westdc-zf1/application/default/controllers/AccountController.php

655 lines
18 KiB
PHP
Raw Normal View History

<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$reg = $this->_request->getParam('submit');
if(!empty($reg))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
try{
$username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8');
$name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8');
$password_confirm = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8');
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(strlen($username)<6)
{
echo box::warning('用户名不能少于6个字符');
exit();
}
if(strlen($username)>20)
{
echo box::warning('用户名不能超过20个字符');
exit();
}
if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username))
{
echo box::warning("用户名只能包含英文字母及数字");
exit();
}
if(strlen($name)<2)
{
echo box::warning("姓名太短");
exit();
}
if(strlen($name)>32)
{
echo box::warning("姓名太长");
exit();
}
if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name))
{
echo box::warning("姓名中包含非法字符");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone))
{
echo box::warning("请输入正确的电话号码");
exit();
}
if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit))
{
echo box::warning("输入的内容中包含非法字符");
exit();
}
if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address))
{
echo box::warning("地址中包含非法字符");
exit();
}
$match = "/[\"|'|\\\]/i";
if(preg_match($match,$password) || preg_match($match,$password_confirm))
{
echo box::warning("密码中包含非法字符,请重新输入");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(strlen($password)<6)
{
echo box::warning("密码太短");
exit();
}
if(strlen($password)>20)
{
echo box::warning("密码长度不能超过20个字符");
exit();
}
if($password!==$password_confirm)
{
echo box::warning("两次输入的密码不同");
exit();
}
$sql = "select id from users where username like '%$username%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该用户名已经被占用,请更换");
exit();
}
$sql = "select id from users where email like '%$email%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该Email已经被使用请更换");
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
$sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,usertype)
VALUES (?,?,?,?,?,?,?,?,?)";
$sth = $this->db->prepare($sql);
$ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,'member'));
//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
// VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
//$ec = $this->db->exec($sql);
if($ec)
{
$this->login($username,md5($password));
echo box::success("<script>$('#signup').hide();$('#info').html('注册成功!<br /><a href=\"\/\">网站首页</a> <a href=\"\/account\/edit\">我的帐号</a>')</script>");
exit();
}
else
{
echo box::warning("An error occurred!Re-try please!");
exit();
}
}catch(Exception $e){
echo box::warning("An error occurred!".$e->getMessage());
exit();
}
}//ajax 注册
}
function editAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
}
function saveoptAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$opt = $this->_request->getParam('opt');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
else
{
echo "You must log in";
exit();
}
if($opt == 'general')
{
$realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
try{
if(empty($realname))
{
echo "Please enter your Name";
exit();
}
$sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project' WHERE id='{$rows['id']}'";
if($this->db->query($sql))
{
echo "Saved!";
exit();
}else{
echo "Failed!";
exit();
}
//Error!Retry please!SQLSTATE[42P02]: Undefined parameter: 7 错误: 没有参数 $1 CONTEXT: Error occurred on dblink connection named "unnamed": could not execute command.
}catch (Exception $e){
echo "An error occurred!";
exit();
}
}
else if ($opt == 'email')
{
$email = substr(trim($this->_request->getParam('email')),0,100);
$password = trim($this->_request->getParam('password'));
try{
if(empty($email))
{
echo "Please enter your E-mail";
exit();
}
if(empty($password))
{
echo "Please enter your password";
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo "Incorrect email";
exit();
}
if(md5($password)!==$rows['password']){
echo "The password you entered is incorrect.Please re-enter your password";
exit();
}
$sql = "UPDATE users SET email='$email' where id='{$rows['id']}'";
if($this->db->query($sql))
{
echo "Saved!";
exit();
}else{
echo "Failed!";
exit();
}
}catch(Exception $e){
echo "An error occurred!";
exit();
}
}
else if ($opt == 'password')
{
$password = trim($this->_request->getParam('password'));
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
$match = "/[\"|'|\\\]/i";
if(empty($password))
{
echo "Please enter your password";
exit();
}
if(empty($password_new))
{
echo "Please enter your new password";
exit();
}
if($password==$password_new)
{
echo "New password cannot be same as the old";
exit();
}
if(empty($password_confirm))
{
echo "Please re-enter your new password";
exit();
}
if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password))
{
echo "The password you entered is incorrect.Please re-enter your password";
exit();
}
if(strlen($password_new)<6)
{
echo "Your new password is too short";
exit();
}
if(strlen($password_new)>20)
{
echo "Your new password is too long";
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo "Entered passwords differ from the another";
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'";
if($this->db->query($sql))
{
echo "Changes Saved!";
exit();
}else{
echo "Failed!Please check the input content";
exit();
}
}catch(Exception $e){
echo "An error occurred!";
exit();
}
}
else
{
exit();
}
} //saveopt ajax修改用户信息
function loginAction()
{
$submit = $this->_request->getParam('submit');
if(!empty($submit))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$success=false;
$message='';
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(empty($username))
{
echo box::warning('请输入用户名');
exit();
}
if(empty($password))
{
echo box::warning('请输入密码');
exit();
}
if(empty($vdcode))
{
echo box::warning('请输入验证码');
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
if (!$this->login($username,$password))
{
echo box::error('用户名或密码错误');
exit();
}
else
{
echo box::success('登录成功,<a href="/">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\'\/\';",2000);</script>');
exit();
}
$tohref = $this->_request->getParam('href');
if(!empty($tohref))
{
$this->_redirect($tohref);
}else{
$this->_redirect($this->_request->getParam('return'));
}
}
}
function logoutAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$auth->clearIdentity();
require_once 'member.php';
member::flushcookie();
$this->_redirect('/');
}
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u));
if ($this->_request->getParam('remember')) {
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
return true;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$db=Zend_Registry::get('db');
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$email = $this->_request->getParam('email');
include_once('ajax/box.php');
if(empty($email))
{
echo box::warning('请输入要找回密码的账户所对应的Email地址');
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
$sql = "SELECT * FROM users WHERE email=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($email));
$row = $sth->fetch();
if($row['id']=='')
{
echo box::error("未找到对应用户");
exit();
}
//email the url to user
$username=$row['username'];
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('user' => $username,'uid'=>$uid)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($email);
$mail->send();
$this->view->messages[]='Please check the activation link in your email.';
$this->view->form=false;//do not echo form
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('user' => $username,'uid'=>$uid)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($formData['email']);
$mail->send();
$this->view->messages[]='Please check the activation link in your email.';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('Sorry, the email is not found.');
}
} else
$this->view->messages[]='Please input your email, you will get the new password in your email.';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,'member-resetpwd',
array('user' => $login,'pwd'=>$tmp_pwd));
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($urow->email);
$mail->send();
$this->view->messages[]='Please check your new password in your email.';
$this->view->form=false;//do not echo form
}
}
}// function fetchpwdAction()
}