ACC SHELL
<?php
class UserAdmin extends Tools {
//private $id = array();
private $id;
//private $username = array();
private $username;
//private $password = array();
private $password;
//private $email = array();
private $email;
private $profil;
private $pocetZaznamu = 0;
//private $offset = 0; // ukazuje na hodnotu pole
public $pagesize = '20';
// ukazuje na hodnotu pole
public $uzivatele = array('1', '2');
public $userModules = array();
function __construct() {
}
public function isImportant($id) {
if (in_array($id, $this->uzivatele)) {
return true;
} else {
return false;
}
}
function setIdUzivatele($id) {
$this->id = $id;
}
function getIdUzivatele() {
//$this->offset = array_search($i, $this->id);
//return $this->id[$i];
return $this->id;
}
function setUsername($uzivatel) {
$this->username = $uzivatel;
}
function getUsername() {
//$this->offset = array_search($i, $this->username);
//return $this->username[$i];
return $this->username;
}
function setPassword($password) {
$this->password = $password;
}
/*
function getPassword() {
return $this->password;
}
*/
function setEmail($email) {
$this->email = $email;
}
function getEmail() {
return $this->email;
}
function setProfilUzivatele($id) {
$this->profil = $id;
}
function getProfilUzivatele() {
return $this->profil;
}
function setPocetZaznamuUser($pocet) {
$this->pocetZaznamu = mysql_num_rows($pocet);
}
function getPocetZaznamuUser() {
return $this->pocetZaznamu;
}
function overLoginAdmin($username, $password) {
$username = addslashes(strip_tags($username));
$query = "SELECT id, login, password, email, profil
FROM user_admin
WHERE login = '$username'
AND password = '" . Tools::getPassword($password) . "' LIMIT 1";
$admin = dibi::query($query)->fetch();
if ($admin) {
$_SESSION['adminuser']['id'] = $admin->id;
$_SESSION['adminuser']['email'] = $admin->email;
$_SESSION['adminuser']['username'] = $admin->login;
$this->setPassword($admin->password);
$this->setProfilUzivatele($admin->profil);
$_SESSION['adminuser']['profil'] = $admin->profil;
$this->updateLastLogin($admin->id);
$_SESSION['admin_auth'] = SALT;
return true;
} else {
Tools::message('Přihlášení se nepodařilo.', 'ERR');
unset($_SESSION['admin_auth']);
Tools::redirect("prihlasit.php");
}
}
public function insert($arr) {
//Check na unikatnost loginu
$is_uniq = dibi::query('SELECT COUNT(id) FROM user_admin WHERE login=%s', $arr['login'], ' LIMIT 1')->fetchSingle();
if ($is_uniq) {
Tools::message('Uživatel s takovým jménem už existuje, vyberte jiné.', 'ERR');
return false;
}
if (dibi::query('INSERT INTO user_admin ', $arr)) {
return dibi::insertId();
} else {
return false;
}
}
public function updateLastLogin($id) {
dibi::query('UPDATE user_admin SET last_login = now() WHERE id = %i', $id);
}
public function update($arr) {
$result = dibi::update('user_admin', $arr)->where('id=%i', $arr['id'])->execute();
if ($result == 0) {
//Tools::message('Úprava uživatele proběhla v pořádku.', 'OK');
return true;
} else {
//Tools::message('Úprava uživatele se nepovedla.', 'ERR');
return false;
}
}
/**
* Just logout function
*/
public function logout() {
session_destroy();
Tools::redirect("prihlasit.php");
}
public function isLogged() {
if (basename($_SERVER['PHP_SELF']) != 'prihlasit.php') {
if (!isset($_SESSION['admin_auth']) || $_SESSION['admin_auth'] != SALT) {
Tools::message('Pro zobrazení obsahu musíte být příhlášeni.', 'ERR');
$_SESSION['REQUESTED_PAGE'] = $_SERVER['REQUEST_URI'];
Tools::redirect("prihlasit.php");
} else {
$this->getInfo($_SESSION['adminuser']['id']);
$this->getAllowedModules($_SESSION['adminuser']['profil']);
return true;
}
}
}
/**
*
*/
public function getAllowedModules($id) {
$Role = new Role();
$this->userModules = $Role->fetchPovoleneModuly($id);
NDebugger::barDump($this->userModules, 'Povolené moduly');
}
/**
* @param id array - pole hodnot, ktere overuju proti povolenym modulum uzivatele
*/
public function isAllowed($id) {
foreach ($id as $allow) {
foreach ($this->userModules as $n) {
if ($n->id_modulu == $allow):
//NDebugger::barDump($n, 'Povolené modul');
//NDebugger::barDump($allow, 'Posilam v navigaci');
return true;
endif;
}
}
}
public function getAdminTable($id=0) {
if (isset($_SESSION['listuj']))
$this->pagesize = $_SESSION['listuj'];
if (isset($_GET['recordstart'])) {
$recordstart = (isset($_GET['recordstart'])) ? (int) $_GET['recordstart'] : 0;
}
else
$recordstart = 0;
$query = "SELECT a.id, a.login, a.password, a.email, a.last_login, a.profil, b.nazev
FROM user_admin a , role b WHERE a.id != '0' AND a.profil = b.id
ORDER BY a.id ASC";
//echo $query;
//$this->debug($query);
$result = mysql_query($query);
if ($result) {
$num_rows = mysql_num_rows($result);
} else {
$num_rows = 0;
}
if ($num_rows > $this->pagesize) {
$query .= " LIMIT $recordstart, $this->pagesize";
$result = mysql_query($query);
}
//$this->debug($query);
//echo "<br />celkem zaznamu: " . $num_rows . "<br />\n";
$this->totalpages = ceil($num_rows / $this->pagesize);
//echo "celkem stranek: " . $totalpages . "<br />\n";
$this->currentpage = ($recordstart / $this->pagesize) + 1;
if ($num_rows == 0) {
echo "<tr>";
echo "<td colspan='5'>Nejsou založení žádní administrátoři systému</td>";
echo "</tr>";
} else {
while ($row = mysql_fetch_assoc($result)) {
echo "<tr>";
echo '<td><input type="checkbox" name="checkbox[]" value="' . $row['id'] . '" id="" ></td>';
echo '<td><a href="administratori_edit.php?id=' . $row['id'] . '" title="Editovat">' . $row['login'] . '</td>';
//echo '<td>' . $row['password'] . '</td>';
echo '<td>' . $row['email'] . '</td>';
echo '<td><a href="role_edit.php?id_role=' . $row['profil'] . '">' . $row['nazev'] . '</a></td>';
echo '<td>' . datum_i_cas($row['last_login']) . '</td>';
echo '<td><a href="administratori_edit.php?id=' . $row['id'] . '" title="Editovat"><img src="images/iko/note_edit.png" alt="Editovat" /></a>';
if (!$this->isImportant($row['id'])) {
echo '<a href="?smazat=' . $row['id'] . '" class="potvrzujiciLink" title="Smazat"><img src="images/iko/remove.png" alt="Smazat" /></a></td>';
}
echo "</tr>";
}
}
}
public function fetchSingle($id) {
$row = dibi::query("SELECT id, login, password, email, last_login, profil FROM user_admin WHERE id=%i", $id, ' LIMIT 1')->fetch();
if ($row) {
return $row;
}
else {
return false;
}
}
public function getInfo($id = false) {
if ($id) {
$row = dibi::query("SELECT id, login, password, email, last_login, profil FROM user_admin WHERE id=%i", $id, ' LIMIT 1')->fetch();
if (!$row) {
return false;
} else {
$this->setIdUzivatele($row->id);
$this->setUsername($row->login);
$this->setPassword($row->password);
$this->setEmail($row->email);
$this->setProfilUzivatele($row->profil);
}
} else {
$this->setIdUzivatele('');
$this->setUsername('');
$this->setPassword('');
$this->setEmail('');
$this->setProfilUzivatele('');
}
}
public function deleteUser($id, $table='user_admin') {
if ($table == 'user_admin') {
if ($this->isImportant($id)) {
Tools::message('Super uživatele nelze smazat!', 'ERR');
Tools::redirect($_SERVER['HTTP_REFERER']);
}
}
if (dibi::query('DELETE FROM user_admin WHERE id=%i', $id)) {
Tools::message('Vymazání proběhlo v pořádku.', 'OK');
} else {
Tools::message('Vymazání se nepovedlo.', 'ERR');
}
}
public function zapomenuteHeslo($email) {
$Validate = new Validate();
if (!$Validate->validateMail($email)) {
Tools::redirect('prihlasit.php');
} else {
$query = "SELECT * FROM user_admin WHERE email='" . $email . "' LIMIT 1";
$result = dibi::query($query);
if ($result) {
$Tools = new Tools();
$password = $Tools->generujHeslo();
$mail = new NMail;
$mail->setFrom(EMAIL_FROM);
$mail->addTo($email);
if (MARTIN) {
//$mail->addBcc(MARTIN);
}
$mail->setSubject('Vygenerování nového hesla');
$mail_text = "Dobrý den,\n\n někdo (pravděpodobně Vy) zažádal o vygenerování nového hesla.\n\n";
$mail_text .= "Heslo: " . $password . "\n\n";
$mail_text .= "Toto heslo si můžete změnit v administraci (Nastavení -> správa administrátorů).\n";
$mail->setHTMLBody($mail_text);
$mail->send();
$query = "UPDATE user_admin SET password= '" . Tools::getPassword($password) . "' WHERE email='" . $email . "'";
dibi::query($query);
Tools::message('Na Váš email bylo odesláno nově vygenerované heslo.', 'OK');
Tools::redirect($_SERVER['HTTP_REFERER']);
} else {
Tools::message('Nezadal jste platný email.', 'ERR');
}
}
}
}
ACC SHELL 2018