function rest_post($request, $data) { $uri = explode("/", $request); $tip = array_pop($uri); switch ($tip) { case 'login': $dao = new \Dao\KorisnikDao(); $email = htmlentities($data['email']); $pass = htmlentities($data['password']); $hash = md5($pass); $logged = $dao->getLogin($email, $hash); if ($logged) { session_start(); $usr = $dao->getByExample('email', $email); $usr = $usr[0]; $username = $usr->getIme(); $_SESSION['username'] = $username; $id = $usr->getId(); $_SESSION['korisnikId'] = $id; } if (!$logged) { rest_error("Pogrešni podaci."); } return; break; case 'logout': session_start(); if (isset($_SESSION['username']) && $_SESSION['username'] == $data['username']) { unset($_SESSION['username']); session_destroy(); } else { rest_error("Niste prijavljeni."); } return; break; case 'register': session_start(); try { $korisnik = new Korisnik(); $ime = htmlentities($data['ime']); $prezime = htmlentities($data['prezime']); $korisnik->setIme($ime . " " . $prezime); $korisnik->setEmail(htmlentities($data['email'])); $password = htmlentities($data['password']); $korisnik->setPassword(md5($password)); $kdao = new \Dao\KorisnikDao(); $kdao->create($korisnik); $username = $ime . " " . $prezime; $_SESSION['username'] = $username; $id = $korisnik->getId(); $_SESSION['korisnikId'] = $id; } catch (Exception $e) { rest_error($e->getMessage()); } break; } }
public function getByExample($name, $value) { try { $sql = "SELECT * FROM korisnici WHERE {$name}=:value"; $upit = $this->konekcija->prepare($sql); $upit->bindParam(':value', $value); $upit->execute(); $korisnici = array(); if ($upit->rowCount() > 0) { while ($row = $upit->fetch(PDO::FETCH_ASSOC, PDO::FETCH_ORI_NEXT)) { $korisnik = new \Korisnik(); $korisnik->setId($row['idKorisnik']); $korisnik->setIme($row['ime']); $korisnik->setEmail($row['email']); $korisnik->setPassword($row['password']); array_push($korisnici, $korisnik); } } return $korisnici; } catch (PDOException $e) { print $e->getMessage(); } }