nk_part4

nk_part4/action_delete.php

@@ -0,0 +1,24 @@
+<?php
+session_start();
+require("init.php");
+
+// kontrola jestli to otevira clověk s dostatenym právem
+if(isset($_SESSION["role"])){
+    if($_SESSION["role"] < 5){
+        header("Location: /?error=2");
+    }
+}
+
+$id = $_GET["id"];
+
+$sql = "DELETE FROM nk_prispevky WHERE id=$id";
+
+if (mysqli_query($conn,$sql)) {
+    echo "příkaz byl vykonán";
+    header("Location: /?del=$id");
+} else {
+    echo "Error:" .$sql."<br>". mysqli_errno($conn);
+}
+
+
+?>

nk_part4/action_login.php

@@ -0,0 +1,25 @@
+<?php
+session_start();
+require("init.php");
+
+
+$username = $_POST["username"];
+$pw = $_POST["pw"];
+
+$sql = "SELECT * FROM nk_users
+WHERE username='$username' AND password='$pw'";
+$result = mysqli_query($conn, $sql);
+
+if(mysqli_num_rows($result) == 1) {
+    $row = mysqli_fetch_assoc($result);
+
+    $_SESSION["logged"] = 1; // stav přihlášení
+    $_SESSION["username"] = $row["username"]; // zobrazované jméno
+    $_SESSION["role"] = $row["role"]; //hodnota role
+    $_SESSION["userid"] = $row["id"]; // jednodušší write
+
+    header("Location: /");
+} else {
+    header("Location: login.php?error=1");
+}
+?>

nk_part4/action_reg.php

@@ -0,0 +1,30 @@
+<?php
+session_start();
+include("init.php");
+
+$username = $_POST["username"];
+$pw1 = $_POST["pw1"];
+$pw2 = $_POST["pw2"];
+
+if ($pw1 != $pw2) {
+    header("Location: reg.php?error=1");
+}
+
+$sql = "INSERT INTO nk_users(username,password,role)
+VALUES ('$username','$pw1','5')";
+
+if (mysqli_query($conn,$sql)){
+    $last_id = mysqli_insert_id($conn);
+    echo "uživatel byl vytvořen, jeho id: ".$last_id ;
+
+    $_SESSION["logged"] = 1;
+    $_SESSION["username"] = $username;
+    $_SESSION["role"] = "5";
+    $_SESSION["userid"] = $last_id;
+
+    header("Location: /");
+} else {
+    echo "error:" . mysqli_error($conn);
+}
+
+?>

nk_part4/action_update_prispevky.php

@@ -0,0 +1,34 @@
+<?php
+session_start();
+require("init.php");
+
+// kontrola jestli to otevira clověk s dostatenym právem
+if(isset($_SESSION["role"])){
+    if($_SESSION["role"] == 5){
+        header("Location: /?error=2");
+    }
+}
+
+//načtení odeslaných dat
+$id = $_POST["id"];
+$id_nk_users = $_POST["id_nk_users"];
+$title = $_POST["title"];
+$msg = $_POST["msg"];
+
+$sql = "UPDATE nk_prispevky SET 
+id_nk_users='$id_nk_users', 
+title='$title',
+msg='$msg'
+WHERE id=$id";
+
+if(mysqli_query($conn,$sql)) {
+    header("Location: /?update=1");
+} else {
+    header("Location: /error=4");
+}
+
+
+
+
+
+?>

nk_part4/action_write.php

@@ -0,0 +1,18 @@
+<?php
+session_start();
+include("init.php");
+
+$title = $_POST["title"];
+$msg = $_POST["msg"];
+$userid = $_SESSION["userid"];
+
+$sql = "INSERT INTO nk_prispevky(id_nk_users,title,msg,created)
+VALUES ('$userid','$title','$msg',now())";
+ 
+if(mysqli_query($conn,$sql)){
+    echo "bylo zapsáno do knihy";
+    header("Location: /list.php");
+} else{
+    echo "error:". mysqli_error($conn);
+}
+?>

nk_part4/admin.css

@@ -0,0 +1,3 @@
+td, th {
+    border: 1px solid black;
+}

nk_part4/admin.php

@@ -0,0 +1,81 @@
+<?php
+session_start();
+include("init.php");
+
+if(isset($_SESSION["role"])){
+    if($_SESSION["role"] != 1){
+        header("Location: /?error=2");
+    }
+}
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Navštěvní kniha</title>
+    <link rel="stylesheet" href="admin.css">
+</head>
+<body>
+    <h1>Návštěvní kniha - ADMIN</h1>
+
+    <?php
+    include "menu.php";
+    ?>
+    <hr>
+    <!-- PHP výpis pro příspěvky -->
+    <h2>Příspěvky</h2>
+    
+    <table>
+    <tr>
+        <th>id</th>
+        <th>title</th>
+        <th>msg</th>
+        <th>Autor</th>
+        <th>role autora</th>
+        <th>čas vytvoření</th>
+        <th>delete</th>
+        <th>update</th>
+    </tr>
+
+    <?php
+     $sql = "SELECT nk_prispevky.id, nk_users.username, nk_prispevky.title, nk_prispevky.msg, nk_prispevky.created, nk_users.role
+     FROM nk_prispevky
+     INNER JOIN nk_users ON nk_prispevky.id_nk_users = nk_users.id 
+     ORDER BY nk_prispevky.id  DESC";
+     $result = mysqli_query($conn,$sql);
+
+     if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            echo "<tr>";
+            echo "<td>".$row["id"]."</td>";
+            echo "<td>".$row["title"]."</td>";
+            echo "<td>".$row["msg"]."</td>";
+            echo "<td>".$row["created"]."</td>";
+            echo "<td>".$row["username"]."</td>";
+            echo "<td>".$row["role"]."</td>";     //id=5">
+            echo "<td> <a href=\"action_delete.php?id=".$row["id"]."\">Delete</a></td>";
+            echo "<td> <a href=\"update_prispevky.php?id=".$row["id"]."\">UPDATE</a></td>";
+            echo "</tr>";
+        }
+    }
+    ?>
+    </table>
+
+    <h2>Users</h2>
+    <?php
+
+    $sql = "SELECT * FROM nk_users";
+    $result = mysqli_query($conn,$sql);
+
+    if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            echo "<p>id:".$row["id"]."; user:".$row["username"]."</p>";
+        }
+    }
+
+    ?>
+</body>
+</html>

nk_part4/index.php

@@ -0,0 +1,38 @@
+<?php
+session_start();
+include("init.php");
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Navštěvní kniha</title>
+</head>
+<body>
+    <h1>Návštěvní kniha</h1>
+
+    <?php
+    include "menu.php";
+    ?>
+
+    <?php
+     if(isset($_SESSION["username"])){
+        
+        echo "<h2> vítej uživateli: ".$_SESSION["username"]."</h2>";
+        echo "<h5>username: ".$_SESSION["username"]."</h5>";
+        echo "<h5>userid: ".$_SESSION["userid"]."</h5>";
+        echo "<h5>role: ".$_SESSION["role"]."</h5>";
+        if ($_SESSION["role"] == 1){
+            echo "<p>". var_dump($_SESSION). "</p>";
+        }
+     } else {
+        echo "<h2> Prosím přihlaš se </h2>";
+     }
+
+    ?>
+
+</body>
+</html>

nk_part4/informace.md

@@ -0,0 +1,35 @@
+# Informace
+
+## Seznam rolí
+
+- 1 = admin
+- 3 = moderátor
+- 5 = uživatel
+
+## Vlastnosti rolí
+
+### Admin
+povolení:
+
+- [X] Wožnost mazat příspěvky (vlastní + role 3, 5)
+- [ ] možnosti mazat uživatele
+
+### Moderator
+povolení:
+- [ ] možnost mazat příspvěky (vlastní + role 5)
+
+zákaz:
+- [ ] možnost mazat uživatele
+
+### Uživatel
+povolení:
+- [ ] možnost mazat příspěvky (pouze vlastní) 
+
+
+## Admin Panel
+- [ ] Zobrazit příspěvky
+- [ ] Zobrazit uživatele
+- [ ] možnost změna hesla pro uživatele
+- [ ] možnost vymazat uživatele
+- [ ] možnost změnit příspěvěk
+- [ ] možnost vymazat příspěvěk

nk_part4/list.php

@@ -0,0 +1,76 @@
+<?php
+session_start();
+include("init.php");
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Výpis knihy</title>
+</head>
+<body>
+    <h1>Výpis knihy</h1>
+
+    <?php
+    include "menu.php";
+    ?>
+
+    <!-- <h2>Nadpis</h2>
+        <h4>od: jméno</h4>
+        <h5>cas</h5>
+        <p>zpráva</p>
+        <hr> -->
+
+    <?php
+    $sql = "SELECT nk_prispevky.id, nk_users.username, nk_prispevky.title, nk_prispevky.msg, nk_prispevky.created, nk_users.role
+    FROM nk_prispevky
+    INNER JOIN nk_users ON nk_prispevky.id_nk_users = nk_users.id 
+    ORDER BY nk_prispevky.id  DESC";
+    $result = mysqli_query($conn,$sql);
+
+    if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            echo  "<h2>".$row["title"] ."</h2>";
+            echo "<h4> od: " . $row["username"]."</h4>";
+            echo "<h5>". $row["created"] . "</h5>";
+            echo "<p>" . $row["msg"] . "</p>";
+            
+            //kontrola přihlášenosti
+            if(isset($_SESSION["logged"])){
+                if ($_SESSION["role"] < 5) {
+                    echo "<p> role vytvoření: ". $row["role"] . "</p>";
+                }
+                
+
+                //pohled pro moderatora
+                if($_SESSION["role"] == 3 && $row["role"] == 5) {
+                    echo "<a href=\"action_delete.php?id=".$row["id"]."\">Smazat příspěvek</a>";
+                }
+                
+                //pohled nad vlasstní příspěvek
+                if( $row["username"] == $_SESSION["username"]){
+                    echo "<a href=\"action_delete.php?id=".$row["id"]."\">Smazat příspěvek</a>";
+                }
+
+
+                //pohled pro admina
+
+                if($_SESSION["role"] == 1 && $row["username"] != $_SESSION["username"]) {
+                    echo "<a href=\"action_delete.php?id=".$row["id"]."\">Smazat příspěvek</a>";
+                }
+
+
+                // if($_SESSION["role"] < 5){ //počíta se s tím že hodnota existuje
+                //     echo "<a href=\"action_delete.php?id=".$row["id"]."\">Smazat příspěvek</a>";
+                // }
+            }
+            echo "<hr>";
+        }
+    }
+    mysqli_close($conn);
+    ?>
+
+</body>
+</html>

nk_part4/login.php

@@ -0,0 +1,31 @@
+<?php
+session_start();
+include("init.php");
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login</title>
+</head>
+<body>
+    <h1>Příhlášení</h1>
+    <?php
+    include "menu.php";
+    ?>
+    <form action="action_login.php" method="post">
+        <label for="username">Uživatelské jméno</label>
+        <br>    
+        <input type="text" name="username" id="username">
+        <br>
+        <label for="pw">Heslo</label>
+        <br>
+        <input type="password" name="pw" id="pw">
+        <br>
+        <input type="submit" value="Login">
+    </form>
+</body>
+</html>

nk_part4/logout.php

@@ -0,0 +1,6 @@
+<?php
+session_start();
+session_unset();
+session_destroy();
+header("Location: /?logout=1");
+?>

nk_part4/menu.php

@@ -0,0 +1,18 @@
+<ul>
+    <li><a href="/">HOME</a></li>
+    <li><a href="list.php">Vypsat knihu</a></li>
+    <li><a href="write.php">Zapsat do knihy</a></li>
+    <?php
+        if(isset($_SESSION["logged"])) {
+            echo '<li><a href="logout.php">Odhlásit se</a></li>';
+            if ($_SESSION["role"] == 1) {
+                echo '<li><a href="admin.php">ADMIN</a></li>';
+            }
+        } else {
+            echo '<li><a href="reg.php">Registrovat se</a></li>'; // kombinace uvozovek
+            echo "<li><a href=\"login.php\">Přihlásit se</a></li>"; //"escape" znaků
+        }
+    ?>
+    
+    
+</ul>

nk_part4/nk_part3.sql

@@ -0,0 +1,56 @@
+-- Adminer 4.7.6 MySQL dump
+
+SET NAMES utf8;
+SET time_zone = '+00:00';
+SET foreign_key_checks = 0;
+SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
+
+DROP TABLE IF EXISTS `nk_log`;
+CREATE TABLE `nk_log` (
+  `id` int(11) NOT NULL,
+  `id_nk_users` int(11) unsigned NOT NULL,
+  `logintime` datetime NOT NULL,
+  KEY `id_nk_users` (`id_nk_users`),
+  CONSTRAINT `nk_log_ibfk_1` FOREIGN KEY (`id_nk_users`) REFERENCES `nk_users` (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+
+DROP TABLE IF EXISTS `nk_prispevky`;
+CREATE TABLE `nk_prispevky` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `id_nk_users` int(11) unsigned NOT NULL,
+  `title` varchar(128) COLLATE utf8_czech_ci NOT NULL,
+  `msg` text COLLATE utf8_czech_ci NOT NULL,
+  `created` datetime NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `id_nk_users` (`id_nk_users`),
+  CONSTRAINT `nk_prispevky_ibfk_1` FOREIGN KEY (`id_nk_users`) REFERENCES `nk_users` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+INSERT INTO `nk_prispevky` (`id`, `id_nk_users`, `title`, `msg`, `created`) VALUES
+(1,	3,	'Lorem 1',	'Lorem Ipsum supres',	'2023-03-01 23:36:52'),
+(2,	2,	'Lorem 11',	'Lorem ipsumus loremos spravenost',	'2023-03-01 23:37:30'),
+(4,	9,	'Test z PHP',	'LOREM lipsum',	'2023-03-09 10:12:35'),
+(5,	10,	'Hodnocení',	'Je to tu boží, mám to tady rád ☺',	'2023-03-09 10:22:39'),
+(7,	1,	'Ctcrřtky jsou fajne v2',	'testxt',	'2023-03-23 09:57:45'),
+(8,	4,	'Zapis od Mod1',	'AHOJ DĚTI',	'2023-03-23 10:07:55');
+
+DROP TABLE IF EXISTS `nk_users`;
+CREATE TABLE `nk_users` (
+  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+  `username` varchar(32) COLLATE utf8_czech_ci NOT NULL,
+  `password` varchar(64) COLLATE utf8_czech_ci NOT NULL,
+  `role` int(3) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+INSERT INTO `nk_users` (`id`, `username`, `password`, `role`) VALUES
+(1,	'admin',	'admin',	1),
+(2,	'user1',	'user1',	5),
+(3,	'user2',	'user2',	5),
+(4,	'mod1',	'mod1',	3),
+(5,	'mod2',	'mod2',	3),
+(9,	'asd',	'asd',	5),
+(10,	'xyz',	'xyz',	5);
+
+-- 2023-03-23 09:32:22

nk_part4/part2.sql

@@ -0,0 +1,55 @@
+-- Adminer 4.7.6 MySQL dump
+
+SET NAMES utf8;
+SET time_zone = '+00:00';
+SET foreign_key_checks = 0;
+SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
+
+DROP TABLE IF EXISTS `nk_log`;
+CREATE TABLE `nk_log` (
+  `id` int(11) NOT NULL,
+  `id_nk_users` int(11) unsigned NOT NULL,
+  `logintime` datetime NOT NULL,
+  KEY `id_nk_users` (`id_nk_users`),
+  CONSTRAINT `nk_log_ibfk_1` FOREIGN KEY (`id_nk_users`) REFERENCES `nk_users` (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+
+DROP TABLE IF EXISTS `nk_prispevky`;
+CREATE TABLE `nk_prispevky` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `id_nk_users` int(11) unsigned NOT NULL,
+  `title` varchar(128) COLLATE utf8_czech_ci NOT NULL,
+  `msg` text COLLATE utf8_czech_ci NOT NULL,
+  `created` datetime NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `id_nk_users` (`id_nk_users`),
+  CONSTRAINT `nk_prispevky_ibfk_1` FOREIGN KEY (`id_nk_users`) REFERENCES `nk_users` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+INSERT INTO `nk_prispevky` (`id`, `id_nk_users`, `title`, `msg`, `created`) VALUES
+(1,	3,	'Lorem 1',	'Lorem Ipsum supres',	'2023-03-01 23:36:52'),
+(2,	2,	'Lorem 11',	'Lorem ipsumus loremos spravenost',	'2023-03-01 23:37:30'),
+(3,	2,	'Lorem 12',	'Luromes jolontos procentos',	'2023-03-01 23:37:40'),
+(4,	9,	'Test z PHP',	'LOREM lipsum',	'2023-03-09 10:12:35'),
+(5,	10,	'Hodnocení',	'Je to tu boží, mám to tady rád ☺',	'2023-03-09 10:22:39');
+
+DROP TABLE IF EXISTS `nk_users`;
+CREATE TABLE `nk_users` (
+  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+  `username` varchar(32) COLLATE utf8_czech_ci NOT NULL,
+  `password` varchar(64) COLLATE utf8_czech_ci NOT NULL,
+  `role` int(3) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
+
+INSERT INTO `nk_users` (`id`, `username`, `password`, `role`) VALUES
+(1,	'admin',	'admin',	1),
+(2,	'user1',	'user1',	5),
+(3,	'user2',	'user2',	5),
+(4,	'mod1',	'mod1',	3),
+(5,	'mod2',	'mod2',	3),
+(9,	'asd',	'asd',	5),
+(10,	'xyz',	'xyz',	5);
+
+-- 2023-03-09 09:24:37

nk_part4/reg.php

@@ -0,0 +1,43 @@
+<?php
+session_start();
+include("init.php");
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+</head>
+<body>
+    <h1>Registrace</h1>
+    <?php
+    include "menu.php";
+    ?>
+    <?php
+    if(isset($_GET["error"])){
+        if ($_GET["error"] == "1") {
+            echo "<h2>Hesla nejsou stejná</h2>";
+        }
+    }
+?>
+    <form action="action_reg.php" method="post">
+        <label for="username">Přihlašovací jméno:</label><br>
+        <input type="text" name="username" id="username">
+        <br>
+
+        <label for="pw1">Heslo:</label><br>
+        <input type="password" name="pw1" id="pw1">
+        <br>
+
+        <label for="pw2">Opakovat heslo:</label><br>
+        <input type="password" name="pw2" id="pw2">
+        <br>
+
+        <br>
+        <input type="submit" value="Registrovat">
+
+    </form>
+</body>
+</html>

nk_part4/update_prispevky.php

@@ -0,0 +1,49 @@
+<?php
+session_start();
+include("init.php");
+
+if(!isset($_SESSION["logged"])){
+    header("Location: /?error=3"); //error 3 = přístup odepřen
+}
+if(!isset($_GET["id"])){
+    header("Location: /?error=4"); //error 4 = špatný vstup
+}
+$id = $_GET["id"];
+$sql = "SELECT * FROM nk_prispevky WHERE id=$id";
+$result = mysqli_query($conn,$sql);
+
+    if (mysqli_num_rows($result) > 0) {
+        while ($row = mysqli_fetch_assoc($result)){
+            $title = $row["title"];
+            $id_nk_users = $row["id_nk_users"];
+            $msg = $row["msg"];
+        }
+    } else {
+        header("Location: /?error=4");
+    }
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Update</title>
+</head>
+<body>
+    <h1>Uprava ID:<?php echo $id?></h1>
+
+    <form action="action_update_prispevky.php" method="post">
+        <?php 
+        echo '<input type="text" hidden name="id" id="id" value="'.$id.'">';
+        echo '<input type="text" name="title" id="title" value="'.$title.'"> <br>';
+        echo '<input type="text" name="id_nk_users" id="id_nk_users" value="'.$id_nk_users.'"> <br>';
+        echo '<textarea name="msg" id="msg" cols="30" rows="10">'.$title.'</textarea>'
+               
+        ?>
+        <br>        
+        <input type="submit" value="UPDATE">
+    </form>
+</body>
+</html>

nk_part4/write.php

@@ -0,0 +1,32 @@
+<?php
+session_start();
+include("init.php");
+
+if(!isset($_SESSION["logged"])){
+    header("Location: /?error=3"); //error 3 = přístup odepřen
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Zápis do knihy</title>
+</head>
+<body>
+    <h1>Zápis do knihy</h1>
+    <?php
+    include "menu.php";
+    ?>
+    <form action="action_write.php" method="post">
+        <label for="title">Nadpis:</label><br>
+        <input type="text" name="title" id="title"><br>
+
+        <label for="msg">Zpráva do knihy:</label><br>
+        <textarea name="msg" id="msg" cols="30" rows="10"></textarea>
+        <br>
+        <input type="submit" value="Zapsat do knihy">
+    </form>
+</body>
+</html>