public function __construct($id, CDatabaza $db)
{
$this->article = $id;
$sql = "SELECT Kategoria.kategoria_id AS id, Kategoria.nazov_kategorie AS name FROM \n (Kategoria\n INNER JOIN\n Prispevok\n ON Prispevok.kategoria_id=Kategoria.kategoria_id)\n INNER JOIN\n Clanok\n ON\n Clanok.clanok_id=Prispevok.clanok_id\n WHERE \n Clanok.clanok_id={$id} \n AND\n Clanok.zobrazit=1\n AND\n Prispevok.zobrazit=1";
$cats_data = $db->query($sql);
if ($cats_data) {
while ($cats = $cats_data->fetch_array()) {
$idc = $cats['id'];
$this->cats[$idc]['id'] = $idc;
$this->cats[$idc]['name'] = $cats['name'];
}
} else {
echo "nastala chyba v spojeni";
}
$post_select = "SELECT Prispevok.prispevok_id AS id,\n Prispevok.nazov_prispevku AS name,\n Prispevok.prispevok AS post,\n Prispevok.casova_znamka AS timestamp,\n Prispevok.kategoria_id AS cat";
$num_rows = "SELECT Count(*) AS num";
$from_stat = " FROM\n Prispevok\n INNER JOIN\n Clanok\n ON Prispevok.clanok_id=Clanok.clanok_id\n WHERE\n Clanok.zobrazit=1\n AND \n Clanok.clanok_id={$id}\n AND\n Prispevok.zobrazit=1";
if (isset($_GET['kategoria'])) {
$cat_exists = false;
foreach ($this->cats as $cat) {
if ($cat['id'] = $_GET['kategoria']) {
$cat_exists = true;
break;
}
}
if ($cat_exists) {
$from_stat .= " AND Prispevok.kategoria_id=" . $_GET['kategoria'];
}
}
$sql = $num_rows . $from_stat;
$num_on_page = 10;
$this->max_page = ceil($db->query($sql)->num_rows / $num_on_page);
$this->page = 0;
if (empty($_GET['strana'])) {
if ($_GET['strana'] > 0 && $_GET['strana'] <= $this->max_page) {
$this->page = $_GET['strana'] - 1;
}
}
$sql = $post_select . $from_stat . " ORDER BY Prispevok.casova_znamka DESC LIMIT " . $this->page * $num_on_page . ",{$num_on_page}";
$post_data = $db->query($sql);
if ($post_data) {
while ($post = $post_data->fetch_array()) {
$id = $post['id'];
$this->posts[$id]['id'] = $id;
$this->posts[$id]['name'] = $post['name'];
$this->posts[$id]['post'] = $post['post'];
$this->posts[$id]['day'] = date("j.n.Y", $post['timestamp']);
$this->posts[$id]['cat'] = $post['cat'];
}
}
}
public function __construct()
{
if (!isset($_SESSION['user'])) {
return;
}
$user = $_SESSION['user'];
$hasInfo = true;
//ziska informacie z databazy
$data = CDatabaza::getInstance();
$data->connect();
$rights = new UserRights($data);
//ziska uzivatelske prava
if (mysqli_num_rows($data->query("SELECT * FROM Uzivatel_info WHERE uzivatel_id={$user}")) == 0) {
$hasInfo = false;
}
$data->close();
//prida polia hlavneho menu na zaklade uzivatelskych prav
$this->addItem("Domov", ProgramManager::getId("Intro"));
if ($hasInfo) {
$this->addItem("Môj profil", ProgramManager::getId("User_info"));
}
if ($rights->approved('EDIT_USERS')) {
$this->addItem("Užívatelia", ProgramManager::getId("Users"));
}
if ($rights->approved('EDIT_ENUMS')) {
$this->addItem("Rubriky", ProgramManager::getId("Topics"));
}
$this->addItem("Články", ProgramManager::getId("Article_list"));
//$this->addItem("Príspevky", 0);
//$this->addItem("Nastavenia", 0);
//$this->addItem("Odhlásiť","?id=".ProgramManager::getId("Login")."&func=logout",0);
$this->displayed = true;
}
public function __construct(CDatabaza $data, $user = null)
{
$user_id = "";
if ($user == null) {
if (empty($_SESSION['user'])) {
return;
}
$user_id = $_SESSION['user'];
} else {
$user_id = $user;
}
//ziska informacie z databazy
$connected = $data->connected();
if (!$connected) {
$data->connect();
}
if (!$data->connected()) {
return;
}
$sql = "SELECT pristupove_prava FROM Uzivatel WHERE uzivatel_id='{$user_id}'";
$query = $data->query($sql);
$result = mysqli_fetch_array($query);
$user_rights = explode(",", $result['pristupove_prava']);
//nacita udaje z databazy a ulozi ich do premennej $rights
for ($i = 0; isset($user_rights[$i]); $i++) {
$res = $user_rights[$i];
$res = trim($res);
$this->rights[$res] = true;
}
if (!$connected) {
$data->close();
}
}
protected function login_func()
{
//connect to database
$data = CDatabaza::getInstance();
$data->connect();
if (!$data->connected()) {
//if connection failed display error message
$this->db = false;
$this->success = false;
$this->error_msg = "Nemôžem sa pripojiť na databázu.";
return;
}
//retrieve posted login information
$login = "";
$psswd = "";
if (empty($_POST['usr_name']) || empty($_POST['psswd'])) {
$this->success = false;
$this->error_msg = "Zadaj prihlasovacie meno a heslo.";
$data->close();
return;
}
if (get_magic_quotes_gpc()) {
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
}
//escape login name
$login = addslashes($data->escape_string($_POST['usr_name']));
$psswd = addslashes($data->escape_string($_POST['psswd']));
$psswd = md5($psswd);
//select table which contains user information
$table = "Uzivatel";
//selects data from user table
$sql = "SELECT * FROM {$table} WHERE prihlasovacie_meno='{$login}' AND heslo='{$psswd}'";
$result = $data->query($sql);
//if exists one record, login is successfull else login failed
if (mysqli_num_rows($result) != 1) {
$data->close();
$this->success = false;
$this->error_msg = "Pokus o neoprávnený prístup do redakcie.";
return;
}
//get user id from table and store it into session
$user = mysqli_fetch_array($result);
$_SESSION['user'] = $user['uzivatel_id'];
setcookie('user', $user['uzivatel_id']);
$data->close();
//after succesfull login switch to intro program
//header ("Location: ./?id=".ProgramManager::getId("Intro"));
header("Location: ./");
exit;
}
public final function execute()
{
/*
* kontroly funkcii
*/
//prednastavena hodnota premnnej enabled je false
if (empty($this->enabled)) {
$this->enabled = false;
}
//zisti ci bola zadana funkcia
if (empty($_GET['func'])) {
$this->setMsg(false, "Nebola zadaná žiadna funkcia");
return;
}
//zisti, ci zadana funkcia existuje
if (empty($this->functions[$_GET['func']])) {
$this->setMsg(false, "Zadaná funkcia neexistuje");
return;
}
//kontrola identifikatora formulara
if (!empty($_POST['nonce']) && !Nonce::checkNonce($_POST['nonce'])) {
$this->setMsg(false, "Neplatný formulár.");
return;
}
//pripojenie na databazu
$db = CDatabaza::getInstance();
//zisti, ci sa uskutocnilo spojenie s databazou
if (empty($db)) {
$this->setMsg(false, "Spojenie s databázou zlyhalo");
return;
}
//skontoluje, ci je mozne spustit modul
if (!$this->enabled) {
$this->setMsg(false, "Nemáte oprávnenie na zmenu záznamov");
return;
}
//spusti vybranu funkciu zvoleneho modulu
$call = $this->functions[$_GET['func']]['execute'];
$this->{$call}();
}
private function initialize()
{
$data = CDatabaza::getInstance();
$connected = $data->connected();
if (!$connected) {
$data->connect();
}
$sql = "SELECT * FROM Uzivatel INNER JOIN Uzivatel_info ON Uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n WHERE Uzivatel.uzivatel_id<>" . $_SESSION['user'];
$query = $data->query($sql);
if ($query) {
while ($user = $query->fetch_array()) {
$id = $user['uzivatel_id'];
$this->users[$id]['id'] = $id;
$this->users[$id]['login'] = $user['prihlasovacie_meno'];
$this->users[$id]['name'] = $user['meno'];
$this->users[$id]['surname'] = $user['priezvisko'];
$this->users[$id]['class'] = $user['trieda'];
$this->users[$id]['rights'] = $user['pristupove_prava'];
}
}
if (!$connected) {
$data->close();
}
}
private function initialize()
{
$data = CDatabaza::getInstance();
$connected = $data->connected();
if (!$connected) {
$data->connect();
}
$article_id = "";
if (!empty($_GET['article_id'])) {
$article_id = $data->escape_string($_GET['article_id']);
} else {
$article_id = $data->escape_string($_POST['article_id']);
}
$this->accessRights = new UserRights($data);
$sql = "";
if ($this->accessRights->approved("EDIT_ALL")) {
$sql = "SELECT * FROM \n (\n Clanok \n INNER JOIN \n Typ_clanku \n ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n )\n INNER JOIN\n Rubrika\n ON\n Rubrika.rubrika_id=Clanok.rubrika_id\n WHERE Clanok.clanok_id={$article_id}";
} else {
$sql = "SELECT * FROM \n ((\n Clanok \n INNER JOIN \n Typ_clanku \n ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n )\n INNER JOIN\n Rubrika\n ON\n Rubrika.rubrika_id=Clanok.rubrika_id\n )\n INNER JOIN \n Clanok_uzivatel \n ON Clanok.clanok_id=Clanok_uzivatel.clanok_id\n WHERE Clanok_uzivatel.uzivatel_id=" . $_SESSION['user'] . "\n AND Clanok.clanok_id={$article_id}";
}
$article = $data->query($sql);
if (!empty($article->num_rows)) {
$art_data = $article->fetch_array();
$this->article['id'] = $art_data['clanok_id'];
$this->article['nazov'] = $art_data['nazov_clanku'];
$this->article['typ'] = $art_data['nazov'];
$this->article['rubrika'] = $art_data['nazov_rubriky'];
$this->article['zobrazit'] = $art_data['zobrazit'];
$this->article['cas'] = $art_data['casova_znamka'];
$sql = "SELECT * FROM Clanok_uzivatel \n INNER JOIN Uzivatel_info\n ON Clanok_uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n WHERE Clanok_uzivatel.clanok_id=" . $this->article['id'];
$users = $data->query($sql);
if ($users) {
while ($user = $users->fetch_array()) {
$id = $user['uzivatel_id'];
$this->users[$id]['id'] = $id;
$this->users[$id]['name'] = $user['meno'];
$this->users[$id]['surname'] = $user['priezvisko'];
$this->users[$id]['class'] = $user['trieda'];
}
}
}
if (!$connected) {
$data->close();
}
}
private function readPost(CDatabaza $db, $id)
{
$sql = "SELECT prispevok FROM Prispevok WHERE clanok_id={$id} ORDER BY casova_znamka DESC LIMIT 0,1";
$query = $db->query($sql);
$post = $query->fetch_array();
$this->articles[$id]['post'] = $post['prispevok'];
}
private function readPosts()
{
if (!empty($this->posts)) {
return;
}
$data = CDatabaza::getInstance();
$connected = $data->connected();
if (!$connected) {
$data->connect();
}
//$post_id=$data->escape_string($post_id);
$sql = "SELECT * FROM Prispevok WHERE clanok_id=" . $this->article['id'];
if (!$this->accessRights->approved("EDIT_ALL")) {
$sql = $sql . " AND uzivatel_id=" . $_SESSION['user'];
}
$filters = $this->getFilters();
if ($filters) {
$sql = $sql . " AND " . $filters;
}
$posts = $data->query($sql);
if ($posts) {
while ($post = $posts->fetch_array()) {
$id = $post['prispevok_id'];
$this->posts[$id]['id'] = $id;
$this->posts[$id]['cat_id'] = $post['kategoria_id'];
$this->posts[$id]['name'] = $post['nazov_prispevku'];
$this->posts[$id]['post'] = $post['prispevok'];
$this->posts[$id]['time'] = $post['casova_znamka'];
$this->posts[$id]['released'] = $post['zobrazit'];
}
}
$sql = "SELECT * FROM Kategoria";
$cats = $data->query($sql);
if ($posts) {
while ($cat = $cats->fetch_array()) {
$id = $cat['kategoria_id'];
$this->categories[$id]['id'] = $id;
$this->categories[$id]['name'] = $cat['nazov_kategorie'];
}
}
if (!$connected) {
$data->close();
}
}
<?php
//error_reporting(E_ALL);
//ini_set("display_errors", 1);
$homedir = dirname(__FILE__) . "/classes/";
require_once $homedir . "display.php";
require_once $homedir . "DisplayModule.php";
require_once $homedir . "Menu.php";
require_once $homedir . "News.php";
require_once dirname(__FILE__) . "/redakcia/classes/utils/CDatabaza.php";
$label = "Domov";
//pripojenie na databazu
$db = CDatabaza::getInstance();
if (empty($db)) {
die("Nemozem sa pripojit na server");
}
$db->connect();
$menu = new Menu($db);
$news = new News($db);
$program = null;
$style = false;
if (isset($_GET['rubrika'])) {
require_once $homedir . "modules/Topic.php";
$program = new Topic($db);
$program->setHome(dirname(__FILE__));
$label = $program->label();
$style = "topics.css";
} else {
if (isset($_GET['clanok'])) {
require_once $homedir . "modules/Article_manager.php";
$program = new Article_manager($db, dirname(__FILE__));
private function initialize()
{
$data = new DBQuery(CDatabaza::getInstance());
//zakladne nastavenie zobrazenia
$this->orders['theme']['key'] = "tema_id";
$this->orders['theme']['order'] = "DESC";
$this->orders['topic']['key'] = "rubrika_id";
$this->orders['topic']['order'] = "DESC";
/*nastavi usporiadanie zaznamov v tabulke*/
//pole zoradienia temy
if (isset($_GET['theme_key'])) {
$key = $_GET['theme_key'];
if (!strcmp($key, 'id')) {
$this->orders['theme']['key'] = "tema_id";
} else {
if (!strcmp($key, 'name')) {
$this->orders['theme']['key'] = "nazov_temy";
}
}
}
//poradie zoradenia temy
if (isset($_GET['theme_order'])) {
if (!strcmp($_GET['theme_order'], "ASC")) {
$this->orders['theme']['order'] = "ASC";
}
}
if (isset($_GET['topic_key'])) {
$key = $_GET['topic_key'];
if (!strcmp($key, 'id')) {
$this->orders['topic']['key'] = "rubrika_id";
} else {
if (!strcmp($key, 'name')) {
$this->orders['topic']['key'] = "nazov_rubriky";
} else {
if (!strcmp($key, 'theme')) {
$this->orders['topic']['key'] = "tema_id";
}
}
}
}
if (isset($_GET['topic_order'])) {
if (!strcmp($_GET['topic_order'], "ASC")) {
$this->orders['topic']['order'] = "ASC";
}
}
$data->setTable("Tema");
$data->setOrder($this->orders['theme']['key'], $this->orders['theme']['order']);
$themes = $data->queryDB("select");
while ($theme = $themes->fetch_array()) {
$id = $theme['tema_id'];
$name = $theme['nazov_temy'];
$this->themes[$id]['id'] = $id;
$this->themes[$id]['name'] = $name;
}
$data->setTable("Rubrika");
$data->setOrder($this->orders['topic']['key'], $this->orders['topic']['order']);
$topics = $data->queryDB("select");
while ($topic = $topics->fetch_array()) {
$id = $topic['rubrika_id'];
$name = $topic['nazov_rubriky'];
$theme = $topic['tema_id'];
$this->topics[$id]['id'] = $id;
$this->topics[$id]['name'] = $name;
$this->topics[$id]['theme'] = $theme;
}
}
<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
include dirname(__FILE__) . '/classes/utils/CDatabaza.php';
CDatabaza::createDB("casopis", "root", "zelgadis", "localhost");
?>
</body>
</html>
and open the template in the editor.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php
//session_start();
if (!isset($_COOKIE['user'])) {
echo "Nie je prihlásený žiaden užívateľ.";
exit;
}
if (!isset($_GET['article_id'])) {
echo "Nie je zadaný žiaden článok";
exit;
}
require dirname(__FILE__) . "/../../classes/utils/CDatabaza.php";
require dirname(__FILE__) . "/../../classes/utils/UserRights.php";
$data = CDatabaza::getInstance();
if (!$data) {
exit("Nemozem sa pripojit na databazu");
}
$data->connect();
$clanok = $data->escape_string($_GET['article_id']);
$user = new UserRights($data, $_COOKIE['user']);
$sql = "SELECT * FROM Clanok_uzivatel WHERE clanok_id={$clanok} AND uzivatel_id=" . $_COOKIE['user'];
$query = $data->query($sql);
if (!$query) {
echo "Chyba v pripojení na databázu";
$data->close();
exit;
}
if (!$query->num_rows && !$user->approved('EDIT_ALL')) {
echo "Nemáte oprávnenie na prezeranie obsahu. Prístup zamietnutý.";
private function initialize()
{
$data = new DBQuery(CDatabaza::getInstance());
$data->setTable("Uzivatel_info");
$data->setRecord("uzivatel_id", $_SESSION['user']);
$query = $data->queryDB("select");
if ($query) {
$usr_nfo = $query->fetch_array();
$this->user_info['name'] = $usr_nfo['meno'];
$this->user_info['surname'] = $usr_nfo['priezvisko'];
$this->user_info['class'] = $usr_nfo['trieda'];
}
}
private function display_filters()
{
$data = new DBQuery(CDatabaza::getInstance());
echo "<script type='text/javascript'></script>";
echo "<form id='filters'>";
echo "<span class='label'>Hľadaj článok: </span><input id='name' type='text' name='nazov' /><br/>";
echo "<span class='label'>Zverejnené: </span><select id='zverejnit' name='released'>";
echo "<option value=''>Všetko</option><option value='1'>Áno</option><option value='0'>Nie</option></select> ";
echo "<span class='label'>Rubrika: </span><select id='rubrika' name='topic'>";
echo "<option value=''>Všetko</option>";
$data->setTable('Rubrika');
$query = $data->queryDB('select');
while ($rubrika = $query->fetch_array()) {
echo "<option value='" . $rubrika['rubrika_id'] . "'>";
echo $rubrika['nazov_rubriky'];
echo "</option>";
}
echo "</select>";
echo "<span class='label'>Typ: </span><select id='typ' name='type'>";
echo "<option value=''>Všetko</option>";
$data->setTable('Typ_clanku');
$query = $data->queryDB('select');
while ($typ = $query->fetch_array()) {
echo "<option value='" . $typ['typ_clanku_id'] . "'>";
echo $typ['nazov'];
echo "</option>";
}
echo "</select>";
echo "</form>";
echo "<div id='article_list'></div id='article_list'>";
echo "";
echo "<script type='text/javascript'>";
echo "function filters_load(){";
echo "\$('#filters').submit(function(e){e.preventDefault();});";
echo "filter_manager.set_manager('article_list'," . $this->getProgramID() . ");";
echo "filter_manager.add('name');";
echo "filter_manager.add('zverejnit');";
echo "filter_manager.add('rubrika');";
echo "filter_manager.add('typ');";
echo "filter_manager.set_max_page({$this->max_page});";
echo "filter_manager.apply();}";
/*
echo "content='article_list';program=".$this->getProgramID().";";
echo "apply_filter();";
echo "add_filter('name');";
echo "add_filter('zverejnit');";
echo "add_filter('rubrika');";
echo "add_filter('typ');}";
*
*/
echo "if(typeof filter_manager!='undefined') filters_load();";
echo "else scriptloader.load_script('redakcia/scripts/filters.js','js',filters_load);";
echo "scriptloader.load_script('redakcia/styles/article_list.css','css');";
echo "scriptloader.load_script('redakcia/styles/topics.css','css');";
//echo "$('#article_list').load('./request/main.php?id=".$this->getProgramID()."&mode=display');";
echo "</script>";
}