180 lines
6.1 KiB
PHP
180 lines
6.1 KiB
PHP
<?php
|
||
|
||
@session_start();
|
||
|
||
require_once("../../monitoring/config.php");
|
||
require_once("../../monitoring/tools.php");
|
||
require_once("../../resources/metadata/include/tools.php");
|
||
|
||
function sendError($msg)
|
||
{
|
||
$json='{"errorCode":1,"errorMessage":'.json_encode($msg,JSON_UNESCAPED_UNICODE).'}';
|
||
header('Content-Type: application/json');
|
||
echo $json;
|
||
exit;
|
||
}
|
||
|
||
$db = connectToDB();
|
||
|
||
$MainFrom = 'irigm@yandex.ru';
|
||
//$MainFrom = 'info@motion-engine.com';
|
||
|
||
$fn=0;
|
||
if(isset($_GET['fn'])) { $fn=$_GET['fn']; }
|
||
if($fn=='1') //Зарегестрировать нового пользователя и компанию
|
||
{
|
||
if(!isset($HTTP_RAW_POST_DATA))
|
||
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
||
}
|
||
$object = json_decode($HTTP_RAW_POST_DATA);
|
||
if($object==null) sendError(trt("Invalid_request")."!");
|
||
|
||
$captcha=$_SESSION['secpic1'];
|
||
if($captcha!=$object->captcha) {
|
||
sendError('The numbers from the picture do not match!');
|
||
}else{
|
||
$password = getPassword(5);
|
||
|
||
$sql = "select * from main.p__users_1(1,null,:company_name,:surname,:name,:position,:phone,:email,:password);";
|
||
$stmt = $db->prepare($sql);
|
||
$stmt->bindParam(':company_name', $object->company, PDO::PARAM_STR);
|
||
$stmt->bindParam(':surname', $object->lastname, PDO::PARAM_STR);
|
||
$stmt->bindParam(':name', $object->firstname, PDO::PARAM_STR);
|
||
$stmt->bindParam(':position', $object->position, PDO::PARAM_STR);
|
||
$stmt->bindParam(':phone', $object->phone, PDO::PARAM_STR);
|
||
$stmt->bindParam(':email', $object->email, PDO::PARAM_STR);
|
||
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
|
||
|
||
$response = new stdClass();
|
||
$response->errorCode = '0';
|
||
$response->errorMessage = '';
|
||
try
|
||
{
|
||
$res = $stmt->execute();
|
||
} catch (Exception $e)
|
||
{
|
||
sendError($e->getMessage());
|
||
}
|
||
|
||
|
||
$html='<html><head><title>Message</title></head><body>';
|
||
$html.='<h1>Поздравляю, Вы зарегистрированы!</h1>';
|
||
$html.='<b>Ваш пароль:</b> '.$password.'<br>';
|
||
$html.='</body></html>';
|
||
|
||
//Отсылаю пароль на почту
|
||
if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">"))
|
||
{
|
||
|
||
}else{
|
||
sendError('Failed to send password email to!');
|
||
}
|
||
|
||
echo json_encode($response);
|
||
exit;
|
||
}
|
||
|
||
|
||
}else if($fn=='2') //Восстановление пароля
|
||
{
|
||
if(!isset($HTTP_RAW_POST_DATA))
|
||
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
||
}
|
||
$object = json_decode($HTTP_RAW_POST_DATA);
|
||
if($object==null) sendError(trt("Invalid_request")."!");
|
||
|
||
$captcha=$_SESSION['secpic2'];
|
||
if($captcha!=$object->captcha) {
|
||
sendError('The numbers from the picture do not match!');
|
||
}else{
|
||
$password = getPassword(5);
|
||
|
||
$sql = "update main._users set password='".md5($password)."' where email=lower('".$object->email."');";
|
||
$response = new stdClass();
|
||
$response->errorCode = '0';
|
||
$response->errorMessage = '';
|
||
try
|
||
{
|
||
$db->query($sql);
|
||
}catch (Exception $ex)
|
||
{
|
||
sendError($ex->getMessage());
|
||
}
|
||
|
||
$html='<html><head><title>Message</title></head><body>';
|
||
$html.='<h1>Password recovery</h1>';
|
||
$html.='<b>Your password has been changed to:</b> '.$password.'<br>';
|
||
$html.='</body></html>';
|
||
|
||
//Отсылаю пароль на почту
|
||
if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">"))
|
||
{
|
||
|
||
}else{
|
||
sendError('Failed to send password email to!');
|
||
}
|
||
|
||
echo json_encode($response);
|
||
exit;
|
||
}
|
||
|
||
}else if($fn=='3'){ //Смена пароля
|
||
|
||
if(!isset($HTTP_RAW_POST_DATA))
|
||
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
||
}
|
||
$object = json_decode($HTTP_RAW_POST_DATA);
|
||
if($object==null) sendError(trt("Invalid_request")."!");
|
||
|
||
//Проверяю есть ли такой пользователь
|
||
$sql = "select id from main._users where del=false and password='".md5($object->password)."' and email=lower('".$object->email."');";
|
||
try
|
||
{
|
||
$res = $db->query($sql);
|
||
}catch (Exception $ex)
|
||
{
|
||
sendError($ex->getMessage());
|
||
}
|
||
if($res==NULL || $res->rowCount()==0)
|
||
{
|
||
sendError(trt("Invalid_username_and_or_password"));
|
||
}
|
||
|
||
$sql = "update main._users set password='".md5($object->new_password)."' where email=lower('".$object->email."') and password='".md5($object->password)."';";
|
||
$response = new stdClass();
|
||
$response->errorCode = '0';
|
||
$response->errorMessage = '';
|
||
try
|
||
{
|
||
$db->query($sql);
|
||
}catch (Exception $ex)
|
||
{
|
||
sendError($ex->getMessage());
|
||
}
|
||
echo json_encode($response);
|
||
exit;
|
||
}else if($fn=='10'){ //Вернуть список для заполнения компаний к которым у пользователя есть доступ
|
||
|
||
$sql="select id,name,exists(select 1 from main._users where del=false and c.id=company_id and id=".$_SESSION['USER_ID'].") as select from main.companies c where id in (select company_id from main.companies_users where del=false and user_id=".$_SESSION['USER_ID'].") order by name";
|
||
try
|
||
{
|
||
$res = $db->query($sql);
|
||
}catch (Exception $ex)
|
||
{
|
||
sendError($ex->getMessage());
|
||
}
|
||
if($res != null)
|
||
{
|
||
while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
|
||
{
|
||
if($row['select'])
|
||
echo '<option selected="selected" value="'.$row['id'].'">'.$row['name'].'</option>';
|
||
else
|
||
echo '<option value="'.$row['id'].'">'.$row['name'].'</option>';
|
||
}
|
||
}
|
||
|
||
|
||
}else{
|
||
sendError("Fn is null!");
|
||
} |