row) { $entry = array("id"=> $row['id'], "name" => $row['name']); $retArray[] = $entry; } $hotelinfo = $this->getHotelInfo($pdo); $internalguests = $this->getGuestInfo($pdo); echo json_encode(array("payments" => $retArray, "hotelinterface" => $hotelinfo["hotelinterface"],"guests" => $hotelinfo["guests"],"internalguests" => $internalguests["guests"])); } function sendJsonValueFromConfigTable($pdo,$whichValue) { $theVal = CommonUtils::getConfigValue($pdo, $whichValue, ""); if ($theVal == null) { echo json_encode(""); } else { echo json_encode($theVal); } } private function deletelogo() { $pdo = $this->dbutils->openDbAndReturnPdo(); $this->changeOneConfigDbItem($pdo, "logoimg", null,"%logo%",false); echo json_encode("OK"); } private function readlogo() { if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if(!file_exists($_FILES['logofile']['tmp_name']) || !is_uploaded_file($_FILES['logofile']['tmp_name'])) { header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben."); exit(); } $content = file_get_contents($_FILES['logofile']['tmp_name']); if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if (strlen($content) > 65535) { header("Location: ../infopage.html?e=manager.html=Logobild_muss_kleiner_als_64_Kilobytes_sein!"); exit(); } $pdo = $this->dbutils->openDbAndReturnPdo(); $this->changeOneConfigDbItem($pdo, "logoimg", $content,"%logo%",false); header("Location: ../infopage.html?i=manager.html=Import_war_erfolgreich."); /* Browser umleiten */ exit; } function changeConfig($changedValues) { $pdo = $this->dbutils->openDbAndReturnPdo(); $assoc_vals = array( "usstval" => array("dbcol" => "tax","checknum" => 1), "togotaxval" => array("dbcol" => "togotax","checknum" => 1), "taxaustrianormalval" => array("dbcol" => "taxaustrianormal","checknum" => 1), "taxaustriaerm1val" => array("dbcol" => "taxaustriaerm1","checknum" => 1), "taxaustriaerm2val" => array("dbcol" => "taxaustriaerm2","checknum" => 1), "taxaustriaspecialval" => array("dbcol" => "taxaustriaspecial","checknum" => 1), "stornocode" => array("dbcol" => "stornocode","checknum" => 0), "printpass" => array("dbcol" => "printpass","checknum" => 0), "companyinfo" => array("dbcol" => "companyinfo","checknum" => 0), "rectemplate" => array("dbcol" => "rectemplate","checknum" => 0), "foodtemplate" => array("dbcol" => "foodtemplate","checknum" => 0), "drinktemplate" => array("dbcol" => "drinktemplate","checknum" => 0), "serverUrl" => array("dbcol" => "serverurl","checknum" => 0), "email" => array("dbcol" => "email","checknum" => 0), "emailbadrating" => array("dbcol" => "emailbadrating","checknum" => 0), "emailratingcontact" => array("dbcol" => "emailratingcontact","checknum" => 0), "receiveremail" => array("dbcol" => "receiveremail","checknum" => 0), "payprinttype" => array("dbcol" => "payprinttype","checknum" => 0), "paymentconfig" => array("dbcol" => "paymentconfig","checknum" => 0), "addreceipttoprinter" => array("dbcol" => "addreceipttoprinter", "checknum" => 0), "bigfontworkreceipt" => array("dbcol" => "bigfontworkreceipt","checknum" => 0), "prominentsearch" => array("dbcol" => "prominentsearch","checknum" => 0), "discount1" => array("dbcol" => "discount1","checknum" => 0), "discount2" => array("dbcol" => "discount2","checknum" => 0), "discount3" => array("dbcol" => "discount3","checknum" => 0), "austria" => array("dbcol" => "austria","checknum" => 0), "digigopaysetready" => array("dbcol" => "digigopaysetready","checknum" => 0), "waitergopayprint" => array("dbcol" => "waitergopayprint","checknum" => 0), "oneprodworkreceipts" => array("dbcol" => "oneprodworkreceipts","checknum" => 0), "digiprintwork" => array("dbcol" => "digiprintwork","checknum" => 0), "groupworkitems" => array("dbcol" => "groupworkitems","checknum" => 0), "workflowconfig" => array("dbcol" => "workflowconfig","checknum" => 0), "receiptfontsize" => array("dbcol" => "receiptfontsize","checknum" => 0), "billlanguage" => array("dbcol" => "billlanguage","checknum" => 0), "hotelinterface" => array("dbcol" => "hotelinterface","checknum" => 0), "hsinfile" => array("dbcol" => "hsinfile","checknum" => 0), "hsoutfile" => array("dbcol" => "hsoutfile","checknum" => 0), "hscurrency" => array("dbcol" => "hscurrency","checknum" => 0), "reservationnote" => array("dbcol" => "reservationnote","checknum" => 0), "remoteaccesscode" => array("dbcol" => "remoteaccesscode","checknum" => 0), "webimpressum" => array("dbcol" => "webimpressum","checknum" => 0), "cancelunpaidcode" => array("dbcol" => "cancelunpaidcode","checknum" => 0), "cancelguestcode" => array("dbcol" => "cancelguestcode","checknum" => 0), "printandqueuejobs" => array("dbcol" => "printandqueuejobs","checknum" => 0), "cashenabled" => array("dbcol" => "cashenabled","checknum" => 0), "returntoorder" => array("dbcol" => "returntoorder","checknum" => 0), "beepcooked" => array("dbcol" => "beepcooked","checknum" => 0), "restaurantmode" => array("dbcol" => "restaurantmode","checknum" => 0), "smtphost" => array("dbcol" => "smtphost","checknum" => 0), "smtpauth" => array("dbcol" => "smtpauth","checknum" => 1), "smtpuser" => array("dbcol" => "smtpuser","checknum" => 0), "smtppass" => array("dbcol" => "smtppass","checknum" => 0), "smtpsecure" => array("dbcol" => "smtpsecure","checknum" => 1), "smtpport" => array("dbcol" => "smtpport","checknum" => 0), "discountname1" => array("dbcol" => "discountname1","checknum" => 0), "discountname2" => array("dbcol" => "discountname2","checknum" => 0), "discountname3" => array("dbcol" => "discountname3","checknum" => 0), "memorylimit" => array("dbcol" => "memorylimit","checknum" => 0), "updateurl" => array("dbcol" => "updateurl","checknum" => 0), "hs3refresh" => array("dbcol" => "hs3refresh","checknum" => 0), "paydeskid" => array("dbcol" => "paydeskid","checknum" => 0), "aeskey" => array("dbcol" => "aeskey","checknum" => 0), "certificatesn" => array("dbcol" => "certificatesn","checksum" => 0), "rksvserver" => array("dbcol" => "rksvserver","checksum" => 0) ); $problem = false; foreach ($changedValues as $aChangeSet) { $name = $aChangeSet['name']; $aVal = $aChangeSet['value']; if ($name == "payprinttype") { if (((string)$aVal) == "1") { $aVal = "l"; } if (((string)$aVal) == "2") { $aVal = "s"; } } if ($name == 'addreceipttoprinter') { if ((((string)$aVal) == "0") || (!is_numeric($aVal))) { $aVal = null; } } if ($name == "remoteaccesscode") { if (((string)$aVal) == "") { $aVal = null; } else { $aVal = md5($aVal); } } if ($name == "printpass") { $aVal = md5($aVal); } if ($name == "memorylimit") { $aVal = trim($aVal); if ($aVal != "-1") { if (!ctype_digit($aVal)) { $aVal = "256"; } $aVal = intval($aVal); if (($aVal < 64) || ($aVal > 65535)) { $aVal = 256; } } } if ($name == "updateurl") { $aVal = trim($aVal); } if ($name == "hs3refresh") { $aVal = trim($aVal); if (!ctype_digit($aVal)) { $aVal = "60"; } $aVal = intval($aVal); if ($aVal < 5) { $aVal = 60; } } $association = $assoc_vals[$name]; $dbcol = $association["dbcol"]; $check = $association["checknum"]; if ($check == 1) { if (is_numeric($aVal)) { $this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true); } else { $problem = true; } } else { $this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true); } } if (!$problem) { echo json_encode(array("status" => "OK")); } else { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG)); } } function changeOneConfigDbItem($pdo,$theItem,$theValue,$table,$doHist) { $sql = "SELECT setting from $table WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theItem)); $row = $stmt->fetchObject(); if ($stmt->rowCount() > 0) { $sql = "UPDATE $table SET setting=? WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theValue,$theItem)); } else { $sql = "INSERT INTO `$table` (`id` , `name`,`setting`) VALUES (NULL , ? , ?)"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theItem,$theValue)); } if ($doHist) { $this->histfiller->updateConfigInHist($pdo,$theItem, $theValue); } } private function findActiveUserWithName($username) { $sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'"; $pdo = $this->dbutils->openDbAndReturnPdo(); $stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id)); $row =$stmt_query->fetchObject(); $theUserId = $row->id; return $theUserId; } function updateUser() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $theUserId = $_POST['userid']; $isAdmin = $_POST['isAdmin']; $sql = "SELECT username,is_admin FROM %user% WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theUserId)); $row = $stmt->fetchObject(); $userToModIsAdmin = $row->is_admin; $doChangeAdminRights = false; if ($isAdmin != $userToModIsAdmin) { $doChangeAdminRights = true; } if ($doChangeAdminRights && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $keys = array(); $vals = array(); foreach(DbUtils::$userCols as $userCol) { if (!is_null($userCol["update"])) { $keys[] = $userCol["col"] . "=?"; $vals[] = $_POST[$userCol["update"]]; } } $vals[] = $theUserId; $keysStr = join(",",$keys); $sql = "UPDATE %user% SET " . $keysStr . " WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute($vals); HistFiller::updateUserInHist($pdo,$theUserId); echo json_encode("OK"); } } function deleteUser($theUserId) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theUserId)); $row =$stmt->fetchObject(); $userToDelIsAdmin = ($row->is_admin == 1 ? true : false); if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND is_admin='1' AND id <> ?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($theUserId)); $row = $stmt->fetchObject(); $numberOfOtherAdmins = $row->countid; if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) { echo json_encode("lastadmin"); } else { $userSql = "UPDATE %user% set active='0' WHERE id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); $stmt->execute(array($theUserId)); HistFiller::updateUserInHist($pdo,$theUserId); echo json_encode("OK"); } } } function getCurrentUser() { if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) { echo json_encode("Nobody"); } else { echo json_encode($_SESSION['currentuser']); } } function changepassword($userid,$password) { $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "SELECT count(id) as countid FROM %user% WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $row = $stmt->fetchObject(); if ($row->countid == 0) { echo json_encode("ERROR"); return; } $sql = "SELECT is_admin FROM %user% WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($userid)); $row = $stmt->fetchObject(); $userToChgPassIsAdm = false; if ($row->is_admin == 1) { $userToChgPassIsAdm = true; } if(session_id() == '') { session_start(); } $otherUser = false; if ($_SESSION['userid'] != $userid) { $otherUser = true; } if ($otherUser && $userToChgPassIsAdm && !($this->isCurrentUserAdmin())) { echo json_encode("noadmin"); } else { $password_hash = md5($password); $userSql = "UPDATE %user% set userpassword=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($userSql)); $stmt->execute(array($password_hash,$userid)); echo json_encode("OK"); } } function setUserLanguage($language) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $_SESSION['language'] = intval($language); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set language=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($language,$currentuserid)); echo json_encode("OK"); } function setUserReceiptPrinter($printer) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $_SESSION['receiptprinter'] = intval($printer); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set receiptprinter=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($printer,$currentuserid)); echo json_encode("OK"); } function setBtnSize($btn,$size) { if(session_id() == '') { session_start(); } $currentuserid = $_SESSION['userid']; $assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize"); $_SESSION[$assoc[$btn]] = intval($size); $pdo = DbUtils::openDbAndReturnPdoStatic(); $sql = "UPDATE %user% set " . $assoc[$btn] . "=? WHERE active='1' AND id=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($size,$currentuserid)); echo json_encode("OK"); } function changeOwnPassword($oldpassword,$newpassword) { if(session_id() == '') { session_start(); } $currentuser = $_SESSION['currentuser']; $oldp_hash = md5($oldpassword); $pdo = DbUtils::openDbAndReturnPdoStatic(); $ok = true; $sql = "SELECT count(id) as countid FROM %user% WHERE username=? AND active='1'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($currentuser)); $row = $stmt->fetchObject(); if ($row->countid == 0) { echo json_encode("FAILED"); return; } $sql = "SELECT userpassword FROM %user% WHERE username=? AND active='1'"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($currentuser)); $row = $stmt->fetchObject(); if ($row->userpassword != $oldp_hash) { $ok = false; } if ($ok) { $newp_hash = md5($newpassword); $sql = "UPDATE %user% set userpassword=? WHERE active='1' AND username=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array($newp_hash,$currentuser)); echo json_encode("OK"); } else { echo json_encode("FAILED"); } } private function writeCsvHeader($defaultFilename) { header("Content-type: text/x-csv"); header("Content-Disposition: attachment; filename=$defaultFilename"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); header("Expires: 0"); } private function exportConfigCsv() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-config.csv"); echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n"); $sql = "SELECT DISTINCT %hist%.id as id,date,"; $sql .= "%config%.name as configitem,%histconfig%.setting as setting,description "; $sql .= " FROM %hist%, %histconfig%, %histactions%, %config% "; $sql .= " WHERE (refid=%histconfig%.id) "; $sql .= " AND %histconfig%.configid = %config%.id "; $sql .= " AND (action='2' OR action='6') "; $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['configitem']; $val4 = str_replace("\r\n","",$zeile['setting']); $val4 = str_replace("\n","",$val4); $val5 = $zeile['description']; echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n"; } } private function exportLog() { header("Content-type: text/plain"); header("Content-Disposition: attachment; filename=server.log"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Pragma: no-cache"); header("Expires: 0"); $pdo = DbUtils::openDbAndReturnPdoStatic(); echo CommonUtils::getLog($pdo); } private function exportUserCsv() { $pdo = DbUtils::openDbAndReturnPdoStatic(); $this->writeCsvHeader("datenexport-benutzer.csv"); echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Gästerechte; Tageserfassungsrecht; Managerrechte; Aktiviert\n"); $sql = "SELECT DISTINCT %hist%.id as id,date,"; $sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,"; $sql .= "right_paydesk,right_statistics,right_bill,right_products,right_rating,right_changeprice,right_customers,right_closing,right_manager,active,"; $sql .= "description "; $sql .= " FROM %hist%, %histuser%, %histactions% "; $sql .= " WHERE (refid=%histuser%.id) "; $sql .= " AND (action='3' OR action='7' OR action='8') "; $sql .= " AND (action=%histactions%.id) "; $sql .= " ORDER BY date,id"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); foreach($result as $zeile) { $val1 = $zeile['id']; $val2 = $zeile['date']; $val3 = $zeile['userid']; $val4 = $zeile['username']; $val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein"); $val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein"); $val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein"); $val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein"); $val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein"); $val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein"); $val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein"); $val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein"); $val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein"); $val14 = ($zeile['right_rating'] == '1' ? "Ja" : "Nein"); $val15 = ($zeile['right_changeprice'] == '1' ? "Ja" : "Nein"); $val16 = ($zeile['right_customers'] == '1' ? "Ja" : "Nein"); $val17 = ($zeile['right_closing'] == '1' ? "Ja" : "Nein"); $val18 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein"); $val19 = ($zeile['active'] == '1' ? "Ja" : "Nein"); $val20 = $zeile['description']; echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;"; echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18;$val19;$val20\n"; } } /** * Create a temporary directory in PHP's temp folder */ private function createDirectoryInTemp($tmpFolder) { $tmpFolder = trim($tmpFolder); if ($tmpFolder == "") { $tempfile=tempnam(sys_get_temp_dir(),''); } else { $tempfile=tempnam($tmpFolder,''); } if (is_null($tempfile) || ($tempfile== "")) { return null; } if (file_exists($tempfile)) { unlink($tempfile); } mkdir($tempfile); if (is_dir($tempfile)) { $tempfile = str_replace('\\','/',$tempfile); return $tempfile; } else { return null; } } private function getConfigTablesToBackupRestore() { return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods"); } private function getConfigGuestsTablesToBackupRestore() { return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods","customers","groups","groupcustomer","vacations"); } private function getAllTablesToBackupRestore() { return array("closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config", "user","reservations","customers","groups","groupcustomer","vacations","bill","customerlog","queue","billproducts","hsin","hsout","comments","histprod","histconfig","histuser","histactions","hist", "extras","extrasprods","queueextras"); } private function getAllWithLogsTablesToBackupRestore() { return array("log","closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config", "user","reservations","customers","groups","groupcustomer","vacations","bill","customerlog","queue","billproducts","hsin","hsout","comments","histprod","histconfig","histuser","histactions","hist", "extras","extrasprods","queueextras"); } public function backup($theType,$remoteaccesscode) { date_default_timezone_set(DbUtils::getTimeZone()); $nowtime = date('Y-m-d'); $pdo = DButils::openDbAndReturnPdoStatic(); if ($theType == "auto") { $code = CommonUtils::getConfigValue($pdo, 'remoteaccesscode', null); if (is_null($code)) { echo "No remote access code available - backup not allowed"; return; } if (is_null($code) || (trim($code) == "")) { echo "No remote access code set - backup not allowed"; return; } if ($code != md5($remoteaccesscode)) { echo "Wrong remote access code used - backup not allowed"; return; } } $pdo->beginTransaction(); $genInfo = $this->getGeneralConfigItems(false, $pdo); $version = $genInfo["version"]; $fileName = "backup-" . $version . "_" . $nowtime . "-configuration.json"; if ($theType == "all") { $fileName = "backup-" . $version . "_" . $nowtime . "-all.json"; } else if ($theType == "alllogs") { $fileName = "backup-" . $version . "_" . $nowtime . "-all-logs.json"; } else if ($theType == "confandguests") { $fileName = "backup-" . $version . "_" . $nowtime . "-guests.json"; } if ($theType == "configuration") { $tables = $this->getConfigTablesToBackupRestore(); } else if ($theType == "confandguests") { $tables = $this->getConfigGuestsTablesToBackupRestore(); } else if (($theType == "all") || ($theType == "auto")) { HistFiller::insertSaveHistEntry($pdo); $tables = $this->getAllTablesToBackupRestore(); } else { HistFiller::insertSaveHistEntry($pdo); $tables = $this->getAllWithLogsTablesToBackupRestore(); } $binaryFields = array("signature","img","setting","content"); $dbcontent = array(); foreach($tables as $table) { $sql = "DESCRIBE %$table%"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $fields = $stmt->fetchAll(PDO::FETCH_COLUMN); $fieldstr = implode(",",$fields); $sql = "SELECT $fieldstr from %$table%"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); $tableContent = array(); foreach($result as $row) { $fieldContent = array(); foreach($fields as $field) { if (in_array($field,$binaryFields)) { $aFieldEntry = array("fieldname" => $field,"value" => base64_encode($row[$field])); } else { $aFieldEntry = array("fieldname" => $field,"value" => $row[$field]); } $fieldContent[] = $aFieldEntry; }; $tableContent[] = $fieldContent; } $dbcontent[] = array("table" => $table, "content" => $tableContent); } $pdo->commit(); $retStr = json_encode($dbcontent); ob_start(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"$fileName\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: ". strlen($retStr)); echo $retStr; ob_end_flush(); } private function restore() { set_time_limit(60*20); if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK //checks for errors && is_uploaded_file($_FILES['userfile']['tmp_name'])) { //checks that file is uploaded header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden."); exit(); } if(!file_exists($_FILES['userfile']['tmp_name'])) { header("Location: ../infopage.html?e=manager.html=Datei_existiert_nicht._Bitte_PHP-Variablen_upload_max_filesize_und_post_max_size_checken."); exit(); } if(!is_uploaded_file($_FILES['userfile']['tmp_name'])) { header("Location: ../infopage.html?e=manager.html=Datei_konnte_nicht_hochgeladen_werden."); exit(); } $binaryFields = array("signature","img","setting","content"); $content = file_get_contents($_FILES['userfile']['tmp_name']); $basedb = new Basedb(); $basedb->setPrefix(TAB_PREFIX); $basedb->setTimeZone(DbUtils::getTimeZone()); $pdo = DbUtils::openDbAndReturnPdoStatic(); $pdo->beginTransaction(); $genInfo = $this->getGeneralConfigItems(false, $pdo); $version = $genInfo["version"]; $timezone = DbUtils::getTimeZone(); $dbContent = json_decode($content,true); foreach($dbContent as $table) { if ($table['table'] == 'config') { $foundConfigItem = null; foreach($table['content'] as $aConfigItem) { foreach($aConfigItem as $aConfigDbPart) { if (($aConfigDbPart['fieldname'] == 'name') && ($aConfigDbPart['value'] == 'version')) { $foundConfigItem = $aConfigItem; break; } } } if (!is_null($foundConfigItem)) { foreach($foundConfigItem as $aConfigDbPart) { if ($aConfigDbPart['fieldname'] == 'setting') { $bakVersion = base64_decode($aConfigDbPart['value']); if ($bakVersion != $version) { header("Location: ../infopage.html?e=manager.html=Backup_hat_die_falsche_Version:_$bakVersion."); exit(); } } } } } } $basedb->dropTables($pdo); $basedb->createEmptyTables($pdo); $typeIsOnlyConfig = true; foreach($dbContent as $table) { $tablename = "%" . $table['table'] . "%"; $tablecontent = $table['content']; if ($table['table'] == "queue") { $typeIsOnlyConfig = false; } if ($table['table'] == "bill") { $sql = "SET FOREIGN_KEY_CHECKS = 0"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } foreach($tablecontent as $row) { $cols = array(); $vals = array(); $quests = array(); foreach ($row as $field) { $fieldname = $field['fieldname']; $cols[] = $fieldname; if (in_array($fieldname, $binaryFields)) { $vals[] = base64_decode($field['value']); } else { $vals[] = $field['value']; } $quests[] = '?'; } $colstr = implode(",",$cols); $queststr = implode(",",$quests); $sql = "INSERT INTO $tablename ($colstr) VALUES ($queststr)"; $stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql)); try { $stmt->execute($vals); } catch (Exception $e) { } } if ($table['table'] == "bill") { $sql = "SET FOREIGN_KEY_CHECKS = 1"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); } } if (!$typeIsOnlyConfig) { HistFiller::insertRestoreHistEntry($pdo); } $basedb->signLastBillid($pdo); $setVersion = "update %config% set setting=? where name='version'"; $stmt = $pdo->prepare($basedb->resolveTablenamesInSqlString($setVersion)); $stmt->execute(array($version)); $sql = "SELECT name FROM %config% WHERE name=?"; $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(array("timezone")); $row = $stmt->fetchObject(); if ($stmt->rowCount() == 0) { $this->changeOneConfigDbItem($pdo, "timezone", $timezone, "%config%", true); } $pdo->commit(); if(session_id() == '') { session_start(); } $_SESSION = array(); // Swipe via memory if (ini_get("session.use_cookies")) { // Prepare and swipe cookies $params = session_get_cookie_params(); // clear cookies and sessions setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } ini_set('session.gc_max_lifetime', 0); ini_set('session.gc_probability', 1); ini_set('session.gc_divisor', 1); session_destroy(); header("Location: ../infopage.html?i=index.html=Import_war_erfolgreich."); /* Browser umleiten */ exit; } private function shutdown() { try { if (substr(php_uname(), 0, 7) == "Windows"){ $comd = "shutdown /s /t 10"; pclose(popen("start /B ". $cmd, "r")); } else { chmod("shutdown.bat", "700"); $cmd = "sh < shutdown.bat"; exec($cmd . " > /dev/null &"); } echo json_encode(array("status" => "OK")); } catch(Exception $e) { echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG)); } } private function optimize() { set_time_limit(60 * 10); try { $pdo = DButils::openDbAndReturnPdoStatic(); self::doSql($pdo, "OPTIMIZE TABLE %queue%", null); self::doSql($pdo, "OPTIMIZE TABLE %billproducts%", null); self::doSql($pdo, "OPTIMIZE TABLE %extrasprods%", null); self::doSql($pdo, "OPTIMIZE TABLE %queueextras%", null); self::doSql($pdo, "OPTIMIZE TABLE %log%", null); echo json_encode(array("status" => "OK")); } catch (Exception $ex) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG)); } } private static function getForeignKeyName($pdo,$fromtable,$totable,$dbname,$default = null) { $foreignKey = null; try { $sql = "SELECT constraint_name as foreignkey FROM information_schema.REFERENTIAL_CONSTRAINTS WHERE constraint_schema = '$dbname' AND table_name = '%$fromtable%' AND REFERENCED_TABLE_NAME='%$totable%'"; $test = DbUtils::substTableAlias($sql); $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); $stmt->execute(); $result = $stmt->fetchAll(); if (count($result) != 1) { return $default; } $foreignKey = $result[0]["foreignkey"]; } catch (Exception $e) { return $default; } return $foreignKey; } private function golive() { set_time_limit(60*10); $pdo = DButils::openDbAndReturnPdoStatic(); try { $billprodref_fk = self::getForeignKeyName($pdo, 'billproducts', 'bill', MYSQL_DB); $queuebillref_fk = self::getForeignKeyName($pdo, 'queue', 'bill', MYSQL_DB); $billclosingref_fk = self::getForeignKeyName($pdo, 'bill', 'closing', MYSQL_DB); $billbillref_fk = self::getForeignKeyName($pdo, 'bill', 'bill', MYSQL_DB); $cuslogbillref_fk = self::getForeignKeyName($pdo, 'customerlog', 'bill', MYSQL_DB); } catch (Exception $ex) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG . " - impossible to get foreign keys: $e")); } try { self::doSql($pdo, "DELETE FROM %customerlog%", null); self::doSql($pdo, "DELETE FROM %hist%", null); self::doSql($pdo, "DELETE FROM %histprod%", null); self::doSql($pdo, "DELETE FROM %histconfig%", null); self::doSql($pdo, "DELETE FROM %histuser%", null); HistFiller::readUserTableAndSendToHist($pdo); $products = new Products(); $menu = $products->getSpeisekarte($pdo); if ($menu['status'] != "OK") { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG)); return; } else { self::doSql($pdo, "SET foreign_key_checks = 0;", null); self::doSql($pdo, "DELETE FROM %queueextras%", null); self::doSql($pdo, "DELETE FROM %extrasprods%", null); self::doSql($pdo, "DELETE FROM %extras%", null); self::doSql($pdo, "DELETE FROM %billproducts%", null); self::doSql($pdo, "DELETE FROM %queue%", null); self::doSql($pdo, "DELETE FROM %printjobs%", null); self::doSql($pdo, "DELETE FROM %bill%", null); self::doSql($pdo, "DELETE FROM %ratings%", null); self::doSql($pdo, "DELETE FROM %closing%", null); self::doSql($pdo, "SET foreign_key_checks = 1;", null); $ret = $this->fillSpeisekarteCore($pdo, $menu['msg']); self::doSql($pdo, "DELETE FROM %products% WHERE removed is not null", null); self::doSql($pdo, "SET foreign_key_checks = 0;", null); self::doSql($pdo, "DELETE FROM %prodtype% WHERE removed is not null", null); self::doSql($pdo, "SET foreign_key_checks = 1;", null); if ($ret["status"] != "OK") { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG)); return; } HistFiller::readAllProdsAndFillHistByDb($pdo); self::doSql($pdo, "DELETE w FROM %histprod% w INNER JOIN %hist% e ON refid=w.id WHERE action='4'", null); self::doSql($pdo, "DELETE FROM %hist% where action='4'", null); } self::doSql($pdo, "alter table %bill% drop foreign key $billbillref_fk", null); self::doSql($pdo, "alter table %customerlog% drop foreign key $cuslogbillref_fk", null); self::doSql($pdo, "alter table %billproducts% drop foreign key $billprodref_fk", null); self::doSql($pdo, "alter table %queue% drop foreign key $queuebillref_fk", null); self::doSql($pdo, "ALTER TABLE %bill% DROP id", null); self::doSql($pdo, "ALTER TABLE %bill% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST", null); self::doSql($pdo, "ALTER TABLE %bill% ADD CONSTRAINT $billbillref_fk FOREIGN KEY (ref) REFERENCES %bill%(id)", null); self::doSql($pdo, "ALTER TABLE %customerlog% ADD CONSTRAINT $cuslogbillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null); self::doSql($pdo, "ALTER TABLE %billproducts% ADD CONSTRAINT $billprodref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null); self::doSql($pdo, "ALTER TABLE %queue% ADD CONSTRAINT $queuebillref_fk FOREIGN KEY (billid) REFERENCES %bill%(id)", null); self::doSql($pdo, "alter table %bill% drop foreign key $billclosingref_fk", null); self::doSql($pdo, "ALTER TABLE %closing% DROP id", null); self::doSql($pdo, "ALTER TABLE %closing% ADD id INT (10) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST", null); self::doSql($pdo, "ALTER TABLE %bill% ADD CONSTRAINT $billclosingref_fk FOREIGN KEY (closingid) REFERENCES %closing%(id)", null); $basedb = new Basedb(); $basedb->setPrefix(TAB_PREFIX); $basedb->setTimeZone(DbUtils::getTimeZone()); $basedb->signLastBillid($pdo); $histFiller = new HistFiller(); $histFiller->readConfigTableAndSendToHist(); self::doSql($pdo, "DELETE FROM %resttables% WHERE removed is not null", null); self::doSql($pdo, "DELETE FROM %room% WHERE removed is not null", null); self::doSql($pdo, "DELETE FROM %reservations%", null); self::doSql($pdo, "DELETE FROM %groupcustomer%", null); self::doSql($pdo, "DELETE FROM %vacations%", null); self::doSql($pdo, "DELETE FROM %groups%", null); self::doSql($pdo, "DELETE FROM %customers%", null); echo json_encode(array("status" => "OK")); } catch(Exception $e) { echo json_encode(array("status" => "ERROR", "code" => ERROR_COMMAND_ERROR, "msg" => ERROR_COMMAND_ERROR_MSG . " - Error message: $e")); } } private static function doSql($pdo,$sql,$params) { $stmt = $pdo->prepare(DbUtils::substTableAlias($sql)); if (is_null($params)) { $stmt->execute(); } else { $stmt->execute($params); } } } ?>