captcha) { sendError('The numbers from the picture do not match!'); }else{ $password = getPassword(5); $sql = "select * from main.p__users_1(1,null,:company_name,:surname,:name,:position,:phone,:email,:password);"; $stmt = $db->prepare($sql); $stmt->bindParam(':company_name', $object->company, PDO::PARAM_STR); $stmt->bindParam(':surname', $object->lastname, PDO::PARAM_STR); $stmt->bindParam(':name', $object->firstname, PDO::PARAM_STR); $stmt->bindParam(':position', $object->position, PDO::PARAM_STR); $stmt->bindParam(':phone', $object->phone, PDO::PARAM_STR); $stmt->bindParam(':email', $object->email, PDO::PARAM_STR); $stmt->bindParam(':password', $password, PDO::PARAM_STR); $response = new stdClass(); $response->errorCode = '0'; $response->errorMessage = ''; try { $res = $stmt->execute(); } catch (Exception $e) { sendError($e->getMessage()); } $html='Message'; $html.='

Поздравляю, Вы зарегистрированы!

'; $html.='Ваш пароль: '.$password.'
'; $html.=''; //Отсылаю пароль на почту if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">")) { }else{ sendError('Failed to send password email to!'); } echo json_encode($response); exit; } }else if($fn=='2') //Восстановление пароля { if(!isset($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents("php://input"); } $object = json_decode($HTTP_RAW_POST_DATA); if($object==null) sendError(trt("Invalid_request")."!"); $captcha=$_SESSION['secpic2']; if($captcha!=$object->captcha) { sendError('The numbers from the picture do not match!'); }else{ $password = getPassword(5); $sql = "update main._users set password='".md5($password)."' where email=lower('".$object->email."');"; $response = new stdClass(); $response->errorCode = '0'; $response->errorMessage = ''; try { $db->query($sql); }catch (Exception $ex) { sendError($ex->getMessage()); } $html='Message'; $html.='

Password recovery

'; $html.='Your password has been changed to: '.$password.'
'; $html.=''; //Отсылаю пароль на почту if(mail($object->email,'Motion-Engine.com',$html,"Content-type: text/html; charset=utf-8\r\nFrom: Motion-Engine Site <".$MainFrom.">")) { }else{ sendError('Failed to send password email to!'); } echo json_encode($response); exit; } }else if($fn=='3'){ //Смена пароля if(!isset($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents("php://input"); } $object = json_decode($HTTP_RAW_POST_DATA); if($object==null) sendError(trt("Invalid_request")."!"); //Проверяю есть ли такой пользователь $sql = "select id from main._users where del=false and password='".md5($object->password)."' and email=lower('".$object->email."');"; try { $res = $db->query($sql); }catch (Exception $ex) { sendError($ex->getMessage()); } if($res==NULL || $res->rowCount()==0) { sendError(trt("Invalid_username_and_or_password")); } $sql = "update main._users set password='".md5($object->new_password)."' where email=lower('".$object->email."') and password='".md5($object->password)."';"; $response = new stdClass(); $response->errorCode = '0'; $response->errorMessage = ''; try { $db->query($sql); }catch (Exception $ex) { sendError($ex->getMessage()); } echo json_encode($response); exit; }else if($fn=='10'){ //Вернуть список для заполнения компаний к которым у пользователя есть доступ $sql="select id,name,exists(select 1 from main._users where del=false and c.id=company_id and id=".$_SESSION['USER_ID'].") as select from main.companies c where id in (select company_id from main.companies_users where del=false and user_id=".$_SESSION['USER_ID'].") order by name"; try { $res = $db->query($sql); }catch (Exception $ex) { sendError($ex->getMessage()); } if($res != null) { while ($row = $res->fetch(PDO::FETCH_ASSOC))// $row - ассоциативный массив значений, ключи - названия столбцов { if($row['select']) echo ''; else echo ''; } } }else{ sendError("Fn is null!"); }