Untitled

<?php

		session_start();

		if ((!isset($_POST['login'])) || (!isset($_POST['haslo'])))
		{
			header('Location: ../index.php');
			exit();
		}

		require("polacz.php");

	$login = $_POST['login'];
	$haslo = $_POST['haslo'];

	$login = htmlentities($login, ENT_QUOTES, "UTF-8");

	if ($rezultat = @$connection->query(
	sprintf("SELECT * FROM users WHERE login='%s'",
	mysqli_real_escape_string($connection,$login))))
	{
		$ilu_userow = $rezultat->num_rows;
		if($ilu_userow>0)
		{
			$row = $rezultat->fetch_assoc();

			if (password_verify($haslo, $row['haslo']))
			{
				$_SESSION['zalogowany'] = true;
				$_SESSION['login'] = $row['login'];
				$_SESSION['uprawnienia'] = $row['uprawnienia'];
				unset($_SESSION['blad']);
				$rezultat->free_result();
				header('Location: ../php2/index2.php');
			}
			else
			{
				$_SESSION['blad'] = 'Zły login lub hasło!';
				echo $_POST['haslo'];
				header('Location: ../index.php');
			}

		} else {

			$_SESSION['blad'] = 'Zły login lub hasło!';
			header('Location: ../index.php');
		}

	}

	$connection->close();

?>


SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


CREATE DATABASE IF NOT EXISTS `Wynajem` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `Wynajem`;


CREATE TABLE `klient` (
  `Id_Klienta` int(11) NOT NULL,
  `NazwaKlienta` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


INSERT INTO `klient` (`Id_Klienta`, `NazwaKlienta`) VALUES
(1, 'admin'),
(2, 'user');


CREATE TABLE `samochod` (
  `Id` int(11) NOT NULL,
  `Model` text COLLATE utf8_polish_ci NOT NULL,
  `Marka` text COLLATE utf8_polish_ci NOT NULL,
  `Cena` float NOT NULL,
  `data` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_polish_ci;


INSERT INTO `samochod` (`Id`, `Model`, `Marka`, `Cena`, `data`) VALUES
(1, 'a1', 'audi', 1250.99, '2018-06-07 08:29:57'),
(2, 'a2', 'audi', 2250.99, '2018-06-07 08:30:27'),
(3, 'a3', 'audi', 3250.99, '2018-06-07 08:31:37'),
(4, 'a4', 'audi', 4250.99, '2018-06-07 08:31:47'),
(5, 'a5', 'audi', 5250.99, '2018-06-07 08:31:59'),
(6, 'a6', 'audi', 6250.99, '2018-06-07 08:32:04'),
(7, 'a7', 'audi', 7250.99, '2018-06-07 08:32:16'),
(8, 'a8', 'audi', 8250.99, '2018-06-07 08:32:29'),
(9,'a9', 'audi', 9250.99, '2018-06-07 08:32:43'),
(10, 'a10', 'audi', 1250.99, '2018-06-07 08:32:54');


CREATE TABLE `users` (
  `user_id` int(11) NOT NULL,
  `login` text NOT NULL,
  `email` text NOT NULL,
  `haslo` text NOT NULL,
  `uprawnienia` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


INSERT INTO `users` (`user_id`, `login`, `email`, `haslo`, `uprawnienia`) VALUES
(0, 'admin', 'admin@interia.pl', '$2y$10$zzVLOlNOTyfoZBoGoHKdiOVGYr8qly3ga8CgE9YXPwWFmfmd0.nQ6', 'kierownik'),
(4, 'pracownik', 'pracownik@interia.pl', '$2y$10$yF0ITtf9lLKbu0F.JY6PTOrBORfYNKCJwG0TNxvbLFNwW7q5K8THa', 'pracownik'),
(5, 'Kierownik', 'kierownik@interia.pl', '$2y$10$TwdfSlN1munSqzggmJpcp.zy1h/7mZQIWrESBIKOKdsTtOqvivrxm', 'kierownik');


ALTER TABLE `samochod`
  ADD PRIMARY KEY (`Id`);


ALTER TABLE `users`
  ADD PRIMARY KEY (`user_id`);

ALTER TABLE `klient`
  ADD PRIMARY KEY (`Id_Klienta`);


ALTER TABLE `klient`
  MODIFY `Id_Klienta` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;


ALTER TABLE `samochod`
  MODIFY `Id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=11;


ALTER TABLE `users`
  MODIFY `user_id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
COMMIT;

<?php

  session_start();

  if ((isset($_SESSION['zalogowany'])) && ($_SESSION['zalogowany']==true))
  {
    header('Location: index2.php');
    exit();
  }

  if (isset($_POST['email']))
  {
    $walidacja=true;

    $login = $_POST['login'];

    if ((strlen($login)<3) || (strlen($login)>20))
    {
      $walidacja=false;
      $_SESSION['e_login']="login od 3 do 20 znaków!";
    }


    $email = $_POST['email'];


    $haslo1 = $_POST['haslo1'];
    $haslo2 = $_POST['haslo2'];

    if ((strlen($haslo1)<8) || (strlen($haslo1)>20))
    {
      $walidacja=false;
      $_SESSION['e_haslo']="Hasło od 8 do 20 znaków!";
    }

    if ($haslo1!=$haslo2)
    {
      $walidacja=false;
      $_SESSION['e_haslo']="Podane hasła nie identyczne!";
    }

    $haslo_hash = password_hash($haslo1, PASSWORD_DEFAULT);

    if (!isset($_POST['regulamin']))
    {
      $walidacja=false;
      $_SESSION['e_regulamin']="Potwierdź regulamin!";
    }


    require_once "php/polacz.php";
    mysqli_report(MYSQLI_REPORT_STRICT);

    try
    {
      if ($connection->connect_errno!=0)
      {
        throw new Exception(mysqli_connect_errno());
      }
      else
      {
        $result = $connection->query("SELECT user_id FROM users WHERE email='$email'");

        if (!$result) throw new Exception($connection->error);

        $mails_number = $result->num_rows;
        if($mails_number>0)
        {
          $walidacja=false;
          $_SESSION['e_email']="Istnieje już konto przypisane do tego adresu e-mail!";
        }

        $result = $connection->query("SELECT user_id FROM users WHERE login='$login'");

        if (!$result) throw new Exception($connection->error);

        $ile_takich_loginow = $result->num_rows;
        if($ile_takich_loginow>0)
        {
          $walidacja=false;
          $_SESSION['e_login']="Istnieje już gracz o takim loginu! Wybierz inny.";
        }

        if ($walidacja==true)
        {

          if ($connection->query("INSERT INTO users (login, haslo, email ) VALUES ('$login', '$haslo_hash', '$email')"))
          {
            $_SESSION['udanarejestracja']=true;
            header('Location: index.php');
          }
          else
          {
            throw new Exception($connection->error);
          }

        }

        $connection->close();
      }

    }
    catch(Exception $e)
    {
      echo '<span style="color:red;">Błąd!</span>';
    }

  }


?>

<!DOCTYPE html>
<html lang="en">

<head>
 <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
    <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">
    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" integrity="sha384-DNOHZ68U8hZfKXOrtjWvjxusGo9WQnrNx2sqG0tfsghAvtVlRW3tvkXWZh58N9jp" crossorigin="anonymous">
</head>

<body class="bg-dark">
  <div class="container">
    <div class="card card-register mx-auto mt-7">
      <div class="card-header">Zarejestruj nowe konto</div>
      <div class="card-body">


        <form method="post">
          <div class="form-group">
                <label>Login</label>
                <input  class="form-control" type="text" placeholder="Podaj login"  name="login" / >


          </div>

          <div class="form-group">
              <label>Email</label>
              <input  class="form-control" type="email" placeholder="Podaj email" name="email">
          </div>


          <div class="form-group">
            <div class="form-row">

              <div class="col-md-4">
                <label>Hasło</label>
                <input  class="form-control" type="password" placeholder="Hasło"  name="haslo1" />
              </div>

              <div class="col-md-6">
                <label>Powtórz Hasło</label>
                <input  class="form-control" type="password" placeholder="Powtórz Hasło"  name="haslo2" />

              </div>
            </div>
          </div>

        <div class="form-group">
            <label>
              <input type="checkbox" name="regulamin" />
			  Akceptuję regulamin &nbsp;&nbsp;
            </label>

        </div>

        <div class="sub">
          <input class="btn btn-primary btn-block" type="submit" value="Zarejestruj się" />
        </div>
        </form>


        <div class="text-center">
          <a class="d-block small mt-3" href="index.php">Jeśli posiadasz konto to przejdź do panelu logowania</a> <br />
        </div>
      </div>
    </div>
  </div>
</body>

</html>

  <?php

    //Potrzebne dane do połączenia z bazą danych
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "Wynajem";

    $connection = new mysqli($servername, $username, $password, $dbname);

    if ($connection->connect_error) {
      die("Connection failed: " . $connection->connect_error);
    }
  ?>

    <?php

    //Potrzebne dane do połączenia z bazą danych
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "Wynajem";

    $connection = new mysqli($servername, $username, $password, $dbname);

    if ($connection->connect_error) {
      die("Connection failed: " . $connection->connect_error);
    }
  ?>

  <?php
//----------------------------------
  session_start();


  require("polacz.php");

  $queryShow = 'SELECT * FROM samochod';
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
      <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">
  </head>
  <body class="fixed-nav sticky-footer bg-dark" id="page-top">

            <a href="logout.php">
            <i class="fas fa-sign-out-alt"></i> Logout</a>

        <?php
        if(isset($_SESSION['komunikat'])){
          echo '<div class="alert alert-danger error" role="alert"><strong>Komunikat!</strong> '. $_SESSION['komunikat'] . '</div>';
          unset($_SESSION['komunikat']);
        }
        ?>

              <table  width="100%" cellspacing="0" , bgcolor="white">
                <thead>
                  <tr>
					<th>Id Samochodu</th>
                    <th>Model</th>
                    <th>Marka</th>
                    <th>Cena</th>
                    <th>Data dodania</th>
                    <th>Usuń</th>
                  </tr>
                </thead>

                <tbody>

                  <?php
                    $result = $connection->query($queryShow);
                    while ($row=$result->fetch_assoc()) {
                     $id = $row['Id'];
                      $marka = $row['Marka'];
                      $model = $row['Model'];
                      $cena = $row['Cena'];
                      $time = strtotime($row["data"]);
                      $rok = date('Y', $time);
                      $miesiac = date('m', $time);
                      $dzien = date('d', $time);
                      echo "<tr><td>$id</td> <td>$marka</td> <td>$model</td> <td>$cena</td> <td>$rok/$miesiac/$dzien</td>";
                      if($_SESSION['uprawnienia'] == "kierownik"){
                      echo "<td><form action=\"php/funkcje.php\" method=\"post\"><button type=\"submit\" name=\"delete\"class=\"btn btn-danger btn-sm\" value=\"" . htmlspecialchars($id) . "\">DEL</button></form></td></tr>";}
                      else echo "</tr>";
                    }
                  ?>
                </tbody>
              </table>


   <?php if($_SESSION['uprawnienia'] == "pracownik"){ ?>
        <div class="container-fluid">
          <h3>Dodaj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                <input type="text" class="form-control" placeholder="Id" name="IdSamochodu" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Model" name="ModelSamochodu" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="MarkaSamochodu" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="cenaWynajmu" required>
              </div>
              <button type="submit" class="btn btn-primary" name="dodaj">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
  <?php } ?>

    <?php if($_SESSION['uprawnienia'] == "kierownik"){ ?>
        <div class="container-fluid">
          <h3>Dodaj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                          <input type="text" class="form-control" placeholder="Id" name="IdSamochodu" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Model" name="ModelSamochodu" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="MarkaSamochodu" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="cenaWynajmu" required>
              </div>
              <button type="submit" class="btn btn-primary" name="dodaj">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
  <?php } ?>
        <?php if($_SESSION['uprawnienia'] == "kierownik"){ ?>
        <!-- Formularz aktualizujący rekord w bazie -->
        <div class="container-fluid">
          <h3>Edytuj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                          <input type="text" class="form-control" placeholder="Id" name="IdS" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Model" name="Model" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="Marka" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="cena">
              </div>
              <button type="submit" class="btn btn-primary" name="update">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
      </div>
      <?php } ?>


    </div>
  </body>
</html>

<?php
//----------------------------------
  session_start();
    if ((isset($_SESSION['zalogowany'])) && ($_SESSION['zalogowany']==true))
  {
    header('Location: index2.php');
    exit();
  }
  require("polacz.php");
  $queryShow = 'SELECT * FROM samochod';
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
      <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">

  </head>
  <body class="fixed-nav sticky-footer bg-dark" id="page-top">


           <form action="zaloguj.php" method="post">
          <div class="form-group">
            <label for="exampleInputLogin" color="white">Login pracownik lub kierownik</label>
            <input class="form-control" id="exampleInputLogin" type="text"  aria-describedby="loginHelp" name="login" placeholder="Podaj login" required>
          </div>
          <div class="form-group">
            <label for="exampleInputPassword1">Hasło Pracownik123 lub Kierownik123 odpowiednio</label>
            <input class="form-control" id="exampleInputPassword1" type="password" name="haslo" placeholder="Hasło" required>
          </div>
          <button class="btn btn-primary btn-block" type="submit">Login</button>
        </form>

		  <div class="text-center">
          <a class="d-block small mt-3" href="register.php">Zarejestruj się</a>
        </div>


              <table  width="100%" cellspacing="0" , bgcolor="white">
                <thead>
                  <tr>
                    <th>Id Samochodu</th>
                    <th>Model</th>
                    <th>Marka</th>
                    <th>Cena</th>
                    <th>Data dodania</th>

                  </tr>
                </thead>

                <tbody>

                  <?php
                    $result = $connection->query($queryShow);
                    while ($row=$result->fetch_assoc()) {
                      $id = $row['Id'];
                      $marka = $row['Marka'];
                      $model = $row['Model'];
                      $cena = $row['Cena'];
                      $time = strtotime($row["data"]);
                      $rok = date('Y', $time);
                      $miesiac = date('m', $time);
                      $dzien = date('d', $time);
                      echo "<tr><td>$id</td> <td>$marka</td> <td>$model</td> <td>$cena</td> <td>$rok/$miesiac/$dzien</td>";
                    }
                  ?>
                </tbody>
              </table>

    </div>
  </body>
</html>

<?php
	//----------------------------------
		session_start();
		require("polacz.php");
	//----------------------------------


	/* ### DODAJ DO BAZY DANYCH ### */
	function Dodaj($connection) {

		// Escape user inputs for security
		$Id = mysqli_real_escape_string($connection, $_REQUEST['Id']);
		$Model = mysqli_real_escape_string($connection, $_REQUEST['Model']);
		$Marka = mysqli_real_escape_string($connection, $_REQUEST['Marka']);
		$Cena = mysqli_real_escape_string($connection, $_REQUEST['Cena']);

	    $sql = "INSERT INTO samochod (Id, Model, Marka, Cena) VALUES ('$Id', '$Model', '$Marka', '$Cena')";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Dodano.";
		} else {
			$_SESSION['komunikat'] = "Nie dodano.";
		}

		mysqli_close($connection);
	}

	function Usun($connection) {

		// Escape user inputs for security
		$Id = mysqli_real_escape_string($connection, $_REQUEST['delete']);

	    $sql = "DELETE FROM samochod WHERE Id=$Id";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Usunięto wiersz";
		} else {
			$_SESSION['komunikat'] = "Niepowodzenie usuwania";
		}

		mysqli_close($connection);
	}

	function Edytuj($connection)	{

		 $Id = mysqli_real_escape_string($connection, $_REQUEST['Id']);

		 $query = "SELECT * FROM samochod where Id=$Id";
		 $result = mysqli_query($connection, $query);
		 while ($row=$result->fetch_assoc()) {
                  $id = $row['Id'];
                  $Model = $row['Model'];
                  $Marka = $row['Marka'];
                  $Cena = $row['Cena'];
        }

		if(!empty($_REQUEST['Model'])) { $Model = mysqli_real_escape_string($connection, $_REQUEST['Model']); } else { $Model = mysqli_real_escape_string($connection, $Model); }
		if(!empty($_REQUEST['Marka'])) { $Marka = mysqli_real_escape_string($connection, $_REQUEST['Marka']); } else { $Marka = mysqli_real_escape_string($connection, $Marka); }
		if(!empty($_REQUEST['Cena']))  { $Cena = mysqli_real_escape_string($connection,  $_REQUEST['Cena']);  } else { $Cena  = mysqli_real_escape_string($connection, $Cena);  }

	    $sql = "UPDATE samochod SET Model='$Model', Marka='$Marka', Cena='$Cena' WHERE Id=$Id";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Pomyślna aktualizacja wierszu";
		} else {
			$_SESSION['komunikat'] = "Nie zaktualizowano wiersza.";
		}

		mysqli_close($connection);
	}


	/* ###   W ZALEŻNOŚCI OD KLIKNIĘTEGO BUTTONA WYKONAJ DANĄ FUNKCJE   ### */
	if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['dodaj'])) {
	    	Dodaj($connection);
		}
	else if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['delete'])) {
	    	Usun($connection);
		}
	else if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['update'])) {
	    	Edytuj($connection);
		}

	header('Location: ../index2.php');
?>


------ DRUGIE

<?php

		session_start();

		if ((!isset($_POST['login'])) || (!isset($_POST['haslo'])))
		{
			header('Location: ../index.php');
			exit();
		}

		require("polacz.php");

	$login = $_POST['login'];
	$haslo = $_POST['haslo'];

	$login = htmlentities($login, ENT_QUOTES, "UTF-8");

	if ($rezultat = @$connection->query(
	sprintf("SELECT * FROM users WHERE login='%s'",
	mysqli_real_escape_string($connection,$login))))
	{
		$ilu_userow = $rezultat->num_rows;
		if($ilu_userow>0)
		{
			$row = $rezultat->fetch_assoc();

			if (password_verify($haslo, $row['haslo']))
			{
				$_SESSION['zalogowany'] = true;
				$_SESSION['login'] = $row['login'];
				$_SESSION['uprawnienia'] = $row['uprawnienia'];
				unset($_SESSION['blad']);
				$rezultat->free_result();
				header('Location: ../php3/index2.php');
			}
			else
			{
				$_SESSION['blad'] = 'Zły login lub hasło!';
				echo $_POST['haslo'];
				header('Location: ../index.php');
			}

		} else {

			$_SESSION['blad'] = 'Zły login lub hasło!';
			header('Location: ../index.php');
		}

	}

	$connection->close();

?>

<?php

  session_start();

  if ((isset($_SESSION['zalogowany'])) && ($_SESSION['zalogowany']==true))
  {
    header('Location: index2.php');
    exit();
  }

  if (isset($_POST['email']))
  {
    $walidacja=true;

    $login = $_POST['login'];

    if ((strlen($login)<3) || (strlen($login)>20))
    {
      $walidacja=false;
      $_SESSION['e_login']="login od 3 do 20 znaków!";
    }


    $email = $_POST['email'];


    $haslo1 = $_POST['haslo1'];
    $haslo2 = $_POST['haslo2'];

    if ((strlen($haslo1)<8) || (strlen($haslo1)>20))
    {
      $walidacja=false;
      $_SESSION['e_haslo']="Hasło od 8 do 20 znaków!";
    }

    if ($haslo1!=$haslo2)
    {
      $walidacja=false;
      $_SESSION['e_haslo']="Podane hasła nie identyczne!";
    }

    $haslo_hash = password_hash($haslo1, PASSWORD_DEFAULT);

    if (!isset($_POST['regulamin']))
    {
      $walidacja=false;
      $_SESSION['e_regulamin']="Potwierdź regulamin!";
    }


    require_once "php/polacz.php";
    mysqli_report(MYSQLI_REPORT_STRICT);

    try
    {
      if ($connection->connect_errno!=0)
      {
        throw new Exception(mysqli_connect_errno());
      }
      else
      {
        $result = $connection->query("SELECT user_id FROM users WHERE email='$email'");

        if (!$result) throw new Exception($connection->error);

        $mails_number = $result->num_rows;
        if($mails_number>0)
        {
          $walidacja=false;
          $_SESSION['e_email']="Istnieje już konto przypisane do tego adresu e-mail!";
        }

        $result = $connection->query("SELECT user_id FROM users WHERE login='$login'");

        if (!$result) throw new Exception($connection->error);

        $ile_takich_loginow = $result->num_rows;
        if($ile_takich_loginow>0)
        {
          $walidacja=false;
          $_SESSION['e_login']="Istnieje już gracz o takim loginu! Wybierz inny.";
        }

        if ($walidacja==true)
        {

          if ($connection->query("INSERT INTO users (login, haslo, email ) VALUES ('$login', '$haslo_hash', '$email')"))
          {
            $_SESSION['udanarejestracja']=true;
            header('Location: index.php');
          }
          else
          {
            throw new Exception($connection->error);
          }

        }

        $connection->close();
      }

    }
    catch(Exception $e)
    {
      echo '<span style="color:red;">Błąd!</span>';
    }

  }


?>

<!DOCTYPE html>
<html lang="en">

<head>
 <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
    <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">
    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" integrity="sha384-DNOHZ68U8hZfKXOrtjWvjxusGo9WQnrNx2sqG0tfsghAvtVlRW3tvkXWZh58N9jp" crossorigin="anonymous">
</head>

<body class="bg-dark">
  <div class="container">
    <div class="card card-register mx-auto mt-7">
      <div class="card-header">Zarejestruj nowe konto</div>
      <div class="card-body">


        <form method="post">
          <div class="form-group">
                <label>Login</label>
                <input  class="form-control" type="text" placeholder="Podaj login"  name="login" / >


          </div>

          <div class="form-group">
              <label>Email</label>
              <input  class="form-control" type="email" placeholder="Podaj email" name="email">
          </div>


          <div class="form-group">
            <div class="form-row">

              <div class="col-md-4">
                <label>Hasło</label>
                <input  class="form-control" type="password" placeholder="Hasło"  name="haslo1" />
              </div>

              <div class="col-md-6">
                <label>Powtórz Hasło</label>
                <input  class="form-control" type="password" placeholder="Powtórz Hasło"  name="haslo2" />

              </div>
            </div>
          </div>

        <div class="form-group">
            <label>
              <input type="checkbox" name="regulamin" />
			  Akceptuję regulamin &nbsp;&nbsp;
            </label>

        </div>

        <div class="sub">
          <input class="btn btn-primary btn-block" type="submit" value="Zarejestruj się" />
        </div>
        </form>


        <div class="text-center">
          <a class="d-block small mt-3" href="index.php">Jeśli posiadasz konto to przejdź do panelu logowania</a> <br />
        </div>
      </div>
    </div>
  </div>
</body>

</html>


  <?php

    //Potrzebne dane do połączenia z bazą danych
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "Magazyn";

    $connection = new mysqli($servername, $username, $password, $dbname);

    if ($connection->connect_error) {
      die("Connection failed: " . $connection->connect_error);
    }
  ?>


  <?php

	session_start();

	session_unset();

	header('Location: ../php3/index.php');

?>


SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


CREATE DATABASE IF NOT EXISTS `Magazyn` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `Magazyn`;


CREATE TABLE `Faktury` (
  `Id_Faktury` int(11) NOT NULL,
  `NazwaFaktury` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


INSERT INTO `Faktury` (`Id_Faktury`, `NazwaFaktury`) VALUES
(1, 'admin'),
(2, 'user');


CREATE TABLE `Towar` (
  `Id` int(11) NOT NULL,
  `Nazwa` text COLLATE utf8_polish_ci NOT NULL,
  `Marka` text COLLATE utf8_polish_ci NOT NULL,
  `Cena` float NOT NULL,
  `data` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_polish_ci;


INSERT INTO `Towar` (`Id`, `Nazwa`, `Marka`, `Cena`, `data`) VALUES
(1, 'drabina', 'marka1', 1250.99, '2018-06-07 08:29:57'),
(2, 'szpachla', 'marka2', 2250.99, '2018-06-07 08:30:27'),
(3, 'koparka', 'marka3', 3250.99, '2018-06-07 08:31:37'),
(4, 'dzwig', 'marka4', 4250.99, '2018-06-07 08:31:47'),
(5, 'tapeta', 'marka1', 5250.99, '2018-06-07 08:31:59'),
(6, 'gwozdzie', 'marka1', 6250.99, '2018-06-07 08:32:04'),
(7, 'mlotek', 'marka1', 7250.99, '2018-06-07 08:32:16'),
(8, 'siekiera', 'marka1', 8250.99, '2018-06-07 08:32:29'),
(9,'lopata', 'marka1', 9250.99, '2018-06-07 08:32:43'),
(10, 'kilof', 'marka1', 1250.99, '2018-06-07 08:32:54');


CREATE TABLE `users` (
  `user_id` int(11) NOT NULL,
  `login` text NOT NULL,
  `email` text NOT NULL,
  `haslo` text NOT NULL,
  `uprawnienia` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


INSERT INTO `users` (`user_id`, `login`, `email`, `haslo`, `uprawnienia`) VALUES
(0, 'admin', 'admin@interia.pl', '$2y$10$zzVLOlNOTyfoZBoGoHKdiOVGYr8qly3ga8CgE9YXPwWFmfmd0.nQ6', 'kierownik'),
(4, 'pracownik', 'pracownik@interia.pl', '$2y$10$yF0ITtf9lLKbu0F.JY6PTOrBORfYNKCJwG0TNxvbLFNwW7q5K8THa', 'pracownik'),
(5, 'Kierownik', 'kierownik@interia.pl', '$2y$10$TwdfSlN1munSqzggmJpcp.zy1h/7mZQIWrESBIKOKdsTtOqvivrxm', 'kierownik');


ALTER TABLE `Towar`
  ADD PRIMARY KEY (`Id`);


ALTER TABLE `users`
  ADD PRIMARY KEY (`user_id`);

ALTER TABLE `Faktury`
  ADD PRIMARY KEY (`Id_Faktury`);


ALTER TABLE `Faktury`
  MODIFY `Id_Faktury` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3;


ALTER TABLE `Towar`
  MODIFY `Id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=11;


ALTER TABLE `users`
  MODIFY `user_id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
COMMIT;


<?php
//----------------------------------
  session_start();


  require("polacz.php");

  $queryShow = 'SELECT * FROM Towar';
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
      <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">
  </head>
  <body class="fixed-nav sticky-footer bg-dark" id="page-top">

            <a href="logout.php">
            <i class="fas fa-sign-out-alt"></i> Logout</a>

        <?php
        if(isset($_SESSION['komunikat'])){
          echo '<div class="alert alert-danger error" role="alert"><strong>Komunikat!</strong> '. $_SESSION['komunikat'] . '</div>';
          unset($_SESSION['komunikat']);
        }
        ?>

              <table  width="100%" cellspacing="0" , bgcolor="white">
                <thead>
                  <tr>
				     <th>Id Towaru</th>
                    <th>Nazwa</th>
                    <th>Marka</th>
                    <th>Cena</th>
                    <th>Data dodania</th>
                    <th>Usuń</th>
                  </tr>
                </thead>

                <tbody>

                  <?php
                    $result = $connection->query($queryShow);
                    while ($row=$result->fetch_assoc()) {
                     $id = $row['Id'];
                    $nazwa = $row['Nazwa'];
                      $marka = $row['Marka'];
                      $cena = $row['Cena'];
                      $time = strtotime($row["data"]);
                      $rok = date('Y', $time);
                      $miesiac = date('m', $time);
                      $dzien = date('d', $time);
                     echo "<tr><td>$id</td> <td>$nazwa</td> <td>$marka</td> <td>$cena</td> <td>$rok/$miesiac/$dzien</td>";
                      if($_SESSION['uprawnienia'] == "kierownik"){
                      echo "<td><form action=\"php/funkcje.php\" method=\"post\"><button type=\"submit\" name=\"delete\"class=\"btn btn-danger btn-sm\" value=\"" . htmlspecialchars($id) . "\">DEL</button></form></td></tr>";}
                      else echo "</tr>";
                    }
                  ?>
                </tbody>
              </table>


   <?php if($_SESSION['uprawnienia'] == "pracownik"){ ?>
        <div class="container-fluid">
          <h3>Dodaj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                <input type="text" class="form-control" placeholder="Id" name="Id" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Nazwa" name="Nazwa" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="Marka" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="Cena" required>
              </div>
              <button type="submit" class="btn btn-primary" name="dodaj">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
  <?php } ?>

    <?php if($_SESSION['uprawnienia'] == "kierownik"){ ?>
        <div class="container-fluid">
          <h3>Dodaj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                     <input type="text" class="form-control" placeholder="Id" name="Id" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Nazwa" name="Nazwa" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="Marka" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="Cena" required>
              </div>
              <button type="submit" class="btn btn-primary" name="dodaj">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
  <?php } ?>
        <?php if($_SESSION['uprawnienia'] == "kierownik"){ ?>
        <!-- Formularz aktualizujący rekord w bazie -->
        <div class="container-fluid">
          <h3>Edytuj</h3>
          <form class="klasa" action="php/funkcje.php" method="POST">
            <div class="form-row">
              <div class="col">
                 <input type="text" class="form-control" placeholder="Id" name="Id" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Nazwa" name="Nazwa" required>
              </div>
              <div class="col">
                <input type="text" class="form-control" placeholder="Marka" name="Marka" required>
              </div>
              <div class="col">
                <input type="number" step="any" min="0" class="form-control" placeholder="cena" name="Cena" required>
              </div>
              <button type="submit" class="btn btn-primary" name="update">OK</button>
            </div>
          </form>
        </div>
        <br /><br />
      </div>
      <?php } ?>


    </div>
  </body>
</html>

<?php
//----------------------------------
  session_start();
    if ((isset($_SESSION['zalogowany'])) && ($_SESSION['zalogowany']==true))
  {
    header('Location: index2.php');
    exit();
  }
  require("polacz.php");
  $queryShow = 'SELECT * FROM Towar';
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Wypożyczyalnia</title>
      <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
    <link href="vendor/datatables/dataTables.bootstrap4.css" rel="stylesheet">

  </head>
  <body class="fixed-nav sticky-footer bg-dark" id="page-top">


           <form action="zaloguj.php" method="post">
          <div class="form-group">
            <label for="exampleInputLogin" color="white">Login pracownik lub kierownik</label>
            <input class="form-control" id="exampleInputLogin" type="text"  aria-describedby="loginHelp" name="login" placeholder="Podaj login" required>
          </div>
          <div class="form-group">
            <label for="exampleInputPassword1">Hasło Pracownik123 lub Kierownik123 odpowiednio</label>
            <input class="form-control" id="exampleInputPassword1" type="password" name="haslo" placeholder="Hasło" required>
          </div>
          <button class="btn btn-primary btn-block" type="submit">Login</button>
        </form>

		  <div class="text-center">
          <a class="d-block small mt-3" href="register.php">Zarejestruj się</a>
        </div>


              <table  width="100%" cellspacing="0" , bgcolor="white">
                <thead>
                  <tr>
                    <th>Id Towaru</th>
                    <th>Nazwa</th>
                    <th>Marka</th>
                    <th>Cena</th>
                    <th>Data dodania</th>

                  </tr>
                </thead>

                <tbody>

                  <?php
                    $result = $connection->query($queryShow);
                    while ($row=$result->fetch_assoc()) {
                      $id = $row['Id'];
                      $nazwa = $row['Nazwa'];
                      $marka = $row['Marka'];
                      $cena = $row['Cena'];
                      $time = strtotime($row["data"]);
                      $rok = date('Y', $time);
                      $miesiac = date('m', $time);
                      $dzien = date('d', $time);
                      echo "<tr><td>$id</td> <td>$nazwa</td> <td>$marka</td> <td>$cena</td> <td>$rok/$miesiac/$dzien</td>";
                    }
                  ?>
                </tbody>
              </table>

    </div>
  </body>
</html>

<?php
	//----------------------------------
		session_start();
		require("polacz.php");
	//----------------------------------


	/* ### DODAJ DO BAZY DANYCH ### */
	function Dodaj($connection) {

		// Escape user inputs for security
		$Id = mysqli_real_escape_string($connection, $_REQUEST['Id']);
		$Nazwa = mysqli_real_escape_string($connection, $_REQUEST['Nazwa']);
		$Marka = mysqli_real_escape_string($connection, $_REQUEST['Marka']);
		$Cena = mysqli_real_escape_string($connection, $_REQUEST['Cena']);

	    $sql = "INSERT INTO towar (Id, Nazwa, Marka, Cena) VALUES ('$Id', '$Nazwa', '$Marka', '$Cena')";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Dodano.";
		} else {
			$_SESSION['komunikat'] = "Nie dodano.";
		}

		mysqli_close($connection);
	}

	function Usun($connection) {

		// Escape user inputs for security
		$Id = mysqli_real_escape_string($connection, $_REQUEST['delete']);

	    $sql = "DELETE FROM towar WHERE Id=$Id";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Usunięto wiersz";
		} else {
			$_SESSION['komunikat'] = "Niepowodzenie usuwania";
		}

		mysqli_close($connection);
	}

	function Edytuj($connection)	{

		 $Id = mysqli_real_escape_string($connection, $_REQUEST['Id']);

		 $query = "SELECT * FROM towar where Id=$Id";
		 $result = mysqli_query($connection, $query);
		 while ($row=$result->fetch_assoc()) {
                  $id = $row['Id'];
                  $Nazwa = $row['Nazwa'];
                  $Marka = $row['Marka'];
                  $Cena = $row['Cena'];
        }

		if(!empty($_REQUEST['Nazwa'])) { $Nazwa = mysqli_real_escape_string($connection, $_REQUEST['Nazwa']); } else { $Nazwa = mysqli_real_escape_string($connection, $Nazwa); }
		if(!empty($_REQUEST['Marka'])) { $Marka = mysqli_real_escape_string($connection, $_REQUEST['Marka']); } else { $Marka = mysqli_real_escape_string($connection, $Marka); }
		if(!empty($_REQUEST['Cena']))  { $Cena = mysqli_real_escape_string($connection,  $_REQUEST['Cena']);  } else { $Cena  = mysqli_real_escape_string($connection, $Cena);  }

	    $sql = "UPDATE towar SET Nazwa='$Nazwa', Marka='$Marka', Cena='$Cena' WHERE Id=$Id";

		if(mysqli_query($connection, $sql) == True){
			$_SESSION['komunikat'] = "Pomyślna aktualizacja wierszu";
		} else {
			$_SESSION['komunikat'] = "Nie zaktualizowano wiersza.";
		}

		mysqli_close($connection);
	}


	/* ###   W ZALEŻNOŚCI OD KLIKNIĘTEGO BUTTONA WYKONAJ DANĄ FUNKCJE   ### */
	if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['dodaj'])) {
	    	Dodaj($connection);
		}
	else if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['delete'])) {
	    	Usun($connection);
		}
	else if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['update'])) {
	    	Edytuj($connection);
		}

	header('Location: ../index2.php');
?>

  <?php

    //Potrzebne dane do połączenia z bazą danych
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "Magazyn";

    $connection = new mysqli($servername, $username, $password, $dbname);

    if ($connection->connect_error) {
      die("Connection failed: " . $connection->connect_error);
    }
  ?>