public function __construct($id, CDatabaza $db) { $this->article = $id; $sql = "SELECT Kategoria.kategoria_id AS id, Kategoria.nazov_kategorie AS name FROM \n (Kategoria\n INNER JOIN\n Prispevok\n ON Prispevok.kategoria_id=Kategoria.kategoria_id)\n INNER JOIN\n Clanok\n ON\n Clanok.clanok_id=Prispevok.clanok_id\n WHERE \n Clanok.clanok_id={$id} \n AND\n Clanok.zobrazit=1\n AND\n Prispevok.zobrazit=1"; $cats_data = $db->query($sql); if ($cats_data) { while ($cats = $cats_data->fetch_array()) { $idc = $cats['id']; $this->cats[$idc]['id'] = $idc; $this->cats[$idc]['name'] = $cats['name']; } } else { echo "nastala chyba v spojeni"; } $post_select = "SELECT Prispevok.prispevok_id AS id,\n Prispevok.nazov_prispevku AS name,\n Prispevok.prispevok AS post,\n Prispevok.casova_znamka AS timestamp,\n Prispevok.kategoria_id AS cat"; $num_rows = "SELECT Count(*) AS num"; $from_stat = " FROM\n Prispevok\n INNER JOIN\n Clanok\n ON Prispevok.clanok_id=Clanok.clanok_id\n WHERE\n Clanok.zobrazit=1\n AND \n Clanok.clanok_id={$id}\n AND\n Prispevok.zobrazit=1"; if (isset($_GET['kategoria'])) { $cat_exists = false; foreach ($this->cats as $cat) { if ($cat['id'] = $_GET['kategoria']) { $cat_exists = true; break; } } if ($cat_exists) { $from_stat .= " AND Prispevok.kategoria_id=" . $_GET['kategoria']; } } $sql = $num_rows . $from_stat; $num_on_page = 10; $this->max_page = ceil($db->query($sql)->num_rows / $num_on_page); $this->page = 0; if (empty($_GET['strana'])) { if ($_GET['strana'] > 0 && $_GET['strana'] <= $this->max_page) { $this->page = $_GET['strana'] - 1; } } $sql = $post_select . $from_stat . " ORDER BY Prispevok.casova_znamka DESC LIMIT " . $this->page * $num_on_page . ",{$num_on_page}"; $post_data = $db->query($sql); if ($post_data) { while ($post = $post_data->fetch_array()) { $id = $post['id']; $this->posts[$id]['id'] = $id; $this->posts[$id]['name'] = $post['name']; $this->posts[$id]['post'] = $post['post']; $this->posts[$id]['day'] = date("j.n.Y", $post['timestamp']); $this->posts[$id]['cat'] = $post['cat']; } } }
public function __construct() { if (!isset($_SESSION['user'])) { return; } $user = $_SESSION['user']; $hasInfo = true; //ziska informacie z databazy $data = CDatabaza::getInstance(); $data->connect(); $rights = new UserRights($data); //ziska uzivatelske prava if (mysqli_num_rows($data->query("SELECT * FROM Uzivatel_info WHERE uzivatel_id={$user}")) == 0) { $hasInfo = false; } $data->close(); //prida polia hlavneho menu na zaklade uzivatelskych prav $this->addItem("Domov", ProgramManager::getId("Intro")); if ($hasInfo) { $this->addItem("Môj profil", ProgramManager::getId("User_info")); } if ($rights->approved('EDIT_USERS')) { $this->addItem("Užívatelia", ProgramManager::getId("Users")); } if ($rights->approved('EDIT_ENUMS')) { $this->addItem("Rubriky", ProgramManager::getId("Topics")); } $this->addItem("Články", ProgramManager::getId("Article_list")); //$this->addItem("Príspevky", 0); //$this->addItem("Nastavenia", 0); //$this->addItem("Odhlásiť","?id=".ProgramManager::getId("Login")."&func=logout",0); $this->displayed = true; }
public function __construct(CDatabaza $data, $user = null) { $user_id = ""; if ($user == null) { if (empty($_SESSION['user'])) { return; } $user_id = $_SESSION['user']; } else { $user_id = $user; } //ziska informacie z databazy $connected = $data->connected(); if (!$connected) { $data->connect(); } if (!$data->connected()) { return; } $sql = "SELECT pristupove_prava FROM Uzivatel WHERE uzivatel_id='{$user_id}'"; $query = $data->query($sql); $result = mysqli_fetch_array($query); $user_rights = explode(",", $result['pristupove_prava']); //nacita udaje z databazy a ulozi ich do premennej $rights for ($i = 0; isset($user_rights[$i]); $i++) { $res = $user_rights[$i]; $res = trim($res); $this->rights[$res] = true; } if (!$connected) { $data->close(); } }
protected function login_func() { //connect to database $data = CDatabaza::getInstance(); $data->connect(); if (!$data->connected()) { //if connection failed display error message $this->db = false; $this->success = false; $this->error_msg = "Nemôžem sa pripojiť na databázu."; return; } //retrieve posted login information $login = ""; $psswd = ""; if (empty($_POST['usr_name']) || empty($_POST['psswd'])) { $this->success = false; $this->error_msg = "Zadaj prihlasovacie meno a heslo."; $data->close(); return; } if (get_magic_quotes_gpc()) { $_GET = array_map('stripslashes', $_GET); $_POST = array_map('stripslashes', $_POST); } //escape login name $login = addslashes($data->escape_string($_POST['usr_name'])); $psswd = addslashes($data->escape_string($_POST['psswd'])); $psswd = md5($psswd); //select table which contains user information $table = "Uzivatel"; //selects data from user table $sql = "SELECT * FROM {$table} WHERE prihlasovacie_meno='{$login}' AND heslo='{$psswd}'"; $result = $data->query($sql); //if exists one record, login is successfull else login failed if (mysqli_num_rows($result) != 1) { $data->close(); $this->success = false; $this->error_msg = "Pokus o neoprávnený prístup do redakcie."; return; } //get user id from table and store it into session $user = mysqli_fetch_array($result); $_SESSION['user'] = $user['uzivatel_id']; setcookie('user', $user['uzivatel_id']); $data->close(); //after succesfull login switch to intro program //header ("Location: ./?id=".ProgramManager::getId("Intro")); header("Location: ./"); exit; }
public final function execute() { /* * kontroly funkcii */ //prednastavena hodnota premnnej enabled je false if (empty($this->enabled)) { $this->enabled = false; } //zisti ci bola zadana funkcia if (empty($_GET['func'])) { $this->setMsg(false, "Nebola zadaná žiadna funkcia"); return; } //zisti, ci zadana funkcia existuje if (empty($this->functions[$_GET['func']])) { $this->setMsg(false, "Zadaná funkcia neexistuje"); return; } //kontrola identifikatora formulara if (!empty($_POST['nonce']) && !Nonce::checkNonce($_POST['nonce'])) { $this->setMsg(false, "Neplatný formulár."); return; } //pripojenie na databazu $db = CDatabaza::getInstance(); //zisti, ci sa uskutocnilo spojenie s databazou if (empty($db)) { $this->setMsg(false, "Spojenie s databázou zlyhalo"); return; } //skontoluje, ci je mozne spustit modul if (!$this->enabled) { $this->setMsg(false, "Nemáte oprávnenie na zmenu záznamov"); return; } //spusti vybranu funkciu zvoleneho modulu $call = $this->functions[$_GET['func']]['execute']; $this->{$call}(); }
private function initialize() { $data = CDatabaza::getInstance(); $connected = $data->connected(); if (!$connected) { $data->connect(); } $sql = "SELECT * FROM Uzivatel INNER JOIN Uzivatel_info ON Uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n WHERE Uzivatel.uzivatel_id<>" . $_SESSION['user']; $query = $data->query($sql); if ($query) { while ($user = $query->fetch_array()) { $id = $user['uzivatel_id']; $this->users[$id]['id'] = $id; $this->users[$id]['login'] = $user['prihlasovacie_meno']; $this->users[$id]['name'] = $user['meno']; $this->users[$id]['surname'] = $user['priezvisko']; $this->users[$id]['class'] = $user['trieda']; $this->users[$id]['rights'] = $user['pristupove_prava']; } } if (!$connected) { $data->close(); } }
private function initialize() { $data = CDatabaza::getInstance(); $connected = $data->connected(); if (!$connected) { $data->connect(); } $article_id = ""; if (!empty($_GET['article_id'])) { $article_id = $data->escape_string($_GET['article_id']); } else { $article_id = $data->escape_string($_POST['article_id']); } $this->accessRights = new UserRights($data); $sql = ""; if ($this->accessRights->approved("EDIT_ALL")) { $sql = "SELECT * FROM \n (\n Clanok \n INNER JOIN \n Typ_clanku \n ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n )\n INNER JOIN\n Rubrika\n ON\n Rubrika.rubrika_id=Clanok.rubrika_id\n WHERE Clanok.clanok_id={$article_id}"; } else { $sql = "SELECT * FROM \n ((\n Clanok \n INNER JOIN \n Typ_clanku \n ON Clanok.typ_clanku_id=Typ_clanku.typ_clanku_id\n )\n INNER JOIN\n Rubrika\n ON\n Rubrika.rubrika_id=Clanok.rubrika_id\n )\n INNER JOIN \n Clanok_uzivatel \n ON Clanok.clanok_id=Clanok_uzivatel.clanok_id\n WHERE Clanok_uzivatel.uzivatel_id=" . $_SESSION['user'] . "\n AND Clanok.clanok_id={$article_id}"; } $article = $data->query($sql); if (!empty($article->num_rows)) { $art_data = $article->fetch_array(); $this->article['id'] = $art_data['clanok_id']; $this->article['nazov'] = $art_data['nazov_clanku']; $this->article['typ'] = $art_data['nazov']; $this->article['rubrika'] = $art_data['nazov_rubriky']; $this->article['zobrazit'] = $art_data['zobrazit']; $this->article['cas'] = $art_data['casova_znamka']; $sql = "SELECT * FROM Clanok_uzivatel \n INNER JOIN Uzivatel_info\n ON Clanok_uzivatel.uzivatel_id=Uzivatel_info.uzivatel_id\n WHERE Clanok_uzivatel.clanok_id=" . $this->article['id']; $users = $data->query($sql); if ($users) { while ($user = $users->fetch_array()) { $id = $user['uzivatel_id']; $this->users[$id]['id'] = $id; $this->users[$id]['name'] = $user['meno']; $this->users[$id]['surname'] = $user['priezvisko']; $this->users[$id]['class'] = $user['trieda']; } } } if (!$connected) { $data->close(); } }
private function readPost(CDatabaza $db, $id) { $sql = "SELECT prispevok FROM Prispevok WHERE clanok_id={$id} ORDER BY casova_znamka DESC LIMIT 0,1"; $query = $db->query($sql); $post = $query->fetch_array(); $this->articles[$id]['post'] = $post['prispevok']; }
private function readPosts() { if (!empty($this->posts)) { return; } $data = CDatabaza::getInstance(); $connected = $data->connected(); if (!$connected) { $data->connect(); } //$post_id=$data->escape_string($post_id); $sql = "SELECT * FROM Prispevok WHERE clanok_id=" . $this->article['id']; if (!$this->accessRights->approved("EDIT_ALL")) { $sql = $sql . " AND uzivatel_id=" . $_SESSION['user']; } $filters = $this->getFilters(); if ($filters) { $sql = $sql . " AND " . $filters; } $posts = $data->query($sql); if ($posts) { while ($post = $posts->fetch_array()) { $id = $post['prispevok_id']; $this->posts[$id]['id'] = $id; $this->posts[$id]['cat_id'] = $post['kategoria_id']; $this->posts[$id]['name'] = $post['nazov_prispevku']; $this->posts[$id]['post'] = $post['prispevok']; $this->posts[$id]['time'] = $post['casova_znamka']; $this->posts[$id]['released'] = $post['zobrazit']; } } $sql = "SELECT * FROM Kategoria"; $cats = $data->query($sql); if ($posts) { while ($cat = $cats->fetch_array()) { $id = $cat['kategoria_id']; $this->categories[$id]['id'] = $id; $this->categories[$id]['name'] = $cat['nazov_kategorie']; } } if (!$connected) { $data->close(); } }
<?php //error_reporting(E_ALL); //ini_set("display_errors", 1); $homedir = dirname(__FILE__) . "/classes/"; require_once $homedir . "display.php"; require_once $homedir . "DisplayModule.php"; require_once $homedir . "Menu.php"; require_once $homedir . "News.php"; require_once dirname(__FILE__) . "/redakcia/classes/utils/CDatabaza.php"; $label = "Domov"; //pripojenie na databazu $db = CDatabaza::getInstance(); if (empty($db)) { die("Nemozem sa pripojit na server"); } $db->connect(); $menu = new Menu($db); $news = new News($db); $program = null; $style = false; if (isset($_GET['rubrika'])) { require_once $homedir . "modules/Topic.php"; $program = new Topic($db); $program->setHome(dirname(__FILE__)); $label = $program->label(); $style = "topics.css"; } else { if (isset($_GET['clanok'])) { require_once $homedir . "modules/Article_manager.php"; $program = new Article_manager($db, dirname(__FILE__));
private function initialize() { $data = new DBQuery(CDatabaza::getInstance()); //zakladne nastavenie zobrazenia $this->orders['theme']['key'] = "tema_id"; $this->orders['theme']['order'] = "DESC"; $this->orders['topic']['key'] = "rubrika_id"; $this->orders['topic']['order'] = "DESC"; /*nastavi usporiadanie zaznamov v tabulke*/ //pole zoradienia temy if (isset($_GET['theme_key'])) { $key = $_GET['theme_key']; if (!strcmp($key, 'id')) { $this->orders['theme']['key'] = "tema_id"; } else { if (!strcmp($key, 'name')) { $this->orders['theme']['key'] = "nazov_temy"; } } } //poradie zoradenia temy if (isset($_GET['theme_order'])) { if (!strcmp($_GET['theme_order'], "ASC")) { $this->orders['theme']['order'] = "ASC"; } } if (isset($_GET['topic_key'])) { $key = $_GET['topic_key']; if (!strcmp($key, 'id')) { $this->orders['topic']['key'] = "rubrika_id"; } else { if (!strcmp($key, 'name')) { $this->orders['topic']['key'] = "nazov_rubriky"; } else { if (!strcmp($key, 'theme')) { $this->orders['topic']['key'] = "tema_id"; } } } } if (isset($_GET['topic_order'])) { if (!strcmp($_GET['topic_order'], "ASC")) { $this->orders['topic']['order'] = "ASC"; } } $data->setTable("Tema"); $data->setOrder($this->orders['theme']['key'], $this->orders['theme']['order']); $themes = $data->queryDB("select"); while ($theme = $themes->fetch_array()) { $id = $theme['tema_id']; $name = $theme['nazov_temy']; $this->themes[$id]['id'] = $id; $this->themes[$id]['name'] = $name; } $data->setTable("Rubrika"); $data->setOrder($this->orders['topic']['key'], $this->orders['topic']['order']); $topics = $data->queryDB("select"); while ($topic = $topics->fetch_array()) { $id = $topic['rubrika_id']; $name = $topic['nazov_rubriky']; $theme = $topic['tema_id']; $this->topics[$id]['id'] = $id; $this->topics[$id]['name'] = $name; $this->topics[$id]['theme'] = $theme; } }
<!-- To change this template, choose Tools | Templates and open the template in the editor. --> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> </head> <body> <?php error_reporting(E_ALL); ini_set("display_errors", 1); include dirname(__FILE__) . '/classes/utils/CDatabaza.php'; CDatabaza::createDB("casopis", "root", "zelgadis", "localhost"); ?> </body> </html>
and open the template in the editor. --> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <?php //session_start(); if (!isset($_COOKIE['user'])) { echo "Nie je prihlásený žiaden užívateľ."; exit; } if (!isset($_GET['article_id'])) { echo "Nie je zadaný žiaden článok"; exit; } require dirname(__FILE__) . "/../../classes/utils/CDatabaza.php"; require dirname(__FILE__) . "/../../classes/utils/UserRights.php"; $data = CDatabaza::getInstance(); if (!$data) { exit("Nemozem sa pripojit na databazu"); } $data->connect(); $clanok = $data->escape_string($_GET['article_id']); $user = new UserRights($data, $_COOKIE['user']); $sql = "SELECT * FROM Clanok_uzivatel WHERE clanok_id={$clanok} AND uzivatel_id=" . $_COOKIE['user']; $query = $data->query($sql); if (!$query) { echo "Chyba v pripojení na databázu"; $data->close(); exit; } if (!$query->num_rows && !$user->approved('EDIT_ALL')) { echo "Nemáte oprávnenie na prezeranie obsahu. Prístup zamietnutý.";
private function initialize() { $data = new DBQuery(CDatabaza::getInstance()); $data->setTable("Uzivatel_info"); $data->setRecord("uzivatel_id", $_SESSION['user']); $query = $data->queryDB("select"); if ($query) { $usr_nfo = $query->fetch_array(); $this->user_info['name'] = $usr_nfo['meno']; $this->user_info['surname'] = $usr_nfo['priezvisko']; $this->user_info['class'] = $usr_nfo['trieda']; } }
private function display_filters() { $data = new DBQuery(CDatabaza::getInstance()); echo "<script type='text/javascript'></script>"; echo "<form id='filters'>"; echo "<span class='label'>Hľadaj článok: </span><input id='name' type='text' name='nazov' /><br/>"; echo "<span class='label'>Zverejnené: </span><select id='zverejnit' name='released'>"; echo "<option value=''>Všetko</option><option value='1'>Áno</option><option value='0'>Nie</option></select> "; echo "<span class='label'>Rubrika: </span><select id='rubrika' name='topic'>"; echo "<option value=''>Všetko</option>"; $data->setTable('Rubrika'); $query = $data->queryDB('select'); while ($rubrika = $query->fetch_array()) { echo "<option value='" . $rubrika['rubrika_id'] . "'>"; echo $rubrika['nazov_rubriky']; echo "</option>"; } echo "</select>"; echo "<span class='label'>Typ: </span><select id='typ' name='type'>"; echo "<option value=''>Všetko</option>"; $data->setTable('Typ_clanku'); $query = $data->queryDB('select'); while ($typ = $query->fetch_array()) { echo "<option value='" . $typ['typ_clanku_id'] . "'>"; echo $typ['nazov']; echo "</option>"; } echo "</select>"; echo "</form>"; echo "<div id='article_list'></div id='article_list'>"; echo ""; echo "<script type='text/javascript'>"; echo "function filters_load(){"; echo "\$('#filters').submit(function(e){e.preventDefault();});"; echo "filter_manager.set_manager('article_list'," . $this->getProgramID() . ");"; echo "filter_manager.add('name');"; echo "filter_manager.add('zverejnit');"; echo "filter_manager.add('rubrika');"; echo "filter_manager.add('typ');"; echo "filter_manager.set_max_page({$this->max_page});"; echo "filter_manager.apply();}"; /* echo "content='article_list';program=".$this->getProgramID().";"; echo "apply_filter();"; echo "add_filter('name');"; echo "add_filter('zverejnit');"; echo "add_filter('rubrika');"; echo "add_filter('typ');}"; * */ echo "if(typeof filter_manager!='undefined') filters_load();"; echo "else scriptloader.load_script('redakcia/scripts/filters.js','js',filters_load);"; echo "scriptloader.load_script('redakcia/styles/article_list.css','css');"; echo "scriptloader.load_script('redakcia/styles/topics.css','css');"; //echo "$('#article_list').load('./request/main.php?id=".$this->getProgramID()."&mode=display');"; echo "</script>"; }