ACC SHELL
<?php
class user{
//begin privatni vlastnosti
private $id=NULL;//pole id uzivatelu
private $username=NULL;//pole prihlasovacich jmen uzivatelu
private $pass=NULL;//pole hesel uzivatelu
private $typ_id=NULL;//pole id typu uzivatelu
private $name=NULL;//pole jmen uzivatelu
private $surname=NULL;//pole prijmeni uzivatelu
private $memo=NULL;//pole poznamek k uzivatelum
private $msg;//zprava o uspesnosti akce
//end porivatni vlstnosti
//begin funkce vracejici privatni vlastnosti tridy user
public function getUsername($i){
return $this->username[$i];
}
public function getId($i){
return $this->id[$i];
}
public function getTypId($i){
return $this->typ_id[$i];
}
public function getName($i){
return $this->name[$i];
}
public function getSurName($i){
return $this->surname[$i];
}
public function getMemo($i){
return $this->memo[$i];
}
public function getMsg(){
return $this->msg;
}
//end funkce vracejici privatni vlastnosti tridy user
public function getNumUsers(){
return count($this->id);
}
//overi zda uzivatel s prihlasovacim jmenem username a heslem pass je v databazi, pokud ano naplni privatni vlastnosti z databaze
public function __construct($username=null, $pass=null) {
if ($this->check($username, $pass)){
$this->selectUser($username);
};
}
//zkontroluje zda uzivatel se zadanym prihlasovacim jmenem a heslem je admin,
//pokud ano, tak ho presmeruej na default.php
//jinak ohlasi k presmerovani nedojde a naplni vlastnost msg hlasenim o neuspechu
function login($username, $pass){
if(!empty($username) && !empty($pass)){
$pass=md5($pass);
if ($this->check($username, ($pass))){//kontrola prihlasovacich udaju
$this->selectUser($username);//naplneni privatnich vlastnosti
if($this->typ_id[0]==1){//jedna se o admina
session_start();
$_SESSION['username']=$username;
$_SESSION['pass']=$pass;
$_SESSION['id']=$this->id[0];
header("Location: default.php");
}
else{
$this->msg = LOGIN_UNSUCCESSFUL;
}
}
else{
$this->msg = LOGIN_UNSUCCESSFUL;
}
}
else{
$this->msg = LOGIN_UNSUCCESSFUL;
}
}
//overi zda uzivatel s prihlasovacim jmenem username a heslem pass je v databazi
public static function check($username, $pass){
if(!empty($username) && !empty($pass)){
$query = "SELECT pass FROM ".DBPREFIX."users WHERE username = '$username'";
$send = mysql_query($query);
$data = mysql_fetch_array($send);
if($pass === $data['pass']){
return true;
}
else{
return false;
}
}
else{
return false;
}
}
//nalezne informace o uzivateli s danym prihlasovacim jmenem a naplni jimi privatni vlastnosti
public function selectUser($username){
$query = "SELECT * FROM ".DBPREFIX."users where username = '$username'";
$sent = mysql_query($query);
$this->setUsers($sent);
}
//naplni privatni vlastnosti tridy user informacema z databaze o uzivatelich
public function setUsers($sent){
$this->unsetUsers();
while($data = mysql_fetch_object($sent)){
$this->id[] = $data->id;
$this->name[] = $data->name;
$this->surname[] = $data->surname;
$this->username[] = $data->username;
$this->pass[] = $data->pass;
$this->memo[] = $data->memo;
$this->typ_id[] = $data->typ_id;
}
}
//vyprazdni privatni vlastnosti
private function unsetUsers(){
$this->id = null;
$this->name = null;
$this->surname = null;
$this->username = null;
$this->pass = null;
$this->memo = null;
$this->typ_id = null;
}
//zmeni heslo uzivateli $username po overeni stareho hesla na nove heslo
//naplni privatni vlastnost msg zpravou o uspesnosti akce
function edit_konto($username,$old_pass,$heslo,$heslo2){
if(!empty($old_pass) && !empty($heslo)){//jsou zadana obe hesla
if($this->check($username, md5($old_pass))){//overeni stareho hesla
if($heslo == $heslo2){//nova hesla se shoduji
$heslo = md5($heslo);
$query = "UPDATE ".DBPREFIX."users SET pass = '$heslo' WHERE username = '$username'";
if (mysql_query($query)){//upesne zmeneni hesla
$_SESSION['pass'] = $heslo;
$this->msg = PASS_CHANGE;
}
else{//chyba pri ukladani noveho hesla
$this->msg = SQL_ERROR.mysql_error();
}
}
else{//hesla se neshoduji
$this->msg = USER_PASS_ERROR;
}
}
else{//spatne stare heslo
$this->msg = old_pass_error;
}
}
else{//nejso vyplnena obe hesla
$this->msg = BOTH_PASS_EMPTY;
}
}
//naplni promene typy_id, typy_name informacemi o vsech typech uzivatelu
var $typy_id,$typy_name;
public function select_typ(){
$query = "SELECT * FROM ".DBPREFIX."users_typ ORDER BY id DESC";
$sent = mysql_query($query);
while($data = mysql_fetch_object($sent)){
$this->typy_id[] = $data->id;
$this->typy_name[] = $data->typ;
}
}
function add_user($name,$surname,$username,$pass,$pass2,$memo,$typ){
if(!empty($username) && !empty($pass)){
if($pass == $pass2){
$query = "SELECT COUNT(*) AS pocet FROM ".DBPREFIX."users WHERE username = '$username'";
$sent = mysql_query($query);
$data = mysql_fetch_object($sent);
if($data->pocet == 0){
$heslo = md5($pass);
$query = "INSERT INTO ".DBPREFIX."users (name,surname,username,pass,memo,typ_id)
VALUES('$name','$surname','$username','$heslo','$memo','$typ')";
if(mysql_query($query)){
$this->msg = USER_ADDED;
}
else{
$this->msg = SQL_ERROR.mysql_error();
}
}
else{
$this->msg = USER_EXISTS;
}
}
else{
$this->msg = USER_PASS_ERROR;
}
}
else{
$this->msg = USER_FORM_EMPTY;
}
}
//naplni privatni vlastnosti informacemi o vsech uzivatelich
function selectAll(){
$query = "SELECT * FROM ".DBPREFIX."users ORDER BY surname ASC";
$sent = mysql_query($query);
$this->setUsers($sent);
}
//naplni privatni vlastnoti informacemi o uzivateli s danym id
function select_one($id){
$query = "SELECT * FROM ".DBPREFIX."users WHERE id = '$id'";
$sent = mysql_query($query);
$this->setUsers($sent);
}
//edituje uzivatele o danem id
//naplni privatni vlastnost msg zpravou o uspesnosti akce
function edit($id, $name, $surname, $username, $memo, $pass, $pass2, $typ_id, $session_id){
if(!empty($pass) && !empty($username)){//je-li vyplneno heslo i prihlasovaci jmeno
if($pass == $pass2){
//nelezeni poctu uzivatelu s novym prihlasovacim jmenem
$query = "SELECT COUNT(*) AS pocet FROM ".DBPREFIX."users WHERE username = '$username' AND id != '$id'";
$sent = mysql_query($query);
$data = mysql_fetch_object($sent);
if($data->pocet == 0){//neexistuje-li jiny uzivatel s timto prihlasovacim jmenem
$heslo = md5($pass);
if(!empty($typ_id)){//nejedna se o prihlaseneho admina
$query = "UPDATE ".DBPREFIX."users SET name = '$name', surname = '$surname', username = '$username', memo = '$memo',
pass = '$heslo', typ_id = '$typ_id' WHERE id = '$id'";
}
else{//jedna se o prihlaseneho admina
$query = "UPDATE ".DBPREFIX."users SET name = '$name', surname = '$surname', username = '$username', memo = '$memo',
pass = '$heslo' WHERE id = '$id'";
}
if(mysql_query($query)){
if($session_id == $id){
$_SESSION['username'] = $username;
$_SESSION['pass'] = $heslo;
}
$this->msg = USER_EDITED;
}
else{
$this->msg = SQL_ERROR.mysql_error();
}
}
else{
$this->msg = USER_EXISTS;
}
}
else{
$this->msg = USER_PASS_ERROR;
}
}
elseif(!empty($username)){//je-li vyplneno jen prihlasovaci jmeno
$query = "SELECT COUNT(*) AS pocet FROM ".DBPREFIX."users WHERE username = '$username' AND id != '$id'";
$sent = mysql_query($query);
$data = mysql_fetch_object($sent);
if($data->pocet == 0){
if(!empty($typ_id)){//nejedna se o prihlaseneho admina
$query = "UPDATE ".DBPREFIX."users SET name = '$name', surname = '$surname', username = '$username', memo = '$memo', typ_id = '$typ_id' WHERE id = '$id'";
}
else{//jedna se o prihlasenyho admina
$query = "UPDATE ".DBPREFIX."users SET name = '$name', surname = '$surname', username = '$username', memo = '$memo' WHERE id = '$id'";
}
if(mysql_query($query)){
if($session_id == $id){
$_SESSION['username'] = $username;
}
$this->msg = USER_EDITED;
}
else{
$this->msg = SQL_ERROR.mysql_error();
}
}
else{
$this->msg = USER_EXISTS;
}
}
else{//neni-li vyplneno prihlasovaci jmeno
$this->msg = USER_FORM_EMPTY;
}
}
//vymaze uzivatele s danym id
//naplni privatni vlastnost msg zpravou o uspesnosti akce
function delete($id){
$query = "DELETE FROM ".DBPREFIX."users WHERE id = '$id'";
if(mysql_query($query)){
$this->msg = USER_DELETED;
}
else{
$this->msg = SQL_ERROR.mysql_error();
}
}
}
?>
ACC SHELL 2018