diff --git a/Westdc/Member/Account.php b/Westdc/Member/Account.php index d9856ae..7150fa1 100644 --- a/Westdc/Member/Account.php +++ b/Westdc/Member/Account.php @@ -62,11 +62,15 @@ class Account extends AbstractEventManager implements ServiceManagerAwareInterfa return $rs->fetch(); } - //注册 + /** + * 用户注册 + * @param $data + * @return array + */ public function register($data) { $params = compact('data'); - $results = $this->getEventManager()->trigger('register.checkParam', $this, $params); + $results = $this->getEventManager()->trigger('register.pre', $this, $params); $cache_data = $results->last(); if($cache_data !== true) @@ -78,43 +82,49 @@ class Account extends AbstractEventManager implements ServiceManagerAwareInterfa return $cache_data; } } - - $results = $this->getEventManager()->trigger('register.checkUser', $this, $params); - $cache_data = $results->last(); - - if($cache_data !== true) - { - if(!is_array($cache_data)) - { - return array('error'=>$cache_data); - }else{ - return $cache_data; - } - } - + + /** + * 将数据分为两组,一组用于做注册成功后的登陆,一组用于写入数据库 + * 写入数据库的数据需要完全重建一个新的,防止因为前端传入时有人恶意增加字段造成破坏 + */ $loginData = array( 'username'=>$data['username'], 'password'=>$data['password'] ); - - $data['password'] = md5($data['password']); - $data['usertype'] = "guest"; - unset($data['confirm_password']); + + $registerData = [ + 'username' => $data['username'], + 'password' => md5($data['password']), + 'usertype' => 'guest', + 'email' => $data['email'], + 'realname' => $data['realname'], + 'unit' => $data['unit'], + 'address' => $data['address'], + 'project' => $data['project'], + 'phone' => $data['phone'], + 'project_id' => $data['project_id'], + 'project_type' => $data['project_type'], + 'project_title' => $data['project_title'], + 'project_leader' => $data['project_leader'], + ]; $dbh = new dbh(); - $id = $dbh->insert($this->memberTable,$data,true); + $id = $dbh->insert($this->memberTable,$registerData,true); if(!empty($id) && is_numeric($id)) { $this->storeLogin($loginData); + if(isset($state['success'])) { //$mb = new Member(); //$mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]); } + + $data = $registerData; $params = compact('data','id'); - $results = $this->getEventManager()->trigger('register.success', $this, $params); + $this->getEventManager()->trigger('register.success', $this, $params); return array("success" => 1); }else{ if($id === false) @@ -126,8 +136,12 @@ class Account extends AbstractEventManager implements ServiceManagerAwareInterfa } }//register - - //登陆 + + /** + * 用户登陆 + * @param $data + * @return array + */ public function login($data) { $results = $this->getEventManager()->trigger('login.pre', $this, compact('data')); @@ -147,16 +161,25 @@ class Account extends AbstractEventManager implements ServiceManagerAwareInterfa if(isset($state['success'])) { + //$mb = new Member(); + //$mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]); + $user = (array)$state['user']; $this->getEventManager()->trigger('login.success', $this, compact('user')); }else{ $this->getEventManager()->trigger('login.failed', $this, compact('data')); } - return $state; + return $state; }//login - - //storeLogin + + /** + * 存储用户登陆信息 + * 为了防止login中的用户信息检查不规范,再加入一层内置的数据库权限检查,以防通过漏洞登入系统 + * @param $data + * @param bool $md5 是否对密码进行md5加密再校验 + * @return array + */ private function storeLogin($data,$md5 = true) { $auth = new AuthenticationService(); @@ -197,7 +220,7 @@ class Account extends AbstractEventManager implements ServiceManagerAwareInterfa 'success'=>1, 'user' => $user ); - } + }//storeLogin public function cookieLogin($data) {