234 lines
8.3 KiB
PHP
234 lines
8.3 KiB
PHP
<?php
|
|
// DEPENDENCIES
|
|
use severak\database\rows;
|
|
use severak\forms\form;
|
|
|
|
$dependencies['config'] = $config;
|
|
$singletons['pdo'] = function() {
|
|
$config = di('config');
|
|
return new PDO('sqlite:' . __DIR__ . '/' . $config['database']);
|
|
};
|
|
$singletons['rows'] = function(){
|
|
return new severak\database\rows(di('pdo'));
|
|
};
|
|
|
|
// ROUTY
|
|
|
|
// HP & LOGIN
|
|
route('', '/', function (){
|
|
// if (!user()) return redirect('/login/');
|
|
return render('home');
|
|
});
|
|
|
|
route('', '/login/', function ($req){
|
|
/** @var Psr\Http\Message\ServerRequestInterface $req */
|
|
/** @var severak\database\rows $rows */
|
|
$rows = di('rows');
|
|
$form = new form(['method'=>'POST']);
|
|
$form->field('username', ['required'=>true, 'label'=>'Jméno']);
|
|
$form->field('password', ['type'=>'password', 'required'=>true, 'label'=>'Heslo']);
|
|
$form->field('_login', ['type'=>'submit', 'label'=>'Přihlásit se']);
|
|
|
|
if ($req->getMethod()=='POST') {
|
|
$form->fill($req->getParsedBody());
|
|
if ($form->validate()) {
|
|
$uz = $rows->one('users', ['username'=>$form->values['username'], 'is_active'=>1]);
|
|
if (!$uz) {
|
|
$form->error('username', 'Uživatel nenalezen');
|
|
} elseif (password_verify($form->values['password'], $uz['password'])) {
|
|
unset($uz['password']);
|
|
$_SESSION['user'] = $uz;
|
|
return redirect('/');
|
|
} else {
|
|
$form->error('password', 'Špatné heslo.');
|
|
}
|
|
}
|
|
}
|
|
return render('form', ['form'=>$form]);
|
|
});
|
|
|
|
route('', '/logout/', function ($req){
|
|
unset($_SESSION['user']);
|
|
unset($_SESSION['flashes']);
|
|
return redirect('/');
|
|
});
|
|
|
|
route('', '/zmena-hesla/', function ($req){
|
|
if (!user()) return redirect('/login/');
|
|
$user = user();
|
|
/** @var Psr\Http\Message\ServerRequestInterface $req */
|
|
/** @var severak\database\rows $rows */
|
|
$rows = di('rows');
|
|
|
|
$form = new form(['method'=>'post']);
|
|
$form->field('password_current', ['required'=>true, 'type'=>'password', 'label'=>'Stávající heslo']);
|
|
$form->field('password', ['required'=>true, 'type'=>'password', 'label'=>'Nové heslo']);
|
|
$form->field('password_again', ['required'=>true, 'type'=>'password', 'label'=>'Nové heslo znovu']);
|
|
$form->field('_sbt', ['label'=>'Změnit heslo', 'type'=>'submit']);
|
|
|
|
$form->rule('password_again', function ($v, $o){
|
|
return $v==$o['password'];
|
|
}, 'Hesla se neshodují!');
|
|
|
|
$uz = $rows->one('users', $user['id']);
|
|
|
|
$form->rule('password_current', function ($v, $o) use ($uz) {
|
|
return password_verify($v, $uz['password']);
|
|
}, 'Špatné zadané současné heslo!');
|
|
|
|
if ($req->getMethod()=='POST' && $form->fill($req->getParsedBody()) && $form->validate()) {
|
|
$rows->update('users', [
|
|
'password'=>password_hash($form->values['password'], PASSWORD_DEFAULT)
|
|
], [
|
|
'id'=>$user['id']
|
|
]);
|
|
flash('Heslo změněno.');
|
|
return redirect('/');
|
|
}
|
|
|
|
return render('form', ['form'=>$form, 'title'=>'Změnit heslo']);
|
|
});
|
|
|
|
|
|
|
|
// OBSLUHA
|
|
|
|
route('GET', '/obsluha/', function ($req){
|
|
if (!user()) return redirect('/login/');
|
|
/** @var severak\database\rows $rows */
|
|
$rows = di('rows');
|
|
$items = $rows->page('users', [], ['is_active'=>'desc', 'name'=>'asc']);
|
|
|
|
return render('users', ['users'=>$items]);
|
|
});
|
|
|
|
route('', '/obsluha/pridat/', function ($req){
|
|
if (!user()) return redirect('/login/');
|
|
$user = user();
|
|
if (!$user['is_superuser']) {
|
|
flash('Obsluhu může přidávat jen admin.', 'warning');
|
|
return redirect('/');
|
|
}
|
|
|
|
/** @var Psr\Http\Message\ServerRequestInterface $req */
|
|
/** @var severak\database\rows $rows */
|
|
$rows = di('rows');
|
|
|
|
$form = new form(['method'=>'post']);
|
|
$form->field('username', ['label'=>'Uživatelské jméno']);
|
|
$form->field('password', ['required'=>true, 'type'=>'password', 'label'=>'Heslo']);
|
|
$form->field('password_again', ['required'=>true, 'type'=>'password', 'label'=>'Heslo znovu']);
|
|
$form->field('name', ['required'=>true, 'type'=>'text', 'label'=>'Jméno']);
|
|
$form->field('card_id', ['type'=>'number', 'label'=>'Číslo členské karty', 'id'=>'qrcode']);
|
|
$form->field('_sbt', ['label'=>'Přidat', 'type'=>'submit']);
|
|
|
|
$form->rule('password_again', function ($v, $o){
|
|
return $v==$o['password'];
|
|
}, 'Hesla se neshodují!');
|
|
|
|
if ($req->getMethod()=='POST' && $form->fill($req->getParsedBody()) && $form->validate()) {
|
|
$duplicateUser = $rows->one('users', ['username'=>$form->values['username'] ]);
|
|
if ($duplicateUser) {
|
|
$form->error('username', 'Uživatel tohoto jména již v systému je.');
|
|
}
|
|
|
|
$memberId = null;
|
|
if ($form->values['card_id']) {
|
|
$card = $rows->one('cards', ['id'=>$form->values['card_id'], 'is_active'=>1]);
|
|
$memberId = $card['member_id'];
|
|
}
|
|
|
|
if ($form->isValid) {
|
|
$rows->insert('users', [
|
|
'username' => $form->values['username'],
|
|
'name' => $form->values['name'],
|
|
'password' => password_hash($form->values['password'], PASSWORD_DEFAULT),
|
|
'member_id'=> $memberId
|
|
]);
|
|
|
|
flash('Uživatel přidán.', 'success');
|
|
return redirect('/obsluha/');
|
|
}
|
|
}
|
|
|
|
return render('form', ['form'=>$form, 'title'=>'Přidat obsluhu']);
|
|
});
|
|
|
|
route('', '/obsluha/upravit/{id}/', function ($req, $params){
|
|
if (!user()) return redirect('/login/');
|
|
$user = user();
|
|
|
|
if (!$user['is_superuser']) {
|
|
flash('Obsluhu může upravovat jen admin.', 'warning');
|
|
return redirect('/');
|
|
}
|
|
|
|
$id = $params['id'];
|
|
|
|
/** @var Psr\Http\Message\ServerRequestInterface $req */
|
|
/** @var severak\database\rows $rows */
|
|
$rows = di('rows');
|
|
|
|
$form = new form(['method'=>'post']);
|
|
$form->field('username', ['label'=>'Uživatelské jméno']);
|
|
$form->field('password', ['type'=>'password', 'label'=>'Heslo']);
|
|
$form->field('password_again', ['type'=>'password', 'label'=>'Heslo znovu']);
|
|
$form->field('name', ['required'=>true, 'type'=>'text', 'label'=>'Jméno']);
|
|
$form->field('card_id', ['type'=>'number', 'label'=>'Číslo členské karty', 'id'=>'qrcode']);
|
|
$form->field('is_active', ['type'=>'checkbox', 'label'=>'Aktivní?']);
|
|
$form->field('is_superuser', ['type'=>'checkbox', 'label'=>'Je admin?']);
|
|
$form->field('note', ['type'=>'textarea', 'label'=>'Poznámka']);
|
|
$form->field('_sbt', ['label'=>'Uložit', 'type'=>'submit']);
|
|
|
|
$form->rule('password_again', function ($v, $o){
|
|
return $v==$o['password'];
|
|
}, 'Hesla se neshodují!');
|
|
|
|
if ($req->getMethod()=='POST' && $form->fill($req->getParsedBody())) {
|
|
$form->validate();
|
|
|
|
$duplicateUser = $rows->one('users', ['username'=>$form->values['username'] ]);
|
|
if ($duplicateUser && $duplicateUser['id']!=$id) {
|
|
$form->error('username', 'Uživatel tohoto jména již v systému je.');
|
|
}
|
|
|
|
if ($form->values['password'] && $form->values['password']!=$form->values['password_again']) {
|
|
$form->error('password', 'Hesla se musí shodovat!');
|
|
}
|
|
|
|
if ($form->isValid) {
|
|
$update = $form->values; // TODO tohle je prasárna
|
|
unset($update['id'], $update['password'], $update['password_again'], $update['card_id'], $update['_sbt']);
|
|
if ($form->values['password'] && $form->values['password']!=$form->values['password_again']) {
|
|
$update['password'] = password_hash($form->values['password'], PASSWORD_DEFAULT);
|
|
}
|
|
|
|
if ($form->values['card_id']) {
|
|
$card = $rows->one('cards', ['id'=>$form->values['card_id'], 'is_active'=>1]);
|
|
$update['member_id'] = $card['member_id'];
|
|
}
|
|
|
|
$rows->update('users', $update, $id);
|
|
|
|
flash('Uživatel upraven.', 'success');
|
|
return redirect('/obsluha/');
|
|
}
|
|
|
|
} else {
|
|
$editedUser = $rows->one('users', $id);
|
|
|
|
unset($editedUser['password']);
|
|
|
|
if ($editedUser['member_id']) {
|
|
$card = $rows->one('cards', ['member_id'=>$editedUser['member_id'], 'is_active'=>1]);
|
|
if ($card) {
|
|
$editedUser['card_id'] = $card['id'];
|
|
}
|
|
}
|
|
|
|
$form->fill($editedUser);
|
|
}
|
|
|
|
return render('form', ['form'=>$form, 'title'=>'Upravit obsluhu']);
|
|
});
|