consolidate all repos to one for archive

semester_4/razvoj_aplikacij_za_internet/php/.gitignore

@@ -0,0 +1 @@
+.vscode

semester_4/razvoj_aplikacij_za_internet/php/Baza.sql

@@ -0,0 +1,78 @@
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET time_zone = "+00:00";
+
+-- Zbirka podatkov: `vaja1`
+CREATE DATABASE IF NOT EXISTS `baza` DEFAULT CHARACTER SET utf32 COLLATE utf32_slovenian_ci;
+USE `baza`;
+
+-- Struktura tabele `users`
+DROP TABLE IF EXISTS `users`;
+CREATE TABLE IF NOT EXISTS `users` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `username` text COLLATE utf32_slovenian_ci NOT NULL,
+  `password` text COLLATE utf32_slovenian_ci NOT NULL,
+  `email` text COLLATE utf32_slovenian_ci,
+  `ime` text COLLATE utf32_slovenian_ci,
+  `priimek` text COLLATE utf32_slovenian_ci,
+  `naslov` text COLLATE utf32_slovenian_ci,
+  `posta` text COLLATE utf32_slovenian_ci,
+  `telefon` text COLLATE utf32_slovenian_ci,
+  `adm` int NOT NULL DEFAULT 0,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=utf32_slovenian_ci;
+
+
+-- Struktura tabele `ads`
+DROP TABLE IF EXISTS `ads`;
+CREATE TABLE IF NOT EXISTS `ads` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `title` text COLLATE utf32_slovenian_ci NOT NULL,
+  `description` text COLLATE utf32_slovenian_ci NOT NULL,
+  `user_id` int NOT NULL,
+  `date` DATETIME COLLATE utf32_slovenian_ci NOT NULL,
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_ads_users` FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON DELETE CASCADE
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=utf32_slovenian_ci;
+
+-- Struktura tabele `categorys`
+DROP TABLE IF EXISTS `categorys`;
+CREATE TABLE IF NOT EXISTS `categorys` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `title` text COLLATE utf32_slovenian_ci NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=utf32_slovenian_ci;
+
+INSERT INTO categorys (title)
+VALUES ("Telefon"),("Avto"),("Narava"),("Hisa"),("Motor");
+
+DROP TABLE IF EXISTS `ads_categorys`;
+CREATE TABLE IF NOT EXISTS `ads_categorys` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `ads_id` int NOT NULL,
+  `categorys_id` int NOT NULL,
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_cat_ad` FOREIGN KEY (`ads_id`) REFERENCES `ads`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_ad_cat` FOREIGN KEY (`categorys_id`) REFERENCES `categorys`(`id`) ON DELETE CASCADE
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=utf32_slovenian_ci;
+
+DROP TABLE IF EXISTS `comments`;
+CREATE TABLE IF NOT EXISTS `comments` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `ads_id` int NOT NULL,
+  `users_id` int NOT NULL,
+  `content` text COLLATE utf32_slovenian_ci,
+  `date` DATETIME COLLATE utf32_slovenian_ci NOT NULL,
+  `country` text COLLATE utf32_slovenian_ci,
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_ad_comm` FOREIGN KEY (`ads_id`) REFERENCES `ads`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_comm_us` FOREIGN KEY (`users_id`) REFERENCES `users`(`id`) ON DELETE CASCADE
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=utf32_slovenian_ci;
+
+DROP TABLE IF EXISTS `ads_image`;
+CREATE TABLE IF NOT EXISTS `ads_image` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `ads_id` int NOT NULL,
+  `image` text COLLATE utf32_slovenian_ci NOT NULL,
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_ad_img` FOREIGN KEY (`ads_id`) REFERENCES `ads`(`id`) ON DELETE CASCADE
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf32 COLLATE=UTF32_SLOVENIAN_CI;

semester_4/razvoj_aplikacij_za_internet/php/admin/connection.php

@@ -0,0 +1,18 @@
+<?php
+
+//razred, ki skrbi za povezavo z bazo (Vzorec MVC zagovarja principe OOP)
+class Db
+{
+  private static $instance = NULL;
+
+  //Funkcija getInstance vrne povezavo z bazo. Ob prvem klicu ustvari povezavo in jo shrani v statični spremenljivki. Ob nadaljnjih klicih vrača povezavo iz spomina
+  public static function getInstance()
+  {
+    if (!isset(self::$instance)) {
+
+      self::$instance = mysqli_connect("localhost", "root", "", "baza");
+      self::$instance->set_charset("UTF8");
+    }
+    return self::$instance;
+  }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/controllers/ads_controller.php

@@ -0,0 +1,158 @@
+<?php
+/*
+    Controller za oglase. Vključuje naslednje standardne akcije:
+        index: izpiše vse oglase
+        show: izpiše posamezen oglas
+        create: izpiše obrazec za vstavljanje oglasa
+        store: vstavi obrazec v bazo
+        edit: izpiše vmesnik za urejanje oglasa
+        update: posodobi oglas v bazi
+        delete: izbriše oglas iz baze
+*/
+
+
+
+class ads_controller
+{
+   
+
+    public function index()
+    {
+        //s pomočjo statične metode modela, dobimo seznam vseh oglasov
+        //$ads bo na voljo v pogledu za vse oglase index.php
+        $ads = Ad::all();
+
+        //pogled bo oblikoval seznam vseh oglasov v html kodo
+        require_once('views/ads/index.php');
+    }
+
+    
+
+    public function show()
+    {
+        //preverimo, če je uporabnik podal informacijo, o oglasu, ki ga želi pogledati
+        if (!isset($_GET['id'])) {
+            if(isset($_SESSION["USER_ID"]))
+            {
+                $ads = Ad::findUser($_SESSION["USER_ID"]);
+                require_once('views/ads/myAdds.php');
+            }
+            else
+            {
+                return call('pages', 'error');
+            }
+            
+        }
+        else
+        {
+            $ad = Ad::find($_GET['id']);
+            require_once('views/ads/show.php');
+        }
+    }
+
+    public function create()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+        // Izpišemo pogled z obrazcem za vstavljanje oglasa
+        $categorys = Categorys::all();
+        require_once('views/ads/create.php');
+    }
+
+    public function store()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+        // Obdelamo podatke iz obrazca (views/ads/create.php), akcija pričakuje da so podatki v $_POST
+        // Tukaj bi morali podatke še validirati, preden jih dodamo v bazo
+
+        // Pokličemo metodo za ustvarjanje novega oglasa
+        $ad = Ad::insert($_POST["title"], $_POST["description"], $_FILES["image"], $_POST['categorys']);
+
+        //ko je oglas dodan, imamo v $ad podatke o tem novem oglasu
+        //uporabniku lahko pokažemo pogled, ki ga bo obvestil o uspešnosti oddaje oglasa
+        call('ads', 'show');
+    }
+
+    public function edit()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+        // Ob klicu akcije se v URL poda GET parameter z ID-jem oglasa, ki ga urejamo
+        // Od modela pridobimo podatke o oglasu, da lahko predizpolnimo vnosna polja v obrazcu
+        if (!isset($_GET['id'])) {
+            return call('pages', 'error');
+        }
+        $ad = Ad::find($_GET['id']);
+        require_once('views/ads/edit.php');
+    }
+
+    public function update()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+        // Obdelamo podatke iz obrazca (views/ads/edit.php), ki pridejo v $_POST.
+        // Pričakujemo, da je v $_POST podan tudi ID oglasa, ki ga posodabljamo.
+        if (!isset($_POST['id'])) {
+            return call('pages', 'error');
+        }
+        // Naložimo oglas
+        $ad = Ad::find($_POST['id']);
+        // Pokličemo metodo, ki posodobi obstoječi oglas v bazi
+        $ad->update($_POST["title"], $_POST["description"]);
+
+        header("Location: /admin/index.php?controller=ads&action=show");
+        die();
+    }
+
+    public function addImg()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+
+        if (!isset($_GET['id'])) {
+            return call('pages', 'error');
+        }
+        if(isset($_POST['submit']))
+        {
+            $ad = Ad::find($_GET['id']);
+            $id = $ad->addImg($_FILES["image"]);
+            header("Location: /admin/index.php?controller=ads&action=show");
+            die();
+        }
+        else
+        {
+            $ad = Ad::find($_GET['id']);
+            require_once('views/ads/addImg.php');
+        }
+    }
+
+    public function delete()
+    {
+        if(!isset($_SESSION["USER_ID"])){
+            header("Location: /admin/index.php");
+            die();
+        }
+        // Obdelamo zahtevo za brisanje oglasa. Akcija pričakuje, da je v URL-ju podan ID oglasa.
+        if (!isset($_GET['id'])) {
+            return call('pages', 'error');
+        }
+        // Poiščemo oglas
+        $ad = Ad::find($_GET['id']);
+        // Kličemo metodo za izbris oglasa iz baze.
+        $ad->delete();
+        
+        header("Location: /admin/index.php?controller=ads&action=show");
+        die();
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/controllers/pages_controller.php

@@ -0,0 +1,72 @@
+<?php
+/*
+  Enostaven primer controlletja, ki ne uporablja modela.
+  Njegova naloga je, da vrača statične HTML strani, kot je stran z napako.
+  Uporabili smo ga tudi za prikaz vmesnika, ki demonstrira uporabi API-ja.
+*/
+
+class pages_controller {
+
+	public function error() {
+	// Izpiše pogled s sporočilom o napaki
+		require_once('views/pages/error.php');
+	}
+
+	public function api(){
+		if(isset($_SESSION["USER_ID"]) && $_SESSION["ADM"] == 1){
+			//Prikaži vmesnik za upravljanje z API-jem
+			require_once('views/pages/api.php');
+		}
+	}
+
+	public function api1(){
+		if(isset($_SESSION["USER_ID"]) && $_SESSION["ADM"] == 1){
+			//Prikaži vmesnik za upravljanje z API-jem
+			require_once('views/pages/api1.php');
+		}
+	}
+
+	public function logout(){
+
+		require_once('views/pages/logout.php');
+	}
+
+	public function login(){
+
+		if(isset($_POST["submit"])){
+			//Preveri prijavne podatke
+			if(($user = User::validate_login($_POST["username"], $_POST["password"])) != null){
+				//Zapomni si prijavljenega uporabnika v seji in preusmeri na index.php
+				$_SESSION["USER_ID"] = $user->id;
+				$_SESSION["ADM"] = $user->adm;
+				header("Location: /admin/index.php");
+				die();
+			}
+		}
+
+		require_once('views/pages/login.php');
+	}
+
+	public function register(){
+		$error = "";
+		if(isset($_POST["submit"]))
+		{
+			//Preveri, če uporabniško ime že obstaja
+			if(User::username_exists($_POST["username"]))
+			{
+				$error = "Uporabniško ime že obstaja!";
+			}
+			else if($_POST["password"] != $_POST["repeat_password"])
+			{
+				$error = "Gesli se ne ujemata!";
+			}
+			else{
+				User::createUser($_POST["username"], $_POST["password"], $_POST["email"], $_POST["ime"], $_POST["priimek"], $_POST["naslov"], $_POST["posta"], $_POST["telefon"]);
+				header("Location: /admin/index.php?controller=pages&action=login");
+            	die();
+			}
+		}
+		require_once('views/pages/register.php');
+	}
+}
+?>

semester_4/razvoj_aplikacij_za_internet/php/admin/index.php

@@ -0,0 +1,32 @@
+<?php
+/*
+	Vstopna točka naše aplikacije. Vse zahteve gredo skozi index.php, ki poskrbi za ustrezno obravnavo.
+	V URL-ju se bosta podala dva parametra: controller in action, ki bosta določala, katera akcija se izvede.
+	S pomočjo .htaccess lahko skrajšamo URL naslove (več v .htaccess datoteki).
+*/
+
+require_once('connection.php');
+
+session_start();
+	
+// Seja poteče po 30 minutah - avtomatsko odjavi neaktivnega uporabnika
+if(isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > 1800){
+	session_unset();
+	session_destroy();
+	header("Location: /admin/index.php");
+	die();
+}
+$_SESSION['LAST_ACTIVITY'] = time();
+
+// Razberemo namero uporabnika preko query string parametrov controller in action
+if (isset($_GET['controller']) && isset($_GET['action'])) {
+	$controller = $_GET['controller'];
+	$action     = $_GET['action'];
+} else {
+  	// Če uporabnik ni podal svoje zahteve v pravilni obliki, ga preusmerimo na privzeto akcijo
+	$controller = 'ads';
+	$action     = 'index';
+}
+
+// Vključimo layout, torej splošni izgled strani, layout pa vključuje router (routes.php)
+require_once('views/layout.php');

semester_4/razvoj_aplikacij_za_internet/php/admin/models/ads.php

@@ -0,0 +1,169 @@
+<?php
+/*
+    Model za oglas. Vsebuje lastnosti, ki definirajo strukturo oglasa in sovpadajo s stolpci v bazi.
+    Nekatere metode so statične, ker niso vezane na posamezen oglas: poišči vse oglase, vstavi nov oglas, ... 
+    Druge so statične, ker so vezane na posamezen oglas: posodobi oglas, izbriši oglas, ... 
+
+    V modelu moramo definirati tudi relacije oz. povezane entitete/modele. V primeru oglasa je to $user, ki 
+    povezuje oglas z uporabnikom, ki je oglas objavil. Relacija nam poskrbi za nalaganje podatkov o uporabniku, 
+    da nimamo samo user_id, ampak tudi username, ...
+*/
+
+require_once 'users.php'; // Vključimo model za uporabnike
+require_once 'ads_image.php'; // Vključimo model za slike
+require_once 'categorys.php'; // Vključimo model za kategorije
+
+class Ad
+{
+    public $id;
+    public $title;
+    public $description;
+    public $user;
+    public $ad_img;
+    public $ads_categorys;
+
+    // Konstruktor
+    public function __construct($id, $title, $description, $user_id)
+    {
+        $this->id = $id;
+        $this->title = $title;
+        $this->description = $description;
+        $this->user = User::findUserName($user_id);
+        $this->ad_img = ads_image::find($id);
+        $this->ads_categorys = Categorys::find($id);
+    }
+
+    // Metoda, ki iz baze vrne vse oglase
+    public static function all()
+    {
+        $db = Db::getInstance(); // pridobimo instanco baze
+        $query = "SELECT * FROM ads ORDER BY ads.date DESC;"; // pripravimo query
+        $res = $db->query($query); // poženemo query
+        $ads = array();
+        while ($ad = $res->fetch_object()) {
+            // Za vsak rezultat iz baze ustvarimo objekt (kličemo konstuktor) in ga dodamo v array $ads
+            array_push($ads, new Ad($ad->id, $ad->title, $ad->description, $ad->user_id));
+        }
+        return $ads;
+    }
+
+    public static function findUser($id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $id);
+        $query = "SELECT * FROM ads WHERE ads.user_id = '$id';";
+        $res = $db->query($query);
+        $ads = array();
+        while ($ad = $res->fetch_object()) {
+            // Za vsak rezultat iz baze ustvarimo objekt (kličemo konstuktor) in ga dodamo v array $ads
+            array_push($ads, new Ad($ad->id, $ad->title, $ad->description, $ad->user_id));
+        }
+        return $ads;
+    }
+
+    // Metoda, ki vrne en oglas z specifičnim id-jem iz baze
+    public static function find($id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $id);
+        $query = "SELECT * FROM ads WHERE ads.id = '$id';";
+        $res = $db->query($query);
+        if ($ad = $res->fetch_object()) {
+            return new Ad($ad->id, $ad->title, $ad->description, $ad->user_id);
+        }
+        return null;
+    }
+
+    // Metoda, ki doda nov oglas v bazo
+    public static function insert($title, $desc, $img, $categorys)
+    {
+        $db = Db::getInstance();
+        $title = mysqli_real_escape_string($db, $title);
+        $desc = mysqli_real_escape_string($db, $desc);
+        $user_id = $_SESSION["USER_ID"]; // user_id vzamemo iz seje (prijavljen uporabnik)
+
+        $query = "INSERT INTO ads (title, description, user_id, date)
+        VALUES('$title', '$desc', '$user_id', NOW());";
+
+        
+
+        if($db->query($query))
+        {
+            $id = $db->insert_id;
+            if(isset($categorys)){
+                foreach($categorys as $category)
+                {
+                    $query = "INSERT INTO ads_categorys (ads_id, categorys_id) 
+                    VALUES ($id, $category)";
+                    $db->query($query);
+                }
+            }
+
+            if(isset($img)){
+                $date = date("YmdHms");
+                $img_path = "../slike/" . $date . $img['name'];
+                move_uploaded_file($img['tmp_name'], $img_path);
+                $img_path = "slike/" . $date . $img['name'];
+                $img_path = "/" . $img_path;
+                
+                $img_path = mysqli_real_escape_string($db, $img_path);
+                $query = "INSERT INTO ads_image (ads_id, image) VALUES ('$id', '$img_path')";
+                $db->query($query);
+            }
+            return Ad::find($id);
+        }
+        else 
+        {
+            return null; // v primeru napake vrnemo null
+        }
+    }
+
+    // Metoda, ki posodobi obstoječ oglas v bazi
+    public function update($title, $desc)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $this->id);
+        $title = mysqli_real_escape_string($db, $title);
+        $desc = mysqli_real_escape_string($db, $desc);
+    
+        $query = "UPDATE ads SET title = '$title', description = '$desc' WHERE id = '$id'";
+        
+        if ($db->query($query)) {
+            return $id; //iz baze pridobimo posodobljen oglas in ga vrnemo controllerju
+        } else {
+            return null;
+        }
+    }
+
+    public function addImg($img)
+    {
+        $db = Db::getInstance();
+        $date = date("YmdHms");
+        $img_path = "../slike/" . $date . $img['name'];
+        move_uploaded_file($img['tmp_name'], $img_path);
+        $img_path = "slike/" . $date . $img['name'];
+        $img_path = "/" . $img_path;
+        
+        $img_path = mysqli_real_escape_string($db, $img_path);
+        $query = "INSERT INTO ads_image (ads_id, image) VALUES ('$this->id', '$img_path')";
+        
+        if ($db->query($query)) {
+            return $this->id; //iz baze pridobimo posodobljen oglas in ga vrnemo controllerju
+        } else {
+            return null;
+        }
+    }
+
+    // Metoda, ki izbriše oglas iz baze
+    public function delete()
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $this->id);
+        $query = "DELETE FROM ads WHERE id = '$id'";
+        if ($db->query($query)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/models/ads_image.php

@@ -0,0 +1,32 @@
+<?php
+
+
+class ads_image
+{
+    public $id;
+    public $ads_id;
+    public $image;
+
+
+    // Konstruktor
+    public function __construct($id, $ads_id, $image)
+    {
+        $this->id = $id;
+        $this->ads_id = $ads_id;
+        $this->image = $image;
+    }
+
+    // Metoda, ki vrne uporabnika z določenim ID-jem iz baze
+    public static function find($ads_id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $ads_id);
+        $query = "SELECT * FROM ads_image WHERE ads_image.ads_id = '$ads_id'";
+        $res = $db->query($query);
+        $images = array();
+        while ($img = $res->fetch_object()) {
+            array_push($images, new ads_image($img->id, $img->ads_id, $img->image));
+        }
+        return $images;
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/models/categorys.php

@@ -0,0 +1,44 @@
+<?php
+
+
+class Categorys
+{
+    public $id;
+    public $title;
+
+    // Konstruktor
+    public function __construct($id, $title)
+    {
+        $this->id = $id;
+        $this->title = $title;
+    }
+
+    // Metoda, ki vrne uporabnika z določenim ID-jem iz baze
+    public static function all()
+    {
+        $db = Db::getInstance();
+        $query = "SELECT * FROM categorys";
+        $res = $db->query($query);
+        $categorys = array();
+        while ($category = $res->fetch_object()) {
+            array_push($categorys, new Categorys($category->id, $category->title));
+        }
+        return $categorys;
+    }
+
+    public static function find($id)
+    {
+        $db = Db::getInstance();
+
+        $query = "SELECT categorys.id, categorys.title FROM ads_categorys, categorys
+        WHERE ads_categorys.ads_id = '$id'
+        AND ads_categorys.categorys_id = categorys.id";
+
+        $res = $db->query($query);
+        $categorys = array();
+        while ($category = $res->fetch_object()) {
+            array_push($categorys, new Categorys($category->id, $category->title));
+        }
+        return $categorys;
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/models/comments.php

@@ -0,0 +1,94 @@
+<?php
+
+require_once 'users.php';
+
+class Comments
+{
+    public $id;
+    public $ads_id;
+    public $user;
+    public $content;
+    public $country;
+
+
+    // Konstruktor
+    public function __construct($id, $ads_id, $users_id, $content, $country)
+    {
+        $this->id = $id;
+        $this->ads_id = $ads_id;
+        $this->user = User::findUserName($users_id);;
+        $this->content = $content;
+        $this->country = $country;
+    }
+
+    public static function insert($ads_id, $users_id, $content)
+    {
+        $url = "http://ip-api.com/json/" . $_SERVER['REMOTE_ADDR'] . "?fields=16385";
+        $data = file_get_contents($url);
+        $data = json_decode($data, true);
+        if($data['status'] == 'success'){
+            $country = $data['country'];
+        } else {
+            $country = 'localHost';
+        }
+      
+
+        $db = Db::getInstance();
+        $content = mysqli_real_escape_string($db, $content);
+        $ads_id = mysqli_real_escape_string($db, $ads_id);
+        $query = "INSERT INTO comments (ads_id, users_id, content, date, country) 
+        VALUES ('$ads_id', '$users_id', '$content', NOW(), '$country');";
+        if($res = $db->query($query)) {
+            return new Comments($db->insert_id, $ads_id, $users_id, $content, $country);
+        } else {
+            return array();
+        }
+    }
+
+    public static function all()
+    {
+        $db = Db::getInstance();
+        $query = "SELECT * FROM comments ORDER BY comments.date DESC LIMIT 5";
+        $res = $db->query($query);
+        $comments = array();
+        while ($commnet = $res->fetch_object()) {
+            array_push($comments, new Comments($commnet->id, $commnet->ads_id, $commnet->users_id, $commnet->content, $commnet->country));
+        }
+        return $comments;
+    }
+    
+    public static function findForAd($ads_id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $ads_id);
+        $query = "SELECT * FROM comments WHERE comments.ads_id = '$ads_id'";
+        $res = $db->query($query);
+        $comments = array();
+        while ($commnet = $res->fetch_object()) {
+            array_push($comments, new Comments($commnet->id, $commnet->ads_id, $commnet->users_id, $commnet->content, $commnet->country));
+        }
+        return $comments;
+    }
+
+    public static function find($id)
+    {
+        $db = Db::getInstance();
+        $query = "SELECT * FROM comments WHERE comments.id = '$id'";
+        $res = $db->query($query);
+        if ($commnet = $res->fetch_object()) {
+            return new Comments($commnet->id, $commnet->ads_id, $commnet->users_id, $commnet->content, $commnet->country);
+        }
+    }
+
+    public function delete()
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $this->id);
+        $query = "DELETE FROM comments WHERE id = '$id'";
+        if ($db->query($query)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/models/pages.php

@@ -0,0 +1,8 @@
+<?php
+/*
+    Prazna datoteka, ki simulira model za 'pages_controller'.
+    Potrebujemo jo, ker bi sicer dobili napako pri dinamičnem nalaganju datotek v funkciji call (routes.php).
+    Kot alternativa, bi lahko modele nalagali v controllerjih, namesto v funkciji call. Potem te datoteke ne bi potrebovali.
+*/
+
+require_once 'models/users.php';

semester_4/razvoj_aplikacij_za_internet/php/admin/models/users.php

@@ -0,0 +1,168 @@
+<?php
+
+// Model za uporabnika
+/*
+    Model z uporabniki.
+    Čeprav nimamo users_controller-ja, ta model potrebujemo pri oglasih, 
+    saj oglas vsebuje podatke o uporabniku, ki je oglas objavil.
+    Razred implementira metodo find, ki jo uporablja Ads model zato, da 
+    user_id zamenja z instanco objekta User z vsemi podatki o uporabniku.
+*/
+
+class User
+{
+    public $id;
+    public $username;
+    public $email;
+    public $ime;
+    public $priimek;
+    public $naslov;
+    public $posta;
+    public $telefon;
+    public $adm;
+
+    // Konstruktor
+    public function __construct($id, $username, $adm, $email, $ime, $priimek, $naslov, $posta, $telefon)
+    {
+        $this->id = $id;
+        $this->username = $username;
+        $this->adm = $adm;
+        $this->email = $email;
+        $this->ime = $ime;
+        $this->priimek = $priimek;
+        $this->naslov = $naslov;
+        $this->posta = $posta;
+        $this->telefon = $telefon;
+    }
+
+    // Metoda, ki vrne uporabnika z določenim ID-jem iz baze
+    public static function find($id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $id);
+        $query = "SELECT * FROM users WHERE id = $id;";
+        $res = $db->query($query);
+        if ($user = $res->fetch_object()) {
+            return new User($user->id, $user->username, $user->adm, $user->email, $user->ime, $user->priimek, $user->naslov, $user->posta, $user->telefon);
+        }
+        return null;
+    }
+
+    public static function findUserName($id)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $id);
+        $query = "SELECT users.username FROM users WHERE id = $id;";
+        $res = $db->query($query);
+        if ($user = $res->fetch_object()) {
+            return $user->username;
+        }
+        return null;
+    }
+
+    public static function all()
+    {
+        $list = array();
+        $db = Db::getInstance();
+        $query = "SELECT * FROM users;";
+        $res = $db->query($query);
+        while ($user = $res->fetch_object()) {
+            $list[] = new User($user->id, $user->username, $user->adm, $user->email, $user->ime, $user->priimek, $user->naslov, $user->posta, $user->telefon);
+        }
+        return $list;
+    }
+
+    public static function validate_login($username, $password)
+    {
+		$db = Db::getInstance();
+		$username = mysqli_real_escape_string($db, $username);
+		$pass = sha1($password);
+		$query = "SELECT * FROM users WHERE username='$username' AND password='$pass'";
+		$res = $db->query($query);
+		if($user_obj = $res->fetch_object()){
+			return new User($user_obj->id, $user_obj->username, $user_obj->adm, $user_obj->email, $user_obj->ime, $user_obj->priimek, $user_obj->naslov, $user_obj->posta, $user_obj->telefon);
+		}
+		return null;
+	}
+
+    public static function username_exists($username){
+        $db = Db::getInstance();
+        $username = mysqli_real_escape_string($db, $username);
+        $query = "SELECT * FROM users WHERE username='$username'";
+        $res = $db->query($query);
+        return mysqli_num_rows($res) > 0;
+    }
+
+    public static function createUser($username, $password, $email, $ime, $priimek, $naslov, $posta, $telefon){
+        $db = Db::getInstance();
+        $username = mysqli_real_escape_string($db, $username);
+        $password = sha1($password);
+        $email = mysqli_real_escape_string($db, $email);
+        $ime = mysqli_real_escape_string($db, $ime);
+        $priimek = mysqli_real_escape_string($db, $priimek);
+        $naslov = mysqli_real_escape_string($db, $naslov);
+        $posta = mysqli_real_escape_string($db, $posta);
+        $telefon = mysqli_real_escape_string($db, $telefon);
+        $query = "INSERT INTO users (username, password, email, ime, priimek, naslov, posta, telefon) 
+                    VALUES ('$username', '$password', '$email', '$ime', '$priimek', '$naslov', '$posta', '$telefon');";
+        if($db->query($query)){
+            return true;
+        }
+        else{
+            return false;
+        }
+    }
+
+    public static function insert($username, $password){
+        $db = Db::getInstance();
+        $username = mysqli_real_escape_string($db, $username);
+        $password = sha1($password);
+        $query = "INSERT INTO users (username, password, email, ime, priimek, naslov, posta, telefon) 
+                    VALUES ('$username', '$password', '', '', '', '', '', '');";
+        if($db->query($query)){
+            return $db->insert_id;
+        }
+        else{
+            return false;
+        }
+    }
+
+    public function delete()
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $this->id);
+        $query = "DELETE FROM users WHERE id = '$id'";
+        if ($db->query($query)) {
+            $query = "DELETE FROM comments WHERE comments.users_id = '$id'";
+            $db->query($query);
+            $query = "DELETE FROM ads WHERE ads.user_id = '$id'";
+            $db->query($query);
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function update( $username, $email, $ime, $priimek, $naslov, $posta, $telefon)
+    {
+        $db = Db::getInstance();
+        $id = mysqli_real_escape_string($db, $this->id);
+        $username = mysqli_real_escape_string($db, $username);
+        $email = mysqli_real_escape_string($db, $email);
+        $ime = mysqli_real_escape_string($db, $ime);
+        $priimek = mysqli_real_escape_string($db, $priimek);
+        $naslov = mysqli_real_escape_string($db, $naslov);
+        $posta = mysqli_real_escape_string($db, $posta);
+        $telefon = mysqli_real_escape_string($db, $telefon);
+
+        $query = "UPDATE users SET 
+        username = '$username', email = '$email', ime = '$ime', priimek = '$priimek', naslov = '$naslov', posta = '$posta', telefon = '$telefon' WHERE id = '$id'";
+
+        if ($db->query($query)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/routes.php

@@ -0,0 +1,39 @@
+<?php
+/*
+  Usmerjevalnik (router) skrbi za obravnavo HTTP zahtev. Glede na zahtevo, 
+  pokliče ustrezno akcijo v zahtevanem controllerju.
+*/
+
+// Funkcija, ki kliče kontrolerje in hkrati vključuje njihovo kodo in kodo modela
+function call($controller, $action)
+{
+  // Vključimo kodo controllerja in modela (pazimo na poimenovanje datotek)
+  require_once('controllers/' . $controller . '_controller.php');
+  require_once('models/' . $controller . '.php');
+
+  // Ustvarimo kontroler
+  $o = $controller . "_controller"; //generiramo ime razreda controllerja
+  $controller = new $o; //ustvarimo instanco razreda (ime razreda je string spremenljivka)
+
+  //pokličemo akcijo na kontrolerju (ime funkcije je string spremenljivka)
+  $controller->{$action}();
+}
+
+// Seznam vseh dovoljenih controllerjev in njihovih akcij. Z njegovo pomočjo bi 
+// lahko definirali tudi pravice (ustrezno zmanjšali nabor akcij pod določenimi pogoji)
+$controllers = array(
+  'pages' => ['error', 'api', 'login', 'register', 'logout'],
+  'ads' => ['index', 'show', 'create', 'store', 'edit', 'update', 'delete', 'addImg']
+);
+
+// Preverimo, če zahteva kliče controller in akcijo iz zgornjega seznama
+if (
+  array_key_exists($controller, $controllers)
+  && in_array($action, $controllers[$controller])
+) {
+  // Pokličemo akcijo
+  call($controller, $action);
+} else {
+  // Izpišemo stran z napako
+  call('pages', 'error');
+}

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/addImg.php

@@ -0,0 +1,8 @@
+<h2>Dodaj sliko</h2>
+<form action="?controller=ads&action=addImg&id=<?php echo $ad->id; ?>" method="POST" enctype="multipart/form-data">
+    <div class="mb-3">
+        <label class="form-label">Slika</label>
+        <input class="form-control" type="file" name="image" required>
+    </div>
+    <input type="submit" name="submit" value="Dodaj sliko" class="btn btn-primary"/>
+</form>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/create.php

@@ -0,0 +1,29 @@
+<h2>Objavi oglas</h2>
+<form action="?controller=ads&action=store" method="POST" enctype="multipart/form-data">
+    <div class="mb-3">
+        <label class="form-label">Naslov</label>
+        <input type="text" class="form-control" name="title" required>
+    </div>
+    <div class="mb-3">
+        <label class="form-label">Vsebina</label>
+        <textarea name="description" class="form-control" rows="3" required></textarea>
+    </div>
+
+    <?php foreach($categorys as $category) : ?>
+		<div class="form-check">
+
+			<input name="categorys[]" value="<?php echo $category->id; ?>" class="form-check-input" type="checkbox">
+			<label class="form-check-label">
+				<?php echo $category->title; ?>
+			</label>
+
+		</div>
+		<?php endforeach?>
+
+    <div class="mb-3">
+        <label class="form-label">Slika</label>
+        <input class="form-control" type="file" name="image" required>
+    </div>
+
+    <input class="btn btn-primary" type="submit" name="submit" value="Objavi" /> <br />
+</form>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/edit.php

@@ -0,0 +1,65 @@
+<h2>Uredi oglas</h2>
+<form action="?controller=ads&action=update" method="POST" enctype="multipart/form-data">
+    <!-- ID od oglasa, ki ga želimo urediti, pošljemo v POST s pomočjo avtomatsko izpolnjenega skritega vnosnega polja <input type='hidden'>-->
+    <input type="hidden" name="id" value="<?php echo $ad->id; ?>" />
+
+    <label>Naslov</label>
+    <input class="form-control" type="text" name="title" value="<?php echo $ad->title; ?>" /> <br />
+    
+    <label>Vsebina</label>
+    <textarea class="form-control" name="description" rows="10" cols="50"><?php echo $ad->description; ?></textarea> 
+    <br/>
+    <input class="btn btn-primary" type="submit" name="submit" value="Shrani" /> <br />
+</form>
+
+
+
+<table class="table table-striped">
+  <thead>
+    <tr>
+      <th>Username</th>
+      <th>Content</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody id="comments">
+  </tbody>
+</table>
+
+<script>
+    $(document).ready(async function() {
+        await loadComments();
+        $(".delete_comment_btn").click(deleteClickHandler);
+    });
+
+    function deleteClickHandler() 
+    {
+        var row = $(this).closest("tr");
+        deleteComment(row);
+		row.remove();
+    }
+
+    function deleteComment(row) {
+		var id = row.attr("id");
+		$.ajax({
+			url: '/api/index.php/comments/' + id,
+			method: 'DELETE'
+		});
+	}
+
+    async function loadComments() {
+        await $.get("/api/index.php/comments/<?php echo $ad->id ?>", renderComments);
+    }
+
+    function renderComments(comments) {
+		comments.forEach(function(comment) {
+			var row = document.createElement("tr");
+			row.id = comment.id;
+			row.innerHTML = "<td>" + comment.user + 
+							"</td><td>" + comment.content + 
+						    "</td><td><button class='btn btn-danger delete_comment_btn'>Izbriši</button></td>";
+
+			$("#comments").append(row);
+		});
+	}
+</script>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/index.php

@@ -0,0 +1,50 @@
+
+<table class="table table-striped">
+  <thead>
+    <tr>
+      <th>Username</th>
+      <th>Content</th>
+	  <th>Country</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody id="comments">
+  </tbody>
+</table>
+
+<hr/>
+<?php foreach ($ads as $ad): ?>
+	<h2><?php echo $ad->title;?></h2>
+	<p>
+	<?php foreach ($ad->ads_categorys as $category): ?>
+		<?php echo "$category->title ";?>
+	<?php endforeach; ?>
+	</p>
+	<p><img width="200" src="<?php echo $ad->ad_img[0]->image?>"/></p>
+	<a href='?controller=ads&action=show&id=<?php echo $ad->id; ?>'><button class="btn btn-primary">Prikaži</button></a>
+	<hr/>
+<?php endforeach; ?>
+
+
+<script>
+    $(document).ready(async function() {
+        await loadComments();
+       
+    });
+
+    async function loadComments() {
+        await $.get("/api/index.php/comments", renderComments);
+    }
+
+    function renderComments(comments) {
+		comments.forEach(function(comment) {
+			var row = document.createElement("tr");
+			row.id = comment.id;
+			row.innerHTML = "<td>" + comment.user + 
+							"</td><td>" + comment.content + 
+							"</td><td>" + comment.country + 
+						    "</td><td><a href='?controller=ads&action=show&id=" + comment.id +"'><button class='btn btn-primary'>Poglej</button></a></td>";
+			$("#comments").append(row);
+		});
+	}
+</script>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/myAdds.php

@@ -0,0 +1,14 @@
+<?php foreach($ads as $ad): ?>
+
+    <h2><?php echo $ad->title;?></h2>
+   
+    <?php foreach ($ad->ad_img as $img):?>
+		<p><img src="<?php echo $img->image;?>" width="200"/></p>
+    <?php endforeach; ?>
+
+	  <a href="?controller=ads&action=edit&id=<?php echo $ad->id;?>"><button class="btn btn-primary">Uredi</button></a>
+    <a href="?controller=ads&action=addImg&id=<?php echo $ad->id;?>"><button class="btn btn-primary">Dodaj sliko</button></a>
+    <a href="?controller=ads&action=delete&id=<?php echo $ad->id;?>"><button class="btn btn-danger">Odstrani</button></a>
+ 
+  <hr/>
+<?php endforeach; ?>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/ads/show.php

@@ -0,0 +1,74 @@
+<h4><?php echo $ad->title; ?></h4>
+<p><?php echo $ad->description; ?></p>
+
+<p>
+<?php foreach ($ad->ads_categorys as $cat):?>
+    <?php echo "$cat->title "; ?>
+<?php endforeach; ?>
+</p>
+
+<?php foreach ($ad->ad_img as $img):?>
+    <p><img src="<?php echo $img->image;?>" width="400"/></p>
+<?php endforeach; ?>
+
+<p>Objavil: <?php echo $ad->user; ?></p>
+<a href="/admin/index.php"><button class="btn btn-primary">Nazaj</button></a>
+
+<?php if(isset($_SESSION['USER_ID'])):?>
+<hr/>
+<div class="row">
+    <div class="col-md-6">
+        <h4>Komentarji</h4>
+            <div class="form-group">
+                <label>Vsebina</label>
+                <textarea class="form-control" id="comment_content" rows="3"></textarea>
+            </div>
+            <button id="submit_comment_btn" class="btn btn-primary">Dodaj</button>
+    </div>
+</div>
+<?php endif; ?>
+<hr/>
+
+<div id="comments">
+</div>
+
+<script>
+    $(document).ready(async function() {
+        await loadComments();
+        $("#submit_comment_btn").click(submitComment);
+    });
+
+    function submitComment() {
+        var data = {
+            content: $("#comment_content").val(),
+            ad_id: <?php echo "'$ad->id'"; ?>,
+        };
+
+        $("#comment_content").val("");
+
+        $.post('/api/index.php/comments/', data, function(data) {
+            var row = document.createElement("div");
+            row.id = data.id;
+            row.innerHTML = "<div class='row'><h4>" + data.user + 
+                            "</h4><p>" + data.content + 
+                            "</p></div>";
+            $("#comments").append(row);
+        });
+    }
+
+    async function loadComments() {
+        await $.get("/api/index.php/comments/<?php echo $ad->id ?>", renderComments);
+    }
+
+    function renderComments(comments) {
+		comments.forEach(function(comment) {
+			var row = document.createElement("div");
+			row.id = comment.id;
+			row.innerHTML = "<div class='row'><h4>" + comment.user + 
+							"</h4><p>" + comment.content + 
+						    "</p></div>";
+
+			$("#comments").append(row);
+		});
+	}
+</script>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/layout.php

@@ -0,0 +1,39 @@
+<html class="bg-dark-subtle">
+<head>
+	<title>PHP</title>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js"></script>
+	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous">
+	<script defer src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js" integrity="sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN" crossorigin="anonymous"></script>
+</head>
+<body class="bg-dark-subtle">
+	<div class="container">
+		<h1 class="display-1" >Oglasnik</h1>
+		<br/>
+		<nav class="navbar bg-light-subtle">
+			<div class="container-fluid navbar-expand-lg">
+				<div class="navbar-nav">
+					<a class="nav-link" aria-current="page" href="/admin/index.php">Domov</a>
+
+					<?php if(isset($_SESSION["USER_ID"])): ?>
+						<a class="nav-link" href="/admin/index.php?controller=ads&action=create">Objavi oglas</a>
+						<a class="nav-link" href="/admin/index.php?controller=ads&action=show">Moji Oglasi</a>
+						<a class="nav-link" href="/admin/index.php?controller=pages&action=logout">Odjava</a>
+					<?php else: ?>
+						<a class="nav-link" href="/admin/index.php?controller=pages&action=login">Prijava</a>
+						<a class="nav-link" href="/admin/index.php?controller=pages&action=register">Registracija</a>
+					<?php endif; ?>
+
+					<?php if(isset($_SESSION["ADM"]) && $_SESSION["ADM"] > 0): ?>
+						<a class="nav-link" href="/admin/index.php?controller=pages&action=api">Uporabniki</a>
+					<?php endif; ?>
+				</div>
+			</div>
+		</nav>
+		<br/>
+
+		<!-- tukaj se bo vključevala koda pogledov, ki jih bodo nalagali kontrolerji -->
+		<!-- klic akcije iz routes bo na tem mestu zgeneriral html kodo, ki bo zalepnjena v našo predlogo -->
+		<?php require_once('routes.php'); ?> 
+	</div>
+</body>
+</html>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/pages/api.php

@@ -0,0 +1,147 @@
+<!-- pogled za pregeld vseh oglasov-->
+<!-- na vrhu damu uporabniku gumb, s katerim proži akcijo create, da lahko dodaja nove uporabnike -->
+<h3>Ustvari oglas:</h3>
+Uporabnisko ime: <input type="text" name="username" id="create_ad_username" />
+Geslo: <input type="text" name="password" id="create_ad_password" />
+<button id="create_user_btn">Dodaj</button>
+<hr />
+<h3>Seznam vseh oglasov</h3>
+<table class="table table-striped">
+  <thead>
+    <tr>
+      <th>Username</th>
+      <th>Ime</th>
+      <th>Priimek</th>
+	  <th>Email</th>
+	  <th>Naslov</th>
+	  <th>Posta</th>
+	  <th>Telefon</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody id="ads_tbody">
+  </tbody>
+</table>
+
+<button hidden id="confrm_user_btn"  class="btn btn-primary">Potrdi</button>
+<button hidden id="cancel_user_btn"  class="btn btn-primary">Preklici</button>
+
+<script>
+	$(document).ready(async function() {
+		await loadAds();
+		$("#create_user_btn").click(createAd);
+		$(".edit_user_btn").click(editClickHandler);
+		$(".delete_user_btn").click(deleteClickHandler);
+		$("#confrm_user_btn").click(confrmClickHandler);
+		$("#cancel_user_btn").click(cancelClickHandler);
+	});
+
+	async function loadAds() {
+		await $.get("/api/index.php/users", renderAds);
+	}
+
+	function renderAds(ads) {
+		ads.forEach(function(ad) {
+			var row = document.createElement("tr");
+			row.id = ad.id;
+			row.innerHTML = "<td>" + ad.username + 
+							"</td><td>" + ad.ime + 
+							"</td><td>" + ad.priimek + 
+							"</td><td>" + ad.email +
+							"</td><td>" + ad.naslov +
+							"</td><td>" + ad.posta +
+							"</td><td>" + ad.telefon +
+							"</td>";
+			row.innerHTML += "<td><button class='btn btn-primary edit_user_btn'>Uredi</button>" + 
+							"<button class='btn btn-primary delete_user_btn'>Izbriši</button></td>";
+			$("#ads_tbody").append(row);
+		});
+	}
+
+	function createAd() {
+		var data = {
+			username: $("#create_ad_username").val(),
+			password: $("#create_ad_password").val()
+		};
+
+		$("#create_ad_username").val("");
+		$("#create_ad_password").val("");
+
+		$.post('/api/index.php/users/', data, function(data) {
+			var row = document.createElement("tr");
+			row.id = data.id;
+			row.innerHTML = "<td>" + data.username + 
+							"</td><td>" + data.ime + 
+							"</td><td>" + data.priimek + 
+							"</td><td>" + data.email +
+							"</td><td>" + data.naslov +
+							"</td><td>" + data.posta +
+							"</td><td>" + data.telefon +
+							"</td>";
+			row.innerHTML += "<td><button class='btn btn-primary edit_user_btn'>Uredi</button>" + 
+							"<button class='btn btn-primary delete_user_btn'>Izbriši</button></td>";
+			$(".edit_user_btn", row).click(editClickHandler);
+			$(".delete_user_btn", row).click(deleteClickHandler);
+			$("#ads_tbody").append(row);
+		});
+	}
+
+	function editClickHandler() {
+		var row = $(this).closest("tr");
+		if ($(this).text() == "Uredi") {
+			$(this).text("Shrani");
+			row.find('td:not(:nth-last-child(-n+1)').attr('contenteditable', true);
+		} else {
+			$(this).text("Uredi");
+			row.find('td:not(:nth-last-child(-n+1))').attr('contenteditable', false);
+			updateAd(row);
+		}
+	}
+
+	function updateAd(row) {
+		var id = row.attr("id");
+		var data = {
+			username: 		row.find('td:nth-child(1)').text(),
+			ime: 			row.find('td:nth-child(2)').text(),
+			priimek: 		row.find('td:nth-child(3)').text(),
+			email: 			row.find('td:nth-child(4)').text(),
+			naslov: 		row.find('td:nth-child(5)').text(),
+			posta: 			row.find('td:nth-child(6)').text(),
+			telefon: 		row.find('td:nth-child(7)').text()
+		};
+
+		$.ajax({
+			url: '/api/index.php/users/' + id,
+			method: 'PUT',
+			data: JSON.stringify(data),
+			contentType: 'application/json'
+		});
+	}
+
+	var rowToBeDeleted;
+	function deleteClickHandler() {
+		rowToBeDeleted = $(this).closest("tr");
+		$("#confrm_user_btn").attr("hidden", false);
+		$("#cancel_user_btn").attr("hidden", false);
+	}
+
+	function cancelClickHandler() {
+		$("#confrm_user_btn").attr("hidden", true);
+		$("#cancel_user_btn").attr("hidden", true);
+	}
+
+	function confrmClickHandler() {
+		deleteAd(rowToBeDeleted);
+		rowToBeDeleted.remove();
+		$("#confrm_user_btn").attr("hidden", true);
+		$("#cancel_user_btn").attr("hidden", true);
+	}
+
+	function deleteAd(row) {
+		var id = row.attr("id");
+		$.ajax({
+			url: '/api/index.php/users/' + id,
+			method: 'DELETE'
+		});
+	}
+</script>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/pages/error.php

@@ -0,0 +1 @@
+<p>Prišlo je do napake.</p>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/pages/login.php

@@ -0,0 +1,11 @@
+<h2>Prijava</h2>
+<form action="?controller=pages&action=login" method="POST">
+
+	<label class="form-label" >Uporabniško ime</label>
+	<input class="form-control w-25" type="text" name="username" />
+	<label class="form-label" >Geslo</label>
+	<input class="form-control w-25" type="password" name="password" />
+	<br/>
+	<input class="btn btn-primary" type="submit" name="submit" value="Pošlji" /> 
+	<br/>
+</form>

semester_4/razvoj_aplikacij_za_internet/php/admin/views/pages/logout.php

@@ -0,0 +1,5 @@
+<?php
+session_unset(); //Odstrani sejne spremenljivke
+session_destroy(); //Uniči sejo
+header("Location: /admin/index.php"); //Preusmeri na index.php
+die();

semester_4/razvoj_aplikacij_za_internet/php/admin/views/pages/register.php

@@ -0,0 +1,35 @@
+<h2>Registracija</h2>
+<form action="?controller=pages&action=register" method="POST">
+
+	<label class="form-label">Uporabniško ime</label>
+	<input class="form-control w-25" type="text" name="username" required/>
+
+	<label class="form-label">Geslo</label>
+	<input class="form-control w-25" type="password" name="password" required/>
+
+	<label class="form-label">Ponovi geslo</label>
+	<input class="form-control w-25" type="password" name="repeat_password" required/> 
+
+	<label class="form-label">Email</label>
+	<input class="form-control w-25" type="email" name="email" required/>
+
+	<label class="form-label">Ime</label>
+	<input class="form-control w-25" type="text" name="ime" required/> 
+
+	<label class="form-label">Priimek</label>
+	<input class="form-control w-25" type="text" name="priimek" required/> 
+
+	<label class="form-label">Naslov</label>
+	<input class="form-control w-25" type="text" name="naslov" />
+
+	<label class="form-label">Posta</label>
+	<input class="form-control w-25" type="text" name="posta" /> 
+
+	<label class="form-label">Telefon</label>
+	<input class="form-control w-25" type="text" name="telefon" /> 
+
+	<br/>
+	<input class="btn btn-primary" type="submit" name="submit" value="Pošlji" /> 
+	<br/>
+	<?php echo $error; ?>
+</form>

semester_4/razvoj_aplikacij_za_internet/php/api/controllers/comments_controller_json.php

@@ -0,0 +1,40 @@
+<?php
+
+class comments_controller_json
+{
+
+    public function index()
+    {
+        // Iz modela pidobimo vse oglase
+        $comments = Comments::all();
+
+        //izpišemo $ads v JSON formatu
+        echo json_encode($comments);
+    }
+
+    public function show($id)
+    {
+        $comments = Comments::findForAd($id);
+        echo json_encode($comments);
+    }
+
+    public function store()
+    {
+        $comment = Comments::insert($_POST["ad_id"], $_SESSION["USER_ID"], $_POST["content"]);
+        echo json_encode($comment);
+    }
+
+    public function update($id)
+    {
+       
+    }
+
+    public function delete($id)
+    {
+        // Poiščemo in izbrišemo oglas
+        $comment = Comments::find($id);
+        $comment->delete();
+        // Vrnemo podatke iz izbrisanega oglasa
+        echo json_encode($comment);
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/api/controllers/users_controller_json.php

@@ -0,0 +1,53 @@
+<?php
+
+class users_controller_json
+{
+
+    public function index()
+    {
+        // Iz modela pidobimo vse oglase
+        $users = User::all();
+
+        //izpišemo $ads v JSON formatu
+        echo json_encode($users);
+    }
+
+    public function show($id)
+    {
+        $user = User::find($id);
+        echo json_encode($user);
+    }
+
+    public function store()
+    {
+        // Store se pokliče z POST, zato so podatki iz obrazca na voljo v $_POST
+        $id = User::insert($_POST["username"], $_POST["password"]);
+        $user = User::find($id);
+        // Vrnemo vstavljen oglas
+        echo json_encode($user);
+    }
+
+    public function update($id)
+    {
+        // Update se pokliče z PUT, zato nima podatkov v formData ($_POST).
+        // Namesto tega smo jih poslali v body-u HTTP zahtevka v JSON formatu.
+        $data = file_get_contents('php://input'); //preberemo body iz zahtevka
+        $data = json_decode($data, true); //dekodiramo JSON string v PHP array
+
+        // Poiščemo in posodobimo oglas
+        $user = User::find($id);
+        $user = $user->update($data['username'], $data['email'], $data['ime'], $data['priimek'], $data['naslov'], $data['posta'], $data['telefon']);
+
+        // Vrnemo posodobljen oglas
+        echo json_encode($user);
+    }
+
+    public function delete($id)
+    {
+        // Poiščemo in izbrišemo oglas
+        $user = User::find($id);
+        $user->delete();
+        // Vrnemo podatke iz izbrisanega oglasa
+        echo json_encode($user);
+    }
+}

semester_4/razvoj_aplikacij_za_internet/php/api/index.php

@@ -0,0 +1,91 @@
+<?php
+/*
+Vstopna točka za našo spletno storitev. Podobno kot pri MVC, bodo tudi vse zahteve na API šle skozi index.php,
+ki bo poskrbel za njihovo obravnavo.
+Index.php ima tako vlogo routerja, ki na podlagi HTTP zahteve sproži ustrezne akcije.
+Za razliko od MVC, bo poleg URL-ja pomembna tudi HTTP metoda v zahtevi, saj REST predpisuje akcije, ki jih prožijo določene metode.
+
+ENDPOINTI:
+    api/ads/:id/
+        PUT -> posodobi
+        GET -> vrni oglas
+        DELETE -> zbriši oglas
+
+    api/ads
+        POST -> dodaj nov oglas
+	    GET-> vrni vse oglase
+
+S pomočjo .htaccess preslikamo URL-je iz /api.php/foo/bar => /api/foo/bar (več v datoteki .htaccess)
+*/
+
+require_once "../admin/connection.php"; //uporabimo povezavo na bazo iz MVC
+
+session_start();
+
+//nastavimo glave odgovora tako, da brskalniku sporočimo, da mu vračamo json
+header('Content-Type: application/json');
+//omgočimo zahtevo iz različnih domen
+header("Access-Control-Allow-Origin: *");
+// Kot odgovor iz API-ja izpišemo JSON string s pomočjo funkcije json_encode
+
+// preberemo HTTP metodo iz zahteve
+$method = $_SERVER['REQUEST_METHOD'];
+
+// Razberemo parametre iz URL - razbijemo URL po '/'
+// tako dobimo iz zahteve api/first/second/third => $request = array("first", "second", "third")
+if(isset($_SERVER['PATH_INFO']))
+	$request = explode('/', trim($_SERVER['PATH_INFO'],'/'));
+else
+	$request="";
+
+$controllers = array( 'users', 'comments' );
+// Najprej potrebujemo 'router', ki bo razpoznal zahtevo in sprožil ustrezne akcije
+// Preverimo, če je v url-ju prva pot 'ads'
+if(!isset($request[0]) || !in_array($request[0], $controllers)){
+    echo json_encode((object)["status"=>"404", "message"=>"Not found"]);
+    die();
+}
+
+
+require_once ('../admin/models/' . $request[0] . '.php'); //uporabimo model Ad iz MVC
+require_once ('controllers/' . $request[0] . '_controller_json.php'); //vključimo API controller
+
+$o = $request[0] . "_controller_json"; //generiramo ime razreda controllerja
+$controller = new $o; //ustvarimo instanco razreda (ime razreda je string spremenljivka)
+
+
+
+// Odvisno od metode pokličemo ustrezen controller action
+switch($method){
+    case "GET":
+        // Če je v zahtevi nastavljen :id, kličemo akcijo show (en oglas), sicer pa index (vsi oglasi)
+        if(isset($request[1])){
+            $controller->show($request[1]);
+        } else {
+            $controller->index();
+        }
+        break;
+    case "POST": 
+        $controller->store();
+        break;
+    case "PUT": 
+        if(!isset($request[1])){
+            // Če ni podan :id v zahtevi, izpišemo napako
+            echo json_encode((object)["status"=>"500", "message"=>"Invalid parameters"]);
+            die();
+        }
+        $controller->update($request[1]);
+        break;
+    case "DELETE":
+        if(!isset($request[1])){
+            // Če ni podan :id v zahtevi, izpišemo napako
+            echo json_encode((object)["status"=>"500", "message"=>"Invalid parameters"]);
+            die();
+        }
+        $controller->delete($request[1]);
+        break;
+    default: 
+        break;
+}
+
+

semester_4/razvoj_aplikacij_za_internet/php/index.php

@@ -0,0 +1,3 @@
+<?php
+header("Location: /admin/index.php");
+?>