getCompanyID()==$this->companyid) return TRUE; else return FALSE; } function &Company($companyid = 0) { if ($companyid>0) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM company WHERE COMPANYID=$companyid", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->companyid = $companyid; $this->companyname = $array["COMPANYNAME"]; $this->companylogo = $array["COMPANYLOGO"]; } else { $this->$companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } mysql_close($connection); } else { $this->companyid = 0; $this->companyname = ""; $this->companylogo = ""; } } function insert() // returns int COMPANYID of the last inserted row { $lastInserted = -1; $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO company (COMPANYID, COMPANYNAME, COMPANYLOGO) VALUES (0, '".Utility::replacewithprime($this->companyname)."', '".$this->companylogo."')", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { $rs = mysql_query("SELECT LAST_INSERT_ID() FROM company", $connection); if ($rs) { $array = mysql_fetch_row($rs); $lastInserted = $array[0]; $this->companyid = $lastInserted; } } mysql_close($connection); return $lastInserted; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE company SET COMPANYNAME='".Utility::replacewithprime($this->companyname)."', COMPANYLOGO='".$this->companylogo."' WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $vecUsers = User::getUsersForCompany($this->companyid); for ($i=0; $i<$vecUsers->size(); $i++) { $user = &$vecUsers->elementAt($i); $user->delete(); } $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM company WHERE COMPANYID=".$this->companyid, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("companyid=".$this->companyid.", companyname=".$this->companyname.", companylogo=".$this->companylogo); } function &getCompanyForUserName($username) { $company = &new Company(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM users, usertocompany WHERE users.LOGIN=usertocompany.LOGIN AND usertocompany.LOGIN='".$username."'", $connection); if ($rs) { if (($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); } } return $company; } // returns Vector function &getAllCompanies() { $companies = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT COMPANYID FROM company", $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $company = &new Company($array["COMPANYID"]); if ($company->getCompanyID()!=0) $companies->add($company); } } return $companies; } function getCompanyID() { return $this->companyid; } function getCompanyName() { return $this->companyname; } function getCompanyLogo() { return $this->companylogo; } function setCompanyID($in) { $this->companyid = $in; } function setCompanyName($in) { $this->companyname = $in; } function setCompanyLogo($in) { $this->companylogo = $in; } } ?> array( // SITEADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDSITEUSER" => TRUE, "DELETESITEUSER" => TRUE, "EDITSITEUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => TRUE, "DOWNPRODUCT" => TRUE, "PUBLISHPRODUCT" => FALSE, "ADDARTIST" => TRUE, "EDITARTIST" => TRUE, "DELETEARTIST" => TRUE, "VIEWARTIST" => TRUE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) , 2 => array( // SHOPOWNER "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "VIEWCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) , 3 => array( // NEWSADMIN "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => FALSE, "ADDUSER" => FALSE, "DELETEUSER" => FALSE, "EDITUSER" => FALSE, "ADDSITEUSER" => FALSE, "DELETESITEUSER" => FALSE, "EDITSITEUSER" => FALSE, "ADDCATALOGCATEGORY" => FALSE, "DELETECATALOGCATEGORY" => FALSE, "EDITCATALOGCATEGORY" => FALSE, "VIEWCATALOGCATEGORY" => FALSE, "ADDPRODUCT" => FALSE, "DELETEPRODUCT" => FALSE, "EDITPRODUCT" => FALSE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => TRUE, "VIEWNEWSADMIN" => TRUE, "DELETENEWSADMIN" => TRUE, "EDITNEWSADMIN" => TRUE ) /* , 99 => array( // VISITOR "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function equals($o) { if ($o->getLogin()==$this->login) return TRUE; else return FALSE; } function &User($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM users WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = ""; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns boolean function passwordsAreEqual($first) // first is unencrypted, of course { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// /* if ($first==$this->password) return TRUE; else return FALSE; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if (md5($first)==$this->password) return TRUE; else return FALSE; } // this is a new method, for new checking strategy, v 2.0 function isAllowedTo($operation) { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $adminRole = &new Role(0); if ($vecRoles->contains($adminRole)) return TRUE; // if it's the root, he is allowed to do everything for ($i=0; $i<$vecRoles->size(); $i++) { $role = &$vecRoles->elementAt($i); if ($this->permission[$role->roleid][$operation]) return TRUE; } return FALSE; } //returns boolean function isRoot() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); if ($vecRoles->contains($rootRole)) return TRUE; else return FALSE; } //returns boolean function isShopOwner() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $ownerRole = &new Role(1); if ($vecRoles->contains($rootRole) || $vecRoles->contains($ownerRole)) return TRUE; else return FALSE; } //returns boolean function isNewsAdmin() { $userRole = &new UserRole($this->login); $vecRoles = $userRole->getRoles(); $rootRole = &new Role(0); $newsAdminRole = &new Role(2); if ($vecRoles->contains($rootRole) || $vecRoles->contains($newsAdminRole)) return TRUE; else return FALSE; } // returns boolean (success if no username already exists) function insert($companyid) // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', 'none', 0, 0)", $connection); ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// mysql_query("INSERT INTO users (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".md5($this->password)."', 'MD5', 0, 0)", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("INSERT INTO usertocompany VALUES('".$this->login."', ".$companyid.")", $connection); $success = TRUE; } } } mysql_close($connection); } return $success; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); // PASSWORD='".$this->password."', $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM users WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function changePassword($username, $old, $new) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE users SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "UPDATE users SET PASSWORD='".md5($new)."' WHERE LOGIN='".$username."' AND PASSWORD='".md5($old)."'"; mysql_query($q); $ra = mysql_affected_rows($connection); $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } // returns Vector function &getUsersForCompany($companyid) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT LOGIN FROM usertocompany WHERE COMPANYID=".$companyid, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } // returns Vector function &getUsersForCompanyAndLevel($companyid, $level) { $vecUsers = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $query = "SELECT * FROM usertocompany, userroles WHERE COMPANYID=".$companyid." AND userroles.LOGIN=usertocompany.LOGIN AND ROLE>=".$level; $rs = mysql_query($query, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $user = &new User($array["LOGIN"]); if ($user->getLogin()!="") { $vecUsers->add($user); } } } return $vecUsers; } function &login($username, $password) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } mysql_close($connection); return $role; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $role = &new Role(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM users WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==md5($password)) // password is correct { $userrole = &new UserRole($username); $vecRoles = $userrole->getRoles(); $roleV = $vecRoles->elementAt(0); $role = &new Role($roleV->getRoleID()); $q = "UPDATE users SET LASTSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } else // password is incorrect { $q = "UPDATE users SET LASTUNSUCCLOGIN=".time()." WHERE LOGIN='".$username."'"; mysql_query($q); } } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $role; } function forgottenPassword($login, $email) { /* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // bez hashiranja ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; */ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // sa hashiranjem ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// $password = User::generateNewPassword(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM users, userdetails WHERE users.LOGIN='".$login."' AND userdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { //$password = $array["PASSWORD"]; $q = "UPDATE users SET PASSWORD = '".md5($password)."' WHERE LOGIN='".$login."'"; $ra = mysql_query($q); } } $el = error_reporting(E_ERROR); mysql_close($connection); $el = error_reporting($el); return $password; } // private function generateNewPassword() { $pwd = ""; for ($i=0; $i<10; $i++) { switch(rand(1,3)) { case 1: $pwd = $pwd.chr(rand(48,57)); break; // 0-9 case 2: $pwd = $pwd.chr(rand(65,90)); break; // A-Z case 3: $pwd = $pwd.chr(rand(97,122)); break; // a-z } } return $pwd; } // static function &getRolesForUser($userlogin) { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$userlogin."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } // static function &getRolesForUserStartingWith($userlogin, $roleid) { $vecRoles = &new Vector(); $sql = "select ROLEID from roles, userroles where LOGIN='".$userlogin."' AND ROLEID>=".$roleid." ORDER BY ROLEID ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLEID"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function &getRoles() { $vecRoles = &new Vector(); $sql = "select ROLE from userroles where LOGIN='".$this->login."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getRole()==$this->role &&*/ $o->getRoleID()==$this->roleid) return TRUE; else return FALSE; } var $permission = array( 1 => array( "ADDCOMPANY" => FALSE, "DELETECOMPANY" => FALSE, "EDITCOMPANY" => TRUE, "ADDUSER" => TRUE, "DELETEUSER" => TRUE, "EDITUSER" => TRUE, "ADDCATALOGCATEGORY" => TRUE, "DELETECATALOGCATEGORY" => TRUE, "EDITCATALOGCATEGORY" => TRUE, "ADDPRODUCT" => TRUE, "DELETEPRODUCT" => TRUE, "EDITPRODUCT" => TRUE, "UPPRODUCT" => FALSE, "DOWNPRODUCT" => FALSE, "PUBLISHPRODUCT" => FALSE, "ADDNEWSADMIN" => FALSE, "VIEWNEWSADMIN" => FALSE, "DELETENEWSADMIN" => FALSE, "EDITNEWSADMIN" => FALSE ) /* , 2 => array( "" => , "" => , "" => , "" => , "" => , "" => , ) */ ); function getRoleID() { return $this->roleid; } function getRole() { return $this->role; } function setRoleID($in) { $this->roleid = $in; } function setRole($in) { $this->role = $in; } function &Role($level = 999) { $this->roleid = 999; $this->role = ""; if ($level!=999) { $sql = "SELECT ROLE FROM roles WHERE ROLEID=".$level; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { if(($array = mysql_fetch_assoc($rs))!=FALSE) { $this->roleid = $level; $this->role = $array["ROLE"]; } } } } function toString() { return "roleid=".$this->roleid.", role=".$this->role; } // DEPRECATED //returns boolean function isAllowedTo($operation) { if ($this->roleid==0) return TRUE; else return $this->permission[$this->roleid][$operation]; } // DEPRECATED //returns boolean function isRoot() { if ($this->roleid==0) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isShopOwner() { if ($this->roleid==0 || $this->roleid==1) return TRUE; else return FALSE; } // DEPRECATED //returns boolean function isNewsAdmin() { if ($this->roleid==2 || $this->roleid==0) return TRUE; else return FALSE; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function toString() { if ($this->vecRoles && $this->vecRoles->size()>0) $role = $this->vecRoles->elementAt(0); else $role = &new Role(); return "login=".$this->login.", role=".$role->getRole(); } function &UserRole($log = "") { $this->vecRoles = &new Vector(); if ($log!="") { $sql = "select ROLE from userroles where LOGIN='".$log."' ORDER BY ROLE ASC"; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { $this->login = $log; while(($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role($array["ROLE"]); $this->vecRoles->add($role); } } } else { $this->login = ""; } } function setRoles($in) { $this->vecRoles = $in; } function setLogin($in) { $this->login = $in; } function getLogin() { return $this->login; } function getRoles() { return $this->vecRoles; } function insert() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "insert into userroles values('".$this->login."',".$role->getRoleID().")"; mysql_query($sql); } mysql_close($connection); } } } function update() { if ($this->login!="") { if ($this->vecRoles) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); for ($i=0; $i<$this->vecRoles->size(); $i++) { $role = $this->vecRoles->elementAt($i); $sql = "update userroles set ROLE=".$role->getRoleID()." where LOGIN='".$this->login."'"; mysql_query($sql); } mysql_close($connection); } } } function delete() { if ($this->login!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("delete from userroles where LOGIN='".$this->login."'"); mysql_close($connection); } } // returns an array of roles function getRolesForLevel($level) { //$hashRoles = &new Hashtable(); $sql = "select * from roles where ROLELEVEL>=".$level." order by ROLELEVEL asc"; $vecRoles = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query($sql); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $role = &new Role(); $role->setRoleLevel($array["ROLELEVEL"]); $role->setRole($array["ROLE"]); $vecRoles->add($role); } } mysql_close($connection); return $vecRoles; } }getLogin()==$this->login) return TRUE; else return FALSE; } function &UserDetails($log = "") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM userdetails WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->firstname = $array["FIRST"]; $this->lastname = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } mysql_close($connection); } else { $this->login = ""; $this->firstname = ""; $this->lastname = ""; $this->email = ""; $this->phone = ""; } } function insert() // returns int QID of the last inserted row { if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("INSERT INTO userdetails (LOGIN, FIRST, LAST, EMAIL, PHONE) VALUES ('".$this->login."', '".Utility::replacewithprime($this->firstname)."', '".Utility::replacewithprime($this->lastname)."', '".$this->email."', '".$this->phone."')", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); } } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE userdetails SET FIRST='".Utility::replacewithprime($this->firstname)."', LAST='".Utility::replacewithprime($this->lastname)."', EMAIL='".$this->email."', PHONE='".$this->phone."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM userdetails WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", firstname=".$this->firstname.", lastname=".$this->lastname.", email=".$this->email.", phone=".$this->phone); } function getLogin() { return $this->login; } function getFirstName() { return $this->firstname; } function getLastName() { return $this->lastname; } function getEMail() { return $this->email; } function getPhone() { return $this->phone; } function setLogin($in) { $this->login = $in; } function setFirstName($in) { $this->firstname = $in; } function setLastName($in) { $this->lastname = $in; } function setEMail($in) { $this->email = $in; } function setPhone($in) { $this->phone = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &Siteuser($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT * FROM siteusers WHERE LOGIN='".$log."'", $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->login = $log; $this->password = $array["PASSWORD"]; $this->encoding = $array["ENCODING"]; $this->lastsucclogin = $array["LASTSUCCLOGIN"]; $this->lastunsucclogin = $array["LASTUNSUCCLOGIN"]; } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } mysql_close($connection); } else { $this->login = ""; $this->password = ""; $this->encoding = "none"; $this->lastsucclogin = 0; $this->lastunsucclogin = 0; } } // returns ra function insert() // returns int QID of the last inserted row { $success = FALSE; if ($this->login!="") { $maxpos = 0; $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO siteusers (LOGIN, PASSWORD, ENCODING, LASTSUCCLOGIN, LASTUNSUCCLOGIN) VALUES ('".$this->login."', '".$this->password."', '".$this->encoding."', 0, 0)", $connection); $ra = mysql_affected_rows($connection); } } mysql_close($connection); } return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$this->password."', ENCODING='".$this->encoding."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteusers WHERE LOGIN='$this->login'", $connection); $ra = mysql_affected_rows($connection); if ($ra==1) { mysql_query("DELETE FROM usertocompany WHERE LOGIN='".$this->login."'", $connection); $userdetails = &new UserDetails($this->login); $userdetails->delete(); $userrole = &new UserRole($this->login); $userrole->delete(); } //mysql_close($connection); // -- return $ra; } function changePassword($username, $old, $new) { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("UPDATE siteusers SET PASSWORD='".$new."' WHERE LOGIN='".$username."' AND PASSWORD='".$old."'"); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", password=".$this->password.", encoding=".$this->encoding.", last successful login=".$this->lastsucclogin.", last unsuccessful login=".$this->lastunsucclogin); } function &login($username, $password) { $loggedin = FALSE; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT PASSWORD FROM siteusers WHERE LOGIN='".$username."'"); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $pw = $array["PASSWORD"]; if ($pw==$password) { $loggedin = TRUE; } } } mysql_close($connection); return $loggedin; } function forgottenPassword($login, $email) { $password = ""; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT PASSWORD FROM siteusers, siteuserdetails WHERE siteusers.LOGIN='".$login."' AND siteuserdetails.EMAIL='".$email."'"; $rs = mysql_query($sql); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $password = $array["PASSWORD"]; } } mysql_close($connection); return $password; } /*********************************************************************************************/ // I Labud i Exco i Regio // V function addEMail($inemail) // ako vec ne postoji email, ubaci ga u DB tablicu "newsletter" { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $sql = "SELECT * FROM newsletter WHERE email='".$inemail."'"; $rs = mysql_query($sql); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("INSERT INTO newsletter VALUES (0, '".$inemail."')"); $ra = mysql_affected_rows($connection); } } mysql_close($connection); return $ra; } function sendEMail() { mail($recipients, $subject, $message, "From: exco@exco.hr\n"); } /*********************************************************************************************/ function getLogin() { return $this->login; } function getPassword() { return $this->password; } function getEncoding() { return $this->encoding; } function getLastSuccLogin() { return $this->lastsucclogin; } function getLastUnsuccLogin() { return $this->lastunsucclogin; } function setLogin($in) { $this->login = $in; } function setPassword($in) { $this->password = $in; } function setEncoding($in) { $this->encoding = $in; } function setLastSuccLogin($in) { $this->lastsucclogin = $in; } function setLastUnsuccLogin($in) { $this->lastunsucclogin = $in; } } ?>getLogin()==$this->login) return TRUE; else return FALSE; } function &SiteuserDetails($log="") { if ($log!="") { $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT * FROM siteuserdetails WHERE LOGIN='".$log."'"; $str = &new String($log); if ($str->startsWith("idx=")) { $sub = $str->substring(4); $q = "SELECT * FROM siteuserdetails WHERE IDX='".$sub."'"; } $rs = mysql_query($q, $connection); if ($rs) { if ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $this->idx = $array["IDX"]; $this->login = $array["LOGIN"]; $this->first = $array["FIRST"]; $this->last = $array["LAST"]; $this->email = $array["EMAIL"]; $this->phone = $array["PHONE"]; $this->fax = $array["FAX"]; $this->org = $array["ORG"]; $this->addr = $array["ADDR"]; $this->interests = $array["INTERESTS"]; $this->published = $array["PUBLISHED"]; $this->datapublic = $array["DATAPUBLIC"]; $this->bio = $array["BIO"]; } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } mysql_close($connection); } else { $this->idx = 0; $this->login = ""; $this->first = ""; $this->last = ""; $this->email = ""; $this->phone = ""; $this->fax = ""; $this->org = ""; $this->addr = ""; $this->interests = ""; $this->published = ""; $this->datapublic = 0; $this->bio = ""; } } // returns boolean (success if no username already exists) function insert() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "INSERT INTO siteuserdetails (IDX, LOGIN, FIRST, LAST, EMAIL, PHONE, FAX, ORG, ADDR, INTERESTS, PUBLISHED, DATAPUBLIC, BIO, APPROVED) VALUES (0, '".$this->login."', '".Utility::replacewithprime($this->first)."', '".Utility::replacewithprime($this->last)."', '".Utility::replacewithprime($this->email)."', '".Utility::replacewithprime($this->phone)."', '".Utility::replacewithprime($this->fax)."', '".Utility::replacewithprime($this->org)."', '".Utility::replacewithprime($this->addr)."', '".Utility::replacewithprime($this->interests)."', '".Utility::replacewithprime($this->published)."', '".$this->datapublic."', '".Utility::replacewithprime($this->bio)."',0)"; //print($q."
"); mysql_query($q, $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function update() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); /* $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { */ mysql_query("UPDATE siteuserdetails SET FIRST='".Utility::replacewithprime($this->first)."', LAST='".Utility::replacewithprime($this->last)."', EMAIL='".Utility::replacewithprime($this->email)."', PHONE='".Utility::replacewithprime($this->phone)."', FAX='".Utility::replacewithprime($this->fax)."', ORG='".Utility::replacewithprime($this->org)."', ADDR='".Utility::replacewithprime($this->addr)."', INTERESTS='".Utility::replacewithprime($this->interests)."', PUBLISHED='".Utility::replacewithprime($this->published)."', DATAPUBLIC='".$this->datapublic."', BIO='".Utility::replacewithprime($this->bio)."' WHERE LOGIN='".$this->login."'", $connection); $ra = mysql_affected_rows($connection); /* } else { $ra = -99; } } else { $ra = -99; } */ mysql_close($connection); return $ra; } function updateLogin() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $rs = mysql_query("SELECT IDX FROM siteuserdetails WHERE LOGIN='".$this->login."'"); if ($rs) { if (($array = mysql_fetch_assoc($rs))==FALSE) { mysql_query("UPDATE siteuserdetails SET LOGIN='".$this->login."', APPROVED=1 WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); } else { $ra = -99; } } else { $ra = -99; } mysql_close($connection); return $ra; } function delete() { $ra = -1; $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); mysql_query("DELETE FROM siteuserdetails WHERE IDX='".$this->idx."'", $connection); $ra = mysql_affected_rows($connection); mysql_close($connection); return $ra; } function toString() { return ("login=".$this->login.", first=".$this->first.", last=".$this->last.", phone=".$this->phone.", fax=".$this->fax.", org=".$this->org.", addr=".$this->addr.", interests=".$this->interests.", published=".$this->published.", datapublic=".$this->datapublic.", bio=".$this->bio); } // static function &getUnregisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=0"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); // -- return $vec; } function &getRegisteredUserDetails() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function &getRegisteredUserDetailsWhoAllow() { $vec = &new Vector(); $connection = mysql_connect(HOST, USERNAME, PASSWORD) or exit("Could not connect"); mysql_select_db(DATABASE, $connection); $q = "SELECT IDX FROM siteuserdetails WHERE APPROVED=1 AND DATAPUBLIC=1"; $rs = mysql_query($q, $connection); if ($rs) { while ( ($array = mysql_fetch_assoc($rs))!=FALSE) { $su = &new SiteuserDetails("idx=".$array["IDX"]); $vec->add($su); } } //mysql_close($connection); return $vec; } function getIdx() { return $this->idx; } function getLogin() { return $this->login; } function getFirst() { return $this->first; } function getLast() { return $this->last; } function getPhone() { return $this->phone; } function getFax() { return $this->fax; } function getOrg() { return $this->org; } function getAddr() { return $this->addr; } function getInterests() { return $this->interests; } function getPublished() { return $this->published; } function getDataPublic() { return $this->datapublic; } function getBio() { return $this->bio; } function getEmail() { return $this->email; } function setIdx($in) { $this->idx = $in; } function setLogin($in) { $this->login = $in; } function setFirst($in) { $this->first = $in; } function setLast($in) { $this->last = $in; } function setPhone($in) { $this->phone = $in; } function setFax($in) { $this->fax = $in; } function setOrg($in) { $this->org = $in; } function setAddr($in) { $this->addr = $in; } function setInterests($in) { $this->interests = $in; } function setPublished($in) { $this->published = $in; } function setDataPublic($in) { $this->datapublic = $in; } function setBio($in) { $this->bio = $in; } function setEmail($in) { $this->email = $in; } } ?> Panjan - informatički inžinjering, Sisak, Croatia
Swich to english language Croatian language Back to home Kontakt Swich to english language Croatian language
Products
Keeping in mind the need of user to control integrated informatics system and considering organisational structure of company or institution we have developed a model of building informatics system on principles of decomposition withing informatics subsystems:

getCatName()?>
  getName()?>

All those informatics subsystems are structured in such fashion that together they present a single integral informatics system of a company or instituition they're implemented in, and on the other side, each of them is build with several independent segmets (applications) that can be installed separately from other segments and can be a complete product by itself. In total there is over sixty (60) applicational subsystems in over 30 different companies and instituitions.

Every application is developed with most advances tool available at the present:
PROGRESS
(relational database) 		Visual Basic
(application development)

ACCESS
(relational database)
CLIPPER
(translator)

 






Hoteli na Jadranu

     
Naš kontakt Developed & designed: EuroART93