config = Config::get(); } public function init () { $dbService = $this->serviceManager->get('Db'); $this->db = $dbService->getPdo(); } public function setServiceManager (ServiceManager $serviceManager) { $this->serviceManager = $serviceManager; $this->init(); return $this; } //获取账号信息,数组 public function getAccountInfo ($id = 0) { if($id == 0) { $id = view::User('id'); } $sql = "SELECT * FROM {$this->memberTable} WHERE id=$id"; $rs = $this->db->query($sql); return $rs->fetch(); } /** * 用户注册 * @param $data * @return array */ public function register ($data) { $params = compact('data'); $results = $this->getEventManager()->trigger('register.pre', $this, $params); $cache_data = $results->last(); if($cache_data !== true) { if(!is_array($cache_data)) { return array('error' => $cache_data); } else { return $cache_data; } } /** * 将数据分为两组，一组用于做注册成功后的登陆，一组用于写入数据库 * 写入数据库的数据需要完全重建一个新的，防止因为前端传入时有人恶意增加字段造成破坏 */ $loginData = array( 'username' => $data['username'], 'password' => $data['password'] ); $registerData = [ 'username' => $data['username'], 'password' => md5($data['password']), 'usertype' => $this->RoleMember, 'email' => $data['email'], 'realname' => $data['realname'], 'phone' => $data['phone'], 'unit' => $data['unit'], 'address' => $data['address'] ]; // $dbh = new TableGateway($this->memberTable, Zend_Db::getInstance()); // $results = $dbh->insert($registerData); $dbh = new dbh(); $id = $dbh->insert($this->memberTable, $registerData, true); if(!empty($id) && is_numeric($id)) { $this->storeLogin($loginData); if(isset($state['success'])) { $mb = new Member(); $mb->putcookie($data[$this->FieldUsername], $data[$this->FieldPasword]); } $params = compact('data', 'id'); $this->getEventManager()->trigger('register.success', $this, $params); return array("success" => 1); } else { if($id === false) { return array('error' => '服务器开小差了，请稍后再试'); } else { return array('error' => '服务器处理中遇到错误，请联系管理员'); } } }//register /** * 用户登陆 * @param $data * @return array */ public function login ($data) { $results = $this->getEventManager()->trigger('login.pre', $this, compact('data')); $cache_data = $results->last(); if($cache_data !== true) { if(!is_array($cache_data)) { return array('error' => $cache_data); } else { return $cache_data; } } $state = $this->storeLogin($data); if(isset($state['success'])) { $mb = new Cookie(); $mb->putcookie($data[$this->FieldUsername], $data[$this->FieldPasword]); $user = (array)$state['user']; $this->getEventManager()->trigger('login.success', $this, compact('user')); } else { $this->getEventManager()->trigger('login.failed', $this, compact('data')); } return $state; }//login /** * 存储用户登陆信息 * 为了防止login中的用户信息检查不规范，再加入一层内置的数据库权限检查，以防通过漏洞登入系统 * @param $data * @param bool $md5 是否对密码进行md5加密再校验 * @return array */ private function storeLogin ($data, $md5 = true) { $auth = new AuthenticationService(); $auth->setStorage(new SessionStorage($this->config->session_namespace)); $dbAdapter = Zend_Db::getInstance(); $authAdapter = new DbTable($dbAdapter, 'users', 'username', 'password'); if($md5 === true) { $password = md5($data['password']); } else { $password = $data['password']; } $authAdapter->setIdentity($data['username'])->setCredential($password); $result = $authAdapter->authenticate(); if(!$result->isValid()) { return array("error" => "用户信息验证失败"); } $user = $authAdapter->getResultRowObject(null, array('password')); $auth->getStorage()->write($user); return array( 'success' => 1, 'user' => $user ); }//storeLogin public function cookieLogin ($data) { return $this->storeLogin($data, false); } //注册信息参数 public function getParam (\Zend_Controller_Request_Abstract $request) { $data = array( 'username' => $request->getParam('username'), 'password' => $request->getParam('password'), 'confirm_password' => $request->getParam('confirm_password'), 'email' => $request->getParam('email'), 'realname' => $request->getParam('realname'), 'phone' => $request->getParam('phone'), 'unit' => $request->getParam('unit'), 'address' => $request->getParam('address') ); return $data; } //获取用户账户修改参数 public function getEditParam ($request) { $request = new \Zend\Http\PhpEnvironment\Request; $type = $request->getPost('type'); if($type == "general") { $data = array( 'realname' => $request->getPost('realname'), 'signature' => $request->getPost('signature'), 'description' => $request->getPost('description') ); } if($type == "password") { $data = array( 'password' => $request->getPost('password'), 'password_new' => $request->getPost('password_new'), 'password_confirm' => $request->getPost('password_confirm') ); } return $data; } //编辑 public function edit ($data, $type) { $results = $this->getEventManager()->trigger('edit.checkParam', $this, compact('data', 'type')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } if($type == "general") { $data['signature'] = htmlspecialchars($data['signature']); $data['description'] = htmlspecialchars($data['description']); } else { if($type == "password") { $data['password'] = md5($data['password_new']); unset($data['password_new']); unset($data['password_confirm']); } else { return "参数错误"; } } $dbh = new dbh(); $uid = view::User('id'); if($dbh->update($this->memberTable, $data, " id=$uid") === true) { return true; } else { return false; } } //找回密码 public function getMyPassword ($email) { $pwdListener = new PwdListener; $this->getEventManager()->attachAggregate($pwdListener); $results = $this->getEventManager()->trigger('pwd.forgot.checkParam', $this, compact('email')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } $sql = "SELECT * FROM {$this->memberTable} WHERE email='$email'"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(!isset($row['username']) || empty($row['username'])) { return array( 'error' => "此邮箱并未注册", 'place' => 'email' ); } $salt = md5($email.'---'.$row['username']); $sql = "UPDATE {$this->memberTable} SET salt='$salt' WHERE id={$row['id']}"; $state = $this->db->exec($sql); if($state < 1) { return array( 'error' => "处理中出现错误，请重试", 'place' => 'email' ); } $mail_template = "forgotpassword"; $mail_data = array( 'name' => $row['realname'], 'link' => view::getHostLink().'/account/getpassword/?salt='.$salt ); try { $mail = new Mail(); $mail->loadTemplate($mail_template, $mail_data); $mail->addTo($email, $row['realname']); $mail->send(); } catch (Exception $e) { echo "".$e->getMessage(); } return array("success" => 1); } //重置密码 public function resetPassword ($data) { $results = $this->getEventManager()->trigger('pwd.reset.checkParam', $this, compact('data')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } $sql = "SELECT * FROM {$this->memberTable} WHERE salt=?"; $sth = $this->db->prepare($sql); $sth->execute(array($data['salt'])); $row = $sth->fetch(); if(!isset($row['username']) || empty($row['username'])) { return array( 'error' => "您提供的校验码不正确，请重新申请重置密码", 'place' => 'confirm_password' ); } if($row['username'] !== $data['username']) { return array( 'error' => "您提供的校验码不正确，请重新申请重置密码", 'place' => 'confirm_password' ); } $sql = "UPDATE {$this->memberTable} SET password='".md5($data['password'])."',salt='' WHERE id={$row['id']}"; $this->db->exec($sql); $mail_template = "getpassworded"; $mail_data = array( 'name' => $row['realname'], ); $mail = new Mail(); $mail->loadTemplate($mail_template, $mail_data); $mail->addTo($row['email'], $row['realname']); $mail->send(); return true; } }