--- html/obavijest.php	2000/05/10 06:26:12	1.3
+++ html/obavijest.php	2000/05/31 09:16:09	1.5
@@ -1,10 +1,37 @@
 <?
 
 include("inc/head.inc");
+include("inc/prava.inc");
 
-if (! isset($id)) {
+if (isset($kontakt_osoba_id) && $what!="relogin") {
+	$result = pg_Exec ($conn, "select ime,prezime,passwd,prava from kontakt_osobe where aktivna=true and id=$kontakt_osoba_id");
+	$row=pg_fetch_array($result,0);
+#	print "--$row[passwd] | $md5_passwd | $passwd ";
+	$prava=$row[prava];
+	print "<small>Trenutno ste prijavljeni kao $row[ime] $row[prezime], ako je to krivo odaberite <a href=\"$PHP_SELF?what=relogin\">ovaj link</a>.</small>";
+	$curr_md5_passwd=base64_encode(mhash(MHASH_MD5,$row[passwd]));
+	if ( (!isset($md5_passwd) && $row[passwd] != $passwd) ||
+		(isset($md5_passwd) && $curr_md5_passwd != $md5_passwd) ) {
+		include("inc/auth.inc");
+		$what="auth";
+		echo "<big>Upisana je neispravna loznika!</big>";
+		session_destroy();
+		print '<p><a href="index.php">Povratak na početnu stranicu</a>';
+	} else {
+		session_register("md5_passwd");
+		$md5_passwd=base64_encode(mhash(MHASH_MD5,$row[passwd]));
+	}
+}
+
+print "--$pr_ko--";
+
+if (! isset($kontakt_osoba_id)) {
+	include("inc/auth.inc");
+	$what="auth";
+
+} elseif (! isset($id)) {
 	include("inc/obavjest-forma.inc");
-} else {
+} elseif (isset($id)) {
 
 
 $result = pg_Exec ($conn, "
@@ -46,6 +73,29 @@
 	print "<p><big>Nema podataka o osobi sa id-jem $id</big>";
 }
 
+// kreiraj statuse, zapamti da li je instaliran
+
+$instaliran=0;
+
+$result = pg_Exec ($conn, "select datum,opis,ime,prezime,status_tip_id as st
+	from status,kontakt_osobe,status_tip
+	where kontakt_osoba_id=kontakt_osobe.id and status_tip_id=status_tip.id
+	and osoba_id=$id");
+
+$statusi="";
+
+$nr = pg_numrows($result);
+if ($nr > 0) {
+	for ($i=0;$i<$nr; $i++) {
+		$row=pg_fetch_array($result,$i);
+		$statusi.="<tr><td><small>$row[datum]</small></td><td>$row[opis]</td><td>$row[ime] $row[prezime]</td></tr>";
+		if ($row[st] == 6) { $instaliran = 1; };
+	}
+} else {
+	$statusi.="<p><big>Nema podataka o korisničkom računu</big>";
+}
+
+
 $result = pg_Exec ($conn, "select racuni.login as login,
 	racuni.passwd as passwd,e_mail.alias as email
 	where racuni.osoba_id=$id and e_mail.osoba_id=$id");
@@ -58,7 +108,13 @@
 
 <table>
 <tr><td>Korisnička oznaka:</td><td><tt>$row[login]</tt></td></tr>
-<tr><td>Lozinka:</td><td><tt>$row[passwd]</tt></td></tr>
+";
+if ($prava and $pr_instalacija) {
+	print "<tr><td>Lozinka:</td><td><tt>$row[passwd]</tt></td></tr>";
+} else {
+	print "<tr><td colspan=2><i>Nemate ovlaštenja vidjeti lozinku ovog korisnika!</i></td></tr>";
+}
+	print "
 <tr><td>E-mail adresa:</td><td><tt>$row[email]@pliva.hr</tt></td></tr>
 </table>
 	";
@@ -67,28 +123,14 @@
 	print "<p><big>Nema podataka o korisničkom računu</big>";
 }
 
-$result = pg_Exec ($conn, "select datum,opis,ime,prezime
-	from status,kontakt_osobe,status_tip
-	where kontakt_osoba_id=kontakt_osobe.id and status_tip_id=status_tip.id
-	and osoba_id=$id");
 
 	print "
-<h1>Podaci o statusima koriničkog računa</h1>
+<h1>Podaci o statusima korisničkog računa</h1>
 
 <table>
-<tr><th>datum</th><th>status</th><th>status postavio/la</th></tr>";
-
-$nr = pg_numrows($result);
-if ($nr > 0) {
-	for ($i=0;$i<$nr; $i++) {
-		$row=pg_fetch_array($result,$i);
-		print "<tr><td><small>$row[datum]</small></td><td>$row[opis]</td><td>$row[ime] $row[prezime]</td></tr>";
-	}
-} else {
-	print "<p><big>Nema podataka o korisničkom računu</big>";
-}
-
-print "</table>";
+<tr><th>datum</th><th>status</th><th>status postavio/la</th></tr>
+$statusi
+</table>";
 
 } // isset($id)