bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
westdc-zf1/application/default/controllers/AccountController.php

601 lines
16 KiB
PHP
Raw Permalink Normal View History

修改跨域登录功能
2014-06-11 01:39:18 +00:00
<?php
use Helpers\View;
use Helpers\Curl;
use Helpers\Captcha;
use Users\Member;
use Users\Account;
use Users\Users;
class AccountController extends Zend_Controller_Action
{
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db = Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
$this->view->theme = new Theme();
}
function indexAction()
{
$this->view->pageID = "account-index";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->info = $usr->getUserInfo($uid);
}
function editAction()
{
$this->view->pageID = "account-edit";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->projectType = array(
"" => '',
"国家973计划项目课题" => "国家973计划项目课题",
"国家863计划课题"=>"国家863计划课题",
"国家级科技支撑课题" => "国家级科技支撑课题",
"国家级科技重大专项" => "国家级科技重大专项",
"国家级国家重大工程" => "国家级国家重大工程",
"国家级国家自然科学基金" => "国家级国家自然科学基金",
"国际合作项目"=>"国际合作项目",
"省部级项目" => "省部级项目",
"其他项目工程" => "其他项目工程"
);
$submit = $this->_getParam('submit');
if(!empty($submit))
{
$data = $this->AccountEditParamFilter();
if($this->db->update("users",$data,"id=$uid"))
{
$this->view->AlertType = "alert-success";
$this->view->msg = "修改成功!";
$this->view->jump_url = "/account/edit";
return true;
}else{
$this->view->AlertType = "alert-error";
$this->view->error = "修改失败,请重试";
$this->view->info = $data;
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}
function AccountEditParamFilter(){
$data = array();
$data['realname'] = substr(trim($this->_getParam('realname')),0,40);
$data['unit'] = substr(trim($this->_getParam('unit')),0,100);
$data['address'] = substr(trim($this->_getParam('address')),0,100);
$data['phone'] = substr(trim($this->_getParam('phone')),0,15);
$data['postcode'] = substr(trim($this->_getParam('postcode')),0,15);
$data['project_type'] = substr(trim($this->_getParam('project_type')),0,100);
$data['project_id'] = substr(trim($this->_getParam('project_id')),0,40);
$data['project_title'] = substr(trim($this->_getParam('project_title')),0,100);
$data['project'] = substr(trim($this->_getParam('project')),0,600);
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function StringFilter($string){
$string = preg_replace ('/<[^>]*>/', ' ', $string);
return $string;
}
function secureAction()
{
$this->view->pageID = "account-secure";
include_once("helper/view.php");
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
$opt = $this->_getParam('opt');
$submit = $this->_getParam('submit');
if(empty($opt))
{
$this->view->section = "password";
if(!empty($submit))
{
$data = $this->AccountSecureParamFilter();
$this->view->AlertType = "alert-error";
if(strlen($data['password'])>18 || strlen($data['new_password'])>18)
{
$this->view->error = view::Error("密码过长");
return true;
}
if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6)
{
$this->view->error = view::Error("密码过短请输入大于6位的密码");
return true;
}
if(md5($data['new_password']) != md5($data['new_password_confrim']))
{
$this->view->error = view::Error("两次输入的密码不相同");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($data['password']) != $row['password'])
{
$this->view->error = view::Error("原密码不正确");
return true;
}
$data['password'] = md5($data['new_password']);
unset($data['new_password']);
unset($data['new_password_confrim']);
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//password
if($opt == "email")
{
$this->view->section = "email";
if(!empty($submit))
{
$email = $this->_getParam('email');
$password = $this->_getParam('password');
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
$this->view->error = view::Error("错误的邮箱格式");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($password) != $row['password'])
{
$this->view->error = view::Error("原密码错误");
return true;
}
$data['email'] = $email;
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//email
}
function AccountSecureParamFilter(){
$data = array();
$data['password'] = trim($this->_getParam('password'));
$data['new_password'] = trim($this->_getParam('new_password'));
$data['new_password_confrim'] = trim($this->_getParam('new_password_confrim'));
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$request = new \Zend_Controller_Request_Http();
if($request->isXmlHttpRequest())
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$account = new Account();
$data = $account->getParam($this->_request);
$result = $account->register($data);
if(!empty($result))
{
$this->jsonexit($result);
return true;
}
$this->jsonexit(array('error'=>'|o| 服务器掉链子了,请重试'));
return true;
}else{
//$this->_helper->layout->disableLayout();
}
$success=false;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/');
$submit = $this->_getParam('submit');
if(!empty($submit))
{
$account = new Account();
$this->view->data = $data = $account->getParam($this->_request);
$result = $account->register($data);
if(!empty($result))
{
if(isset($result['error']))
{
$this->view->place = $result['place'];
$this->view->error = $result['error'];
return true;
}
if(isset($result['success']))
{
$this->_redirect('/');
return true;
}
}else{
$this->view->error = "处理中出现问题";
return true;
}
}
}//用户注册
function loginAction()
{
$request = new \Zend_Controller_Request_Http();
if($request->isXmlHttpRequest())
{
}
$captcha = new Captcha();
$success=false;
$options = array(
'module' => $this->_request->getModuleName(),
'controller' => $this->_request->getControllerName(),
'action' => $this->_request->getActionName(),
);
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
if($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login")
{
$this->_redirect("/");
}else{
$this->_redirect($_SERVER['REQUEST_URI']);
}
}
$tohref = $this->_request->getParam('href');
if($_SERVER['REQUEST_URI'] !== "/account/login")
{
$this->view->href = $_SERVER['REQUEST_URI'];
}else{
$this->view->href = "/";
}
if(!empty($tohref))
{
$this->view->href = $tohref;
}
$submit = $this->_getParam("submit");
if(!empty($submit))
{
增加验证码判断
2014-06-18 14:52:54 +00:00
$captchaword = trim($this->_request->getParam('captcha'));
if($captcha->isValid($captchaword) !== true)
{
$this->view->error = view::Error("验证码错误");
$this->view->captcha = $captcha->setCaptcha();
return true;
}
修改跨域登录功能
2014-06-11 01:39:18 +00:00
$data = array(
'username' => $this->_getParam('username'),
'password' => $this->_getParam('password')
);
$account = new Account();
$result = $account->login($data);
if(!empty($result))
{
if(isset($result['error']))
{
$this->view->error = $result['error'];
$this->view->captcha = $captcha->setCaptcha();
return true;
}
if(isset($result['success']))
{
$this->_redirect($this->view->href);
return true;
}
}else{
$this->view->captcha = $captcha->setCaptcha();
$this->view->error = "处理中出现问题";
return true;
}
}
$this->view->captcha = $captcha->setCaptcha();
}//登陆
function captchaAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$captcha = $this->loadCaptcha();
$url = $this->setCaptcha($captcha,true);
echo $url;
return true;
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
member::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
//头像
include_once("Avatar.php");
$avatar = new Avatar();
$data->avatar = $avatar->Get($data->email,40);
//组ID
include_once("Users.php");
$usr = new Users($db);
$data->gid = $usr->getGroup($data->id);
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
//if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}else
{
return false;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
有人提出了针对此用户名的密码重置请求。
用户名:";
$body.=$username;
$body.="
若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。
";
$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
$mail->setSubject('密码已重置');
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
您的密码已修改。
用户名:";
$body.=$login;
$body.="密码:".$tmp_pwd;
$body.="
http://westdc.westgis.ac.cn/account/login";
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($urow->email);
$mail->setSubject('您的新密码');
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
} //找回密码
/*
//westdc cross doamin login
public function wcdloginAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$id = $this->_getParam('id');
$cert = $this->_getParam('cert');
$account = new Account;
$status = $account->wcdLogin($id,$cert);
if($status == true)
{
echo "login success!";
}else{
echo "error";
}
return;
}
*/
}