first commit

2025-04-30 23:59:49 +02:00
commit 652863d54f
117 changed files with 12276 additions and 0 deletions
--- a/autoload/controls/.htaccess
+++ b/autoload/controls/.htaccess
@@ -0,0 +1,9 @@
+
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.php [L]
+</IfModule>
--- a/autoload/controls/class.Apanel.php
+++ b/autoload/controls/class.Apanel.php
@@ -0,0 +1,205 @@
+<?
+
+namespace controls;
+
+class Apanel
+{
+  static public function login_view()
+  {
+    if (\S::get_session('user'))
+    {
+      header('Location: /apanel/main_view/');
+    }
+    else
+    {
+      return \Tpl::view('admin-panel/login');
+    }
+  }
+
+  static public function main_view()
+  {
+    global $mdb;
+    $ordersArr = $mdb->query('SELECT id, name, surname, email, order_price, date_added, payment_status, used_ticket  FROM orders')->fetchAll(\PDO::FETCH_ASSOC);
+
+
+    return \Tpl::view('admin-panel/main-view', [
+      'orders' => $ordersArr
+    ]);
+  }
+
+  static public function order_data()
+  {
+    global $mdb;
+    $clientId = $_GET['id'];
+    $orderTickets = $mdb->query('SELECT * FROM order_tickets WHERE order_id =' . $clientId)->fetchAll(\PDO::FETCH_ASSOC);
+    $orderInfo = $mdb->select('orders', '*', ['id' => $clientId]);
+
+    \S::del_session('user_orders');
+    \S::set_session('user_orders', $orderTickets);
+
+    return \Tpl::view('admin-panel/order-data', [
+      'order_tickets' => $orderTickets,
+      'order_info' => $orderInfo,
+    ]);
+  }
+
+  static public function login_check()
+  {
+    global $settings;
+    $writingPassword = trim($_POST['admin_password']);
+
+    if ($writingPassword == $settings['admin-password'])
+    {
+      \S::set_session('user', true);
+      header('Location: /scanner/scanner_view/');
+    }
+    else
+    {
+      header('Location: /apanel/login_view/');
+    }
+    exit;
+  }
+
+  static public function unlogin()
+  {
+    \S::del_session("user");
+    header('Location: /apanel/login_view/');
+
+    exit;
+  }
+
+  //* Increment ticket
+  static public function ticket_inc()
+  {
+    $basket = \S::get_session('user_orders');
+
+    $ticket_id = \S::get('ticket_id');
+
+    if ($basket[$ticket_id])
+    {
+      $basket[$ticket_id]['quantity']++;
+    }
+    else
+    {
+      $basket[$ticket_id]['quantity'] = 1;
+    }
+
+
+    $basket = \factory\Apanel::recalculate_ticket_protection( $basket );
+    $basket = \factory\Apanel::check_delivery( $basket );
+
+    \S::set_session( 'user_orders', $basket );
+
+    echo json_encode([
+      'basket_form' => \Tpl::view('admin-panel/order-data-table', [
+        'order_tickets' => $basket
+      ]),
+      'order_summ' => \Tpl::view('admin-panel/order-summary', [
+        'order_tickets' => $basket
+      ]),
+    ]);
+
+    exit;
+  }
+
+  //* Decrement ticket
+  static public function ticket_dec()
+  {
+    $basket = \S::get_session('user_orders');
+
+    $ticket_id = \S::get('ticket_id');
+
+    $basket[$ticket_id]['quantity']--;
+
+    if ( $basket[$ticket_id]['quantity'] == 0 )
+    {
+      unset($basket[$ticket_id]);
+    }
+
+    $basket = \factory\Apanel::recalculate_ticket_protection( $basket );
+    $basket = \factory\Apanel::check_delivery( $basket );
+
+    \S::set_session('user_orders', $basket);
+
+    echo json_encode([
+      'basket_form' => \Tpl::view('admin-panel/order-data-table', [
+        'order_tickets' => $basket
+      ]),
+      'order_summ' => \Tpl::view('admin-panel/order-summary', [
+        'order_tickets' => $basket
+      ]),
+    ]);
+
+    exit;
+  }
+
+  //* Remove ticket
+  static public function ticket_rem()
+  {
+    $basket = \S::get_session('user_orders');
+
+    $ticket_id = \S::get('ticket_id');
+
+    unset($basket[$ticket_id]);
+
+    $basket = \factory\Apanel::recalculate_ticket_protection( $basket );
+    $basket = \factory\Apanel::check_delivery( $basket );
+
+    \S::set_session('user_orders', $basket);
+
+    echo json_encode([
+      'basket_form' => \Tpl::view('admin-panel/order-data-table', [
+        'order_tickets' => $basket
+      ]),
+      'order_summ' => \Tpl::view('admin-panel/order-summary', [
+        'order_tickets' => $basket
+      ]),
+    ]);
+
+    exit;
+  }
+
+  //* Save new tickets list
+  static public function ticket_save()
+  {
+    global $mdb;
+
+    $order_id = \S::get('order_id');
+    $payment_status =  \S::get( 'payment_status' );
+    $basket = \S::get_session('user_orders');
+    $order_price = 0;
+
+    $mdb -> delete('order_tickets',['order_id' => $order_id]);
+
+    foreach ($basket as $key => $value)
+    {
+      $order_price += $value['price'] * $value['quantity'];
+      //* Zapisywanie do DB bilety
+      $mdb->insert('order_tickets', [
+        'order_id' => $order_id,
+        'product_id' => $value['product_id'],
+        'name' => $value['name'],
+        'quantity' => $value['quantity'],
+        'price' => trim($value['price']),
+        'date_visit' => $value['date_visit'],
+        'date_added' => $value['date_added']
+      ]);
+    }
+    $mdb->update('orders', ['order_price' => $order_price, 'payment_status' => $payment_status ], ['id' => $order_id]);
+
+    exit;
+  }
+
+  static public function order_delete()
+  {
+    global $mdb;
+
+    $order_id = \S::get('order_id');
+
+    $mdb->delete('order_tickets', ['order_id' => $order_id]);
+    $mdb->delete('orders', ['id' => $order_id]);
+
+    header( 'Location: /apanel/main_view/' );
+    exit;
+  }
+}
--- a/autoload/controls/class.Cron.php
+++ b/autoload/controls/class.Cron.php
@@ -0,0 +1,9 @@
+<?php
+namespace controls;
+class Cron
+{
+  public static function main_view()
+  {
+    return \view\Cron::main_view();
+  }
+}
--- a/autoload/controls/class.Scanner.php
+++ b/autoload/controls/class.Scanner.php
@@ -0,0 +1,89 @@
+<?php
+namespace controls;
+
+class Scanner
+{
+  static public function scanner_view()
+  {
+    if ( !\S::get_session('user') )
+      return \Tpl::view('admin-panel/login');
+
+    return \Tpl::view( 'tickets/scanner-view');
+  }
+
+  static public function scanner_get_data() {
+    $ticketHash = \S::get( 'scannerData' );
+    $ticketData = \factory\Tickets::get_order_details_by_hash( $ticketHash );
+
+    $dateNow = date('Y-m-d');
+    $datePay = date("Y-m-d", strtotime($ticketData['payment_date']));
+    $dateInterval = abs(strtotime($dateNow) - strtotime($datePay));
+    $dateInterval = round($dateInterval / 86400, 1);
+
+    if ($ticketData) {
+      $message = '</br>';
+      $message .= '<strong><p style="font-size: 25px; margin-bottom: 0;">Status płatności: </p></strong>';
+      $message .= '<strong><p style="font-size: 25px;">';
+      $message .= $ticketData['payment_status'] ? '<span class="c_green">Zapłacono</span>' : '<span class="c_red">Nie zapłacono</span>';
+      $message .= '</p></strong>';
+      $message .= '<hr>';
+      $message .= '<strong><p style="font-size: 25px; margin-bottom: 0;">Status biletu: </p></strong>';
+      $message .= '<strong><p style="font-size: 25px; margin-bottom: 0;"';
+      if($dateInterval > 30 and !$ticketData['used_ticket']){
+        $message .= '<span class="c_red">Bilet nieważny</span>';
+      } else {
+        $message .= $ticketData['used_ticket'] ? '<span class="c_red">Wykorzystany</span>' : '<span class="c_green">Nie wykorzystany</span>';
+      }
+      $message .= '</p></strong>';
+      if($ticketData['used_ticket']){
+      $message .= '<p style="font-size: 20px;">' . $ticketData['used_ticket_date'] . '</p>';
+      }
+
+      $message .= '<hr>';
+      $message .= '<strong><p>Bilety: </p></strong>';
+      $message .= '<ul>';
+      foreach ($ticketData['tickets'] as $value){
+        $message .= '<li>' . $value['name'] . ' (x ' . $value["quantity"] . ')</li>';
+      }
+      $message .= '</ul>';
+      $message .= '<p>Cena: <strong>' .  $ticketData['order_price'] . '</strong></p>';
+      $message .= '<hr>';
+      $message .= '<strong><p>Dane klienta:</p></strong>';
+      $message .= '<input type="hidden" id="order-id" value="' . $ticketData['id'] . '">';
+      $message .= '<p>Imie: <strong>' . $ticketData['name'] . '</strong></p>';
+      $message .= '<p>Nazwisko: <strong>' . $ticketData['surname'] . '</strong></p>';
+      $message .= '<p>Email: <strong>' . $ticketData['email'] . '</strong></p>';
+      $message .= '<p>Kod pocztowy: <strong>' . $ticketData['zip_code'] . '</strong></p>';
+      $message .= '<p>Miasto: <strong>' . $ticketData['city'] . '</strong></p>';
+      $message .= '<hr>';
+      if($dateInterval < 30){
+        if (\S::get_session('user')){
+          if(!$ticketData['used_ticket']){
+          $message .= '<button class="btn-t1" id="btn-used" style="margin: 30px auto; display: block;">Oznacz jako wykorzystany</button>';
+          }
+        }
+      }
+    }
+    else
+    {
+      $message = '</br>';
+      $message .= '<strong><p style="font-size: 30px; text-align: center;">Nie poprawny kod QR</p></strong>';
+    }
+    echo json_encode($message);
+    exit;
+  }
+
+  static public function use_ticket() {
+    global $mdb;
+
+    $order_id = \S::get('order_id');
+    $date = date('Y-m-d H:i:s');
+    $mdb->update('orders', ['used_ticket' => 1, 'used_ticket_date' => $date], ['id' => $order_id]);
+
+    echo json_encode([
+      'useStatus' => true
+    ]);
+
+    exit;
+  }
+}
--- a/autoload/controls/class.Site.php
+++ b/autoload/controls/class.Site.php
@@ -0,0 +1,23 @@
+<?php
+namespace controls;
+class Site
+{
+  public static function route()
+  {
+    global $user;
+    
+    $class = '\controls\\';
+      
+    $results = explode( '_', \S::get( 'module' ) );
+    if ( is_array( $results ) ) foreach ( $results as $row )
+      $class .= ucfirst( $row );
+    
+    $action = \S::get( 'action' );
+    
+    if ( class_exists( $class ) and method_exists( new $class, $action ) )
+    {
+      if ( \controls\Users::permissions( $user['id'], \S::get( 'module' ) ) )
+        return call_user_func_array( array( $class, $action ), array() );
+    }
+  }
+}
--- a/autoload/controls/class.Tickets.php
+++ b/autoload/controls/class.Tickets.php
@@ -0,0 +1,625 @@
+<?
+
+namespace controls;
+
+class Tickets
+{
+  static public function main_view()
+  {
+    global $settings;
+
+    if ( !$settings['tickets']['enable_sell'] )
+      return \Tpl::view( 'tickets/disabled-sell' );
+
+    return \Tpl::view('tickets/main-view', [
+      'cart' => \S::get_session('basket'),
+      'settings' => $settings
+    ]);
+  }
+
+  static public function ticket_add()
+  {
+    global $settings;
+
+
+    $selected_date = \S::get( 'date' ) ? \S::get( 'date' ) : null;
+    $diffDays = \S::get('diffdays') ?? 0;
+
+    if ( $selected_date )
+    {
+      $selected = new \DateTime($selected_date);
+      $today = new \DateTime(date('Y-m-d') . ' 00:00:00');
+      $diffDays = $selected->diff($today)->days;
+    }
+
+    $basket = \S::get_session('basket');
+    $ticket_id = \S::get('ticket_id');
+
+    if ( $basket[$ticket_id][$diffDays] )
+    {
+      $basket[$ticket_id][$diffDays]['quantity']++;
+    }
+    else
+    {
+      if ($diffDays == 0) {
+        $addon = $settings['tickets'][$ticket_id]['dynamic_prices']['day0'] ?? 0;
+      } elseif ($diffDays <= 2) {
+          $addon = $settings['tickets'][$ticket_id]['dynamic_prices']['day1_2'] ?? 0;
+      } elseif ($diffDays <= 7) {
+          $addon = $settings['tickets'][$ticket_id]['dynamic_prices']['day3_7'] ?? 0;
+      } else {
+          $addon = 0;
+      }
+
+      $basket[$ticket_id][$diffDays]['ticket_id'] = $ticket_id;
+      $basket[$ticket_id][$diffDays]['ticket_price'] = $settings['tickets'][$ticket_id]['price'] + $addon;
+      $basket[$ticket_id][$diffDays]['product_id'] = $settings['tickets'][$ticket_id]['product_id'];
+      $basket[$ticket_id][$diffDays]['quantity'] = 1;
+      $basket[$ticket_id][$diffDays]['date'] = $selected_date;
+    }
+
+    if ( strpos( $ticket_id, "gift" ) !== false )
+    {
+      $basket['gift-price'][0]['quantity'] = 1;
+      $basket['gift-price'][0]['ticket_price'] = $settings['tickets']['gift-price']['price'];
+      $basket['gift-price'][0]['product_id'] = $settings['tickets']['gift-price']['product_id'];
+      $basket['gift-price'][0]['ticket_id'] = 'gift-price';
+    }
+
+    $basket = \factory\Tickets::recalculate_ticket_protection( $basket );
+
+    \S::set_session( 'basket', $basket );
+
+    if (\S::get('basket_step_1'))
+      echo json_encode([
+        'basket_form' => \Tpl::view('tickets/basket-form', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'basket_summary' => \Tpl::view('tickets/basket-summary', [
+          'cart' => $basket,
+          'settings' => $settings
+        ])
+      ]);
+    else
+      echo json_encode(['shopping_cart' => \Tpl::view('tickets/shopping-cart', [
+        'cart' => $basket,
+        'settings' => $settings
+      ])]);
+    exit;
+  }
+
+  static public function ticket_subtract()
+  {
+    global $settings;
+
+    $basket = \S::get_session('basket');
+    $ticket_id = \S::get('ticket_id');
+    $diffdays = \S::get('diffdays');
+
+    if ($basket[$ticket_id][$diffdays]['quantity'] > 0)
+    {
+      $basket[$ticket_id][$diffdays]['quantity']--;
+
+      if ($basket[$ticket_id][$diffdays]['quantity'] == 0)
+      {
+        unset($basket[$ticket_id][$diffdays]);
+        if (empty($basket[$ticket_id])) {
+          unset($basket[$ticket_id]);
+        }
+
+        $giftKeys = array_filter(array_keys($basket), function ($key) {
+          return strpos($key, "gift") !== false && $key != "gift-price";
+        });
+        if (empty($giftKeys)) {
+          unset($basket['gift-price']);
+        }
+      }
+    }
+
+    $basket = \factory\Tickets::recalculate_ticket_protection( $basket );
+
+    \S::set_session( 'basket', $basket );
+
+    if (\S::get('basket_step_1'))
+      echo json_encode([
+        'basket_form' => \Tpl::view('tickets/basket-form', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'basket_summary' => \Tpl::view('tickets/basket-summary', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'cart_count' => count($basket)
+      ]);
+
+    else
+      echo json_encode([
+        'shopping_cart' => \Tpl::view('tickets/shopping-cart', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'cart_count' => count($basket)
+      ]);
+    exit;
+  }
+
+  static public function ticket_remove()
+  {
+    global $settings;
+
+    $basket = \S::get_session('basket');
+    $ticket_id = \S::get('ticket_id');
+    $diffdays = \S::get('diffdays');
+
+    unset($basket[$ticket_id]);
+
+    $giftKeys = array_filter(array_keys($basket), function ($key) {
+      return strpos($key, "gift") !== false && $key != "gift-price";
+    });
+
+    if (empty($giftKeys)) {
+      unset($basket['gift-price']);
+    }
+
+    $basket = \factory\Tickets::recalculate_ticket_protection( $basket );
+
+    \S::set_session('basket', $basket);
+
+    if (\S::get('basket_step_1'))
+      echo json_encode([
+        'basket_form' => \Tpl::view('tickets/basket-form', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'basket_summary' => \Tpl::view('tickets/basket-summary', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'cart_count' => count($basket)
+      ]);
+    else
+      echo json_encode([
+        'shopping_cart' => \Tpl::view('tickets/shopping-cart', [
+          'cart' => $basket,
+          'settings' => $settings
+        ]),
+        'cart_count' => count($basket)
+      ]);
+    exit;
+  }
+
+  // Strona koszyka
+  static public function basket_view()
+  {
+    global $settings;
+
+    if ( \S::get( 'ticket_protection' ) == 'true' ) {
+      \S::set_session( 'ticket_protection', true );
+      \factory\Tickets::add_ticket_protection();
+      header( 'Location: /tickets/basket_view/' );
+      exit;
+    }
+
+    if ( \S::get( 'ticket_protection' ) == 'false' ) {
+      \S::set_session( 'ticket_protection', false );
+      \factory\Tickets::remove_ticket_protection();
+      header( 'Location: /tickets/basket_view/' );
+      exit;
+    }
+
+    return \Tpl::view('tickets/basket-view', [
+      'cart' => \S::get_session('basket'),
+      'settings' => $settings
+    ]);
+  }
+
+  // Przetwarzanie formularza
+  static public function basketFormHandler()
+  {
+    global $settings, $mdb;
+
+    $basket = \S::get_session('basket');
+    $date = date('Y-m-d H:i:s');
+
+    $finalPrice = 0;
+    foreach ( ( $basket ) as $data => $value )
+    {
+      foreach ( $value as $key => $val )
+      {
+        $price = $val['ticket_price'];
+        $quantity = $val['quantity'];
+
+        $finalPrice += $price * $quantity;
+      }
+    }
+
+    $hash = md5(trim($_POST['email']) . trim($_POST['city']) . trim(date("Y-m-d H:i:s")));
+
+    //* Zapisywanie do DB klienta
+    $mdb->insert('orders', [
+      'name' => trim($_POST['name']),
+      'surname' => trim($_POST['surname']),
+      'email' => trim($_POST['email']),
+      'zip_code' => trim($_POST['zip_code']),
+      'city' => trim($_POST['city']),
+      'street' => trim($_POST['street']),
+      'order_price' => trim($finalPrice),
+      'date_added' => $date,
+      'hash' => $hash,
+      'vat' => trim($_POST['vat'] == 'on' ? '1' : '0'),
+      'company_name' => trim($_POST['company_name']),
+      'nip' => trim($_POST['nip']),
+      'gift_address' => trim($_POST['gift_address'])
+    ] );
+
+    //* Id klienta
+    $last_id = $mdb->id();
+
+    if ( $last_id )
+    {
+      foreach ( ( $basket ) as $data => $value )
+      {
+        foreach ( $value as $key => $val )
+        {
+          $price = $val['ticket_price'];
+          $quantity = $val['quantity'];
+
+          $finalPrice += $price * $quantity;
+        }
+      }
+      foreach ( ( $basket ) as $data => $value )
+      {
+        foreach ( $value as $key => $val )
+        {
+          if ( $val['date'] ) {
+            $dateFormatted = new \DateTime( $val['date'] );
+            $dateFormatted = $dateFormatted->format('Y-m-d');
+          } else
+            $dateFormatted = null;
+
+          // Zapisywanie do DB bilety
+          $mdb -> insert( 'order_tickets', [
+            'order_id' => $last_id,
+            'product_id' => $val['product_id'],
+            'name' => trim( $settings['tickets'][$val['ticket_id']]['name'] ),
+            'quantity' => trim( $val["quantity"]),
+            'price' => trim( $val['ticket_price']),
+            'date_visit' => $dateFormatted,
+            'date_added' => $date
+          ] );
+        }
+      }
+
+      //QR CODE
+      $dir = 'orders/' . $hash[0] . '/' . $hash[1] . '/';
+
+      if (!file_exists($dir . $hash . '.png'))
+      {
+        if (!is_dir($dir))
+          mkdir($dir, 0755, true);
+
+        \QRcode::png($hash, $dir . $hash . '.png', QR_ECLEVEL_H, 4);
+      }
+
+      \S::del_session('basket');
+      header('Location: /tickets/przelewy24/order=' . $hash);
+    }
+    else
+    {
+      header('Location: /tickets/main_view/');
+    }
+    exit;
+  }
+
+  //* Strona końcowego zamówienia
+  static public function przelewy24()
+  {
+    global $settings, $mdb;
+
+    $hash = \S::get('order');
+    $order = \factory\Tickets::get_order_details_by_hash(\S::get('order'));
+
+    $subject = "brzezovka.pl - zamówienie biletów";
+    $message = '<div style="width:100%; max-width: 600px; margin: 0 auto;">';
+    $message .= '<div style="text-align: center;"><img src="https://bilety.brzezovka.pl/layout/images/logo.png" alt="" style="width: 300px;"></div><hr>';
+    $message .= '<h2>Potwierdzenie Zamówienia</h2>';
+    $message .= '<span>Witamy,</span><br/>';
+    $message .= '<span>potwierdzamy realizację Zamówienia numer: ' . $order['id'] . '</span><br/><br/>';
+    $message .= '<table style="width:100%;">';
+    $message .= '<thead style="text-align: left;">';
+    $message .= '<tr>';
+    $message .= '<th>Dane zamówienia</th>';
+    $message .= '<th>Dane zamawiającego</th>';
+    $message .= '</tr>';
+    $message .= '</thead>';
+    $message .= '<tbody>';
+    $message .= '<tr>';
+    $message .= '<td>Cena: ' . $order['order_price'] . 'zł</td>';
+    $message .= '<td>' . $order['name'] . ' ' . $order['surname'] . '</td>';
+    $message .= '</tr>';
+    $message .= '<tr>';
+    $message .= '<td>Data: ' . $order['date_added'] . '</td>';
+    $message .= '<td>' . $order['city'] . ' ' . $order['zip_code'] . '</td>';
+    $message .= '</tr>';
+    $message .= '<tr>';
+    $message .= '<td></td>';
+    $message .= '<td>' . $order['email'] . '</td>';
+    $message .= '</tr>';
+    $message .= '</tbody>';
+    $message .= '</table>';
+    $message .= '<br/><hr>';
+    $message .= '<h3>Lista biletów</h3>';
+    $message .= '<table style="width:100%;">';
+      $message .= '<thead style="text-align: left;">';
+        $message .= '<tr> <th>Bilet</th> <th>Termin wizyty</th> <th>Cena</th> <th>Ilość</th> <th>Razem</th> </tr>';
+      $message .= '</thead>';
+      $message .= '<tbody>';
+      foreach ($order['tickets'] as $value)
+      {
+        $message .= '<tr>';
+          $message .= '<td>' . $value['name'] . '</td>';
+          $message .= '<td>' . $value['date_visit'] . '</td>';
+          $message .= '<td>' . $value['price'] . '</td>';
+          $message .= '<td>' . $value["quantity"] . '</td>';
+          $message .= '<td>' . $value['price']*$value["quantity"] . 'zł</td>';
+        $message .= '</tr>';
+      }
+      $message .= '</tbody>';
+    $message .= '</table>';
+    $message .= '<br/><hr>';
+
+    if (!empty($order['gift_address'])) {
+      $message .= '<h3>Dane do wysyłki biletu prezentowego</h3>';
+      $message .= '<p>' . $order['gift_address'] . '</p>';
+    }
+
+    $message .= '<br/><hr>';
+
+    //QR CODE
+    $dir = 'orders/' . $hash[0] . '/' . $hash[1] . '/';
+
+    if ( !file_exists($dir . $hash . '.png' ) )
+    {
+      if (!is_dir($dir))
+        mkdir($dir, 0755, true);
+
+      \QRcode::png( $hash, $dir . $hash . '.png', QR_ECLEVEL_H, 4 );
+    }
+
+    $qr_path = 'https://bilety.brzezovka.pl/' . $dir . $hash . '.png';
+    $message .= '<h3>QR kod</h3>';
+    $message .= '<img src="' . $qr_path . '" alt="QR kod" style="width: 200px; height: 200px;"/>';
+    $message .= '<br/><hr>';
+
+    $message .= '<a style="display: inline-block; color: #000; border: none; text-decoration: none; margin-top:20px; background-color: #a4e653; font-weight: 800; border-radius: 10px; padding: 10px 30px;" href="https://bilety.brzezovka.pl/tickets/order_confirm/order=' . $order['hash'] . '">Link do szczegółów zamówienia</a>';
+    $message .= '</div>';
+
+    \S::send_email( $order['email'], $subject, $message );
+
+    $przelewy24_hash = md5(time());
+    $mdb->update('orders', ['payment_hash' => $przelewy24_hash], ['id' => $order['id']]);
+
+    return \Tpl::view('tickets/przelewy24', [
+      'settings' => $settings,
+      'hash' => \S::get('order'),
+      'order' => $order,
+      'przelewy24_hash' => $przelewy24_hash
+    ]);
+  }
+
+  //* Akceptowanie zmian w DB. Jeżeli płatność jest ok
+  static public function przelewy24_response()
+  {
+    global $settings, $mdb;
+
+    $crc_key = '';
+
+    if($settings['p24']['sandbox']) {
+      $crc_key = $settings['p24']['sandbox_crc_key'];
+    } else {
+      $crc_key = $settings['p24']['crc_key'];
+    }
+
+    $post = [
+      'p24_merchant_id' => \S::get('p24_merchant_id'),
+      'p24_pos_id' => \S::get('p24_pos_id'),
+      'p24_session_id' => \S::get('p24_session_id'),
+      'p24_amount' => \S::get('p24_amount'),
+      'p24_currency' => \S::get('p24_currency'),
+      'p24_order_id' => \S::get('p24_order_id'),
+      'p24_sign' => md5(\S::get('p24_session_id') . '|' . \S::get('p24_order_id') . '|' . \S::get('p24_amount') . '|' . \S::get('p24_currency') . '|' . $crc_key)
+    ];
+
+    $ch = curl_init();
+    if ($settings['p24']['sandbox'])
+    {
+      curl_setopt($ch, CURLOPT_URL, 'https://sandbox.przelewy24.pl/trnVerify');
+    }
+    else
+    {
+      curl_setopt($ch, CURLOPT_URL, 'https://secure.przelewy24.pl/trnVerify');
+    }
+
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
+    curl_exec($ch);
+
+    $order = \factory\Tickets::get_order_details_by_przelewy24_hash(\S::get('p24_session_id'));
+    if ( !$order )
+      return false;
+
+    $mdb->update('orders', ['payment_status' => 1], ['id' => $order['id']]);
+    $mdb->update('orders', ['payment_date' => date('Y-m-d H:i:s')], ['id' => $order['id']]);
+
+    //* Wystawienie faktury
+    if ($order['invoice_status'] == 0)
+    {
+      if($order['vat'] == 0){
+        $api = array();
+        $api["api_id"] = "9fa7772af97ab35b6d8a1cd05ac9e1b5";
+        $api["api_zadanie"] = "1";
+        $api["dokument_rodzaj"] = "20";
+        $api["dokument_dostep"] = "1";
+        $api["dokument_miejsce"] = "Brzezovka sklep internetowy";
+        $api["produkt_stawka_vat"] = "8";
+
+        $api["nabywca_imie"] = $order['name'];
+        $api["nabywca_nazwisko"] = $order['surname'];
+        $api["nabywca_email"] = $order['email'];
+
+        if($order['city']){
+          $api["nabywca_miasto"] = $order['city'];
+        }
+        if($order['zip_code']){
+          $api["nabywca_kod"] = $order['zip_code'];
+        }
+        if($order['street']){
+          $api["nabywca_ulica"] = $order['street'];
+        }
+
+        foreach ($order['tickets'] as $key => $value)
+        {
+          $key += 1;
+          $api["produkt_nazwa_$key"] = $value['name'];
+          $api["produkt_ilosc_$key"] = $value['quantity'];
+          $api["produkt_jm_$key"] = "2";
+          $api["produkt_stawka_vat_$key"] = "23";
+          $api["produkt_wartosc_brutto_$key"] = $value['price'] * $value['quantity'];
+        }
+
+        $curl = curl_init();
+        curl_setopt($curl, CURLOPT_URL, "https://www.fakturowo.pl/api");
+        curl_setopt($curl, CURLOPT_POST, 1);
+        curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 300);
+        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($curl, CURLOPT_POSTFIELDS, $api);
+        $result = curl_exec($curl);
+        curl_close($curl);
+
+        $result = explode("\n", $result);
+        if ($result[0] == 1)
+        {
+          $subject = "brzezovka.pl - zamówienie biletów 'paragon'";
+          $message  = '<div style="width:100%; max-width: 600px; margin: 0 auto;">';
+          $message .= '<div style="text-align: center;"><img src="https://bilety.brzezovka.pl/layout/images/logo.png" alt="" style="width:100%; max-width: 100px;"></div><hr>';
+          $message .= '<h2>Paragon z Potwierdzeniem Zamówienia</h2>';
+          $message .= '<span>Link do pobrania:</span><br/>';
+          $message .= '<a href="' . $result[2] . '">' . $result[2] . '</a>';
+          $message .= '</div>';
+
+          \S::send_email( $order['email'], $subject, $message );
+
+          $mdb->update('orders', ['invoice_status' => 1], ['id' => $order['id']]);
+          $mdb->update('orders', ['invoice_url' => $result[2]], ['id' => $order['id']]);
+        }
+        else
+        {
+          echo "ERROR: " . $result[1];
+        }
+      }
+      elseif ($order['vat'] == 1)
+      {
+        $api = array();
+        $api["api_id"] = "9fa7772af97ab35b6d8a1cd05ac9e1b5";
+        $api["api_zadanie"] = "1";
+        $api["dokument_rodzaj"] = "0";
+        $api["dokument_dostep"] = "1";
+        $api["dokument_miejsce"] = "Brzezovka sklep internetowy";
+        $api["produkt_stawka_vat"] = "8";
+
+        $api["nabywca_imie"] = $order['name'];
+        $api["nabywca_nazwisko"] = $order['surname'];
+        $api["nabywca_email"] = $order['email'];
+
+        $api["nabywca_miasto"] = $order['city'];
+        $api["nabywca_kod"] = $order['zip_code'];
+        $api["nabywca_ulica"] = $order['street'];
+
+        $api["nabywca_nazwa"] = $order['company_name'];
+        $api["nabywca_nip"] = $order['nip'];
+
+        foreach ($order['tickets'] as $key => $value)
+        {
+          $key += 1;
+          $api["produkt_nazwa_$key"] = $value['name'];
+          $api["produkt_ilosc_$key"] = $value['quantity'];
+          $api["produkt_jm_$key"] = "2";
+          $api["produkt_stawka_vat_$key"] = "23";
+          $api["produkt_wartosc_brutto_$key"] = $value['price'] * $value['quantity'];
+        }
+
+        $curl = curl_init();
+        curl_setopt($curl, CURLOPT_URL, "https://www.fakturowo.pl/api");
+        curl_setopt($curl, CURLOPT_POST, 1);
+        curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 300);
+        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($curl, CURLOPT_POSTFIELDS, $api);
+        $result = curl_exec($curl);
+        curl_close($curl);
+
+        $result = explode("\n", $result);
+        if ($result[0] == 1)
+        {
+          $subject = "brzezovka.pl - zamówienie biletów 'faktura'";
+          $message  = '<div style="width:100%; max-width: 600px; margin: 0 auto;">';
+          $message .= '<div style="text-align: center;"><img src="https://bilety.brzezovka.pl/layout/images/logo.png" alt="" style="width:100%; max-width: 100px;"></div><hr>';
+          $message .= '<h2>Faktura z Potwierdzeniem Zamówienia</h2>';
+          $message .= '<span>Link do pobrania:</span><br/>';
+          $message .= '<a href="' . $result[2] . '">' . $result[2] . '</a>';
+          $message .= '</div>';
+
+          \S::send_email( $order['email'], $subject, $message );
+
+          $mdb->update('orders', ['invoice_status' => 1], ['id' => $order['id']]);
+          $mdb->update('orders', ['invoice_url' => $result[2]], ['id' => $order['id']]);
+        }
+        else
+        {
+          echo "ERROR: " . $result[1];
+        }
+      }
+    }
+
+    exit;
+  }
+
+  //* Końcowa strona z informacją o zamówieniu
+  static public function order_confirm()
+  {
+    global $mdb;
+    $order = \factory\Tickets::get_order_details_by_hash(\S::get('order'));
+
+    if ( $order['payment_status'] and !$order['informed_user'] )
+    {
+      if ($order['payment_status'])
+      {
+        $order_successful = true;
+      }
+      else
+      {
+        $order_fail = true;
+      }
+
+      $mdb->update('orders', ['informed_user' => 1], ['id' => $order['id']]);
+    }
+
+    return \Tpl::view( 'tickets/order-confirm', [
+      'order' => $order,
+      'order_successful' => $order_successful,
+      'order_fail' => $order_fail
+    ]);
+  }
+
+  //* Regulamin
+  static public function regulamin()
+  {
+    return \Tpl::view('site/regulamin');
+  }
+
+  static public function regulamin_biletow_prezentowych()
+  {
+    return \Tpl::view('site/regulamin-for-gifts');
+  }
+}
--- a/autoload/controls/class.Users.php
+++ b/autoload/controls/class.Users.php
@@ -0,0 +1,131 @@
+<?php
+namespace controls;
+
+class Users
+{
+
+  public static function permissions( $user_id, $module = '', $action = '' )
+  {
+    // Pyziak Jacek
+    $permissions[ 1 ][ 'projects' ] = true;
+    $permissions[ 1 ][ 'finances' ] = true;
+    $permissions[ 1 ][ 'ceidg' ] = true;
+    $permissions[ 1 ][ 'domain_tester' ] = true;
+    $permissions[ 1 ][ 'wiki' ] = true;
+    $permissions[ 1 ][ 'crm' ] = true;
+    // Pyziak Grzegorz
+    $permissions[ 3 ][ 'projects' ] = true;
+    $permissions[ 3 ][ 'finances' ] = true;
+    $permissions[ 3 ][ 'ceidg' ] = true;
+    $permissions[ 3 ][ 'domain_tester' ] = true;
+    $permissions[ 3 ][ 'wiki' ] = true;
+    $permissions[ 3 ][ 'crm' ] = true;
+    // Łukasz Szydełko
+    $permissions[ 4 ][ 'projects' ] = false;
+    $permissions[ 4 ][ 'finances' ] = false;
+    $permissions[ 4 ][ 'ceidg' ] = true;
+    $permissions[ 4 ][ 'domain_tester' ] = true;
+    $permissions[ 4 ][ 'wiki' ] = false;
+    $permissions[ 4 ][ 'crm' ] = false;
+    // Roman Pyrih
+    $permissions[ 5 ][ 'projects' ] = true;
+    $permissions[ 5 ][ 'finances' ] = false;
+    $permissions[ 5 ][ 'ceidg' ] = false;
+    $permissions[ 5 ][ 'domain_tester' ] = false;
+    $permissions[ 5 ][ 'wiki' ] = true;
+    $permissions[ 5 ][ 'crm' ] = false;
+    // Marian Uryc
+    $permissions[ 7 ][ 'projects' ] = true;
+    $permissions[ 7 ][ 'finances' ] = false;
+    $permissions[ 7 ][ 'ceidg' ] = false;
+    $permissions[ 7 ][ 'domain_tester' ] = false;
+    $permissions[ 7 ][ 'wiki' ] = true;
+    $permissions[ 7 ][ 'crm' ] = false;
+
+    if ( $action and isset( $permissions[ $user_id ][ $module ][ $action ] ) )
+    {
+      return $permissions[ $user_id ][ $module ][ $action ];
+    }
+
+    if ( isset( $permissions[ $user_id ][ $module ] ) )
+    {
+      return $permissions[ $user_id ][ $module ];
+    }
+
+    return true;
+  }
+
+  public static function logout()
+  {
+    $domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
+    $cookie_name = str_replace( '.', '-', $domain );
+
+    setcookie( $cookie_name, "", strtotime( "-1 year" ), "/", $domain );
+    session_destroy();
+    header( 'Location: /' );
+    exit;
+  }
+
+  public static function settings_save()
+  {
+    global $mdb, $user;
+
+    if ( \factory\Users::settings_save( $user[ 'id' ], \S::get( 'pushover_api' ), \S::get( 'pushover_user' ) ) )
+    {
+      $user = $mdb -> get( 'users', '*', [ 'id' => $user[ 'id' ] ] );
+      \S::set_session( 'user', $user );
+      \S::alert( 'Ustawienia zostały zapisane.' );
+    }
+    header( 'Location: /users/settings/' );
+    exit;
+  }
+
+  public static function settings()
+  {
+    global $user;
+
+    if ( !$user )
+    {
+      return \Tpl::view( 'users/login-form' );
+    }
+
+    return \view\Users::settings(
+        $user
+    );
+  }
+
+  public static function login()
+  {
+    if ( $user = \factory\Users::login(
+        \S::get( 'email' ),
+        md5( \S::get( 'password' ) )
+      ) )
+    {
+      // zapamiętaj logowanie
+      if ( \S::get( 'remember' ) )
+      {
+        $domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
+        $cookie_name = str_replace( '.', '-', $domain );
+
+        $value = [ 'email' => \S::get( 'email' ), 'hash' => md5( \S::get( 'password' ) ) ];
+        $value = json_encode( $value );
+
+        setcookie( $cookie_name, $value, strtotime( "+1 year" ), "/", $domain );
+      }
+
+      \S::set_session( 'user', $user );
+      echo json_encode( [ 'result' => 'true', 'msg' => 'Właśnie zostałeś zalogowany. Za chwilę nastąpi przekierowanie.', 'default_project' => $user[ 'default_project' ] ] );
+    }
+    else
+    {
+      echo json_encode( [ 'result' => 'false', 'msg' => 'Podany login i hasło są nieprawidłowe.' ] );
+    }
+    exit;
+  }
+
+  public static function login_form()
+  {
+    return \Tpl::view( 'users/login-form' );
+  }
+
+}