mattia/mordApp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
MatMasIt 2021-08-13 16:38:27 +02:00 committed by GitHub
parent af714f60df
commit 442aad9449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 8393 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
07abd9b090f514cbce89b2a932b2ec9f/db.db Normal file
View File

Binary file not shown.

23
ajax.php Normal file
View File

@ -0,0 +1,23 @@
<?php
//resend updated data
require("lib.php");
$u = use_token($_POST["sessionToken"]);
if (!$u["isStaff"]) die(json_encode(["ok" => false, "data" => []]));
$data = wrapperStaffOrders();
switch ($_POST["action"]) {
case "delete":
if (!deleteOrder($_POST["sessionToken"], $_POST["id"])) die(json_encode(["ok" => false, "data" => $data]));
$data = wrapperStaffOrders();
die(json_encode(["ok" => true, "data" => $data]));
break;
case "pay":
setPayed($_POST["sessionToken"], $_POST["id"], true);
$data = wrapperStaffOrders();
die(json_encode(["ok" => true, "data" => $data]));
break;
case "unpay":
setPayed($_POST["sessionToken"], $_POST["id"], false);
$data = wrapperStaffOrders();
die(json_encode(["ok" => true, "data" => $data]));
break;
}

24
email.template Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<title>TITLE</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<body>
<div class="w3-container w3-padding-32 w3-theme-d1">
<h1>TITLE</h1>
</div>
<div class="w3-card">
CONTENT
</div>
<div class="w3-container w3-theme-d4">
<p class="w3-large">DATE</p>
</div>
</body>
</html>

BIN
images/food.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 210 KiB

BIN
images/logout.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
images/menu.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
images/personal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
images/stopwatch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 165 KiB

215
index.php Normal file
View File

@ -0,0 +1,215 @@
<?php
require("lib.php");
require("ui.php");
?>
<!DOCTYPE html>
<html>
<title>Mordapp</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://www.w3schools.com/lib/w3-theme-teal.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
<link href="https://unpkg.com/tabulator-tables@4.1.4/dist/css/tabulator.min.css" rel="stylesheet">
<script type="text/javascript" src="https://unpkg.com/tabulator-tables@4.1.4/dist/js/tabulator.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.js" integrity="sha512-qTXRIMyZIFb8iQcfjXWCO8+M5Tbc38Qi5WzdPOYZHIlZpzBHG3L3by84BBBOiRGiEb7KKtAOAs5qYdUiZiQNNQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css" integrity="sha512-5A8nwdMOWrSz20fDsjczgUidUBR8liPYU+WymTZP1lmY9G6Oc7HlZv156XqnsgNUzTyMefFTcsFH/tnJE/+xBg==" crossorigin="anonymous" referrerpolicy="no-referrer" />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-DHE2KP17BV"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-DHE2KP17BV');
</script>
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/iubenda_cs.js"/>
<link rel="preconnect" href="https://www.iubenda.com"/>
<link rel="preconnect" href="https://iubenda.mgr.consensu.org"/>
<link rel="preconnect" href="https://hits-i.iubenda.com"/>
<link rel="preload" as="script" href="https://cdn.iubenda.com/cs/tcf/stub-v2.js"/>
<script src="https://cdn.iubenda.com/cs/tcf/stub-v2.js"></script>
<script>
(_iub=self._iub||[]).csConfiguration={
cookiePolicyId: 16543360,
siteId: 2323189,
localConsentDomain: 'mordapp.altervista.org',
timeoutLoadConfiguration: 30000,
lang: 'it',
enableTcf: true,
tcfVersion: 2,
googleAdditionalConsentMode: true,
consentOnContinuedBrowsing: false,
banner: {
position: "bottom",
acceptButtonDisplay: true,
customizeButtonDisplay: true,
closeButtonDisplay: false,
fontSizeBody: "14px",
},
}
</script>
<script async src="https://cdn.iubenda.com/cs/iubenda_cs.js"></script>
<style>
@media (max-width: 639px) {
#iubenda-cs-banner.iubenda-cs-default .iubenda-cs-rationale {
height: 55vh !important;
min-height: 320px !important;
}
}
</style>
<body>
<?php
$nww=newViewCheck($_POST["sessionToken"],$_POST["action"]);
$newView=$nww===true;
$action = $_POST["action"] ?: $_GET["action"];
switch ($action) {
default:
UIauth();
break;
case "signUp":
UIsignedUp($_POST);
break;
case "verifyFirst":
if (firstVerify($_GET["token"])) echo '
<div class="w3-container w3-padding-32 w3-theme-d1">
<h1>Verifica effettuata</h1>
</div>
Account verificato e pronto all\'accesso <br /><a href=".">Ok</a>';
break;
case "signIn":
$token = login($_POST["email"], $_POST["password"]);
if ($res == "NOT_FOUND" || $res == "INCORRECT_PASSWORD") {
UIauth("<h2 style=\"color:red\">Credenziali errate</h2>");
break;
}
if ($res == "UNVERIFIED") {
UIauth("<h2 style=\"color:red\">Account non verificato</h2><a href=\"resend.php?email=" . htmlentities($_POST["email"]) . "\">Reinviare la mail di verifica?</a>");
break;
}
mainMenu($token);
break;
case "showOrders":
showOrders($_POST["sessionToken"]);
break;
case "editOrder":
editOrder($_POST["sessionToken"], $_POST["orderId"]);
break;
case "mainMenu":
mainMenu($_POST["sessionToken"]);
break;
case "saveOrder":
if(!$newView){
showOrders($_POST["sessionToken"]);
break;
}
$res = processOrder($_POST);
if ($res === true) {
showOrders($_POST["sessionToken"], '<h2 style="color:green">Salvato</h2>');
break;
}
if ($res === false) {
showOrders($_POST["sessionToken"], '<h2 style="color:red">Errore</h2>');
break;
}
if ($res === "INVALID_DATETIME_NO_DAY") {
showOrders($_POST["sessionToken"], '<h2 style="color:green">Giorno errato</h2>');
break;
}
if ($res === "INVALID_DATETIME_NO_TF") {
showOrders($_POST["sessionToken"], '<h2 style="color:green">Ora errata</h2>');
break;
}
if ($res === "WRONG_DOMAIN") {
showOrders($_POST["sessionToken"], '<h2 style="color:green">L\'email deve essere @liceococito.it</h2>');
break;
}
if ($res === "NO_CLASS") {
showOrders($_POST["sessionToken"], '<h2 style="color:green">Classe errata</h2>');
break;
}
break;
case "deleteOrder":
$res = deleteOrder($_POST["sessionToken"], $_POST["orderId"]);
if ($res === true) {
showOrders($_POST["sessionToken"], '<h2 style="color:green">Cancellato</h2>');
break;
}
if ($res === false) {
showOrders($_POST["sessionToken"], '<h2 style="color:red">Errore</h2>');
break;
}
break;
case "manageAccount":
manageAccount($_POST["sessionToken"]);
break;
case "manageSave":
if(!$newView){
mainMenu($_POST["sessionToken"]);
break;
}
$res = manageSave($_POST["sessionToken"], $_POST);
if ($res === false) {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
break;
}
if ($res === "INVALID_EMAIL") {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">Email non valida</h2>');
break;
}
if ($res === "WRONG_DOMAIN") {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">L\'email deve essere @liceococito.it</h2>');
break;
}
if ($res === "NO_CLASS") {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">Classe errata</h2>');
break;
}
mainMenu($_POST["sessionToken"]);
break;
case "showOrdersSTAFF":
showOrdersSTAFF($_POST["sessionToken"]);
break;
case "timeframesSTAFF":
timeframesView($_POST["sessionToken"]);
break;
case "saveTimefs":
if(!$newView){
mainMenu($_POST["sessionToken"]);
break;
}
$res = saveTimefs($_POST["sessionToken"], $_POST["data"]);
if ($res === false) {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
break;
}
mainMenu($_POST["sessionToken"]);
break;
case "menuSTAFF":
dishesStaff($_POST["sessionToken"]);
break;
case "processDishes":
if(!$newView){
mainMenu($_POST["sessionToken"]);
break;
}
$res = processDishes($_POST);
if ($res === false) {
mainMenu($_POST["sessionToken"], '<h2 style="color:green">Errore</h2>');
break;
}
mainMenu($_POST["sessionToken"]);
break;
}
?>
<div class="w3-container w3-theme-d4">
<p class="w3-large">Mattia Mascarello, <?php echo date("Y"); ?></p>
<a href="https://www.iubenda.com/privacy-policy/16543360" rel="noreferrer nofollow" target="_blank">Privacy Policy</a>
- <a href="#" role="button" class="iubenda-advertising-preferences-link">Personalizza tracciamento</a>
</div>
</body>
</html>

648
lib.php Normal file
View File

@ -0,0 +1,648 @@
<?php
if (!function_exists('str_contains')) {
function str_contains($haystack, $needle)
{
return $needle !== '' && mb_strpos($haystack, $needle) !== false;
}
}
function pdomake()
{
return new PDO("sqlite:07abd9b090f514cbce89b2a932b2ec9f/db.db");
}
$GLOBALS["classesWhitelist"] = [
"1A",
"1B",
"1C",
"1D",
"1E",
"1F",
"1G",
"1H",
"1I",
"1J",
"1K",
"1L",
"1M",
"1N",
"1O",
"1P",
"1Q",
"1R",
"1S",
"1T",
"1U",
"1V",
"1W",
"1X",
"1Y",
"1Z",
"2A",
"2B",
"2C",
"2D",
"2E",
"2F",
"2G",
"2H",
"2I",
"2J",
"2K",
"2L",
"2M",
"2N",
"2O",
"2P",
"2Q",
"2R",
"2S",
"2T",
"2U",
"2V",
"2W",
"2X",
"2Y",
"2Z",
"3A",
"3B",
"3C",
"3D",
"3E",
"3F",
"3G",
"3H",
"3I",
"3J",
"3K",
"3L",
"3M",
"3N",
"3O",
"3P",
"3Q",
"3R",
"3S",
"3T",
"3U",
"3V",
"3W",
"3X",
"3Y",
"3Z",
"4A",
"4B",
"4C",
"4D",
"4E",
"4F",
"4G",
"4H",
"4I",
"4J",
"4K",
"4L",
"4M",
"4N",
"4O",
"4P",
"4Q",
"4R",
"4S",
"4T",
"4U",
"4V",
"4W",
"4X",
"4Y",
"4Z",
"Docente",
"Altro"
];
function endsWith($haystack, $needle)
{
$length = strlen($needle);
return $length > 0 ? substr($haystack, -$length) === $needle : true;
}
function new_account($email, $name, $password, $classe)
{
$email = trim(mb_strtolower($email));
if (!in_array($classe, $GLOBALS["classesWhitelist"])) return "NO_CLASS";
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE email=:email");
$q->execute([":email" => $email]);
if ($q->fetch() != null) return "ALREADY_EXISTS";
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) return "INVALID_EMAIL";
if (!endsWith($email, "@liceococito.it")) return "WRONG_DOMAIN";
$st = bin2hex(random_bytes(16));
$q = $p->prepare("INSERT INTO Users(name,email,passwordHash,classe,verified,isStaff,createdAt,emailToken) VALUES (:name,:email,:passwordHash,:classe,:verified,:isStaff,:createdAt,:emailToken)");
$q->execute([
":name" => $name,
":email" => $email,
":passwordHash" => password_hash($password, PASSWORD_DEFAULT),
":classe" => $classe,
":verified" => 0,
":createdAt" => time(),
":isStaff" => 0,
":emailToken" => $st
]);
return $st;
}
function login($email, $password)
{
$email=mb_strtolower(trim($email));
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE email=:email");
$q->execute([":email" => $email]);
$u = $q->fetch();
if ($u == null) return "NOT_FOUND";
if (!password_verify($password, $u["passwordHash"])) return "INCORRECT_PASSWORD";
if (!$u["verified"]) return "UNVERIFIED";
$q = $p->prepare("UPDATE Users SET token=:token, lastLogin=:lastLogin WHERE id=:id");
$st = bin2hex(random_bytes(16));
$q->execute([
":id" => $u["id"],
":token" => $st,
":lastLogin" => time()
]);
return $st;
}
function firstVerify($token)
{
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE emailToken=:et");
$q->execute([":et" => $token]);
$u = $q->fetch();
if (!$u) return false;
$q = $p->prepare("UPDATE Users SET emailToken=:etN, verified=:verified WHERE emailToken=:et");
$q->execute([":et" => $token, ":etN" => bin2hex(random_bytes(16)), ":verified" => time()]);
return true;
}
function setPayed($token, $orderId, $payedHow = true)
{
$p = pdomake();
$u = use_token($token);
if ($u == null || !$u["isStaff"]) return false;
$q = $p->prepare("UPDATE Orders SET payed=:payed WHERE id=:id");
$q->execute([
":id" => $orderId,
":payed" => (int)$payedHow
]);
}
function use_token($token)
{
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE token=:token");
$q->execute([":token" => $token]);
$u = $q->fetch();
return $u;
}
function userById($id)
{
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE id=:id");
$q->execute([":id" => $id]);
$u = $q->fetch();
return $u;
}
function invalidate_token($token)
{
$p = pdomake();
$q = $p->prepare("UPDATE Users SET token=:token WHERE token=:oldToken");
$st = bin2hex(random_bytes(16));
$q->execute([
":token" => $st,
":oldToken" => $token
]);
}
function listMyOrders($token)
{ // only for users, there will be a function for staff
$p = pdomake();
$u = use_token($token);
if ($u == null) return false;
$q = $p->prepare("SELECT * FROM Orders WHERE userId=:id AND payed=0");
$q->execute([
":id" => $u["id"]
]);
$list = $q->fetchAll(PDO::FETCH_ASSOC);
$final = [];
foreach ($list as $e) {
$e["dishes"] = [];
$q = $p->prepare("SELECT * FROM OrderDishes WHERE orderId=:id");
$q->execute([
":id" => $e["id"]
]);
$dList = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($dList as $d) {
$qI = $p->prepare("SELECT * FROM Dishes WHERE id=:id");
$qI->execute([
":id" => $d["dishId"]
]);
$dI = $qI->fetch(PDO::FETCH_ASSOC);
if (!$dI) continue;
unset($d["dishId"]);
$e["dishes"][] = array_merge($d, $dI);
}
$final[] = $e;
}
return $final;
}
function listStaffOrders($token, $data)
{ // only for users, there will be a function for staff
$p = pdomake();
$u = use_token($token);
if ($u == null || !$u["isStaff"]) return false;
if (!empty($data["datetime"])) $addition = " AND datetime > " . ((int)$data["datetime"]) . " AND datetime < " . strtotime($data["day"] . " 23:59") . " ";
if (isset($data["payed"]) && $data["payed"] != 2) {
$addition .= " AND payed=" . ((int)$data["payed"]) . " ";
}
$sql = "SELECT * FROM Orders WHERE 1=1 " . $addition;
$q = $p->prepare($sql);
$q->execute();
$list = $q->fetchAll(PDO::FETCH_ASSOC);
$final = [];
foreach ($list as $e) {
$e["dishes"] = [];
$addition = "";
$q = $p->prepare("SELECT * FROM OrderDishes WHERE orderId=:id ");
$q->execute([
":id" => $e["id"]
]);
$dList = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($dList as $d) {
$qI = $p->prepare("SELECT * FROM Dishes WHERE id=:id");
$qI->execute([
":id" => $d["dishId"]
]);
$dI = $qI->fetch(PDO::FETCH_ASSOC);
if (!$dI) continue;
unset($d["dishId"]);
$e["dishes"][] = array_merge($d, $dI);
}
$final[] = $e;
}
return $final;
}
function getOrder($token, $Oid)
{
$p = pdomake();
$u = use_token($token);
if ($u == null) return false;
$q = $p->prepare("SELECT * FROM Orders WHERE id=:Oid ");
$q->execute([
":Oid" => $Oid
]);
$list = $q->fetchAll(PDO::FETCH_ASSOC);
$final = [];
foreach ($list as $e) {
$e["dishes"] = [];
$q = $p->prepare("SELECT * FROM OrderDishes WHERE orderId=:id");
$q->execute([
":id" => $e["id"]
]);
$dList = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($dList as $d) {
$qI = $p->prepare("SELECT * FROM Dishes WHERE id=:id");
$qI->execute([
":id" => $d["dishId"]
]);
$dI = $qI->fetch(PDO::FETCH_ASSOC);
if (!$dI) continue;
unset($d["dishId"]);
$e["dishes"][] = array_merge($d, $dI);
}
$final[] = $e;
}
$r = $final[0];
if (!$u["isStaff"] && $r["payed"]) return false;
return $r;
}
function listDishes($orderId)
{
$p = pdomake();
$q = $p->prepare("SELECT * FROM OrderDishes WHERE orderId=:Oid");
$st = bin2hex(random_bytes(16));
$q->execute([
":Oid" => $orderId
]);
return $q->fetchAll();
}
function email($title, $body, $email, $name)
{
// Subject
$message = file_get_contents("email.template");
$message = str_replace("TITLE", $title, $message);
$message = str_replace("CONTENT", $body, $message);
$message = str_replace("DATE", date("d/m/Y"), $message);
// To send HTML mail, the Content-type header must be set
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-type: text/html; charset=UTF-8';
// Additional headers
$headers[] = 'To: ' . $name . ' <' . $email . '>';
$headers[] = 'From: Mordapp <mordapp@altervista.org>';
//file_put_contents("email/" . time() . ".html", $message);
// Mail it
@mail($email, $title, $message, implode("\r\n", $headers));
}
function timeFhours($d)
{
$d *= 60;
$hour = floor($d / 3600);
$min = floor(($d / 60) % 60);
$hour = str_pad($hour, 2, "0", STR_PAD_LEFT);
$min = str_pad($min, 2, "0", STR_PAD_LEFT);
return "$hour:$min";
}
function computeTimeframes()
{
$f = file("timeframes.csv");
$days = ["Lunedì", "Martedì", "Mercoledì", "Giovedì", "Venrdì", "Sabato", "Domenica"];
$months = ["Gennaio", "Febbraio", "Marzo", "Aprile", "Maggio", "Giugno", "Luglio", "Agosto", "Settembre", "Ottobre", "Novembre", "Dicembre"];
$daysEng = ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"];
$whatDays = [];
$perDay = [];
$all = [];
$i = 0;
foreach ($f as $l) {
if ($i == 0) {
$i++;
continue;
}
$ld = explode(",", $l);
$whatDays[] = $daysEng[$ld[0]];
$perDay[$daysEng[$ld[0]]][] = ["begin" => ["value" => (int)$ld[1], "label" => timeFhours((int)$ld[1])], "end" => ["value" => (int)$ld[2], "label" => timeFhours((int)$ld[2])], "block" => ["value" => (int)$ld[3], "label" => timeFhours((int)$ld[3])]];
$i++;
}
$startDate = strtotime("today");
$endDate = strtotime((date("Y") + 1) . "-01-01");
for ($i = $startDate; $i <= $endDate; $i = strtotime('+1 day', $i)) {
if (in_array(strtolower(date("l", $i)), $whatDays) && count($perDay[strtolower(date("l", $i))])) {
if (date("d-m-Y") == date("d-m-Y", $i)) {
$min = -100000;
//is there at least one TimeFrame for today left?
foreach ($perDay[strtolower(date("l", $i))] as $ed) {
$q = min($ed["begin"]["value"], $ed["end"]["value"]);
$min = max($min, $q);
}
$now = date("H") * 60 + date("m");
if ($min > $now) continue;
}
$all[] = ["value" => $i, "label" => $days[date("N", $i) - 1] . " " . date("d", $i) . " " . $months[date("m", $i) - 1] . " " . date("Y", $i)];
}
}
return ["all" => $all, "times" => $perDay];
}
function validateDatetimeBegin($dt)
{
$all = computeTimeframes();
$begin = strtotime("midnight", $dt);
$found = false;
foreach ($all["all"] as $a) {
if ($a["value"] == $begin) {
$found = true;
break;
}
}
if (!$found) return "NO_DAY";
$found = false;
foreach ($all["times"][strtolower(date("l", $dt))] as $tf) {
if ($tf["begin"]["value"] * 60 == ($dt - $begin)) {
$found = true;
break;
}
}
if (!$found) return "NO_TF";
return "OK";
}
function processOrder($data)
{
$all = computeTimeframes();
$data["datetime"] = $data["day"] + $all["times"][strtolower(date("l", $data["day"]))][(int)$data["timeFrames"]]["begin"]["value"] * 60;
$p = pdomake();
$u = use_token($data["sessionToken"]);
if ($u == null) return false;
$vr = validateDatetimeBegin($data["datetime"]);
if ($vr != "OK") return "INVALID_DATETIME_" . $vr;
$dishes = [];
$dishsesKeys = [];
foreach ($data as $key => $val) {
$n = explode("OF", $key)[1];
if (!str_contains($key, "OF") || $data["qtyOF" . $n] < 1) continue;
$dishsesKeys[] = $n;
}
$dishsesKeys = array_unique($dishsesKeys);
foreach ($dishsesKeys as $d) {
$q = $p->prepare("SELECT * FROM Dishes WHERE id=:id");
$q->execute([
":id" => $d
]);
if (!count($q->fetchAll(PDO::FETCH_ASSOC))) return "ID_MISMATCH";
$dishes[] = ["id" => $d, "qty" => $data["qtyOF" . $d] ?: 0, "notes" => $data["notesOF" . $d] ?: ""];
}
if (count($dishes) == 0) {
deleteOrder($data["sessionToken"], $data["orderId"]);
return true;
}
if ($data["orderId"] == "NEW") {
$q = $p->prepare("INSERT INTO Orders(datetime,userId,notes,payed,createdAt) VALUES (:datetime,:userId,:notes,:payed,:createdAt)");
$q->execute([
":datetime" => $data["datetime"],
":userId" => $u["id"],
":notes" => $data["orderNotes"],
":payed" => 0,
":createdAt" => time()
]);
$lId = $p->lastInsertId();
if (!$lId) return "ERROR_INSERT";
foreach ($dishes as $d) {
$q = $p->prepare("INSERT INTO OrderDishes(orderId,dishId,dishQty,dishNotes) VALUES (:orderId,:dishId,:dishQty,:dishNotes)");
$q->execute([
":orderId" => $lId,
":dishId" => $d["id"],
":dishQty" => $d["qty"],
":dishNotes" => $d["notes"]
]);
}
} else {
$o = getOrder($data["sessionToken"], $data["orderId"]);
if (!$o) return "NO_ID";
$q = $p->prepare("UPDATE Orders SET datetime=:datetime, userId=:userId, notes=:notes, payed=:payed, createdAt=:createdAt WHERE id=:Oid");
$q->execute([
":datetime" => $data["datetime"],
":userId" => $u["id"],
":notes" => $data["orderNotes"],
":payed" => 0,
":createdAt" => time(),
":Oid" => $data["orderId"]
]);
$q = $p->prepare("DELETE FROM OrderDishes WHERE orderId=:Oid");
$q->execute([
":Oid" => $data["orderId"]
]);
foreach ($dishes as $d) {
$q = $p->prepare("INSERT INTO OrderDishes(orderId,dishId,dishQty,dishNotes) VALUES (:orderId,:dishId,:dishQty,:dishNotes)");
$q->execute([
":orderId" => $data["orderId"],
":dishId" => $d["id"],
":dishQty" => $d["qty"],
":dishNotes" => $d["notes"]
]);
}
}
return true;
}
function deleteOrder($token, $id)
{
$p = pdomake();
$u = use_token($token);
if ($u == null) return false;
$o = getOrder($token, $id);
if ($o["userId"] != $u["id"] && !$u["isStaff"]) return false;
$q = $p->prepare("DELETE FROM OrderDishes WHERE orderId=:Oid");
$q->execute([
":Oid" => $id
]);
$q = $p->prepare("DELETE FROM Orders WHERE id=:Oid");
$q->execute([
":Oid" => $id
]);
return true;
}
function manageSave($token, $data)
{
$p = pdomake();
$u = use_token($token);
if ($u == null) return false;
if (!filter_var($data["email"], FILTER_VALIDATE_EMAIL)) return "INVALID_EMAIL";
if (!endsWith($data["email"], "@liceococito.it") && endsWith($u["email"], "@liceococito.it")) return "WRONG_DOMAIN";
if (!in_array($data["classe"], $GLOBALS["classesWhitelist"])) return "NO_CLASS";
$q = $p->prepare("UPDATE Users SET name=:name, email=:email, classe=:classe WHERE id=:id");
$q->execute([
":id" => $u["id"],
":name" => $data["name"] ?: $u["name"],
":email" => $data["email"] ?: $u["email"],
":classe" => $data["classe"] ?: $u["classe"]
]);
return true;
}
function toNormalized($hhmm)
{
$ar = explode(":", $hhmm);
return $ar[0] * 60 + $ar[1];
}
function saveTimefs($st, $data)
{
$u = use_token($st);
if ($u == null || !$u["isStaff"]) return false;
$a = json_decode($data, true);
if (!$a) return false;
$s = "Giorno,Inizio,Fine,Blocco\n";
foreach ($a as $el) {
$s .= (array_search($el["day"], ["Lunedì", "Martedì", "Mercoledì", "Giovedì", "Venerdì", "Sabato", "Domenica"]) ?: 0) . "," . toNormalized($el["begTime"]) . "," . toNormalized($el["endTime"]) . "," . toNormalized($el["blockTime"]) . "\n";
}
file_put_contents("timeframes.csv", $s);
return true;
}
function wrapperStaffOrders()
{
$lst = [];
$_POST["datetime"] = strtotime($_POST["day"] . " " . $_POST["hour"]);
$list = listStaffOrders($_POST["sessionToken"], $_POST);
foreach ($list as $el) {
$u = userById($el["userId"]);
if ($u["classe"] != $_POST["classe"] && $_POST["classe"] != 0) continue;
$dishes = [];
$total = 0;
foreach ($el["dishes"] as $d) {
$d["total"] = $d["dishQty"] * $d["price"];
if($d["deleted"]) $d["name"].=" (cancellato dal menù il ".date("d/m/Y H:i:s",$d["deleted"]).")";
$dishes[] = $d;
$total += $d["total"];
}
$lst[] = [
"name" => htmlentities($u["name"]),
"class" => htmlentities($u["classe"]),
"datetime" => date("d/m/Y H:i:s", $el["datetime"]),
"createdAt" => date("d/m/Y H:i:s", $el["createdAt"]),
"dishes" => $dishes,
"notes" => htmlentities($el["notes"]),
"summary" => [[
"payed" => (bool)$el["payed"],
"total" => $total,
"id" => $el["id"]
]]
];
}
return $lst;
}
function processDishes($data)
{
$u = use_token($data["sessionToken"]);
if (!$u || !$u["isStaff"]) return UIauth("<h2 style=\"color:red\">Sessione invalida</h2>");
$a = json_decode($data["data"], true);
if (!$a) return false;
$p = pdomake();
$q = $p->prepare("SELECT * FROM Dishes WHERE deleted=0");
$q->execute();
$r = $q->fetchAll(PDO::FETCH_ASSOC);
$ids = [];
foreach ($a as $el) {
if (empty($el["id"])) {
$q = $p->prepare("INSERT INTO Dishes(name,price,deleted) VALUES(:name,:price,0)");
$q->execute([":name" => $el["name"], ":price" => $el["price"]]);
} else {
$q = $p->prepare("UPDATE Dishes SET name=:name, price=:price, deleted=0 WHERE id=:id");
$q->execute([":name" => $el["name"], ":price" => $el["price"], ":id"=>$el["id"]]);
$ids[]=(int)$el["id"];
}
}
foreach($r as $el){
if(!in_array((int)$el["id"],$ids)){
$q = $p->prepare("UPDATE Dishes SET deleted=:d WHERE id=:id");
$q->execute([":id"=>$el["id"],":d"=>time()]);
}
}
return true;
}
function newViewCheck($token,$view){
if(empty($token) || empty($view)) return "EMPTY";
$p = pdomake();
$q = $p->prepare("SELECT * FROM Users WHERE token=:token");
$q->execute([
":token" => $token
]);
$r = $q->fetchAll(PDO::FETCH_ASSOC)[0];
if(!$r) return true;
if($view == $r["lastView"]) return "SAME";
$q = $p->prepare("UPDATE Users SET lastView=:lastView WHERE token=:token");
$q->execute([
":token" => $token,
":lastView" => $view
]);
return true;
}

6181
phpliteadmin.php Normal file
View File

File diff suppressed because it is too large Load Diff

3
timeframes.csv Normal file
View File

@ -0,0 +1,3 @@
Giorno,Inizio,Fine,Blocco
0,600,675,540
1,672,795,610
1 Giorno Inizio Fine Blocco
2 0 600 675 540
3 1 672 795 610

1299
ui.php Normal file
View File

File diff suppressed because it is too large Load Diff