bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
westdc-zf1/application/default/controllers/AccountController.php

723 lines
18 KiB
PHP
Raw Normal View History

2012-11-21 07:17:05 +00:00
<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$reg = $this->_request->getParam('submit');
if(!empty($reg))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
try{
$username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8');
$name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$postcode = mb_substr(trim($this->_request->getParam('postcode')),0,10,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8');
$password_confirm = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8');
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(strlen($username)<6)
{
echo box::warning('用户名不能少于6个字符');
exit();
}
if(strlen($username)>20)
{
echo box::warning('用户名不能超过20个字符');
exit();
}
if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username))
{
echo box::warning("用户名只能包含英文字母及数字");
exit();
}
if(strlen($name)<2)
{
echo box::warning("姓名太短");
exit();
}
if(strlen($name)>32)
{
echo box::warning("姓名太长");
exit();
}
if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name))
{
echo box::warning("姓名中包含非法字符");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone))
{
echo box::warning("请输入正确的电话号码");
exit();
}
if(!empty($postcode) && !is_numeric($postcode))
{
echo box::warning("请输入正确的邮政编码");
exit();
}
if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit))
{
echo box::warning("输入的内容中包含非法字符");
exit();
}
if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address))
{
echo box::warning("地址中包含非法字符");
exit();
}
$match = "/[\"|'|\\\]/i";
if(preg_match($match,$password) || preg_match($match,$password_confirm))
{
echo box::warning("密码中包含非法字符,请重新输入");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(strlen($password)<6)
{
echo box::warning("密码太短");
exit();
}
if(strlen($password)>20)
{
echo box::warning("密码长度不能超过20个字符");
exit();
}
if($password!==$password_confirm)
{
echo box::warning("两次输入的密码不同");
exit();
}
$sql = "select id from users where username like '%$username%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该用户名已经被占用,请更换");
exit();
}
$sql = "select id from users where email like '%$email%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该Email已经被使用请更换");
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
$sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,postcode,usertype)
VALUES (?,?,?,?,?,?,?,?,?,?)";
$sth = $this->db->prepare($sql);
$ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,$postcode,'member'));
//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
// VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
//$ec = $this->db->exec($sql);
if($ec)
{
$this->login($username,md5($password));
echo box::success("<script>$('#signup').hide();$('#info').html('注册成功!<br /><a href=\"\/\">网站首页</a> <a href=\"\/account\/edit\">我的帐号</a>')</script>");
exit();
}
else
{
echo box::warning("处理中发生错误,请重试");
exit();
}
}catch(Exception $e){
echo box::warning("发生错误:".$e->getMessage());
exit();
}
}//ajax 注册
}
function editAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
}
function saveoptAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$opt = $this->_request->getParam('opt');
include_once('ajax/box.php');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
else
{
echo "You must log in";
exit();
}
if($opt == 'general')
{
$realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$postcode = mb_substr(trim((int)$this->_request->getParam('postcode')),0,10,'utf-8');
try{
if(empty($realname))
{
echo box::warning("请输入姓名");
exit();
}
$sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project',postcode='$postcode' WHERE id='{$rows['id']}'";
if($this->db->query($sql))
{
echo box::success("保存成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch (Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else if ($opt == 'email')
{
$email = substr(trim($this->_request->getParam('email')),0,100);
$password = trim($this->_request->getParam('password'));
try{
if(empty($email))
{
echo box::warning("请输入电子邮件地址");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的电子邮件地址");
exit();
}
if(md5($password)!==$rows['password']){
echo box::warning("密码错误");
exit();
}
$sql = "UPDATE users SET email='$email' where id='{$rows['id']}'";
if($this->db->query($sql))
{
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else if ($opt == 'password')
{
$password = trim($this->_request->getParam('password'));
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
$match = "/[\"|'|\\\]/i";
if(empty($password))
{
echo box::warning("请输入当前密码");
exit();
}
if(empty($password_new))
{
echo box::warning("请输入新密码");
exit();
}
if($password==$password_new)
{
echo box::warning("新密码不能与当前的密码相同");
exit();
}
if(empty($password_confirm))
{
echo box::warning("请再次输入新密码");
exit();
}
if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password))
{
echo box::warning("您输入的内容中包含非法字符");
exit();
}
if(strlen($password_new)<6)
{
echo box::warning("新密码太短");
exit();
}
if(strlen($password_new)>20)
{
echo box::warning("新密码太长");
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo box::warning("您两次输入的新密码不同");
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'";
if($this->db->query($sql))
{
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else
{
exit();
}
} //saveopt ajax修改用户信息
function loginAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$href = $this->_getParam('href');
if(!empty($href))
{
$this->view->href = $href;
}
if($_SERVER['REQUEST_URI']!='/account/login')
{
$this->view->href = $_SERVER['REQUEST_URI'];
}
}
function dologinAction(){
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$submit = $this->_request->getParam('submit');
if(!empty($submit))
{
$success=false;
$message='';
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(empty($username))
{
echo box::warning('请输入用户名');
exit();
}
if(empty($password))
{
echo box::warning('请输入密码');
exit();
}
if(empty($vdcode))
{
echo box::warning('请输入验证码');
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
if (!$this->login($username,$password))
{
echo box::error('用户名或密码错误');
exit();
}
else
{
$href = $this->_getParam('href');
if(!empty($href))
{
$tohref = $href;
}else{
$tohref = "/";
}
echo box::success('登录成功,<a href="'.$tohref.'">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\''.$tohref.'\';",2000);</script>');
exit();
}
}
}
function logoutAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$auth->clearIdentity();
require_once 'member.php';
member::flushcookie();
$this->_redirect('/');
}
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u));
if ($this->_request->getParam('remember')) {
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
return true;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$db=Zend_Registry::get('db');
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$email = $this->_request->getParam('email');
include_once('ajax/box.php');
if(empty($email))
{
echo box::warning('请输入要找回密码的账户所对应的Email地址');
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
$sql = "SELECT * FROM users WHERE email=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($email));
$row = $sth->fetch();
if($row['id']=='')
{
echo box::error("未找到对应用户");
exit();
}
//email the url to user
$username=$row['username'];
$sql="update users set activation=? where email=?";
$uid=uniqid();
$link = "http://".$_SERVER ['HTTP_HOST']."/account/getpasswd?a=$uid&u=$username";
$this->db->query($sql,array($uid,$email));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('link' => $link)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,$this->view->config->service->poster);
$mail->setSubject($mailtp->getSubject());
$mail->addTo($email);
@$mail->send();
echo box::success('请查看已经发送至您邮箱中的激活链接');
exit();
}// function fetchpwdAction()
function getpasswdAction(){
$ac = $this->_getParam('ac');
$activation = $this->_getParam('a');
$uid = $this->_getParam('u');
if(empty($ac))
{
$this->view->resetid = $activation;
$this->view->uid = $uid;
}
//echo $ac.$activation.$uid;exit();
if($ac == 'set' && !empty($activation) && !empty($uid))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$sql = "SELECT * FROM users WHERE activation=? AND username=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($activation,$uid));
$row = $sth->fetch();
if(empty($row['id']))
{
echo box::warning("操作失败,您的访问中出现问题");
exit();
}
else
{
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
include_once("ajax/box.php");
$match = "/[\"|'|\\\]/i";
if(empty($password_new))
{
echo box::warning("请输入新密码");
exit();
}
if(empty($password_confirm))
{
echo box::warning("请再次输入新密码");
exit();
}
if(preg_match($match,$password_new) || preg_match($match,$password_confirm))
{
echo box::warning("您输入的内容中包含非法字符");
exit();
}
if(strlen($password_new)<6)
{
echo box::warning("新密码太短");
exit();
}
if(strlen($password_new)>20)
{
echo box::warning("新密码太长");
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo box::warning("您两次输入的新密码不同");
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$uid' AND activation='$activation'";
if($this->db->query($sql))
{
$sql = "UPDATE users SET activation='' WHERE username='$uid' AND activation='$activation'";
$this->db->query($sql);
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
}
}
}