diff --git a/application/default/controllers/AccountController.php b/application/default/controllers/AccountController.php index d6432d90..842ade90 100755 --- a/application/default/controllers/AccountController.php +++ b/application/default/controllers/AccountController.php @@ -150,6 +150,9 @@ class AccountController extends Zend_Controller_Action { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); + require_once 'member.php'; + $mb=new member(); + $mb::flushcookie(); $this->_redirect('/'); } @@ -157,6 +160,7 @@ class AccountController extends Zend_Controller_Action { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); + $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') @@ -164,14 +168,18 @@ class AccountController extends Zend_Controller_Action $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { + // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); $auth->getStorage()->write($data); - if ($this->_request->getParam('remember')) { - $authNamespace = new Zend_Session_Namespace('westdc'); - $authNamespace->setExpirationSeconds(2592000); - } $db->query("update users set ts_last_login=now() where username=?",array($u)); + + if ($this->_request->getParam('remember')) { + require_once 'member.php'; + $mb = new member(); + $mb -> putcookie($u,md5($p)); + } + return true; } return false; diff --git a/application/models/CustomControllerAclManager.php b/application/models/CustomControllerAclManager.php index babcb578..e8c24a6a 100755 --- a/application/models/CustomControllerAclManager.php +++ b/application/models/CustomControllerAclManager.php @@ -8,6 +8,7 @@ 'action' => 'login'); public function __construct(Zend_Auth $auth) { + $this->db=Zend_Registry::get('db'); $this->auth = $auth; $this->acl = new Zend_Acl(); // add the different user roles @@ -36,6 +37,7 @@ $this->acl->allow('member', 'account'); // allows administrators access to the admin area $this->acl->allow('administrator', 'admin'); + } /** * preDispatch @@ -50,6 +52,25 @@ { // check if a user is logged in and has a valid role, // otherwise, assign them the default role (guest) + $mb = new member(); + $mb->db=$this->db; + + if($mb->checkcookie()) + { + $auth = Zend_Auth::getInstance(); + $authAdapter = new Zend_Auth_Adapter_DbTable($this->db); + $authAdapter->setTableName('users') + ->setIdentityColumn('username') + ->setCredentialColumn('password'); + $authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd); + $result = $auth->authenticate($authAdapter); + if ($result->isValid()) { + $data = $authAdapter->getResultRowObject(null,'password'); + $auth->getStorage()->write($data); + $this->db->query("update users set ts_last_login=now() where username=?",array($mb->user)); + } + } + if ($this->auth->hasIdentity()) $role = $this->auth->getIdentity()->usertype; else diff --git a/application/models/member.php b/application/models/member.php new file mode 100755 index 00000000..abf47d7f --- /dev/null +++ b/application/models/member.php @@ -0,0 +1,110 @@ +scr = $_COOKIE['scr']; + } + if(!empty($_COOKIE['user'])) + { + $this->user= $_COOKIE['user']; + } + } + + + /** + * 检测cookie + */ + public function checkcookie() + { + $uname = $this->user; + $hash = $this->scr; + + if(!empty($uname) && !empty($hash)) + { + if (preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$uname) || preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$hash)) + { + $this->mid=0; + return false; + } + else{ + $sql = "select username,password from users where username='$uname'"; + $rs = $this->db->query($sql); + $row = $rs->fetch(); + $scr = $this->makescr($row['username'],$row['password']); + + if($hash == $scr) + { + $this->srpwd=$row['password']; + return true; + } + else { + return false; + } + }//cookie安全 + }else { + return false; + }//exit + }//function checkcookie + + /** + * putcookie + * + * 登陆成功后放置cookie,包含安全码 + * + * @param String $uname + * @param String $pwd + * @param Int $time + */ + public function putcookie($uname,$pwd,$time = 604800) + { + try { + $scrString = $this->makescr($uname,$pwd);//加密验证串:防止用户密码被盗;防止伪造cookie。 + + if(!is_numeric($time)) + { + $time = 604800; + } + + setcookie('user',$uname,time()+$time,'/'); + setcookie('scr',$scrString,time()+$time,'/'); + + return true; + } catch (Exception $e) { + return false; + } + + }//function putcookie + + /** + * 生成安全码 + * + * @param String $u + * @param String $p + */ + public function makescr($u,$p) + { + return substr(md5($u.$p.$this->ck),3,20); + } + + /** + * 清除cookie + */ + static function flushcookie() + { + setcookie('user','',time()-99999,'/'); + setcookie('scr','',time()-99999,'/'); + } +} +?> \ No newline at end of file