opening home on forum load

istg gonna remove all of them after I submit this project to my teacher

.gitignore

@@ -1,3 +1,5 @@
 test.jpg
 panorama_render
 .vscode
+secret
+user_content/

autori.html

@@ -7,7 +7,7 @@
     <title>Fabrika Hrádek Tour</title>
     <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
 
-	<meta name="author" content="Smejkal, Suljakovic">
+	<meta name="author" content="Smejkal, Suljakovic, Somr">
 	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
 	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
 
@@ -18,20 +18,24 @@
     <script src="./res/autori/script.js"></script>
 </head>
 <body>
-    <button id="back_button" onclick="move('./index.html', true)">&#8701;</button>
+    <button id="back_button" onclick="move('./index.php', true)">&#8701;</button>
     <div id="autori_text">
-        Autoři tohoto projektu jsou Václav Šmejkal a Dino Suljakovič.
+        Autoři tohoto projektu jsou Václav Šmejkal, Dino Suljakovič a Jindřich Somr.
         <div id="centered">
-            <div id="dino">
-                <span class="nadpis">Dino:</span><br>
-                Člověk co se snaží něco dělat.<br>
-                Designér.
-            </div>
             <div id="vasek">
                 <span class="nadpis">Vašek:</span><br>
                 Profesionální <span id="sebedestrukce">sebevrah</span>, kriminálník, vandal.<br>
                 Autor většiny fotografií, programátor.
             </div>
+            <div id="dino">
+                <span class="nadpis">Dino:</span><br>
+                Člověk co se snaží něco dělat.<br>
+                Designér.
+            </div>
+            <div id="somr">
+                <span class="nadpis">Jindra:</span><br>
+                neco
+            </div>
         </div>
     </div>
 </body>

forum.php

@@ -0,0 +1,61 @@
+<?php
+
+include("./res/global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ./index.php");
+    return;
+}
+?>
+
+<!DOCTYPE html>
+<html lang="cs">
+<head>
+	<meta charset="UTF-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
+
+	<meta name="author" content="Smejkal, Suljakovic, Somr">
+	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
+	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
+
+    <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
+
+	<script src="./res/global.js"></script>
+	<link rel="stylesheet" href="./res/global.css">
+
+	<script src="./res/forum/script.js"></script>
+	<link rel="stylesheet" href="./res/forum/style.css">
+
+    <title>Fabrika Hrádek Tour</title>
+</head>
+<body onload="show('home')">
+    <button id="back_button" onclick="move('./index.php', true)">&#8701;</button>
+    <div id="main_panel">
+        <div id="upper_panel">
+			<?php
+				include("./res/global.php");
+
+				$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+				if ($out -> num_rows == 1)
+				{
+					echo '<img onclick="show(\'admin\')" src="./res/forum/images/admin.png" alt="Tlačítko adminského panelu">';
+				}
+			?>
+
+            <img onclick="show('user')" src="./res/forum/images/user.png" alt="Tlačítko nastavení profilu">
+            <img onclick="show('home')" src="./res/forum/images/home.png" alt="Tlačítko domovské stránky">
+        </div>
+    </div>
+</body>
+</html>

index.html

@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html lang="cs">
-<head>
-	<meta charset="UTF-8">
-	<meta http-equiv="X-UA-Compatible" content="IE=edge">
-	<meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
-
-	<meta name="author" content="Smejkal, Suljakovic">
-	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
-	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
-
-	<script src="./res/global.js"></script>
-	<link rel="stylesheet" href="./res/global.css">
-
-	<script src="./res/index/script.js"></script>
-	<link rel="stylesheet" href="./res/index/style.css">
-
-    <title>Fabrika Hrádek Tour</title>
-</head>
-<body onload="repeat_panorama(); change_slideshow_img();">
-	<nav id="nav_buttons">
-		<button class="tlacitko" onclick="move('./map.html', true)">Mapa</button>
-		<button class="tlacitko" onclick="move('https://earth.google.com/web/@49.71686994,13.64771387,395.10185485a,550.97177309d,35y,0h,0t,0r', false)">Google Earth</button>
-		<button class="tlacitko" onclick="move('./autori.html', true)">Autoři</button>
-	</nav>
-	<textarea id="textPole" placeholder="..." readonly>Železárny Hrádek u Rokycan jsou významným průmyslovým podnikem v České republice. Jejich historie sahá až do 16. století, kdy byla založena první huť. Specializovaly se na výrobu železa a oceli a byly známé svými kvalitními kovovými výrobky. Železárnám Hrádek byly v průběhu let prováděny stavební úpravy a modernizace, aby udržely krok s technologickým vývojem. Bohužel, v současnosti se železárny potýkají s problémy kvůli jejich majiteli Zdeňkovi Zemkovi. Zdeněk Zemek byl obviněn ze spáchání podvodů a obžalován státním zástupcem. Je třeba zajistit ochranu hodnoty a dědictví železáren Hrádek a obnovit důvěru ve spravedlivý průběh podnikání.</textarea>
-
-	<header><img src="//:0" id="slideshow" draggable="false" alt="Slideshow"></header>
-</body>
-</html>

index.php

@@ -0,0 +1,122 @@
+<?php
+session_start();
+?>
+<!DOCTYPE html>
+<html lang="cs">
+<head>
+	<meta charset="UTF-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
+
+	<meta name="author" content="Smejkal, Suljakovic, Somr">
+	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
+	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
+
+	<script src="./res/global.js"></script>
+	<link rel="stylesheet" href="./res/global.css">
+
+	<script src="./res/index/script.js"></script>
+	<link rel="stylesheet" href="./res/index/style.css">
+
+    <title>Fabrika Hrádek Tour</title>
+</head>
+<body onload="repeat_panorama(); change_slideshow_img();">
+	<nav id="nav_buttons">
+		<button class="tlacitko" onclick="move('./map.html', true)">Mapa</button>
+		<button class="tlacitko" onclick="move('https://earth.google.com/web/@49.71686994,13.64771387,395.10185485a,550.97177309d,35y,0h,0t,0r', false)">Google Earth</button>
+		<button class="tlacitko" onclick="move('./autori.html', true)">Autoři</button>
+
+		<div id="login_buttons">
+			<button class="tlacitko" onclick="show_login()">Přihlášení</button>
+			<button class="tlacitko" onclick="show_register()">Registrace</button>
+		</div>
+
+		<form method="post">
+			<input id="logout_button" class="tlacitko" type="submit" name="logout_button" value="Odhlásit se"></div>
+		</form>
+	</nav>
+	<div id="textPole">V roce 1900 byla v obci Hrádek, místní části Nová Huť, postavena železárna. Založení Železáren Hrádek se datuje do roku 1900, kdy tamní hamr zakoupil podnikatel Rudolf L. Hudlický. Rok nato zahájila provoz modernizovaná kujná huť, která vyráběla především železné nářadí pro zemědělce, zahradníky a horník. V průběhu let se areál rozrostl a byly zde postaveny další budovy, včetně válcovny, slévárny šedé litiny a v období 1912-1915 začal s výstavbou betonové konstrukce Siemens-martinské ocelárny podle návrhu architekta Stanislava Bechyně s přilehlou válcovací tratí. Po znárodnění v roce 1948 byly Železárny Hrádek zařazeny do národního podniku Spojené ocelárny. V současné době je majitelem Železáren Hrádek podnikatel Zdeněk Zemek. Jeho firma, Z-Group Steel Holding, sdružuje původně nezávislé železárny a válcovny ve Veselí nad Moravou, v Hrádku u Rokycan a v Chomutově. Nicméně, v posledních letech byly vzneseny obvinění, že Zemek vykrádá Železárny Hrádek. Tato obvinění se týkají jeho obchodních praktik a způsobu, jakým spravuje tyto železárny. Kritici tvrdí, že jeho vedení vedlo k finančním ztrátám a potenciálnímu poškození dlouhodobé udržitelnosti těchto historických průmyslových zařízení.</div>
+
+	<header><img src="//:0" id="slideshow" alt="Slideshow"></header>
+
+	<div id="login_pane">
+		<form method="post">
+			<div>Uživatelské jméno: <input type="text" minlength="4" maxlength="32" name="username" required><br></div>
+			<div>Heslo: <input type="password" name="password" required><br></div>
+			<div id="sub_btn_div"><input id="sub_btn" type="submit" name="sub"></div>
+		</form>
+	</div>
+
+	<div id="login_indicator">
+		<div id="login_indicator_text">Přihlášen jako:</div>
+		<button id="social_button" onclick="move('./forum.php', true)">Fórum</button>
+	</div>
+
+	<?php
+		include("./res/global.php");
+
+		//CHECK FOR LOGIN
+		if (isset($_SESSION["username"])) login(null);
+
+		if (isset($_POST["sub"]))
+		{
+			$safe_uname = mysqli_real_escape_string($database, $_POST["username"]);
+			$hashed_pass = hash("sha256", $_POST["password"]);
+
+			if (str_starts_with($_POST["sub"], "Registrovat"))
+			{
+				$failed = false;
+
+				$database -> query("INSERT INTO user_info (nickname) VALUES (\"" . $safe_uname . "\")");
+				$key_id_out = $database -> query("SELECT id FROM user_info WHERE nickname=\"" . $safe_uname . "\"");
+
+				try
+				{
+					$database -> query("INSERT INTO user (username, password, user_info) VALUES (\"" . $safe_uname . "\",\"" . $hashed_pass ."\", " . ($key_id_out -> fetch_assoc())["id"] . ")");
+				} catch (mysqli_sql_exception $e)
+				{
+					$failed = true;
+					$database -> query("DELETE FROM user_info WHERE nickname=\"" . $safe_uname . "\"");
+
+					echo "<script>alert(\"Při registraci došlo k chybě.\\n\\nZkontrolujte, zda-li Vaše uživatelské jmeno neobsahuje speciální znaky a zkuste to znovu.\");</script>";
+				}
+
+				if (!$failed) login($safe_uname);
+			} else
+			{
+				$res = $database -> query("SELECT username, password FROM user WHERE BINARY username=\"" . $safe_uname . "\" AND BINARY password = \"" . $hashed_pass . "\"");
+
+				if ($res -> num_rows == 1)
+				{
+					login($safe_uname);
+				} else
+				{
+					echo "<script>alert(\"Nesprávné uživatelské jméno nebo heslo.\");</script>";
+				}
+			}
+		}
+
+		if (isset($_POST["logout_button"]))
+		{
+			unset($_SESSION["username"]);
+			echo "<script>logout()</script>";
+		}
+
+		function login($uname)
+		{
+			global $database;
+
+			if ($uname != null)
+			{
+				$_SESSION["username"] = $uname;
+			} else
+			{
+				$uname = $_SESSION["username"];
+			}
+
+			if (($database -> query("SELECT username FROM user WHERE BINARY username=\"" . $uname . "\"")) -> num_rows == 1) echo "<script>set_login_uname(\"" . $uname . "\")</script>";
+		}
+	?>
+</body>
+</html>

map.html

@@ -7,7 +7,7 @@
     <title>Fabrika Hrádek Tour</title>
     <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
 
-	<meta name="author" content="Smejkal, Suljakovic">
+	<meta name="author" content="Smejkal, Suljakovic, Somr">
 	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
 	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
 
@@ -18,9 +18,9 @@
     <script src="./res/map/script.js"></script>
 </head>
 <body>
-    <button id="back_button" onclick="move('./index.html', true)">&#8701;</button>
+    <button id="back_button" onclick="move('./index.php', true)">&#8701;</button>
     <div class="imgbox">
-        <img class="center-fit" src="http://109.123.243.163/fht/map.jpg" draggable="false" alt="Satelitní snímek železáren">
+        <img class="center-fit" src="http://109.123.243.163/fht/map.jpg" alt="Satelitní snímek železáren">
     </div>
 </body>
 </html>

res/autori/style.css

@@ -14,10 +14,20 @@
     border-color: #3E392F;
     background: #6F7270;
     width: fit-content;
+    height: fit-content;
     padding: 1vh;
     border-radius: 0.5vh;
+
+    position: absolute;
+    top: 0;
+    right: 0;
+    bottom: 20vh;
+    left: 0;
     margin: auto;
-    margin-top: 30vh;
+
+    display: flex;
+    align-items: center;
+    flex-direction: column;
 }
 
 .nadpis
@@ -25,13 +35,19 @@
     font-weight: bold;
 }
 
-#dino
+#vasek
 {
     margin-left: auto;
     margin-right: 2vh;
 }
 
-#vasek
+#dino
+{
+    margin-right: 2vh;
+    margin-left: 2vh;
+}
+
+#somr
 {
     margin-right: auto;
     margin-left: 2vh;

res/forum/admin/admin.html

@@ -0,0 +1,58 @@
+<div id="panels">
+    <div id="left_panel">
+        Zde budou uživatelé.
+    </div>
+    <div id="right_panel">
+	<div id="buttons">
+            <button onclick="update()" class="btn">Uložit Změny</button>
+            <button onclick="remove_user()" class="btn">Odstranit Uživatele</button>
+         </div>
+    </div>
+</div>
+<script>
+    var right_panel_buffer = null;
+    var username = null;
+
+    $.ajax
+    ({
+        url: "./res/forum/api/list_users.php",
+        success: function(result)
+        {
+            let users = "";
+            for (let i in result.users)
+            {
+                users += "<div class=\"output\">" + result.users[i] + "</div>";
+            }
+
+            $("#left_panel").html(users);
+        }
+    });
+
+    $("#left_panel").on("click", ".output", function(event)
+    {
+        $("#buttons").show();
+        if (right_panel_buffer == null) right_panel_buffer = document.getElementById("right_panel").innerHTML;
+
+        username = event.target.innerHTML;
+
+        inject_info("#right_panel", username, right_panel_buffer);
+    });
+
+    function remove_user()
+    {
+        $.ajax
+        ({
+            url: "./res/forum/api/remove_user.php?username=" + username,
+            success: function(result)
+            {
+                //location.reload();
+                show("admin");
+            }
+        });
+    }
+
+    function update()
+    {
+        update_user(username, document.getElementById("username").value, document.getElementById("nickname").value, document.getElementById("admin").value, document.getElementById("sex").value,document.getElementById("bio").value, "admin");
+    }
+</script>

res/forum/admin/admin_selection.html

@@ -0,0 +1,4 @@
+<select class="editable" id="admin">
+    <option value="1">Ano</option>
+    <option value="0">Ne</option>
+</select>

res/forum/admin/sex_selection.html

@@ -0,0 +1,6 @@
+<select class="editable" id="sex">
+    <option value="0">Nespecifikováno</option>
+    <option value="1">Muž</option>
+    <option value="2">Žena</option>
+    <option value="9">Jiné</option>
+</select>

res/forum/api/archive_post.php

@@ -0,0 +1,26 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+if (!isset($_GET["username"])) return;
+if (!isset($_GET["post_id"])) return;
+
+$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
+$safe_post_id = mysqli_real_escape_string($database, $_GET["post_id"]);
+
+$id = (($database -> query("SELECT id FROM user WHERE username=\"" . $safe_username . "\"")) -> fetch_assoc())["id"];
+
+$database -> query("UPDATE post SET archived=1 WHERE author=" . $id . " AND photo_id=\"" . $safe_post_id . "\"");

res/forum/api/get_posts.php

@@ -0,0 +1,44 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+$out = $database -> query("SELECT title, description, photo_id, author FROM post WHERE archived=0 ORDER BY id DESC");
+
+$output = array();
+
+while (($res = $out -> fetch_assoc()))
+{
+    $buffer_array = array();
+
+    foreach ($res as $key => $value)
+    {
+        $buffer_array[$key] = $value;
+    }
+
+    $author_buffer = $database -> query("SELECT username FROM user WHERE id=" . $value);
+    if ($author_buffer -> num_rows == 1)
+    {
+        $buffer_array["username"] = ($author_buffer -> fetch_assoc())["username"];
+    } else
+    {
+        $buffer_array["username"] = "[odstraněn]";
+    }
+
+    array_push($output, $buffer_array);
+}
+
+header('Content-type: application/json');
+echo json_encode($output);

res/forum/api/get_username.php

@@ -0,0 +1,6 @@
+<?php
+
+session_start();
+
+header('Content-type: application/json');
+if (isset($_SESSION["username"])) echo json_encode(["username" => $_SESSION["username"]]);

res/forum/api/is_admin.php

@@ -0,0 +1,10 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+header('Content-type: application/json');
+
+if (!isset($_SESSION["username"])) return;
+
+echo json_encode(["admin" => ($database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=1")) -> num_rows == 1]);

res/forum/api/list_users.php

@@ -0,0 +1,29 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+
+$out = $database -> query("SELECT username FROM user ORDER BY id ASC");
+
+$output = array();
+
+while ($res = $out -> fetch_assoc())
+{
+    array_push($output, $res["username"]);
+}
+
+header('Content-type: application/json');
+echo json_encode(["users" => $output]);

res/forum/api/remove_user.php

@@ -0,0 +1,25 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+if (!isset($_GET["username"])) return;
+
+$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
+
+$user_info_id = (($database -> query("SELECT user_info FROM user WHERE BINARY username=\"" . $safe_username . "\"")) -> fetch_assoc())["user_info"];
+
+$database -> query("DELETE FROM user WHERE user_info=" . $user_info_id);
+$database -> query("DELETE FROM user_info WHERE id=" . $user_info_id);

res/forum/api/update_user.php

@@ -0,0 +1,35 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin, user_info FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if (!isset($_GET["old_username"])) return;
+
+$user = false;
+
+if ($out -> num_rows != 1 && $_GET["old_username"] != $_SESSION["username"])
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+} else if ($out -> num_rows != 1)
+{
+    $user = true;
+}
+
+$safe_old_username = mysqli_real_escape_string($database, $_GET["old_username"]);
+$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
+$safe_admin = mysqli_real_escape_string($database, $_GET["admin"]);
+$safe_sex = mysqli_real_escape_string($database, $_GET["sex"]); //fr
+$safe_bio = mysqli_real_escape_string($database, $_GET["bio"]);
+$safe_nickname = mysqli_real_escape_string($database, $_GET["nickname"]);
+
+$user_info_id = (($database -> query("SELECT user_info FROM user WHERE username=\"" . $safe_old_username . "\"")) -> fetch_assoc())["user_info"];
+
+if (!$user) $database -> query("UPDATE user SET username=\"" . $safe_username . "\", admin=" . $safe_admin . " WHERE user_info=" . $user_info_id);
+$database -> query("UPDATE user_info SET sex=" . $safe_sex . ", bio=\"" . $safe_bio . "\", nickname=\"" . $safe_nickname . "\" WHERE id=" . $user_info_id);

res/forum/api/upload_picture.php

@@ -0,0 +1,77 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin, id FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\"");
+
+if ($out -> num_rows != 1)
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+$status = 0;
+$supported_formats = array("jpg", "jpeg", "png", "webp");
+
+if (!isset($_FILES["file_upload"]))
+{
+    $status = 1;
+    goto send;
+}
+
+if (!isset($_POST["name"]))
+{
+    $status = 2;
+    goto send;
+}
+
+if (strlen($_POST["name"]) < 4)
+{
+    $status = 5;
+    goto send;
+}
+
+$file_format = strtolower(pathinfo($_FILES["file_upload"]["name"], PATHINFO_EXTENSION));
+
+if (!in_array($file_format, $supported_formats))
+{
+    $status = 3;
+    goto send;
+}
+
+$res = $out -> fetch_assoc();
+
+if (!$res["admin"])
+{
+    if ($_FILES["file_upload"]["size"] > 5 * 1024 * 1024)
+    {
+        $status = 4;
+        goto send;
+    }
+}
+
+$user_id = $res["id"];
+$dir = "../../../user_content/" . $user_id;
+
+if (!(file_exists($dir) && is_dir($dir)))
+{
+    mkdir($dir);
+}
+
+$safe_name = mysqli_real_escape_string($database, $_POST["name"]);
+$safe_desc = isset($_POST["desc"]) ? mysqli_real_escape_string($database, $_POST["desc"]) : null;
+
+$photo_id = count(glob($dir . "/*")) . "." . $file_format;
+
+$database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", \"" . $photo_id . "\")");
+
+move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id);
+
+send:
+header('Content-type: application/json');
+echo json_encode(["status" => $status]);

res/forum/api/user_info.php

@@ -0,0 +1,33 @@
+<?php
+
+include("../../global.php");
+session_start();
+
+if (!isset($_SESSION["username"])) goto fail;
+
+$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
+
+if (!isset($_GET["username"])) return;
+
+if ($out -> num_rows != 1 && $_GET["username"] != $_SESSION["username"])
+{
+    fail:
+    echo "nope";
+    header("Location: ../../../index.php");
+    return;
+}
+
+$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
+
+$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $safe_username . "\"");
+
+$output = array();
+$res = $out -> fetch_assoc();
+
+foreach ($res as $key => $value)
+{
+    $output[$key] = $value;
+}
+
+header('Content-type: application/json');
+echo json_encode($output);

res/forum/home/home.html

@@ -0,0 +1,152 @@
+<button onclick="show_upload_popup()" class="btn" id="upload_btn">Nahrát</button>
+
+<div id="upload_popup">
+    <div>Název: <input type="text" name="name" minlength="4" maxlength="16"></div>
+    <div>Popis: <input type="text" name="desc" maxlength="192"></div>
+
+    <div><label for="file_upload" class="btn">Zvolte Soubor</label></div>
+    <div><input type="file" name="file_upload" id="file_upload" style="display:none;"></div>
+    <div><button onclick="upload()" type="submit" class="btn" id="upload_popup_sub">Zveřejnit</button></div>
+</div>
+<div id="image_popup">
+    <img id="image_popup_img" src="//:0">
+    <img id="close_btn" onclick="close_image()" src="./res/forum/images/close.png" alt="Tlačítko pro zavření obrázku">
+</div>
+<div id="moderation_popup">
+    <div id="moderation_post_title">A</div>
+    <button class="btn" id="archive_btn">Archivovat příspěvek</button>
+</div>
+<div id="posts"></div>
+
+<script>
+    $.ajax
+    ({
+        url: "./res/forum/api/get_posts.php",
+        success: async function(result)
+        {
+            let am_i_admin = await is_admin();
+
+            for (let i in result)
+            {
+                $("#posts").append
+                (
+                    "<div class=\"post\">" +
+                        "<div class=\"post_image\">" +
+                            "<img src=\"" + "http://109.123.243.163/user_content/" + result[i].author + "/" + result[i].photo_id + "\"></img>" +
+                        "</div>" +
+
+                        "<div class=\"post_info\">" +
+                            "<div>Název: <span class=\"post_name\">" + result[i].title + "</span></div>" +
+                            "<div>Autor: <span class=\"post_author\">" + result[i].username + "</span></div>" +
+                            ((result[i].description != null) ? "<div class=\"post_desc\">Popis: <div class=\"post_desc_text\">" + result[i].description + "</div></div>" : "") +
+                        "</div>" +
+                        ((am_i_admin) ? "<img class=\"post_options\" alt=\"Zobrazení možností příspěvku\" src=\"./res/forum/images/post_options.png\">" : "") +
+                    "</div>"
+                );
+            }
+        }
+    });
+
+    function show_upload_popup()
+    {
+        if ($("#upload_popup").css("display") == "flex")
+        {
+            $("#upload_popup").css("display", "none");
+        } else
+        {
+            $("#upload_popup").css("display", "flex");
+        }
+    }
+
+    function upload()
+    {
+        let formData = new FormData();
+
+        formData.append('file_upload', $('#file_upload')[0].files[0]);
+        if ($('input[name="name"]').val().trim() != "") formData.append('name', $('input[name="name"]').val());
+        if ($('input[name="desc"]').val().trim() != "") formData.append('desc', $('input[name="desc"]').val());
+
+        $.ajax
+        ({
+            url : './res/forum/api/upload_picture.php',
+            type : 'POST',
+            data : formData,
+            processData: false,
+            contentType: false,
+            success : function(result)
+            {
+                switch (result.status)
+                {
+                    case 0:
+                        show("home");
+                        break;
+
+                    case 1:
+                        alert("Nebyl nahrán soubor!\nToto může znamenat že se snažíte nahrát soubor větší než 50MB!");
+                        break;
+
+                    case 2:
+                        alert("Nebyl vyplněn název příspěvku!");
+                        break;
+
+                    case 3:
+                        alert("Neplatný formát!");
+                        break;
+
+                    case 4:
+                        alert("Příliš velký obrázek!\nMaximální velikost je 5MB!");
+                        break;
+
+                    case 5:
+                        alert("Název musí být dlouhý alespoň 4 znaky!");
+                        break;
+                }
+            }
+        });
+    }
+
+    $(document).on("click", ".post_image", function(event)
+    {
+        $("#image_popup").css("display", "flex");
+        $("#image_popup").children("#image_popup_img").attr("src", $(this).children("img").attr("src"));
+        $("#image_popup").children("#image_popup_img").attr("alt", $(this).parent(".post").children(".post_info").children("div").children(".post_name").html());
+    });
+
+    $("#posts").on("click", ".post_options", function(event)
+    {
+        let post_author = $(this).parent(".post").children(".post_info").children("div").children(".post_author").html();
+        let post_title = post_author + " - " + $(this).parent(".post").children(".post_info").children("div").children(".post_name").html();
+
+        if ($("#moderation_post_title").html() !== post_title)
+        {
+            $("#moderation_popup").css("display", "flex");
+            $("#moderation_post_title").html(post_title);
+
+            let post_id_buffer = $(this).parent(".post").children(".post_image").children("img").attr("src").split("/");
+            let post_id = post_id_buffer[post_id_buffer.length - 1];
+
+            $("#archive_btn").attr("onclick", "archive_post(\"" + post_id + "\", \"" + post_author + "\")");
+        } else
+        {
+            $("#moderation_popup").css("display", "none");
+            $("#moderation_post_title").html("");
+        }
+    });
+
+    function close_image()
+    {
+        $("#image_popup").css("display", "none");
+    }
+
+    function archive_post(post_id, author)
+    {
+        $.ajax
+        ({
+            url: "./res/forum/api/archive_post.php?username=" + author + "&post_id=" + post_id,
+            success: function()
+            {
+                show("home");
+            }
+        });
+    }
+</script>

res/forum/script.js

@@ -0,0 +1,91 @@
+let main_panel_buffer = null;
+
+function show(file)
+{
+    if (main_panel_buffer == null) main_panel_buffer = document.getElementById("main_panel").innerHTML;
+
+    $.ajax
+    ({
+        url: "./res/forum/" + file + "/" + file + ".html",
+        dataType: "html",
+        success: function(data)
+        {
+            $("#main_panel").html(main_panel_buffer + data);
+        }
+    });
+}
+
+function selection(type, value)
+{
+    return new Promise(function(resolve)
+    {
+        $.ajax
+        ({
+            url: "./res/forum/admin/" + type + "_selection.html",
+            dataType: "html",
+            success: function(result)
+            {
+                resolve(result.replace("value=\"" + value, "selected value=\"" + value));
+            }
+        })
+    });
+}
+
+async function inject_info(id, username, postfix)
+{
+    let am_i_admin = await is_admin();
+
+    $.ajax
+    ({
+        url: "./res/forum/api/user_info.php?username=" + username,
+        success: async function(result)
+        {
+            let admin_select = await selection("admin", result.admin);
+            let sex_select = await selection("sex", result.sex);
+
+            let output =
+            ((am_i_admin) ? `Uživatelské jméno: <input id="username" class="editable" type="text" value="${result.username}"><br>` : ``) +
+             `Přezdívka: <input id="nickname" class="editable" type="text" value="${result.nickname}"><br>` +
+             ((am_i_admin) ? `Admin: ${admin_select}<br>` : ``) +
+             `Pohlaví: ${sex_select}<br>
+             Bio: <input id="bio" class="editable" type="text" value="${result.bio}"><br>`;
+
+            $(id).html(output + postfix);
+        }
+    });
+}
+
+async function update_user(old_username, username, nickname, admin, sex, bio, refresh)
+{
+    let am_i_admin = await is_admin();
+
+    $.ajax
+    ({
+        url: "./res/forum/api/update_user.php" +
+        "?old_username=" + old_username +
+        "&nickname=" + nickname +
+        "&sex=" + sex +
+        "&bio=" + bio +
+        ((am_i_admin) ? "&username=" + username +
+        "&admin=" + admin : ""),
+        success: function(result)
+        {
+            show(refresh);
+        }
+    });
+}
+
+function is_admin()
+{
+    return new Promise(function(resolve)
+    {
+        $.ajax
+        ({
+            url: "./res/forum/api/is_admin.php",
+            success: function(result)
+            {
+                resolve(result.admin);
+            }
+        })
+    });
+}

res/forum/style.css

@@ -0,0 +1,376 @@
+*
+{
+    font-size: 2vh;
+}
+
+body
+{
+    display: flex;
+    justify-content: center;
+}
+
+#main_panel
+{
+    position: absolute;
+    width: 130vh;
+    height: 95vh;
+
+    background: #6F7270;
+
+    border: 1px solid #3E392F;
+    border-radius: 0.4vh 0.4vh;
+
+    margin-top: 1.5vh;
+    overflow-y: auto;
+}
+
+::-webkit-scrollbar
+{
+    width: 0.75vh;
+}
+
+::-webkit-scrollbar-track
+{
+    background-color: #C1BFBE;
+}
+
+::-webkit-scrollbar-thumb
+{
+    background-color: #888;
+}
+
+::-webkit-scrollbar-thumb, ::-webkit-scrollbar-track
+{
+    border-radius: 5vh 5vh;
+}
+
+::-webkit-scrollbar-thumb:hover
+{
+    background-color: #555;
+}
+
+#upper_panel
+{
+    margin-left: auto;
+
+    border: 1px solid #3E392F;
+    border-right: none;
+    border-top: none;
+    border-bottom-left-radius: 0.4vh 0.4vh;
+
+    display: flex;
+    justify-content: end;
+    padding: 0.25vh;
+
+    width: fit-content;
+    height: 2vh;
+}
+
+#upper_panel *
+{
+    border-collapse: collapse;
+}
+
+#upper_panel img + img
+{
+    margin-left: 0.25vh;
+}
+
+#upper_panel img:hover, #close_btn:hover
+{
+    filter: invert(10%);
+}
+
+#panels
+{
+    display: flex;
+    height: 88.5vh;
+}
+
+#left_panel, #right_panel
+{
+    width: 50%;
+    height: 100%;
+
+    padding: 2vh;
+}
+
+#left_panel
+{
+    border-right: 1px solid #3E392F;
+}
+
+.output + .output
+{
+    margin-top: 1.5vh;
+}
+
+.output:hover
+{
+    filter: invert(10%);
+}
+
+#buttons
+{
+    position: absolute;
+    bottom: 0.3vh;
+    right: 0.3vh;
+    display: none;
+}
+
+.btn
+{
+    width: fit-content;
+
+    padding: 0.3vh;
+    padding-left: 0.9vh;
+    padding-right: 0.9vh;
+
+    background-color: #9E6812;
+    border: 1px solid #3E392F;
+    color: #C1BFBE;
+    border-radius: 0.3vh 0.3vh;
+}
+
+.editable
+{
+    background-color: #9E6812;
+    border: 1px solid #3E392F;
+    color: #C1BFBE;
+    border-radius: 0.3vh 0.3vh;
+}
+
+#info_pane
+{
+    position: absolute;
+
+    width: fit-content;
+    height: fit-content;
+    margin: 0 auto;
+    padding: 5vh;
+
+    left: 0;
+    right: 0;
+    top: 0;
+    bottom: 0;
+    margin: auto;
+}
+
+#info_pane *
+{
+    padding: 0.5vh;
+}
+
+#save_btn
+{
+    margin-top: 2vh;
+}
+
+#upload_btn
+{
+    /*position: absolute;*/
+    padding-top: 1vh;
+    padding-bottom: 1vh;
+}
+
+#upload_popup
+{
+    z-index: 8;
+    position: absolute;
+    display: none;
+
+    flex-direction: column;
+    align-items: start;
+
+    width: fit-content;
+    height: fit-content;
+    padding: 2vh;
+
+    border: solid 1px #3E392F;
+    border-radius: 0.5vh 0.5vh;
+    background: #6F7270;
+
+    left: 0;
+    right: 0;
+    top: 0;
+    bottom: 0;
+    margin: auto;
+}
+
+#upload_popup div + div
+{
+    margin-top: 2vh;
+}
+
+#upload_popup input
+{
+    margin-top: 1vh;
+    border: 1px solid #3E392F;
+    border-radius: 0.5vh 0.5vh;
+
+    background-color: #C1BFBE;
+}
+
+#file_upload_style
+{
+    margin-top: 200vh;
+}
+
+#posts
+{
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    width: fit-content;
+    height: fit-content;
+    align-self: center;
+
+    margin-left: auto;
+    margin-right: auto;
+}
+
+.post
+{
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    align-self: flex-start;
+    width: 100%;
+}
+
+.post + .post
+{
+    border-top: 1px dotted #3E392F;
+}
+
+.post_info
+{
+    padding-left: 5vh;
+
+    display: flex;
+    flex-direction: column;
+    align-items: start;
+}
+
+.post_info *
+{
+    padding: 0.2vh;
+}
+
+.post_image
+{
+    padding-top: 0.25vh;
+    padding-bottom: 0.25vh;
+    width: 20vh;
+}
+
+.post img
+{
+    max-height: 20vh;
+    max-width: 20vh;
+    display: block;
+    margin-left: auto;
+}
+
+.post img:hover
+{
+    filter: invert(10%);
+}
+
+.post_desc
+{
+    display: flex;
+    flex-direction: column;
+    padding-top: 1vh;
+    width: 25vw;
+}
+
+.post_desc_text
+{
+    height: fit-content;
+    max-height: 15vh;
+    overflow-y: auto;
+    padding-left: 1vw;
+}
+
+#image_popup
+{
+    z-index: 9;
+    position: absolute;
+
+    padding: 2.625vh;
+
+    width: fit-content;
+    height: fit-content;
+
+    max-height: 80%;
+    max-width: 80%;
+
+    left: 0;
+    right: 0;
+    top: 0;
+    bottom: 0;
+    margin: auto;
+
+    border: solid 1px #3E392F;
+    border-radius: 0.5vh 0.5vh;
+    background-color: #555;
+
+    display: none;
+    justify-content: center;
+}
+
+#image_popup img
+{
+    max-width: 100%;
+    max-height: 100%;
+
+    object-fit: scale-down;
+}
+
+#close_btn
+{
+    position: absolute;
+    top: 0;
+    right: 0;
+    height: 2vh;
+    padding: 0.25vh;
+
+    border: 1px solid #3E392F;
+    border-right: none;
+    border-top: none;
+}
+
+.post_options
+{
+    height: 2vh;
+}
+
+#moderation_popup
+{
+    z-index: 10;
+    position: absolute;
+    display: none;
+
+    flex-direction: column;
+    align-items: center;
+
+    width: fit-content;
+    height: fit-content;
+    padding: 2vh;
+
+    border: solid 1px #3E392F;
+    border-radius: 0.5vh 0.5vh;
+    background: #6F7270;
+
+    left: 0;
+    right: 0;
+    top: 0;
+    bottom: 0;
+    margin: auto;
+}
+
+#moderation_post_title
+{
+    margin-bottom: 1vh;
+}

res/forum/user/user.html

@@ -0,0 +1,27 @@
+<div id="info_pane">
+    <button onclick="update()" id="save_btn" class="btn">Uložit Změny</button>
+</div>
+<script>
+    var button_buffer = document.getElementById("info_pane").innerHTML;
+
+    $.ajax
+    ({
+        url: "./res/forum/api/get_username.php",
+        success: function(result)
+        {
+            inject_info("#info_pane", result.username, button_buffer);
+        }
+    })
+
+    function update()
+    {
+        $.ajax
+        ({
+            url: "./res/forum/api/get_username.php",
+            success: function(result)
+            {
+                update_user(result.username, null, document.getElementById("nickname").value, null, document.getElementById("sex").value,document.getElementById("bio").value, "user");
+            }
+        });
+    }
+</script>

res/global.css

@@ -30,3 +30,13 @@ body
     font-family: monospace;
     text-shadow: 1px 1px #4D2B09;
 }
+
+img
+{
+    user-drag: none;
+    -webkit-user-drag: none;
+    user-select: none;
+    -moz-user-select: none;
+    -webkit-user-select: none;
+    -ms-user-select: none;
+}

res/global.php

@@ -0,0 +1,5 @@
+<?php
+
+$secret = fopen("./secret", "r");
+$database = mysqli_connect("109.123.243.163", "fht", fgets($secret), "fht");
+fclose($secret);

res/index/script.js

@@ -1,37 +1,85 @@
 //let imgs_index = [ 59, 58, 56, 55, 54, 67, 66, 64, 61, 60 ];
 let imgs_index = [ 54, 55, 56, 57, 58, 59, 60, 61, 62, 63 ];
-let imgs_index_2 = [];
-let last_index = -1;
+let last_index = imgs_index.length - 1;
+
+let login_clicked = false;
+let register_clicked = false;
 
 function change_slideshow_img()
 {
-    let buffer = (imgs_index === undefined || imgs_index.length === 0) ? imgs_index_2 : imgs_index;
-    let random_index = 5;
+    if (last_index == imgs_index.length - 1)
+    {
+        let first_index = imgs_index[0];
 
         do
         {
-        random_index = Math.floor(Math.random() * buffer.length);
-        //console.log("A");
-    } while (buffer[random_index] == last_index);
+            imgs_index.sort(() => Math.random() - 0.5);
+        } while (first_index == imgs_index[0]);
 
-    document.getElementById("slideshow").src = "http://109.123.243.163/fht/fabrika_imgs/downscaled/" + buffer[random_index] + ".jpg";
-
-    if (imgs_index.includes(buffer[random_index]))
-    {
-        imgs_index_2.push(buffer[random_index]);
-        imgs_index.splice(random_index, 1);
-    } else
-    {
-        imgs_index.push(buffer[random_index]);
-        imgs_index_2.splice(random_index, 1);
+        last_index = 0;
     }
 
-    //console.log(buffer[random_index] + "\n" + last_index + "\n\n");
-
-    last_index = buffer[random_index];
+    document.getElementById("slideshow").src = "http://109.123.243.163/fht/fabrika_imgs/downscaled/" + imgs_index[last_index++] + ".jpg";
 }
 
 function repeat_panorama()
 {
     setInterval(change_slideshow_img, 3000);
 }
+
+function show_login()
+{
+    if (!login_clicked)
+    {
+        document.getElementById("sub_btn").value = "Přihlásit se";
+        document.getElementById("login_pane").style.visibility = "visible";
+    } else
+    {
+        document.getElementById("login_pane").style.visibility = "hidden";
+    }
+
+    login_clicked = !login_clicked;
+    register_clicked = false;
+}
+
+function show_register()
+{
+    if (!register_clicked)
+    {
+        document.getElementById("sub_btn").value = "Registrovat se";
+        document.getElementById("login_pane").style.visibility = "visible";
+    } else
+    {
+        document.getElementById("login_pane").style.visibility = "hidden";
+    }
+
+    register_clicked = !register_clicked;
+    login_clicked = false;
+}
+
+function set_login_uname(uname)
+{
+    if (document.getElementById("login_indicator").style.visibility == "visible") return;
+
+    document.getElementById("login_indicator").style.visibility = "visible";
+    document.getElementById("login_indicator_text").innerText += " " + uname;
+
+    document.getElementById("login_buttons").style.display = "none";
+    document.getElementById("logout_button").style.display = "inline";
+}
+
+function logout()
+{
+    document.getElementById("login_buttons").style.display = "inline";
+    document.getElementById("logout_button").style.display = "none";
+    document.getElementById("login_indicator").style.display = "none";
+}
+
+document.addEventListener("keypress", function(event)
+{
+    if (event.key == "Enter" && document.getElementById("login_pane").style.display == "visible")
+    {
+        event.preventDefault();
+        document.getElementById("sub_btn").click();
+    }
+});

res/index/style.css

@@ -6,6 +6,7 @@ body
     -o-background-size: cover;
     background-size: cover;
     user-select: none;
+    overflow: hidden;
 }
 
 #textPole
@@ -16,10 +17,36 @@ body
     border-radius: 0.5vh;
     font-size: 1.7vh;
     user-select: none;
-    border-color: #3E392F;
+    border: 1px solid #3E392F;
     background: #6F7270;
     color: #C1BFBE;
     padding: 1vh;
+    overflow-y: scroll;
+}
+
+::-webkit-scrollbar
+{
+    width: 0.75vh;
+}
+
+::-webkit-scrollbar-track
+{
+    background-color: #C1BFBE;
+}
+
+::-webkit-scrollbar-thumb
+{
+    background-color: #888;
+}
+
+::-webkit-scrollbar-thumb, ::-webkit-scrollbar-track
+{
+    border-radius: 5vh 5vh;
+}
+
+::-webkit-scrollbar-thumb:hover
+{
+    background-color: #555;
 }
 
 #nav_buttons
@@ -34,7 +61,7 @@ body
 
 .tlacitko
 {
-    color: #C1BFBE;;
+    color: #C1BFBE;
     background: #9E6812;
     border-color: #4D2B09;
     margin-bottom: 1vh;
@@ -55,3 +82,90 @@ body
     border-top-left-radius: 0.7vh;
     filter: drop-shadow(-0.5vh -0.5vh 1vh black);
 }
+
+#login_pane
+{
+    position: relative;
+    visibility: hidden;
+
+    display: flex;
+    flex-direction: column;
+    align-items:center;
+
+    width: fit-content;
+    height: auto;
+    margin: 0 auto;
+    padding: 5vh;
+    position: relative;
+
+    border: solid 1px #3E392F;
+    border-radius: 0.5vh 0.5vh;
+    background: #6F7270;
+}
+
+#login_pane *
+{
+    padding: 1vh;
+
+    display: flex;
+    flex-direction: column;
+    align-items:center;
+
+    font-size: 2vh;
+}
+
+#login_pane input
+{
+    margin-top: 1vh;
+    border: 1px solid #3E392F;
+    border-radius: 0.5vh 0.5vh;
+
+    background-color: #C1BFBE;
+}
+
+#sub_btn
+{
+    padding-right: 2vh;
+    padding-left: 2vh;
+}
+
+#login_buttons, #logout_button
+{
+    margin-top: 5vh;
+}
+
+#login_buttons *
+{
+    width: 17vh;
+}
+
+#logout_button
+{
+    display: none;
+}
+
+#login_indicator
+{
+    visibility: hidden;
+    position: fixed;
+    top: 0;
+    right: 0;
+
+    margin: 0.5vh;
+    padding: 1vh;
+
+    border: 1px #3E392F solid;
+    background: #6F7270;
+    border-radius: 0.3vh 0.3vh;
+}
+
+#social_button
+{
+    width: 100%;
+    padding: 0.3vh;
+    margin-top: 0.2vh;
+    background-color: #9E6812;
+    border: 1px solid #3E392F;
+    color: #C1BFBE;
+    border-radius: 0.3vh 0.3vh;
+}

res/panorama.html

@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <link rel="icon" type="image/x-icon" href="http://109.123.243.163/fht/favicon.ico">
 
-	<meta name="author" content="Smejkal, Suljakovic">
+	<meta name="author" content="Smejkal, Suljakovic, Somr">
 	<meta name="description" content="Průvodce Hrádeckou Fabrikou">
 	<meta name="keywords" content="Foto, Old, Abandoned, Creepy, Panorama">
 

res/panorama/script.js

@@ -127,7 +127,7 @@ function check_param()
     if (img_url == null || x == null || y == null)
     {
         alert("This link seems to be corrupted!");
-        open("../index.html", "_self");
+        open("../index.php", "_self");
     }
 
     img_url = 'http://109.123.243.163/fht/fabrika_imgs/downscaled/' + img_url + '.jpg'; //TODO: Change