From 75160b12821f7f4299cce7f0b69c83c1502ae071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 27 May 2024 13:08:29 +0200 Subject: 2024-02-19 upstream --- .../1kaDomainChange/classes/class.DomainChange.php | 258 + frontend/api/api_test.php | 3 +- frontend/api/class.ApiLogin.php | 773 +- frontend/api/class.ApiLoginController.php | 15 +- frontend/api/fb_login.php | 6 +- frontend/api/login_AAI.php | 4 - frontend/install/classes/class.DisplayCheck.php | 4 +- frontend/install/classes/class.DisplayDatabase.php | 3 +- frontend/install/classes/class.DisplaySettings.php | 13 +- frontend/install/classes/class.ImportDB.php | 6 +- frontend/install/css/style.css | 10 +- .../classes/class.ApiNarocilaController.php | 46 +- frontend/payments/classes/class.UserAccess.php | 85 +- frontend/payments/classes/class.UserNarocila.php | 229 +- .../classes/class.UserNarocilaCebelica.php | 4 +- .../payments/classes/class.UserNarocilaCron.php | 1 - .../payments/classes/class.UserNarocilaPaypal.php | 17 +- .../payments/classes/class.UserNarocilaStripe.php | 13 +- frontend/payments/classes/class.UserPlacila.php | 8 +- frontend/simple/ajax.php | 9 +- frontend/simple/classes/DisplayController.php | 514 +- frontend/simple/css/aai.css | 932 + frontend/simple/css/aai.css.map | 1 + frontend/simple/css/style.css | 1073 +- frontend/simple/css/style.css.map | 2 +- frontend/simple/index.php | 22 +- frontend/simple/script/enka-21.js | 38883 +++++++++++++++++++ frontend/simple/script/nav-mobile.js | 10 + frontend/simple/script/script.js | 41 +- 29 files changed, 42262 insertions(+), 723 deletions(-) create mode 100644 frontend/1kaDomainChange/classes/class.DomainChange.php create mode 100644 frontend/simple/css/aai.css create mode 100644 frontend/simple/css/aai.css.map create mode 100644 frontend/simple/script/enka-21.js create mode 100644 frontend/simple/script/nav-mobile.js (limited to 'frontend') diff --git a/frontend/1kaDomainChange/classes/class.DomainChange.php b/frontend/1kaDomainChange/classes/class.DomainChange.php new file mode 100644 index 0000000..085ed0e --- /dev/null +++ b/frontend/1kaDomainChange/classes/class.DomainChange.php @@ -0,0 +1,258 @@ +usr_id = $usr_id; + + // Dobimo status preklopa za userja + $sqlUser = sisplet_query("SELECT switch_status FROM 1ka_domain_change_user WHERE usr_id='".$this->usr_id."'"); + + // Uporabnik se ni naredil nic + if(mysqli_num_rows($sqlUser) == 0) + $this->user_switch_status = 0; + + $rowUser = mysqli_fetch_array($sqlUser); + $this->user_switch_status = $rowUser['switch_status']; + } + + + // Preverimo ce izvajamo na aplikaciji preklop domene + public static function check1kaDomainChange(){ + global $site_domain; + + // ZAENKRAT JE CEL MODUL UGASNJEN + return false; + + // Ce smo na www.1ka.si, oneclicksurvey.com ali enklikanketa.si + //if(in_array($site_domain, array('www.1ka.si', 'www.oneclicksurvey.com', 'www.enklikanketa.si'))){ + //if(in_array($site_domain, array(self::$domain_original, self::$domain_new))) + if($site_domain == self::$domain_original) + return true; + else + return false; + } + + + // Ali prikazujemo kreiranje, kopiranje ankete + public function domainChangeLimits(){ + global $site_domain; + + // Skrivamo samo na originalni domeni (www.1ka.si) in se ni naredil preklopa na oneclicksurvey.com + if($site_domain == self::$domain_original && $this->user_switch_status != '2'){ + + // Preverimo aktiven paket - ce nima placanega paketa, mu vse skrijemo + $userAccess = UserAccess::getInstance($this->usr_id); + $user_package = $userAccess->getPackage(); + if ($user_package != '2' && $user_package != "3"){ + return true; + } + } + + return false; + } + + // Ali prikazujemo kreiranje, kopiranje ankete + public function visibleSwitchPopup(){ + global $site_domain; + + if($site_domain != self::$domain_original) + return false; + + if($this->user_switch_status != 0) + return false; + + return true; + } + + + // Izpisemo popup obvestilo, da je funkcionalnost onemogocena in naj kupi paket + private function displaySwitchPopup(){ + global $lang; + global $site_url; + + echo '

'.$lang['domain_switch_popup_title'].'

'; + + echo ''; + + echo '

'.$lang['domain_switch_popup_text'].'

'; + + echo '
'; + echo ' '; + echo ' '; + echo '
'; + } + + + // Ajax klici + public function ajax(){ + global $site_url; + + + // Prikazemo popup z izbiro preklopa + if($_GET['a'] == 'displaySwitchPopup') { + $this->displaySwitchPopup($what); + } + + // Prikazemo popup z izbiro preklopa + elseif($_GET['a'] == 'setSwitchStatus') { + + $switch_status = isset($_POST['switch_status']) ? $_POST['switch_status'] : ''; + + if($switch_status != ''){ + + /*$sqlUser = sisplet_query("INSERT INTO 1ka_domain_change_user + (usr_id, switch_time, switch_status) + VALUES + ('".$this->usr_id."', NOW(), '".$switch_status."') + ON DUPLICATE KEY UPDATE + switch_status='".$switch_status."' + ");*/ + + // Izvede se prenos na oneclicksurvey.com - userja se odjavi na 1ka.si in prijavi na oneclicksurvey.com + if($switch_status == '2'){ + $return_data = array( + 'action' => 'switch_domain', + 'url' => $site_url.'/domain-change.php?action=logout' + ); + + echo json_encode($return_data); + } + } + } + + } + + + // Pri preklopu domene odjavimo userja iz stare domene + public static function domainChangeLogoutOld($secret_key){ + global $cookie_domain; + + // Dobmo piskotek za post na domeno oneclicksurvey.com (tam uporabnika prijavimo) + $cookie = array( + 'secret' => $_COOKIE['secret'], + 'uid' => $_COOKIE['uid'], + 'unam' => $_COOKIE['unam'] + ); + + if (isset ($_COOKIE['g2fa']) && !empty($_COOKIE['g2fa'])) + $cookie['g2fa'] = $_COOKIE['g2fa']; + + $cookie_string = json_encode($cookie); + + $cipher = "AES-256-CBC"; + $encrypted_cookie_string = openssl_encrypt($cookie_string, $cipher, $secret_key); + + + // Pobrisemo piskotek in uporabnika odjavimo + setcookie('uid', '', time() - 3600, '/', $cookie_domain); + setcookie('unam', '', time() - 3600, '/', $cookie_domain); + setcookie('secret', '', time() - 3600, '/', $cookie_domain); + setcookie('ME', '', time() - 3600, '/', $cookie_domain); + setcookie('P', '', time() - 3600, '/', $cookie_domain); + setcookie("AN", '', time() - 3600, '/', $cookie_domain); + setcookie("AS", '', time() - 3600, '/', $cookie_domain); + setcookie("AT", '', time() - 3600, '/', $cookie_domain); + + setcookie("DP", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + setcookie("DC", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + setcookie("DI", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + setcookie("SO", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + setcookie("SPO", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + setcookie("SL", $p, time() - 3600 * 24 * 365, "/", $cookie_domain); + + // pobrisi se naddomeno! (www.1ka.si naj pobrise se 1ka.si) + if (substr_count($cookie_domain, ".") > 1) { + $nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1); + + setcookie('uid', '', time() - 3600, '/', $nd); + setcookie('unam', '', time() - 3600, '/', $nd); + setcookie('secret', '', time() - 3600, '/', $nd); + setcookie('ME', '', time() - 3600, '/', $nd); + setcookie('P', '', time() - 3600, '/', $nd); + setcookie("AN", '', time() - 3600, '/', $nd); + setcookie("AS", '', time() - 3600, '/', $nd); + setcookie("AT", '', time() - 3600, '/', $nd); + + setcookie("DP", $p, time() - 3600 * 24 * 365, "/", $nd); + setcookie("DC", $p, time() - 3600 * 24 * 365, "/", $nd); + setcookie("DI", $p, time() - 3600 * 24 * 365, "/", $nd); + setcookie("SO", $p, time() - 3600 * 24 * 365, "/", $nd); + setcookie("SPO", $p, time() - 3600 * 24 * 365, "/", $nd); + setcookie("SL", $p, time() - 3600 * 24 * 365, "/", $nd); + } + + + // Preusmerimo na oneclicksurvey s parametri za prijavo + header('Location: http://'.self::$domain_new.'/domain-change.php?action=login&c='.urlencode($encrypted_cookie_string)); + } + + // Pri preklopu domene prijavimo userja v novo stran + public static function domainChangeLoginNew($secret_key){ + global $cookie_domain; + + // Check if the request is coming from an allowed domain + $referer = $_SERVER['HTTP_REFERER']; + $domain = parse_url($referer, PHP_URL_HOST); + + if ($domain != self::$domain_original) { + header("HTTP/1.0 403 Forbidden"); + die("Forbidden"); + } + + + // Get cookies from parameter + if(!isset($_GET['c']) || $_GET['c'] == ''){ + die(); + } + + $encrypted_cookie_string = $_GET['c']; + + // Decrypt cookies + $cipher = "AES-256-CBC"; + $cookie_string = openssl_decrypt($encrypted_cookie_string, $cipher, $secret_key); + $cookie = json_decode($cookie_string); + + $LifeTime = 43200; + + // Set cookies on new domain + setcookie("uid", $cookie->uid, time() + $LifeTime, '/', $cookie_domain); + setcookie("unam", $cookie->unam, time() + $LifeTime, '/', $cookie_domain); + setcookie("secret", $cookie->secret, time() + $LifeTime, '/', $cookie_domain); + + header('Location: http://'.self::$domain_new); + } +} \ No newline at end of file diff --git a/frontend/api/api_test.php b/frontend/api/api_test.php index 8be5303..e714ed5 100644 --- a/frontend/api/api_test.php +++ b/frontend/api/api_test.php @@ -7,6 +7,7 @@ // Nastavimo url api-ja $api_url = 'http://localhost/FDV/frontend/api/api.php'; +$api_url = 'https://www.1ka.si/frontend/api/api.php'; // Nastavimo identifier in key userja $identifier = ''; @@ -19,7 +20,7 @@ $action = 'logout'; // Izvedemo klic (GET ali POST) -//$result = executeGET(); +$result = executeGET(); //$result = executePOST(); diff --git a/frontend/api/class.ApiLogin.php b/frontend/api/class.ApiLogin.php index aff7d0f..d63cace 100644 --- a/frontend/api/class.ApiLogin.php +++ b/frontend/api/class.ApiLogin.php @@ -17,8 +17,12 @@ class ApiLogin var $pass; + var $method; + var $prijava = ''; + var $data; + var $EncPass; var $page_urls = []; // Url-ji za podstrani - to se bo verjetno nastavljalo v settings.php @@ -32,11 +36,10 @@ class ApiLogin global $site_path; global $site_domain; global $cookie_domain; - global $virtual_domain; // Overridi za virtualne domene na TUS strezniku - if(isset($virtual_domain) && $virtual_domain == true){ + if(isVirtual()){ if (getenv('apache_site_path') != '') $site_url = getenv('apache_site_url'); if (getenv('apache_site_path') != '') $site_path = getenv('apache_site_path'); if (getenv('apache_site_domain') != '') $site_domain = getenv('apache_site_domain'); @@ -156,38 +159,44 @@ class ApiLogin global $global_user_id; global $mysql_database_name; global $pass_salt; - global $is_meta; global $cookie_domain; - $is_meta = 0; $global_user_id = 0; $admin_type = 3; - $cookie_pass = $_COOKIE['secret']; + + $cookie_pass = isset($_COOKIE['secret']) ? $_COOKIE['secret'] : ''; - // UID je v resnici base64 od emaila, ker sicer odpove meta!!! // najprej testiram meto, potem sele userje. if (isset ($_COOKIE['uid']) && !empty($_COOKIE['g2fa'])) { $user_email = base64_decode($_COOKIE['uid']); - $db_meta_exists = mysqli_select_db($GLOBALS['connect_db'], "meta"); - if ($db_meta_exists) { - $result = sisplet_query("SELECT geslo, aid, 0 as type FROM administratorji WHERE email='$user_email'"); - } - - // NI META + $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); if (!$result || mysqli_num_rows($result) == 0) { - mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name); - $meta = 0; + // najprej poradiraij cookije! + setcookie('uid', "", time() - 3600, $cookie_domain); + setcookie('secret', "", time() - 3600, $cookie_domain); + + if (substr_count($cookie_domain, ".") > 1) { + $nd = substr($cookie_domain,strpos($cookie_domain, ".") + 1); + + setcookie('uid', "", time() - 3600, $nd); + setcookie('secret', "", time() - 3600, $nd); + } - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (!$result || mysqli_num_rows($result) == 0) { + return -1; + } + else { + $r = mysqli_fetch_row($result); + + if ($cookie_pass != $r[0]) { // najprej poradiraij cookije! setcookie('uid', "", time() - 3600, $cookie_domain); setcookie('secret', "", time() - 3600, $cookie_domain); if (substr_count($cookie_domain, ".") > 1) { - $nd = substr($cookie_domain,strpos($cookie_domain, ".") + 1); + $nd = substr($cookie_domain, + strpos($cookie_domain, ".") + 1); setcookie('uid', "", time() - 3600, $nd); setcookie('secret', "", time() - 3600, $nd); @@ -195,86 +204,14 @@ class ApiLogin return -1; } else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass != $r[0]) { - // najprej poradiraij cookije! - setcookie('uid', "", time() - 3600, $cookie_domain); - setcookie('secret', "", time() - 3600, $cookie_domain); - - if (substr_count($cookie_domain, ".") > 1) { - $nd = substr($cookie_domain, - strpos($cookie_domain, ".") + 1); - - setcookie('uid', "", time() - 3600, $nd); - setcookie('secret', "", time() - 3600, $nd); - } - - return -1; - } else { - $admin_type = $r[2]; - $global_user_id = $r[1]; - - return $r[2]; - } - } - - } // JE META - else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass == base64_encode((hash('SHA256', base64_decode($r[0]).$pass_salt)))) { - - $is_meta = 1; - $admin_type = "0"; - - mysqli_select_db($GLOBALS['connect_db'], - $mysql_database_name); - - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (mysqli_num_rows($result) > 0) { - $r = mysqli_fetch_row($result); - $global_user_id = $r[1]; - } - - return 0; - } else { - mysqli_select_db($GLOBALS['connect_db'], - $mysql_database_name); - // Obstaja tudi primer ko je IN meta IN navaden- in se je pac prijavil kot navaden user - - - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (!$result || mysqli_num_rows($result) == 0) { - return -1; - } else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass != $r[0]) { - // najprej poradiraij cookije! - setcookie('uid', "", time() - 3600, $cookie_domain); - setcookie('secret', "", time() - 3600, - $cookie_domain); - - if (substr_count($cookie_domain, ".") > 1) { - $nd = substr($cookie_domain, - strpos($cookie_domain, ".") + 1); + $admin_type = $r[2]; + $global_user_id = $r[1]; - setcookie('uid', "", time() - 3600, $nd); - setcookie('secret', "", time() - 3600, $nd); - } - - return -1; - } else { - $admin_type = $r[2]; - $global_user_id = $r[1]; - - return $r[2]; - } - } + return $r[2]; } - } - } // Ni prijavljen + } + } + // Ni prijavljen else { $admin_type = -1; @@ -285,14 +222,13 @@ class ApiLogin // Preveri ce je user ze logiran v 1ko in nastavi globalne spremenljivke in cookie (kopirano iz function.php) - public function executeAction($params, $data) + public function executeAction($params, $data, $method='') { global $site_url; global $global_user_id; global $lang; global $cookie_domain; - // Nastavimo prejete podatke if (isset($data['ime'])) { $this->ime = $data['ime']; @@ -306,10 +242,17 @@ class ApiLogin if (isset($data['pass'])) { $this->pass = $data['pass']; } + if (isset($data['method'])){ + $this->method = $data['method']; + } + if (isset($data)){ + $this->data = $data; + } if (!isset($params['action'])) { $response = 'Napaka! Manjkajo parametri!'; - } else { + } + else { switch ($params['action']) { // Login userja @@ -349,13 +292,11 @@ class ApiLogin $response = $this->userLoginAAI(); break; - // Logout userja case 'logout': $response = $this->userLogout(); break; - // Registracija userja - prvi vnos podatkov s preverjanjem case 'register': $response = $this->userRegister(); @@ -376,18 +317,11 @@ class ApiLogin $response = $this->userActivateAlternativEmail(); break; - - // Odregistracija userja - preverjanje ce se res zeli odjaviti - // case 'unregister': - // $response = $this->userUnregister(); - // break; - // Odregistracija userja - potrditev in dejanska odjava case 'unregister_confirm': $response = $this->userUnregisterConfirm(); break; - // Reset passworda userja case 'reset_password': $response = $this->userResetPassword(); @@ -397,10 +331,13 @@ class ApiLogin case 'reset_password_activate': $response = $this->userResetPasswordActivate(); break; + + default: + $response = 'Napaka! Manjkajo parametri!'; + break; } } - echo $response; } @@ -411,23 +348,45 @@ class ApiLogin { global $mysql_database_name; global $site_url; - global $lang; global $pass_salt; global $cookie_domain; global $originating_domain; global $keep_domain; - global $app_settings; + + $piskotek = []; + $error = []; + + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } // Ce imamo vklopljeno blokiranje dostopa do admina glede na ip - if(isset($app_settings['admin_allow_only_ip']) && $app_settings['admin_allow_only_ip'] != '' && !empty($app_settings['admin_allow_only_ip'])){ + $admin_allow_only_ip = AppSettings::getInstance()->getSetting('app_limits-admin_allow_only_ip'); + if($admin_allow_only_ip !== false && !empty($admin_allow_only_ip)){ $ip = $_SERVER['REMOTE_ADDR']; // Preverimo ip - ce se ne ujema ne pustimo logina - if(!in_array($ip, $app_settings['admin_allow_only_ip'])){ - header('location: '.$this->page_urls['page_login'.$this->prijava]); - die(); + if(!in_array($ip, $admin_allow_only_ip)){ + if($this->method == 'AJAX'){ + + return $this->ajaxResponse('error', 'Napaka pri prijavi.'); + + }else { + + header('location: '.$this->page_urls['page_login'.$this->prijava]); + die(); + + } } } @@ -441,12 +400,17 @@ class ApiLogin $LifeTime = $row[0]; // Cookie "remember-me" nastavimo pri FB, Google in AAi prijavi in tukaj preverjamo, če je nastavljena ta opcija - if ((isset($_POST['remember']) && $_POST['remember'] == "1") || (isset($_COOKIE['remember-me']) && $_COOKIE['remember-me'] == 1)) { + if ( + (isset($_POST['remember']) && $_POST['remember'] == "1") || + (isset($_COOKIE['remember-me']) && $_COOKIE['remember-me'] == 1) || + (isset($this->data['remember']) && $this->data['remember'] == 1) + ) { $LifeTime = 3600 * 24 * 365; } else { $LifeTime = $LifeTime; } + // Preverimo ce obstaja uporabnik s tem emailom $user_id = User::findByEmail($this->email); if (!empty($user_id)) { @@ -455,8 +419,17 @@ class ApiLogin // BAN if ($r['status'] == 0) { - header('Location: '.$this->page_urls['page_user_ban'.$this->prijava].'&error=user_ban&email='.$this->email); - die(); + + if($this->method == 'AJAX'){ + + return $this->ajaxResponse('error', $lang['cms_error_user_ban']); + + }else { + + header('Location: '.$this->page_urls['page_user_ban'.$this->prijava].'&error=user_ban&email='.$this->email); + die(); + + } } $user_lang = 1; @@ -464,6 +437,7 @@ class ApiLogin $user_lang = 2; } + // Preverimo ce je password ok if (base64_encode((hash('SHA256', $this->pass.$pass_salt))) == $r['pass'] || $this->EncPass == $r['pass']) { @@ -482,41 +456,153 @@ class ApiLogin // Ustvarimo login cookie - setcookie("uid", base64_encode($r['email']), time() + $LifeTime, '/', $cookie_domain); + if($this->method == 'AJAX') { + $piskotek['uid'] = [ + 'ime' => 'uid', + 'vrednost' => base64_encode($r['email']), + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + } + else { + setcookie("uid", base64_encode($r['email']), time() + $LifeTime, '/', $cookie_domain); + } //Preverimo če gre za Google 2FA $user_2fa_enabled = User::option($r['id'], 'google-2fa-validation'); if(!empty($user_2fa_enabled) && $user_2fa_enabled != 'NOT'){ - setcookie("g2fa", base64_encode($user_2fa_enabled), time() + $LifeTime, '/', $cookie_domain); - header('location: '.$this->page_urls['page_login_2fa']); - die(); + + // TODO - 2fa v drupalu - pootrebno narediti, zaenkrat ugasnjeno + if($this->method == 'AJAX'){ + + $piskotek['g2fa'] = [ + 'ime' => 'g2fa', + 'vrednost' => base64_encode($user_2fa_enabled), + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + + return $this->ajaxResponse('success', [ + 'google_2fa' => true, + 'piskotek' => $this->cookieEncode($piskotek) + ]); + } + else{ + setcookie("g2fa", base64_encode($user_2fa_enabled), time() + $LifeTime, '/', $cookie_domain); + + header('location: '.$this->page_urls['page_login_2fa']); + die(); + } } // Ustvarimo piškotek še z imenom in geslom - setcookie("unam", base64_encode($r['name'].' '.$r['surname']),time() + $LifeTime, '/', $cookie_domain); - setcookie("secret", $r['pass'], time() + $LifeTime, '/', $cookie_domain); + + if($this->method == 'AJAX'){ + + $piskotek['unam'] = [ + 'ime' => 'unam', + 'vrednost' => base64_encode($r['name'].' '.$r['surname']), + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + + + $piskotek['secret'] = [ + 'ime' => 'secret', + 'vrednost' => $r['pass'], + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + + + } else { + setcookie("unam", base64_encode($r['name'].' '.$r['surname']),time() + $LifeTime, '/', $cookie_domain); + setcookie("secret", $r['pass'], time() + $LifeTime, '/', $cookie_domain); + } - if ($r['status'] == "2" || $r['status'] == "6") { - setcookie("P", time(), time() + $LifeTime, '/', $cookie_domain); - header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password'); - die(); + // Ce imamo v aplikaciji vklopljeno potrjevanje adminov + if (AppSettings::getInstance()->getSetting('confirm_registration') === true){ + + if ($r['status'] == "2" || $r['status'] == "6") { + + if($this->method == 'AJAX'){ + + $piskotek['P'] = [ + 'ime' => 'P', + 'vrednost' => time(), + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + 'secure' => true + ] + ]; + $error['password'] = $lang['cms_error_password']; + + return $this->ajaxResponse('error', [ + 'piskotek' => $this->cookieEncode($piskotek), + 'error' => $error + ]); + + } + else{ + setcookie("P", time(), time() + $LifeTime, '/', $cookie_domain); + header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password'); + die(); + } + } } } else { // Password prompt - header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password'); - die(); + if($this->method == 'AJAX'){ + + return $this->ajaxResponse('error', $lang['cms_error_password']); + + }else{ + header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password'); + die(); + } } } else { // Preverimo, če je sploh vpisal email if (validEmail($this->email)) { - // Emaila ni v bazi - header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email); + if($this->method == 'AJAX'){ + + return $this->ajaxResponse('error', $lang['cms_error_email_or_password_doesnt_exist']); + + }else{ + // Emaila ni v bazi + header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email); + } } else { - // Ni vpisana prava oblika maila - header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email); + if($this->method == 'AJAX'){ + + return $this->ajaxResponse('error', $lang['cms_error_email']); + + + }else{ + // Ni vpisana prava oblika maila + header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email); + } } die(); } @@ -531,41 +617,84 @@ class ApiLogin die(); } + // Vse je ok - prijavljenega preusmerimo na moje ankete + if($this->method == 'AJAX'){ + return $this->ajaxResponse('success', [ + 'url' => $site_url.'admin/survey/index.php?lang='.$user_lang, + 'piskotek' => $this->cookieEncode($piskotek) + ]); + } + header('location: '.$site_url.'admin/survey/index.php?lang='.$user_lang); + die(); } // Prijava z Google 2 FA private function userLogin2fa() { - global $site_url, $cookie_domain; + global $site_url, $cookie_domain, $lang; $email = null; if(!empty($_COOKIE['uid'])){ $email = base64_decode($_COOKIE['uid']); + }elseif(empty($email) && !empty($this->data['uid'])){ + $email = base64_decode($this->data['uid']); } $user_id = User::findByEmail($email); $user= sisplet_query("SELECT type, pass, status, name, surname, email FROM users WHERE id='".$user_id."'", "obj"); $secret = User::option($user_id, 'google-2fa-secret'); - if(!empty($secret) && $_POST['google_2fa_number']){ + + $google2fa_number = $_POST['google_2fa_number']; + if(empty($google2fa_number)){ + $google2fa_number = $this->data['google_2fa_number']; + } + + if(!empty($secret) && $google2fa_number){ $google2fa = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $user_lang = 1; - if (!empty($_POST['jezik']) && $_POST['jezik'] == 'en') { + if (!empty($_POST['jezik']) && $_POST['jezik'] == 'en' || !empty($this->data['jezik']) && $this->data['jezik'] == 'en') { $user_lang = 2; } // 2FA je bila uspešna - if ($google2fa->checkCode($secret, $_POST['google_2fa_number'])) { + if ($google2fa->checkCode($secret, $google2fa_number)) { $result = sisplet_query("SELECT value FROM misc WHERE what='CookieLife'", "obj"); $LifeTime = $result->value; - - // Ustvarimo piškotek še z imenom in geslom - setcookie("unam", base64_encode($user->name.' '.$user->surname),time() + $LifeTime, '/', $cookie_domain); - setcookie("secret", $user->pass, time() + $LifeTime, '/', $cookie_domain); + $piskotek = []; + + if($this->method == 'AJAX') { + $piskotek['unam'] = [ + 'ime' => 'unam', + 'vrednost' => base64_encode($user->name.' '.$user->surname), + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + $piskotek['secret'] = [ + 'ime' => 'secret', + 'vrednost' => $user->pass, + 'opcije' => [ + 'expires' => time() + $LifeTime, + 'path' => '/', + 'domain' => $cookie_domain, + //'secure' => true + ] + ]; + } + else { + // Ustvarimo piškotek še z imenom in geslom + setcookie("unam", base64_encode($user->name.' '.$user->surname),time() + $LifeTime, '/', $cookie_domain); + setcookie("secret", $user->pass, time() + $LifeTime, '/', $cookie_domain); + } // Zabelezimo datum prijave @@ -580,13 +709,24 @@ class ApiLogin $hostname = $_SERVER["REMOTE_ADDR"]; } sisplet_query("INSERT INTO user_login_tracker (uid, IP, kdaj) VALUES ('".$user_id."', '".$hostname."', NOW())"); - + + + if($this->method == 'AJAX'){ + return $this->ajaxResponse('success', [ + 'url' => $site_url.'admin/survey/index.php?lang='.$user_lang, + 'piskotek' => $this->cookieEncode($piskotek) + ]); + } // Vse je ok - prijavljenega preusmerimo na moje ankete header('location: '.$site_url.'admin/survey/index.php?lang='.$user_lang); die(); } + if($this->method == 'AJAX'){ + return $this->ajaxResponse('error', $lang['google_2fa_user_error_code']); + } + // Vse neuspešne poskuse ali napačen email header('location: '. $this->page_urls['page_login_2fa'].'&error=2fa'); die(); @@ -602,12 +742,21 @@ class ApiLogin { require_once('../../function/JWT.php'); - global $google_login_client_id; - global $google_login_client_secret; global $site_url; - global $lang; global $proxy; + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } + $oauth2_code = $_GET['code']; $discovery = json_decode(file_get_contents('https://accounts.google.com/.well-known/openid-configuration')); @@ -617,8 +766,8 @@ class ApiLogin 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query([ - 'client_id' => $google_login_client_id, - 'client_secret' => $google_login_client_secret, + 'client_id' => AppSettings::getInstance()->getSetting('google-login_client_id'), + 'client_secret' => AppSettings::getInstance()->getSetting('google-login_client_secret'), 'code' => $oauth2_code, 'grant_type' => 'authorization_code', 'redirect_uri' => $site_url.'frontend/api/google-oauth2.php', @@ -634,8 +783,8 @@ class ApiLogin 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query([ - 'client_id' => $google_login_client_id, - 'client_secret' => $google_login_client_secret, + 'client_id' => AppSettings::getInstance()->getSetting('google-login_client_id'), + 'client_secret' => AppSettings::getInstance()->getSetting('google-login_client_secret'), 'code' => $oauth2_code, 'grant_type' => 'authorization_code', 'redirect_uri' => $site_url.'frontend/api/google-oauth2.php', @@ -713,11 +862,9 @@ class ApiLogin // Prijavi userja v 1ko z FB racunom (kopirano iz ProfileClass.php) - PRETESTIRATI private function userLoginFacebook() { - global $facebook_appid; - global $facebook_appsecret; global $cookie_path; - if ($r = file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?client_id=".$facebook_appid."&redirect_uri=https://www.1ka.si/frontend/api/fb_login.php&client_secret=".$facebook_appsecret."&code=".$_GET['code'])) { + if ($r = file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?client_id=".AppSettings::getInstance()->getSetting('facebook-appid')."&redirect_uri=https://www.1ka.si/frontend/api/fb_login.php&client_secret=".AppSettings::getInstance()->getSetting('facebook-appsecret')."&code=".$_GET['code'])) { $at = json_decode($r); $user = json_decode(file_get_contents('https://graph.facebook.com/me?fields=email,first_name,last_name&access_token='.$at->{'access_token'})); @@ -895,11 +1042,14 @@ class ApiLogin sort($mails); $mail = $mails[0]; - $ime = $data[1]; - $priimek = $data[2]; + // Pridobimo aai (shibboleth) "uuid" + $aai_id = $data[1]; - $njegova = $data[3]; - $moja = $data[4]; + $ime = $data[2]; + $priimek = $data[3]; + + $njegova = $data[4]; + $moja = $data[5]; // Preverimo ce ima veljaven token (najprej pobrisemo stare) @@ -911,14 +1061,15 @@ class ApiLogin $pass = base64_encode((hash('SHA256', "e5zhbWRTEGW&u375ejsznrtztjhdtz%WZ&".$pass_salt))); // Preverimo ce obstaja user v bazi - $user_id_1ka = User::findByEmail($mail); + $user_id_1ka = User::findByEmail_AAI($mail, $aai_id); + if (empty($user_id_1ka)) { // Nastavimo pass $pass = base64_encode(hash('SHA256', "e5zhbWRTEGW&u375ejsznrtztjhdtz%WZ&".$pass_salt)); // dodaj ga v bazo - sisplet_query("INSERT INTO users (email, name, surname, type, pass, eduroam, when_reg) VALUES ('$mail', '$ime', '$priimek', '3', '".$pass."', '1', NOW())"); + sisplet_query("INSERT INTO users (email, aai_id, name, surname, type, pass, eduroam, when_reg) VALUES ('$mail', '$aai_id', '$ime', '$priimek', '3', '".$pass."', '1', NOW())"); // Pridobimo id dodanega userja $user_id = mysqli_insert_id($GLOBALS['connect_db']); @@ -926,10 +1077,11 @@ class ApiLogin else { // potegni geslo in mu daj kuki - $result = sisplet_query("SELECT pass, id FROM users WHERE id='".$user_id_1ka."'"); + $result = sisplet_query("SELECT pass, email FROM users WHERE id='".$user_id_1ka."'"); $r = mysqli_fetch_row($result); $pass = $r[0]; + $mail = $r[1]; $user_id = $user_id_1ka; } @@ -976,7 +1128,49 @@ class ApiLogin global $site_url; global $cookie_domain; global $global_user_id; - global $aai_instalacija; + + if($this->method == 'AJAX') { + + $domene[] = $cookie_domain; + if(substr_count($cookie_domain, '.') > 1){ + $domene[] = substr($cookie_domain, strpos($cookie_domain, '.') + 1); + } + + foreach($domene as $key => $domena) { + $piskotek['uid_'.$key] = [ + 'ime' => 'uid', + 'vrednost' => '', + 'opcije' => [ + 'expires' => time() - 3600, + 'path' => '/', + 'domain' => $domena + ] + ]; + $piskotek['unam_'.$key] = [ + 'ime' => 'unam', + 'vrednost' => '', + 'opcije' => [ + 'expires' => time() - 3600, + 'path' => '/', + 'domain' => $domena + ] + ]; + $piskotek['secret_'.$key] = [ + 'ime' => 'secret', + 'vrednost' => '', + 'opcije' => [ + 'expires' => time() - 3600, + 'path' => '/', + 'domain' => $domena + ] + ]; + } + + return $this->ajaxResponse('success', [ + 'url' => $site_url, + 'piskotek' => $this->cookieEncode($piskotek) + ]); + } setcookie('uid', '', time() - 3600, '/', $cookie_domain); setcookie('unam', '', time() - 3600, '/', $cookie_domain); @@ -1017,7 +1211,7 @@ class ApiLogin } // Ce gre za arnes aai odjavo odjavimo posebej - if ($aai_instalacija){ + if (isAAI()){ setcookie("aai", '', time() - 3600, '/', $cookie_domain); header('location: '.$site_url.'/logout_AAI.php?return='.$site_url); die(); @@ -1030,31 +1224,37 @@ class ApiLogin // Registrira userja v 1ko - vnos podatkov private function userRegister() { - global $secret_captcha; - $error = []; - $email = (isset($_POST['email'])) ? $_POST['email'] : ''; - $ime = (isset($_POST['ime'])) ? $_POST['ime'] : ''; - $geslo = (isset($_POST['geslo'])) ? $_POST['geslo'] : ''; - $geslo2 = (isset($_POST['geslo2'])) ? $_POST['geslo2'] : ''; - $agree = (isset($_POST['agree'])) ? $_POST['agree'] : '0'; - $gdprAgree = (isset($_POST['gdpr-agree'])) ? $_POST['gdpr-agree'] : '0'; - $ajaxKlic = (isset($_POST['ajax'])) ? $_POST['ajax'] : '0'; // Če izvajamo registracjo preko drupala, ker se pošlje post request preko ajaxa + $email = (isset($this->data['email'])) ? $this->data['email'] : ''; + $ime = (isset($this->data['ime'])) ? $this->data['ime'] : ''; + $geslo = (isset($this->data['geslo'])) ? $this->data['geslo'] : ''; + $geslo2 = (isset($this->data['geslo2'])) ? $this->data['geslo2'] : ''; + $agree = (isset($this->data['agree'])) ? $this->data['agree'] : '0'; + $gdprAgree = (isset($this->data['gdpr-agree'])) ? $this->data['gdpr-agree'] : '0'; + $ajaxKlic = (isset($this->data['ajax'])) ? $this->data['ajax'] : '0'; // Če izvajamo registracjo preko drupala, ker se pošlje post request preko ajaxa - $varnostno_polje = (isset($_POST['varnostno-polje'])) ? $_POST['varnostno-polje'] : false; + $varnostno_polje = (isset($this->data['varnostno-polje'])) ? $this->data['varnostno-polje'] : false; if (!empty($varnostno_polje)) { - header('Location: '.$this->page_urls['page_robot_redirect']); - die(); + + if($this->method == 'AJAX'){ + return $this->ajaxResponse('error', [ + 'url' => $this->page_urls['page_robot_redirect'], + 'message' => 'Robot' + ]); + } else { + header('Location: ' . $this->page_urls['page_robot_redirect']); + die(); + } } // Preverimo ReCaptcha - if (!empty($secret_captcha)) { - $recaptchaResponse = $_POST['g-recaptcha-response']; - $requestReCaptcha = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret_captcha."&response=".$recaptchaResponse); + if (AppSettings::getInstance()->getSetting('google-secret_captcha') !== false) { + $recaptchaResponse = $this->data['g-recaptcha-response']; + $requestReCaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . AppSettings::getInstance()->getSetting('google-secret_captcha') . '&response=' . $recaptchaResponse); - if (!strstr($requestReCaptcha, "true")) { + if (!strstr($requestReCaptcha, 'true')) { $error['invalid_recaptcha'] = '1'; } } @@ -1097,13 +1297,12 @@ class ApiLogin if($ime != ''){ do { $add++; - $sqln = sisplet_query("SELECT * from users WHERE name='".str_replace("'", - "", $ime).$add."'"); + $sqln = sisplet_query("SELECT * from users WHERE name='".str_replace("'","", $ime).$add."'"); if (mysqli_num_rows($sqln) == 0) { $najdu = 1; } - } while ($najdu = 0); + } while ($najdu == 0); // Novo ime ki ga predlagamo $ime = $ime.$add; @@ -1122,8 +1321,7 @@ class ApiLogin if (!empty($error)) { if($ajaxKlic){ - echo json_encode($this->preveriNapake($error)); - die(); + return $this->ajaxResponse('error', $this->preveriNapake($error)); } // Ime in email posljemo nazaj v urlju @@ -1140,11 +1338,8 @@ class ApiLogin } // Vse je ok - preusmerimo na potrditveno stran else { - if($ajaxKlic){ - echo json_encode([ - 'success' => '1' - ]); - die(); + if($ajaxKlic || $this->method == 'AJAX'){ + return $this->ajaxResponse('success'); } // Hidden form, ki ga z js potem postamo naprej (da prenesemo vnesene podatke na naslednjo stran) @@ -1166,21 +1361,20 @@ class ApiLogin } } - private function preveriNapake($parametri) { // Nastavimo jezik $language = 1; - if(isset($_POST['language'])){ - $language = $_POST['language']; + if(isset($this->data['language'])){ + $language = $this->data['language']; } - elseif(isset($_POST['jezik'])){ - $language = ($_POST['jezik'] == 'en' ? 2 : 1); + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); } if(is_numeric($language)){ - include_once('../../lang/'.$language.'.php'); + include('../../lang/'.$language.'.php'); } $napaka = []; @@ -1260,32 +1454,28 @@ class ApiLogin global $site_url; global $site_path; global $site_domain; - global $virtual_domain; global $pass_salt; - global $lang; - global $confirm_registration; - global $app_settings; - $email = (isset($_POST['email']) ? $_POST['email'] : ''); - $ime = (isset($_POST['ime']) ? $_POST['ime'] : ''); - //$geslo = (isset($_POST['geslo']) ? base64_decode($_POST['geslo']) : ''); - $geslo = (isset($_POST['geslo']) ? $_POST['geslo'] : ''); - $gdprAgree = (isset($_POST['gdpr-agree']) ? $_POST['gdpr-agree'] : 0); - $ajax = (isset($_POST['ajax']) ? $_POST['ajax'] : 0); // če je Drupal ajax request + $email = (isset($this->data['email']) ? $this->data['email'] : ''); + $ime = (isset($this->data['ime']) ? $this->data['ime'] : ''); + //$geslo = (isset($this->data['geslo']) ? base64_decode($this->data['geslo']) : ''); + $geslo = (isset($this->data['geslo']) ? $this->data['geslo'] : ''); + $gdprAgree = (isset($this->data['gdpr-agree']) ? $this->data['gdpr-agree'] : 0); + $ajax = (isset($this->data['ajax']) ? $this->data['ajax'] : 0); // če je Drupal ajax request // Nastavimo jezik $language = 1; - if(isset($_POST['language'])){ - $language = $_POST['language']; + if(isset($this->data['language'])){ + $language = $this->data['language']; } - elseif(isset($_POST['jezik'])){ - $language = ($_POST['jezik'] == 'en' ? 2 : 1); + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); } if(is_numeric($language)){ - include_once('../../lang/'.$language.'.php'); + include('../../lang/'.$language.'.php'); } @@ -1301,7 +1491,7 @@ class ApiLogin $priimek = ''; // Ce imamo vklopljeno potrjevanje urednika aplikacije ga potrdi admin - if (isset($confirm_registration) && $confirm_registration == 1) + if (AppSettings::getInstance()->getSetting('confirm_registration') === true) $status = 2; else $status = 1; @@ -1312,6 +1502,13 @@ class ApiLogin // naredi link za aktivacijo $code = base64_encode((hash('SHA256', time().$pass_salt.$email.$ime))); + + // Dodatno preverimo ce imamo vse podatke da ne morejo spamati - dodatno varnostno + if ($email == '' || !validEmail($email) || $ime == '' || $g == '') { + die(); + } + + // Vstavimo novega userja v users_to_be kjer caka na aktivacijo $result = sisplet_query("INSERT INTO users_to_be (type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, timecode, code, lang) @@ -1332,16 +1529,16 @@ class ApiLogin $Content .= $lang['confirm_user_mail_ignore']; // Ce gre slucajno za virutalko - $Subject = ($virtual_domain) ? $lang['confirm_user_mail_subject_virtual'] : $lang['confirm_user_mail_subject']; + $Subject = (isVirtual()) ? $lang['confirm_user_mail_subject_virtual'] : $lang['confirm_user_mail_subject']; // Ce mora admin potrditi dobi email admin in ne uporabnik! - if(isset($confirm_registration) && $confirm_registration == 1){ + if(AppSettings::getInstance()->getSetting('confirm_registration') === true){ // Popravimo besedilo emaila $Content = $lang['confirm_user_mail_admin']; } - $PageName = $app_settings['app_name']; + $PageName = AppSettings::getInstance()->getSetting('app_settings-app_name'); $ZaMail = ''.' '.$Subject.''; @@ -1358,7 +1555,7 @@ class ApiLogin $Subject = str_replace("SFPAGENAME", $PageName, $Subject); // Ce gre slucajno za virutalko - if($virtual_domain) + if(isVirtual()) $Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject); @@ -1368,7 +1565,8 @@ class ApiLogin // Za testiranje brez posiljanja maila if(isDebug()) { - echo $ZaMail; + return $this->ajaxResponse('success',['mail' => $ZaMail, 'code' => $code]); + echo $ZaMail; die(); } @@ -1377,8 +1575,8 @@ class ApiLogin $MA = new MailAdapter(null, 'account'); // Ce mora admin potrditi, posljemo njemu mail - if(isset($confirm_registration) && $confirm_registration == 1){ - global $confirm_registration_admin; + if(AppSettings::getInstance()->getSetting('confirm_registration') === true){ + $confirm_registration_admin = AppSettings::getInstance()->getSetting('confirm_registration_admin'); if(is_array($confirm_registration_admin)){ // Mail posljemo vsem nastavljenim adminom @@ -1401,11 +1599,8 @@ class ApiLogin } - if($ajax){ - echo json_encode([ - 'success' => 1 - ]); - die(); + if($ajax || $this->method == 'AJAX'){ + return $this->ajaxResponse('success'); } @@ -1419,15 +1614,23 @@ class ApiLogin // Po poslanem mailu po registraciji, user klikne na url in ga aktiviramo (kopiramo iz tabele users_to_be v tabelo users) private function userRegisterActivate() { - global $lang; global $site_url; global $site_path; global $site_domain; - global $virtual_domain; global $pass_salt; global $cookie_domain; - global $confirm_registration; - global $app_settings; + + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } if (!isset ($_GET['code'])) { @@ -1457,14 +1660,14 @@ class ApiLogin $pass = $r['pass']; $ime = $r['name']; - $PageName = $app_settings['app_name']; + $PageName = AppSettings::getInstance()->getSetting('app_settings-app_name'); include_once('../../lang/'.$r['lang'].'.php'); $Content = $lang['confirm_user_content']; $Subject = $lang['confirm_user_subject']; // Ce je ga moramo po registraciji odobriti dobi drugacno sporocilo - if (isset($confirm_registration) && $confirm_registration == 1){ + if (AppSettings::getInstance()->getSetting('confirm_registration') === true){ $UserContent = $lang['register_user_banned_content']; } else{ @@ -1481,7 +1684,7 @@ class ApiLogin $out = ''; // Ce gre slucajno za virtualko - $Subject = ($virtual_domain) ? $lang['register_user_subject_virtual'] : $lang['register_user_subject']; + $Subject = (isVirtual()) ? $lang['register_user_subject_virtual'] : $lang['register_user_subject']; $UserContent = str_replace("SFNAME", $ime, $UserContent); $UserContent = str_replace("SFMAIL", $email, $UserContent); @@ -1493,7 +1696,7 @@ class ApiLogin $Subject = str_replace("SFPAGENAME", $PageName, $Subject); // Ce gre slucajno za virtualko - if($virtual_domain) + if(isVirtual()) $Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject); if ($geslo2 == "") { @@ -1532,7 +1735,7 @@ class ApiLogin } // Ce imamo vklopljeno potrjevanje urednika aplikacije je to izvedel admin in ne prijavljamo - if (!isset($confirm_registration) || $confirm_registration != 1){ + if (AppSettings::getInstance()->getSetting('confirm_registration') !== true){ // določi še, od kje se je prijavil $hostname = ""; @@ -1566,7 +1769,17 @@ class ApiLogin private function userActivateAlternativEmail() { - global $lang; + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } if (!isset ($_GET['enc'])) { echo $lang['alternative_email_confirm_error']; @@ -1615,7 +1828,6 @@ class ApiLogin global $lang; global $global_user_id; global $cookie_domain; - global $app_settings; $email = $global_user_id; @@ -1630,14 +1842,14 @@ class ApiLogin } } - $result = sisplet_query("SELECT value FROM misc WHERE what='ByeEmail'"); - list ($ByeEmail) = mysqli_fetch_row($result); - $result = sisplet_query("SELECT value FROM misc WHERE what='ByeEmailSubject'"); - list ($ByeEmailSubject) = mysqli_fetch_row($result); + + $ByeEmail = '

Spoštovani,

Uspešno ste se odjavili iz spletnega mesta www.1ka.si.

Veseli nas, da ste preizkusili orodje 1ka.

SFPAGENAME ekipa

'; + $ByeEmailSubject = 'Uspešna odjava'; + $result = sisplet_query("SELECT name FROM users WHERE email='$email'"); - list ($ime) = mysqli_fetch_row($result); + [$ime] = mysqli_fetch_row($result); - $PageName = $app_settings['app_name']; + $PageName = AppSettings::getInstance()->getSetting('app_settings-app_name'); $ByeEmail = str_replace("SFPAGENAME", $PageName, $ByeEmail); if (strlen($ime) > 2) { @@ -1705,16 +1917,25 @@ class ApiLogin // Resetira geslo userja (kopirano iz ProfileClass.php) - PRETESTIRATI private function userResetPassword() { - global $lang; global $site_url; global $pass_salt; global $site_path; global $site_domain; - global $virtual_domain; global $cookie_domain; - global $app_settings; - if (isset ($_GET['email']) || isset ($_POST['email'])) { + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } + + if (isset ($_GET['email']) || isset ($_POST['email']) || isset($this->email)) { if (isset ($_GET['email'])) { $email = strtolower($_GET['email']); @@ -1722,15 +1943,18 @@ class ApiLogin if (isset ($_POST['email'])) { $email = strtolower($_POST['email']); } + if (isset ($this->email)) { + $email = strtolower($this->email); + } $email = CleanXSS($email); // Ali gre za ajax klic $ajaxKlic = false; - if(!empty($_POST['ajax'])){ + if(!empty($_POST['ajax']) || $this->method == 'AJAX'){ $ajaxKlic = true; - if($_POST['lang'] == 'en' || $_POST['jezik'] == 'en'){ + if($this->data['lang'] == 'en' || $this->data['jezik'] == 'en'){ include('../../lang/2.php'); } else { @@ -1744,40 +1968,39 @@ class ApiLogin // Ce emaila ni v bazi $user_id_1ka = User::findByEmail($email); + if (empty($user_id_1ka)) { - if($ajaxKlic){ - echo json_encode([ - 'type' => 'error', - 'text' => $lang['cms_error_no_email'] - ]); + if($ajaxKlic || $this->method == 'AJAX'){ + return $this->ajaxResponse('error', ['text' => $lang['cms_error_no_email']]); }else { header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$email); } die(); } else { $result = sisplet_query("SELECT name, pass, surname FROM users WHERE id='".$user_id_1ka."'"); - list ($ime, $geslo, $priimek) = mysqli_fetch_row($result); + [$ime, $geslo, $priimek] = mysqli_fetch_row($result); } // Novo geslo sestavis iz dveh nakljucnih besed + stevilke - include_once($site_path.'lang/words_'.$lang['language_short'].'.php'); + include($site_path.'lang/words_'.$lang['language_short'].'.php'); - $geslo = strtolower($words[rand(0, 999)].rand(0, 9).$words[rand(0, 999)]); + // Prva črka je velika začetnica št in male črke, da je v skladu s kompleksnostjo + $geslo = ucfirst(strtolower($words[rand(0, 999)].rand(0, 9).$words[rand(0, 999)])); // passhint je parameter v linku ki ga skombiniras skupaj z emailom in mu potem aktiviras novo geslo $passhint = base64_encode((hash('SHA256', time().$pass_salt))); $chk = sisplet_query("SELECT id FROm users WHERE email='$email' AND UNIX_TIMESTAMP(NOW())-LastLP>600"); if (mysqli_num_rows($chk) > 0) { - $result = sisplet_query("UPDATE users SET LastLP=UNIX_TIMESTAMP(NOW()), lost_password='".base64_encode((hash(SHA256, $geslo.$pass_salt)))."', lost_password_code='$passhint' WHERE email='$email'"); + $result = sisplet_query("UPDATE users SET LastLP=UNIX_TIMESTAMP(NOW()), lost_password='".base64_encode((hash('SHA256', $geslo.$pass_salt)))."', lost_password_code='$passhint' WHERE email='$email'"); // Ce gre slucajno za virtualko - $Subject = ($virtual_domain) ? $lang['lost_pass_subject_virtual'] : $lang['lost_pass_subject']; + $Subject = (isVirtual()) ? $lang['lost_pass_subject_virtual'] : $lang['lost_pass_subject']; $Content = $lang['lost_pass_mail']; - $PageName = $app_settings['app_name']; + $PageName = AppSettings::getInstance()->getSetting('app_settings-app_name'); $ZaMail = ''.' '.$Subject.''; @@ -1799,7 +2022,7 @@ class ApiLogin $Subject = str_replace("SFPAGENAME", $PageName, $Subject); // Ce gre slucajno za virtualko - if($virtual_domain) + if(isVirtual()) $Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject); if ($LoginWith == 1) { @@ -1832,11 +2055,8 @@ class ApiLogin } } - if($ajaxKlic){ - echo json_encode([ - 'type' => 'success', - 'text' => $lang['lp_sent'].'.' - ]); + if($ajaxKlic || $this->method == 'AJAX'){ + return $this->ajaxResponse('success', ['text' => $lang['lp_sent']]); }else { // Preusmerimo na stran potrditve header('location: '.$this->page_urls['page_reset_password'].'&email='.$email); @@ -1850,11 +2070,22 @@ class ApiLogin // Aktivira resetirano geslo userja (kopirano iz ProfileClass.php) - PRETESTIRATI private function userResetPasswordActivate() { - global $lang; global $site_url; global $pass_salt; global $cookie_domain; + $language = 1; + if(isset($this->data['language'])){ + $language = $this->data['language']; + } + elseif(isset($this->data['jezik'])){ + $language = ($this->data['jezik'] == 'en' ? 2 : 1); + } + + if(is_numeric($language)){ + include('../../lang/'.$language.'.php'); + } + $ajaxKlic = (!empty($_POST['ajax']) ? true : false); if (isset($_POST['code']) && isset($_POST['email']) && isset($_POST['pass'])) { @@ -1911,4 +2142,22 @@ class ApiLogin header('location: '.$this->page_urls['page_reset_password_activate'].'&code='.$code.'&error=1'); } } + + private function ajaxResponse($type, $data = []) + { + echo json_encode([ + 'type' => $type, + 'data' => $data + ]); + + die(); + } + + /* + * Kodiramo piškotek, ki ga posredujemo preko cUrl-ja + */ + private function cookieEncode(array $piskotek) + { + return base64_encode(serialize($piskotek)); + } } \ No newline at end of file diff --git a/frontend/api/class.ApiLoginController.php b/frontend/api/class.ApiLoginController.php index d3a0100..222adcf 100644 --- a/frontend/api/class.ApiLoginController.php +++ b/frontend/api/class.ApiLoginController.php @@ -22,8 +22,11 @@ class ApiLoginController{ // Preberemo poslane podatke - //$this->processCall(); - $this->processCallForm(); + $this->processCall(); + + if(empty($this->data)) { + $this->processCallForm(); + } /*echo 'Params:'; @@ -31,11 +34,10 @@ class ApiLoginController{ echo '
Data:'; var_dump($this->data); echo 'Metoda: '.$this->method;*/ - - + // Izvedemo akcijo - $login = new ApiLogin(); - $login->executeAction($this->params, $this->data); + $login = new ApiLogin(); + $login->executeAction($this->params, $this->data, $this->method); } @@ -51,6 +53,7 @@ class ApiLoginController{ // Preberemo podatke iz post-a $this->data = json_decode(file_get_contents('php://input'), true); + } // Preberemo poslane podatke (ce posiljamo direktno iz forme) diff --git a/frontend/api/fb_login.php b/frontend/api/fb_login.php index 07e4842..f772c0f 100644 --- a/frontend/api/fb_login.php +++ b/frontend/api/fb_login.php @@ -1,20 +1,16 @@ FBLogin();*/ $login = new ApiLogin(); $login->executeAction($params=array('action'=>'login_facebook'), $data=array()); } else { - header ('location: https://www.facebook.com/v2.10/dialog/oauth?client_id=' .$facebook_appid .'&redirect_uri=https://www.1ka.si/frontend/api/fb_login.php&auth_type=rerequest&scope=email,public_profile'); + header ('location: https://www.facebook.com/v2.10/dialog/oauth?client_id=' .AppSettings::getInstance()->getSetting('facebook-appid') .'&redirect_uri=https://www.1ka.si/frontend/api/fb_login.php&auth_type=rerequest&scope=email,public_profile'); } ?> diff --git a/frontend/api/login_AAI.php b/frontend/api/login_AAI.php index 2cb7da0..4268af0 100644 --- a/frontend/api/login_AAI.php +++ b/frontend/api/login_AAI.php @@ -4,10 +4,6 @@ require_once ('../../function.php'); include_once '../../vendor/autoload.php'; - /*require_once ('../../function/ProfileClass.php'); - $profil = new Profile(); - $profil->eduroamAnotherServerLogin();*/ - $login = new ApiLogin(); $login->executeAction($params=array('action'=>'login_AAI'), $data=array()); diff --git a/frontend/install/classes/class.DisplayCheck.php b/frontend/install/classes/class.DisplayCheck.php index 81d7fc7..70c8be2 100644 --- a/frontend/install/classes/class.DisplayCheck.php +++ b/frontend/install/classes/class.DisplayCheck.php @@ -128,7 +128,7 @@ class DisplayCheck{ echo '
'; echo ' '; if(!$red_error) - echo ' '; + echo ' '; else echo ' '; echo '
'; @@ -171,7 +171,7 @@ class DisplayCheck{ $result['version']['value'] = $php_version; // Zahtevan je php 7 ali 8.0 - if(substr($php_version, 0, 1) != '7' && substr($php_version, 0, 3) != '8.0'){ + if(substr($php_version, 0, 1) != '7' && substr($php_version, 0, 3) != '8.0' && substr($php_version, 0, 3) != '8.1'){ $result['version']['error'] = 2; } diff --git a/frontend/install/classes/class.DisplayDatabase.php b/frontend/install/classes/class.DisplayDatabase.php index 0703ac6..d4a1861 100644 --- a/frontend/install/classes/class.DisplayDatabase.php +++ b/frontend/install/classes/class.DisplayDatabase.php @@ -76,7 +76,6 @@ class DisplayDatabase{ public function displayUpdate($update){ global $site_url; global $lang; - global $debug; global $admin_type; echo '

'.$lang['install_database_update'].'

'; @@ -86,7 +85,7 @@ class DisplayDatabase{ echo '

'.$lang['install_database_version_update'].': '.$update['new_version'].'

'; // Ce smo admin ali v debugu izpisemo tudi vrstice za update - if($admin_type == '0' || $debug == '1'){ + if($admin_type == '0' || isDebug()){ foreach ($update['update_lines'] as $key => $update_line) { echo $update_line.'

'; diff --git a/frontend/install/classes/class.DisplaySettings.php b/frontend/install/classes/class.DisplaySettings.php index f3ea45b..c0c729f 100644 --- a/frontend/install/classes/class.DisplaySettings.php +++ b/frontend/install/classes/class.DisplaySettings.php @@ -56,7 +56,6 @@ class DisplaySettings{ private function displaySettingsApp(){ global $lang; global $app_settings; - global $confirm_registration; echo '

'.$lang['install_settings_app_title'].'

'; @@ -170,8 +169,8 @@ class DisplaySettings{ echo '
'; echo '
'.$lang['install_settings_confirm_registration'].':
'; echo '
'; - echo ' '; - echo ' '; + echo ' getSetting('confirm_registration') ? 'checked="checked"' : '').'>'; + echo ' getSetting('confirm_registration') ? 'checked="checked"' : '').'>'; echo '
'; echo '
'; } @@ -248,8 +247,6 @@ class DisplaySettings{ private function displaySettingsGoogle(){ global $lang; - global $recaptcha_sitekey; - global $secret_captcha; global $google_maps_API_key; echo '

'.$lang['install_settings_google_title'].'

'; @@ -257,19 +254,19 @@ class DisplaySettings{ // Google recaptcha_sitekey echo '
'; echo '
'.$lang['install_settings_recaptcha_sitekey'].':
'; - echo '
'; + echo '
'; echo '
'; // Google secret_captcha echo '
'; echo '
'.$lang['install_settings_secret_captcha'].':
'; - echo '
'; + echo '
'; echo '
'; // Google google_maps_API_key echo '
'; echo '
'.$lang['install_settings_google_maps_API_key'].':
'; - echo '
'; + echo '
'; echo '
'; } diff --git a/frontend/install/classes/class.ImportDB.php b/frontend/install/classes/class.ImportDB.php index 5ba632f..3024c41 100644 --- a/frontend/install/classes/class.ImportDB.php +++ b/frontend/install/classes/class.ImportDB.php @@ -7,7 +7,7 @@ class ImportDB{ - var $clean_db_file = '../../sql/1ka_clean_27-7-2020.sql'; // Datoteka prazne baze za uvoz + var $clean_db_file = '../../sql/1ka_clean_26-11-2021.sql'; // Datoteka prazne baze za uvoz var $update_db_file = '../../sql/update2.sql'; // Datoteka prazne baze za uvoz var $version = ''; // Trenutna verzija 1ke @@ -66,6 +66,10 @@ class ImportDB{ $sql = sisplet_query("SELECT * FROM misc WHERE what='version'"); if($sql !== FALSE && mysqli_num_rows($sql) > 0){ + // Najprej updatamo se app_settings z ustrezno domeno + global $site_domain; + $sqlA = sisplet_query("UPDATE app_settings SET domain='".$site_domain."'"); + $row = mysqli_fetch_array($sql); $this->version = $row['value']; diff --git a/frontend/install/css/style.css b/frontend/install/css/style.css index e7cd886..362854b 100644 --- a/frontend/install/css/style.css +++ b/frontend/install/css/style.css @@ -265,19 +265,19 @@ footer .footer_content .logo_holder img { /************WELCOME STRAN***************/ .main_content.welcome h2::before { - content: "1/5 - "; + content: "1/4 - "; } /******************************/ /************FINISH STRAN***************/ .main_content.finish h2::before { - content: "5/5 - "; + content: "4/4 - "; } /******************************/ /************CHECK STRAN***************/ .main_content.check h2::before { - content: "2/5 - "; + content: "2/4 - "; } .main_content.check .check_segment { margin: 0 0 20px 0; @@ -312,7 +312,7 @@ footer .footer_content .logo_holder img { /******************************/ /************SETTINGS STRAN***************/ .main_content.settings h2::before { - content: "3/5 - "; + content: "3/4 - "; } .main_content.settings .settings_segment { margin: 0 0 20px 0; @@ -343,7 +343,7 @@ footer .footer_content .logo_holder img { /******************************/ /************DATABASE STRAN***************/ .main_content.database h2::before { - content: "4/5 - "; + content: "3/4 - "; } /******************************/ diff --git a/frontend/payments/classes/class.ApiNarocilaController.php b/frontend/payments/classes/class.ApiNarocilaController.php index 6c9daed..6a92fb6 100644 --- a/frontend/payments/classes/class.ApiNarocilaController.php +++ b/frontend/payments/classes/class.ApiNarocilaController.php @@ -36,8 +36,11 @@ class ApiNarocilaController{ // Logiramo response klica $SL = new SurveyLog(); - if($this->response['success'] == true){ - + // Napaka pri klicu + if(isset($this->response['success']) && $this->response['success'] == false){ + $SL->addMessage(SurveyLog::PAYMENT, "NAPAKA pri klicu za plačevanje ".$this->params['action'].": ".$this->response['error']); + } + else{ if(isset($this->data['email'])) $call_data = ', '.$this->data['email']; elseif(isset($this->data['narocilo_id'])) @@ -47,9 +50,6 @@ class ApiNarocilaController{ $SL->addMessage(SurveyLog::PAYMENT, "USPEŠEN KLIC (".$this->params['action'] . $call_data.")"); } - else{ - $SL->addMessage(SurveyLog::PAYMENT, "NAPAKA pri klicu za plačevanje ".$this->params['action'].": ".$this->response['error']); - } $SL->write(); @@ -128,6 +128,7 @@ class ApiNarocilaController{ switch ($this->params['action']) { + // Ustvari novo narocilo case 'create_narocilo': $narocilo = new UserNarocila(); @@ -135,6 +136,7 @@ class ApiNarocilaController{ break; + // Posodobi obstoječe narocilo (npr. nastavi nacin placila) case 'update_narocilo': $narocilo = new UserNarocila(); @@ -142,6 +144,36 @@ class ApiNarocilaController{ break; + + // Dobi podatke zadnjega narocila za uporabnika + case 'get_last_narocilo': + + $usr_id = 0; + + // Dobimo user id iz emaila + if(isset($this->data['email'])){ + $sqlU = sisplet_query("SELECT id FROM users WHERE email='".$this->data['email']."'"); + $rowU = mysqli_fetch_array($sqlU); + + $usr_id = $rowU['id']; + } + + if($usr_id == '' || $usr_id == 0){ + $this->response['error'] = 'ERROR! Missing user ID.'; + $this->response['success'] = false; + + break; + } + + // Dobimo podatke zadnjega narocila + $narocilo = new UserNarocila(); + $last_narocilo = $narocilo->getLastNarocilo($usr_id); + + $this->response = $last_narocilo; + + break; + + // Dobimo pdf predracun (ce ne obstaja ga ustvarimo) case 'get_predracun': @@ -156,6 +188,7 @@ class ApiNarocilaController{ break; + // Dobimo pdf racun case 'get_racun': @@ -170,6 +203,7 @@ class ApiNarocilaController{ break; + // Placamo narocilo - aktiviramo uporabniku paket za uporabo, zgeneriramo in vrnemo url do pdf racuna in ga tudi posljemo po mailu case 'placaj_narocilo': @@ -349,7 +383,7 @@ class ApiNarocilaController{ $podatki = $reader->city($this->data['ip']); // Vrnemo ime države - $this->response['drzava'] = $podatki->country->name; + $this->response['drzava'] = $podatki->country->name ?? ''; break; } diff --git a/frontend/payments/classes/class.UserAccess.php b/frontend/payments/classes/class.UserAccess.php index 105d4c9..070c723 100644 --- a/frontend/payments/classes/class.UserAccess.php +++ b/frontend/payments/classes/class.UserAccess.php @@ -80,6 +80,7 @@ class UserAccess{ 'telephone' => 3, // Telefonska anketa 'chat' => 3, // Chat 'panel' => 3, // Panel + 'email_access' => 3, // Dostop z emailom /* Ostale funkcionalnosti */ 'prevajanje' => 2, // Vecjezikovna anketa @@ -120,10 +121,9 @@ class UserAccess{ } private function __construct($usr_id){ - global $app_settings; // Ce so paketi onemogoceni nič ne preverjamo - if(!isset($app_settings['commercial_packages']) || $app_settings['commercial_packages'] == false){ + if(AppSettings::getInstance()->getSetting('app_settings-commercial_packages') !== true){ return; } @@ -133,7 +133,11 @@ class UserAccess{ if(isset($_POST['anketa']) || isset($_GET['anketa'])){ $ank_id = (isset($_GET['anketa'])) ? $_GET['anketa'] : $_POST['anketa']; - + + // Pogledamo, ce smo v izpolnjevanju ankete - imamo hash in pridobimo id iz njega + if($_SERVER["SCRIPT_NAME"] == '/main/survey/index.php') + $ank_id = getSurveyIdFromHash($ank_id); + $sqlU = sisplet_query("SELECT insert_uid FROM srv_anketa WHERE id='".$ank_id."'"); $rowU = mysqli_fetch_array($sqlU); @@ -163,6 +167,8 @@ class UserAccess{ echo 'Napaka! Manjka ID uporabnika.'; die(); } + + } @@ -202,12 +208,12 @@ class UserAccess{ private function checkAnketaOld(){ // Ce nismo znotraj ankete ti ignoriramo - if(!isset($_GET['anketa'])){ + if(!isset($_GET['anketa']) && !isset($_POST['anketa'])){ return; } // Nastavimo id ankete - $ank_id = $_GET['anketa']; + $ank_id = isset($_GET['anketa']) ? $_GET['anketa'] : $_POST['anketa']; $sqlA = sisplet_query("SELECT insert_time FROM srv_anketa WHERE id='".$ank_id."'"); $rowA = mysqli_fetch_array($sqlA); @@ -229,13 +235,12 @@ class UserAccess{ // Preverimo ce ima uporabnik dostop do neke funkcionalnosti public function checkUserAccess($what=''){ - global $app_settings; global $admin_type; global $global_user_id; global $mysql_database_name; // Ce so paketi onemogoceni vrnemo vedno true - if(!isset($app_settings['commercial_packages']) || $app_settings['commercial_packages'] == false){ + if(AppSettings::getInstance()->getSetting('app_settings-commercial_packages') !== true){ return true; } @@ -277,11 +282,10 @@ class UserAccess{ // Vrnemo paket uporabnika public function getPackage(){ - global $app_settings; global $admin_type; // Ce so paketi onemogoceni vrnemo -1 - if(!isset($app_settings['commercial_packages']) || $app_settings['commercial_packages'] == false){ + if(AppSettings::getInstance()->getSetting('app_settings-commercial_packages') !== true){ return -1; } @@ -345,25 +349,44 @@ class UserAccess{ // Kateri paket je potreben za to funkcionalnost $package_required = (isset($this->functionality_package[$what])) ? $this->functionality_package[$what] : 3; - $package_required_name = $this->packages[$package_required]['name']; + $package_temp = $this->packages[$package_required]['name']; + $package_required_name = $lang['paket_opis_'.$package_temp]; if($lang['id'] == '2') $drupal_url = $site_url.'d/en/purchase/'.$package_required.'/package'; else $drupal_url = $site_url.'d/izvedi-nakup/'.$package_required.'/podatki'; - + echo '
'; echo '
'; - + + echo '
'.$lang['srv_access_no_access_title'].'
'; + // Ce user ni avtor ankete if($this->user_not_author){ echo '

'.$lang['srv_access_no_access_not_author'].'

'; } - + echo '
'; echo '

'.$lang['srv_access_no_access'].' "'.$package_required_name.'".

'; + + echo '

'.$lang['srv_access_no_access_funkcionalnosti_intro'].'

'; + + echo '
    '; + echo '
  • '.$lang['srv_access_no_access_funkcionalnost_1'].'
  • '; + echo '
  • '.$lang['srv_access_no_access_funkcionalnost_2'].'
  • '; + echo '
  • '.$lang['srv_access_no_access_funkcionalnost_3'].'
  • '; + echo '
  • '.$lang['srv_access_no_access_funkcionalnost_4'].'
  • '; + echo '
'; + + + echo '
'; + if(!$this->user_not_author) - echo ''; + echo '
'; + echo ''; + echo '
'; echo '
'; + echo '
'; } // Izpisemo popup obvestilo, da je funkcionalnost onemogocena in naj kupi paket @@ -373,22 +396,31 @@ class UserAccess{ // Kateri paket je potreben za to funkcionalnost $package_required = (isset($this->functionality_package[$what])) ? $this->functionality_package[$what] : 3; - $package_required_name = $this->packages[$package_required]['name']; + $package_temp = $this->packages[$package_required]['name']; + $package_required_name = $lang['paket_opis_'.$package_temp]; if($lang['id'] == '2') $drupal_url = $site_url.'d/en/purchase/'.$package_required.'/package'; else $drupal_url = $site_url.'d/izvedi-nakup/'.$package_required.'/podatki'; + + echo '

'.$lang['srv_access_upgrade'].'

'; + + echo ''; + // Ce user ni avtor ankete if($this->user_not_author){ echo '

'.$lang['srv_access_no_access_not_author'].'

'; } echo '

'.$lang['srv_access_no_access'].' "'.$package_required_name.'".

'; + + echo '
'; + echo ' '; if(!$this->user_not_author) - echo ''; - echo ''; + echo ' '; + echo '
'; } // Izpisemo obvestilo, da je funkcionalnost onemogocena in naj kupi paket @@ -402,7 +434,8 @@ class UserAccess{ // Kateri paket je potreben za to funkcionalnost $package_required = (isset($this->functionality_package[$what])) ? $this->functionality_package[$what] : 3; - $package_required_name = $this->packages[$package_required]['name']; + $package_temp = $this->packages[$package_required]['name']; + $package_required_name = $lang['paket_opis_'.$package_temp]; echo '

'; @@ -459,6 +492,22 @@ class UserAccess{ return $what; } + public function getPackageName($package_id) { + global $lang; + + $string = ''; + + if ($package_id == 1) { + $string = $lang['paket_opis_1ka']; + } else if($package_id == 2) { + $string = $lang['paket_opis_2ka']; + } else if($package_id == 3) { + $string = $lang['paket_opis_3ka']; + } + + return $string; + } + // Ajax klici public function ajax(){ diff --git a/frontend/payments/classes/class.UserNarocila.php b/frontend/payments/classes/class.UserNarocila.php index e831e33..cc562c2 100644 --- a/frontend/payments/classes/class.UserNarocila.php +++ b/frontend/payments/classes/class.UserNarocila.php @@ -32,6 +32,39 @@ class UserNarocila{ } + // Dobimo podatke zadnjega narocila za dolocenega uporabnika + public function getNarocilo($narocilo_id){ + global $admin_type; + + $return = array(); + + // Dobimo narocilo uporabnika + $sqlNarocilo = sisplet_query("SELECT un.*, up.name AS package_name, up.description AS package_description, up.price AS package_price + FROM user_access_narocilo un, user_access_paket up + WHERE un.id='".$narocilo_id."' AND un.package_id=up.id + "); + + // Uporabnik nima se nobenega narocila + if(mysqli_num_rows($sqlNarocilo) == 0){ + $return['id'] = '0'; + } + else{ + $row = mysqli_fetch_array($sqlNarocilo); + $return = $row; + + // Cena + $cena = $this->getPrice($row['package_name'], $row['trajanje'], $row['discount'], $row['time']); + + // Zavezanec iz tujine nima ddv-ja + if($this->isWithoutDDV($row['id'])) + $return['koncna_cena'] = $cena['final_without_tax']; + else + $return['koncna_cena'] = $cena['final']; + } + + return $return; + } + // Dobimo array narocil (vseh oz. za dolocenega uporabnika) private function getNarocila($usr_id=0){ global $admin_type; @@ -77,6 +110,30 @@ class UserNarocila{ return $narocila; } + // Dobimo podatke zadnjega narocila za dolocenega uporabnika + public function getLastNarocilo($usr_id){ + global $admin_type; + + $return = array(); + + // Dobimo zadnje narocilo uporabnika + $sqlNarocilo = sisplet_query("SELECT un.*, up.name AS package_name, up.description AS package_description, up.price AS package_price + FROM user_access_narocilo un, user_access_paket up + WHERE un.usr_id='".$usr_id."' AND un.package_id=up.id + ORDER BY un.time DESC + "); + + // Uporabnik nima se nobenega narocila + if(mysqli_num_rows($sqlNarocilo) == 0){ + $return['id'] = '0'; + } + else{ + $return = mysqli_fetch_array($sqlNarocilo); + } + + return $return; + } + // Izracunamo koncno ceno glede na paket, trajanje in popust (v eur) public function getPrice($package_name, $trajanje, $discount=0, $time=''){ @@ -294,16 +351,71 @@ class UserNarocila{ $ua = UserAccess::getInstance($global_user_id); $user_access = $ua->getAccess(); - // Ce ni polja v bazi oz je nastavljen paket na 1 ima osnovni paket - if(!$user_access || $user_access['package_id'] == '1'){ - echo '

'.$lang['srv_narocila_current_package'].': 1KA

'; + $sqlA = sisplet_query("SELECT ua.time_activate, ua.time_expire, uap.id AS package_id, uap.name AS package_name + FROM user_access ua, user_access_paket uap + WHERE ua.usr_id='$global_user_id' AND uap.id=ua.package_id + "); + $rowA = mysqli_fetch_array($sqlA); + + echo '
'; + + echo ''; + + echo ''; + + echo '
'; echo ''; @@ -337,37 +449,55 @@ class UserNarocila{ echo ' '; echo ' '; - echo ' '.$lang['srv_narocilo_paket'].''; - echo ' '.$lang['srv_narocilo_trajanje'].' ('.$lang['srv_narocilo_trajanje_mesecev'].')'; echo ' '.$lang['srv_narocilo_cas'].''; - echo ' '.$lang['srv_narocilo_nacin_placila'].''; - echo ' '.$lang['srv_narocilo_cena'].''; + echo ' '.$lang['srv_narocilo_paket'].''; + echo ' '.$lang['srv_narocilo_veljavnodo'].''; + echo ' '.$lang['srv_narocilo_samo_cena'].''; echo ' '.$lang['srv_narocilo_status'].''; - echo ' '.$lang['srv_narocilo_pdf'].''; - + echo ' '.$lang['srv_narocilo_pdf_predracun'].''; + echo ' '.$lang['srv_narocilo_pdf_racun'].''; echo ' '; echo ' '; // Vsebina tabele echo ' '; + $userAccess = UserAccess::getInstance($global_user_id); + foreach($data as $usr_id => $data_row){ + $package_name = $userAccess->getPackageName($data_row['package_id']); + echo ''; - echo ''.$data_row['package_name'].''; - echo ''.$data_row['trajanje'].''; echo ''.date("j.n.Y H:i", strtotime($data_row['time'])).''; - echo ''.$data_row['payment_method'].''; + + //Sklanjanje za število mesecev + if ($data_row['trajanje'] == 1) + $trajanje = $data_row['trajanje'] .' '. $lang['srv_narocilo_trajanje_1']; + else if ($data_row['trajanje'] == 2) + $trajanje = $data_row['trajanje'] .' '. $lang['srv_narocilo_trajanje_2']; + else if ($data_row['trajanje'] == 3 || $data_row['trajanje'] == 4) + $trajanje = $data_row['trajanje'] .' '. $lang['srv_narocilo_trajanje_3_4']; + else + $trajanje = $data_row['trajanje'] .' '. $lang['srv_narocilo_trajanje_5']; + + echo ''.$package_name.' ('.$trajanje.')'; + + //Veljavnost paketa + $meseci = $data_row['trajanje']; + $veljaven_do = date("j.n.Y H:i", strtotime("+$meseci months", strtotime($data_row['time']))); + + echo ''.$veljaven_do.''; // Cena $cena = $this->getPrice($data_row['package_name'], $data_row['trajanje'], $data_row['discount'], $data_row['time']); // Zavezanec iz tujine nima ddv-ja if($this->isWithoutDDV($data_row['id'])) - echo ''.$cena['final_without_tax'].''; + echo ''.$cena['final_without_tax'].'€'; else - echo ''.$cena['final'].''; + echo ''.$cena['final'].'€'; if($data_row['status'] == '0') $status_color = 'red'; @@ -378,12 +508,13 @@ class UserNarocila{ echo ''.$lang['srv_narocilo_status_'.$data_row['status']].''; // PDF - echo ''; - echo ''.$lang['srv_narocilo_pdf_predracun'].''; + echo ''; + if($data_row['status'] == '1'){ - echo ' | '.$lang['srv_narocilo_pdf_racun'].''; + echo ''; } - echo ''; + else + echo ''; echo ''; } @@ -395,16 +526,16 @@ class UserNarocila{ // Izpisemo seznam vseh narocil - admin public function displayNarocilaTableAdmin(){ - global $lang, $global_user_id, $app_settings; + global $lang, $global_user_id; // Admini vidijo vsa narocila $data = $this->getNarocila(); // Filtri po statusu echo '
'; - echo ''; - echo ''; - echo ''; + echo ' narocila_filter['neplacana'] == 1 ? 'checked="checked"' : '').' onClick="filterNarocila(\'0\', this.checked)">'; + echo ' narocila_filter['placana'] == 1 ? 'checked="checked"' : '').' onClick="filterNarocila(\'1\', this.checked)">'; + echo ' narocila_filter['stornirana'] == 1 ? 'checked="checked"' : '').' onClick="filterNarocila(\'2\', this.checked)">'; echo '
'; echo ''; @@ -468,7 +599,7 @@ class UserNarocila{ echo $lang['srv_narocilo_status_'.$data_row['status']]; // Na www.1ka.si lahko narocilo placa samo Goran - if($data_row['status'] != '1' && $data_row['status'] != '2' && ($app_settings['app_name'] != 'www.1ka.si' || $global_user_id == '112696')){ + if($data_row['status'] != '1' && $data_row['status'] != '2' && (AppSettings::getInstance()->getSetting('app_settings-app_name') != 'www.1ka.si' || $global_user_id == '112696')){ echo '
'; echo ''.$lang['srv_narocilo_placaj'].''; @@ -761,6 +892,10 @@ class UserNarocila{ return $response; } + + // Ce je slucajno drzava prazna jo nastavimo na slovenijo - zankrat pustimo, da vidimo, ce se se kdaj poslje prazno polje (naceloma se nebi smelo) + /*if($podjetje_drzava == '') + $podjetje_drzava = 'Slovenija';*/ // Nastavimo ce placa DDV (zavezanci iz EU ga ne placajo) if(self::checkPayDDV($podjetje_davcna, $podjetje_drzava)) @@ -1112,8 +1247,27 @@ class UserNarocila{ // Ustvarimo racun - $cebelica = new UserNarocilaCebelica($narocilo_id); - $response['racun'] = $cebelica->getNarociloRacun(); + try{ + $cebelica = new UserNarocilaCebelica($narocilo_id); + $response['racun'] = $cebelica->getNarociloRacun(); + } + // Napaka pri komunikaciji s cebelco - posljemo mail Goranu + catch (Exception $e){ + + // Posljemo mail Goranu, da je prislo do napake pri generiranju racuna + $subject = '1ka - napaka pri generiranju računa'; + $content = 'Prišlo je do napake pri generiranju računa (komunikacija s čebelco) pri naročilu št. '.$rowNarocilo['id'].' (uporabnik '.$rowNarocilo['email'].')!'; + $content .= '

Preveri in samo še enkrat odpri račun za to plačilo preko vmesnika (ga bo zgeneriralo avtomatsko).'; + + $MA = new MailAdapter($anketa=null, $type='payments'); + $MA->addRecipients('goran@go-tel.si'); + $MA->addRecipients('peter@1ka.si'); + $resultX = $MA->sendMail($content, $subject); + + $response['false'] = true; + + return $response; + } // Posljemo mail z racunom @@ -1314,6 +1468,22 @@ class UserNarocila{ // Lastna instalacija - paket $strinjanje_s_pogoji = isset($narocilo_data['strinjanje_s_pogoji']) ? $narocilo_data['strinjanje_s_pogoji'] : ''; + // Varnostno preverimo, če robot izpolni polje + $varnostno_polje = isset($narocilo_data['varnostno-polje']) ? $narocilo_data['varnostno-polje'] : ''; + if(!empty($varnostno_polje)){ + return ['false' => true]; + } + + // Preverimo ReCaptcha + if (in_array($paket, [1,2,3]) && AppSettings::getInstance()->getSetting('google-secret_captcha') !== false) { + $recaptchaResponse = isset($narocilo_data['g-recaptcha-response']) ? $narocilo_data['g-recaptcha-response'] : ''; + $requestReCaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . AppSettings::getInstance()->getSetting('google-secret_captcha') . '&response=' . $recaptchaResponse); + + if (!strstr($requestReCaptcha, 'true')) { + return ['false' => true]; + } + } + // Posljemo mail s podatki povprasevanja $subject = $lang['srv_narocilo_poslovni_email_1ka_subject']; @@ -1414,6 +1584,7 @@ class UserNarocila{ $countries_eu['Bulgaria'] = 'BG'; $countries_eu['Cyprus'] = 'CY'; $countries_eu['Czech Republic'] = 'CZ'; + $countries_eu['Czechia'] = 'CZ'; $countries_eu['Germany'] = 'DE'; $countries_eu['Denmark'] = 'DK'; $countries_eu['Estonia'] = 'EE'; diff --git a/frontend/payments/classes/class.UserNarocilaCebelica.php b/frontend/payments/classes/class.UserNarocilaCebelica.php index f7c823b..0cd8e84 100644 --- a/frontend/payments/classes/class.UserNarocilaCebelica.php +++ b/frontend/payments/classes/class.UserNarocilaCebelica.php @@ -29,10 +29,9 @@ class UserNarocilaCebelica{ public function __construct($narocilo_id=0){ - global $cebelica_api; // Api koda za komunikacijo s cebelico - define("API_KODA", $cebelica_api); + define("API_KODA", AppSettings::getInstance()->getSetting('cebelica_api')); if($narocilo_id > 0){ @@ -211,6 +210,7 @@ class UserNarocilaCebelica{ return $cebelica_id_new; } else{ + throw new Exception("Napaka pri vnosu dokumenta v cebelca.biz."); return "Napaka pri vnosu dokumenta v cebelca.biz."; } } diff --git a/frontend/payments/classes/class.UserNarocilaCron.php b/frontend/payments/classes/class.UserNarocilaCron.php index a763dad..92ff8eb 100644 --- a/frontend/payments/classes/class.UserNarocilaCron.php +++ b/frontend/payments/classes/class.UserNarocilaCron.php @@ -16,7 +16,6 @@ class UserNarocilaCron{ public function __construct(){ - global $app_settings; } diff --git a/frontend/payments/classes/class.UserNarocilaPaypal.php b/frontend/payments/classes/class.UserNarocilaPaypal.php index de8bb64..d7c0189 100644 --- a/frontend/payments/classes/class.UserNarocilaPaypal.php +++ b/frontend/payments/classes/class.UserNarocilaPaypal.php @@ -21,10 +21,7 @@ class UserNarocilaPaypal{ private $paypal_client; - public function __construct($narocilo_id){ - global $app_settings; - global $paypal_client_id; - global $paypal_secret; + public function __construct($narocilo_id){ global $mysql_database_name; if($narocilo_id > 0){ @@ -43,9 +40,9 @@ class UserNarocilaPaypal{ // Ustvarimo okolje za paypal if($mysql_database_name == 'real1kasi') - $environment = new ProductionEnvironment($paypal_client_id, $paypal_secret); + $environment = new ProductionEnvironment(AppSettings::getInstance()->getSetting('paypal-client_id'), AppSettings::getInstance()->getSetting('paypal-secret')); else - $environment = new SandboxEnvironment($paypal_client_id, $paypal_secret); + $environment = new SandboxEnvironment(AppSettings::getInstance()->getSetting('paypal-client_id'), AppSettings::getInstance()->getSetting('paypal-secret')); $this->paypal_client = new PayPalHttpClient($environment); } @@ -135,12 +132,12 @@ class UserNarocilaPaypal{ //$request->headers["prefer"] = "return=representation"; if($lang['id'] == '2'){ - $drupal_url_confirm = $site_url.'/d/en/paypal-purchase/success?narocilo_id='.$orderDetails['narocilo_id']; - $drupal_url_cancel = $site_url.'/d/en/paypal-purchase/cancel?narocilo_id='.$orderDetails['narocilo_id']; + $drupal_url_confirm = $site_url.'/d/en/purchase/paypal?narocilo_id='.$orderDetails['narocilo_id']; + $drupal_url_cancel = $site_url.'/d/en/purchase/paypal-cancel?narocilo_id='.$orderDetails['narocilo_id']; } else{ - $drupal_url_confirm = $site_url.'/d/narocilo/paypal?narocilo_id='.$orderDetails['narocilo_id']; - $drupal_url_cancel = $site_url.'/d/narocilo/paypal-cancel?narocilo_id='.$orderDetails['narocilo_id']; + $drupal_url_confirm = $site_url.'/d/sl/narocilo/paypal?narocilo_id='.$orderDetails['narocilo_id']; + $drupal_url_cancel = $site_url.'/d/sl/narocilo/paypal-cancel?narocilo_id='.$orderDetails['narocilo_id']; } $request->body = [ diff --git a/frontend/payments/classes/class.UserNarocilaStripe.php b/frontend/payments/classes/class.UserNarocilaStripe.php index 82efce2..d0b3ef5 100644 --- a/frontend/payments/classes/class.UserNarocilaStripe.php +++ b/frontend/payments/classes/class.UserNarocilaStripe.php @@ -25,11 +25,8 @@ class UserNarocilaStripe{ public function __construct($narocilo_id){ - global $app_settings; - global $stripe_secret; - global $stripe_key; - $this->stripeService = new \Stripe\StripeClient($stripe_secret); + $this->stripeService = new \Stripe\StripeClient(AppSettings::getInstance()->getSetting('stripe-secret')); if($narocilo_id > 0){ @@ -84,12 +81,12 @@ class UserNarocilaStripe{ // URL po potrditvi oz preklicu if($lang['id'] == '2'){ - $drupal_url_confirm = $site_url.'/d/en/stripe-purchase/success?narocilo_id='.$this->narocilo['id']; - $drupal_url_cancel = $site_url.'/d/en/stripe-purchase/cancel?narocilo_id='.$this->narocilo['id']; + $drupal_url_confirm = $site_url.'/d/en/purchase/stripe?narocilo_id='.$this->narocilo['id']; + $drupal_url_cancel = $site_url.'/d/en/purchase/stripe-cancel?narocilo_id='.$this->narocilo['id']; } else{ - $drupal_url_confirm = $site_url.'/d/narocilo/stripe?narocilo_id='.$this->narocilo['id']; - $drupal_url_cancel = $site_url.'/d/narocilo/stripe-cancel?narocilo_id='.$this->narocilo['id']; + $drupal_url_confirm = $site_url.'/d/sl/narocilo/stripe?narocilo_id='.$this->narocilo['id']; + $drupal_url_cancel = $site_url.'/d/sl/narocilo/stripe-cancel?narocilo_id='.$this->narocilo['id']; } // Ustvarimo checkout session diff --git a/frontend/payments/classes/class.UserPlacila.php b/frontend/payments/classes/class.UserPlacila.php index a21d6fb..53305fa 100644 --- a/frontend/payments/classes/class.UserPlacila.php +++ b/frontend/payments/classes/class.UserPlacila.php @@ -105,7 +105,7 @@ class UserPlacila{ // Izpisemo podatke o placilih public function displayPlacila(){ - global $lang, $global_user_id, $app_settings; + global $lang, $global_user_id; // Tabela vseh placil $this->displayPlacilaTable(); @@ -116,13 +116,13 @@ class UserPlacila{ echo '';*/ // Izracun zasluzka in provizij po mesecih - samo Goran - if($app_settings['app_name'] == 'www.1ka.si' && $global_user_id == '112696') + if(AppSettings::getInstance()->getSetting('app_settings-app_name') == 'www.1ka.si' && $global_user_id == '112696') $this->displayPlacilaPovzetek(); } // Izpisemo seznam vseh placil public function displayPlacilaTable(){ - global $lang, $global_user_id, $app_settings; + global $lang, $global_user_id; // Admini vidijo vsa placila $data = $this->getPlacila(); @@ -194,7 +194,7 @@ class UserPlacila{ // Edit / delete echo '
'; // Na www.1ka.si lahko placilo ureja samo Goran - if($app_settings['app_name'] != 'www.1ka.si' || $global_user_id == '112696'){ + if(AppSettings::getInstance()->getSetting('app_settings-app_name') != 'www.1ka.si' || $global_user_id == '112696'){ // Uredi echo ' | '; diff --git a/frontend/simple/ajax.php b/frontend/simple/ajax.php index 7873b3a..374e89e 100644 --- a/frontend/simple/ajax.php +++ b/frontend/simple/ajax.php @@ -1,8 +1,9 @@ cookieConfirm(); + } ?> \ No newline at end of file diff --git a/frontend/simple/classes/DisplayController.php b/frontend/simple/classes/DisplayController.php index 6b4d1bc..4296659 100644 --- a/frontend/simple/classes/DisplayController.php +++ b/frontend/simple/classes/DisplayController.php @@ -2,7 +2,7 @@ include_once '../../function.php'; include_once '../../vendor/autoload.php'; -include_once '../../sql/class.ImportDB.php'; +include_once '../install/classes/class.ImportDB.php'; class DisplayController{ @@ -50,16 +50,30 @@ class DisplayController{ public function displayHead(){ global $site_url; - global $app_settings; global $lang; + + // Google analytics za AAI + if(isAAI()){ + echo ' + + '; + } + + echo ' '; echo ' '; echo ' '; echo ' '; - echo ' '; + echo ' '; echo ' '; echo ' '; echo ' '; @@ -70,8 +84,8 @@ class DisplayController{ echo ' '; // Custom header title - if(isset($app_settings['head_title_custom']) && $app_settings['head_title_custom'] == 1){ - echo ''.$app_settings['head_title_text'].'' . "\n"; + if(AppSettings::getInstance()->getSetting('app_settings-head_title_custom')){ + echo ''.AppSettings::getInstance()->getSetting('app_settings-head_title_text').'' . "\n"; } // Default header title else{ @@ -80,6 +94,9 @@ class DisplayController{ echo ' '; echo ' '; + if(isAAI()){ + echo ' '; + } echo ' '; echo ' '; @@ -99,25 +116,75 @@ class DisplayController{ public function displayHeader(){ global $site_url; global $lang; - global $google_login_client_id; - global $aai_instalacija; - + // Logo v glavi echo ''; + + // moblie nav ---------------------- + echo '
'; + echo ' '; + + echo ''; + echo '
'; + + echo ' '; + //--------------------------------------------------- + // Navigacija - echo ''; + } } // Izris vsebine public function displayMain(){ - global $virtual_domain; switch($this->stran){ @@ -164,35 +239,35 @@ class DisplayController{ break; /*case 'register': - if(!$virtual_domain) + if(!isVirtual()) $this->displayRegisterPage(); else $this->displayFrontPage(); break;*/ case 'register_confirm': - if(!$virtual_domain) + if(!isVirtual()) $this->displayRegisterPageConfirm(); else $this->displayFrontPage(); break; case 'register_email': - if(!$virtual_domain) + if(!isVirtual()) $this->displayRegisterPageEmail(); else $this->displayFrontPage(); break; case 'unregister': - if(!$virtual_domain) + if(!isVirtual()) $this->displayUnregisterPage(); else $this->displayFrontPage(); break; case 'unregister_confirm': - if(!$virtual_domain) + if(!isVirtual()) $this->displayUnregisterPageConfirm(); else $this->displayFrontPage(); @@ -220,59 +295,105 @@ class DisplayController{ // Izris footerja public function displayFooter(){ - global $virtual_domain; global $lang; - global $app_settings; - global $aai_instalacija; - + global $site_url; // Stolpec 1 - echo '
'; + echo '
'; + echo '

'.$lang['simple_footer_about'].'

'; + echo '
'; echo ' '.$lang['simple_footer_about_1ka'].''; - if($aai_instalacija) + if(isAAI()) echo ' '.$lang['simple_footer_about_faq'].''; echo ' '.$lang['simple_footer_about_general'].''; echo ' '.$lang['simple_footer_about_privacy'].''; echo ' '.$lang['simple_footer_about_cookies'].''; echo ' '.$lang['simple_footer_about_antispam'].''; - echo ' '; - echo '
'; - - - // Stolpec 2 - echo '
'; - echo '

'.$lang['simple_footer_company'].'

'; - echo ' '.$app_settings['owner'].''; - echo ' '.$app_settings['admin_email'].''; - echo ' '.$app_settings['owner_website'].''; + echo '
'; - // Stolpec 3 - logotipi - echo '
'; + // samo za AAI + if(isAAI()){ + + // Stolpec 2 + echo '
'; + + echo '

'.$lang['simple_footer_company'].'

'; + echo ' Arnes'; + + echo '
'; + + + // stolpec 3 - spremljajte nas + echo '
'; + + echo '

'.$lang['simple_footer_about_follow'].'

'; + echo ' '; + + echo '
'; + + + // Stolpec 4 - logotipi + echo '
'; + + echo '

'.$lang['simple_footer_namestitev'].'

'; + + // Logotipa FDV in CDI - samo pri virtualkah + if(isVirtual() || isAAI()){ + echo '
'; + + echo ' ministrstvo za izobraževanje znanost in šport'; + echo ' '; + echo ' '; + + echo '
'; + } - // Logotipa FDV in CDI - samo pri virtualkah - if($virtual_domain || $aai_instalacija){ - echo '
'; - echo ' '; - echo ' '; echo '
'; } + else{ - echo '
'; + // Stolpec 2 + echo '
'; + + echo '

'.$lang['simple_footer_company'].'

'; + //echo ' '.$lang['simple_footer_company_1ka'].' '; + echo ' '.AppSettings::getInstance()->getSetting('app_settings-owner').''; + echo ' '.AppSettings::getInstance()->getSetting('app_settings-admin_email').''; + echo ' '.AppSettings::getInstance()->getSetting('app_settings-owner_website').''; + + echo '
'; + + + // stolpec 3 - spremljajte nas + echo '
'; + + echo '

'.$lang['simple_footer_about_follow'].'

'; + echo ' '; + + echo '
'; + } } // Izris prve strani private function displayFrontPage(){ - global $aai_instalacija; // AAI - if($aai_instalacija) + if(isAAI()) $this->displayFrontPageFormAAI(); else $this->displayFrontPageForm(); @@ -282,18 +403,24 @@ class DisplayController{ private function displayFrontPageForm(){ global $lang; global $site_url; - global $app_settings; - global $virtual_domain; - - - echo '
'.$app_settings['app_name'].'
'; - + echo '
'; + echo '
'.AppSettings::getInstance()->getSetting('app_settings-app_name').'
'; + + // APP SUBTITLE + echo '
'; + if(isVirtual()) + echo $lang['app_virtual_domain']; + else + echo $lang['app_installation']; + echo '
'; // WHITE BOX FOR LOGIN / REGISTRATION - echo '
'; + + echo '
'; + // Tabs - samo pri lastni instalaciji, pri virtualkah nimamo registracije - if($virtual_domain){ + if(isVirtual()){ echo '
'; echo '
'.$lang['login_short'].'
'; echo '
'; @@ -307,10 +434,10 @@ class DisplayController{ // SKB ima blokirano prijavo za vse ipje razen svojega $ip = $_SERVER['REMOTE_ADDR']; - if(isset($app_settings['admin_allow_only_ip']) - && $app_settings['admin_allow_only_ip'] != '' - && !empty($app_settings['admin_allow_only_ip']) - && !in_array($ip, $app_settings['admin_allow_only_ip']) + $admin_allow_only_ip = AppSettings::getInstance()->getSetting('app_limits-admin_allow_only_ip'); + if($admin_allow_only_ip !== false + && !empty($admin_allow_only_ip) + && !in_array($ip, $admin_allow_only_ip) ){ echo '
Prijava v aplikacijo iz obstoječega IP naslova ('.$ip.') ni mogoča!
'; } @@ -325,50 +452,114 @@ class DisplayController{ $this->displayFrontPageRegistration(); echo '
'; } - - echo '
'; - - // APP SUBTITLE - echo '
'; - if($virtual_domain) - echo $lang['app_virtual_domain']; - else - echo $lang['app_installation']; + echo '
'; echo '
'; } // Izris okna na prvi strani - AAI private function displayFrontPageFormAAI(){ global $lang; - global $site_url; - global $app_settings; + global $site_url; + + // HERO - stara verzija ----------------------- + + + echo '
'; - // WHITE BOX FOR LOGIN / REGISTRATION - echo '
'; + echo '
'; + echo '

'.$lang["hero_heading"].'

'; + echo '

'.$lang["hero_text"].'

'; + + echo ' '.$lang["AAI_prijava"].' '; + + + echo '
'; - // APP TITLE - aai - echo '
'.$app_settings['app_name'].'
'; + // STARA SLIKA + // echo 'hero image'; - // AAI logo - //echo ''; + // NOVA SLIKA - TEST - // AAI text - echo '
'; - echo '
'.$lang['app_aai_installation_text'].'
'; - echo '
'; - - // AAI login/register - echo ' '; - + echo '
'; + echo''; + echo''; + echo '
'; + + + echo '
'; - // APP SUBTITLE - /*echo '
'; - echo $lang['app_aai_installation']; - echo '
';*/ + // HERO - animiran ------------------------------------------ + + + // echo '
'; + // echo '
'; + // echo '
'; + // echo''; + // echo''; + // echo'
'; + // echo '
'; + // echo '
'; + + echo ''; + echo ''; + + + // --------------------------------------------------------- + + // POMEMBNE POVEZAVE + echo '
'; + echo '
'; + echo '

'.$lang["povezave_pomembne_povezave"].'

'; + + echo '
'; + + echo '
'; + echo 'kako deluje'; + echo '

'.$lang["povezave__kako_deluje_h2"].'

'; + echo '

'.$lang["povezave__kako_deluje_text"].'

'; + if($lang['id'] == '1') + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + else + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + echo '
'; + + echo '
'; + echo 'o 1ka'; + echo '

'.$lang["povezave_pogosta_h2"].'

'; + echo '

'.$lang["povezave_pogosta_text"].'

'; + if($lang['id'] == '1') + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + else + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + echo '
'; + + echo '
'; + echo '1ka podpora'; + echo '

'.$lang["povezave_1ka_podpora_h2"].'

'; + echo '

'.$lang["povezave_1ka_podpora_text"].'

'; + if($lang['id'] == '1') + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + else + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + echo '
'; + + echo '
'; + echo 'arnes podpora'; + echo '

'.$lang["povezave_arnes_podpora_h2"].'

'; + echo '

'.$lang["povezave_arnes_podpora_text"].'

'; + if($lang['id'] == '1') + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + else + echo ' '.$lang["povezave_preberi_vec"].'hero image '; + echo '
'; + + echo '
'; + echo '
'; + echo '
'; } // Izris okna za login na prvi strani @@ -381,7 +572,7 @@ class DisplayController{ $error = ''; } else{ - $email = (isset($_GET['email'])) ? $_GET['email'] : ''; + $email = (isset($_GET['email'])) ? htmlspecialchars($_GET['email'], ENT_QUOTES) : ''; $error = ''; if(isset($_GET['a']) && $_GET['a'] == 'login_noEmail'){ @@ -398,11 +589,11 @@ class DisplayController{ // Email echo ' '; - echo ' '; + echo ' '; // Password echo ' '; - echo ' '; + echo ' '; // Error text if($error != ''){ @@ -418,11 +609,14 @@ class DisplayController{ echo '
'; } + // Submit + echo ' '; + // Lost pass echo ' '; - // Submit - echo ' '; + // // Submit + // echo ' '; echo ''; } @@ -431,8 +625,6 @@ class DisplayController{ private function displayFrontPageRegistration(){ global $lang; global $site_url; - global $secret_captcha; - global $recaptcha_sitekey; if(!isset($_GET['a']) || $_GET['a'] != 'register'){ $email = ''; @@ -440,8 +632,8 @@ class DisplayController{ $error = array(); } else{ - $email = (isset($_GET['email'])) ? $_GET['email'] : ''; - $ime = (isset($_GET['ime'])) ? $_GET['ime'] : ''; + $email = (isset($_GET['email'])) ? htmlspecialchars($_GET['email'], ENT_QUOTES) : ''; + $ime = (isset($_GET['ime'])) ? htmlspecialchars($_GET['ime'], ENT_QUOTES) : ''; if(isset($_GET['invalid_email']) && $_GET['invalid_email'] == '1'){ $error['email'] = '1'; @@ -464,38 +656,35 @@ class DisplayController{ } - echo '
'; + echo ''; - echo ' '.$lang['cms_register_user_text'].''; - // Email - echo ' '; - echo ' '; + echo ' '; + echo ' '; // Ime echo ' '; - echo ' '; - - // RECAPTCHA - if($secret_captcha != '' && $recaptcha_sitekey != '') - echo '
'; - + echo ' '; + // Geslo echo ' '; - echo ' '; + echo ' '; // Geslo2 echo ' '; - echo ' '; + echo ' '; // Strinjam se s pogoji - //echo ' '; $terms_url = ($lang['id'] == '1') ? 'https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka' : 'https://www.1ka.si/d/en/about/terms-of-use'; echo '
'; - echo '
'; + + // RECAPTCHA + if(AppSettings::getInstance()->getSetting('google-secret_captcha') !== false && AppSettings::getInstance()->getSetting('google-recaptcha_sitekey') !== false) + echo '
'; + // Error text if(!empty($error)){ @@ -527,8 +716,12 @@ class DisplayController{ } // Submit - echo ' '; + echo ' '; + // Lost pass + echo ' '; + + echo '
'; } @@ -547,7 +740,7 @@ class DisplayController{ // Ce je email v getu pomeni da se je zmotil pri passwordu if(isset($_GET['email']) && $_GET['email'] != ''){ - $email = $_GET['email']; + $email = htmlspecialchars($_GET['email'], ENT_QUOTES); echo $lang['hello'].' '.$email.''; echo '

'; @@ -578,6 +771,8 @@ class DisplayController{ echo ' '; echo ' '.str_replace('#URL#', $site_url.$this->root.'index.php?a=register', $lang['cms_login_registration_link']).''; + + echo ' '; @@ -591,7 +786,7 @@ class DisplayController{ - echo '