+
+ partial('user/left.phtml'); ?>
+
-msg or $this->messages) :?>
-
-msg) : ?>
-
msg; ?>
-messages): foreach($this->messages as $msg): ?>
-
-
-
-
-
-
-
-
-
-
编辑权限
\ No newline at end of file
+
+
\ No newline at end of file
diff --git a/application/default/controllers/AccountController.php b/application/default/controllers/AccountController.php
index 6a34987c..4832d7b3 100755
--- a/application/default/controllers/AccountController.php
+++ b/application/default/controllers/AccountController.php
@@ -249,206 +249,143 @@ class AccountController extends Zend_Controller_Action
//$this->view->messages = $this->messenger->getMessages();
}
- function registerAction()
+ function registerAction()
{
- $form = new RegisterForm();
- $this->view->form = $form;
-
- if ($this->_request->isPost()) {
- $formData = $this->_request->getPost();
- if ($form->isValid($formData)) {
- $ut = new UsersTable();
- $u = $ut->createRow();
- $u->username = $form->getValue('username');
- $u->password = $form->getValue('password');
- $u->email=$form->getValue('email');
- if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
- if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
- if ($form->getValue('address')) $u->address=$form->getValue('address');
- if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
- if ($form->getValue('project')) $u->project=$form->getValue('project');
- if ($u->save()) {
- //发送欢迎邮件
- $mail=new WestdcMailer($this->view->config->smtp);
- $body=file_get_contents($this->view->config->register->email->template);
- $body=str_replace("[username]",$formData['username'],$body);
- $mail->setBodyText($body);
- $mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
- $mail->addTo($formData['email']);
- //中文标题有乱码,在1.5版本中尚未解决
- //ref: http://framework.zend.com/issues/browse/ZF-2532
- $mail->setSubject('欢迎使用中国西部环境与生态数据中心');
- $mail->send();
+ $request = new \Zend_Controller_Request_Http();
+ if($request->isXmlHttpRequest())
+ {
+ $this->_helper->layout->disableLayout();
+ $this->_helper->viewRenderer->setNoRender();
+
+ $account = new Account();
+ $data = $account->getParam($this->_request);
+
+ $result = $account->register($data);
+
+ if(!empty($result))
+ {
+ $this->jsonexit($result);
+ return true;
+ }
+
+ $this->jsonexit(array('error'=>'|o| 服务器掉链子了,请重试'));
+
+ return true;
+ }else{
+ //$this->_helper->layout->disableLayout();
+ }
+
- //自动登录系统
- $this->login($formData['username'],$formData['password']);
- $this->_redirect('/');
- }
- } else {
- $form->populate($formData);
- }
- }
- }
+ $success=false;
+
+ $auth = Zend_Auth::getInstance();
+ if ($auth->hasIdentity())
+ $this->_redirect('/');
+
+ $submit = $this->_getParam('submit');
+ if(!empty($submit))
+ {
+ $account = new Account();
+ $this->view->data = $data = $account->getParam($this->_request);
+ $result = $account->register($data);
+
+ if(!empty($result))
+ {
+ if(isset($result['error']))
+ {
+ $this->view->place = $result['place'];
+ $this->view->error = $result['error'];
+ return true;
+ }
+ if(isset($result['success']))
+ {
+ $this->_redirect('/');
+ return true;
+ }
+ }else{
+ $this->view->error = "处理中出现问题";
+ return true;
+ }
+ }
+ }//用户注册
- function loginAction()
+ function loginAction()
{
- $success=false;
+ $request = new \Zend_Controller_Request_Http();
+ if($request->isXmlHttpRequest())
+ {
+
+ }
+
+ $captcha = new Captcha();
+
+ $success=false;
$options = array(
'module' => $this->_request->getModuleName(),
'controller' => $this->_request->getControllerName(),
'action' => $this->_request->getActionName(),
);
-
+
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
- view::Post($this,"您已经登录,无需重复登录",-1);
- return true;
+ if($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login")
+ {
+ $this->_redirect("/");
+ }else{
+ $this->_redirect($_SERVER['REQUEST_URI']);
+ }
}
$tohref = $this->_request->getParam('href');
- if(($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login"))
+ if($_SERVER['REQUEST_URI'] !== "/account/login")
{
$this->view->href = $_SERVER['REQUEST_URI'];
- }
-
- if($tohref == "/account/login")
- {
- $this->view->href = $tohref = "/";
+ }else{
+ $this->view->href = "/";
}
if(!empty($tohref))
{
$this->view->href = $tohref;
}
- $captcha = new Captcha();
- //登录表单提交
+ $submit = $this->_getParam("submit");
- if(!$this->_getParam('submit'))
+ if(!empty($submit))
{
- $this->view->captcha = $captcha->setCaptcha();
- return false;
- }
-
- $url = "http://sanjiangyuan/account/login";
-
- $param = array(
- 'username' => $this->_getParam('username'),
- 'password' => $this->_getParam('password'),
- 'captchaword' => trim($this->_request->getParam('captcha'))
- );
-
- $captchaword = $param['captchaword'];
-
- #用户名校验
- if(strlen($param['username'])<6)
- {
- $this->view->error = '用户名不能少于6个字符';
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- if(strlen($param['username'])>20)
- {
-
- $this->view->error = '用户名不能超过20个字符';
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$param['username']))
- {
- $this->view->error = '用户名只能包含英文字母及数字';
- $this->view->captcha = $captcha->setCaptcha();
-
- return true;
- }
-
- #密码校验
- $match = "/[\"|'|\\\]/i";
-
- if(preg_match($match,$param['password']) )
- {
- $this->view->error = '密码中包含非法字符,请重新输入';
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- if(empty($param['password']))
- {
- $this->view->error = '请输入密码';
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- if(strlen($param['password'])<6)
- {
- $this->view->error ='密码太短';
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- if(strlen($param['password'])>20)
- {
- $this->view->error ="密码长度不能超过20个字符";
- $this->view->captcha = $captcha->setCaptcha();
- return true;
- }
-
- #验证码校验
+ $data = array(
+ 'username' => $this->_getParam('username'),
+ 'password' => $this->_getParam('password')
+ );
- if(empty($captchaword))
+ $account = new Account();
+ $result = $account->login($data);
+
+ if(!empty($result))
{
- $this->view->error = "请输入验证码";
+ if(isset($result['error']))
+ {
+ $this->view->error = $result['error'];
+ $this->view->captcha = $captcha->setCaptcha();
+ return true;
+ }
+ if(isset($result['success']))
+ {
+ $this->_redirect($this->view->href);
+ return true;
+ }
+ }else{
$this->view->captcha = $captcha->setCaptcha();
+ $this->view->error = "处理中出现问题";
return true;
}
-
- if(!isset($_SESSION['captcha']))
- {
- $_SESSION['captcha'] = md5(time());
- }
-
- if ($captchaword != $_SESSION['captcha']) {
- $this->view->captcha = $captcha->setCaptcha();
- $this->view->error = "验证码错误";
- return true;
- }
-
-
- $encoded_param = json_encode($param,JSON_NUMERIC_CHECK);
- $encoded_param = \Helpers\MCrypt::encrypt($encoded_param,"DY7567");
-
- $curl = new Curl();
- $curl->port = 80;
- $curl->initOptions(array('verifyssl'=>false));
- $curl->H = array(
- 'X-Requested-With: XMLHttpRequest'
- );
- $data = $curl->request($url,array('data'=>$encoded_param),"POST");
-
- $KEY = \Helpers\MCrypt::decrypt($data['response'],"CH6668");
- $cache_data = json_decode($KEY);
- if (isset($cache_data -> error))
- {
- $this->view->error =$cache_data -> error;
- return;
- }
- $Users = new Users();
- if(!$Users -> storeNewAuthCredential($cache_data))
- {
- $this-> view->error ="登录失败,请重新登录。";
- return;
- }else{
-
- view::Post($this,"登录成功!",$tohref);
}
+
$this->view->captcha = $captcha->setCaptcha();
- return true;
- }
+ }//登陆
function captchaAction()
diff --git a/application/module/Users/AclManager.php b/application/module/Users/AclManager.php
new file mode 100644
index 00000000..46e912b3
--- /dev/null
+++ b/application/module/Users/AclManager.php
@@ -0,0 +1,144 @@
+'',
+ 'controller' => 'account',
+ 'action' => 'login'
+ );
+
+ private $_adminRole;
+
+ public function __construct(\Zend_Auth $auth)
+ {
+ $config = \Zend_Registry::get('config');
+ $this->_adminRole = $config->auth->identifier;
+
+ $this->db=\Zend_Registry::get('db');
+ $this->auth = $auth;
+ $this->acl = new Zend_Acl();
+ // add the different user roles
+ $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole));
+ $this->acl->addRole(new Zend_Acl_Role('member'));
+ $this->acl->addRole(new Zend_Acl_Role($this->_adminRole), 'member');
+
+ // add the resources we want to have control over
+ $this->acl->add(new Zend_Acl_Resource('account'));
+ $this->acl->add(new Zend_Acl_Resource('data'));
+ $this->acl->add(new Zend_Acl_Resource('water'));
+ $this->acl->add(new Zend_Acl_Resource('admin'));
+ $this->acl->add(new Zend_Acl_Resource('upload'));
+ $this->acl->add(new Zend_Acl_Resource('author'));
+ $this->acl->add(new Zend_Acl_Resource('heihe'));
+ // allow access to everything for all users by default
+ // except for the account management and administration areas
+ $this->acl->allow();
+ $this->acl->deny(null, 'account');
+ $this->acl->deny(null, 'admin');
+ $this->acl->deny(null, 'author');
+ // add an exception so guests can log in or register
+ // in order to gain privilege
+ $this->acl->allow('guest', 'account', array('login',
+ 'logout',
+ 'captcha',
+ 'fetchpwd',
+ 'register',
+ 'registercomplete'));
+ $this->acl->deny('guest','data',array('download','order'));
+ $this->acl->deny('guest','water',array('download','order'));
+ $this->acl->deny('guest','heihe',array('submit'));
+ // allow members access to the account management area
+ $this->acl->allow('guest','author',array('index'));
+ $this->acl->allow('member', 'account');
+ $this->acl->allow('member', 'author');
+
+ // allows administrators access to the admin area
+ $this->acl->allow($this->_adminRole, 'admin');
+ }
+ /**
+ * preDispatch
+ *
+ * Before an action is dispatched, check if the current user
+ * has sufficient privileges. If not, dispatch the default
+ * action instead
+ *
+ * @param Zend_Controller_Request_Abstract $request
+ */
+ public function preDispatch(\Zend_Controller_Request_Abstract $request)
+ {
+
+ $phpSessId = $request->getParam('PHPSESSID');
+
+ if (!empty($phpSessId) && session_id() != $phpSessId) {
+ session_destroy();
+ session_id($phpSessId);
+ session_start();
+ }
+ // check if a user is logged in and has a valid role,
+ // otherwise, assign them the default role (guest)
+
+ if(!$this->auth->hasIdentity())
+ {
+ $mb = new \member();
+ $mb->db=$this->db;
+ if($mb->checkcookie())
+ {
+ $auth = Zend_Auth::getInstance();
+ $authAdapter = new Zend_Auth_Adapter_DbTable($this->db);
+ $authAdapter->setTableName('users')
+ ->setIdentityColumn('username')
+ ->setCredentialColumn('password');
+ $authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd);
+ $result = $auth->authenticate($authAdapter);
+ if ($result->isValid()) {
+ $data = $authAdapter->getResultRowObject(null,'password');
+ //头像
+ include_once("Avatar.php");
+ $avatar = new Avatar();
+ $data->avatar = $avatar->Get($data->email,40);
+
+ //组ID
+ include_once("Users.php");
+ $usr = new Users($this->db);
+ $data->gid = $usr->getGroup($data->id);
+
+ $auth->getStorage()->write($data);
+ $this->db->query("update users set ts_last_login=now() where username=?",array($mb->user));
+ }
+ }
+ }
+
+ if ($this->auth->hasIdentity())
+ $role = $this->auth->getIdentity()->usertype;
+ else
+ $role = $this->_defaultRole;
+ if (!$this->acl->hasRole($role))
+ $role = $this->_defaultRole;
+ // the ACL resource is the requested controller name
+ $resource = $request->controller;
+ if ($request->module<>"default") $resource=$request->module;
+ // the ACL privilege is the requested action name
+ $privilege = $request->action;
+ if ($request->module<>"default") $privilege = $request->controller;
+ // if we haven't explicitly added the resource, check
+ // the default global permissions
+ if (!$this->acl->has($resource))
+ $resource = null;
+ // access denied - reroute the request to the default action handler
+ if (!$this->acl->isAllowed($role, $resource, $privilege)) {
+ $request->setModuleName($this->_authController['module']);
+ $request->setControllerName($this->_authController['controller']);
+ $request->setActionName($this->_authController['action']);
+ }
+ }
+ }
diff --git a/application/module/Users/Local.php b/application/module/Users/Local.php
index 91f552c4..95aef8fa 100644
--- a/application/module/Users/Local.php
+++ b/application/module/Users/Local.php
@@ -26,7 +26,7 @@ class Local extends \Zend_Controller_Plugin_Abstract
$this->db = $db;
}
- $this->config = \Zend_Registry::get('6config');
+ $this->config = \Zend_Registry::get('config');
$this->table = new \Helpers\Table();
diff --git a/application/module/Users/Users.php b/application/module/Users/Users.php
index df3d24a9..e2cace0f 100644
--- a/application/module/Users/Users.php
+++ b/application/module/Users/Users.php
@@ -37,6 +37,37 @@ class Users extends \Zend_Controller_Plugin_Abstract
}
}
+ //初始化用户类型
+ public function initUserType()
+ {
+ $this->usertype = array(
+ '普通会员' => 'member',
+ $this->config->auth->groupname => $this->config->auth->indentifier
+ );
+ }
+
+ //获取用户类型
+ public function getUserType()
+ {
+ $this->initUserType();
+ return $this->usertype;
+ }
+
+ //通过ID获取User信息
+ public function getUser($id)
+ {
+ $sql="select * from users where id=?";
+ $result=$this->db->query($sql,$id);
+ $rows = $result->fetch();
+
+ return $rows;
+ }
+
+ public function getUserInfo($id)
+ {
+ return $this->getUser($id);
+ }
+
//通过email地址返回用户信息是否存在
public function userExists($email = NULL)
{
diff --git a/htdocs/index.php b/htdocs/index.php
index 363586a5..cf253a0b 100755
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -4,7 +4,7 @@ ini_set('display_errors', 1);
date_default_timezone_set('Asia/Shanghai');
// directory setup and class loading
-set_include_path('.' . PATH_SEPARATOR . '../include/'
+set_include_path('.' . PATH_SEPARATOR . 'F:/library/zf1/library'
. PATH_SEPARATOR . 'D:/library/zf1'
. PATH_SEPARATOR . '../application/models'
. PATH_SEPARATOR . '../application/module'
@@ -40,7 +40,7 @@ $frontController->setControllerDirectory(array(
'default' => '../application/default/controllers',
'admin' => '../application/admin/controllers'));
-$frontController->registerPlugin(new CustomControllerAclManager($auth));
+$frontController->registerPlugin(new \Users\AclManager($auth));
Zend_Layout::startMvc(array('layoutPath'=>'../application/layouts'));
$router = new Zend_Controller_Router_Rewrite();
$router->addConfig($config, 'routes');