westdc-core/Westdc/Member/Account.php

<?php
namespace Westdc\Member;

use Zend\ServiceManager\ServiceManager;
use Zend\ServiceManager\ServiceManagerAwareInterface;
use Westdc\EventModel\AbstractEventManager;
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Storage\Session as SessionStorage;
use Zend\Authentication\Adapter\DbTable;
use Westdc\Helpers\Assist as view;
use Westdc\Helpers\Config;
use Westdc\Db\Dbh as dbh;
use Westdc\Db\Db as Zend_Db;
use Zend\Db\TableGateway\TableGateway;

class Account extends AbstractEventManager implements ServiceManagerAwareInterface {
	public $memberTable        = "users";
	public $FieldUsername      = "username";
	public $FieldPasword       = "password";
	public $FieldLastlogin     = "ts_last_login";
	public $FieldEmail         = "email";
	public $FieldLastloginIp   = "last_login_ip";
	public $GravatarEmailField = "gravatar_email";

	public $RoleMember = "member";

	private   $db;
	protected $events = NULL;        //事件
	private   $config;

	function __construct () {
		$this->config = Config::get();
	}

	public function init () {
		$dbService = $this->serviceManager->get('Db');
		$this->db = $dbService->getPdo();
	}

	public function setServiceManager (ServiceManager $serviceManager) {
		$this->serviceManager = $serviceManager;

		$this->init();

		return $this;
	}

	//获取账号信息,数组
	public function getAccountInfo ($id = 0) {
		if($id == 0) {
			$id = view::User('id');
		}
		$sql = "SELECT * FROM {$this->memberTable} WHERE id=$id";
		$rs = $this->db->query($sql);

		return $rs->fetch();
	}

	/**
	 * 用户注册
	 * @param $data
	 * @return array
	 */
	public function register ($data) {
		$params = compact('data');
		$results = $this->getEventManager()->trigger('register.pre', $this, $params);
		$cache_data = $results->last();

		if($cache_data !== true) {
			if(!is_array($cache_data)) {
				return array('error' => $cache_data);
			}
			else {
				return $cache_data;
			}
		}

		/**
		 * 将数据分为两组，一组用于做注册成功后的登陆，一组用于写入数据库
		 * 写入数据库的数据需要完全重建一个新的，防止因为前端传入时有人恶意增加字段造成破坏
		 */
		$loginData = array(
			'username' => $data['username'],
			'password' => $data['password']
		);

		$registerData = [
			'username' => $data['username'],
			'password' => md5($data['password']),
			'usertype' => $this->RoleMember,
			'email'    => $data['email'],
			'realname'    => $data['realname'],
			'phone'    => $data['phone'],
			'unit'    => $data['unit'],
			'address'    => $data['address']
		];

//		$dbh = new TableGateway($this->memberTable, Zend_Db::getInstance());
//		$results = $dbh->insert($registerData);

		$dbh = new dbh();
		$id = $dbh->insert($this->memberTable, $registerData, true);

		if(!empty($id) && is_numeric($id)) {
			$this->storeLogin($loginData);

			if(isset($state['success'])) {
				$mb = new Member();
				$mb->putcookie($data[$this->FieldUsername], $data[$this->FieldPasword]);
			}

			$params = compact('data', 'id');
			$this->getEventManager()->trigger('register.success', $this, $params);

			return array("success" => 1);
		}
		else {
			if($id === false) {
				return array('error' => '服务器开小差了，请稍后再试');
			}
			else {
				return array('error' => '服务器处理中遇到错误，请联系管理员');
			}
		}

	}//register

	/**
	 * 用户登陆
	 * @param $data
	 * @return array
	 */
	public function login ($data) {
		$results = $this->getEventManager()->trigger('login.pre', $this, compact('data'));
		$cache_data = $results->last();

		if($cache_data !== true) {
			if(!is_array($cache_data)) {
				return array('error' => $cache_data);
			}
			else {
				return $cache_data;
			}
		}

		$state = $this->storeLogin($data);

		if(isset($state['success'])) {
			$mb = new Cookie();
			$mb->putcookie($data[$this->FieldUsername], $data[$this->FieldPasword]);

			$user = (array)$state['user'];
			$this->getEventManager()->trigger('login.success', $this, compact('user'));
		}
		else {
			$this->getEventManager()->trigger('login.failed', $this, compact('data'));
		}

		return $state;
	}//login

	/**
	 * 存储用户登陆信息
	 * 为了防止login中的用户信息检查不规范，再加入一层内置的数据库权限检查，以防通过漏洞登入系统
	 * @param $data
	 * @param bool $md5 是否对密码进行md5加密再校验
	 * @return array
	 */
	private function storeLogin ($data, $md5 = true) {
		$auth = new AuthenticationService();
		$auth->setStorage(new SessionStorage($this->config->session_namespace));

		$dbAdapter = Zend_Db::getInstance();

		$authAdapter = new DbTable($dbAdapter, 'users', 'username', 'password');

		if($md5 === true) {
			$password = md5($data['password']);
		}
		else {
			$password = $data['password'];
		}

		$authAdapter->setIdentity($data['username'])->setCredential($password);

		$result = $authAdapter->authenticate();

		if(!$result->isValid()) {
			return array("error" => "用户信息验证失败");
		}

		$user = $authAdapter->getResultRowObject(null, array('password'));
		$auth->getStorage()->write($user);

		return array(
			'success' => 1,
			'user'    => $user
		);
	}//storeLogin

	public function cookieLogin ($data) {
		return $this->storeLogin($data, false);
	}

	//注册信息参数
	public function getParam (\Zend_Controller_Request_Abstract $request) {
		$data = array(
			'username'         => $request->getParam('username'),
			'password'         => $request->getParam('password'),
			'confirm_password' => $request->getParam('confirm_password'),
			'email'            => $request->getParam('email'),
			'realname'         => $request->getParam('realname'),
			'phone'            => $request->getParam('phone'),
			'unit'             => $request->getParam('unit'),
			'address'          => $request->getParam('address')
		);

		return $data;
	}

	//获取用户账户修改参数
	public function getEditParam ($request) {
		$request = new \Zend\Http\PhpEnvironment\Request;

		$type = $request->getPost('type');

		if($type == "general") {
			$data = array(
				'realname'    => $request->getPost('realname'),
				'signature'   => $request->getPost('signature'),
				'description' => $request->getPost('description')
			);
		}

		if($type == "password") {
			$data = array(
				'password'         => $request->getPost('password'),
				'password_new'     => $request->getPost('password_new'),
				'password_confirm' => $request->getPost('password_confirm')
			);
		}

		return $data;
	}

	//编辑
	public function edit ($data, $type) {
		$results = $this->getEventManager()->trigger('edit.checkParam', $this, compact('data', 'type'));
		$cache_data = $results->last();

		if($cache_data !== true) {
			return $cache_data;
		}

		if($type == "general") {
			$data['signature'] = htmlspecialchars($data['signature']);
			$data['description'] = htmlspecialchars($data['description']);
		}
		else {
			if($type == "password") {
				$data['password'] = md5($data['password_new']);
				unset($data['password_new']);
				unset($data['password_confirm']);
			}
			else {
				return "参数错误";
			}
		}

		$dbh = new dbh();
		$uid = view::User('id');
		if($dbh->update($this->memberTable, $data, " id=$uid") === true) {
			return true;
		}
		else {
			return false;
		}
	}

	//找回密码
	public function getMyPassword ($email) {
		$pwdListener = new PwdListener;
		$this->getEventManager()->attachAggregate($pwdListener);

		$results = $this->getEventManager()->trigger('pwd.forgot.checkParam', $this, compact('email'));
		$cache_data = $results->last();

		if($cache_data !== true) {
			return $cache_data;
		}

		$sql = "SELECT * FROM {$this->memberTable} WHERE email='$email'";
		$rs = $this->db->query($sql);
		$row = $rs->fetch();

		if(!isset($row['username']) || empty($row['username'])) {
			return array(
				'error' => "此邮箱并未注册",
				'place' => 'email'
			);
		}

		$salt = md5($email.'---'.$row['username']);

		$sql = "UPDATE {$this->memberTable} SET salt='$salt' WHERE id={$row['id']}";
		$state = $this->db->exec($sql);

		if($state < 1) {
			return array(
				'error' => "处理中出现错误，请重试",
				'place' => 'email'
			);
		}

		$mail_template = "forgotpassword";
		$mail_data = array(
			'name' => $row['realname'],
			'link' => view::getHostLink().'/account/getpassword/?salt='.$salt
		);


		try {
			$mail = new Mail();

			$mail->loadTemplate($mail_template, $mail_data);
			$mail->addTo($email, $row['realname']);
			$mail->send();
		}
		catch (Exception $e) {
			echo "".$e->getMessage();
		}

		return array("success" => 1);
	}

	//重置密码
	public function resetPassword ($data) {
		$results = $this->getEventManager()->trigger('pwd.reset.checkParam', $this, compact('data'));
		$cache_data = $results->last();

		if($cache_data !== true) {
			return $cache_data;
		}

		$sql = "SELECT * FROM {$this->memberTable} WHERE salt=?";
		$sth = $this->db->prepare($sql);
		$sth->execute(array($data['salt']));
		$row = $sth->fetch();

		if(!isset($row['username']) || empty($row['username'])) {
			return array(
				'error' => "您提供的校验码不正确，请重新申请重置密码",
				'place' => 'confirm_password'
			);
		}

		if($row['username'] !== $data['username']) {
			return array(
				'error' => "您提供的校验码不正确，请重新申请重置密码",
				'place' => 'confirm_password'
			);
		}

		$sql = "UPDATE {$this->memberTable} SET password='".md5($data['password'])."',salt='' WHERE id={$row['id']}";
		$this->db->exec($sql);

		$mail_template = "getpassworded";
		$mail_data = array(
			'name' => $row['realname'],
		);
		$mail = new Mail();
		$mail->loadTemplate($mail_template, $mail_data);
		$mail->addTo($row['email'], $row['realname']);
		$mail->send();

		return true;

	}

}