config = Config::get(); } public function init() { $dbService = $this->serviceManager->get('Db'); $this->db = $dbService->getPdo(); } public function setServiceManager(ServiceManager $serviceManager) { $this->serviceManager = $serviceManager; $this->init(); return $this; } //获取账号信息,数组 public function getAccountInfo($id = 0) { if($id == 0) { $id = view::User('id'); } $sql = "SELECT * FROM {$this->memberTable} WHERE id=$id"; $rs = $this->db->query($sql); return $rs->fetch(); } /** * 用户注册 * @param $data * @return array */ public function register($data) { $params = compact('data'); $results = $this->getEventManager()->trigger('register.pre', $this, $params); $cache_data = $results->last(); if($cache_data !== true) { if(!is_array($cache_data)) { return array('error'=>$cache_data); }else{ return $cache_data; } } /** * 将数据分为两组,一组用于做注册成功后的登陆,一组用于写入数据库 * 写入数据库的数据需要完全重建一个新的,防止因为前端传入时有人恶意增加字段造成破坏 */ $loginData = array( 'username'=>$data['username'], 'password'=>$data['password'] ); $registerData = [ 'username' => $data['username'], 'password' => md5($data['password']), 'usertype' => $this->RoleMember, 'email' => $data['email'], ]; $dbh = new dbh(); $id = $dbh->insert($this->memberTable,$registerData,true); if(!empty($id) && is_numeric($id)) { $this->storeLogin($loginData); if(isset($state['success'])) { $mb = new Member(); $mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]); } $params = compact('data','id'); $this->getEventManager()->trigger('register.success', $this, $params); return array("success" => 1); }else{ if($id === false) { return array('error'=>'服务器开小差了,请稍后再试'); }else{ return array('error'=>'服务器处理中遇到错误,请联系管理员'); } } }//register /** * 用户登陆 * @param $data * @return array */ public function login($data) { $results = $this->getEventManager()->trigger('login.pre', $this, compact('data')); $cache_data = $results->last(); if($cache_data !== true) { if(!is_array($cache_data)) { return array('error'=>$cache_data); }else{ return $cache_data; } } $state = $this->storeLogin($data); if(isset($state['success'])) { $mb = new Cookie(); $mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]); $user = (array)$state['user']; $this->getEventManager()->trigger('login.success', $this, compact('user')); }else{ $this->getEventManager()->trigger('login.failed', $this, compact('data')); } return $state; }//login /** * 存储用户登陆信息 * 为了防止login中的用户信息检查不规范,再加入一层内置的数据库权限检查,以防通过漏洞登入系统 * @param $data * @param bool $md5 是否对密码进行md5加密再校验 * @return array */ private function storeLogin($data,$md5 = true) { $auth = new AuthenticationService(); $auth->setStorage(new SessionStorage($this->config->session_namespace)); new Zend_Db($dbAdapter); $authAdapter = new DbTable( $dbAdapter, 'users', 'username', 'password' ); if($md5 === true) { $password = md5($data['password']); }else{ $password = $data['password']; } $authAdapter ->setIdentity($data['username']) ->setCredential($password) ; $result = $authAdapter->authenticate(); if(!$result->isValid()) { return array("error"=>"用户信息验证失败"); } $user = $authAdapter->getResultRowObject(null,array('password')); $auth->getStorage()->write($user); return array( 'success'=>1, 'user' => $user ); }//storeLogin public function cookieLogin($data) { return $this->storeLogin($data,false); } //注册信息参数 public function getParam(\Zend_Controller_Request_Abstract $request) { $data = array( 'username'=>$request->getParam('username'), 'password'=>$request->getParam('password'), 'confirm_password'=>$request->getParam('confirm_password'), 'email'=>$request->getParam('email'), 'realname'=>$request->getParam('realname') ); return $data; } //获取用户账户修改参数 public function getEditParam($request) { $request = new \Zend\Http\PhpEnvironment\Request; $type = $request->getPost('type'); if($type == "general") { $data = array( 'realname'=>$request->getPost('realname'), 'signature'=>$request->getPost('signature'), 'description'=>$request->getPost('description') ); } if($type == "password") { $data = array( 'password' => $request->getPost('password'), 'password_new'=>$request->getPost('password_new'), 'password_confirm'=>$request->getPost('password_confirm') ); } return $data; } //编辑 public function edit($data,$type) { $results = $this->getEventManager()->trigger('edit.checkParam', $this, compact('data','type')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } if($type == "general") { $data['signature'] = htmlspecialchars($data['signature']); $data['description'] = htmlspecialchars($data['description']); }else if($type == "password") { $data['password'] = md5($data['password_new']); unset($data['password_new']); unset($data['password_confirm']); }else{ return "参数错误"; } $dbh = new dbh(); $uid = view::User('id'); if($dbh->update($this->memberTable,$data," id=$uid") === true) { return true; }else{ return false; } } //找回密码 public function getMyPassword($email) { $pwdListener = new PwdListener; $this->getEventManager()->attachAggregate($pwdListener); $results = $this->getEventManager()->trigger('pwd.forgot.checkParam', $this, compact('email')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } $sql = "SELECT * FROM {$this->memberTable} WHERE email='$email'"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(!isset($row['username']) || empty($row['username'])) { return array('error'=>"此邮箱并未注册",'place'=>'email'); } $salt = md5($email.'---'.$row['username']); $sql = "UPDATE {$this->memberTable} SET salt='$salt' WHERE id={$row['id']}"; $state = $this->db->exec($sql); if($state<1) { return array('error'=>"处理中出现错误,请重试",'place'=>'email'); } $mail_template = "forgotpassword"; $mail_data = array( 'name'=>$row['realname'], 'link'=> view::getHostLink().'/account/getpassword/?salt='.$salt ); try{ $mail = new Mail(); $mail->loadTemplate($mail_template,$mail_data); $mail->addTo($email,$row['realname']); $mail->send(); }catch(Exception $e) { echo "".$e->getMessage(); } return array("success"=>1); } //重置密码 public function resetPassword($data) { $results = $this->getEventManager()->trigger('pwd.reset.checkParam', $this, compact('data')); $cache_data = $results->last(); if($cache_data !== true) { return $cache_data; } $sql = "SELECT * FROM {$this->memberTable} WHERE salt=?"; $sth = $this->db->prepare($sql); $sth->execute(array($data['salt'])); $row = $sth->fetch(); if(!isset($row['username']) || empty($row['username'])) { return array('error'=>"您提供的校验码不正确,请重新申请重置密码",'place'=>'confirm_password'); } if($row['username'] !== $data['username']) { return array('error'=>"您提供的校验码不正确,请重新申请重置密码",'place'=>'confirm_password'); } $sql = "UPDATE {$this->memberTable} SET password='".md5($data['password'])."',salt='' WHERE id={$row['id']}"; $this->db->exec($sql); $mail_template = "getpassworded"; $mail_data = array( 'name'=>$row['realname'], ); $mail = new Mail(); $mail->loadTemplate($mail_template,$mail_data); $mail->addTo($row['email'],$row['realname']); $mail->send(); return true; } }