anketa = $_GET['anketa']; } elseif (isset ($_POST['anketa'])) { $this->anketa = $_POST['anketa']; } elseif ($anketa != 0) { $this->anketa = $anketa; } } /** * preveri dostop do ankete * * @param mixed $anketa */ function checkDostop($anketa = 0) { global $admin_type; global $global_user_id; if ($anketa == 0) { $anketa = $this->anketa; } $uid = $global_user_id; SurveyInfo::getInstance()->SurveyInit($anketa); $rowa = SurveyInfo::getInstance()->getSurveyRow(); // meta admin vidi kao spet vse if (self::isMetaAdmin()) { return TRUE; } // za demonstracijsko je posebno preverjanje if ($rowa['invisible'] == 1) { return TRUE; } // posebej dostop za vsazga userja posebej $sql = sisplet_query("SELECT ank_id, uid FROM srv_dostop WHERE ank_id = '$anketa' AND uid='$uid'"); if (mysqli_num_rows($sql) > 0) { return TRUE; } // dodatno imamo se ce je manager ali admin, potem vidi ankete podrejenih userjev if ($admin_type == 1 || $admin_type == 0) { $sql = sisplet_query("SELECT COUNT(*) FROM srv_dostop WHERE ank_id='$anketa' AND uid IN (SELECT user FROM srv_dostop_manage WHERE manager='$uid')"); $row = mysqli_fetch_array($sql); if ($row[0] > 0) { return TRUE; } } // ce imajo administratorji poseben dostop do ankete za help if ($admin_type == 0 && strtotime($rowa['dostop_admin']) >= strtotime(date("Y-m-d"))) { return TRUE; } return FALSE; } /** * Kao meta admin, ki vidi vse */ static function isMetaAdmin() { global $global_user_id; global $admin_type; global $mysql_database_name; // Samo na www in virtualkah if(($mysql_database_name == 'www1kasi' || $mysql_database_name == 'real1kasi') && $admin_type == '0'){ // vvasja@gmail.com - id: 100, peter.h1203@gmail.com - id: 12611, 1ka.techsupport - id: 49089 (virtualke), 72253 if (in_array($global_user_id, [100, 12611, 49089, 72253])) { return TRUE; } } // Gorenje ima svoje metaadmine if ($admin_type == '0' && Common::checkModule('gorenje')){ global $meta_admin_emails; $sql = sisplet_query("SELECT email FROM users WHERE id = '$global_user_id'"); $row = mysqli_fetch_array($sql); if(in_array($row['email'], $meta_admin_emails)){ return TRUE; } } return FALSE; } /** * preveri, ce ima uporabnik aktiven dostop do ankete * zdaj ko nimamo vec aktivnih in pasivnih uporabnikov, gledamo ali ima edit * dostop do ankete * * ta funkcija je v bistvu deprecated, naj se raje uporablja * checkDostopSub('edit'...); ostaja za zdruzljivost za nazaj * * @param mixed $anketa */ function checkDostopAktiven($anketa = 0) { global $admin_type; global $global_user_id; return $this->checkDostopSub('edit', $anketa); } /** * preveri tocen dostop do podstoritev * * @param mixed $anketa */ function checkDostopSub($type, $anketa = 0) { global $admin_type; global $global_user_id; if ($anketa == 0) { $anketa = $this->anketa; } $uid = $global_user_id; SurveyInfo::getInstance()->SurveyInit($anketa); $rowa = SurveyInfo::getInstance()->getSurveyRow(); // meta admin vidi kao spet vse if (self::isMetaAdmin()) { return TRUE; } // za demonstracijsko je posebno preverjanje if ($rowa['invisible'] == 1) { return TRUE; } $sql = sisplet_query("SELECT dostop FROM srv_dostop WHERE ank_id = '$anketa' AND uid='$uid'"); if (mysqli_num_rows($sql) > 0) { $row = mysqli_fetch_array($sql); $dostop = explode(',', $row['dostop']); if (in_array($type, $dostop)) { return TRUE; } // managerji in admini majo vedno lepe linke in maile if ($admin_type <= 1 && in_array($type, ['link', 'mail'])) { return TRUE; } } // administratorji in managerji imajo do max kar imajo njegovi podrejeni userji if ($admin_type <= 1) { $sql = sisplet_query("SELECT dostop FROM srv_dostop WHERE ank_id='$anketa' AND uid IN (SELECT user FROM srv_dostop_manage WHERE manager='$uid')"); while ($row = mysqli_fetch_array($sql)) { $dostop = explode(',', $row['dostop']); if (in_array($type, $dostop)) { return TRUE; } // managerji in admini majo vedno lepe linke in maile if ($admin_type <= 1 && in_array($type, ['link', 'mail'])) { return TRUE; } } } // ce imajo administratorji poseben dostop do ankete za help if ($admin_type == 0 && strtotime($rowa['dostop_admin']) >= strtotime(date("Y-m-d"))) { return TRUE; } return FALSE; } function ajax(){ if ($_GET['a'] == 'manager_add_user') { $this->ajax_manager_add_user(); } elseif($_GET['a'] == 'add_new_user'){ $this->ajax_add_new_user(); } elseif ($_GET['a'] == 'anketa_user_dostop') { $this->ajax_anketa_user_dostop(); } elseif ($_GET['a'] == 'anketa_user_dostop_save') { $this->ajax_anketa_user_dostop_save(); } elseif ($_GET['a'] == 'edit_user') { $this->ajax_edit_user(); } elseif ($_GET['a'] == 'edit_user_save') { $this->ajax_edit_user_save(); } elseif ($_GET['a'] == 'admin_add_user') { $this->ajax_admin_add_user(); } elseif ($_GET['a'] == 'admin_add_user_popup') { $this->ajax_admin_add_user_popup(); } elseif($_GET['a'] == 'find_user'){ $this->ajax_find_user(); } elseif ($_GET['a'] == 'edit_remove_user') { $this->ajax_edit_remove_user(); } elseif ($_GET['a'] == 'edit_remove_user_manager') { $this->ajax_edit_remove_user_manager(); } elseif ($_GET['a'] == 'edit_remove_user_admin') { $this->ajax_edit_remove_user_admin(); } elseif ($_GET['a'] == 'all_users_list') { if ($_GET['m'] == 'delete') { $this->ajax_all_users_list_delete(); } if ($_GET['m'] == 'ban') { $this->ajax_all_users_list_ban(); } else { $this->ajax_all_users_list(); } } elseif($_GET['a'] == 'my_users_list'){ $this->ajax_all_users_list_my(); } elseif ($_GET['a'] == 'delete_users_list') { $this->ajax_delete_users_list(); } elseif ($_GET['a'] == 'unsigned_users_list') { $this->ajax_unsigned_users_list(); } elseif ($_GET['a'] == 'unconfirmed_mail_user_list') { if ($_GET['m'] == 'delete') { $this->ajax_unconfirmed_mail_user_list_delet_user(); } elseif ($_GET['m'] == 'accept') { $this->ajax_confirm_user_email(); } else { $this->ajax_unconfirmed_mail_user_list(); } } elseif ($_GET['a'] == 'dodeljeni_uporabniki_display') { $this->ajax_dodeljeni_uporabniki_display(); } } /** * Dodamo novega uporabnika v 1KA sistem */ public function ajax_add_new_user() { global $pass_salt, $site_url, $site_domain, $virtual_domain, $lang, $app_settings; $email = $_POST['email']; $name = $_POST['name']; $surnname = $_POST['surname']; $password = $_POST['password']; $password2 = $_POST['password2']; $jezik = $_POST['jezik']; include root_dir('lang/'.$jezik.'.php'); if ($email != '') { $sqlu = sisplet_query("SELECT id FROM users WHERE email='$email'"); if (mysqli_num_rows($sqlu) == 0) { if ($password == '' || $password == $password2) { $s = sisplet_query("INSERT INTO users (name, surname, email, pass, type, when_reg, came_from, lang) VALUES ('$name', '$surnname', '$email', '" . base64_encode((hash(SHA256, $password . $pass_salt))) . "', '3', DATE_FORMAT(NOW(), '%Y-%m-%d'), '1', $jezik)"); $id = mysqli_insert_id($GLOBALS['connect_db']); } else { $error = 'pass'; } } else { // ne more si dodati že obstoječega uporabnika, ker potem bi si lahko kar kogarkoli dodal in bi videl njegove ankete $id = 0; $error = 'email'; } if ($id > 0) { $UserContent = $lang['add_new_user_content']; // Podpis $signature = Common::getEmailSignature(); $UserContent .= $signature; $UserContent .= $lang['register_add_user_content_edit']; $PageName = $app_settings['app_name']; $change = ''; $out = ''; // Ce gre slucajno za virtualko $Subject = ($virtual_domain) ? $lang['register_user_subject_virtual'] : $lang['register_user_subject']; $UserContent = str_replace("SFNAME", $name, $UserContent); $UserContent = str_replace("SFMAIL", $email, $UserContent); $UserContent = str_replace("SFWITH", $email, $UserContent); $UserContent = str_replace("SFPAGENAME", $PageName, $UserContent); $UserContent = str_replace("SFCHANGE", $change, $UserContent); $UserContent = str_replace("SFOUT", $out, $UserContent); $UserContent = str_replace("SFEND", '', $UserContent); $Subject = str_replace("SFPAGENAME", $PageName, $Subject); // Ce gre slucajno za virtualko if($virtual_domain) $Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject); if ($password2 == "") { $UserContent = str_replace("SFPASS", "( ".$lang['without']." ) ", $UserContent); } else { $UserContent = str_replace("SFPASS", $password2 ." (".$lang['register_add_user_password'].")", $UserContent); } if ($name == "") { $UserContent = str_replace("SFNAME", $lang['mr_or_mrs'], $UserContent); } else { $UserContent = str_replace("SFNAME", $name, $UserContent); } $ZaMail = ''.''.$Subject.''; $ZaMail .= $UserContent; if(isDebug()){ echo $ZaMail; die(); } // Posljemo mail vsakemu uporabniku posebej try { $MA = new MailAdapter(null, 'account'); $MA->addRecipients($email); $resultX = $MA->sendMail(stripslashes($ZaMail), $Subject); } catch (Exception $e) { } if ($resultX) { $status = 1; // poslalo ok } else { $status = 2; // ni poslalo } } } else { $error = 'email'; } header("Location: index.php?a=diagnostics&t=uporabniki&m=all&add=new&error=" . ($error !== FALSE ? $error : '')); } /** * Manager: dodajanje svojih novih uporabnikov * */ function ajax_manager_add_user() { global $pass_salt; global $lang; global $global_user_id, $site_path, $site_domain; global $admin_type; $error = FALSE; $sqlu = sisplet_query("SELECT email, type FROM users WHERE id = '" . $global_user_id . "'"); list($MailReply) = mysqli_fetch_row($sqlu); $aktiven = $_POST['aktiven']; $email = $_POST['email']; $name = $_POST['name']; $surnname = $_POST['surname']; $password = $_POST['password']; $password2 = $_POST['password2']; if ($email != '') { $sqlu = sisplet_query("SELECT id FROM users WHERE email='$email'"); if (mysqli_num_rows($sqlu) == 0) { if ($password == '' || $password == $password2) { $s = sisplet_query("INSERT INTO users (name, surname, email, pass, type, when_reg, came_from) VALUES ('$name', '$surnname', '$email', '" . base64_encode((hash(SHA256, $password . $pass_salt))) . "', '3', DATE_FORMAT(NOW(), '%Y-%m-%d'), '1')"); $id = mysqli_insert_id($GLOBALS['connect_db']); } else { $error = 'pass'; } } else { // ne more si dodati že obstoječega uporabnika, ker potem bi si lahko kar kogarkoli dodal in bi videl njegove ankete $id = 0; $error = 'email'; } if ($id > 0) { $s = sisplet_query("INSERT INTO srv_dostop_manage (manager, user) VALUES ('$global_user_id', '$id')"); if (!$s) { echo mysqli_error($GLOBALS['connect_db']); } $subject = sprintf($lang['srv_dodanmail_1'], $site_domain); $content = sprintf($lang['srv_dodanmail_2'], $MailReply, $site_domain).'

'; $content .= $lang['srv_dodanmail_3']; $content .= ''; // Podpis $signature = Common::getEmailSignature(); $content .= $signature; // Posljemo mail vsakemu uporabniku posebej try { $MA = new MailAdapter($this->anketa, $type='account'); $MA->addRecipients($email); $MA->addRecipients($MailReply); $resultX = $MA->sendMail(stripslashes($content), $subject); } catch (Exception $e) { } if ($resultX) { $status = 1; // poslalo ok } else { $status = 2; // ni poslalo } } } else { $error = 'email'; } header("Location: index.php?a=diagnostics&t=uporabniki&m=my&error=" . ($error !== FALSE ? $error : '')); } /** * Urejanje natančnega dostopa uporabnikov v nastavitvah ankete * */ function ajax_anketa_user_dostop() { global $admin_type; global $lang; $uid = $_POST['uid']; $s = sisplet_query("SELECT name, surname, email, type FROM users WHERE id='$uid'"); $r = mysqli_fetch_array($s); $sqla = sisplet_query("SELECT naslov FROM srv_anketa WHERE id = '$this->anketa'"); $rowa = mysqli_fetch_array($sqla); echo '

'.$lang['srv_anketa'].' '.$rowa['naslov'].'

'; echo '
'; echo '

'; if ($r['type'] == 2 || $r['type'] == 3) { echo $lang['admin_narocnik']; } elseif ($r['type'] == 1) { echo $lang['manager']; } elseif ($r['type'] == 0) { echo $lang['administrator']; } $r['email'] = iconv("iso-8859-2", "utf-8", $r['email']); echo ': ' . $r['name'] . ' ' . $r['surname'] . ' (' . $r['email'] . ')

'; if ($r['type'] >= 2) { $sql = sisplet_query("SELECT dostop FROM srv_dostop WHERE ank_id='$this->anketa' AND uid='$uid'"); $row = mysqli_fetch_array($sql); $dostop = explode(',', $row['dostop']); echo '
'; echo ''; echo ''; echo '

'; echo '

'; echo '

'; echo '

'; echo '

'; echo '

'; echo '

'; // Nastavitev, da ne more odklenit ankete echo '

'; // Je anketar - ne more poceti nicesar razen izvajati telefonsko anketo (ob kliku se ostale avtomatsko ugasnejo in disablajo) echo '

'; // Če gre za Hierarhijo if (SurveyInfo::checkSurveyModule('hierarhija', $this->anketa)) { $tip = sisplet_query("SELECT type FROM srv_hierarhija_users WHERE user_id='" . $uid . "' AND anketa_id='" . $this->anketa . "'", "obj"); if (!empty($tip) && !empty($tip->type)) { echo '

'; echo '

'; } } echo '
'; // Ce je katerikoli od treh checkboxou ugasnjen imamo enablano editiranje samo posameznega jezik $enable_lang = (!in_array('edit', $dostop) || !in_array('test', $dostop) || !in_array('publish', $dostop)) ? TRUE : FALSE; $sqll = sisplet_query("SELECT * FROM srv_language WHERE ank_id = '$this->anketa'"); if (mysqli_num_rows($sqll) > 0) { echo '

' . $lang['srv_passive_multilang'] . '

'; echo ''; } while ($rowl = mysqli_fetch_array($sqll)) { $sqldl = sisplet_query("SELECT * FROM srv_dostop_language WHERE ank_id = '$this->anketa' AND uid = '$uid' AND lang_id='$rowl[lang_id]'"); if (!$sqldl) { echo mysqli_error($GLOBALS['connect_db']); } if (mysqli_num_rows($sqldl) > 0) { $checked = ' checked'; } else { $checked = ''; } echo '
'; } echo '
'; echo '
'; echo '
' . $lang['edit1337'] . '
'; } // Manager - brez moznosti uporabe 1ka streznika elseif ($r['type'] == 1) { $sql = sisplet_query("SELECT dostop FROM srv_dostop WHERE ank_id='$this->anketa' AND uid='$uid'"); $row = mysqli_fetch_array($sql); $dostop = explode(',', $row['dostop']); // Admin lahko managerju spreminja samo posiljanje vabil preko 1ka streznika if ($admin_type == 0) { echo '
'; echo ''; echo ''; if (in_array('dashboard', $dostop)) { echo ''; } if (in_array('edit', $dostop)) { echo ''; } if (in_array('test', $dostop)) { echo ''; } if (in_array('publish', $dostop)) { echo ''; } if (in_array('data', $dostop)) { echo ''; } if (in_array('analyse', $dostop)) { echo ''; } if (in_array('export', $dostop)) { echo ''; } if (in_array('lock', $dostop)) { echo ''; } if (in_array('phone', $dostop)) { echo ''; } echo '
'; echo '

(' . $lang['srv_dostop_edit'] . ', ' . $lang['srv_dostop_data'] . ', ' . $lang['srv_dostop_export'] . ')

'; echo '
' . $lang['edit1337'] . '
'; } // Ostali ne morejo managerju nicesar spreminjati else { echo '

(' . $lang['srv_dostop_edit'] . ', ' . $lang['srv_dostop_data'] . ', ' . $lang['srv_dostop_export'] . ' )

'; } } // Admin else { echo '

(' . $lang['srv_dostop_edit'] . ', ' . $lang['srv_dostop_data'] . ', ' . $lang['srv_dostop_export'] . ')

'; } echo '
' . $lang['srv_zapri'] . '
'; } function ajax_anketa_user_dostop_save() { $uid = $_POST['uid']; $aktiven = $_POST['aktiven']; $dostop = implode(',', $_POST['dostop']); $sql = sisplet_query("UPDATE srv_dostop SET aktiven='$aktiven', dostop='$dostop' WHERE uid = '$uid' AND ank_id='$this->anketa'"); if (isset($_POST['dostop_language_edit']) && $_POST['dostop_language_edit'] == '1') { sisplet_query("DELETE FROM srv_dostop_language WHERE ank_id = '$this->anketa' AND uid='$uid'"); foreach ($_POST['dostop_language'] AS $val) { $val = explode('-', $val); $uid = $val[0]; $lang_id = $val[1]; sisplet_query("INSERT INTO srv_dostop_language (ank_id, uid, lang_id) VALUES ('$this->anketa', '$uid', '$lang_id')"); } } if (isset($_POST['hierarchy_type']) && SurveyInfo::checkSurveyModule('hierarhija', $this->anketa)) { $tip = (!empty($_POST['hierarchy_type']) ? $_POST['hierarchy_type'] : NULL); $result = sisplet_query("SELECT id FROM srv_hierarhija_users WHERE user_id='" . $uid . "' AND anketa_id='" . $this->anketa . "'", "obj"); if (!empty($result) && !empty($result->id) && !is_null($tip)) { sisplet_query("UPDATE srv_hierarhija_users SET type='" . $tip . "' WHERE id='" . $result->id . "'"); } } } function ajax_edit_user(){ global $lang; global $global_user_id; global $admin_type; global $virtual_domain; $uid = $_POST['uid']; echo '
'; // NASTAVITVE UPORABNIKA echo '
'; $sql = sisplet_query("SELECT name, surname, email, type, status, gdpr_agree FROM users WHERE id ='" . $uid . "'"); $row = mysqli_fetch_array($sql); echo '
'; echo '

' . $lang['edit_user'] . '

'; // Segment tip uporabnika echo '
'; $row['email'] = iconv("iso-8859-2", "utf-8", $row['email']); // Emaila ne more vec editirat, ker je prevec problemov (izgubi ankete...) echo ''; echo '

'.$row['name'].' '.$row['surname'].' ('.$row['email'].')

'; // Admin lahko spreminja tip vseh userjev if ($admin_type == 0) { echo '

'; } else { echo ''; } echo '

'; echo '
'; // Segment osnovni podatki echo ''; // Segment paket global $app_settings; if($app_settings['commercial_packages'] == true){ echo '
'; $userAccess = UserAccess::getInstance($uid); $userAccess_data = $userAccess->getAccess(); $active_package = (isset($userAccess_data['package_id'])) ? $userAccess_data['package_id'] : '1'; $time_expire = (isset($userAccess_data['time_expire'])) ? date('d.m.Y', strtotime($userAccess_data['time_expire'])) : ''; // Paket echo '

'; echo ' '; echo ' '; echo '

'; // Trajanje paketa echo '

'; echo ' '; echo ' '; echo '

'; echo ' '; echo '
'; } echo '
'; echo '
'; // SEZNAM ANKET echo '
'; echo '

' . $lang['srv_ankete'] . '

'; echo ' '; echo '
'; echo '
'; // GUMBI NA DNU echo '

'; echo '

'.$lang['srv_zapri'].'
'; echo '
'.$lang['edit1337'].'
'; echo '

'; } function ajax_edit_user_save(){ global $pass_salt; global $admin_type; $uid = $_GET['uid']; $_POST['email'] = iconv("utf-8", "iso-8859-2", $_POST['email']); if ($_POST['email'] != '') { if ($_POST['password'] != '' && $_POST['password'] == $_POST['password2']) { $password = ", pass = '" . base64_encode((hash('SHA256', $_POST['password'] . $pass_salt))) . "' "; } else { $password = ""; } $s = sisplet_query("UPDATE users SET type='$_POST[type]', status='$_POST[status]', email='$_POST[email]', name='$_POST[name]', surname='$_POST[surname]' $password WHERE id = '$uid'"); if (!$s) { echo mysqli_error($GLOBALS['connect_db']); } } if(isset($_POST['gdpr_agree'])){ sisplet_query("UPDATE users SET gdpr_agree='".$_POST['gdpr_agree']."' WHERE id = '$uid'"); } if(isset($_POST['google-2fa']) && $_POST['google-2fa'] == 'izbrisi'){ sisplet_query("DELETE FROM user_options WHERE user_id='".$uid."' AND option_name IN ('google-2fa-secret', 'google-2fa-validation')"); } if (isset($_POST['manage_domain'])) { UserSetting::getInstance()->Init($uid); UserSetting::getInstance() ->setUserSetting('manage_domain', $_POST['manage_domain']); UserSetting::getInstance()->saveUserSetting(); } // Update or insert user package if (isset($_POST['package']) && isset($_POST['package_expire']) && $_POST['package_expire'] != '') { $package_id = $_POST['package']; $package_expire = $_POST['package_expire']; $package_expire_sql = date('Y-m-d H:i:s', strtotime($package_expire)); $sqlPackageTime = sisplet_query("SELECT time_activate FROM user_access WHERE usr_id='".$uid."'"); if(mysqli_num_rows($sqlPackageTime) > 0){ $rowPackageTime = mysqli_fetch_array($sqlPackageTime); $time_activate = date('Y-m-d H:i:s', strtotime($rowPackageTime['time_activate'])); $sqlPackageDelete = sisplet_query("DELETE FROM user_access WHERE usr_id='".$uid."'"); $sqlPackage = sisplet_query("INSERT INTO user_access (usr_id, time_activate, time_expire, package_id) VALUES ('".$uid."', '".$time_activate."', '".$package_expire_sql."', '".$package_id."') "); } else{ $sqlPackage = sisplet_query("INSERT INTO user_access (usr_id, time_activate, time_expire, package_id) VALUES ('".$uid."', NOW(), '".$package_expire_sql."', '".$package_id."') "); } if (!$sqlPackage) echo mysqli_error($GLOBALS['connect_db']); } if($admin_type == 0) { // Ce smo odprli okno v narocilih if(strpos($_SERVER['HTTP_REFERER'], 'a=narocila') !== false) header("Location: index.php?a=narocila"); else header("Location: index.php?a=diagnostics&t=uporabniki&m=all"); } else{ header("Location: index.php?a=diagnostics&t=uporabniki&m=my"); } } /** * Admin: dodajanje obstojecih uporabnikov * */ function ajax_admin_add_user() { global $pass_salt; global $lang; global $global_user_id, $site_path; global $admin_type; if ($admin_type != 0 && $admin_type != 1) { return; } $error = FALSE; $sqlu = sisplet_query("SELECT email FROM users WHERE id = '" . $global_user_id . "'"); $rowu = mysqli_fetch_array($sqlu); $mail_admin = $rowu['email']; $uid = (!empty($_POST['uid']) ? $_POST['uid'] : null); $uemail = (!empty($_POST['uemail']) ? $_POST['uemail'] : null); $sqlu = sisplet_query("SELECT email, type FROM users WHERE id='$uid'"); if (mysqli_num_rows($sqlu) > 0) { $rowu = mysqli_fetch_array($sqlu); $mail_user = $rowu['email']; $type_user = $rowu['type']; $id = $uid; } // Za managerje pošljemo samo email if(empty($id)) { $sqlu = sisplet_query("SELECT id, email, type FROM users WHERE email='".$uemail."'"); if (mysqli_num_rows($sqlu) > 0) { $rowu = mysqli_fetch_array($sqlu); $mail_user = $rowu['email']; $type_user = $rowu['type']; $id = $rowu['id']; } } if ($id > 0 && $type_user >= $admin_type) { $s = sisplet_query("INSERT INTO srv_dostop_manage (manager, user) VALUES ('$global_user_id', '$id')"); if (!$s) { echo mysqli_error($GLOBALS['connect_db']); } global $site_url; $subject = $lang['srv_dodanmail_m_1'] . ''; $content = sprintf($lang['srv_dodanmail_m_2'], $mail_admin, $site_url, $mail_user) . '

' . sprintf($lang['srv_dodanmail_m_3']); // Podpis $signature = Common::getEmailSignature(); $content .= $signature; try { $MA = new MailAdapter($this->anketa, $type='account'); $MA->addRecipients($mail_user); $resultX = $MA->sendMail(stripslashes($content), $subject); } catch (Exception $e) { } if ($resultX) { $status = 1; // poslalo ok } else { $status = 2; // ni poslalo } } header("Location: index.php?a=diagnostics&t=uporabniki".($error !== FALSE ? '&error='.$error : '')); } /** * Admin: dodajanje obstojecih uporabnikov drugemu uporabniku v popupu * */ function ajax_admin_add_user_popup(){ global $lang; global $admin_type; if ($admin_type != 0) return; $manager = (isset($_POST['manager'])) ? $_POST['manager'] : '0'; $user = (isset($_POST['user'])) ? $_POST['user'] : '0'; if($manager == '' || $manager == '0' || $user == '' || $user == '0') return; $sql = sisplet_query("INSERT INTO srv_dostop_manage (manager, user) VALUES ('".$manager."', '".$user."')"); if (!$sql) echo mysqli_error($GLOBALS['connect_db']); $this->ajax_dodeljeni_uporabniki_display(); } /** * Poiščemo uporabnika, ki je v bazi */ function ajax_find_user(){ global $admin_type, $global_user_id; $json['results'] = []; if($admin_type == 0){ $sqls = sisplet_query("SELECT id, name, surname, email FROM users WHERE id NOT IN (SELECT user FROM srv_dostop_manage WHERE manager='".$global_user_id."') AND email NOT LIKE ('D3LMD-%') AND email NOT LIKE ('UNSU8MD-%') AND email LIKE '%".$_GET['term']."%' ORDER BY email", "obj"); if(!empty($sqls->email)){ $json['results'][] = [ 'id' => $sqls->id, 'text' => $sqls->email.' - '.$sqls->name.' '.$sqls->surname ]; } else{ foreach ($sqls as $user) { $json['results'][] = [ 'id' => $user->id, 'text' => $user->email.' - '.$user->name.' '.$user->surname ]; } } echo json_encode($json); } elseif ($admin_type == 1){ $email = trim($_POST['uemail']); $user = sisplet_query("SELECT id, name, surname, email FROM users WHERE id NOT IN (SELECT user FROM srv_dostop_manage WHERE manager='".$global_user_id."') AND email NOT LIKE ('D3LMD-%') AND email NOT LIKE ('UNSU8MD-%') AND email='".$email."'"); if(mysqli_num_rows($user) > 0) { echo 'success'; } else{ echo 'error'; } } } // Če je administrator /** * odstrani uporabnika iz nadzora * */ function ajax_edit_remove_user(){ global $global_user_id; global $site_url; $uid = (int) $_GET['uid']; $sql = sisplet_query("DELETE FROM srv_dostop_manage WHERE user='".$uid."' AND manager='".$global_user_id."'"); header("Location: " . $site_url . "admin/survey/index.php?a=diagnostics&t=uporabniki&m=my"); } /** * odstrani uporabnika iz managerjevega nadzora * */ function ajax_edit_remove_user_manager(){ global $global_user_id; global $site_url; $uid = (int) $_GET['uid']; $sql = sisplet_query("DELETE FROM srv_dostop_manage WHERE user='$global_user_id' AND manager='$uid'"); header("Location: " . $site_url . "admin/survey/index.php?a=diagnostics&t=uporabniki"); } /** * admin odstrani uporabnika iz nadzora drugemu uporabniku (managerju ali adminu) * */ function ajax_edit_remove_user_admin(){ global $admin_type; if($admin_type != '0') return; $manager = (isset($_POST['manager'])) ? $_POST['manager'] : '0'; $user = (isset($_POST['user'])) ? $_POST['user'] : '0'; if($manager == '' || $manager == '0' || $user == '' || $user == '0') return; $sql = sisplet_query("DELETE FROM srv_dostop_manage WHERE user='$user' AND manager='$manager'"); $this->ajax_dodeljeni_uporabniki_display(); } /** * Seznam vseh uporabnikov znotrja 1ke */ function ajax_all_users_list(){ global $admin_languages; global $global_user_id; global $lang; global $admin_type; $seznam = []; $iskanjeSql = ""; if(!empty($_POST['search']['value'])){ $iskaniNiz = $_POST['search']['value']; $iskanjeSql = " AND (u.name LIKE '%".$iskaniNiz."%' OR u.surname LIKE '%".$iskaniNiz."%' OR u.email LIKE '%".$iskaniNiz."%' OR d1.dostop_survey_count LIKE '%".$iskaniNiz."%' OR d2.dostop_survey_archive LIKE '%".$iskaniNiz."%')"; } // Pridobimo vse uporabnike $sql = "SELECT u.id as id, u.type as type, u.status, u.email as email, u.name as name, u.surname as surname, u.lang as lang, u.eduroam as aai, date_format(u.when_reg, '%d.%m.%Y') as registriran, u.gdpr_agree as gdpr_agree, dm.st_dodeljenih_uporabnikov as st_dodeljenih_uporabnikov, dm2.st_managerjev as st_managerjev, d1.dostop_survey_count as st_anket, d2.dostop_survey_archive as st_arhivskih, date_format(u.last_login, '%d.%m.%Y') as last_login, ue.email as second_email FROM users AS u ". " LEFT OUTER JOIN (SELECT srv_dostop.ank_id, srv_dostop.uid, count(*) AS dostop_survey_count FROM srv_dostop, srv_anketa WHERE srv_anketa.id=srv_dostop.ank_id AND srv_anketa.backup='0' GROUP BY srv_dostop.uid ) AS d1 ON d1.uid = u.id ". " LEFT OUTER JOIN (SELECT srv_dostop.ank_id, srv_dostop.uid, count(*) AS dostop_survey_archive FROM srv_dostop, srv_anketa WHERE srv_anketa.id=srv_dostop.ank_id AND srv_anketa.backup>'0' GROUP BY srv_dostop.uid ) AS d2 ON d2.uid = u.id ". " LEFT OUTER JOIN (SELECT srv_dostop_manage.manager, count(*) AS st_dodeljenih_uporabnikov FROM srv_dostop_manage GROUP BY srv_dostop_manage.manager) AS dm ON dm.manager = u.id ". " LEFT OUTER JOIN (SELECT srv_dostop_manage.user, count(*) AS st_managerjev FROM srv_dostop_manage GROUP BY srv_dostop_manage.user) AS dm2 ON dm2.user = u.id ". " LEFT OUTER JOIN (SELECT user_emails.email, user_emails.user_id FROM user_emails WHERE active=1) AS ue ON ue.user_id = u.id". " WHERE u.email NOT LIKE ('D3LMD-%') AND u.email NOT LIKE ('UNSU8MD-%') ".$iskanjeSql; // Filtri, ki jih datatables pošilja in po katerih filtriramo if($_POST['order'][0]['column'] < 12) { $orderPolje = [ "u.name ".$_POST['order'][0]['dir'].", u.surname", "u.email", "u.type", "u.lang", "u.eduroam", //AAI "d1.dostop_survey_count", //st_anket "d2.dostop_survey_archive", //st_arhivskih "dm.st_dodeljenih_uporabnikov", //st_dodeljenih_uporabnikov "dm2.st_managerjev", //st_managerjev "u.gdpr_agree", "u.when_reg", "u.last_login" ]; if($_POST['order'][0]['column'] == 9){ $vrednost='u.gdpr_agree desc'; if($_POST['order'][0]['dir'] == 'asc'){ $vrednost= ' FIELD (u.gdpr_agree, 0, \'-1\', 1)'; } $sql .= " ORDER BY ".$vrednost; } else { $sql .= " ORDER BY ".$orderPolje[$_POST['order'][0]['column']]." ".$_POST['order'][0]['dir']; } } if($_POST['length'] != '-1') { $sql .= " LIMIT ".$_POST['start'].", ".$_POST['length']; } $resultQuery = sisplet_query($sql); $resultU = lazyLoadSqlObj($resultQuery); // Seznam uporabnikov vrne za administratorje vse za ostale pa samo tiste, ki smo jih dodali k uporabniku. if (!empty($resultU)) { if (!empty($resultU->name)) { $vsi[] = $resultU; } else { $vsi = $resultU; } foreach ($vsi as $uporabnik) { $seznam[] = [ iconv(mb_detect_encoding( $uporabnik->name, mb_detect_order(), true), "UTF-8", $uporabnik->name) .' '.iconv(mb_detect_encoding( $uporabnik->surname, mb_detect_order(), true), "UTF-8", $uporabnik->surname), (!empty($uporabnik->second_email) ? iconv(mb_detect_encoding( $uporabnik->second_email, mb_detect_order(), true), "UTF-8", $uporabnik->second_email) : iconv(mb_detect_encoding( $uporabnik->email, mb_detect_order(), true), "UTF-8", $uporabnik->email)), $this->userTypeToText($uporabnik->type), $admin_languages[$uporabnik->lang], (!empty($uporabnik->aai) ? $this->vrniDaNe($uporabnik->aai) : $lang['no1']), (!empty($uporabnik->st_anket) ? $uporabnik->st_anket : 0), (!empty($uporabnik->st_arhivskih) ? $uporabnik->st_arhivskih : 0), ''.(!empty($uporabnik->st_dodeljenih_uporabnikov) ? $uporabnik->st_dodeljenih_uporabnikov : 0).'', (!empty($uporabnik->st_managerjev) ? $uporabnik->st_managerjev : 0), $lang["users_gdpr".$uporabnik->gdpr_agree], $uporabnik->registriran, $uporabnik->last_login, ''. ' | '. ' | ' ]; } } $sql_recordsTotal = sisplet_query("SELECT count(id) as stVseh FROM users WHERE email NOT LIKE ('D3LMD-%') AND email NOT LIKE ('UNSU8MD-%')", "obj"); // Število vseh zadetkov, ki jih imamo v bazi $recordsTotal = 0; if(!empty($sql_recordsTotal)) { $recordsTotal = $sql_recordsTotal->stVseh; } // Število filtriranih zadetkov $recordFiltered = $recordsTotal; if(!empty($_POST['search']['value'])) $recordFiltered = sizeof($vsi); echo json_encode([ "draw" => (!empty($_POST['draw']) ? $_POST['draw'] : 1), "recordsTotal" => $recordsTotal, "recordsFiltered" => $recordFiltered, "data" => $seznam // polje z vsebino ]); } /** * Seznam dodeljenih uporabnikov (manager in admin) */ function ajax_all_users_list_my(){ global $admin_languages; global $global_user_id; global $lang; global $admin_type; $seznam = []; $iskanjeSql = ""; if(!empty($_POST['search']['value'])){ $iskaniNiz = $_POST['search']['value']; $iskanjeSql = " AND (u.name LIKE '%".$iskaniNiz."%' OR u.surname LIKE '%".$iskaniNiz."%' OR u.email LIKE '%".$iskaniNiz."%' OR d1.dostop_survey_count LIKE '%".$iskaniNiz."%' OR d2.dostop_survey_archive LIKE '%".$iskaniNiz."%')"; } // Pridobimo vse uporabnike $sql = "SELECT u.id as id, u.type as type, u.status, u.email as email, u.name as name, u.surname as surname, u.lang as lang, u.eduroam as aai, date_format(u.when_reg, '%d.%m.%Y') as registriran, u.gdpr_agree as gdpr_agree, d1.dostop_survey_count as st_anket, d2.dostop_survey_archive as st_arhivskih, date_format(u.last_login, '%d.%m.%Y') as last_login, ue.email as second_email FROM users AS u ". " LEFT OUTER JOIN ( SELECT srv_dostop.ank_id, srv_dostop.uid, count(*) AS dostop_survey_count FROM srv_dostop, srv_anketa WHERE srv_anketa.id=srv_dostop.ank_id AND srv_anketa.backup='0' GROUP BY srv_dostop.uid ) AS d1 ON d1.uid = u.id ". " LEFT OUTER JOIN ( SELECT srv_dostop.ank_id, srv_dostop.uid, count(*) AS dostop_survey_archive FROM srv_dostop, srv_anketa WHERE srv_anketa.id=srv_dostop.ank_id AND srv_anketa.backup>'0' GROUP BY srv_dostop.uid ) AS d2 ON d2.uid = u.id ". " LEFT OUTER JOIN (SELECT user_emails.email, user_emails.user_id FROM user_emails WHERE active=1) AS ue ON ue.user_id = u.id". " WHERE u.email NOT LIKE ('D3LMD-%') AND u.email NOT LIKE ('UNSU8MD-%') ".$iskanjeSql; // Filter samo po lastnih uporabnikih $isciPoDomeni = ''; // Med lastne uporabnike prikažemo tudi, tiste ki so bili registrirani z isto domeno /*UserSetting :: getInstance()->Init($global_user_id); $domena = UserSetting :: getInstance()->getUserSetting('manage_domain'); if(!empty($domena)){ $isciPoDomeni = " OR u.email LIKE '%".$domena."'"; }*/ $sql .= " AND (u.id IN (SELECT user FROM srv_dostop_manage WHERE manager='".$global_user_id."') ".$isciPoDomeni.")"; // Filtri, ki jih datatables pošilja in po katerih filtriramo if($_POST['order'][0]['column'] < 10) { $orderPolje = [ "u.name ".$_POST['order'][0]['dir'].", u.surname", "u.email", "u.type", "u.lang", "u.eduroam", //AAI "d1.dostop_survey_count", //st_anket "d2.dostop_survey_archive", //st_arhivskih "u.gdpr_agree", "u.when_reg", "u.last_login" ]; if($_POST['order'][0]['column'] == 7){ $vrednost='u.gdpr_agree desc'; if($_POST['order'][0]['dir'] == 'asc'){ $vrednost= ' FIELD (u.gdpr_agree, 0, \'-1\', 1)'; } $sql .= " ORDER BY ".$vrednost; } else { $sql .= " ORDER BY ".$orderPolje[$_POST['order'][0]['column']]." ".$_POST['order'][0]['dir']; } } if($_POST['length'] != '-1') { $sql .= " LIMIT ".$_POST['start'].", ".$_POST['length']; } $resultQuery = sisplet_query($sql); $resultU = lazyLoadSqlObj($resultQuery); // Seznam uporabnikov vrne za administratorje vse za ostale pa samo tiste, ki smo jih dodali k uporabniku. if (!empty($resultU) && ($this->jeAdministrator() || !$this->jeAdministrator())) { if (!empty($resultU->name)) { $vsi[] = $resultU; } else { $vsi = $resultU; } foreach ($vsi as $uporabnik) { $seznam[] = [ iconv(mb_detect_encoding( $uporabnik->name, mb_detect_order(), true), "UTF-8", $uporabnik->name) .' '.iconv(mb_detect_encoding( $uporabnik->surname, mb_detect_order(), true), "UTF-8", $uporabnik->surname), (!empty($uporabnik->second_email) ? iconv(mb_detect_encoding( $uporabnik->second_email, mb_detect_order(), true), "UTF-8", $uporabnik->second_email) : iconv(mb_detect_encoding( $uporabnik->email, mb_detect_order(), true), "UTF-8", $uporabnik->email)), $this->userTypeToText($uporabnik->type), $admin_languages[$uporabnik->lang], (!empty($uporabnik->aai) ? $this->vrniDaNe($uporabnik->aai) : $lang['no1']), (!empty($uporabnik->st_anket) ? $uporabnik->st_anket : 0), (!empty($uporabnik->st_arhivskih) ? $uporabnik->st_arhivskih : 0), $lang["users_gdpr".$uporabnik->gdpr_agree], $uporabnik->registriran, $uporabnik->last_login, ''. ' | '. ' | ' ]; } } // Število vseh zadetkov, ki jih imamo v bazi $recordsTotal = 0; $recordsTotal = sizeof($vsi); // Število filtriranih zadetkov $recordFiltered = $recordsTotal; if(!empty($_POST['search']['value'])) $recordFiltered = sizeof($vsi); echo json_encode([ "draw" => (!empty($_POST['draw']) ? $_POST['draw'] : 1), "recordsTotal" => $recordsTotal, "recordsFiltered" => $recordFiltered, "data" => $seznam // polje z vsebino ]); } /** * Izbrišemo uporabnika, še vendo pa hranimo njegove ankete */ function ajax_all_users_list_delete(){ $uid = (!empty($_POST['uid']) ? $_POST['uid'] : null); if($this->sebeNeMoreIzbrisati($uid)){ return false; } $result = sisplet_query ("UPDATE users SET status=0, email=CONCAT('D3LMD-', UNIX_TIMESTAMP(), email) WHERE id='".$uid."'"); } function ajax_all_users_list_ban(){ $uid = (!empty($_POST['uid']) ? $_POST['uid'] : null); if($this->sebeNeMoreIzbrisati($uid)){ return false; } $user = sisplet_query ("SELECT id, status FROM users WHERE id='".$uid."'", 'obj'); $status = 0; if($user->status == 0) $status = 1; sisplet_query ("UPDATE users SET status='".$status."' WHERE id='".$uid."'"); } private function sebeNeMoreIzbrisati($id){ global $global_user_id; if($global_user_id == $id) return TRUE; return false; } private function jeAdministrator() { global $admin_type; if ($admin_type == 0) { return TRUE; } return FALSE; } /** * Pridobimo vrste uporabnika v besedilni obliki * * @param $db_type * * @return mixed */ function userTypeToText($db_type) { global $lang; $type = $lang['admin_narocnik']; switch ($db_type) { case 0: $type = $lang['admin_admin']; break; case 1: $type = $lang['admin_manager']; break; case 2: case 3: $type = $lang['admin_narocnik']; break; } return $type; } /** * Seznam vseh izbrisanih uporabnikov, ki jih pridobi datatables */ function ajax_delete_users_list() { global $admin_languages; $seznam = []; $resultQuery = sisplet_query("SELECT name, surname, SUBSTRING(REPLACE (email, 'D3LMD-', ''),11) as email, type, DATE_FORMAT(when_reg, '%d.%m.%Y') as registriran, lang FROM users WHERE email LIKE ('D3LMD-%')"); $resultU = lazyLoadSqlObj($resultQuery); if (!empty($resultU) && $this->jeAdministrator()) { if (!empty($resultU->name)) { $izbrisani[] = $resultU; } else { $izbrisani = $resultU; } foreach ($izbrisani as $uporabnik) { $seznam[] = [ iconv(mb_detect_encoding( $uporabnik->name, mb_detect_order(), true), "UTF-8", $uporabnik->name) .' '.iconv(mb_detect_encoding( $uporabnik->surname, mb_detect_order(), true), "UTF-8", $uporabnik->surname), iconv(mb_detect_encoding( $uporabnik->email, mb_detect_order(), true), "UTF-8", $uporabnik->email), $this->userTypeToText($uporabnik->type), $admin_languages[$uporabnik->lang], $uporabnik->registriran, ]; } } echo json_encode([ "data" => $seznam // polje z vsebino ]); } public function ajax_unsigned_users_list() { global $admin_languages; $seznam = []; $odjavljeniQuery = sisplet_query("SELECT name, surname, SUBSTRING(REPLACE (email, 'UNSU8MD-', ''),11) as email, type, DATE_FORMAT(when_reg, '%d.%m.%Y') as registriran, status, lang FROM users WHERE email LIKE ('UNSU8MD-%')"); $odjavljeni_db = lazyLoadSqlObj($odjavljeniQuery); if (!empty($odjavljeni_db) && $this->jeAdministrator()) { if (!empty($odjavljeni_db->name)) { $odjavljeni[] = $odjavljeni_db; } else { $odjavljeni = $odjavljeni_db; } foreach ($odjavljeni as $uporabnik) { $seznam[] = [ iconv(mb_detect_encoding( $uporabnik->name, mb_detect_order(), true), "UTF-8", $uporabnik->name) .' '.iconv(mb_detect_encoding( $uporabnik->surname, mb_detect_order(), true), "UTF-8", $uporabnik->surname), iconv(mb_detect_encoding( $uporabnik->email, mb_detect_order(), true), "UTF-8", $uporabnik->email), $this->userTypeToText($uporabnik->type), $admin_languages[$uporabnik->lang], $uporabnik->registriran, ]; } } echo json_encode([ "data" => $seznam // polje z vsebino ]); } public function ajax_unconfirmed_mail_user_list_delet_user() { $uid = (!empty($_POST['uid']) ? $_POST['uid'] : NULL); if (empty($uid)) { return NULL; } sisplet_query("DELETE FROM users_to_be WHERE id='" . $uid . "'"); echo 'ok'; } public function ajax_confirm_user_email(){ global $pass_salt; global $lang; global $app_settings; $uid = (!empty($_POST['uid']) ? $_POST['uid'] : NULL); if (empty($uid)) { return NULL; } // kopirano iz user_to_be v users $result = sisplet_query("SELECT type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, lang FROM users_to_be WHERE id='" . $uid . "'"); if (mysqli_num_rows($result) > 0) { $r = mysqli_fetch_assoc($result); $g = base64_encode((hash('SHA256', base64_decode($r['pass']) . $pass_salt))); sisplet_query("INSERT INTO users (type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, lang, manuallyApproved) VALUES ('" . $r['type'] . "', '" . $r['email'] . "', '" . $r['name'] . "', '" . $r['surname'] . "', '" . $g . "','" . $r['status'] . "', '" . $r['gdpr_agree'] . "','" . $r['when_reg'] . "', '" . $r['came_from'] . "', '" . $r['lang'] . "', 'Y')"); sisplet_query("DELETE FROM users_to_be WHERE id='" . $uid . "' OR email='" . $r['email'] . "'"); // Uporabniku posljemo email da je bil njegov racun aktiviran $Content = $lang['confirmed_user_mail']; // Podpis $signature = Common::getEmailSignature(); $Content .= $signature; // Ce gre slucajno za virutalko $Subject = $lang['confirmed_user_mail_subject']; $PageName = $app_settings['app_name']; $ZaMail = ''.' '.$Subject.''; // Besedilo v lang dilu je potrebno popravit, ker nimamo vec cel kup parametrov $Content = str_replace("SFNAME", $r['name'].' '.$r['surname'], $Content); $Content = str_replace("SFPAGENAME", $PageName, $Content); $Subject = str_replace("SFPAGENAME", $PageName, $Subject); $ZaMail .= $Content; $ZaMail .= ""; // Za testiranje brez posiljanja maila if(isDebug()) { echo $ZaMail; die(); } // Posljemo mail, da je bil racun aktiviran try{ $MA = new MailAdapter(null, 'account'); $MA->addRecipients($r['email']); $result = $MA->sendMail($ZaMail, $Subject); } catch (Exception $e){ echo $e; } echo 'ok'; } else { echo 'non'; } } public function ajax_unconfirmed_mail_user_list() { global $admin_languages; global $lang; $seznam = []; $resultQuery = sisplet_query("SELECT id, name, surname, email, type, DATE_FORMAT(when_reg, '%d.%m.%Y') as registriran, lang FROM users_to_be"); $resultU = lazyLoadSqlObj($resultQuery); if (!empty($resultU)) { // V kolikor imamo samo eno vrstico vpisano, potem objekt spremenimo v multiarray if (!empty($resultU->name)) { $nepotrjeni[] = $resultU; } else { $nepotrjeni = $resultU; } $seznam = []; foreach ($nepotrjeni as $uporabnik) { $seznam[] = [ iconv(mb_detect_encoding( $uporabnik->name, mb_detect_order(), true), "UTF-8", $uporabnik->name) .' '.iconv(mb_detect_encoding( $uporabnik->surname, mb_detect_order(), true), "UTF-8", $uporabnik->surname), iconv(mb_detect_encoding( $uporabnik->email, mb_detect_order(), true), "UTF-8", $uporabnik->email), $this->userTypeToText($uporabnik->type), $admin_languages[$uporabnik->lang], $uporabnik->registriran, ' | ' . '', ]; } } echo json_encode([ "data" => $seznam // polje z vsebino ]); } // Popup z dodeljenimi uporabniki private function ajax_dodeljeni_uporabniki_display(){ global $lang; $manager = (isset($_POST['manager'])) ? $_POST['manager'] : '0'; if($manager == '' || $manager == '0'){ return; } echo '
'; echo '

'.$lang['srv_manager_count'].'

'; echo '
'; // Seznam dodeljenih uporabnikov $sqlUsers = sisplet_query("SELECT u.id, u.name, u.surname, u.email, u.status FROM users u, srv_dostop_manage m WHERE u.id=m.user AND m.manager='".$manager."' "); if(mysqli_num_rows($sqlUsers) > 0){ echo ''; } // Dodajanje novega uporabnika echo '

'.$lang['srv_manager_add_admin'].'

'; echo '
'; echo '
'; echo '

'.$lang['srv_manager_add_user_popup'].'

'; echo '

'; echo '

'; echo ' '.$lang['add'].''; echo '



'; echo '
'; echo ''; echo '
'; echo '
'; echo '
'; echo ''.$lang['srv_zapri'].''; echo '
'; } function isAnketar() { global $admin_type; # preverimo ali je anketar return ($this->checkDostopSub('phone') && $admin_type > 1); } /** * vrne seznam vseh uporabnikov z dostopom do ankete * */ function getDostop() { $dostop = []; $dostop[0] = $this->getAdminsDostop(); $dostop[1] = $this->getManagersDostop(); $dostop[2] = $this->getUsersDostop(); return $dostop; } /** * preveri ali imajo do ankete dostop administratorji * ta funkcija ni!!! primerna za preverjat, ce prikazemo anketo * administratorju, ker se mora poleg tega preverjati se, ce je uporabnik * admin pa to * */ function getAdminsDostop() { SurveyInfo::getInstance()->SurveyInit($this->anketa); $rowa = SurveyInfo::getInstance()->getSurveyRow(); if (strtotime($rowa['dostop_admin']) >= strtotime(date("Y-m-d"))) { return $rowa['dostop_admin']; } return FALSE; } /** * kdo ima managerski dostop (od managerjev in administratorjev) * */ function getManagersDostop() { $sql = sisplet_query("SELECT u.* FROM users u, srv_dostop_manage m WHERE u.id=m.manager AND m.user IN (SELECT uid FROM srv_dostop WHERE ank_id='$this->anketa') "); while ($row = mysqli_fetch_array($sql)) { $dostop[] = $row; } return $dostop; } /** * kdo od uporabnikov ima dostop * */ function getUsersDostop() { $sql = sisplet_query("SELECT u.* FROM srv_dostop d, users u WHERE u.id=d.uid AND d.ank_id = '$this->anketa'"); while ($row = mysqli_fetch_array($sql)) { $dostop[] = $row; } return $dostop; } /** * Vrenemo besedni izraz za 1/0 iz podatkovne baze * * @param int $val * * @return mixed */ private function vrniDaNe($val = 0) { global $lang; if ($val == 1) { return $lang['yes']; } return $lang['no1']; } } ?>