180 lines
6.1 KiB
PHP
180 lines
6.1 KiB
PHP
<?php
|
|
|
|
@session_start();
|
|
|
|
require_once("../../monitoring/config.php");
|
|
require_once("../../monitoring/tools.php");
|
|
require_once("../../resources/metadata/include/tools.php");
|
|
|
|
function sendError($msg)
|
|
{
|
|
$json='{"errorCode":1,"errorMessage":'.json_encode($msg,JSON_UNESCAPED_UNICODE).'}';
|
|
header('Content-Type: application/json');
|
|
echo $json;
|
|
exit;
|
|
}
|
|
|
|
$db = connectToDB();
|
|
|
|
$MainFrom = 'irigm@yandex.ru';
|
|
//$MainFrom = 'info@motion-engine.com';
|
|
|
|
$fn=0;
|
|
if(isset($_GET['fn'])) { $fn=$_GET['fn']; }
|
|
if($fn=='1') //Зарегестрировать нового пользователя и компанию
|
|
{
|
|
if(!isset($HTTP_RAW_POST_DATA))
|
|
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
|
}
|
|
$object = json_decode($HTTP_RAW_POST_DATA);
|
|
if($object==null) sendError(trt("Invalid_request")."!");
|
|
|
|
$captcha=$_SESSION['secpic1'];
|
|
if($captcha!=$object->captcha) {
|
|
sendError('The numbers from the picture do not match!');
|
|
}else{
|
|
$password = getPassword(5);
|
|
|
|
$sql = "select * from main.p__users_1(1,null,:company_name,:surname,:name,:position,:phone,:email,:password);";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindParam(':company_name', $object->company, PDO::PARAM_STR);
|
|
$stmt->bindParam(':surname', $object->lastname, PDO::PARAM_STR);
|
|
$stmt->bindParam(':name', $object->firstname, PDO::PARAM_STR);
|
|
$stmt->bindParam(':position', $object->position, PDO::PARAM_STR);
|
|
$stmt->bindParam(':phone', $object->phone, PDO::PARAM_STR);
|
|
$stmt->bindParam(':email', $object->email, PDO::PARAM_STR);
|
|
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
|
|
|
|
$response = new stdClass();
|
|
$response->errorCode = '0';
|
|
$response->errorMessage = '';
|
|
try
|
|
{
|
|
$res = $stmt->execute();
|
|
} catch (Exception $e)
|
|
{
|
|
sendError($e->getMessage());
|
|
}
|
|
|
|
|
|
$html='<html><head><title>Message</title></head><body>';
|
|
$html.='<h1>Поздравляю, Вы зарегистрированы!</h1>';
|
|
$html.='<b>Ваш пароль:</b> '.$password.'<br>';
|
|
$html.='</body></html>';
|
|
|
|
//Отсылаю пароль на почту
|
|
if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">"))
|
|
{
|
|
|
|
}else{
|
|
sendError('Failed to send password email to!');
|
|
}
|
|
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
|
|
|
|
}else if($fn=='2') //Восстановление пароля
|
|
{
|
|
if(!isset($HTTP_RAW_POST_DATA))
|
|
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
|
}
|
|
$object = json_decode($HTTP_RAW_POST_DATA);
|
|
if($object==null) sendError(trt("Invalid_request")."!");
|
|
|
|
$captcha=$_SESSION['secpic2'];
|
|
if($captcha!=$object->captcha) {
|
|
sendError('The numbers from the picture do not match!');
|
|
}else{
|
|
$password = getPassword(5);
|
|
|
|
$sql = "update main._users set password='".md5($password)."' where email=lower('".$object->email."');";
|
|
$response = new stdClass();
|
|
$response->errorCode = '0';
|
|
$response->errorMessage = '';
|
|
try
|
|
{
|
|
$db->query($sql);
|
|
}catch (Exception $ex)
|
|
{
|
|
sendError($ex->getMessage());
|
|
}
|
|
|
|
$html='<html><head><title>Message</title></head><body>';
|
|
$html.='<h1>Password recovery</h1>';
|
|
$html.='<b>Your password has been changed to:</b> '.$password.'<br>';
|
|
$html.='</body></html>';
|
|
|
|
//Отсылаю пароль на почту
|
|
if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">"))
|
|
{
|
|
|
|
}else{
|
|
sendError('Failed to send password email to!');
|
|
}
|
|
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
|
|
}else if($fn=='3'){ //Смена пароля
|
|
|
|
if(!isset($HTTP_RAW_POST_DATA))
|
|
{ $HTTP_RAW_POST_DATA = file_get_contents("php://input");
|
|
}
|
|
$object = json_decode($HTTP_RAW_POST_DATA);
|
|
if($object==null) sendError(trt("Invalid_request")."!");
|
|
|
|
//Проверяю есть ли такой пользователь
|
|
$sql = "select id from main._users where del=false and password='".md5($object->password)."' and email=lower('".$object->email."');";
|
|
try
|
|
{
|
|
$res = $db->query($sql);
|
|
}catch (Exception $ex)
|
|
{
|
|
sendError($ex->getMessage());
|
|
}
|
|
if($res==NULL || $res->rowCount()==0)
|
|
{
|
|
sendError(trt("Invalid_username_and_or_password"));
|
|
}
|
|
|
|
$sql = "update main._users set password='".md5($object->new_password)."' where email=lower('".$object->email."') and password='".md5($object->password)."';";
|
|
$response = new stdClass();
|
|
$response->errorCode = '0';
|
|
$response->errorMessage = '';
|
|
try
|
|
{
|
|
$db->query($sql);
|
|
}catch (Exception $ex)
|
|
{
|
|
sendError($ex->getMessage());
|
|
}
|
|
echo json_encode($response);
|
|
exit;
|
|
}else if($fn=='10'){ //Вернуть список для заполнения компаний к которым у пользователя есть доступ
|
|
|
|
$sql="select id,name,exists(select 1 from main._users where del=false and c.id=company_id and id=".$_SESSION['USER_ID'].") as select from main.companies c where id in (select company_id from main.companies_users where del=false and user_id=".$_SESSION['USER_ID'].") order by name";
|
|
try
|
|
{
|
|
$res = $db->query($sql);
|
|
}catch (Exception $ex)
|
|
{
|
|
sendError($ex->getMessage());
|
|
}
|
|
if($res != null)
|
|
{
|
|
while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов
|
|
{
|
|
if($row['select'])
|
|
echo '<option selected="selected" value="'.$row['id'].'">'.$row['name'].'</option>';
|
|
else
|
|
echo '<option value="'.$row['id'].'">'.$row['name'].'</option>';
|
|
}
|
|
}
|
|
|
|
|
|
}else{
|
|
sendError("Fn is null!");
|
|
} |