Beispiel #1
0
 public function __construct($id, CDatabaza $db)
 {
     $this->article = $id;
     $sql = "SELECT Kategoria.kategoria_id AS id, Kategoria.nazov_kategorie AS name FROM \n            (Kategoria\n            INNER JOIN\n            Prispevok\n            ON Prispevok.kategoria_id=Kategoria.kategoria_id)\n            INNER JOIN\n            Clanok\n            ON\n            Clanok.clanok_id=Prispevok.clanok_id\n            WHERE \n            Clanok.clanok_id={$id} \n            AND\n            Clanok.zobrazit=1\n            AND\n            Prispevok.zobrazit=1";
     $cats_data = $db->query($sql);
     if ($cats_data) {
         while ($cats = $cats_data->fetch_array()) {
             $idc = $cats['id'];
             $this->cats[$idc]['id'] = $idc;
             $this->cats[$idc]['name'] = $cats['name'];
         }
     } else {
         echo "nastala chyba v spojeni";
     }
     $post_select = "SELECT Prispevok.prispevok_id AS id,\n                    Prispevok.nazov_prispevku AS name,\n                    Prispevok.prispevok AS post,\n                    Prispevok.casova_znamka AS timestamp,\n                    Prispevok.kategoria_id AS cat";
     $num_rows = "SELECT Count(*) AS num";
     $from_stat = " FROM\n                    Prispevok\n              INNER JOIN\n                    Clanok\n              ON Prispevok.clanok_id=Clanok.clanok_id\n              WHERE\n                    Clanok.zobrazit=1\n              AND   \n                    Clanok.clanok_id={$id}\n              AND\n                    Prispevok.zobrazit=1";
     if (isset($_GET['kategoria'])) {
         $cat_exists = false;
         foreach ($this->cats as $cat) {
             if ($cat['id'] = $_GET['kategoria']) {
                 $cat_exists = true;
                 break;
             }
         }
         if ($cat_exists) {
             $from_stat .= " AND Prispevok.kategoria_id=" . $_GET['kategoria'];
         }
     }
     $sql = $num_rows . $from_stat;
     $num_on_page = 10;
     $this->max_page = ceil($db->query($sql)->num_rows / $num_on_page);
     $this->page = 0;
     if (empty($_GET['strana'])) {
         if ($_GET['strana'] > 0 && $_GET['strana'] <= $this->max_page) {
             $this->page = $_GET['strana'] - 1;
         }
     }
     $sql = $post_select . $from_stat . " ORDER BY Prispevok.casova_znamka DESC LIMIT " . $this->page * $num_on_page . ",{$num_on_page}";
     $post_data = $db->query($sql);
     if ($post_data) {
         while ($post = $post_data->fetch_array()) {
             $id = $post['id'];
             $this->posts[$id]['id'] = $id;
             $this->posts[$id]['name'] = $post['name'];
             $this->posts[$id]['post'] = $post['post'];
             $this->posts[$id]['day'] = date("j.n.Y", $post['timestamp']);
             $this->posts[$id]['cat'] = $post['cat'];
         }
     }
 }
Beispiel #2
0
 public function __construct()
 {
     if (!isset($_SESSION['user'])) {
         return;
     }
     $user = $_SESSION['user'];
     $hasInfo = true;
     //ziska informacie z databazy
     $data = CDatabaza::getInstance();
     $data->connect();
     $rights = new UserRights($data);
     //ziska uzivatelske prava
     if (mysqli_num_rows($data->query("SELECT * FROM Uzivatel_info WHERE uzivatel_id={$user}")) == 0) {
         $hasInfo = false;
     }
     $data->close();
     //prida polia hlavneho menu na zaklade uzivatelskych prav
     $this->addItem("Domov", ProgramManager::getId("Intro"));
     if ($hasInfo) {
         $this->addItem("Môj profil", ProgramManager::getId("User_info"));
     }
     if ($rights->approved('EDIT_USERS')) {
         $this->addItem("Užívatelia", ProgramManager::getId("Users"));
     }
     if ($rights->approved('EDIT_ENUMS')) {
         $this->addItem("Rubriky", ProgramManager::getId("Topics"));
     }
     $this->addItem("Články", ProgramManager::getId("Article_list"));
     //$this->addItem("Príspevky", 0);
     //$this->addItem("Nastavenia", 0);
     //$this->addItem("Odhlásiť","?id=".ProgramManager::getId("Login")."&func=logout",0);
     $this->displayed = true;
 }
Beispiel #3
0
 public function __construct(CDatabaza $data, $user = null)
 {
     $user_id = "";
     if ($user == null) {
         if (empty($_SESSION['user'])) {
             return;
         }
         $user_id = $_SESSION['user'];
     } else {
         $user_id = $user;
     }
     //ziska informacie z databazy
     $connected = $data->connected();
     if (!$connected) {
         $data->connect();
     }
     if (!$data->connected()) {
         return;
     }
     $sql = "SELECT pristupove_prava FROM Uzivatel WHERE uzivatel_id='{$user_id}'";
     $query = $data->query($sql);
     $result = mysqli_fetch_array($query);
     $user_rights = explode(",", $result['pristupove_prava']);
     //nacita udaje z databazy a ulozi ich do premennej $rights
     for ($i = 0; isset($user_rights[$i]); $i++) {
         $res = $user_rights[$i];
         $res = trim($res);
         $this->rights[$res] = true;
     }
     if (!$connected) {
         $data->close();
     }
 }
Beispiel #4
0
 protected function login_func()
 {
     //connect to database
     $data = CDatabaza::getInstance();
     $data->connect();
     if (!$data->connected()) {
         //if connection failed display error message
         $this->db = false;
         $this->success = false;
         $this->error_msg = "Nemôžem sa pripojiť na databázu.";
         return;
     }
     //retrieve posted login information
     $login = "";
     $psswd = "";
     if (empty($_POST['usr_name']) || empty($_POST['psswd'])) {
         $this->success = false;
         $this->error_msg = "Zadaj prihlasovacie meno a heslo.";
         $data->close();
         return;
     }
     if (get_magic_quotes_gpc()) {
         $_GET = array_map('stripslashes', $_GET);
         $_POST = array_map('stripslashes', $_POST);
     }
     //escape login name
     $login = addslashes($data->escape_string($_POST['usr_name']));
     $psswd = addslashes($data->escape_string($_POST['psswd']));
     $psswd = md5($psswd);
     //select table which contains user information
     $table = "Uzivatel";
     //selects data from user table
     $sql = "SELECT * FROM {$table} WHERE prihlasovacie_meno='{$login}' AND heslo='{$psswd}'";
     $result = $data->query($sql);
     //if exists one record, login is successfull else login failed
     if (mysqli_num_rows($result) != 1) {
         $data->close();
         $this->success = false;
         $this->error_msg = "Pokus o neoprávnený prístup do redakcie.";
         return;
     }
     //get user id from table and store it into session
     $user = mysqli_fetch_array($result);
     $_SESSION['user'] = $user['uzivatel_id'];
     setcookie('user', $user['uzivatel_id']);
     $data->close();
     //after succesfull login switch to intro program
     //header ("Location: ./?id=".ProgramManager::getId("Intro"));
     header("Location: ./");
     exit;
 }
Beispiel #5
0
 public final function execute()
 {
     /*
      * kontroly funkcii
      */
     //prednastavena hodnota premnnej enabled je false
     if (empty($this->enabled)) {
         $this->enabled = false;
     }
     //zisti ci bola zadana funkcia
     if (empty($_GET['func'])) {
         $this->setMsg(false, "Nebola zadaná žiadna funkcia");
         return;
     }
     //zisti, ci zadana funkcia existuje
     if (empty($this->functions[$_GET['func']])) {
         $this->setMsg(false, "Zadaná funkcia neexistuje");
         return;
     }
     //kontrola identifikatora formulara
     if (!empty($_POST['nonce']) && !Nonce::checkNonce($_POST['nonce'])) {
         $this->setMsg(false, "Neplatný formulár.");
         return;
     }
     //pripojenie na databazu
     $db = CDatabaza::getInstance();
     //zisti, ci sa uskutocnilo spojenie s databazou
     if (empty($db)) {
         $this->setMsg(false, "Spojenie s databázou zlyhalo");
         return;
     }
     //skontoluje, ci je mozne spustit modul
     if (!$this->enabled) {
         $this->setMsg(false, "Nemáte oprávnenie na zmenu záznamov");
         return;
     }
     //spusti vybranu funkciu zvoleneho modulu
     $call = $this->functions[$_GET['func']]['execute'];
     $this->{$call}();
 }
Beispiel #6
0
 private function initialize()
 {
     $data = CDatabaza::getInstance();
     $connected = $data->connected();
     if (!$connected) {
         $data->connect();
     }
     $sql = "SELECT * FROM Uzivatel INNER JOIN Uzivatel_info ON Uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n            WHERE Uzivatel.uzivatel_id<>" . $_SESSION['user'];
     $query = $data->query($sql);
     if ($query) {
         while ($user = $query->fetch_array()) {
             $id = $user['uzivatel_id'];
             $this->users[$id]['id'] = $id;
             $this->users[$id]['login'] = $user['prihlasovacie_meno'];
             $this->users[$id]['name'] = $user['meno'];
             $this->users[$id]['surname'] = $user['priezvisko'];
             $this->users[$id]['class'] = $user['trieda'];
             $this->users[$id]['rights'] = $user['pristupove_prava'];
         }
     }
     if (!$connected) {
         $data->close();
     }
 }
Beispiel #7
0
 private function initialize()
 {
     $data = CDatabaza::getInstance();
     $connected = $data->connected();
     if (!$connected) {
         $data->connect();
     }
     $article_id = "";
     if (!empty($_GET['article_id'])) {
         $article_id = $data->escape_string($_GET['article_id']);
     } else {
         $article_id = $data->escape_string($_POST['article_id']);
     }
     $this->accessRights = new UserRights($data);
     $sql = "";
     if ($this->accessRights->approved("EDIT_ALL")) {
         $sql = "SELECT * FROM \n                (\n                Clanok \n                INNER JOIN \n                Typ_clanku \n                ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n                )\n                INNER JOIN\n                Rubrika\n                ON\n                Rubrika.rubrika_id=Clanok.rubrika_id\n                WHERE Clanok.clanok_id={$article_id}";
     } else {
         $sql = "SELECT * FROM \n                ((\n                Clanok \n                INNER JOIN \n                Typ_clanku \n                ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n                )\n                INNER JOIN\n                Rubrika\n                ON\n                Rubrika.rubrika_id=Clanok.rubrika_id\n                )\n                INNER JOIN \n                Clanok_uzivatel \n                ON Clanok.clanok_id=Clanok_uzivatel.clanok_id\n                WHERE Clanok_uzivatel.uzivatel_id=" . $_SESSION['user'] . "\n                    AND Clanok.clanok_id={$article_id}";
     }
     $article = $data->query($sql);
     if (!empty($article->num_rows)) {
         $art_data = $article->fetch_array();
         $this->article['id'] = $art_data['clanok_id'];
         $this->article['nazov'] = $art_data['nazov_clanku'];
         $this->article['typ'] = $art_data['nazov'];
         $this->article['rubrika'] = $art_data['nazov_rubriky'];
         $this->article['zobrazit'] = $art_data['zobrazit'];
         $this->article['cas'] = $art_data['casova_znamka'];
         $sql = "SELECT * FROM Clanok_uzivatel \n                    INNER JOIN Uzivatel_info\n                    ON Clanok_uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n                    WHERE Clanok_uzivatel.clanok_id=" . $this->article['id'];
         $users = $data->query($sql);
         if ($users) {
             while ($user = $users->fetch_array()) {
                 $id = $user['uzivatel_id'];
                 $this->users[$id]['id'] = $id;
                 $this->users[$id]['name'] = $user['meno'];
                 $this->users[$id]['surname'] = $user['priezvisko'];
                 $this->users[$id]['class'] = $user['trieda'];
             }
         }
     }
     if (!$connected) {
         $data->close();
     }
 }
Beispiel #8
0
 private function readPost(CDatabaza $db, $id)
 {
     $sql = "SELECT prispevok FROM Prispevok WHERE clanok_id={$id} ORDER BY casova_znamka DESC LIMIT 0,1";
     $query = $db->query($sql);
     $post = $query->fetch_array();
     $this->articles[$id]['post'] = $post['prispevok'];
 }
Beispiel #9
0
 private function readPosts()
 {
     if (!empty($this->posts)) {
         return;
     }
     $data = CDatabaza::getInstance();
     $connected = $data->connected();
     if (!$connected) {
         $data->connect();
     }
     //$post_id=$data->escape_string($post_id);
     $sql = "SELECT * FROM Prispevok WHERE clanok_id=" . $this->article['id'];
     if (!$this->accessRights->approved("EDIT_ALL")) {
         $sql = $sql . " AND uzivatel_id=" . $_SESSION['user'];
     }
     $filters = $this->getFilters();
     if ($filters) {
         $sql = $sql . " AND " . $filters;
     }
     $posts = $data->query($sql);
     if ($posts) {
         while ($post = $posts->fetch_array()) {
             $id = $post['prispevok_id'];
             $this->posts[$id]['id'] = $id;
             $this->posts[$id]['cat_id'] = $post['kategoria_id'];
             $this->posts[$id]['name'] = $post['nazov_prispevku'];
             $this->posts[$id]['post'] = $post['prispevok'];
             $this->posts[$id]['time'] = $post['casova_znamka'];
             $this->posts[$id]['released'] = $post['zobrazit'];
         }
     }
     $sql = "SELECT * FROM Kategoria";
     $cats = $data->query($sql);
     if ($posts) {
         while ($cat = $cats->fetch_array()) {
             $id = $cat['kategoria_id'];
             $this->categories[$id]['id'] = $id;
             $this->categories[$id]['name'] = $cat['nazov_kategorie'];
         }
     }
     if (!$connected) {
         $data->close();
     }
 }
Beispiel #10
0
<?php

//error_reporting(E_ALL);
//ini_set("display_errors", 1);
$homedir = dirname(__FILE__) . "/classes/";
require_once $homedir . "display.php";
require_once $homedir . "DisplayModule.php";
require_once $homedir . "Menu.php";
require_once $homedir . "News.php";
require_once dirname(__FILE__) . "/redakcia/classes/utils/CDatabaza.php";
$label = "Domov";
//pripojenie na databazu
$db = CDatabaza::getInstance();
if (empty($db)) {
    die("Nemozem sa pripojit na server");
}
$db->connect();
$menu = new Menu($db);
$news = new News($db);
$program = null;
$style = false;
if (isset($_GET['rubrika'])) {
    require_once $homedir . "modules/Topic.php";
    $program = new Topic($db);
    $program->setHome(dirname(__FILE__));
    $label = $program->label();
    $style = "topics.css";
} else {
    if (isset($_GET['clanok'])) {
        require_once $homedir . "modules/Article_manager.php";
        $program = new Article_manager($db, dirname(__FILE__));
Beispiel #11
0
 private function initialize()
 {
     $data = new DBQuery(CDatabaza::getInstance());
     //zakladne nastavenie zobrazenia
     $this->orders['theme']['key'] = "tema_id";
     $this->orders['theme']['order'] = "DESC";
     $this->orders['topic']['key'] = "rubrika_id";
     $this->orders['topic']['order'] = "DESC";
     /*nastavi usporiadanie zaznamov v tabulke*/
     //pole zoradienia temy
     if (isset($_GET['theme_key'])) {
         $key = $_GET['theme_key'];
         if (!strcmp($key, 'id')) {
             $this->orders['theme']['key'] = "tema_id";
         } else {
             if (!strcmp($key, 'name')) {
                 $this->orders['theme']['key'] = "nazov_temy";
             }
         }
     }
     //poradie zoradenia temy
     if (isset($_GET['theme_order'])) {
         if (!strcmp($_GET['theme_order'], "ASC")) {
             $this->orders['theme']['order'] = "ASC";
         }
     }
     if (isset($_GET['topic_key'])) {
         $key = $_GET['topic_key'];
         if (!strcmp($key, 'id')) {
             $this->orders['topic']['key'] = "rubrika_id";
         } else {
             if (!strcmp($key, 'name')) {
                 $this->orders['topic']['key'] = "nazov_rubriky";
             } else {
                 if (!strcmp($key, 'theme')) {
                     $this->orders['topic']['key'] = "tema_id";
                 }
             }
         }
     }
     if (isset($_GET['topic_order'])) {
         if (!strcmp($_GET['topic_order'], "ASC")) {
             $this->orders['topic']['order'] = "ASC";
         }
     }
     $data->setTable("Tema");
     $data->setOrder($this->orders['theme']['key'], $this->orders['theme']['order']);
     $themes = $data->queryDB("select");
     while ($theme = $themes->fetch_array()) {
         $id = $theme['tema_id'];
         $name = $theme['nazov_temy'];
         $this->themes[$id]['id'] = $id;
         $this->themes[$id]['name'] = $name;
     }
     $data->setTable("Rubrika");
     $data->setOrder($this->orders['topic']['key'], $this->orders['topic']['order']);
     $topics = $data->queryDB("select");
     while ($topic = $topics->fetch_array()) {
         $id = $topic['rubrika_id'];
         $name = $topic['nazov_rubriky'];
         $theme = $topic['tema_id'];
         $this->topics[$id]['id'] = $id;
         $this->topics[$id]['name'] = $name;
         $this->topics[$id]['theme'] = $theme;
     }
 }
Beispiel #12
0
<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>
        <?php 
error_reporting(E_ALL);
ini_set("display_errors", 1);
include dirname(__FILE__) . '/classes/utils/CDatabaza.php';
CDatabaza::createDB("casopis", "root", "zelgadis", "localhost");
?>
    </body>
</html>
Beispiel #13
0
and open the template in the editor.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php 
//session_start();
if (!isset($_COOKIE['user'])) {
    echo "Nie je prihlásený žiaden užívateľ.";
    exit;
}
if (!isset($_GET['article_id'])) {
    echo "Nie je zadaný žiaden článok";
    exit;
}
require dirname(__FILE__) . "/../../classes/utils/CDatabaza.php";
require dirname(__FILE__) . "/../../classes/utils/UserRights.php";
$data = CDatabaza::getInstance();
if (!$data) {
    exit("Nemozem sa pripojit na databazu");
}
$data->connect();
$clanok = $data->escape_string($_GET['article_id']);
$user = new UserRights($data, $_COOKIE['user']);
$sql = "SELECT * FROM Clanok_uzivatel WHERE clanok_id={$clanok} AND uzivatel_id=" . $_COOKIE['user'];
$query = $data->query($sql);
if (!$query) {
    echo "Chyba v pripojení na databázu";
    $data->close();
    exit;
}
if (!$query->num_rows && !$user->approved('EDIT_ALL')) {
    echo "Nemáte oprávnenie na prezeranie obsahu. Prístup zamietnutý.";
Beispiel #14
0
 private function initialize()
 {
     $data = new DBQuery(CDatabaza::getInstance());
     $data->setTable("Uzivatel_info");
     $data->setRecord("uzivatel_id", $_SESSION['user']);
     $query = $data->queryDB("select");
     if ($query) {
         $usr_nfo = $query->fetch_array();
         $this->user_info['name'] = $usr_nfo['meno'];
         $this->user_info['surname'] = $usr_nfo['priezvisko'];
         $this->user_info['class'] = $usr_nfo['trieda'];
     }
 }
Beispiel #15
0
 private function display_filters()
 {
     $data = new DBQuery(CDatabaza::getInstance());
     echo "<script type='text/javascript'></script>";
     echo "<form id='filters'>";
     echo "<span class='label'>Hľadaj článok: </span><input id='name' type='text' name='nazov' /><br/>";
     echo "<span class='label'>Zverejnené: </span><select id='zverejnit' name='released'>";
     echo "<option value=''>Všetko</option><option value='1'>Áno</option><option value='0'>Nie</option></select> ";
     echo "<span class='label'>Rubrika: </span><select id='rubrika' name='topic'>";
     echo "<option value=''>Všetko</option>";
     $data->setTable('Rubrika');
     $query = $data->queryDB('select');
     while ($rubrika = $query->fetch_array()) {
         echo "<option value='" . $rubrika['rubrika_id'] . "'>";
         echo $rubrika['nazov_rubriky'];
         echo "</option>";
     }
     echo "</select>";
     echo "<span class='label'>Typ: </span><select id='typ' name='type'>";
     echo "<option value=''>Všetko</option>";
     $data->setTable('Typ_clanku');
     $query = $data->queryDB('select');
     while ($typ = $query->fetch_array()) {
         echo "<option value='" . $typ['typ_clanku_id'] . "'>";
         echo $typ['nazov'];
         echo "</option>";
     }
     echo "</select>";
     echo "</form>";
     echo "<div id='article_list'></div id='article_list'>";
     echo "";
     echo "<script type='text/javascript'>";
     echo "function filters_load(){";
     echo "\$('#filters').submit(function(e){e.preventDefault();});";
     echo "filter_manager.set_manager('article_list'," . $this->getProgramID() . ");";
     echo "filter_manager.add('name');";
     echo "filter_manager.add('zverejnit');";
     echo "filter_manager.add('rubrika');";
     echo "filter_manager.add('typ');";
     echo "filter_manager.set_max_page({$this->max_page});";
     echo "filter_manager.apply();}";
     /*
             echo "content='article_list';program=".$this->getProgramID().";";
             echo "apply_filter();";
             echo "add_filter('name');";
             echo "add_filter('zverejnit');";
             echo "add_filter('rubrika');";
             echo "add_filter('typ');}";
     * 
     */
     echo "if(typeof filter_manager!='undefined') filters_load();";
     echo "else scriptloader.load_script('redakcia/scripts/filters.js','js',filters_load);";
     echo "scriptloader.load_script('redakcia/styles/article_list.css','css');";
     echo "scriptloader.load_script('redakcia/styles/topics.css','css');";
     //echo "$('#article_list').load('./request/main.php?id=".$this->getProgramID()."&mode=display');";
     echo "</script>";
 }