Upload files to 'nk_part3'

nk_part3/action_delete.php

@@ -0,0 +1,24 @@
+<?php
+session_start();
+require("init.php");
+
+// kontrola jestli to otevira clověk s dostatenym právem
+if(isset($_SESSION["role"])){
+    if($_SESSION["role"] < 5){
+        header("Location: /?error=2");
+    }
+}
+
+$id = $_GET["id"];
+
+$sql = "DELETE FROM nk_prispevky WHERE id=$id";
+
+if (mysqli_query($conn,$sql)) {
+    echo "příkaz byl vykonán";
+    header("Location: /?del=$id");
+} else {
+    echo "Error:" .$sql."<br>". mysqli_errno($conn);
+}
+
+
+?>

nk_part3/action_login.php

@@ -0,0 +1,25 @@
+<?php
+session_start();
+require("init.php");
+
+
+$username = $_POST["username"];
+$pw = $_POST["pw"];
+
+$sql = "SELECT * FROM nk_users
+WHERE username='$username' AND password='$pw'";
+$result = mysqli_query($conn, $sql);
+
+if(mysqli_num_rows($result) == 1) {
+    $row = mysqli_fetch_assoc($result);
+
+    $_SESSION["logged"] = 1; // stav přihlášení
+    $_SESSION["username"] = $row["username"]; // zobrazované jméno
+    $_SESSION["role"] = $row["role"]; //hodnota role
+    $_SESSION["userid"] = $row["id"]; // jednodušší write
+
+    header("Location: /");
+} else {
+    header("Location: login.php?error=1");
+}
+?>

nk_part3/action_reg.php

@@ -0,0 +1,30 @@
+<?php
+session_start();
+include("init.php");
+
+$username = $_POST["username"];
+$pw1 = $_POST["pw1"];
+$pw2 = $_POST["pw2"];
+
+if ($pw1 != $pw2) {
+    header("Location: reg.php?error=1");
+}
+
+$sql = "INSERT INTO nk_users(username,password,role)
+VALUES ('$username','$pw1','5')";
+
+if (mysqli_query($conn,$sql)){
+    $last_id = mysqli_insert_id($conn);
+    echo "uživatel byl vytvořen, jeho id: ".$last_id ;
+
+    $_SESSION["logged"] = 1;
+    $_SESSION["username"] = $username;
+    $_SESSION["role"] = "5";
+    $_SESSION["userid"] = $last_id;
+
+    header("Location: /");
+} else {
+    echo "error:" . mysqli_error($conn);
+}
+
+?>

nk_part3/action_write.php

@@ -0,0 +1,18 @@
+<?php
+session_start();
+include("init.php");
+
+$title = $_POST["title"];
+$msg = $_POST["msg"];
+$userid = $_SESSION["userid"];
+
+$sql = "INSERT INTO nk_prispevky(id_nk_users,title,msg,created)
+VALUES ('$userid','$title','$msg',now())";
+ 
+if(mysqli_query($conn,$sql)){
+    echo "bylo zapsáno do knihy";
+    header("Location: /list.php");
+} else{
+    echo "error:". mysqli_error($conn);
+}
+?>

nk_part3/admin.php

@@ -0,0 +1,57 @@
+<?php
+session_start();
+include("init.php");
+
+if(isset($_SESSION["role"])){
+    if($_SESSION["role"] != 1){
+        header("Location: /?error=2");
+    }
+}
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Navštěvní kniha</title>
+</head>
+<body>
+    <h1>Návštěvní kniha - ADMIN</h1>
+
+    <?php
+    include "menu.php";
+    ?>
+    <hr>
+    <!-- PHP výpis pro příspěvky -->
+    <h2>Příspěvky</h2>
+    <?php
+     $sql = "SELECT nk_prispevky.id, nk_users.username, nk_prispevky.title, nk_prispevky.msg, nk_prispevky.created, nk_users.role
+     FROM nk_prispevky
+     INNER JOIN nk_users ON nk_prispevky.id_nk_users = nk_users.id 
+     ORDER BY nk_prispevky.id  DESC";
+     $result = mysqli_query($conn,$sql);
+
+     if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            echo "<p>id:".$row["id"].";title".$row["title"]."</p>";
+        }
+    }
+    ?>
+
+    <h2>Users</h2>
+    <?php
+
+    $sql = "SELECT * FROM nk_users";
+    $result = mysqli_query($conn,$sql);
+
+    if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            echo "<p>id:".$row["id"]."; user:".$row["username"]."</p>";
+        }
+    }
+
+    ?>
+</body>
+</html>