1925 lines
64 KiB
PHP
1925 lines
64 KiB
PHP
<?php
|
|
// Datenbank-Verbindungsparameter
|
|
require_once ('dbutils.php');
|
|
require_once ('globals.php');
|
|
require_once ('utilities/TypeAndProducts/TypeAndProductFileManager.php');
|
|
require_once ('utilities/RoomsAndTables/RoomsAndTableFileManager.php');
|
|
require_once ('utilities/userrights.php');
|
|
require_once ('utilities/HistFiller.php');
|
|
require_once ('utilities/basedb.php');
|
|
require_once ('utilities/sorter.php');
|
|
require_once ('utilities/Logger.php');
|
|
require_once ('utilities/Emailer.php');
|
|
|
|
class Admin {
|
|
var $dbutils;
|
|
var $userrights;
|
|
var $histfiller;
|
|
|
|
private static $timezone = null;
|
|
|
|
function __construct() {
|
|
$this->dbutils = new DbUtils();
|
|
$this->userrights = new Userrights();
|
|
$this->histfiller = new HistFiller();
|
|
}
|
|
|
|
function handleCommand($command) {
|
|
// these command are only allowed for user with manager or admin rights
|
|
$cmdArray = array('createNewUser', 'updateUser', 'deleteUser','changepassword' , 'changeConfig', 'readlogo','deletelogo');
|
|
if (in_array($command, $cmdArray)) {
|
|
if (!($this->userrights->hasCurrentUserRight('right_manager')) && !($this->userrights->hasCurrentUserRight('is_admin'))) {
|
|
echo "Benutzerrechte nicht ausreichend!";
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if ($command == 'tryAuthenticate') {
|
|
$this->tryAuthenticate($_POST['userid'],$_POST['password'],$_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute'],$_POST["time"]);
|
|
} else if ($command == 'setLastModuleOfUser') {
|
|
$this->setLastModuleOfUser($_POST['view']);
|
|
} else if ($command == 'getViewAfterLogin') {
|
|
$this->getViewAfterLogin();
|
|
} else if ($command == 'isUserAlreadyLoggedIn') {
|
|
$this->isUserAlreadyLoggedIn();
|
|
} else if ($command == 'logout') {
|
|
$this->logout();
|
|
} else if ($command == 'getCurrentUser') {
|
|
$this->getCurrentUser();
|
|
} else if ($command == 'isLoggedinUserAdmin') {
|
|
$this->isLoggedinUserAdmin();
|
|
} else if ($command == 'isLoggedinUserKitchen') {
|
|
$this->isLoggedinUserKitchen();
|
|
} else if ($command == 'isLoggedinUserBar') {
|
|
$this->isLoggedinUserBar();
|
|
} else if ($command == 'isLoggedinUserAdminOrManager') {
|
|
$this->isLoggedinUserAdminOrManager();
|
|
} else if ($command == 'hasUserPaydeskRight') {
|
|
$this->hasUserPaydeskRight();
|
|
} else if ($command == 'getJsonMenuItemsAndVersion') {
|
|
$this->getJsonMenuItemsAndVersion();
|
|
} else if ($command == 'getUserList') {
|
|
$this->getUserList();
|
|
} else if ($command == 'setTime') {
|
|
$this->setTime($_POST['day'],$_POST['month'],$_POST['year'],$_POST['hour'],$_POST['minute']);
|
|
} else if ($command == 'createNewUser') {
|
|
$this->createNewUser(
|
|
$_POST['username'],
|
|
$_POST['password'],
|
|
$_POST['isAdmin'],
|
|
$_POST['rWaiter'],
|
|
$_POST['rKitchen'],
|
|
$_POST['rBar'],
|
|
$_POST['rSupply'],
|
|
$_POST['rPayDesk'],
|
|
$_POST['rStat'],
|
|
$_POST['rBill'],
|
|
$_POST['rProducts'],
|
|
$_POST['rReservation'],
|
|
$_POST['rRating'],
|
|
$_POST['rChangeprice'],
|
|
$_POST['rManager']
|
|
);
|
|
} else if ($command == 'updateUser') {
|
|
$this->updateUser(
|
|
$_POST['userid'],
|
|
$_POST['isAdmin'],
|
|
$_POST['rWaiter'],
|
|
$_POST['rKitchen'],
|
|
$_POST['rBar'],
|
|
$_POST['rSupply'],
|
|
$_POST['rPayDesk'],
|
|
$_POST['rStat'],
|
|
$_POST['rBill'],
|
|
$_POST['rProducts'],
|
|
$_POST['rReservation'],
|
|
$_POST['rRating'],
|
|
$_POST['rChangeprice'],
|
|
$_POST['rManager']
|
|
);
|
|
} else if ($command == 'deleteUser') {
|
|
$this->deleteUser($_POST['userid']);
|
|
} else if ($command == 'changepassword') {
|
|
$this->changepassword($_POST['userid'],$_POST['password']);
|
|
} else if ($command == 'changeOwnPassword') {
|
|
$this->changeOwnPassword($_POST['oldPass'],$_POST['newPass']);
|
|
} else if ($command == 'setUserLanguage') {
|
|
$this->setUserLanguage($_POST['language']);
|
|
} else if ($command == 'setUserReceiptPrinter') {
|
|
$this->setUserReceiptPrinter($_POST['printer']);
|
|
} else if ($command == 'setBtnSize') {
|
|
$this->setBtnSize($_POST['btn'],$_POST['size']);
|
|
} else if ($command == 'changeConfig') {
|
|
$this->changeConfig($_POST['changed']);
|
|
} else if ($command == 'readlogo') {
|
|
$this->readlogo();
|
|
} else if ($command == 'deletelogo') {
|
|
$this->deletelogo();
|
|
} else if ($command == 'getGeneralConfigItems') {
|
|
$this->getGeneralConfigItems(true,null);
|
|
} else if ($command == 'getWaiterSettings') {
|
|
$this->getWaiterSettings();
|
|
// from here on admin rights are needed
|
|
} else if ($command == 'getPayPrintType') {
|
|
$this->getPayPrintType();
|
|
} else if ($command == 'getPayments') {
|
|
$this->getPayments();
|
|
} else if (($command == 'new') || ($command == 'shutdown') || ($command == 'backup') || ($command == 'restore') || ($command == 'drop') || ($command == 'fill') || ($command == 'fillSampleProdType') || ($command == 'fillSpeisekarte') || ($command == 'assignTaxes')) {
|
|
if ($this->isCurrentUserAdmin()) {
|
|
if ($command == 'fill') {
|
|
$this->fillSampleContent();
|
|
echo json_encode(array("status" => "OK"));
|
|
} else if ($command == 'fillSampleProdType') {
|
|
$this->fillSampleProdType("samples/speisekarte.txt");
|
|
echo json_encode(array("status" => "OK"));
|
|
} else if ($command == 'fillSpeisekarte') {
|
|
$this->fillSpeisekarte($_POST['speisekarte']);
|
|
} else if ($command == 'backup') {
|
|
$this->backup($_GET['type']);
|
|
return;
|
|
} else if ($command == 'restore') {
|
|
$this->restore();
|
|
return;
|
|
} else if ($command == 'shutdown') {
|
|
$this->shutdown();
|
|
return;
|
|
} else if ($command == 'assignTaxes') {
|
|
$this->assignTaxes($_POST['food'],$_POST['drinks']);
|
|
return;
|
|
}
|
|
} else {
|
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
|
|
}
|
|
// end area for admins
|
|
} else if ($command == 'exportConfigCsv') {
|
|
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
|
|
$this->exportConfigCsv();
|
|
}
|
|
} else if ($command == 'exportUserCsv') {
|
|
if ($this->isCurrentUserAdmin() || $this->hasCurrentUserRight('right_manager')) {
|
|
$this->exportUserCsv();
|
|
}
|
|
} else if ($command == 'setOrderVolume') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->setOrderVolume($_POST['volume']);
|
|
}
|
|
} else if ($command == 'setPreferTableMap') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->setPreferTableMap($_POST['prefertablemap']);
|
|
}
|
|
} else if ($command == 'setKeepTypeLevel') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->setKeepTypeLevel($_POST['keeptypelevel']);
|
|
}
|
|
} else if ($command == 'getOrderVolume') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->getOrderVolume();
|
|
}
|
|
} else if ($command == 'getButtonSizes') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->getButtonSizes();
|
|
}
|
|
} else if ($command == 'getPreferTableMap') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->getPreferTableMap();
|
|
}
|
|
} else if ($command == 'getKeepTypeLevel') {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$this->getKeepTypeLevel();
|
|
}
|
|
} else if ($command == 'isInstalled') {
|
|
$this->isInstalled();
|
|
}
|
|
else {
|
|
echo "Command not supported.";
|
|
}
|
|
}
|
|
|
|
/***
|
|
* Is the installation already done? Or was the html/php code overwritten, i.e. a new or updated version to install?
|
|
*/
|
|
private function isInstalled() {
|
|
if(defined('INSTALLSTATUS')){
|
|
if (INSTALLSTATUS == 'new') {
|
|
echo json_encode("No");
|
|
} else {
|
|
echo json_encode("Yes");
|
|
}
|
|
} else {
|
|
// not defined -> it must be version 1.0.3 or lower --> since this is file of 1.0.4: not installed...
|
|
echo json_encode("No");
|
|
}
|
|
}
|
|
|
|
function isUserAlreadyLoggedInForPhp() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
function isUserAlreadyLoggedIn() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
|
// no user logged in
|
|
echo json_encode("NO");
|
|
} else {
|
|
echo json_encode("YES");
|
|
}
|
|
}
|
|
|
|
function logout() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
session_destroy();
|
|
}
|
|
echo json_encode("OK");
|
|
}
|
|
|
|
static function isOnlyRatingUser($rightArr,$right_rating,$comparisonVal) {
|
|
foreach($rightArr as $aRight) {
|
|
if ($aRight == $comparisonVal) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if ($right_rating == $comparisonVal) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// for the login mask - if user is authenticated then the first page works different
|
|
function tryAuthenticate($userid,$password,$day,$month,$year,$hour,$minute,$unixtime) {
|
|
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$authenticated = false;
|
|
$sql = "SELECT * FROM %user% WHERE id=? AND active='1'";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($userid));
|
|
$result = $stmt->fetchAll();
|
|
|
|
$numberOfEntries = count($result);
|
|
|
|
if ($numberOfEntries == 1) {
|
|
$zeile = $result[0];
|
|
$pass_hash = $zeile['userpassword'];
|
|
|
|
// password_verify requires PHP > 5.5, so let's use MD5 instead
|
|
// (it is no banking software...)
|
|
if (md5($password) == $pass_hash) {
|
|
$authenticated = true;
|
|
}
|
|
}
|
|
|
|
|
|
if ($authenticated) {
|
|
date_default_timezone_set(DbUtils::getTimeZone());
|
|
$now = getdate();
|
|
|
|
$serverDay = $now["mday"];
|
|
$serverMonth = $now["mon"];
|
|
$serverYear = $now["year"];
|
|
$serverHour = $now["hours"];
|
|
$serverMinute = $now["minutes"];
|
|
$serverTime = $now["0"];
|
|
$timeDiff = 0;
|
|
if (abs($serverTime - $unixtime) > (60*60*2)) {
|
|
$timeDiff = 1;
|
|
}
|
|
|
|
ini_set('session.gc_maxlifetime',65535);
|
|
session_set_cookie_params(65535);
|
|
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$username = $zeile["username"];
|
|
|
|
$_SESSION['angemeldet'] = true;
|
|
|
|
// now read the rights of the user
|
|
|
|
$_SESSION['userid'] = $zeile['id'];
|
|
$_SESSION['currentuser'] = $username;
|
|
|
|
|
|
$workflow = $this->getConfigItemsAsString($pdo, "workflowconfig");
|
|
|
|
$rights = array($zeile['is_admin'],$zeile['right_waiter'],$zeile['right_kitchen'],
|
|
$zeile['right_bar'],$zeile['right_supply'],$zeile['right_paydesk'],
|
|
$zeile['right_statistics'],$zeile['right_bill'],$zeile['right_products'],
|
|
$zeile['right_reservation'],$zeile['right_changeprice'],$zeile['right_manager']);
|
|
$right_rating = $zeile['right_rating'];
|
|
|
|
if (self::isOnlyRatingUser($rights,$right_rating, 1)) {
|
|
$_SESSION['right_rating'] = true;
|
|
|
|
$_SESSION['is_admin'] = false;
|
|
$_SESSION['right_waiter'] = false;
|
|
$_SESSION['right_kitchen'] = false;
|
|
$_SESSION['right_bar'] = false;
|
|
$_SESSION['right_supply'] = false;
|
|
$_SESSION['right_paydesk'] = false;
|
|
$_SESSION['right_statistics'] = false;
|
|
$_SESSION['right_bill'] = false;
|
|
$_SESSION['right_products'] = false;
|
|
$_SESSION['right_reservation'] = false;
|
|
$_SESSION['right_changeprice'] = false;
|
|
$_SESSION['right_manager'] = false;
|
|
$_SESSION['keeptypelevel'] = false;
|
|
} else {
|
|
$_SESSION['is_admin'] = ($zeile['is_admin'] == 1 ? true : false);
|
|
$_SESSION['right_waiter'] = ($zeile['right_waiter'] == 1 ? true : false);
|
|
if ($workflow == 2) {
|
|
$_SESSION['right_kitchen'] = false;
|
|
$_SESSION['right_bar'] = false;
|
|
$_SESSION['right_supply'] = false;
|
|
} else {
|
|
$_SESSION['right_kitchen'] = ($zeile['right_kitchen'] == 1 ? true : false);
|
|
$_SESSION['right_bar'] = ($zeile['right_bar'] == 1 ? true : false);
|
|
$_SESSION['right_supply'] = ($zeile['right_supply'] == 1 ? true : false);
|
|
}
|
|
$_SESSION['right_paydesk'] = ($zeile['right_paydesk'] == 1 ? true : false);
|
|
$_SESSION['right_statistics'] = ($zeile['right_statistics'] == 1 ? true : false);
|
|
$_SESSION['right_bill'] = ($zeile['right_bill'] == 1 ? true : false);
|
|
$_SESSION['right_products'] = ($zeile['right_products'] == 1 ? true : false);
|
|
$_SESSION['right_reservation'] = ($zeile['right_reservation'] == 1 ? true : false);
|
|
$_SESSION['right_rating'] = ($zeile['right_rating'] == 1 ? true : false);
|
|
$_SESSION['right_changeprice'] = ($zeile['right_changeprice'] == 1 ? true : false);
|
|
$_SESSION['right_manager'] = ($zeile['right_manager'] == 1 ? true : false);
|
|
$_SESSION['keeptypelevel'] = ($zeile['keeptypelevel'] == 1 ? true : false);
|
|
}
|
|
|
|
$this->userrights->setSession($_SESSION['is_admin'], $_SESSION['right_waiter'], $_SESSION['right_kitchen'],
|
|
$_SESSION['right_bar'], $_SESSION['right_supply'], $_SESSION['right_paydesk'], $_SESSION['right_statistics'],
|
|
$_SESSION['right_bill'], $_SESSION['right_products'], $_SESSION['right_reservation'], $_SESSION['right_rating'], $_SESSION['right_changeprice'], $_SESSION['right_manager']);
|
|
|
|
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
|
|
|
|
$_SESSION["roombtnsize"] = $zeile['roombtnsize'];
|
|
$_SESSION["tablebtnsize"] = $zeile['tablebtnsize'];
|
|
$_SESSION["prodbtnsize"] = $zeile['prodbtnsize'];
|
|
|
|
$language = $zeile['language'];
|
|
if (is_null($language)) {
|
|
$language = 0;
|
|
}
|
|
$_SESSION['language'] = intval($language);
|
|
|
|
$receiptprinter = $zeile['receiptprinter'];
|
|
if (is_null($receiptprinter)) {
|
|
$receiptprinter = 1;
|
|
}
|
|
$_SESSION['receiptprinter'] = intval($receiptprinter);
|
|
|
|
$preferTm = $zeile['prefertablemap'];
|
|
if (is_null($preferTm)) {
|
|
$preferTm = 1;
|
|
}
|
|
$_SESSION['prefertm'] = intval($preferTm);
|
|
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$_SESSION['timezone'] = $this->getTimeZone($pdo);
|
|
}
|
|
|
|
if ($authenticated) {
|
|
Logger::logcmd("admin","authentication","Login $username successful");
|
|
$loginMessage = $this->getMessage(null,'loginmessage');
|
|
echo json_encode(array("status" => "YES","loginmessage" => $loginMessage, "timediff" => $timeDiff, "isadmin" => $zeile['is_admin'],"lang" => $_SESSION["language"]));
|
|
} else {
|
|
Logger::logcmd("admin","authentication","Login with id $userid failed");
|
|
echo json_encode(array("status" => "NO"));
|
|
}
|
|
}
|
|
|
|
private function getMessage($pdo,$messageType) {
|
|
if (is_null($pdo)) {
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
}
|
|
$sql = "SELECT value FROM %work% WHERE item=?";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($messageType));
|
|
$row = $stmt->fetchObject();
|
|
$msg = "";
|
|
if ($stmt->rowCount() > 0) {
|
|
$msg = $row->value;
|
|
}
|
|
return $msg;
|
|
}
|
|
|
|
function getButtonSizes() {
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
echo json_encode(self::getButtonSizesCore($pdo));
|
|
}
|
|
|
|
private static function getButtonSizesCore($pdo) {
|
|
$userid = $_SESSION['userid'];
|
|
|
|
$sql = "SELECT roombtnsize,tablebtnsize,prodbtnsize FROM %user% WHERE id=?";
|
|
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($userid));
|
|
$row =$stmt->fetchObject();
|
|
|
|
$roombtnsize = $row->roombtnsize;
|
|
if (is_null($roombtnsize)) {
|
|
$roombtnsize = 0;
|
|
}
|
|
|
|
$tablebtnsize = $row->tablebtnsize;
|
|
if (is_null($tablebtnsize)) {
|
|
$tablebtnsize = 0;
|
|
}
|
|
|
|
$prodbtnsize = $row->prodbtnsize;
|
|
if (is_null($prodbtnsize)) {
|
|
$prodbtnsize = 0;
|
|
}
|
|
|
|
return(array("roombtnsize" => $roombtnsize,"tablebtnsize" => $tablebtnsize,"prodbtnsize" => $prodbtnsize));
|
|
}
|
|
|
|
private static function getUserValue($item,$defaultvalue) {
|
|
$userid = $_SESSION['userid'];
|
|
|
|
$sql = "SELECT $item AS result FROM %user% WHERE id=?";
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
|
|
$stmt = $pdo->prepare(Dbutils::substTableAlias($sql));
|
|
$stmt->execute(array($userid));
|
|
if ($stmt->rowCount() == 0) {
|
|
return $defaultvalue;
|
|
}
|
|
$row = $stmt->fetchObject();
|
|
$aVal = 0;
|
|
if ($row != null) {
|
|
$aVal = $row->result;
|
|
if ($aVal == null) {
|
|
$aVal = $defaultvalue;
|
|
}
|
|
}
|
|
|
|
echo json_encode($aVal);
|
|
}
|
|
|
|
function getPreferTableMap() {
|
|
self::getUserValue('prefertablemap',1);
|
|
}
|
|
|
|
function getKeepTypeLevel() {
|
|
self::getUserValue('keeptypelevel',1);
|
|
}
|
|
|
|
function getOrderVolume() {
|
|
self::getUserValue('ordervolume',0);
|
|
}
|
|
|
|
private static function setUserValue($item,$theValue) {
|
|
$userid = $_SESSION['userid'];
|
|
|
|
$sql = "UPDATE %user% SET $item=? WHERE id=?";
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$pdo->beginTransaction();
|
|
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($theValue,$userid));
|
|
$pdo->commit();
|
|
echo json_encode(array("status" => "OK"));
|
|
}
|
|
function setOrderVolume($volume) {
|
|
self::setUserValue('ordervolume', $volume);
|
|
}
|
|
function setPreferTableMap($preferValue) {
|
|
self::setUserValue('prefertablemap',$preferValue);
|
|
}
|
|
function setKeepTypeLevel($preferValue) {
|
|
self::setUserValue('keeptypelevel',$preferValue);
|
|
}
|
|
|
|
function setLastModuleOfUser($view) {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
if ($view != "logout.php") {
|
|
$userid = $_SESSION['userid'];
|
|
|
|
$questPos = strpos($view,'?');
|
|
if ($questPos != false) {
|
|
$view = substr($view,0,$questPos);
|
|
}
|
|
|
|
$sql = "UPDATE %user% SET lastmodule=? WHERE id=? AND active='1'";
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute(array($view,$userid));
|
|
}
|
|
echo json_encode(array("status" => "OK"));
|
|
}
|
|
}
|
|
|
|
public function getConfigItemsAsString($pdo,$key) {
|
|
$sql = "SELECT setting FROM %config% WHERE name=?";
|
|
|
|
if (is_null($pdo)) {
|
|
return "";
|
|
}
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute(array($key));
|
|
$row = $stmt->fetchObject();
|
|
|
|
if ($stmt->rowCount() == 0) {
|
|
return "";
|
|
}
|
|
|
|
$theValue = $row->setting;
|
|
|
|
if (is_null($theValue)) {
|
|
return "";
|
|
} else {
|
|
return $theValue;
|
|
}
|
|
}
|
|
|
|
public static function overruleTimeZone($timezone) {
|
|
self::$timezone = $timezone;
|
|
DbUtils::overruleTimeZone($timezone);
|
|
}
|
|
|
|
public function getTimeZone($pdo) {
|
|
if (is_null(self::$timezone)) {
|
|
$timezone = $this->getConfigItemsAsString($pdo, "timezone");
|
|
if ($timezone == "") {
|
|
$timezone = "Europe/Berlin";
|
|
}
|
|
return $timezone;
|
|
} else {
|
|
return self::$timezone;
|
|
}
|
|
}
|
|
public function getEnv($pdo) {
|
|
$installdate = $this->getConfigItemsAsString($pdo, "installdate");
|
|
$lastupdate = $this->getConfigItemsAsString($pdo, "lastupdate");
|
|
$version = $this->getConfigItemsAsString($pdo, "version");
|
|
return(array("version" => $version, "installdate" => $installdate, "lastupdate" => $lastupdate));
|
|
}
|
|
|
|
private function getWaiterSettings() {
|
|
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$userLoggedIn = $this->isUserAlreadyLoggedInForPhp();
|
|
if (!$userLoggedIn) {
|
|
$retVal = array("isUserLoggedIn" => 0);
|
|
echo json_encode($retVal);
|
|
return;
|
|
}
|
|
|
|
$configItems = join(",",array("'decpoint'","'version'","'cancelunpaidcode'","'tax'","'togotax'","'currency'","'workflowconfig'","'prominentsearch'"));
|
|
$sql = "select name,setting FROM %config% WHERE name in ($configItems)";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute();
|
|
$configitems = $stmt->fetchAll();
|
|
|
|
$configresult = array();
|
|
foreach($configitems as $item) {
|
|
$configresult[$item["name"]] = $item["setting"];
|
|
}
|
|
|
|
$userlang = 0;
|
|
$right_changeprice = 0;
|
|
$supplyRight = 0;
|
|
if ($userLoggedIn) {
|
|
$sql = "SELECT language,right_supply,right_changeprice,keeptypelevel FROM %user% WHERE id=?";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($_SESSION['userid']));
|
|
$row = $stmt->fetchObject();
|
|
}
|
|
|
|
$buttonSizes = self::getButtonSizesCore($pdo);
|
|
|
|
$jsonMenuItems = $this->getJsonMenuItemsAndVersionCore();
|
|
|
|
$retVal = array("config" => $configresult,
|
|
"rightchangeprice" => $row->right_changeprice,
|
|
"supplyright" => $row->right_supply,
|
|
"userlanguage" => $row->language,
|
|
"buttonsizes" => $buttonSizes,
|
|
"keeptypelevel" => $row->keeptypelevel,
|
|
"isUserLoggedIn" => 1,
|
|
"jsonMenuItemsAndVersion" => $jsonMenuItems
|
|
);
|
|
echo json_encode($retVal);
|
|
}
|
|
|
|
|
|
public function getGeneralConfigItems($forHtml,$pdo) {
|
|
$userLoggedIn = $this->isUserAlreadyLoggedInForPhp();
|
|
if ($userLoggedIn || (!$forHtml)) {
|
|
|
|
$sql = "SELECT count(id) as number,setting FROM %config% WHERE name=?";
|
|
if (is_null($pdo)) {
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
}
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
|
|
$stmt->execute(array("companyinfo"));
|
|
$row = $stmt->fetchObject();
|
|
$companyInfo = $row->setting;
|
|
|
|
$stmt->execute(array("decpoint"));
|
|
$row = $stmt->fetchObject();
|
|
$decpoint = $row->setting;
|
|
|
|
$stmt->execute(array("version"));
|
|
$row = $stmt->fetchObject();
|
|
$version = $row->setting;
|
|
|
|
$stmt->execute(array("payprinttype"));
|
|
$row = $stmt->fetchObject();
|
|
$payprinttype = $row->setting;
|
|
|
|
$stmt->execute(array("cancelunpaidcode"));
|
|
$row = $stmt->fetchObject();
|
|
$cancelunpaidcode = $row->setting;
|
|
|
|
$stmt->execute(array("tax"));
|
|
$row = $stmt->fetchObject();
|
|
$tax = $row->setting;
|
|
|
|
$stmt->execute(array("togotax"));
|
|
$row = $stmt->fetchObject();
|
|
$togotax = $row->setting;
|
|
|
|
$stmt->execute(array("serverurl"));
|
|
$row = $stmt->fetchObject();
|
|
$serverurl = $row->setting;
|
|
|
|
$stmt->execute(array("email"));
|
|
$row = $stmt->fetchObject();
|
|
$email = $row->setting;
|
|
|
|
$stmt->execute(array("bigfontworkreceipt"));
|
|
$row = $stmt->fetchObject();
|
|
$bigfontworkreceipt = $row->setting;
|
|
|
|
$stmt->execute(array("prominentsearch"));
|
|
$row = $stmt->fetchObject();
|
|
$prominentsearch = $row->setting;
|
|
|
|
// for update reasons check for null
|
|
$stmt->execute(array("receiveremail"));
|
|
$row = $stmt->fetchObject();
|
|
$receiveremail = "";
|
|
if (!is_null($row)) {
|
|
$receiveremail = $row->setting;
|
|
}
|
|
set_error_handler(function() { /* ignore errors */ });
|
|
try {
|
|
$stmt->execute(array("emailbadrating"));
|
|
$row = $stmt->fetchObject();
|
|
$emailbadrating = "";
|
|
if (!is_null($row)) {
|
|
$emailbadrating = $row->setting;
|
|
}
|
|
} catch (Exception $e) {
|
|
// in previous version this was not configurable
|
|
$emailbadrating = "";
|
|
}
|
|
try {
|
|
$stmt->execute(array("emailratingcontact"));
|
|
$row = $stmt->fetchObject();
|
|
$emailratingcontact = "";
|
|
if (!is_null($row)) {
|
|
$emailratingcontact = $row->setting;
|
|
}
|
|
} catch (Exception $e) {
|
|
// in previous version this was not configurable
|
|
$emailratingcontact = "";
|
|
}
|
|
restore_error_handler();
|
|
|
|
$stmt->execute(array("billlanguage"));
|
|
$row = $stmt->fetchObject();
|
|
$billlanguage = $row->setting;
|
|
|
|
$stmt->execute(array("currency"));
|
|
$row = $stmt->fetchObject();
|
|
$currency = $row->setting;
|
|
|
|
$stmt->execute(array("receiptfontsize"));
|
|
$row = $stmt->fetchObject();
|
|
$receiptfontsize = $row->setting;
|
|
|
|
$stmt->execute(array("reservationnote"));
|
|
$row = $stmt->fetchObject();
|
|
$reservationnote = $row->setting;
|
|
|
|
set_error_handler(function() { /* ignore errors */ });
|
|
|
|
|
|
$paymentconfig = $this->getConfigItemOrDefault("paymentconfig", $stmt, 0);
|
|
$workflowconfig = $this->getConfigItemOrDefault("workflowconfig", $stmt, 0);
|
|
|
|
$smtphost = "";
|
|
$smtpauth = 1;
|
|
$smtpuser = "";
|
|
$smtppass = "";
|
|
$smtpsecure = 1;
|
|
$smtpport = "";
|
|
|
|
if ($_SESSION['is_admin'] || $_SESSION['right_manager']) {
|
|
$smtphost = $this->getConfigItemOrDefault("smtphost",$stmt,"");
|
|
$smtpauth = $this->getConfigItemOrDefault("smtpauth",$stmt,1);
|
|
$smtpuser = $this->getConfigItemOrDefault("smtpuser",$stmt,"");
|
|
$smtppass = $this->getConfigItemOrDefault("smtppass",$stmt,"");
|
|
$smtpsecure = $this->getConfigItemOrDefault("smtpsecure",$stmt,1);
|
|
$smtpport = $this->getConfigItemOrDefault("smtpport",$stmt,"");
|
|
}
|
|
|
|
$webimpressum = $this->getConfigItemOrDefault("webimpressum",$stmt,"");
|
|
|
|
restore_error_handler();
|
|
|
|
$userlang = 0; // of no interest, if not called from web
|
|
$receiptprinter = 1; // of no interest, if not called from web
|
|
$right_changeprice = 0;
|
|
if ($userLoggedIn) {
|
|
$userlang = $_SESSION["language"];
|
|
$receiptprinter = $_SESSION['receiptprinter'];
|
|
$right_changeprice = ($_SESSION['right_changeprice'] ? 1 : 0);
|
|
}
|
|
|
|
date_default_timezone_set(DbUtils::getTimeZone());
|
|
$now = getdate();
|
|
|
|
$retVal = array("companyinfo" => $companyInfo, "version" => $version, "decpoint" => $decpoint,
|
|
"serverurl" => $serverurl, "email" => $email, "receiveremail" => $receiveremail, "billlanguage" => $billlanguage,
|
|
"payprinttype" => $payprinttype, "tax" => $tax, "togotax" => $togotax, "currency" => $currency,
|
|
"userlanguage" => $userlang, "receiptprinter" => $receiptprinter,
|
|
"receiptfontsize" => $receiptfontsize, "reservationnote" => $reservationnote, "paymentconfig" => $paymentconfig,
|
|
"workflowconfig" => $workflowconfig, "emailratingcontact" => $emailratingcontact,"emailbadrating" => $emailbadrating,
|
|
"rightchangeprice" => $right_changeprice, "bigfontworkreceipt" => $bigfontworkreceipt, "prominentsearch" => $prominentsearch,
|
|
"sday" => $now["mday"],"smonth" => $now["mon"], "syear" => $now["year"], "shour" => $now["hours"], "smin" => $now["minutes"],
|
|
"smtphost" => $smtphost,"smtpauth" => $smtpauth,"smtpuser" => $smtpuser,"smtppass" => $smtppass,"smtpsecure" => $smtpsecure,"smtpport" => $smtpport,
|
|
"webimpressum" => $webimpressum, "cancelunpaidcode" => $cancelunpaidcode);
|
|
|
|
if ($forHtml) {
|
|
echo json_encode(array("status" => "OK", "msg" => $retVal));
|
|
} else {
|
|
return $retVal;
|
|
}
|
|
} else {
|
|
if ($forHtml) {
|
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_NOT_AUTHOTRIZED, "msg" => ERROR_NOT_AUTHOTRIZED_MSG));
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
|
|
function getConfigItemOrDefault($item,$stmt,$default) {
|
|
try {
|
|
$stmt->execute(array($item));
|
|
$row = $stmt->fetchObject();
|
|
$ret = $default;
|
|
|
|
if ($row) {
|
|
if (($row->number) > 0) {
|
|
$ret = $row->setting;
|
|
} else {
|
|
$ret = $default;
|
|
}
|
|
}
|
|
} catch (Exception $e) {
|
|
$ret = $default;
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
function getViewAfterLogin() {
|
|
if ($this->isUserAlreadyLoggedInForPhp()) {
|
|
$userid = $_SESSION['userid'];
|
|
|
|
$rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'],
|
|
$_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'],
|
|
$_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'],
|
|
$_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_manager']);
|
|
$right_rating = $_SESSION['right_rating'];
|
|
|
|
if (self::isOnlyRatingUser($rights, $right_rating, true)) {
|
|
// rating user always goes into that view - important setting after creation of user
|
|
echo json_encode("rating.html");
|
|
return;
|
|
}
|
|
|
|
$sql = "SELECT lastmodule FROM %user% WHERE id=? AND active='1'";
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute(array($userid));
|
|
$row =$stmt->fetchObject();
|
|
|
|
$view = "preferences.html";
|
|
if ($row != null) {
|
|
$newView = $row->lastmodule;
|
|
if ($newView != null) {
|
|
$view = $newView;
|
|
}
|
|
}
|
|
|
|
// test if user has still the right to go into that view
|
|
$mapping = array (
|
|
"waiter.html" => 'right_waiter',
|
|
"kitchen.html" => 'right_kitchen',
|
|
"bar.html" => 'right_bar',
|
|
"supplydesk.html" => 'right_supply',
|
|
"paydesk.html" => 'right_paydesk',
|
|
"reports.html" => 'right_statistics',
|
|
"bill.html" => 'right_bill',
|
|
"products.html" => 'right_products',
|
|
"reservation.html" => 'right_reservation',
|
|
"rating.html" => 'right_rating'
|
|
);
|
|
|
|
$valid = false;
|
|
if (($view == 'preferences.html') || ($view == 'feedback.html')) {
|
|
// always ok
|
|
$valid = true;
|
|
} else if ($view == 'manager.html') {
|
|
if (($_SESSION['is_admin'] == 1) || ($_SESSION['right_manager'] == 1)) {
|
|
$valid = true;
|
|
}
|
|
} else {
|
|
if (($view == "index.html") || ($_SESSION[$mapping[$view]] == 1)) {
|
|
$valid = true;
|
|
}
|
|
}
|
|
if ($valid == false) {
|
|
$view = "preferences.html";
|
|
}
|
|
|
|
echo json_encode($view);
|
|
}
|
|
}
|
|
|
|
// for client request
|
|
function isLoggedinUserAdmin() {
|
|
if ($this->isCurrentUserAdmin()) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function isLoggedinUserAdminOrManager() {
|
|
if ($this->hasCurrentUserRight('is_admin') || $this->hasCurrentUserRight('right_manager')) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function isLoggedinUserKitchen() {
|
|
if ($this->hasCurrentUserRight('right_kitchen')) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function isLoggedinUserBar() {
|
|
if ($this->hasCurrentUserRight('right_bar')) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function hasUserPaydeskRight() {
|
|
if ($this->hasCurrentUserRight('right_paydesk')) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function hasUserReservationRight() {
|
|
if ($this->hasCurrentUserRight('right_reservation')) {
|
|
echo json_encode(YES);
|
|
} else {
|
|
echo json_encode(NO);
|
|
}
|
|
}
|
|
|
|
function hasCurrentUserRight($whichRight) {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
|
// no user logged in
|
|
return false;
|
|
} else {
|
|
return ($_SESSION[$whichRight]);
|
|
}
|
|
}
|
|
|
|
// for internal request
|
|
function isCurrentUserAdmin() {
|
|
return $this->hasCurrentUserRight('is_admin');
|
|
}
|
|
|
|
|
|
function fillSampleContentBySqlFile($sqlFile) {
|
|
$handle = fopen ($sqlFile, "r");
|
|
while (!feof($handle)) {
|
|
$sql = fgets($handle);
|
|
$this->dbutils->performSqlCommand($sql);
|
|
}
|
|
fclose ($handle);
|
|
}
|
|
|
|
private function fillSampleProdType($fileName) {
|
|
$speisekartenHandler = new TypeAndProductFileManager();
|
|
$speisekartenHandler->manageSpeisekarteFile($fileName);
|
|
|
|
$this->histfiller->readProdTableAndSendToHist();
|
|
}
|
|
|
|
private function assignTaxes($foodTax,$drinksTax) {
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$pdo->beginTransaction();
|
|
|
|
try {
|
|
if ($foodTax < 0) {
|
|
$foodTax = null;
|
|
} else {
|
|
$foodTax = str_replace(",",".",$foodTax);
|
|
}
|
|
if ($drinksTax < 0) {
|
|
$drinksTax = null;
|
|
} else {
|
|
$drinksTax = str_replace(",",".",$drinksTax);
|
|
}
|
|
|
|
$sql = "UPDATE %products%,%prodtype% SET %products%.tax=? WHERE %products%.category=%prodtype%.id AND %prodtype%.kind=? AND %products%.removed is null AND %prodtype%.removed is null";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
|
|
$stmt->execute(array($foodTax,0));
|
|
$stmt->execute(array($drinksTax,1));
|
|
|
|
$this->histfiller->readAllProdsAndFillHistByDb($pdo);
|
|
|
|
$pdo->commit();
|
|
echo json_encode (array("status" => "OK"));
|
|
} catch (Exception $e) {
|
|
$pdo->rollBack();
|
|
echo json_encode(array("status" => "ERROR", "code" => NUMBERFORMAT_ERROR, "msg" => NUMBERFORMAT_ERROR_MSG));
|
|
}
|
|
|
|
}
|
|
|
|
private function fillSpeisekarte($speisekarte) {
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$pdo->beginTransaction();
|
|
|
|
$ret = $this->fillSpeisekarteCore($pdo,$speisekarte);
|
|
if ($ret["status"] != "OK") {
|
|
$pdo->rollBack();
|
|
} else {
|
|
$pdo->commit();
|
|
}
|
|
echo json_encode($ret);
|
|
}
|
|
|
|
public function fillSpeisekarteCore($pdo,$speisekarte) {
|
|
$sql = "DELETE FROM %extrasprods%";
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute();
|
|
|
|
$speisekartenHandler = new TypeAndProductFileManager();
|
|
|
|
$ret = $speisekartenHandler->manageSpeisekarte($pdo,$speisekarte);
|
|
|
|
if ($ret["status"] == "OK") {
|
|
$sorter = new Sorter();
|
|
$sorter->initSortCurrentProductTable($pdo);
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
/* obsolete: not needed any more after replacement by matrix in manager.html */
|
|
private function fillSampleRoomsAndTable($fileName) {
|
|
$roomsAndTableHandler = new RoomsAndTableFileManager();
|
|
$roomsAndTableHandler->readRoomTableDefinition($fileName);
|
|
}
|
|
|
|
private function fillSampleContent()
|
|
{
|
|
// first remove previous content, then fill the SQL file
|
|
$sql = "DELETE FROM `%queue%`";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$this->fillSampleContentBySqlFile("samples/queuecontent.txt");
|
|
|
|
$sql = "DELETE FROM `%hist%` WHERE action='3' OR action='7' OR action='8'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
|
|
$sql = "DELETE FROM `%histuser%`";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
|
|
$sql = "DELETE FROM `%user%`";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$this->fillSampleContentBySqlFile("samples/usercontent.txt");
|
|
|
|
$this->histfiller->readUserTableAndSendToHist();
|
|
}
|
|
|
|
function getJsonMenuItemsAndVersion() {
|
|
echo json_encode($this->getJsonMenuItemsAndVersionCore());
|
|
}
|
|
|
|
/*
|
|
* Return all the entries for the main menu (the modules)
|
|
*/
|
|
private function getJsonMenuItemsAndVersionCore() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$mainMenu = array();
|
|
$currentUser = "";
|
|
$waiterMessage = "";
|
|
$loggedIn = true;
|
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
|
// no user logged in
|
|
$mainMenu[] = array("name" => "Startseite", "link" => "index.html");
|
|
$loggedIn = false;
|
|
} else {
|
|
$lang = $_SESSION['language'];
|
|
$kitchentxt = array("Küche","Kitchen","Cocina");
|
|
$waitertxt = array("Kellner","Waiter","Camarero");
|
|
$paydesktxt = array("Kasse","Paydesk","Caja");
|
|
$settingtxt = array("Einstellungen","Preferences","Propriedades");
|
|
$admintxt = array("Verwaltung","Administration","Administrar");
|
|
$supplytxt = array("Bereitstellung","Supply desk","Preparado");
|
|
$prodtxt = array("Angebot","Products","Productos");
|
|
$restxt = array("Reservierung","Reservation","Reserva");
|
|
$bontxt = array("Kassenbons","Receipts","Tiques");
|
|
$stattxt = array("Statistik","Statistics","Estadisticas");
|
|
$ratingtxt = array("Bewertung","Rating","Valoración");
|
|
$logout = array("Abmelden","Log out","Adios");
|
|
|
|
$rights = array($_SESSION['is_admin'],$_SESSION['right_waiter'],$_SESSION['right_kitchen'],
|
|
$_SESSION['right_bar'],$_SESSION['right_supply'],$_SESSION['right_paydesk'],
|
|
$_SESSION['right_statistics'],$_SESSION['right_bill'],$_SESSION['right_products'],
|
|
$_SESSION['right_reservation'],$_SESSION['right_changeprice'],$_SESSION['right_manager']);
|
|
$right_rating = $_SESSION['right_rating'];
|
|
|
|
if (!self::isOnlyRatingUser($rights, $right_rating, true)) {
|
|
if ($_SESSION['right_waiter']) { $mainMenu[] = array("name" => $waitertxt[$lang], "link" => "waiter.html?v=1.1.7"); };
|
|
if ($_SESSION['right_kitchen']) { $mainMenu[] = array("name" => $kitchentxt[$lang], "link" => "kitchen.html?v=1.1.7"); };
|
|
if ($_SESSION['right_bar']) { $mainMenu[] = array("name" => "Bar", "link" => "bar.html?v=1.1.7"); };
|
|
if ($_SESSION['right_supply']) { $mainMenu[] = array("name" => $supplytxt[$lang], "link" => "supplydesk.html?v=1.1.7"); };
|
|
if ($_SESSION['right_paydesk']) { $mainMenu[] = array("name" => $paydesktxt[$lang], "link" => "paydesk.html"); };
|
|
if ($_SESSION['right_statistics']) { $mainMenu[] = array("name" => $stattxt[$lang], "link" => "reports.html?v=1.1.7"); };
|
|
if ($_SESSION['right_bill']) { $mainMenu[] = array("name" => $bontxt[$lang], "link" => "bill.html?v=1.1.7"); };
|
|
if ($_SESSION['right_products']) { $mainMenu[] = array("name" => $prodtxt[$lang], "link" => "products.html?v=1.1.7"); };
|
|
if ($_SESSION['right_reservation']) { $mainMenu[] = array("name" => $restxt[$lang], "link" => "reservation.html?v=1.1.7"); };
|
|
if ($_SESSION['right_rating']) { $mainMenu[] = array("name" => $ratingtxt[$lang], "link" => "rating.html?v=1.1.7"); };
|
|
if ($_SESSION['right_manager'] || $_SESSION['is_admin']) { $mainMenu[] = array("name" => $admintxt[$lang], "link" => "manager.html?v=1.1.7"); };
|
|
$mainMenu[] = array("name" => $settingtxt[$lang], "link" => "preferences.html?v=1.1.7");
|
|
$mainMenu[] = array("name" => "Feedback", "link" => "feedback.html?v=1.1.7");
|
|
}
|
|
|
|
$mainMenu[] = array("name" => $logout[$lang], "link" => "logout.php");
|
|
$currentUser = $_SESSION['currentuser'];
|
|
|
|
$waiterMessage = $this->getMessage(null, "waitermessage");
|
|
}
|
|
// CAUTION: change version also in config.txt!!!
|
|
$mainMenuAndVersion = array ("version" => "OrderSprinter 1.1.7",
|
|
"user" => $currentUser,
|
|
"menu" => $mainMenu,
|
|
"waitermessage" => $waiterMessage,
|
|
"loggedin" => ($loggedIn ? 1:0)
|
|
);
|
|
return($mainMenuAndVersion);
|
|
}
|
|
|
|
function getUserList() {
|
|
$userInfo = array();
|
|
$sql = "SELECT * FROM %user% WHERE active='1' ORDER BY is_admin";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
|
|
$userEntry = array ("username" => $zeile['username'],
|
|
"id" => $zeile['id'],
|
|
"is_admin" => $zeile['is_admin'],
|
|
"right_waiter" => $zeile['right_waiter'],
|
|
"right_kitchen" => $zeile['right_kitchen'],
|
|
"right_bar" => $zeile['right_bar'],
|
|
"right_supply" => $zeile['right_supply'],
|
|
"right_paydesk" => $zeile['right_paydesk'],
|
|
"right_statistics" => $zeile['right_statistics'],
|
|
"right_bill" => $zeile['right_bill'],
|
|
"right_products" => $zeile['right_products'],
|
|
"right_reservation" => $zeile['right_reservation'],
|
|
"right_rating" => $zeile['right_rating'],
|
|
"right_changeprice" => $zeile['right_changeprice'],
|
|
"right_manager" => $zeile['right_manager']
|
|
);
|
|
$userInfo[] = $userEntry;
|
|
}
|
|
|
|
mysqli_free_result($dbresult);
|
|
echo json_encode($userInfo);
|
|
}
|
|
|
|
function setTime($day,$month,$year,$hour,$min) {
|
|
if (!($this->userrights->hasCurrentUserRight('is_admin'))) {
|
|
echo json_encode (array("status" => "ERROR","msg" => "Benutzerrechte nicht ausreichend!"));
|
|
return false;
|
|
} else {
|
|
|
|
$txt = sprintf("%02d", $month) . sprintf("%02d", $day) . sprintf("%02d", $hour) . sprintf("%02d", $min) . $year = substr($year, -2);;
|
|
|
|
try {
|
|
if (substr(php_uname(), 0, 7) == "Windows"){
|
|
echo json_encode (array("status" => "ERROR","msg" => "Zeit auf Windows-Server kann nicht gesetzt werden!"));
|
|
return false;
|
|
}
|
|
else {
|
|
$cmd = "date \"$txt\"";
|
|
shell_exec($cmd . " > /dev/null &");
|
|
}
|
|
} catch(Exception $e) {
|
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG));
|
|
}
|
|
|
|
$this->getGeneralConfigItems(true,null);
|
|
}
|
|
}
|
|
|
|
|
|
function createNewUser($username, $password, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRating, $rChangeprice, $rManager) {
|
|
// check if the user with that name already exists
|
|
$sql = "SELECT username FROM %user% WHERE active='1' AND username='$username'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
mysqli_free_result($dbresult);
|
|
|
|
if ($numberOfEntries > 0) {
|
|
echo json_encode("exists");
|
|
return;
|
|
} else {
|
|
// create the new user
|
|
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$lang = $_SESSION['language'];
|
|
|
|
if ($isAdmin && !($this->isCurrentUserAdmin())) {
|
|
echo json_encode("noadmin");
|
|
return;
|
|
} else {
|
|
// instead if password_hash (PHP > 5.5) use MD5...
|
|
$password_hash = md5($password);
|
|
$userInsertSql = "INSERT INTO `%user%` (`id` , `username` , `userpassword`, `is_admin`, `right_waiter`,`right_kitchen`,`right_bar`,`right_supply`,`right_paydesk`,`right_statistics`,`right_bill`,`right_products`,`right_reservation`,`right_rating`,`right_changeprice`,`right_manager`,`language`,`receiptprinter`,`prefertablemap`,`keeptypelevel`,`active`) VALUES (";
|
|
$userInsertSql .= " NULL, '$username', '$password_hash' , '$isAdmin', '$rWaiter', '$rKitchen', '$rBar', '$rSupply', '$rPayDesk', '$rStat', '$rBill', '$rProducts', '$rReservation', '$rRating', '$rChangeprice', '$rManager', '$lang','1','1','1','1')";
|
|
$dbresult = $this->dbutils->performSqlCommandRetLastId($userInsertSql);
|
|
$lastId = $dbresult['id'];
|
|
echo json_encode("OK");
|
|
}
|
|
}
|
|
|
|
// now this has to be logged in the history tables...
|
|
$this->histfiller->createUserInHist($lastId,$username,
|
|
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRating,$rChangeprice,$rManager);
|
|
}
|
|
|
|
function getPayPrintType() {
|
|
$this->sendJsonValueFromConfigTable('payprinttype');
|
|
}
|
|
|
|
function getPayments() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
|
|
$lang = $_SESSION['language'];
|
|
$sql = "SELECT id,name FROM %payment%";
|
|
if ($lang == 1) {
|
|
$sql = "SELECT id,name_en as name FROM %payment%";
|
|
} else if ($lang == 2) {
|
|
$sql = "SELECT id,name_esp as name FROM %payment%";
|
|
}
|
|
|
|
$stmt_query = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
|
|
$stmt_query->execute();
|
|
$result = $stmt_query->fetchAll();
|
|
$retArray = array();
|
|
|
|
foreach($result as $row) {
|
|
$entry = array("id"=> $row['id'], "name" => $row['name']);
|
|
$retArray[] = $entry;
|
|
}
|
|
echo json_encode($retArray);
|
|
}
|
|
|
|
function sendJsonValueFromConfigTable($whichValue) {
|
|
$theVal = $this->getValueFromConfigTable($whichValue);
|
|
if ($theVal == null) {
|
|
echo json_encode("");
|
|
} else {
|
|
echo json_encode($theVal);
|
|
}
|
|
}
|
|
|
|
function getValueFromConfigTable($whichValue) {
|
|
$sql = "SELECT setting FROM %config% WHERE name='$whichValue'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
$theValue = null;
|
|
if ($numberOfEntries == 1) {
|
|
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
|
|
$theValue = $zeile['setting'];
|
|
}
|
|
mysqli_free_result($dbresult);
|
|
return $theValue;
|
|
}
|
|
|
|
private function deletelogo() {
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$this->changeOneConfigDbItem($pdo, "logoimg", null,"%logo%",false);
|
|
echo json_encode("OK");
|
|
}
|
|
|
|
private function readlogo() {
|
|
|
|
if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors
|
|
&& is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded
|
|
header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden.");
|
|
exit();
|
|
}
|
|
|
|
if(!file_exists($_FILES['logofile']['tmp_name']) || !is_uploaded_file($_FILES['logofile']['tmp_name'])) {
|
|
header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben.");
|
|
exit();
|
|
}
|
|
|
|
$content = file_get_contents($_FILES['logofile']['tmp_name']);
|
|
|
|
if ($_FILES['logofile']['error'] != UPLOAD_ERR_OK //checks for errors
|
|
&& is_uploaded_file($_FILES['logofile']['tmp_name'])) { //checks that file is uploaded
|
|
header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden.");
|
|
exit();
|
|
}
|
|
|
|
if (strlen($content) > 65535) {
|
|
header("Location: ../infopage.html?e=manager.html=Logobild_muss_kleiner_als_64_Kilobytes_sein!");
|
|
exit();
|
|
}
|
|
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
|
|
$this->changeOneConfigDbItem($pdo, "logoimg", $content,"%logo%",false);
|
|
|
|
header("Location: ../infopage.html?i=manager.html=Import_war_erfolgreich."); /* Browser umleiten */
|
|
exit;
|
|
}
|
|
|
|
function changeConfig($changedValues) {
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$assoc_vals = array(
|
|
"usstval" => array("dbcol" => "tax","checknum" => 1),
|
|
"togotaxval" => array("dbcol" => "togotax","checknum" => 1),
|
|
"stornocode" => array("dbcol" => "stornocode","checknum" => 0),
|
|
"printpass" => array("dbcol" => "printpass","checknum" => 0),
|
|
"companyinfo" => array("dbcol" => "companyinfo","checknum" => 0),
|
|
"serverUrl" => array("dbcol" => "serverurl","checknum" => 0),
|
|
"email" => array("dbcol" => "email","checknum" => 0),
|
|
"emailbadrating" => array("dbcol" => "emailbadrating","checknum" => 0),
|
|
"emailratingcontact" => array("dbcol" => "emailratingcontact","checknum" => 0),
|
|
"receiveremail" => array("dbcol" => "receiveremail","checknum" => 0),
|
|
"payprinttype" => array("dbcol" => "payprinttype","checknum" => 0),
|
|
"paymentconfig" => array("dbcol" => "paymentconfig","checknum" => 0),
|
|
"bigfontworkreceipt" => array("dbcol" => "bigfontworkreceipt","checknum" => 0),
|
|
"prominentsearch" => array("dbcol" => "prominentsearch","checknum" => 0),
|
|
"workflowconfig" => array("dbcol" => "workflowconfig","checknum" => 0),
|
|
"receiptfontsize" => array("dbcol" => "receiptfontsize","checknum" => 0),
|
|
"billlanguage" => array("dbcol" => "billlanguage","checknum" => 0),
|
|
"reservationnote" => array("dbcol" => "reservationnote","checknum" => 0),
|
|
"remoteaccesscode" => array("dbcol" => "remoteaccesscode","checknum" => 0),
|
|
"webimpressum" => array("dbcol" => "webimpressum","checknum" => 0),
|
|
"cancelunpaidcode" => array("dbcol" => "cancelunpaidcode","checknum" => 0),
|
|
"smtphost" => array("dbcol" => "smtphost","checknum" => 0),
|
|
"smtpauth" => array("dbcol" => "smtpauth","checknum" => 1),
|
|
"smtpuser" => array("dbcol" => "smtpuser","checknum" => 0),
|
|
"smtppass" => array("dbcol" => "smtppass","checknum" => 0),
|
|
"smtpsecure" => array("dbcol" => "smtpsecure","checknum" => 1),
|
|
"smtpport" => array("dbcol" => "smtpport","checknum" => 0),
|
|
);
|
|
$problem = false;
|
|
foreach ($changedValues as $aChangeSet) {
|
|
$name = $aChangeSet['name'];
|
|
$aVal = $aChangeSet['value'];
|
|
|
|
if ($name == "payprinttype") {
|
|
// special care: 1->l 2->s
|
|
if (((string)$aVal) == "1") {
|
|
$aVal = "l";
|
|
}
|
|
if (((string)$aVal) == "2") {
|
|
$aVal = "s";
|
|
}
|
|
}
|
|
|
|
if ($name == "remoteaccesscode") {
|
|
if (((string)$aVal) == "") {
|
|
$aVal = null;
|
|
} else {
|
|
$aVal = md5($aVal);
|
|
}
|
|
}
|
|
if ($name == "printpass") {
|
|
$aVal = md5($aVal);
|
|
}
|
|
|
|
$association = $assoc_vals[$name];
|
|
$dbcol = $association["dbcol"];
|
|
$check = $association["checknum"];
|
|
|
|
if ($check == 1) {
|
|
if (is_numeric($aVal)) {
|
|
$this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true);
|
|
} else {
|
|
$problem = true;
|
|
}
|
|
} else {
|
|
$this->changeOneConfigDbItem($pdo,$dbcol,$aVal,"%config%",true);
|
|
}
|
|
}
|
|
if ($problem) {
|
|
echo json_encode("FAILED");
|
|
} else {
|
|
echo json_encode("OK");
|
|
}
|
|
}
|
|
|
|
function changeOneConfigDbItem($pdo,$theItem,$theValue,$table,$doHist) {
|
|
// is the value already there, or has it to be created?
|
|
$sql = "SELECT setting from $table WHERE name=?";
|
|
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($theItem));
|
|
$row = $stmt->fetchObject();
|
|
|
|
if ($stmt->rowCount() > 0) {
|
|
$sql = "UPDATE $table SET setting=? WHERE name=?";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($theValue,$theItem));
|
|
} else {
|
|
$sql = "INSERT INTO `$table` (`id` , `name`,`setting`) VALUES (NULL , ? , ?)";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array($theItem,$theValue));
|
|
}
|
|
|
|
if ($doHist) {
|
|
// now this has to be logged in the history tables...
|
|
$this->histfiller->updateConfigInHist($pdo,$theItem, $theValue);
|
|
}
|
|
}
|
|
|
|
private function findActiveUserWithName($username) {
|
|
$sql_find_id = "SELECT id FROM %user% WHERE active='1' AND username='$username'";
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$stmt_query = $pdo->query($this->dbutils->resolveTablenamesInSqlString($sql_find_id));
|
|
$row =$stmt_query->fetchObject();
|
|
$theUserId = $row->id;
|
|
return $theUserId;
|
|
}
|
|
|
|
function updateUser($theUserId, $isAdmin, $rWaiter, $rKitchen, $rBar, $rSupply, $rPayDesk, $rStat, $rBill, $rProducts, $rReservation, $rRat, $rChangeprice, $rManager) {
|
|
// get the name of the user
|
|
$pdo = $this->dbutils->openDbAndReturnPdo();
|
|
$sql = "SELECT username,is_admin FROM %user% WHERE id=?";
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute(array($theUserId));
|
|
$row =$stmt->fetchObject();
|
|
$username = $row->username;
|
|
$userToModIsAdmin = $row->is_admin;
|
|
|
|
$doChangeAdminRights = false;
|
|
if ($isAdmin != $userToModIsAdmin) {
|
|
$doChangeAdminRights = true;
|
|
}
|
|
|
|
if ($doChangeAdminRights && !($this->isCurrentUserAdmin())) {
|
|
echo json_encode("noadmin");
|
|
} else {
|
|
$sql = "UPDATE %user% SET is_admin=?, right_waiter=?,right_kitchen=?,right_bar=?,right_supply=?,right_paydesk=?,right_statistics=?,right_bill=?,right_products=?,right_reservation=?,right_rating=?,right_changeprice=?,right_manager=? WHERE active='1' AND id=?";
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
$stmt->execute(array($isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,$theUserId));
|
|
|
|
// now this has to be logged in the history tables...
|
|
|
|
$this->histfiller->updateUserInHist($theUserId,$username,
|
|
$isAdmin,$rWaiter,$rKitchen,$rBar,$rSupply,$rPayDesk,$rStat,$rBill,$rProducts,$rReservation,$rRat,$rChangeprice,$rManager,'1');
|
|
|
|
echo json_encode("OK");
|
|
}
|
|
}
|
|
|
|
function deleteUser($theUserId) {
|
|
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$theUserId'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
$userToDelIsAdmin = false;
|
|
if ($numberOfEntries == 1) {
|
|
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
|
|
if(intval($zeile['is_admin']) == 1) {
|
|
$userToDelIsAdmin = true;
|
|
}
|
|
}
|
|
mysqli_free_result($dbresult);
|
|
|
|
if ($userToDelIsAdmin && !($this->isCurrentUserAdmin())) {
|
|
echo json_encode("noadmin");
|
|
} else {
|
|
$sql = "SELECT id FROM %user% WHERE active='1' AND is_admin='1' AND id <> '$theUserId'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfOtherAdmins = mysqli_num_rows($dbresult);
|
|
mysqli_free_result($dbresult);
|
|
if (($numberOfOtherAdmins == 0) && $userToDelIsAdmin) {
|
|
echo json_encode("lastadmin");
|
|
} else {
|
|
$userSql = "UPDATE %user% set active='0' WHERE id='$theUserId'";
|
|
$dbresult = $this->dbutils->performSqlCommand($userSql);
|
|
|
|
$this->histfiller->updateOneUser($theUserId);
|
|
|
|
echo json_encode("OK");
|
|
}
|
|
}
|
|
}
|
|
|
|
function getCurrentUser() {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
if (!isset($_SESSION['angemeldet']) || !$_SESSION['angemeldet']) {
|
|
// no user logged in
|
|
echo json_encode("Nobody");
|
|
} else {
|
|
echo json_encode($_SESSION['currentuser']);
|
|
}
|
|
}
|
|
|
|
function changepassword($userid,$password) {
|
|
$sql = "SELECT is_admin FROM %user% WHERE active='1' AND id='$userid'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
$userToChgPassIsAdm = false;
|
|
if ($numberOfEntries == 1) {
|
|
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
|
|
if(intval($zeile['is_admin']) == 1) {
|
|
$userToChgPassIsAdm = true;
|
|
}
|
|
}
|
|
mysqli_free_result($dbresult);
|
|
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$otherUser = false;
|
|
if ($_SESSION['userid'] != $userid) {
|
|
$otherUser = true;
|
|
}
|
|
|
|
if ($otherUser && $userToChgPassIsAdm && !($this->isCurrentUserAdmin())) {
|
|
echo json_encode("noadmin");
|
|
} else {
|
|
$password_hash = md5($password);
|
|
$userSql = "UPDATE %user% set userpassword='$password_hash' WHERE active='1' AND id='$userid'";
|
|
$dbresult = $this->dbutils->performSqlCommand($userSql);
|
|
echo json_encode("OK");
|
|
}
|
|
}
|
|
|
|
function setUserLanguage($language) {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$currentuser = $_SESSION['currentuser'];
|
|
$_SESSION['language'] = intval($language);
|
|
|
|
$userSql = "UPDATE %user% set language='$language' WHERE active='1' AND username='$currentuser'";
|
|
$dbresult = $this->dbutils->performSqlCommand($userSql);
|
|
echo json_encode("OK");
|
|
}
|
|
|
|
function setUserReceiptPrinter($printer) {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$currentuser = $_SESSION['currentuser'];
|
|
$_SESSION['receiptprinter'] = intval($printer);
|
|
|
|
$userSql = "UPDATE %user% set receiptprinter='$printer' WHERE active='1' AND username='$currentuser'";
|
|
$dbresult = $this->dbutils->performSqlCommand($userSql);
|
|
echo json_encode("OK");
|
|
}
|
|
|
|
function setBtnSize($btn,$size) {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$currentuser = $_SESSION['currentuser'];
|
|
$assoc = array ("0" => "roombtnsize","1" => "tablebtnsize","2" => "prodbtnsize");
|
|
|
|
$_SESSION[$assoc[$btn]] = intval($size);
|
|
$userSql = "UPDATE %user% set " . $assoc[$btn] . "='$size' WHERE active='1' AND username='$currentuser'";
|
|
$dbresult = $this->dbutils->performSqlCommand($userSql);
|
|
echo json_encode("OK");
|
|
}
|
|
|
|
function changeOwnPassword($oldpassword,$newpassword) {
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$currentuser = $_SESSION['currentuser'];
|
|
$oldp_hash = md5($oldpassword);
|
|
|
|
$ok = true;
|
|
|
|
// is old password correct?
|
|
$sql = "SELECT userpassword FROM %user% WHERE username='$currentuser' AND active='1'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
$numberOfEntries = mysqli_num_rows($dbresult);
|
|
if ($numberOfEntries == 1) {
|
|
$zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC);
|
|
if ($zeile['userpassword'] != $oldp_hash) {
|
|
$ok = false;
|
|
}
|
|
} else {
|
|
// user not found
|
|
$ok = false;
|
|
}
|
|
mysqli_free_result($dbresult);
|
|
|
|
if ($ok) {
|
|
// allowed to change password
|
|
$newp_hash = md5($newpassword);
|
|
$sql = "UPDATE %user% set userpassword='$newp_hash' WHERE active='1' AND username='$currentuser'";
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
echo json_encode("OK");
|
|
} else {
|
|
echo json_encode("FAILED");
|
|
}
|
|
}
|
|
|
|
private function writeCsvHeader($defaultFilename) {
|
|
header("Content-type: text/x-csv");
|
|
header("Content-Disposition: attachment; filename=$defaultFilename");
|
|
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
|
|
header("Pragma: no-cache");
|
|
header("Expires: 0");
|
|
}
|
|
|
|
private function exportConfigCsv() {
|
|
$this->writeCsvHeader("datenexport-config.csv");
|
|
|
|
echo("Eintragsid; Datum ; Konfiguration; Wert;Beschreibung\n");
|
|
|
|
$sql = "SELECT DISTINCT %hist%.id as id,date,";
|
|
$sql .= "%config%.name as configitem,%histconfig%.setting as setting,description ";
|
|
$sql .= " FROM %hist%, %histconfig%, %histactions%, %config% ";
|
|
$sql .= " WHERE (refid=%histconfig%.id) ";
|
|
$sql .= " AND %histconfig%.configid = %config%.id ";
|
|
$sql .= " AND (action='2' OR action='6') ";
|
|
$sql .= " AND (action=%histactions%.id) ";
|
|
$sql .= " ORDER BY date,id";
|
|
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
|
|
$val1 = $zeile['id'];
|
|
$val2 = $zeile['date'];
|
|
$val3 = $zeile['configitem'];
|
|
$val4 = str_replace("\r\n","<CR>",$zeile['setting']);
|
|
$val4 = str_replace("\n","<CR>",$val4);
|
|
$val5 = $zeile['description'];
|
|
|
|
echo "$val1; $val2; \"$val3\"; \"$val4\"; \"$val5\"\n";
|
|
}
|
|
mysqli_free_result( $dbresult );
|
|
}
|
|
|
|
private function exportUserCsv() {
|
|
$this->writeCsvHeader("datenexport-benutzer.csv");
|
|
|
|
echo("Eintragsid; Datum ; Benutzerid; Benutzername; Adminrechte; Kellnerrechte;Kuechenrechte; Barrechte; Bereitstellungsrechte; Kassenrechte; Reportrechte; Kassenbonrechte; Angebotsrechte; Beurteilungsrechte; Preisänderungsrechte; Managerrechte; Aktiviert\n");
|
|
|
|
$sql = "SELECT DISTINCT %hist%.id as id,date,";
|
|
$sql .= "userid,username,is_admin,right_waiter,right_kitchen,right_bar,right_supply,";
|
|
$sql .= "right_paydesk,right_statistics,right_bill,right_products,right_rating,right_changeprice,right_manager,active,";
|
|
$sql .= "description ";
|
|
$sql .= " FROM %hist%, %histuser%, %histactions% ";
|
|
$sql .= " WHERE (refid=%histuser%.id) ";
|
|
$sql .= " AND (action='3' OR action='7' OR action='8') ";
|
|
$sql .= " AND (action=%histactions%.id) ";
|
|
$sql .= " ORDER BY date,id";
|
|
|
|
$dbresult = $this->dbutils->performSqlCommand($sql);
|
|
while ($zeile = mysqli_fetch_array( $dbresult, MYSQL_ASSOC)) {
|
|
$val1 = $zeile['id'];
|
|
$val2 = $zeile['date'];
|
|
$val3 = $zeile['userid'];
|
|
$val4 = $zeile['username'];
|
|
$val5 = ($zeile['is_admin'] == '1' ? "Ja" : "Nein");
|
|
$val6 = ($zeile['right_waiter'] == '1' ? "Ja" : "Nein");
|
|
$val7 = ($zeile['right_kitchen'] == '1' ? "Ja" : "Nein");
|
|
$val8 = ($zeile['right_bar'] == '1' ? "Ja" : "Nein");
|
|
$val9 = ($zeile['right_supply'] == '1' ? "Ja" : "Nein");
|
|
$val10 = ($zeile['right_paydesk'] == '1' ? "Ja" : "Nein");
|
|
$val11 = ($zeile['right_statistics'] == '1' ? "Ja" : "Nein");
|
|
$val12 = ($zeile['right_bill'] == '1' ? "Ja" : "Nein");
|
|
$val13 = ($zeile['right_products'] == '1' ? "Ja" : "Nein");
|
|
$val14 = ($zeile['right_rating'] == '1' ? "Ja" : "Nein");
|
|
$val15 = ($zeile['right_changeprice'] == '1' ? "Ja" : "Nein");
|
|
$val16 = ($zeile['right_manager'] == '1' ? "Ja" : "Nein");
|
|
$val17 = ($zeile['active'] == '1' ? "Ja" : "Nein");
|
|
$val18 = $zeile['description'];
|
|
|
|
echo "$val1; $val2; $val3; $val4; $val5; $val6; $val7; $val8; $val9; $val10;";
|
|
echo "$val11;$val12;$val13;$val14;$val15;$val16;$val17;$val18\n";
|
|
}
|
|
mysqli_free_result( $dbresult );
|
|
}
|
|
|
|
/**
|
|
* Create a temporary directory in PHP's temp folder
|
|
*/
|
|
private function createDirectoryInTemp($tmpFolder) {
|
|
$tmpFolder = trim($tmpFolder);
|
|
if ($tmpFolder == "") {
|
|
$tempfile=tempnam(sys_get_temp_dir(),'');
|
|
} else {
|
|
$tempfile=tempnam($tmpFolder,'');
|
|
}
|
|
|
|
if (is_null($tempfile) || ($tempfile== "")) {
|
|
return null;
|
|
}
|
|
|
|
if (file_exists($tempfile)) { unlink($tempfile); }
|
|
mkdir($tempfile);
|
|
if (is_dir($tempfile)) {
|
|
$tempfile = str_replace('\\','/',$tempfile);
|
|
return $tempfile;
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
private function getConfigTablesToBackupRestore() {
|
|
return array("logo","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config","user","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods");
|
|
}
|
|
|
|
private function getAllTablesToBackupRestore() {
|
|
return array("closing","logo","printjobs","ratings","work","payment","room","resttables","tablepos","tablemaps","pricelevel","prodtype","products","config",
|
|
"user","reservations","bill","queue","billproducts","comments","histprod","histconfig","histuser","histactions","hist","extras","extrasprods","queueextras");
|
|
}
|
|
|
|
public function backup($theType) {
|
|
date_default_timezone_set(DbUtils::getTimeZone());
|
|
$nowtime = date('Y-m-d');
|
|
|
|
ini_set('memory_limit', '1000M');
|
|
|
|
$pdo = DButils::openDbAndReturnPdoStatic();
|
|
$pdo->beginTransaction();
|
|
|
|
$genInfo = $this->getGeneralConfigItems(false, $pdo);
|
|
$version = $genInfo["version"];
|
|
$fileName = "backup-" . $version . "_" . $nowtime . "-configuration.json";
|
|
if ($theType == "all") {
|
|
$fileName = "backup-" . $version . "_" . $nowtime . "-all.json";
|
|
}
|
|
|
|
if ($theType == "configuration") {
|
|
$tables = $this->getConfigTablesToBackupRestore();
|
|
} else {
|
|
$histFiller = new HistFiller();
|
|
$histFiller->insertSaveHistEntry($pdo);
|
|
$tables = $this->getAllTablesToBackupRestore();
|
|
}
|
|
|
|
$binaryFields = array("signature","img","setting","content");
|
|
$dbcontent = array();
|
|
foreach($tables as $table) {
|
|
$sql = "DESCRIBE %$table%";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute();
|
|
$fields = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
|
|
|
|
|
$fieldstr = implode(",",$fields);
|
|
$sql = "SELECT $fieldstr from %$table%";
|
|
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute();
|
|
$result = $stmt->fetchAll();
|
|
|
|
$tableContent = array();
|
|
foreach($result as $row) {
|
|
$fieldContent = array();
|
|
foreach($fields as $field) {
|
|
if (in_array($field,$binaryFields)) {
|
|
$aFieldEntry = array("fieldname" => $field,"value" => base64_encode($row[$field]));
|
|
} else {
|
|
$aFieldEntry = array("fieldname" => $field,"value" => $row[$field]);
|
|
}
|
|
$fieldContent[] = $aFieldEntry;
|
|
};
|
|
$tableContent[] = $fieldContent;
|
|
}
|
|
|
|
$dbcontent[] = array("table" => $table, "content" => $tableContent);
|
|
}
|
|
|
|
$pdo->commit();
|
|
|
|
$retStr = json_encode($dbcontent);
|
|
|
|
ob_start();
|
|
header("Pragma: public");
|
|
header("Expires: 0");
|
|
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
|
|
header("Cache-Control: public");
|
|
header("Content-Description: File Transfer");
|
|
header("Content-type: application/octet-stream");
|
|
header("Content-Disposition: attachment; filename=\"$fileName\"");
|
|
header("Content-Transfer-Encoding: binary");
|
|
header("Content-Length: ". strlen($retStr));
|
|
|
|
echo $retStr;
|
|
ob_end_flush();
|
|
}
|
|
|
|
private function restore() {
|
|
if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK //checks for errors
|
|
&& is_uploaded_file($_FILES['userfile']['tmp_name'])) { //checks that file is uploaded
|
|
header("Location: ../infopage.html?e=manager.html=Kann_Datei_nicht_laden.");
|
|
exit();
|
|
}
|
|
|
|
if(!file_exists($_FILES['userfile']['tmp_name']) || !is_uploaded_file($_FILES['userfile']['tmp_name'])) {
|
|
header("Location: ../infopage.html?e=manager.html=Datei_nicht_angegeben.");
|
|
exit();
|
|
}
|
|
|
|
ini_set('memory_limit', '1000M');
|
|
|
|
$binaryFields = array("signature","img","setting","content");
|
|
|
|
$content = file_get_contents($_FILES['userfile']['tmp_name']);
|
|
|
|
$basedb = new Basedb();
|
|
$basedb->setPrefix(TAB_PREFIX);
|
|
$basedb->setTimeZone(DbUtils::getTimeZone());
|
|
|
|
set_time_limit(60*5);
|
|
|
|
$pdo = DbUtils::openDbAndReturnPdoStatic();
|
|
$pdo->beginTransaction();
|
|
|
|
$genInfo = $this->getGeneralConfigItems(false, $pdo);
|
|
$version = $genInfo["version"];
|
|
|
|
$timezone = DbUtils::getTimeZone();
|
|
|
|
$basedb->dropTables($pdo);
|
|
|
|
$basedb->createEmptyTables($pdo);
|
|
|
|
$dbContent = json_decode($content,true);
|
|
|
|
$typeIsOnlyConfig = true;
|
|
|
|
foreach($dbContent as $table) {
|
|
$tablename = "%" . $table['table'] . "%";
|
|
$tablecontent = $table['content'];
|
|
|
|
if ($table['table'] == "queue") {
|
|
$typeIsOnlyConfig = false;
|
|
}
|
|
|
|
if ($table['table'] == "bill") {
|
|
$sql = "SET FOREIGN_KEY_CHECKS = 0";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute();
|
|
}
|
|
|
|
foreach($tablecontent as $row) {
|
|
$cols = array();
|
|
$vals = array();
|
|
$quests = array();
|
|
foreach ($row as $field) {
|
|
$fieldname = $field['fieldname'];
|
|
$cols[] = $fieldname;
|
|
if (in_array($fieldname, $binaryFields)) {
|
|
$vals[] = base64_decode($field['value']);
|
|
} else {
|
|
$vals[] = $field['value'];
|
|
}
|
|
|
|
$quests[] = '?';
|
|
}
|
|
$colstr = implode(",",$cols);
|
|
|
|
$queststr = implode(",",$quests);
|
|
$sql = "INSERT INTO $tablename ($colstr) VALUES ($queststr)";
|
|
$stmt = $pdo->prepare($this->dbutils->resolveTablenamesInSqlString($sql));
|
|
|
|
$stmt->execute($vals);
|
|
}
|
|
|
|
if ($table['table'] == "bill") {
|
|
$sql = "SET FOREIGN_KEY_CHECKS = 1";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute();
|
|
}
|
|
}
|
|
|
|
if (!$typeIsOnlyConfig) {
|
|
$histFiller = new HistFiller();
|
|
$histFiller->insertRestoreHistEntry($pdo);
|
|
}
|
|
|
|
$basedb->signLastBillid($pdo);
|
|
|
|
$setVersion = "update %config% set setting=? where name='version'";
|
|
$stmt = $pdo->prepare($basedb->resolveTablenamesInSqlString($setVersion));
|
|
$stmt->execute(array($version));
|
|
|
|
$sql = "SELECT name FROM %config% WHERE name=?";
|
|
$stmt = $pdo->prepare(DbUtils::substTableAlias($sql));
|
|
$stmt->execute(array("timezone"));
|
|
$row = $stmt->fetchObject();
|
|
if ($stmt->rowCount() == 0) {
|
|
$this->changeOneConfigDbItem($pdo, "timezone", $timezone, "%config%", true);
|
|
}
|
|
$pdo->commit();
|
|
|
|
// logout (by the restore other user or rights may have been applied)
|
|
if(session_id() == '') {
|
|
session_start();
|
|
}
|
|
$_SESSION = array();
|
|
// Swipe via memory
|
|
if (ini_get("session.use_cookies")) {
|
|
// Prepare and swipe cookies
|
|
$params = session_get_cookie_params();
|
|
// clear cookies and sessions
|
|
setcookie(session_name(), '', time() - 42000,
|
|
$params["path"], $params["domain"],
|
|
$params["secure"], $params["httponly"]
|
|
);
|
|
}
|
|
|
|
ini_set('session.gc_max_lifetime', 0);
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_divisor', 1);
|
|
|
|
session_destroy();
|
|
|
|
header("Location: ../infopage.html?i=index.html=Import_war_erfolgreich."); /* Browser umleiten */
|
|
exit;
|
|
}
|
|
|
|
private function shutdown() {
|
|
try {
|
|
if (substr(php_uname(), 0, 7) == "Windows"){
|
|
$comd = "shutdown /s /t 10";
|
|
pclose(popen("start /B ". $cmd, "r"));
|
|
}
|
|
else {
|
|
chmod("shutdown.bat", "700");
|
|
$cmd = "sh < shutdown.bat";
|
|
exec($cmd . " > /dev/null &");
|
|
}
|
|
echo json_encode(array("status" => "OK"));
|
|
} catch(Exception $e) {
|
|
echo json_encode(array("status" => "ERROR", "code" => ERROR_SCRIPT_NOT_EXECUTABLE, "msg" => ERROR_SCRIPT_NOT_EXECUTABLE_MSG));
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
?>
|