2012-04-20 12:56:50 +00:00
< ? php
class AccountController extends Zend_Controller_Action
{
function indexAction ()
{
$this -> _redirect ( '/' );
}
function init ()
{
$this -> messenger = $this -> _helper -> getHelper ( 'FlashMessenger' );
}
function postDispatch ()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch ()
{
$this -> view -> config = Zend_Registry :: get ( 'config' );
$this -> _request -> setParam ( 'return' , $this -> _request -> getServer ( 'REQUEST_URI' ));
$this -> db = Zend_Registry :: get ( 'db' );
$this -> view -> messages = $this -> messenger -> getMessages ();
}
function registerAction ()
{
$reg = $this -> _request -> getParam ( 'submit' );
if ( ! empty ( $reg ))
{
$this -> _helper -> layout -> disableLayout ();
$this -> _helper -> viewRenderer -> setNoRender ();
try {
$username = mb_substr ( trim ( $this -> _request -> getParam ( 'username' )), 0 , 100 , 'utf-8' );
$name = mb_substr ( trim ( $this -> _request -> getParam ( 'name' )), 0 , 100 , 'utf-8' );
$email = mb_substr ( trim ( $this -> _request -> getParam ( 'email' )), 0 , 100 , 'utf-8' );
$phone = mb_substr ( trim ( $this -> _request -> getParam ( 'phone' )), 0 , 100 , 'utf-8' );
$unit = mb_substr ( trim ( $this -> _request -> getParam ( 'employer' )), 0 , 200 , 'utf-8' );
$address = mb_substr ( trim ( $this -> _request -> getParam ( 'address' )), 0 , 250 , 'utf-8' );
$project = mb_substr ( trim ( $this -> _request -> getParam ( 'project' )), 0 , 500 , 'utf-8' );
$password = mb_substr ( trim ( $this -> _request -> getParam ( 'password' )), 0 , 22 , 'utf-8' );
$password_confirm = mb_substr ( trim ( $this -> _request -> getParam ( 'password_confirm' )), 0 , 22 , 'utf-8' );
$vdcode = strtolower ( substr ( trim ( $this -> _request -> getParam ( 'vdcode' )), 0 , 4 ));
include_once ( 'ajax/box.php' );
if ( strlen ( $username ) < 6 )
{
echo box :: warning ( '用户名不能少于6个字符' );
exit ();
}
if ( strlen ( $username ) > 20 )
{
echo box :: warning ( '用户名不能超过20个字符' );
exit ();
}
if ( ! preg_match ( " /^[a-zA-Z][a-zA-Z0-9_] { 4,19} $ / " , $username ))
{
echo box :: warning ( " 用户名只能包含英文字母及数字 " );
exit ();
}
if ( strlen ( $name ) < 2 )
{
echo box :: warning ( " 姓名太短 " );
exit ();
}
if ( strlen ( $name ) > 32 )
{
echo box :: warning ( " 姓名太长 " );
exit ();
}
if ( preg_match ( " /[ \" |'|~|!|#| \$ |%| \ ^| \ &| \ *| \ +| \ { | \ }| \ [| \ ]|:|;|<|>| \ ?| \ /]/ " , $name ))
{
echo box :: warning ( " 姓名中包含非法字符 " );
exit ();
}
if ( ! preg_match ( " / \ w+([-+.] \ w+)*@ \ w+([-.] \ w+)* \ . \ w+([-.] \ w+)*/i " , $email ))
{
echo box :: warning ( " 请输入正确的Email地址 " );
exit ();
}
if ( ! empty ( $phone ) && preg_match ( " /[ \" |'|~|!|#| \$ |%| \ ^| \ &| \ *| \ { | \ }| \ [| \ ]|:|;|<|>| \ ?| \ /]/ " , $phone ))
{
echo box :: warning ( " 请输入正确的电话号码 " );
exit ();
}
if ( ! empty ( $unit ) && preg_match ( " /[ \" |'|~|!|#| \$ |%| \ ^| \ &| \ *| \ { | \ }| \ [| \ ]|:|;|<|>| \ ?| \ /]/ " , $unit ))
{
echo box :: warning ( " 输入的内容中包含非法字符 " );
exit ();
}
if ( ! empty ( $address ) && preg_match ( " /[ \" |'|~|!| \$ |%| \ ^| \ &| \ *| \ { | \ }| \ ?| \ /]/ " , $address ))
{
echo box :: warning ( " 地址中包含非法字符 " );
exit ();
}
$match = " /[ \" |'| \\ \ ]/i " ;
if ( preg_match ( $match , $password ) || preg_match ( $match , $password_confirm ))
{
echo box :: warning ( " 密码中包含非法字符,请重新输入 " );
exit ();
}
if ( empty ( $password ))
{
echo box :: warning ( " 请输入密码 " );
exit ();
}
if ( strlen ( $password ) < 6 )
{
echo box :: warning ( " 密码太短 " );
exit ();
}
if ( strlen ( $password ) > 20 )
{
echo box :: warning ( " 密码长度不能超过20个字符 " );
exit ();
}
if ( $password !== $password_confirm )
{
echo box :: warning ( " 两次输入的密码不同 " );
exit ();
}
$sql = " select id from users where username like '% $username %' " ;
$rs = $this -> db -> query ( $sql );
$row = $rs -> fetch ();
if ( $row [ 'id' ] > 0 )
{
echo box :: warning ( " 该用户名已经被占用,请更换 " );
exit ();
}
$sql = " select id from users where email like '% $email %' " ;
$rs = $this -> db -> query ( $sql );
$row = $rs -> fetch ();
if ( $row [ 'id' ] > 0 )
{
echo box :: warning ( " 该Email已经被使用, 请更换 " );
exit ();
}
if ( $vdcode != $_SESSION [ 'vdcodes' ])
{
echo box :: warning ( " 验证码错误 " );
exit ();
}
$sql = " INSERT INTO users (username,password,email,realname,unit,address,project,phone,usertype)
VALUES ( ? , ? , ? , ? , ? , ? , ? , ? , ? ) " ;
$sth = $this -> db -> prepare ( $sql );
$ec = $sth -> execute ( array ( $username , md5 ( $password ), $email , $name , $unit , $address , $project , $phone , 'member' ));
//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
// VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
//$ec = $this->db->exec($sql);
if ( $ec )
{
$this -> login ( $username , md5 ( $password ));
echo box :: success ( " <script> $ ('#signup').hide(); $ ('#info').html('注册成功!<br /><a href= \" \ / \" >网站首页</a> <a href= \" \ /account \ /edit \" >我的帐号</a>')</script> " );
exit ();
}
else
{
echo box :: warning ( " An error occurred!Re-try please! " );
exit ();
}
} catch ( Exception $e ){
echo box :: warning ( " An error occurred! " . $e -> getMessage ());
exit ();
}
} //ajax 注册
}
function editAction ()
{
$auth = Zend_Auth :: getInstance ();
if ( $auth -> hasIdentity ())
{
$user = $auth -> getIdentity ();
$username = $user -> username ;
$sql = " select * from users where username=' $username ' " ;
$rs = $this -> db -> query ( $sql );
$rows = $rs -> fetch ();
$this -> view -> user = $rows ;
}
}
function saveoptAction ()
{
$this -> _helper -> layout -> disableLayout ();
$this -> _helper -> viewRenderer -> setNoRender ();
$opt = $this -> _request -> getParam ( 'opt' );
$auth = Zend_Auth :: getInstance ();
if ( $auth -> hasIdentity ())
{
$user = $auth -> getIdentity ();
$username = $user -> username ;
$sql = " select * from users where username=' $username ' " ;
$rs = $this -> db -> query ( $sql );
$rows = $rs -> fetch ();
$this -> view -> user = $rows ;
}
else
{
echo " You must log in " ;
exit ();
}
if ( $opt == 'general' )
{
$realname = mb_substr ( trim ( $this -> _request -> getParam ( 'name' )), 0 , 100 , 'utf-8' );
$phone = mb_substr ( trim ( $this -> _request -> getParam ( 'phone' )), 0 , 100 , 'utf-8' );
$unit = mb_substr ( trim ( $this -> _request -> getParam ( 'employer' )), 0 , 200 , 'utf-8' );
$address = mb_substr ( trim ( $this -> _request -> getParam ( 'address' )), 0 , 250 , 'utf-8' );
$project = mb_substr ( trim ( $this -> _request -> getParam ( 'project' )), 0 , 500 , 'utf-8' );
try {
if ( empty ( $realname ))
{
echo " Please enter your Name " ;
exit ();
}
$sql = " UPDATE users SET realname=' $realname ',phone=' $phone ',unit=' $unit ',address=' $address ',project=' $project ' WHERE id=' { $rows [ 'id' ] } ' " ;
if ( $this -> db -> query ( $sql ))
{
echo " Saved! " ;
exit ();
} else {
echo " Failed! " ;
exit ();
}
//Error!Retry please!SQLSTATE[42P02]: Undefined parameter: 7 错误: 没有参数 $1 CONTEXT: Error occurred on dblink connection named "unnamed": could not execute command.
} catch ( Exception $e ){
echo " An error occurred! " ;
exit ();
}
}
else if ( $opt == 'email' )
{
$email = substr ( trim ( $this -> _request -> getParam ( 'email' )), 0 , 100 );
$password = trim ( $this -> _request -> getParam ( 'password' ));
try {
if ( empty ( $email ))
{
echo " Please enter your E-mail " ;
exit ();
}
if ( empty ( $password ))
{
echo " Please enter your password " ;
exit ();
}
if ( ! preg_match ( " / \ w+([-+.] \ w+)*@ \ w+([-.] \ w+)* \ . \ w+([-.] \ w+)*/i " , $email ))
{
echo " Incorrect email " ;
exit ();
}
if ( md5 ( $password ) !== $rows [ 'password' ]){
echo " The password you entered is incorrect.Please re-enter your password " ;
exit ();
}
$sql = " UPDATE users SET email=' $email ' where id=' { $rows [ 'id' ] } ' " ;
if ( $this -> db -> query ( $sql ))
{
echo " Saved! " ;
exit ();
} else {
echo " Failed! " ;
exit ();
}
} catch ( Exception $e ){
echo " An error occurred! " ;
exit ();
}
}
else if ( $opt == 'password' )
{
$password = trim ( $this -> _request -> getParam ( 'password' ));
$password_new = trim ( $this -> _request -> getParam ( 'password_new' ));
$password_confirm = trim ( $this -> _request -> getParam ( 'password_confirm' ));
$match = " /[ \" |'| \\ \ ]/i " ;
if ( empty ( $password ))
{
echo " Please enter your password " ;
exit ();
}
if ( empty ( $password_new ))
{
echo " Please enter your new password " ;
exit ();
}
if ( $password == $password_new )
{
echo " New password cannot be same as the old " ;
exit ();
}
if ( empty ( $password_confirm ))
{
echo " Please re-enter your new password " ;
exit ();
}
if ( preg_match ( $match , $password ) || preg_match ( $match , $password_new ) || preg_match ( $match , $password_confirm ) || $rows [ 'password' ] !== md5 ( $password ))
{
echo " The password you entered is incorrect.Please re-enter your password " ;
exit ();
}
if ( strlen ( $password_new ) < 6 )
{
echo " Your new password is too short " ;
exit ();
}
if ( strlen ( $password_new ) > 20 )
{
echo " Your new password is too long " ;
exit ();
}
if ( md5 ( $password_new ) !== md5 ( $password_confirm ))
{
echo " Entered passwords differ from the another " ;
exit ();
}
try {
$sql = " UPDATE users SET password=' " . md5 ( $password_new ) . " ' WHERE username=' $username ' " ;
if ( $this -> db -> query ( $sql ))
{
echo " Changes Saved! " ;
exit ();
} else {
echo " Failed!Please check the input content " ;
exit ();
}
} catch ( Exception $e ){
echo " An error occurred! " ;
exit ();
}
}
else
{
exit ();
}
} //saveopt ajax修改用户信息
function loginAction ()
{
$submit = $this -> _request -> getParam ( 'submit' );
if ( ! empty ( $submit ))
{
$this -> _helper -> layout -> disableLayout ();
$this -> _helper -> viewRenderer -> setNoRender ();
$success = false ;
$message = '' ;
$auth = Zend_Auth :: getInstance ();
if ( $auth -> hasIdentity ())
$this -> _redirect ( '/account' );
$username = trim ( $this -> _request -> getParam ( 'username' ));
$password = trim ( $this -> _request -> getParam ( 'password' ));
$vdcode = strtolower ( substr ( trim ( $this -> _request -> getParam ( 'vdcode' )), 0 , 4 ));
include_once ( 'ajax/box.php' );
if ( empty ( $username ))
{
echo box :: warning ( '请输入用户名' );
exit ();
}
if ( empty ( $password ))
{
echo box :: warning ( '请输入密码' );
exit ();
}
if ( empty ( $vdcode ))
{
echo box :: warning ( '请输入验证码' );
exit ();
}
if ( $vdcode != $_SESSION [ 'vdcodes' ])
{
echo box :: warning ( " 验证码错误 " );
exit ();
}
if ( ! $this -> login ( $username , $password ))
{
echo box :: error ( '用户名或密码错误' );
exit ();
}
else
{
echo box :: success ( '登录成功,<a href="/">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\'\/\';",2000);</script>' );
exit ();
}
$tohref = $this -> _request -> getParam ( 'href' );
if ( ! empty ( $tohref ))
{
$this -> _redirect ( $tohref );
} else {
$this -> _redirect ( $this -> _request -> getParam ( 'return' ));
}
}
}
function logoutAction ()
{
$this -> _helper -> layout -> disableLayout ();
$this -> _helper -> viewRenderer -> setNoRender ();
$auth = Zend_Auth :: getInstance ();
if ( $auth -> hasIdentity ())
{
$auth -> clearIdentity ();
require_once 'member.php' ;
member :: flushcookie ();
$this -> _redirect ( '/' );
}
}
private function default_login ( $u , $p )
{
$auth = Zend_Auth :: getInstance ();
$db = Zend_Registry :: get ( 'db' );
$authAdapter = new Zend_Auth_Adapter_DbTable ( $db );
$authAdapter -> setTableName ( 'users' )
-> setIdentityColumn ( 'username' )
-> setCredentialColumn ( 'password' );
$authAdapter -> setIdentity ( $u ) -> setCredential ( md5 ( $p ));
$result = $auth -> authenticate ( $authAdapter );
if ( $result -> isValid ()) {
// success: store database row to auth's storage
$data = $authAdapter -> getResultRowObject ( null , 'password' );
$auth -> getStorage () -> write ( $data );
$db -> query ( $db -> quoteInto ( " update users set ts_last_login=now() where username=? " , $u ));
if ( $this -> _request -> getParam ( 'remember' )) {
require_once 'member.php' ;
$mb = new member ();
$mb -> putcookie ( $u , md5 ( $p ));
}
return true ;
}
return false ;
}
private function aspnet_login ( $p , $salt , $password )
{
$p1 = implode ( " \x00 " , str_split ( $p )) . " \x00 " ;
$ball = base64_decode ( $salt ) . $p1 ;
return trim ( $password ) == base64_encode ( sha1 ( $ball , true ));
}
// 首先判断是否存在salt
// 若有salt, 则按照aspnet membership加密算法进行判断
function login ( $u , $p )
{
$db = Zend_Registry :: get ( 'db' );
$sql = " select password,salt from users where username=? " ;
$uq = $db -> query ( $sql , array ( $u ));
if ( $urow = $uq -> fetchObject ())
{
if ( empty ( $urow -> salt ))
return $this -> default_login ( $u , $p );
else {
//进行判断并进行转换到默认
if ( $this -> aspnet_login ( $p , $urow -> salt , $urow -> password ))
{
$sql = " update users set password=md5(?),salt='' where username=? " ;
$db -> query ( $sql , array ( $p , $u ));
return $this -> default_login ( $u , $p );
} else
return false ;
}
} else {
//没有对应的用户,登录失败
return false ;
}
}
function fetchpwdAction ()
{
$this -> _helper -> layout -> disableLayout ();
$this -> _helper -> viewRenderer -> setNoRender ();
$auth = Zend_Auth :: getInstance ();
if ( $auth -> hasIdentity ())
$this -> _redirect ( '/account' );
$email = $this -> _request -> getParam ( 'email' );
include_once ( 'ajax/box.php' );
if ( empty ( $email ))
{
echo box :: warning ( '请输入要找回密码的账户所对应的Email地址' );
exit ();
}
if ( ! preg_match ( " / \ w+([-+.] \ w+)*@ \ w+([-.] \ w+)* \ . \ w+([-.] \ w+)*/i " , $email ))
{
echo box :: warning ( " 请输入正确的Email地址 " );
exit ();
}
$sql = " SELECT * FROM users WHERE email=? " ;
$sth = $this -> db -> prepare ( $sql );
$sth -> execute ( array ( $email ));
$row = $sth -> fetch ();
if ( $row [ 'id' ] == '' )
{
echo box :: error ( " 未找到对应用户 " );
exit ();
}
//email the url to user
$username = $row [ 'username' ];
$sql = " update users set activation=? where email=? " ;
$uid = uniqid ();
$db -> query ( $sql , array ( $uid , $formData [ 'email' ]));
$mail = new WestdcMailer ( $this -> view -> config -> smtp );
$mailtp = new EmailText ( $this -> db ,
'member-fetchpwd' ,
array ( 'user' => $username , 'uid' => $uid )
);
$mail -> setBodyText ( $mailtp -> getBody ());
$mail -> setFrom ( $this -> view -> config -> service -> email , 'WDSCAR Service Team' );
$mail -> setSubject ( $mailtp -> getSubject ());
$mail -> addTo ( $email );
$mail -> send ();
$this -> view -> messages [] = 'Please check the activation link in your email.' ;
$this -> view -> form = false ; //do not echo form
$ut = new UsersTable ();
$db = $ut -> getAdapter ();
$form = new LostpwdForm ();
$key = $this -> _request -> getParam ( 'key' );
$login = $this -> _request -> getParam ( 'login' );
if ( empty ( $key ) && empty ( $login )) {
$this -> view -> form = $form ;
if ( $this -> _request -> isPost ()) {
$formData = $this -> _request -> getPost ();
if ( $form -> isValid ( $formData )) {
$sql = " select * from users where email=? " ;
$uq = $db -> query ( $sql , array ( $formData [ 'email' ]));
if ( $urow = $uq -> fetchObject ())
{
//email the url to user
$username = $urow -> username ;
$sql = " update users set activation=? where email=? " ;
$uid = uniqid ();
$db -> query ( $sql , array ( $uid , $formData [ 'email' ]));
$mail = new WestdcMailer ( $this -> view -> config -> smtp );
$mailtp = new EmailText ( $this -> db ,
'member-fetchpwd' ,
array ( 'user' => $username , 'uid' => $uid )
);
$mail -> setBodyText ( $mailtp -> getBody ());
$mail -> setFrom ( $this -> view -> config -> service -> email , 'WDSCAR Service Team' );
$mail -> setSubject ( $mailtp -> getSubject ());
$mail -> addTo ( $formData [ 'email' ]);
$mail -> send ();
$this -> view -> messages [] = 'Please check the activation link in your email.' ;
$this -> view -> form = false ; //do not echo form
} else
$this -> messenger -> addMessage ( 'Sorry, the email is not found.' );
}
} else
$this -> view -> messages [] = 'Please input your email, you will get the new password in your email.' ;
} else {
$sql = " select * from users where username=? and activation=? " ;
$uq = $db -> query ( $sql , array ( $login , $key ));
$tmp_pwd = uniqid ();
if ( $urow = $uq -> fetchObject ())
{
$sql = " update users set salt='',activation='',password=md5(' " . $tmp_pwd . " ') where username=? and activation=? " ;
$db -> query ( $sql , array ( $login , $key ));
$mail = new WestdcMailer ( $this -> view -> config -> smtp );
$mailtp = new EmailText ( $this -> db , 'member-resetpwd' ,
array ( 'user' => $login , 'pwd' => $tmp_pwd ));
$mail -> setBodyText ( $mailtp -> getBody ());
$mail -> setFrom ( $this -> view -> config -> service -> email , 'WDSCAR Service Team' );
$mail -> setSubject ( $mailtp -> getSubject ());
$mail -> addTo ( $urow -> email );
$mail -> send ();
$this -> view -> messages [] = 'Please check your new password in your email.' ;
$this -> view -> form = false ; //do not echo form
}
}
} // function fetchpwdAction()
}