protected function login()
{
try {
if ($this->method == 'POST') {
$username = $this->request['username'];
$password = $this->request['password'];
if (isset($username) && isset($password)) {
if (isset($_SESSION['Token'])) {
return $_SESSION['Token'];
} else {
$user_authenticated = MyDB::getInstance()->authenticateUser($username, $password);
if ($user_authenticated) {
//$this->User->loadUser($username, $password);
$_SESSION['Token'] = uniqid();
return array('token' => $_SESSION['Token'], 'user_name' => $username);
} else {
throw new Exception('Invalid user credentials');
}
}
} else {
throw new Exception('Missing username or password');
}
} else {
throw new Exception('Wrong request type');
}
} catch (Exception $e) {
header('401 Not Authorized');
return $e->getMessage();
}
}
protected function get_token()
{
if ($this->method == 'POST') {
$username = $this->request['username'];
$password = $this->request['password'];
if (isset($username) && isset($password)) {
if (isset($_SESSION[$username])) {
return $_SESSION[$username];
} else {
$user_authenticated = MyDB::getInstance()->authenticateUser($username, $password);
if ($user_authenticated) {
//$this->User->loadUser($username, $password);
$_SESSION[$username] = uniqid();
return $_SESSION[$username];
} else {
return 'Invalid user credentials';
}
}
} else {
return 'Missing username/password';
}
} else {
return "Only accepts POST requests";
}
}
function change_pwd($oldpwd, $newpwd, $newpwd_r)
{
if ($newpwd != $newpwd_r) {
return 1;
}
return MyDB::getInstance()->change_passwd($_SESSION['u_login'], $oldpwd, $newpwd) == TRUE ? 0 : 1;
}
function getXmlNews()
{
$d = new DomDocument('1.0', 'utf-8');
$root_e = $d->createElement('news');
foreach (MyDB::getInstance()->getResults(MyDB::getQuery(SELECT_NEWS)) as $row) {
$item_e = $d->createElement('item', $row['obsah']);
$item_e->setAttribute('date', $row['datum']);
$root_e->appendChild($item_e);
}
$d->appendChild($root_e);
return $d->saveXML();
}
function getXmlUsers()
{
$d = new DomDocument('1.0', 'utf-8');
$root_e = $d->createElement('users');
foreach (MyDB::getInstance()->getResults("SELECT id, login, jmeno, telefon, mail, role FROM uzivatele;") as $user) {
$user_e = $d->createElement('user');
$user_e->setAttribute('id', $user['id']);
$user_e->setAttribute('login', $user['login']);
$user_e->setAttribute('jmeno', $user['jmeno']);
$user_e->setAttribute('telefon', $user['telefon']);
$user_e->setAttribute('mail', $user['mail']);
$user_e->setAttribute('role', $user['role']);
$root_e->appendChild($user_e);
}
$d->appendChild($root_e);
return $d->saveXML();
}
function login($uname, $upwd)
{
if (!preg_match('/^[-._@0-9a-zA-Z]+$/', $uname)) {
return false;
}
$authz = MyDB::getInstance()->authenticate($uname, $upwd);
if (empty($authz)) {
return false;
}
session_regenerate_id(true);
$_SESSION['u_login'] = $authz['login'];
$_SESSION['u_id'] = $authz['id'];
$_SESSION['u_jmeno'] = $authz['jmeno'];
$_SESSION['u_telefon'] = $authz['telefon'];
$_SESSION['u_mail'] = $authz['mail'];
$_SESSION['u_role'] = $authz['role'];
return true;
}
function getToken()
{
$username = $this->username;
$password = $this->password;
if (isset($username) && isset($password)) {
if (isset($_SESSION[$username])) {
return $_SESSION[$username];
} else {
$user = MyDB::getInstance()->getUser($username, $password);
if ($user) {
$_SESSION[$username] = uniqid();
return $_SESSION[$username];
} else {
return 'Invalid user credentials';
}
}
} else {
return 'Missing username/password';
}
}
<?php
/*
* install.php: Restaurace (IIS 2012)
*
* Author(s): Marie Kratochvilova <*****@*****.**>
* Radek Sevcik <*****@*****.**>
*
* Date: Thu, 4 Feb 2016 01:46:54 +0100
*
* This file is part of iis12_restaurace.
*/
require_once 'config.inc.php';
function render_head()
{
}
function render_body()
{
}
MyDB::getInstance()->initDb();
header('Location: index.php');
function getFood()
{
$res = MyDB::getInstance()->getResults('SELECT * FROM kategorie ORDER BY nazev');
$result = '';
foreach ($res as $v) {
$result .= '<optgroup label="' . strenc_topage($v['nazev']) . '">';
$res2 = MyDB::getInstance()->getResults('SELECT * FROM jidelni_listek WHERE viditelnost = 1 AND id_kategorie = ' . $v['id']);
foreach ($res2 as $v2) {
$result .= '<option value="' . $v2['id'] . '">' . strenc_topage($v2['nazev']) . '</option>';
}
$result .= '</optgroup>';
}
return $result;
}
function displayReservations()
{
$res = MyDB::getInstance()->getResults('SELECT R.*, S.cislo_stolu FROM rezervace R JOIN stoly S ON R.id_stolu = S.id ORDER BY R.datum DESC');
$result = '';
foreach ($res as $v) {
$result .= '<tr>
<td>' . strenc_topage($v['jmeno']) . '</td>
<td>' . $v['cislo_stolu'] . '</td>
<td>' . $v['pocet_lidi_u_stolu'] . '</td>
<td>' . $v['datum'] . '</td>
<td>' . $v['stav'] . '</td>
<td>
<a href="rezervace.php?action=zrusit&id=' . $v['id'] . '"><img src="images/cross.png"></a>
<a href="rezervace.php?action=potvrdit&id=' . $v['id'] . '"><img src="images/accept.png"></a>
</td>
</tr>';
}
return $result;
}
<?php
date_default_timezone_set('America/New_York');
require_once 'includes/MyDB.php';
$db = MyDB::getInstance();
//writelog($_REQUEST);
require_once 'MyAPI.php';
// Requests from the same server don't have a HTTP_ORIGIN header
if (!array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$_SERVER['HTTP_ORIGIN'] = $_SERVER['SERVER_NAME'];
}
try {
$API = new MyAPI($_REQUEST['request'], $_SERVER['HTTP_ORIGIN']);
echo $API->processAPI();
} catch (Exception $e) {
echo json_encode(array('error' => $e->getMessage()));
}
function writelog($message)
{
$file = fopen("api.log", "a");
$date = new DateTime('NOW');
$date = $date->format("Y M d D h:g:i a");
if (is_array($message) || is_object($message)) {
fwrite($file, '[' . $date . '] ' . print_r($message, true));
} else {
fwrite($file, '[' . $date . '] ' . $message);
}
fwrite($file, PHP_EOL);
fclose($file);
}
function add_item($val, $kat_id, &$row_id)
{
$val = MyDB::escape($val);
$kat_id = MyDB::escape($kat_id);
return MyDB::getInstance()->exec("INSERT INTO jidelni_listek (id_kategorie, nazev, popis, cena, viditelnost) VALUES " . "( '{$kat_id}', '{$val}', '', 0, 0 );", $row_id);
}
