getCompanyID()==$this->companyid) return TRUE; else return FALSE; } function &Company($companyid = 0) { if ($companyid>0) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM company WHERE COMPANYID=$companyid", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->companyid = $companyid; $this->companyname = $array["COMPANYNAME"]; $this->companylogo = $array["COMPANYLOGO"]; } else { $this->$companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } mysql_close($connection); } else { $this->companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } function insert() // returns int COMPANYID of the last inserted row { $lastInserted = -1; $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO company (COMPANYID, COMPANYNAME, COMPANYLOGO) VALUES (0, '".Utility::replacewithprime($this->companyname)."', '".$this->companylogo."')", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { $rs = mysql_query("SELECT LAST_INSERT_ID() FROM company", $connection); if ($rs) { $array = mysql_fetch_row($rs); $lastInserted = $array[0]; $this->companyid = $lastInserted; } } mysql_close($connection); return $lastInserted; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE company SET COMPANYNAME='".Utility::replacewithprime($this->companyname)."', COMPANYLOGO='".$this->companylogo."' WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $vecUsers = User::getUsersForCompany($this->companyid); for ($i=0; $i<$vecUsers->size(); $i++) { $user = &$vecUsers->elementAt($i); $user->delete(); } $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM company WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("companyid=".$this->companyid.", companyname=".$this->companyname.", companylogo=".$this->companylogo); } function &getCompanyForUserName($username) { $company = &new Company(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM users, usertocompany WHERE users.LOGIN=usertocompany.LOGIN AND usertocompany.LOGIN='".$username."'", $connection); if ($rs) { if (($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); } } return $company; } // returns Vector function &getAllCompanies() { $companies = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM company", $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); if ($company->getCompanyID()!=0) $companies->add($company); } } return $companies; } function getCompanyID() { return $this->companyid; } function getCompanyName() { return $this->companyname; } function getCompanyLogo() { return $this->companylogo; } function setCompanyID($in) { $this->companyid = $in; } function setCompanyName($in) { $this->companyname = $in; } function setCompanyLogo($in) { $this->companylogo = $in; } } ?> array( // SITEADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDSITEUSER" => TRUE, "DELETESITEUSER" => TRUE, "EDITSITEUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => TRUE, "DOWNPRODUCT" => TRUE, "PUBLISHPRODUCT" => FALSE, "ADDARTIST" => TRUE, "EDITARTIST" => TRUE, "DELETEARTIST" => TRUE, "VIEWARTIST" => TRUE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) , 2 => array( // SHOPOWNER "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) , 3 => array( // NEWSADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => FALSE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => FALSE, "DELETECATALOGCATEGORY" => FALSE, "EDITCATALOGCATEGORY" => FALSE, "VIEWCATALOGCATEGORY" => FALSE, "ADDPRODUCT" => FALSE, "DELETEPRODUCT" => FALSE, "EDITPRODUCT" => FALSE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) /* , 99 => array( // VISITOR "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function equals($o) { if ($o->getLogin()==$this->login) return TRUE; else return FALSE; } function &User($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM users WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns boolean function passwordsAreEqual($first) // first is unencrypted, of course { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /* if ($first==$this->password) return TRUE; else return FALSE; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if (md5($first)==$this->password) return TRUE; else return FALSE; } // this is a new method, for new checking strategy, v 2.0 function isAllowedTo($operation) { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $adminRole = &new Role(0); if ($vecRoles->contains($adminRole)) return TRUE; // if it's the root, he is allowed to do everything for ($i=0; $i<$vecRoles->size(); $i++) { $role = &$vecRoles->elementAt($i); if ($this->permission[$role->roleid][$operation]) return TRUE; } return FALSE; } //returns boolean function isRoot() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); if ($vecRoles->contains($rootRole)) return TRUE; else return FALSE; } //returns boolean function isShopOwner() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $ownerRole = &new Role(1); if ($vecRoles->contains($rootRole) || $vecRoles->contains($ownerRole)) return TRUE; else return FALSE; } //returns boolean function isNewsAdmin() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $newsAdminRole = &new Role(2); if ($vecRoles->contains($rootRole) || $vecRoles->contains($newsAdminRole)) return TRUE; else return FALSE; } // returns boolean (success if no username already exists) function insert($companyid) // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', 'none', 0, 0)", $connection); ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".md5($this->password)."', 'MD5', 0, 0)", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("INSERT INTO usertocompany VALUES('".$this->login."', ".$companyid.")", $connection); $success = TRUE; } } } mysql_close($connection); } return $success; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); // PASSWORD='".$this->password."', $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM users WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function changePassword($username, $old, $new) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "UPDATE users SET PASSWORD='".md5($new)."' WHERE LOGIN='".$username."' AND PASSWORD='".md5($old)."'"; mysql_query($q); $ra = mysql_affected_rows($connection); $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } // returns Vector function &getUsersForCompany($companyid) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT LOGIN FROM usertocompany WHERE COMPANYID=".$companyid, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } // returns Vector function &getUsersForCompanyAndLevel($companyid, $level) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $query = "SELECT * FROM usertocompany, userroles WHERE COMPANYID=".$companyid." AND userroles.LOGIN=usertocompany.LOGIN AND ROLE>=".$level; $rs = mysql_query($query, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } function &login($username, $password) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } mysql_close($connection); return $role; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==md5($password)) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $role; } function forgottenPassword($login, $email) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = User::generateNewPassword(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { //$password = $array["PASSWORD"]; $q = "UPDATE users SET PASSWORD = '".md5($password)."' WHERE LOGIN='".$login."'"; $ra = mysql_query($q); } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $password; } // private function generateNewPassword() { $pwd = ""; for ($i=0; $i<10; $i++) { switch(rand(1,3)) { case 1: $pwd = $pwd.chr(rand(48,57)); break; // 0-9 case 2: $pwd = $pwd.chr(rand(65,90)); break; // A-Z case 3: $pwd = $pwd.chr(rand(97,122)); break; // a-z } } return $pwd; } // static function &getRolesForUser($userlogin) { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$userlogin."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } // static function &getRolesForUserStartingWith($userlogin, $roleid) { $vecRoles = &new Vector(); $sql = "select ROLEID from roles, userroles where LOGIN='".$userlogin."' AND ROLEID>=".$roleid." ORDER BY ROLEID ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLEID"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function &getRoles() { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$this->login."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getRole()==$this->role &&*/ $o->getRoleID()==$this->roleid) return TRUE; else return FALSE; } var $permission = array( 1 => array( "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) /* , 2 => array( "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function getRoleID() { return $this->roleid; } function getRole() { return $this->role; } function setRoleID($in) { $this->roleid = $in; } function setRole($in) { $this->role = $in; } function &Role($level = 999) { $this->roleid = 999; $this->role = ""; if ($level!=999) { $sql = "SELECT ROLE FROM roles WHERE ROLEID=".$level; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { if(($array = mysql_fetch_assoc($rs))!=FALSE) { $this->roleid = $level; $this->role = $array["ROLE"]; } } } } function toString() { return "roleid=".$this->roleid.", role=".$this->role; } // DEPRECATED //returns boolean function isAllowedTo($operation) { if ($this->roleid==0) return TRUE; else return $this->permission[$this->roleid][$operation]; } // DEPRECATED //returns boolean function isRoot() { if ($this->roleid==0) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isShopOwner() { if ($this->roleid==0 || $this->roleid==1) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isNewsAdmin() { if ($this->roleid==2 || $this->roleid==0) return TRUE; else return FALSE; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function toString() { if ($this->vecRoles && $this->vecRoles->size()>0) $role = $this->vecRoles->elementAt(0); else $role = &new Role(); return "login=".$this->login.", role=".$role->getRole(); } function &UserRole($log = "") { $this->vecRoles = &new Vector(); if ($log!="") { $sql = "select ROLE from userroles where LOGIN='".$log."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { $this->login = $log; while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $this->vecRoles->add($role); } } } else { $this->login = ""; } } function setRoles($in) { $this->vecRoles = $in; } function setLogin($in) { $this->login = $in; } function getLogin() { return $this->login; } function getRoles() { return $this->vecRoles; } function insert() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "insert into userroles values('".$this->login."',".$role->getRoleID().")"; mysql_query($sql); } mysql_close($connection); } } } function update() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "update userroles set ROLE=".$role->getRoleID()." where LOGIN='".$this->login."'"; mysql_query($sql); } mysql_close($connection); } } } function delete() { if ($this->login!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("delete from userroles where LOGIN='".$this->login."'"); mysql_close($connection); } } // returns an array of roles function getRolesForLevel($level) { //$hashRoles = &new Hashtable(); $sql = "select * from roles where ROLELEVEL>=".$level." order by ROLELEVEL asc"; $vecRoles = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role(); $role->setRoleLevel($array["ROLELEVEL"]); $role->setRole($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } }getLogin()==$this->login) return TRUE; else return FALSE; } function &UserDetails($log = "") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM userdetails WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->firstname = $array["FIRST"]; $this->lastname = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } mysql_close($connection); } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } function insert() // returns int QID of the last inserted row { if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO userdetails (LOGIN, FIRST, LAST, EMAIL, PHONE) VALUES ('".$this->login."', '".Utility::replacewithprime($this->firstname)."', '".Utility::replacewithprime($this->lastname)."', '".$this->email."', '".$this->phone."')", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); } } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE userdetails SET FIRST='".Utility::replacewithprime($this->firstname)."', LAST='".Utility::replacewithprime($this->lastname)."', EMAIL='".$this->email."', PHONE='".$this->phone."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM userdetails WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", firstname=".$this->firstname.", lastname=".$this->lastname.", email=".$this->email.", phone=".$this->phone); } function getLogin() { return $this->login; } function getFirstName() { return $this->firstname; } function getLastName() { return $this->lastname; } function getEMail() { return $this->email; } function getPhone() { return $this->phone; } function setLogin($in) { $this->login = $in; } function setFirstName($in) { $this->firstname = $in; } function setLastName($in) { $this->lastname = $in; } function setEMail($in) { $this->email = $in; } function setPhone($in) { $this->phone = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &Siteuser($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM siteusers WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns ra function insert() // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO siteusers (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', '".$this->encoding."', 0, 0)", $connection); $ra = mysql_affected_rows($connection); } } mysql_close($connection); } return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$this->password."', ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteusers WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } //mysql_close($connection); // -- return $ra; } function changePassword($username, $old, $new) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } function &login($username, $password) { $loggedin = FALSE; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) { $loggedin = TRUE; } } } mysql_close($connection); return $loggedin; } function forgottenPassword($login, $email) { $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM siteusers, siteuserdetails WHERE siteusers.LOGIN='".$login."' AND siteuserdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; } /*********************************************************************************************/ // I Labud i Exco i Regio // V function addEMail($inemail) // ako vec ne postoji email, ubaci ga u DB tablicu "newsletter" { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT * FROM newsletter WHERE email='".$inemail."'"; $rs = mysql_query($sql); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO newsletter VALUES (0, '".$inemail."')"); $ra = mysql_affected_rows($connection); } } mysql_close($connection); return $ra; } function sendEMail() { mail($recipients, $subject, $message, "From: exco@exco.hr\n"); } /*********************************************************************************************/ function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &SiteuserDetails($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT * FROM siteuserdetails WHERE LOGIN='".$log."'"; $str = &new String($log); if ($str->startsWith("idx=")) { $sub = $str->substring(4); $q = "SELECT * FROM siteuserdetails WHERE IDX='".$sub."'"; } $rs = mysql_query($q, $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->idx = $array["IDX"]; $this->login = $array["LOGIN"]; $this->first = $array["FIRST"]; $this->last = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; $this->fax = $array["FAX"]; $this->org = $array["ORG"]; $this->addr = $array["ADDR"]; $this->interests = $array["INTERESTS"]; $this->published = $array["PUBLISHED"]; $this->datapublic = $array["DATAPUBLIC"]; $this->bio = $array["BIO"]; } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } mysql_close($connection); } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } // returns boolean (success if no username already exists) function insert() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "INSERT INTO siteuserdetails (IDX, LOGIN, FIRST, LAST, EMAIL, PHONE, FAX, ORG, ADDR, INTERESTS, PUBLISHED, DATAPUBLIC, BIO, APPROVED) VALUES (0, '".$this->login."', '".Utility::replacewithprime($this->first)."', '".Utility::replacewithprime($this->last)."', '".Utility::replacewithprime($this->email)."', '".Utility::replacewithprime($this->phone)."', '".Utility::replacewithprime($this->fax)."', '".Utility::replacewithprime($this->org)."', '".Utility::replacewithprime($this->addr)."', '".Utility::replacewithprime($this->interests)."', '".Utility::replacewithprime($this->published)."', '".$this->datapublic."', '".Utility::replacewithprime($this->bio)."',0)"; //print($q."
"); mysql_query($q, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); /* $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { */ mysql_query("UPDATE siteuserdetails SET FIRST='".Utility::replacewithprime($this->first)."', LAST='".Utility::replacewithprime($this->last)."', EMAIL='".Utility::replacewithprime($this->email)."', PHONE='".Utility::replacewithprime($this->phone)."', FAX='".Utility::replacewithprime($this->fax)."', ORG='".Utility::replacewithprime($this->org)."', ADDR='".Utility::replacewithprime($this->addr)."', INTERESTS='".Utility::replacewithprime($this->interests)."', PUBLISHED='".Utility::replacewithprime($this->published)."', DATAPUBLIC='".$this->datapublic."', BIO='".Utility::replacewithprime($this->bio)."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); /* } else { $ra = -99; } } else { $ra = -99; } */ mysql_close($connection); return $ra; } function updateLogin() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("UPDATE siteuserdetails SET LOGIN='".$this->login."', APPROVED=1 WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); } else { $ra = -99; } } else { $ra = -99; } mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteuserdetails WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", first=".$this->first.", last=".$this->last.", phone=".$this->phone.", fax=".$this->fax.", org=".$this->org.", addr=".$this->addr.", interests=".$this->interests.", published=".$this->published.", datapublic=".$this->datapublic.", bio=".$this->bio); } // static function &getUnregisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=0"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); // -- return $vec; } function &getRegisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function &getRegisteredUserDetailsWhoAllow() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1 AND DATAPUBLIC=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function getIdx() { return $this->idx; } function getLogin() { return $this->login; } function getFirst() { return $this->first; } function getLast() { return $this->last; } function getPhone() { return $this->phone; } function getFax() { return $this->fax; } function getOrg() { return $this->org; } function getAddr() { return $this->addr; } function getInterests() { return $this->interests; } function getPublished() { return $this->published; } function getDataPublic() { return $this->datapublic; } function getBio() { return $this->bio; } function getEmail() { return $this->email; } function setIdx($in) { $this->idx = $in; } function setLogin($in) { $this->login = $in; } function setFirst($in) { $this->first = $in; } function setLast($in) { $this->last = $in; } function setPhone($in) { $this->phone = $in; } function setFax($in) { $this->fax = $in; } function setOrg($in) { $this->org = $in; } function setAddr($in) { $this->addr = $in; } function setInterests($in) { $this->interests = $in; } function setPublished($in) { $this->published = $in; } function setDataPublic($in) { $this->datapublic = $in; } function setBio($in) { $this->bio = $in; } function setEmail($in) { $this->email = $in; } } ?> Panjan - informatički inžinjering, Sisak, Croatia
Back to home Kontakt Swich to english language Croatian language
Partners
Our partners are primarily users of our applications. To mention just a few:

getLinkDesc()?>

Complete insight to users of our services is on our users referral list.

Our partners are also leading makers of programming tools for data proccessing such as Progress Software Corporation and programming houses we work with or those that represent us on Slovenian market:

Progress Software Corporation is a leading developer of user/server app solutions, language of fourth generation (4GL) and relational databases management systems (RDBMS). Company resides in Bedford, Massachusetts, USA, with presence all around the globe, with over 50 offices and 35 distributers. It employes over a thousand od employees. With total income of 200 mil. $ per year and annual growth of over 30% it's withing 50 world's largest software companies. So far over a 250.000 Progres licenses were sold in over 60 countries. Great contribution to the sale of the producs is made by over a 2.500 application partners so overall turnover of Progres aplications exceedes 2 billion dollars per year.

IN Group is a group od several software companies in conjunction to act and present several programming solutions together. Leader of In group is In-informatika ltd. from Ljubljana as leading and certified distributor of complete solutions for informatics systems (ERP II) and B2B solutions for e-commerce, distribution and manufacturers in concordance with Fronstep (former Symix)
 

Novo Mesto ltd. is our major bussiness partner in Slovenia - distributor and installer of several software products by PANJAN ltd. - some of most important are "ZIS - Zdravstveni Informacijski Sustav", "Plače in kadrovska evidenca" i "Financijsko knjigovodstvo".

We present:

getCatName()?>

  getCatDesc(), 150)?>
     
Naš kontakt Developed & designed: EuroART93