189 lines
6.2 KiB
PHP
189 lines
6.2 KiB
PHP
<?php
|
|
|
|
require_once("../../monitoring/config.php");
|
|
//require_once("../../monitoring/tools.php");
|
|
require_once("../../resources/metadata/include/tools.php");
|
|
require_once("../createTerminalAndObject.php");
|
|
|
|
session_start();
|
|
|
|
function sendError($msg)
|
|
{
|
|
$obj = new StdClass();
|
|
$obj->errorCode = 1;
|
|
$obj->errorMessage = $msg;
|
|
$obj->data = array();
|
|
header('Content-Type: application/json');
|
|
header("Cache-Control: no-cache, must-revalidate");
|
|
echo json_encode($obj);
|
|
exit();
|
|
}
|
|
|
|
//Отвечаю только на POST запросы
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
sendError("Request is GET method!");
|
|
}
|
|
|
|
$fn=filter_input(INPUT_GET, 'fn', FILTER_VALIDATE_INT, array('options'=>array('default'=>-1)));
|
|
if(isset($_GET['lng'])) $_SESSION["LNG"]=$_GET['lng']; else $_SESSION["LNG"]=2;//'en';
|
|
|
|
if($fn==0) { //Авторизация пользователя
|
|
$object = json_decode(file_get_contents("php://input"));
|
|
if ($object == null) {
|
|
sendError("Request is empty!");
|
|
}
|
|
|
|
$db = connectToDB();
|
|
|
|
$sql = "
|
|
select
|
|
id,
|
|
cast(del as integer) as del,
|
|
seq,
|
|
main.getcompanyid(id) company_id,
|
|
name,
|
|
surname,
|
|
patronymic,
|
|
email,
|
|
login,
|
|
password,
|
|
hash
|
|
from
|
|
main._users
|
|
where
|
|
del=false and (email='" . $object->login . "' or phone='" . $object->login . "' or login='" . $object->login . "') and (password='" . $object->password . "' or hash = '" . $object->password . "')
|
|
order by seq";
|
|
|
|
try {
|
|
$res = $db->query($sql);
|
|
} catch (Exception $ex) {
|
|
sendError($ex->getMessage());
|
|
}
|
|
|
|
$obj = new StdClass();
|
|
$obj->errorCode = 0;
|
|
$obj->errorMessage = "";
|
|
$obj->data = array();
|
|
if ($row = $res->fetch(PDO::FETCH_ASSOC)) {
|
|
$usr = new stdClass();
|
|
$usr->id = $row['id'];
|
|
$usr->del = $row['del'];
|
|
$usr->seq = $row['seq'];
|
|
$usr->company_id = $row['company_id'];
|
|
$usr->name = $row['name'];
|
|
$usr->surname = $row['surname'];
|
|
$usr->patronymic = $row['patronymic'];
|
|
$usr->email = $row['email'];
|
|
$usr->login = $row['login'];
|
|
$usr->password = $row['password'];
|
|
$usr->hash = $row['hash']; //Временный пароль (TODO должен быть в паре с id сесии для разделения устройств)
|
|
|
|
array_push($obj->data, $usr);
|
|
|
|
//Проверяем есть ли терминал и объект у пользователя если нет то создаём
|
|
createTerminalAndObject($usr->id,$object->android_id);
|
|
}
|
|
echo json_encode($obj);
|
|
}else
|
|
if ($fn==1) //Регистрация пользователя скопировал содержимое из основного приложения
|
|
{
|
|
$object = json_decode(file_get_contents("php://input"));
|
|
if ($object == null) {
|
|
sendError("Request is empty!");
|
|
}
|
|
|
|
$db = connectToDB();
|
|
|
|
$password = getPassword(5);
|
|
|
|
$sql = "select * from main.p__users_1(1,null,:company_name,:surname,:name,:position,:phone,:email,:password);";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindParam(':company_name', $object->firstname, PDO::PARAM_STR);
|
|
$stmt->bindParam(':surname', $object->lastname, PDO::PARAM_STR);
|
|
$stmt->bindParam(':name', $object->firstname, PDO::PARAM_STR);
|
|
$stmt->bindParam(':position', $object->position, PDO::PARAM_STR);
|
|
$stmt->bindParam(':phone', $object->phone, PDO::PARAM_STR);
|
|
$stmt->bindParam(':email', $object->email, PDO::PARAM_STR);
|
|
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
|
|
|
|
$response = new stdClass();
|
|
$response->errorCode = '0';
|
|
$response->errorMessage = '';
|
|
try
|
|
{
|
|
$res = $stmt->execute();
|
|
} catch (Exception $ex)
|
|
{
|
|
if($ex->getCode()=='U1000')
|
|
{
|
|
sendError(trt('User_with_this_email_already_exists'));
|
|
}else {
|
|
sendError($ex->getMessage());
|
|
}
|
|
}
|
|
|
|
$response->data = array();
|
|
$usr = new stdClass();
|
|
$usr->id = '-1';
|
|
if($row = $stmt->fetch(PDO::FETCH_NUM))
|
|
{
|
|
$usr->id=$row[0];
|
|
$usr->del = 0; //SQLIte нет false
|
|
$usr->seq = 1;
|
|
$usr->company_id = ''; //Заполню ниже
|
|
$usr->name = $object->firstname;
|
|
$usr->surname = $object->lastname;
|
|
$usr->patronymic = '';
|
|
$usr->email = $object->email;
|
|
$usr->phone = $object->phone;
|
|
$usr->login = '';
|
|
$usr->password = ''; //Пароль не отправляю а использую временный идентификатор
|
|
$usr->hash = md5(uniqid(rand(), true));
|
|
|
|
//Обновляю идентификатор временного пароля для авторизации без ввода пароля
|
|
try {
|
|
$db->query("update main._users set hash='".$usr->hash."' where id=".$usr->id); //TODO сделать в одной функции p__users_1 что выше
|
|
} catch (Exception $e){
|
|
sendError($e->getMessage());
|
|
}
|
|
}
|
|
$stmt=null;
|
|
//Получаю id компании
|
|
try {
|
|
$res = $db->query("select company_id from main._users where id =".$usr->id);
|
|
} catch (Exception $e){
|
|
sendError($e->getMessage());
|
|
}
|
|
if($res->rowCount()>0) {
|
|
$row = $res->fetch(PDO::FETCH_ASSOC);
|
|
$usr->company_id = $row['company_id'];
|
|
}
|
|
array_push($response->data, $usr);
|
|
|
|
if($_SESSION["LNG"]==1){
|
|
$html='<html><head><title>Сообщение</title></head><body>
|
|
<h3>Поздравляю, вы зарегистрированы!</h3>
|
|
<b>Ваш пароль: </b> '.$password.'<br>
|
|
</body></html>';
|
|
}else{
|
|
$html='<html><head><title>Message</title></head><body>
|
|
<h3>Congratulations, you are registered!</h3>
|
|
<b>Your password: </b> '.$password.'<br>
|
|
</body></html>';
|
|
}
|
|
|
|
//Отсылаю пароль на почту
|
|
if(mail($usr->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: GEOVizor Site <info@geovizor.com>"))
|
|
{
|
|
|
|
}else{
|
|
sendError('Failed to send password email to!');
|
|
}
|
|
|
|
echo json_encode($response);
|
|
exit();
|
|
}
|
|
|
|
|
|
|