function rent($userId, $bike, $force = FALSE) { global $db, $forcestack, $watches, $credit; $stacktopbike = FALSE; $bikeNum = $bike; $requiredcredit = $credit["min"] + $credit["rent"] + $credit["longrental"]; $creditcheck = checkrequiredcredit($userId); if ($creditcheck === FALSE) { response(_('You are below required credit') . " " . $requiredcredit . $credit["currency"] . ". " . _('Please, recharge your credit.'), ERROR); } checktoomany(0, $userId); $result = $db->query("SELECT count(*) as countRented FROM bikes where currentUser={$userId}"); $row = $result->fetch_assoc(); $countRented = $row["countRented"]; $result = $db->query("SELECT userLimit FROM limits where userId={$userId}"); $row = $result->fetch_assoc(); $limit = $row["userLimit"]; if ($countRented >= $limit) { if ($limit == 0) { response(_('You can not rent any bikes. Contact the admins to lift the ban.'), ERROR); } elseif ($limit == 1) { response(_('You can only rent') . " " . sprintf(ngettext('%d bike', '%d bikes', $limit), $limit) . " " . _('at once') . ".", ERROR); } else { response(_('You can only rent') . " " . sprintf(ngettext('%d bike', '%d bikes', $limit), $limit) . " " . _('at once and you have already rented') . " " . $limit . ".", ERROR); } } if ($forcestack or $watches["stack"]) { $result = $db->query("SELECT currentStand FROM bikes WHERE bikeNum='{$bike}'"); $row = $result->fetch_assoc(); $standid = $row["currentStand"]; $stacktopbike = checktopofstack($standid); if ($watches["stack"] and $stacktopbike != $bike) { $result = $db->query("SELECT standName FROM stands WHERE standId='{$standid}'"); $row = $result->fetch_assoc(); $stand = $row["standName"]; $user = getusername($userId); notifyAdmins(_('Bike') . " " . $bike . " " . _('rented out of stack by') . " " . $user . ". " . $stacktopbike . " " . _('was on the top of the stack at') . " " . $stand . ".", ERROR); } if ($forcestack and $stacktopbike != $bike) { response(_('Bike') . " " . $bike . " " . _('is not rentable now, you have to rent bike') . " " . $stacktopbike . " " . _('from this stand') . ".", ERROR); } } $result = $db->query("SELECT currentUser,currentCode FROM bikes WHERE bikeNum={$bikeNum}"); $row = $result->fetch_assoc(); $currentCode = sprintf("%04d", $row["currentCode"]); $currentUser = $row["currentUser"]; $result = $db->query("SELECT note FROM notes WHERE bikeNum='{$bikeNum}' ORDER BY time DESC"); $note = ""; while ($row = $result->fetch_assoc()) { $note .= $row["note"] . "; "; } $note = substr($note, 0, strlen($note) - 2); // remove last two chars - comma and space $newCode = sprintf("%04d", rand(100, 9900)); //do not create a code with more than one leading zero or more than two leading 9s (kind of unusual/unsafe). if ($currentUser == $userId) { response(_('You have already rented the bike') . ' ' . $bikeNum . '. ' . _('Code is') . ' <span class="label label-primary">' . $currentCode . '</span>. ' . _('Return bike by scanning QR code on a stand') . '.', ERROR); return; } if ($currentUser != 0) { response(_('Bike') . " " . $bikeNum . " " . _('is already rented') . ".", ERROR); return; } $message = '<h3>' . _('Bike') . ' ' . $bikeNum . ': <span class="label label-primary">' . _('Open with code') . ' ' . $currentCode . '.</span></h3>' . _('Change code immediately to') . ' <span class="label label-default">' . $newCode . '</span><br />' . _('(open, rotate metal part, set new code, rotate metal part back)') . '.'; if ($note) { $message .= "<br />" . _('Reported issue:') . " <em>" . $note . "</em>"; } $result = $db->query("UPDATE bikes SET currentUser={$userId},currentCode={$newCode},currentStand=NULL WHERE bikeNum={$bikeNum}"); $result = $db->query("INSERT INTO history SET userId={$userId},bikeNum={$bikeNum},action='RENT',parameter={$newCode}"); response($message); }
function note($number, $bikeNum, $message) { global $db; $userId = getUser($number); $bikeNum = trim($bikeNum); if (preg_match("/^[0-9]*\$/", $bikeNum)) { $bikeNum = intval($bikeNum); } else { if (preg_match("/^[A-Z]+[0-9]*\$/i", $bikeNum)) { $standName = $bikeNum; standnote($number, $standName, $message); return; } else { sendSMS($number, _('Error in bike number / stand name specification:' . $db->conn->real_escape_string($bikeNum))); return; } } $bikeNum = intval($bikeNum); $result = $db->query("SELECT number,userName,stands.standName FROM bikes LEFT JOIN users on bikes.currentUser=users.userID LEFT JOIN stands on bikes.currentStand=stands.standId where bikeNum={$bikeNum}"); if ($result->num_rows != 1) { sendSMS($number, _('Bike') . " " . $bikeNum . " " . _('does not exist') . "."); return; } $row = $result->fetch_assoc(); $phone = $row["number"]; $userName = $row["userName"]; $standName = $row["standName"]; if ($standName != NULL) { $bikeStatus = "B.{$bikeNum} " . _('is at') . " " . $standName . "."; } else { $bikeStatus = "B.{$bikeNum} " . _('is rented') . " by " . $userName . " (+" . $phone . ")."; } $result = $db->query("SELECT userName from users where number={$number}"); $row = $result->fetch_assoc(); $reportedBy = $row["userName"]; if (trim(strtoupper(preg_replace('/[0-9]+/', '', $message))) == "NOTE") { $userNote = ""; } else { $matches = explode(" ", $message, 3); $userNote = $db->conn->real_escape_string(trim($matches[2])); } if ($userNote == "") { sendSMS($number, _('Empty note for bike') . " " . $bikeNum . " " . _('not saved, for deleting notes use DELNOTE (for admins)') . "."); /*checkUserPrivileges($number); sendSMS($number,_('Empty note for bike')." ".$bikeNum." "._('not saved, for deleting notes use DELNOTE.')."."); // @TODO remove SMS from deleting completely? $result=$db->query("UPDATE bikes SET note=NULL where bikeNum=$bikeNum"); //only admins can delete and those will receive the confirmation in the next step. //sendSMS($number,"Note for bike $bikeNum deleted."); notifyAdmins(_('Note for bike')." ".$bikeNum." "._('deleted by')." ".$reportedBy."."); */ } else { $db->query("INSERT INTO notes SET bikeNum='{$bikeNum}',userId='{$userId}',note='{$userNote}'"); $noteid = $db->conn->insert_id; sendSMS($number, _('Note for bike') . " " . $bikeNum . " " . _('saved') . "."); notifyAdmins(_('Note #') . $noteid . ": b." . $bikeNum . " (" . $bikeStatus . ") " . _('by') . " " . $reportedBy . " (" . $number . "):" . $userNote); } }
function addnote($userId, $bikeNum, $message) { global $db; $userNote = $db->conn->real_escape_string(trim($message)); $result = $db->query("SELECT userName,number from users where userId='{$userId}'"); $row = $result->fetch_assoc(); $userName = $row["userName"]; $phone = $row["number"]; $result = $db->query("SELECT stands.standName FROM bikes LEFT JOIN users on bikes.currentUser=users.userID LEFT JOIN stands on bikes.currentStand=stands.standId WHERE bikeNum={$bikeNum}"); $row = $result->fetch_assoc(); $standName = $row["standName"]; if ($standName != NULL) { $bikeStatus = _('at') . " " . $standName; } else { $bikeStatus = _('used by') . " " . $userName . " +" . $phone; } $db->query("INSERT INTO notes SET bikeNum='{$bikeNum}',userId='{$userId}',note='{$userNote}'"); $noteid = $db->conn->insert_id; notifyAdmins(_('Note #') . $noteid . ": b." . $bikeNum . " (" . $bikeStatus . ") " . _('by') . " " . $userName . "/" . $phone . ":" . $userNote); }
function checktoomany($cron = 1, $userid = 0) { global $db, $watches; $abusers = ""; $found = 0; if ($cron) { $result = $db->query("SELECT users.userId,userName,userLimit FROM users LEFT JOIN limits ON users.userId=limits.userId"); while ($row = $result->fetch_assoc()) { $userid = $row["userId"]; $username = $row["userName"]; $userlimit = $row["userLimit"]; $currenttime = date("Y-m-d H:i:s", time() - $watches["timetoomany"] * 3600); $result2 = $db->query("SELECT bikeNum FROM history WHERE userId={$userid} AND action='RENT' AND time>'{$currenttime}'"); if ($result2->num_rows >= $userlimit + $watches["numbertoomany"]) { $abusers .= " " . $result2->num_rows . " (" . _('limit') . " " . $userlimit . ") " . _('by') . " " . $username . ","; $found = 1; } } } else { $result = $db->query("SELECT users.userId,userName,userLimit FROM users LEFT JOIN limits ON users.userId=limits.userId WHERE users.userId={$userid}"); $row = $result->fetch_assoc(); $username = $row["userName"]; $userlimit = $row["userLimit"]; $currenttime = date("Y-m-d H:i:s", time() - $watches["timetoomany"] * 3600); $result = $db->query("SELECT bikeNum FROM history WHERE userId={$userid} AND action='RENT' AND time>'{$currenttime}'"); if ($result->num_rows >= $userlimit + $watches["numbertoomany"]) { $abusers .= " " . $result->num_rows . " (" . _('limit') . " " . $userlimit . ") " . _('by') . " " . $username . ","; $found = 1; } } if ($found) { $abusers = substr($abusers, 0, strlen($abusers) - 1); notifyAdmins(_('Over limit in') . " " . $watches["timetoomany"] . " " . _('hs') . ":" . $abusers); } }
function checktoomany($cron = 1, $userid = 0) { global $watches; $abusers = ""; $found = 0; if ($cron) { $rows = R::getAll('SELECT * FROM users LEFT JOIN limits ON users.id=limits.userid'); $users = R::convertToBeans('users', $rows); if (!empty($users)) { foreach ($users as $user) { $numberofrentals = R::count('history', 'userid=:userid AND action=:action AND time>:time', [':userid' => $user->id, ':action' => 'RENT', 'time' => date("Y-m-d H:i:s", time() - $watches["timetoomany"] * 3600)]); if ($numberofrentals >= $userlimit + $watches["numbertoomany"]) { $abusers .= " " . $numberofrentals . " (" . _('limit') . " " . $user->userlimit . ") " . _('by') . " " . $user->username . ","; $found = 1; } } } } else { $rows = R::getAll('SELECT * FROM users LEFT JOIN limits ON users.id=limits.userid WHERE users.id=?', [$userid]); $users = R::convertToBeans('users', $rows); if (!empty($users)) { foreach ($users as $user) { $numberofrentals = R::count('history', 'userid=:userid AND action=:action AND time>:time', [':userid' => $user->id, ':action' => 'RENT', 'time' => date("Y-m-d H:i:s", time() - $watches["timetoomany"] * 3600)]); if ($result->num_rows >= $userlimit + $watches["numbertoomany"]) { $abusers .= " " . $numberofrentals . " (" . _('limit') . " " . $user->userlimit . ") " . _('by') . " " . $user->username . ","; $found = 1; } } } } if ($found) { $abusers = substr($abusers, 0, strlen($abusers) - 1); notifyAdmins(_('Over limit in') . " " . $watches["timetoomany"] . " " . _('hs') . ":" . $abusers); } }