rockowa.com/autoload/front/controls/class.Page.php

<?php
namespace front\controls;

class Page {

  public function checkUrlParams()
  {
    global $db , $lang;

    $rw   = \System::formGet( 'rw' );

    switch ( $rw )
    {
      case 'change_language':
        $id   = \System::formGet( 'id' );
        $lang = \language\FLanguage::loadLang( $id );
        \System::setSessionVar( 'lang' , $lang );
      break;

      case 'change_site':
        if ( \System::formGet( 'type' ) )
          $site = \site\FSite::loadSiteStatic( \System::formGet( 'type' ) );
        else
          $site = \site\FSite::loadSite( \System::formGetInt( 'id' ) );

        \System::setSessionVar( 'site' , $site );
      break;
    }
    
    if ( \System::formGetInt( 'download') )
    {
      $query = $db -> prepare( 'SELECT file FROM pcms_article_files WHERE id = :id' );
      $query -> bindValue( ':id', \System::formGetInt( 'download' ), \PDO::PARAM_INT );
      $query -> execute();
      if ( $query -> rowCount() ) while ( $row = $query -> fetch() )
      {
        if (file_exists( $row['file'] ) )
        {
          header( 'Content-Description: File Transfer');
          header( 'Content-Type: application/octet-stream');
          header( 'Content-Disposition: attachment; filename=' . basename( $row['file'] ) );
          header( 'Content-Transfer-Encoding: binary');
          header( 'Expires: 0');
          header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0');
          header( 'Pragma: public');
          header( 'Content-Length: ' . filesize( $row['file'] ) );
          ob_clean();
          flush();
          readfile( $row['file'] );
          exit;
        }
      }
      $query -> closeCursor();
    }

    if ( \System::formGet( 'account_activation' ) && \System::formGetInt( 'value' ) )
    {
      $query = $db -> prepare( 'SELECT id FROM pcms_user WHERE hash = :hash AND id = :id AND enabled = :enabled' );
      $query -> bindValue( ':hash'    , \System::saveString( \System::formGet( 'account_activation' ) ) , \PDO::PARAM_STR );
      $query -> bindValue( ':id'      , \System::formGetInt( 'value' )                                  , \PDO::PARAM_INT );
      $query -> bindValue( ':enabled' , 0                                                               , \PDO::PARAM_STR );
      $query -> execute();
      if ( $query -> rowCount() )
      {
        $query2 = $db -> prepare( 'UPDATE pcms_user SET enabled = :enabled WHERE hash = :hash AND id = :id' );
        $query2 -> bindValue( ':hash'   , \System::saveString( \System::formGet( 'account_activation' ) ) , \PDO::PARAM_STR );
        $query2 -> bindValue( ':id'     , \System::formGetInt( 'value' )                                  , \PDO::PARAM_INT );
        $query2 -> bindValue( ':enabled', 1                                                               , \PDO::PARAM_STR );
        $query2 -> execute();

        \System::setAlert( $lang -> getTrans( 'T_KONTO_AKTYWOWANE' ) );
      }
      else
        \System::setAlert( $lang -> getTrans( 'T_LINK_NIEPRAWIDLOWY' ) );
      $query -> closeCursor();
    }

    if ( \System::formGet( 'recover_password' ) && \System::formGetInt( 'value' ) )
    {
      $query = $db -> prepare( 'SELECT id , email , login FROM pcms_user WHERE recover = :recover AND id = :id AND enabled = :enabled' );
      $query -> bindValue( ':recover' , \System::saveString( \System::formGet( 'recover_password' ) ) , \PDO::PARAM_STR );
      $query -> bindValue( ':id'      , \System::formGetInt( 'value' )                                , \PDO::PARAM_INT );
      $query -> bindValue( ':enabled' , 1                                                             , \PDO::PARAM_STR );
      $query -> execute();
      if ( $query -> rowCount() ) while ( $row = $query -> fetch() )
      {
        $password = \System::gen_hash( 3 );

        $query2 = $db -> prepare( 'UPDATE pcms_user SET password = :password , recover = :recover_n WHERE recover = :recover AND id = :id' );
        $query2 -> bindValue( ':recover'    , \System::saveString( \System::formGet( 'recover_password' ) )   , \PDO::PARAM_STR );
        $query2 -> bindValue( ':id'         , \System::formGetInt( 'value' )                                  , \PDO::PARAM_INT );
        $query2 -> bindValue( ':password'   , md5( $password )                                                , \PDO::PARAM_STR );
        $query2 -> bindValue( ':recover_n'  , null                                                            , \PDO::PARAM_STR );
        $query2 -> execute();

        $tresc = str_replace( '{LOGIN}'   , $row['login']                             , $lang -> getTrans( 'T_NOWE_HASLO_UZYTKOWNIK_TRESC' ) );
        $tresc = str_replace( '{SERWER}'  , \System::getSystemSettings( 'firm_name' ) , $tresc );
        $tresc = str_replace( '{HASLO}'   , $password                                 , $tresc );

        \System::sendEmail(
              $row['email'] ,
              str_replace( '{SERWER}' , \System::getSystemSettings( 'firm_name' ) , $lang -> getTrans( 'T_NOWE_HASLO_TEMAT' ) ),
              $tresc
            );

        \System::setAlert( $lang -> getTrans( 'T_NOWE_HASLO_UZYTKOWNIK_EMAIL' ) );
      }
      else
        \System::setAlert( $lang -> getTrans( 'T_LINK_NIEPRAWIDLOWY' ) );
      $query -> closeCursor();
    }
  }
}
?>