ordersprinter/php/bill.php

408 lines
14 KiB
PHP

<?php
// Datenbank-Verbindungsparameter
require_once ('dbutils.php');
require_once ('commonutils.php');
class Bill {
var $dbutils;
function __construct() {
$this->dbutils = new DbUtils();
}
function handleCommand($command) {
if ($command == 'exportCsv') {
if ($this->hasCurrentUserAdminOrManagerRights()) {
// yes, we can export the data
$this->exportCsv($_GET['startMonth'],$_GET['startYear'],$_GET['endMonth'],$_GET['endYear']);
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG));
}
return;
}
if ($command == 'exportCsvOfClosing') {
if ($this->hasCurrentUserAdminOrManagerRights()) {
// yes, we can export the data
$this->exportCsvOfClosing($_GET['closingid']);
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_MANAGER_NOT_AUTHOTRIZED, "msg" => ERROR_MANAGER_NOT_AUTHOTRIZED_MSG));
}
return;
}
if ($this->hasCurrentUserBillRights()) {
if ($command == 'getLastBillsWithContent') {
$this->getLastBillsWithContent();
} else if ($command == 'cancelBill') {
$this->cancelBill($_POST['billid'],$_POST['stornocode']);
} else if ($command == 'doCashAction') {
$this->doCashAction($_POST['money']);
} else if ($command == 'getCashOverviewOfUser') {
$this->getCashOverviewOfUser();
} else {
echo "Command not supported.";
}
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_AUTHOTRIZED, "msg" => ERROR_BILL_NOT_AUTHOTRIZED_MSG));
}
}
// for internal request
private function hasCurrentUserBillRights() {
session_start();
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
return false;
} else {
return ($_SESSION['right_bill']);
}
}
// for internal request
private function hasCurrentUserAdminOrManagerRights() {
session_start();
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
// no user logged in
return false;
} else {
return ($_SESSION['right_manager'] || $_SESSION['is_admin']);
}
}
private function billWithId($billid) {
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$sql = "SELECT content FROM %bill% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($billid));
$row =$stmt->fetchObject();
if ($row != null) {
return stripslashes($row->content);
}
}
// TODO: needed???
function getBillWithId($billid) {
echo json_encode($this->billWithId($billid));
}
/*
* insert or take out cash money. The direction done by sign of $money value
*/
private function doCashAction($money) {
// current time
date_default_timezone_set('Europe/Berlin');
$currentTime = date('Y-m-d H:i:s');
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
$sql = "SELECT sum(brutto) as bruttosum FROM %bill% WHERE closingid is null AND paymentid='1'";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
$sum = $row->bruttosum;
if (is_null($sum)) {
// no transaction after last closing
$sum = 0.0;
}
if (($sum + floatval($money)) >= 0.0) {
$userId = $this->getUserId();
$sql = "INSERT INTO `%bill%` (`id` , `billdate`,`content`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`) VALUES ( NULL, ? , ?, ?,?,?, ?, 'c', ?,?,?)";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($currentTime,NULL,$money,$money,'0.00',-1,1,$userId,NULL));
$pdo->commit();
echo json_encode(array("status" => "OK"));
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT, "msg" => ERROR_BILL_LESS_MONEY_TO_TAKE_OUT_MSG));
}
} else {
$pdo->rollBack();
echo json_encode(array("status" => "ERROR", "code" => ERROR_GENERAL_PAYDESK_SUM, "msg" => ERROR_GENERAL_PAYDESK_SUM_MSG));
return;
}
}
/*
* User may ask what money he should have in his pocket by serving the guests. If the inserts and
* take outs are in in his waiter paydesk then this value is of interest, too. Return both.
*/
function getCashOverviewOfUser() {
$userId = $this->getUserId();
// without cash insert and cash takeout
$onlyCashByGuests = 0.0;
$pdo = $this->dbutils->openDbAndReturnPdo();
$sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND status is null AND paymentid=1 AND userid='$userId'";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
if ($row->sumtotal != null) {
$onlyCashByGuests = $row->sumtotal;
}
}
// with cash
$cashByGuestsAndInsertTakeOut = 0.0;
$sql = "SELECT sum(brutto) as sumtotal FROM %bill% WHERE closingid is null AND paymentid='1' AND userid='$userId' AND (status is null OR status ='c')";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute();
$row =$stmt->fetchObject();
if ($row != null) {
if ($row->sumtotal != null) {
$cashByGuestsAndInsertTakeOut = $row->sumtotal;
}
}
echo json_encode(array("guestmoney" => $onlyCashByGuests, "total" => $cashByGuestsAndInsertTakeOut));
}
function getLastBillsWithContent() {
$commonUtils = new CommonUtils();
$sql = "SELECT id,billdate,brutto,tableid,closingid,status FROM %bill% WHERE tableid >= '0' AND status is null ORDER BY billdate DESC LIMIT 20;";
$dbresult = $this->dbutils->performSqlCommand($sql);
$resultarray = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC))
{
$theId = $zeile['id'];
$theHtmlContentOfBill = $this->billWithId($theId);
$date = new DateTime($zeile['billdate']);
$shortdate = $date->format('H:i');
$closingID = $zeile['closingid'];
$isClosed = (is_null($closingID) ? 0 : 1);
$arr = array("id" => $theId,
"longdate" => $zeile['billdate'],
"shortdate" => $shortdate,
"brutto" => $zeile['brutto'],
"tablename" => $commonUtils->getTableNameFromId($zeile['tableid']),
"billcontent" => $theHtmlContentOfBill,
"isClosed" => $isClosed
);
$resultarray[] = $arr;
}
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "OK", "code" => OK, "msg" => $resultarray));
}
private function getUserId() {
if(session_id() == '') {
session_start();
}
return $_SESSION['userid'];
}
/*
* Cancel a bill - set all queue items to not paid and drop the bill entry
*/
private function cancelBill($billid,$stornocode) {
// current time
date_default_timezone_set('Europe/Berlin');
$currentTime = date('Y-m-d H:i:s');
// check if stornocode is correct
$sql = "SELECT setting FROM %config% WHERE name='stornocode'";
$dbresult = $this->dbutils->performSqlCommand($sql);
$numberOfVals = mysqli_num_rows($dbresult);
if ($numberOfVals != 1) {
// stornocode not fixed
mysqli_free_result( $dbresult );
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_NOT_STORNO_CODE, "msg" => ERROR_BILL_NOT_STORNO_CODE_MSG));
return;
}
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
$stornocodeInDb = $zeile['setting'];
mysqli_free_result( $dbresult );
if ($stornocode != $stornocodeInDb) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_STORNO_CODE, "msg" => ERROR_BILL_WRONG_STORNO_CODE_MSG));
return;
}
if (!is_numeric($billid)) {
// this may be an attack...
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_WRONG_NUMERIC_VALUE, "msg" => ERROR_BILL_WRONG_NUMERIC_VALUE_MSG));
return;
}
// Do transactional cancel
$pdo = $this->dbutils->openDbAndReturnPdo();
$pdo->beginTransaction();
// is the bill already closed? In this case no cancel is allowed!
$sql = "SELECT content,brutto,netto,tax,tableid,closingid,status,paymentid FROM %bill% WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($billid));
$row =$stmt->fetchObject();
$closingId = null;
if ($row != null) {
$closingId = $row->closingid;
// save the next data for a copy!
$content = $row->content;
$brutto = $row->brutto;
$netto = $row->netto;
$tax = $row->tax;
$tableid = $row->tableid;
$status = $row->status;
$paymentid = $row->paymentid;
}
if (!is_null($closingId) || ($status == 's') || ($status == 'x')) {
// no cancel possible anymore!
$pdo->rollBack();
if (($status == 's') || ($status == 'x')) {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CANCELLED, "msg" => ERROR_BILL_ALREADY_CANCELLED_MSG));
} else {
echo json_encode(array("status" => "ERROR", "code" => ERROR_BILL_ALREADY_CLOSED, "msg" => ERROR_BILL_ALREADY_CLOSED_MSG));
}
return;
}
// 0. find the queueitems that are related to that bill
$sql = "SELECT id FROM %queue% WHERE billid=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($billid));
$result = $stmt->fetchAll();
$queueIdArray = array();
foreach($result as $row) {
$queueIdArray[] = $row['id'];
}
// 1. clear connection between queue item and bill
$sql = "UPDATE %queue% SET paidtime=null WHERE billid=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($billid));
// 2. copy bill with negativ brutto as part of storno
$userIdOfStornoUser = $this->getUserId();
$stornval = 0.0 - floatval($brutto);
$stornonettoval = 0.0 - floatval($netto);
$sql = "INSERT INTO `%bill%` (`id` , `billdate`,`content`,`brutto`,`netto`,`tax`,`tableid`, `status`, `paymentid`,`userid`,`ref`) VALUES ( NULL, ? , ?, ?, ?,?,?, 's', ?,?,?)";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($currentTime,$content,$stornval,$stornonettoval,$tax,$tableid,$paymentid,$userIdOfStornoUser,$billid));
$refIdOfStornoEntry = $pdo->lastInsertId();
// 3. mark bill as part of storno
$sql = "UPDATE %bill% SET status='x', closingid=null, ref=? WHERE id=?";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
$stmt->execute(array($refIdOfStornoEntry,$billid));
// 4. now put the queue items into the billproducts so that later storno is evaluable
foreach ($queueIdArray as $aQueueid) {
$billProdsSql = "INSERT INTO `%billproducts%` (`queueid` , `billid`) VALUES ( ?,?)";
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($billProdsSql));
$stmt->execute(array($aQueueid,$refIdOfStornoEntry));
}
$pdo->commit();
// end of transactional cancel
echo json_encode(array("status" => "OK", "code" => OK));
return;
}
private function exportCsv($startMonth,$startYear,$endMonth,$endYear) {
$this->exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,null);
}
/*
* Method to export data of a special closing
*/
private function exportCsvOfClosing($closingid) {
$this->exportCsv_bin(null,null,null,null,$closingid);
}
private function exportCsv_bin($startMonth,$startYear,$endMonth,$endYear,$onlyClosingId) {
if ($onlyClosingId == null) {
if ($startMonth < 10) {
$startMonth = "0" . $startMonth;
}
if ($endMonth < 10) {
$endMonth = "0" . $endMonth;
}
$startDate = $startYear . "-" . $startMonth . "-01 00:00:00";
// now find last day of month of end date!
$endDate = $endYear . "-" . $endMonth . "-01";
$lastdayOfMonth = date("t", strtotime($endDate));
$endDate = $endYear . "-" . $endMonth . "-" . $lastdayOfMonth . " 23:59:59";
}
$file_name = "datenexport.csv";
header("Content-type: text/x-csv");
header("Content-Disposition: attachment; filename=$file_name");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
header("Expires: 0");
if ($onlyClosingId == null) {
echo("Bonid;Bondatum;Brutto;Netto;MwSt;Status;Referenzbon-ID;Benutzerid;Benutzername;Tageslosung-ID; Tageslosung-Datum; Zahlungsart; Tageslosung-Bemerkung\n");
} else {
// closing id is know - do not output unnecessary info
echo("Bonid;Bondatum;Brutto;Netto;MwSt;Status;Referenzbon-ID;Benutzerid;Benutzername;Zahlungsart\n");
}
// first get the billids for that closing
$billIdsForThatClosing = array();
$sql = "SELECT DISTINCT %bill%.id,billdate,brutto,netto,tax,status,closingdate,remark,%bill%.closingid,%payment%.name,userid,ref,username FROM %bill%,%closing%,%payment%,%user% ";
$sql .= "WHERE closingid is not null AND %bill%.closingid=%closing%.id ";
$sql .= " AND %bill%.paymentid=%payment%.id ";
if ($onlyClosingId == null) {
// search for time span
$sql .= " AND %bill%.billdate BETWEEN '$startDate' AND '$endDate' ";
} else {
// search for a special closing id
$sql .= " AND closingid='$onlyClosingId' ";
}
$sql .= " AND %bill%.userid = %user%.id ";
$sql .= "ORDER BY billdate";
$dbresult = $this->dbutils->performSqlCommand($sql);
$retValues = array();
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
$billid = $zeile['id'];
$billdate = $zeile['billdate'];
$brutto = str_replace(".",",",$zeile['brutto']);
$netto = str_replace(".",",",$zeile['netto']);
$tax = str_replace(".",",",$zeile['tax']);
$status = $zeile['status'];
if ($status == 'x') {
$status = "nachher storniert";
} else if ($status == 's') {
$status = "Stornierungsbuchung";
} else if ($status == 'c') {
$status = "Bareinlage/-entnahme";
} else {
$status = "";
}
$ref = ($zeile['ref'] == null ? "" : $zeile['ref']);
$userid = $zeile['userid'];
$username = $zeile['username'];
$closingid = $zeile['closingid'];
$closingdate = $zeile['closingdate'];
$remark = '"' . addslashes($zeile['remark']) . '"';
$paymentname = '"' . addslashes($zeile['name']) . '"';
if ($billid == null) {
$billid = "-";
}
if ($onlyClosingId == null) {
echo "$billid ; $billdate; $brutto; $netto; $tax; $status; $ref; $userid; $username ; $closingid; $closingdate; $paymentname; $remark\n";
} else {
echo "$billid ; $billdate; $brutto; $netto; $tax; $status; $ref; $userid; $username ; $paymentname\n";
}
}
mysqli_free_result( $dbresult );
}
}
?>