getCompanyID()==$this->companyid) return TRUE; else return FALSE; } function &Company($companyid = 0) { if ($companyid>0) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM company WHERE COMPANYID=$companyid", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->companyid = $companyid; $this->companyname = $array["COMPANYNAME"]; $this->companylogo = $array["COMPANYLOGO"]; } else { $this->$companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } mysql_close($connection); } else { $this->companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } function insert() // returns int COMPANYID of the last inserted row { $lastInserted = -1; $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO company (COMPANYID, COMPANYNAME, COMPANYLOGO) VALUES (0, '".Utility::replacewithprime($this->companyname)."', '".$this->companylogo."')", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { $rs = mysql_query("SELECT LAST_INSERT_ID() FROM company", $connection); if ($rs) { $array = mysql_fetch_row($rs); $lastInserted = $array[0]; $this->companyid = $lastInserted; } } mysql_close($connection); return $lastInserted; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE company SET COMPANYNAME='".Utility::replacewithprime($this->companyname)."', COMPANYLOGO='".$this->companylogo."' WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $vecUsers = User::getUsersForCompany($this->companyid); for ($i=0; $i<$vecUsers->size(); $i++) { $user = &$vecUsers->elementAt($i); $user->delete(); } $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM company WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("companyid=".$this->companyid.", companyname=".$this->companyname.", companylogo=".$this->companylogo); } function &getCompanyForUserName($username) { $company = &new Company(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM users, usertocompany WHERE users.LOGIN=usertocompany.LOGIN AND usertocompany.LOGIN='".$username."'", $connection); if ($rs) { if (($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); } } return $company; } // returns Vector function &getAllCompanies() { $companies = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM company", $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); if ($company->getCompanyID()!=0) $companies->add($company); } } return $companies; } function getCompanyID() { return $this->companyid; } function getCompanyName() { return $this->companyname; } function getCompanyLogo() { return $this->companylogo; } function setCompanyID($in) { $this->companyid = $in; } function setCompanyName($in) { $this->companyname = $in; } function setCompanyLogo($in) { $this->companylogo = $in; } } ?> array( // SITEADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDSITEUSER" => TRUE, "DELETESITEUSER" => TRUE, "EDITSITEUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => TRUE, "DOWNPRODUCT" => TRUE, "PUBLISHPRODUCT" => FALSE, "ADDARTIST" => TRUE, "EDITARTIST" => TRUE, "DELETEARTIST" => TRUE, "VIEWARTIST" => TRUE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) , 2 => array( // SHOPOWNER "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) , 3 => array( // NEWSADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => FALSE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => FALSE, "DELETECATALOGCATEGORY" => FALSE, "EDITCATALOGCATEGORY" => FALSE, "VIEWCATALOGCATEGORY" => FALSE, "ADDPRODUCT" => FALSE, "DELETEPRODUCT" => FALSE, "EDITPRODUCT" => FALSE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) /* , 99 => array( // VISITOR "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function equals($o) { if ($o->getLogin()==$this->login) return TRUE; else return FALSE; } function &User($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM users WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns boolean function passwordsAreEqual($first) // first is unencrypted, of course { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /* if ($first==$this->password) return TRUE; else return FALSE; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if (md5($first)==$this->password) return TRUE; else return FALSE; } // this is a new method, for new checking strategy, v 2.0 function isAllowedTo($operation) { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $adminRole = &new Role(0); if ($vecRoles->contains($adminRole)) return TRUE; // if it's the root, he is allowed to do everything for ($i=0; $i<$vecRoles->size(); $i++) { $role = &$vecRoles->elementAt($i); if ($this->permission[$role->roleid][$operation]) return TRUE; } return FALSE; } //returns boolean function isRoot() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); if ($vecRoles->contains($rootRole)) return TRUE; else return FALSE; } //returns boolean function isShopOwner() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $ownerRole = &new Role(1); if ($vecRoles->contains($rootRole) || $vecRoles->contains($ownerRole)) return TRUE; else return FALSE; } //returns boolean function isNewsAdmin() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $newsAdminRole = &new Role(2); if ($vecRoles->contains($rootRole) || $vecRoles->contains($newsAdminRole)) return TRUE; else return FALSE; } // returns boolean (success if no username already exists) function insert($companyid) // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', 'none', 0, 0)", $connection); ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".md5($this->password)."', 'MD5', 0, 0)", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("INSERT INTO usertocompany VALUES('".$this->login."', ".$companyid.")", $connection); $success = TRUE; } } } mysql_close($connection); } return $success; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); // PASSWORD='".$this->password."', $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM users WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function changePassword($username, $old, $new) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "UPDATE users SET PASSWORD='".md5($new)."' WHERE LOGIN='".$username."' AND PASSWORD='".md5($old)."'"; mysql_query($q); $ra = mysql_affected_rows($connection); $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } // returns Vector function &getUsersForCompany($companyid) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT LOGIN FROM usertocompany WHERE COMPANYID=".$companyid, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } // returns Vector function &getUsersForCompanyAndLevel($companyid, $level) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $query = "SELECT * FROM usertocompany, userroles WHERE COMPANYID=".$companyid." AND userroles.LOGIN=usertocompany.LOGIN AND ROLE>=".$level; $rs = mysql_query($query, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } function &login($username, $password) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } mysql_close($connection); return $role; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==md5($password)) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $role; } function forgottenPassword($login, $email) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = User::generateNewPassword(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { //$password = $array["PASSWORD"]; $q = "UPDATE users SET PASSWORD = '".md5($password)."' WHERE LOGIN='".$login."'"; $ra = mysql_query($q); } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $password; } // private function generateNewPassword() { $pwd = ""; for ($i=0; $i<10; $i++) { switch(rand(1,3)) { case 1: $pwd = $pwd.chr(rand(48,57)); break; // 0-9 case 2: $pwd = $pwd.chr(rand(65,90)); break; // A-Z case 3: $pwd = $pwd.chr(rand(97,122)); break; // a-z } } return $pwd; } // static function &getRolesForUser($userlogin) { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$userlogin."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } // static function &getRolesForUserStartingWith($userlogin, $roleid) { $vecRoles = &new Vector(); $sql = "select ROLEID from roles, userroles where LOGIN='".$userlogin."' AND ROLEID>=".$roleid." ORDER BY ROLEID ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLEID"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function &getRoles() { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$this->login."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getRole()==$this->role &&*/ $o->getRoleID()==$this->roleid) return TRUE; else return FALSE; } var $permission = array( 1 => array( "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) /* , 2 => array( "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function getRoleID() { return $this->roleid; } function getRole() { return $this->role; } function setRoleID($in) { $this->roleid = $in; } function setRole($in) { $this->role = $in; } function &Role($level = 999) { $this->roleid = 999; $this->role = ""; if ($level!=999) { $sql = "SELECT ROLE FROM roles WHERE ROLEID=".$level; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { if(($array = mysql_fetch_assoc($rs))!=FALSE) { $this->roleid = $level; $this->role = $array["ROLE"]; } } } } function toString() { return "roleid=".$this->roleid.", role=".$this->role; } // DEPRECATED //returns boolean function isAllowedTo($operation) { if ($this->roleid==0) return TRUE; else return $this->permission[$this->roleid][$operation]; } // DEPRECATED //returns boolean function isRoot() { if ($this->roleid==0) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isShopOwner() { if ($this->roleid==0 || $this->roleid==1) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isNewsAdmin() { if ($this->roleid==2 || $this->roleid==0) return TRUE; else return FALSE; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function toString() { if ($this->vecRoles && $this->vecRoles->size()>0) $role = $this->vecRoles->elementAt(0); else $role = &new Role(); return "login=".$this->login.", role=".$role->getRole(); } function &UserRole($log = "") { $this->vecRoles = &new Vector(); if ($log!="") { $sql = "select ROLE from userroles where LOGIN='".$log."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { $this->login = $log; while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $this->vecRoles->add($role); } } } else { $this->login = ""; } } function setRoles($in) { $this->vecRoles = $in; } function setLogin($in) { $this->login = $in; } function getLogin() { return $this->login; } function getRoles() { return $this->vecRoles; } function insert() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "insert into userroles values('".$this->login."',".$role->getRoleID().")"; mysql_query($sql); } mysql_close($connection); } } } function update() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "update userroles set ROLE=".$role->getRoleID()." where LOGIN='".$this->login."'"; mysql_query($sql); } mysql_close($connection); } } } function delete() { if ($this->login!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("delete from userroles where LOGIN='".$this->login."'"); mysql_close($connection); } } // returns an array of roles function getRolesForLevel($level) { //$hashRoles = &new Hashtable(); $sql = "select * from roles where ROLELEVEL>=".$level." order by ROLELEVEL asc"; $vecRoles = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role(); $role->setRoleLevel($array["ROLELEVEL"]); $role->setRole($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } }getLogin()==$this->login) return TRUE; else return FALSE; } function &UserDetails($log = "") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM userdetails WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->firstname = $array["FIRST"]; $this->lastname = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } mysql_close($connection); } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } function insert() // returns int QID of the last inserted row { if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO userdetails (LOGIN, FIRST, LAST, EMAIL, PHONE) VALUES ('".$this->login."', '".Utility::replacewithprime($this->firstname)."', '".Utility::replacewithprime($this->lastname)."', '".$this->email."', '".$this->phone."')", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); } } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE userdetails SET FIRST='".Utility::replacewithprime($this->firstname)."', LAST='".Utility::replacewithprime($this->lastname)."', EMAIL='".$this->email."', PHONE='".$this->phone."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM userdetails WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", firstname=".$this->firstname.", lastname=".$this->lastname.", email=".$this->email.", phone=".$this->phone); } function getLogin() { return $this->login; } function getFirstName() { return $this->firstname; } function getLastName() { return $this->lastname; } function getEMail() { return $this->email; } function getPhone() { return $this->phone; } function setLogin($in) { $this->login = $in; } function setFirstName($in) { $this->firstname = $in; } function setLastName($in) { $this->lastname = $in; } function setEMail($in) { $this->email = $in; } function setPhone($in) { $this->phone = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &Siteuser($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM siteusers WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns ra function insert() // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO siteusers (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', '".$this->encoding."', 0, 0)", $connection); $ra = mysql_affected_rows($connection); } } mysql_close($connection); } return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$this->password."', ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteusers WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } //mysql_close($connection); // -- return $ra; } function changePassword($username, $old, $new) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } function &login($username, $password) { $loggedin = FALSE; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) { $loggedin = TRUE; } } } mysql_close($connection); return $loggedin; } function forgottenPassword($login, $email) { $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM siteusers, siteuserdetails WHERE siteusers.LOGIN='".$login."' AND siteuserdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; } /*********************************************************************************************/ // I Labud i Exco i Regio // V function addEMail($inemail) // ako vec ne postoji email, ubaci ga u DB tablicu "newsletter" { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT * FROM newsletter WHERE email='".$inemail."'"; $rs = mysql_query($sql); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO newsletter VALUES (0, '".$inemail."')"); $ra = mysql_affected_rows($connection); } } mysql_close($connection); return $ra; } function sendEMail() { mail($recipients, $subject, $message, "From: exco@exco.hr\n"); } /*********************************************************************************************/ function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &SiteuserDetails($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT * FROM siteuserdetails WHERE LOGIN='".$log."'"; $str = &new String($log); if ($str->startsWith("idx=")) { $sub = $str->substring(4); $q = "SELECT * FROM siteuserdetails WHERE IDX='".$sub."'"; } $rs = mysql_query($q, $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->idx = $array["IDX"]; $this->login = $array["LOGIN"]; $this->first = $array["FIRST"]; $this->last = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; $this->fax = $array["FAX"]; $this->org = $array["ORG"]; $this->addr = $array["ADDR"]; $this->interests = $array["INTERESTS"]; $this->published = $array["PUBLISHED"]; $this->datapublic = $array["DATAPUBLIC"]; $this->bio = $array["BIO"]; } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } mysql_close($connection); } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } // returns boolean (success if no username already exists) function insert() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "INSERT INTO siteuserdetails (IDX, LOGIN, FIRST, LAST, EMAIL, PHONE, FAX, ORG, ADDR, INTERESTS, PUBLISHED, DATAPUBLIC, BIO, APPROVED) VALUES (0, '".$this->login."', '".Utility::replacewithprime($this->first)."', '".Utility::replacewithprime($this->last)."', '".Utility::replacewithprime($this->email)."', '".Utility::replacewithprime($this->phone)."', '".Utility::replacewithprime($this->fax)."', '".Utility::replacewithprime($this->org)."', '".Utility::replacewithprime($this->addr)."', '".Utility::replacewithprime($this->interests)."', '".Utility::replacewithprime($this->published)."', '".$this->datapublic."', '".Utility::replacewithprime($this->bio)."',0)"; //print($q."
"); mysql_query($q, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); /* $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { */ mysql_query("UPDATE siteuserdetails SET FIRST='".Utility::replacewithprime($this->first)."', LAST='".Utility::replacewithprime($this->last)."', EMAIL='".Utility::replacewithprime($this->email)."', PHONE='".Utility::replacewithprime($this->phone)."', FAX='".Utility::replacewithprime($this->fax)."', ORG='".Utility::replacewithprime($this->org)."', ADDR='".Utility::replacewithprime($this->addr)."', INTERESTS='".Utility::replacewithprime($this->interests)."', PUBLISHED='".Utility::replacewithprime($this->published)."', DATAPUBLIC='".$this->datapublic."', BIO='".Utility::replacewithprime($this->bio)."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); /* } else { $ra = -99; } } else { $ra = -99; } */ mysql_close($connection); return $ra; } function updateLogin() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("UPDATE siteuserdetails SET LOGIN='".$this->login."', APPROVED=1 WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); } else { $ra = -99; } } else { $ra = -99; } mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteuserdetails WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", first=".$this->first.", last=".$this->last.", phone=".$this->phone.", fax=".$this->fax.", org=".$this->org.", addr=".$this->addr.", interests=".$this->interests.", published=".$this->published.", datapublic=".$this->datapublic.", bio=".$this->bio); } // static function &getUnregisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=0"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); // -- return $vec; } function &getRegisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function &getRegisteredUserDetailsWhoAllow() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1 AND DATAPUBLIC=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function getIdx() { return $this->idx; } function getLogin() { return $this->login; } function getFirst() { return $this->first; } function getLast() { return $this->last; } function getPhone() { return $this->phone; } function getFax() { return $this->fax; } function getOrg() { return $this->org; } function getAddr() { return $this->addr; } function getInterests() { return $this->interests; } function getPublished() { return $this->published; } function getDataPublic() { return $this->datapublic; } function getBio() { return $this->bio; } function getEmail() { return $this->email; } function setIdx($in) { $this->idx = $in; } function setLogin($in) { $this->login = $in; } function setFirst($in) { $this->first = $in; } function setLast($in) { $this->last = $in; } function setPhone($in) { $this->phone = $in; } function setFax($in) { $this->fax = $in; } function setOrg($in) { $this->org = $in; } function setAddr($in) { $this->addr = $in; } function setInterests($in) { $this->interests = $in; } function setPublished($in) { $this->published = $in; } function setDataPublic($in) { $this->datapublic = $in; } function setBio($in) { $this->bio = $in; } function setEmail($in) { $this->email = $in; } } ?> Panjan - informatički inžinjering, Sisak, Croatia
getName()?>

ovaj podsustav je dio sustava:

getCatName()?>
getLongdesc()?>
download:
Nema pridruženih dokumenata
ostalo:
Ispis ove stranice
Dodaj u favorites
Povratak na proizvode








Hoteli na Jadranu
     
Naš kontakt Developed & designed: EuroART93
Povratak na početnu stranicu Kontakt Swich to english language Croatian language