-
Notifications
You must be signed in to change notification settings - Fork 0
/
actions-qrcode.php
253 lines (219 loc) · 9.63 KB
/
actions-qrcode.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
<?php
require("common.php");
function response($message,$error=0,$log=1)
{
global $db,$systemname,$systemURL;
$message=$db->conn->real_escape_string(trim($message));
$error=$db->conn->real_escape_string(trim($error));
$log=$db->conn->real_escape_string(trim($log));
if ($log==1 AND $message)
{
if (isset($_COOKIE["loguserid"]))
{
$userid=$db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
}
else $userid=0;
$number=getphonenumber($userid);
logresult($number,$message);
}
$db->conn->commit();
echo '<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>',$systemname,'</title>';
echo '<base href="',$systemURL,'" />';
echo '<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css" />';
echo '<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.min.css" />';
if (file_exists("analytics.php")) require("analytics.php");
echo '</head><body><div class="container">';
if ($error)
{
echo '<div class="alert alert-danger" role="alert">',$message,'</div>';
}
else
{
echo '<div class="alert alert-success" role="alert">',$message,'</div>';
}
echo '</div></body></html>';
exit;
}
function rent($userId,$bike,$force=FALSE)
{
global $db,$forcestack,$watches,$credit;
$userId=$db->conn->real_escape_string(trim($userId));
$userId=$db->conn->real_escape_string(trim($userId));
$bike=$db->conn->real_escape_string(trim($bike));
$force=$db->conn->real_escape_string(trim($force));
$stacktopbike=FALSE;
$bikeNum = $bike;
$requiredcredit=$credit["min"]+$credit["rent"]+$credit["longrental"];
$creditcheck=checkrequiredcredit($userId);
if ($creditcheck===FALSE)
{
response(_('You are below required credit')." ".$requiredcredit.$credit["currency"].". "._('Please, recharge your credit.'),ERROR);
}
checktoomany(0,$userId);
$result=$db->query("SELECT count(*) as countRented FROM bikes where currentUser='$userId'");
$row = $result->fetch_assoc();
$countRented = $row["countRented"];
$result=$db->query("SELECT userLimit FROM limits where userId='$userId'");
$row = $result->fetch_assoc();
$limit = $row["userLimit"];
if ($countRented>=$limit)
{
if ($limit==0)
{
response(_('You can not rent any bikes. Contact the admins to lift the ban.'),ERROR);
}
elseif ($limit==1)
{
response(_('You can only rent')." ".sprintf(ngettext('%d bike','%d bikes',$limit),$limit)." "._('at once').".",ERROR);
}
else
{
response(_('You can only rent')." ".sprintf(ngettext('%d bike','%d bikes',$limit),$limit)." "._('at once and you have already rented')." ".$limit.".",ERROR);
}
}
// check if shared bike
$result=$db->query("SELECT shared FROM bikes WHERE bikeNum='$bike'");
$row=$result->fetch_assoc();
$shared=$row["shared"];
// get userphone
$result=$db->query("SELECT number FROM users WHERE userId='$userId'");
$row=$result->fetch_assoc();
$userphone=$row["number"];
// get usermail domain
$result=$db->query("SELECT mail FROM users WHERE userId='$userId'");
$row=$result->fetch_assoc();
$usermail=$row["mail"];
$usermaildomain=substr(strrchr($usermail, "@"), 1);
$result4=$db->query("SELECT phone1, phone2, phone3, email FROM sharing WHERE bikeNum='$bikeNum'");
$row=$result4->fetch_assoc();
if ($shared==1 and !in_array($userphone, $row) and !in_array($usermaildomain, $row))
{
response(_('This bike is only available for friends / collegues of the owner.'),ERROR);
}
if ($forcestack OR $watches["stack"])
{
$result=$db->query("SELECT currentStand FROM bikes WHERE bikeNum='$bike'");
$row=$result->fetch_assoc();
$standid=$row["currentStand"];
$stacktopbike=checktopofstack($standid);
if ($watches["stack"] AND $stacktopbike<>$bike)
{
$result=$db->query("SELECT standName FROM stands WHERE standId='$standid'");
$row=$result->fetch_assoc();
$stand=$row["standName"];
$user=getusername($userId);
notifyAdmins(_('Bike')." ".$bike." "._('rented out of stack by')." ".$user.". ".$stacktopbike." "._('was on the top of the stack at')." ".$stand.".",ERROR);
}
if ($forcestack AND $stacktopbike<>$bike)
{
response(_('Bike')." ".$bike." "._('is not rentable now, you have to rent bike')." ".$stacktopbike." "._('from this stand').".",ERROR);
}
}
$result=$db->query("SELECT currentUser,currentCode,bikelock FROM bikes WHERE bikeNum='$bikeNum'");
$row=$result->fetch_assoc();
$currentCode=sprintf("%04d",$row["currentCode"]);
$currentUser=$row["currentUser"];
$bikelock=$row["bikelock"];
$result=$db->query("SELECT note FROM notes WHERE bikeNum='$bikeNum' ORDER BY time DESC");
$note="";
while ($row=$result->fetch_assoc())
{
$note.=$row["note"]."; ";
}
$note=substr($note,0,strlen($note)-2); // remove last two chars - comma and space
$codereset=sprintf("%04d",rand(1,4));
if ($codereset == 5)
{
{ $newCode = sprintf("%04d",rand(100,9900));
}
}
if ($codereset != 5)
{
{ $newCode=$currentCode;
}
}
// do not create a code with more than one leading zero or more than two leading 9s (kind of unusual/unsafe).
// do not create a code with more than one leading zero or more than two leading 9s (kind of unusual/unsafe).
if ($currentUser==$userId)
{
response(_('You have already rented the bike').' '.$bikeNum.'. '._('Code is').' <span class="label label-primary">'.$currentCode.'</span>. '._('Return bike by scanning QR code on a stand').'.',ERROR);
return;
}
if ($currentUser!=0)
{
response(_('Bike')." ".$bikeNum." "._('is already rented').".",ERROR);
return;
}
if ($codereset == 5)
{
{ $message='<h3>'._('Bike').' '.$bikeNum.': <span class="label label-primary">'._('Open with code').' '.$currentCode.'.</span></h3>'._('Change code immediately to').' <span class="label label-default">'.$newCode.'</span><br />'._('(open, move pin on the bottom to position B, set new code, move pin back to position A)').'.';
}
}
if ($codereset != 5)
{
{
if ($currentCode != 0 and $bikelock==0)
{
$message='<h3>'._('Bike').' '.$bikeNum.': <span class="label label-primary">'._('Open digit lock with code').' '.$currentCode.'.</span></h3> .';
}
if ($currentCode != 0 and $bikelock!=0)
{
$message='<h3>'._('Bike').' '.$bikeNum.': <span class="label label-primary">'._('Open smart lock with app and digit lock with code').' '.$currentCode.'.</span></h3> .';
}
if ($currentCode == 0 and $bikelock!=0)
{
$message='<h3>'._('Bike').' '.$bikeNum.': <span class="label label-primary">'._('Open smart lock using app').'.</span></h3>.';
}
}
}
if ($note)
{
$message.="<br />"._('Reported issue').": <em>".$note."</em>";
}
$result=$db->query("UPDATE bikes SET currentUser='$userId',currentCode='$newCode',currentStand=NULL WHERE bikeNum='$bikeNum'");
$result=$db->query("INSERT INTO history SET userId='$userId',bikeNum='$bikeNum',action='RENT',parameter='$newCode'");
response($message);
}
function returnbike($userId,$stand)
{
global $db,$connectors;
$userId=$db->conn->real_escape_string(trim($userId));
$stand=$db->conn->real_escape_string(trim($stand));
$stand=strtoupper($stand);
$result=$db->query("SELECT bikeNum FROM bikes WHERE currentUser='$userId' ORDER BY bikeNum");
$bikenumber=$result->num_rows;
if ($bikenumber==0)
{
response(_('You have no rented bikes currently.'),ERROR);
}
elseif ($bikenumber>1)
{
$message=_('You have').' '.$bikenumber.' '._('rented bikes currently. QR code return can be used only when 1 bike is rented. Please, use web');
if ($connectors["sms"]) $message.=_(' or SMS');
$message.=_(' to return the bikes.');
response($message,ERROR);
}
else
{
$result=$db->query("SELECT bikeNum,currentCode FROM bikes WHERE currentUser='$userId'");
$row=$result->fetch_assoc();
$currentCode=sprintf("%04d",$row["currentCode"]);
$bikeNum=$row["bikeNum"];
$result=$db->query("SELECT standId FROM stands where standName='$stand'");
$row = $result->fetch_assoc();
$standId = $row["standId"];
$result=$db->query("UPDATE bikes SET currentUser=NULL,currentStand='$standId' WHERE bikeNum='$bikeNum' and currentUser='$userId'");
$message = '<h3>'._('Bike').' '.$bikeNum.': <span class="label label-primary">'._('Lock with code').' '.$currentCode.'.</span></h3>';
$message.= '<br />'._('Please').', <strong>'._('rotate the lockpad to').' <span class="label label-default">0000</span></strong> '._('when leaving').'.';
$creditchange=changecreditendrental($bikeNum,$userId);
if (iscreditenabled() AND $creditchange) $message.='<br />'._('Credit change').': -'.$creditchange.getcreditcurrency().'.';
$result=$db->query("INSERT INTO history SET userId='$userId',bikeNum='$bikeNum',action='RETURN',parameter='$standId'");
response($message);
}
}
function unrecognizedqrcode($userId)
{
global $db;
response("<h3>"._('Unrecognized QR code action. Try scanning the code again or report this to the system admins.')."</h3>",ERROR);
}
?>