westdc-core/Westdc/Member/Account.php

399 lines
9.8 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace Westdc\Member;
use Zend\ServiceManager\ServiceManager;
use Zend\ServiceManager\ServiceManagerAwareInterface;
use Westdc\EventModel\AbstractEventManager;
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Storage\Session as SessionStorage;
use Zend\Authentication\Adapter\DbTable;
use Westdc\Helpers\Assist as view;
use Westdc\Helpers\Config;
use Westdc\Helpers\Dbh as dbh;
use Westdc\Db\Db as Zend_Db;
use Westdc\Mail\Mail;
use Westdc\User\Member;
class Account extends AbstractEventManager implements ServiceManagerAwareInterface
{
public $memberTable = "tbl_member";
public $FieldUsername = "username";
public $FieldPasword = "password";
public $FieldLastlogin = "ts_last_login";
public $FieldEmail = "email";
public $FieldLastloginIp = "last_login_ip";
public $GravatarEmailField = "gravatar_email";
public $RoleMember = "member";
private $db;
protected $events = NULL; //事件
private $config;
function __construct()
{
$this->config = Config::get();
}
public function init()
{
$dbService = $this->serviceManager->get('Db');
$this->db = $dbService->getPdo();
}
public function setServiceManager(ServiceManager $serviceManager)
{
$this->serviceManager = $serviceManager;
$this->init();
return $this;
}
//获取账号信息,数组
public function getAccountInfo($id = 0)
{
if($id == 0)
{
$id = view::User('id');
}
$sql = "SELECT * FROM {$this->memberTable} WHERE id=$id";
$rs = $this->db->query($sql);
return $rs->fetch();
}
/**
* 用户注册
* @param $data
* @return array
*/
public function register($data)
{
$params = compact('data');
$results = $this->getEventManager()->trigger('register.pre', $this, $params);
$cache_data = $results->last();
if($cache_data !== true)
{
if(!is_array($cache_data))
{
return array('error'=>$cache_data);
}else{
return $cache_data;
}
}
/**
* 将数据分为两组,一组用于做注册成功后的登陆,一组用于写入数据库
* 写入数据库的数据需要完全重建一个新的,防止因为前端传入时有人恶意增加字段造成破坏
*/
$loginData = array(
'username'=>$data['username'],
'password'=>$data['password']
);
$registerData = [
'username' => $data['username'],
'password' => md5($data['password']),
'usertype' => 'guest',
'email' => $data['email'],
'realname' => $data['realname'],
'unit' => $data['unit'],
'address' => $data['address'],
'project' => $data['project'],
'phone' => $data['phone'],
'project_id' => $data['project_id'],
'project_type' => $data['project_type'],
'project_title' => $data['project_title'],
'project_leader' => $data['project_leader'],
];
$dbh = new dbh();
$id = $dbh->insert($this->memberTable,$registerData,true);
if(!empty($id) && is_numeric($id))
{
$this->storeLogin($loginData);
if(isset($state['success']))
{
//$mb = new Member();
//$mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]);
}
$data = $registerData;
$params = compact('data','id');
$this->getEventManager()->trigger('register.success', $this, $params);
return array("success" => 1);
}else{
if($id === false)
{
return array('error'=>'服务器开小差了,请稍后再试');
}else{
return array('error'=>'服务器处理中遇到错误,请联系管理员');
}
}
}//register
/**
* 用户登陆
* @param $data
* @return array
*/
public function login($data)
{
$results = $this->getEventManager()->trigger('login.pre', $this, compact('data'));
$cache_data = $results->last();
if($cache_data !== true)
{
if(!is_array($cache_data))
{
return array('error'=>$cache_data);
}else{
return $cache_data;
}
}
$state = $this->storeLogin($data);
if(isset($state['success']))
{
//$mb = new Member();
//$mb->putcookie($data[$this->FieldUsername],$data[$this->FieldPasword]);
$user = (array)$state['user'];
$this->getEventManager()->trigger('login.success', $this, compact('user'));
}else{
$this->getEventManager()->trigger('login.failed', $this, compact('data'));
}
return $state;
}//login
/**
* 存储用户登陆信息
* 为了防止login中的用户信息检查不规范再加入一层内置的数据库权限检查以防通过漏洞登入系统
* @param $data
* @param bool $md5 是否对密码进行md5加密再校验
* @return array
*/
private function storeLogin($data,$md5 = true)
{
$auth = new AuthenticationService();
$auth->setStorage(new SessionStorage($this->config->session_namespace));
new Zend_Db($dbAdapter);
$authAdapter = new DbTable(
$dbAdapter,
'users',
'username',
'password'
);
if($md5 === true)
{
$password = md5($data['password']);
}else{
$password = $data['password'];
}
$authAdapter
->setIdentity($data['username'])
->setCredential($password)
;
$result = $authAdapter->authenticate();
if(!$result->isValid())
{
return array("error"=>"用户信息验证失败");
}
$user = $authAdapter->getResultRowObject(null,array('password'));
$auth->getStorage()->write($user);
return array(
'success'=>1,
'user' => $user
);
}//storeLogin
public function cookieLogin($data)
{
return $this->storeLogin($data,false);
}
//注册信息参数
public function getParam(\Zend_Controller_Request_Abstract $request)
{
$data = array(
'username'=>$request->getParam('username'),
'password'=>$request->getParam('password'),
'confirm_password'=>$request->getParam('confirm_password'),
'email'=>$request->getParam('email'),
'realname'=>$request->getParam('realname')
);
return $data;
}
//获取用户账户修改参数
public function getEditParam($request)
{
$request = new \Zend\Http\PhpEnvironment\Request;
$type = $request->getPost('type');
if($type == "general")
{
$data = array(
'realname'=>$request->getPost('realname'),
'signature'=>$request->getPost('signature'),
'description'=>$request->getPost('description')
);
}
if($type == "password")
{
$data = array(
'password' => $request->getPost('password'),
'password_new'=>$request->getPost('password_new'),
'password_confirm'=>$request->getPost('password_confirm')
);
}
return $data;
}
//编辑
public function edit($data,$type)
{
$results = $this->getEventManager()->trigger('edit.checkParam', $this, compact('data','type'));
$cache_data = $results->last();
if($cache_data !== true)
{
return $cache_data;
}
if($type == "general")
{
$data['signature'] = htmlspecialchars($data['signature']);
$data['description'] = htmlspecialchars($data['description']);
}else if($type == "password")
{
$data['password'] = md5($data['password_new']);
unset($data['password_new']);
unset($data['password_confirm']);
}else{
return "参数错误";
}
$dbh = new dbh();
$uid = view::User('id');
if($dbh->update($this->memberTable,$data," id=$uid") === true)
{
return true;
}else{
return false;
}
}
//找回密码
public function getMyPassword($email)
{
$pwdListener = new PwdListener;
$this->getEventManager()->attachAggregate($pwdListener);
$results = $this->getEventManager()->trigger('pwd.forgot.checkParam', $this, compact('email'));
$cache_data = $results->last();
if($cache_data !== true)
{
return $cache_data;
}
$sql = "SELECT * FROM {$this->memberTable} WHERE email='$email'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(!isset($row['username']) || empty($row['username']))
{
return array('error'=>"此邮箱并未注册",'place'=>'email');
}
$salt = md5($email.'---'.$row['username']);
$sql = "UPDATE {$this->memberTable} SET salt='$salt' WHERE id={$row['id']}";
$state = $this->db->exec($sql);
if($state<1)
{
return array('error'=>"处理中出现错误,请重试",'place'=>'email');
}
$mail_template = "forgotpassword";
$mail_data = array(
'name'=>$row['realname'],
'link'=> view::getHostLink().'/account/getpassword/?salt='.$salt
);
try{
$mail = new Mail();
$mail->loadTemplate($mail_template,$mail_data);
$mail->addTo($email,$row['realname']);
$mail->send();
}catch(Exception $e)
{
echo "".$e->getMessage();
}
return array("success"=>1);
}
//重置密码
public function resetPassword($data)
{
$results = $this->getEventManager()->trigger('pwd.reset.checkParam', $this, compact('data'));
$cache_data = $results->last();
if($cache_data !== true)
{
return $cache_data;
}
$sql = "SELECT * FROM {$this->memberTable} WHERE salt=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($data['salt']));
$row = $sth->fetch();
if(!isset($row['username']) || empty($row['username']))
{
return array('error'=>"您提供的校验码不正确,请重新申请重置密码",'place'=>'confirm_password');
}
if($row['username'] !== $data['username'])
{
return array('error'=>"您提供的校验码不正确,请重新申请重置密码",'place'=>'confirm_password');
}
$sql = "UPDATE {$this->memberTable} SET password='".md5($data['password'])."',salt='' WHERE id={$row['id']}";
$this->db->exec($sql);
$mail_template = "getpassworded";
$mail_data = array(
'name'=>$row['realname'],
);
$mail = new Mail();
$mail->loadTemplate($mail_template,$mail_data);
$mail->addTo($row['email'],$row['realname']);
$mail->send();
return true;
}
}