From 8c3e99dde4ac1eafa9816c7d99e37dc493969861 Mon Sep 17 00:00:00 2001 From: Li Jianxuan Date: Wed, 28 Dec 2011 06:37:46 +0000 Subject: [PATCH] =?UTF-8?q?=E8=A5=BF=E9=83=A8=E6=95=B0=E6=8D=AE=E4=B8=AD?= =?UTF-8?q?=E5=BF=83=E4=B8=AD=E6=96=87=E7=89=88=E5=A2=9E=E5=8A=A0=E4=BA=86?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=97=B6=E7=9A=84=E9=AA=8C=E8=AF=81=E7=A0=81?= =?UTF-8?q?=E6=9C=BA=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../default/controllers/AccountController.php | 603 +++++++++--------- application/models/LoginForm.php | 130 ++-- 2 files changed, 384 insertions(+), 349 deletions(-) diff --git a/application/default/controllers/AccountController.php b/application/default/controllers/AccountController.php index 1e6e11d0..9d00f2cf 100755 --- a/application/default/controllers/AccountController.php +++ b/application/default/controllers/AccountController.php @@ -1,300 +1,303 @@ -_redirect('/'); - } - function init() - { - $this->messenger=$this->_helper->getHelper('FlashMessenger'); - } - function postDispatch() - { - //$this->view->messages = $this->messenger->getMessages(); - } - function preDispatch() - { - $this->view->config = Zend_Registry::get('config'); - $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); - //$this->db=Zend_Registry::get('db'); - $this->view->messages = $this->messenger->getMessages(); - } - - function registerAction() - { - $form = new RegisterForm(); - $this->view->form = $form; - - if ($this->_request->isPost()) { - $formData = $this->_request->getPost(); - if ($form->isValid($formData)) { - $ut = new UsersTable(); - $u = $ut->createRow(); - $u->username = $form->getValue('username'); - $u->password = $form->getValue('password'); - $u->email=$form->getValue('email'); - if ($form->getValue('realname')) $u->realname=$form->getValue('realname'); - if ($form->getValue('phone')) $u->phone=$form->getValue('phone'); - if ($form->getValue('address')) $u->address=$form->getValue('address'); - if ($form->getValue('unit')) $u->unit=$form->getValue('unit'); - if ($form->getValue('project')) $u->project=$form->getValue('project'); - if ($u->save()) { - //发送欢迎邮件 - $mail=new WestdcMailer($this->view->config->smtp); - $body=file_get_contents($this->view->config->register->email->template); - $body=str_replace("[username]",$formData['username'],$body); - $mail->setBodyText($body); - $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); - $mail->addTo($formData['email']); - //中文标题有乱码,在1.5版本中尚未解决 - //ref: http://framework.zend.com/issues/browse/ZF-2532 - $mail->setSubject('欢迎使用中国西部环境与生态数据中心'); - $mail->send(); - - //自动登录系统 - $this->login($formData['username'],$formData['password']); - $this->_redirect('/'); - } - } else { - $form->populate($formData); - } - } - } - function editAction() - { - $form=new UsereditForm(); - $this->view->form=$form; - $auth = Zend_Auth::getInstance(); - $user = $auth->getIdentity(); - if ($this->_request->isPost()) { - $formData = $this->_request->getPost(); - if ($form->isValid($formData)) { - //save user info - $ut=new UsersTable(); - $row=$ut->fetchRow('id='.$formData['id']); - if (md5($formData['oldpassword'])==$row->password && $formData['password']) { - //修改密码 - $row->password=md5($formData['password']); - } - if ($formData['email']) $row->email=$formData['email']; - if ($formData['phone']) $row->phone=$formData['phone']; - if ($formData['realname']) $row->realname=$formData['realname']; - if ($formData['unit']) $row->unit=$formData['unit']; - if ($formData['address']) $row->address=$formData['address']; - if ($formData['project']) $row->project=$formData['project']; - $row->save(); - //todo:更新session信息 - } - } else { - /*$formData['id']=$user->id; - $formData['email']=$user->email; - $formData['phone']=$user->phone; - $formData['realname']=$user->realname; - $formData['unit']=$user->unit; - $formData['address']=$user->address; - $formData['project']=$user->project;*/ - $ut=new UsersTable(); - $row=$ut->fetchRow('id='.$user->id); - $formData['email']=$row->email; - $formData['phone']=$row->phone; - $formData['realname']=$row->realname; - $formData['unit']=$row->unit; - $formData['address']=$row->address; - $formData['project']=$row->project; - $formData['id']=$row->id; - $form->populate($formData); - } - } - function loginAction() - { - $form = new LoginForm(); - $success=false; - $message=''; - $this->view->form = $form; - $auth = Zend_Auth::getInstance(); - if ($auth->hasIdentity()) $this->_redirect('/account'); - if ($this->_request->isPost()) { - $formData = $this->_request->getPost(); - if ($form->isValid($formData)) { - if (!$this->login($formData['username'],$formData['password'])) - { - $this->messenger->addMessage('登录失败,请检查您的用户名和密码。'); - } else $success=true; - } - - if(!$success) { - $flashMessenger = $this->_helper->getHelper('FlashMessenger'); - $flashMessenger->setNamespace('actionErrors'); - $flashMessenger->addMessage($message); - $this->_redirect('/account/login'); - } else - { - $tohref = $this->_request->getParam('href'); - if(!empty($tohref)) - { - $this->_redirect($tohref); - }else{ - $this->_redirect($this->_request->getParam('return')); - } - - } - } else { - //$formData['redirect'] = $redirect; - //$form->populate($formData); - } - } - - function logoutAction() - { - $auth = Zend_Auth::getInstance(); - $auth->clearIdentity(); - require_once 'member.php'; - $mb=new member(); - $mb::flushcookie(); - $this->_redirect('/'); - } - - private function default_login($u,$p) - { - $auth = Zend_Auth::getInstance(); - $db=Zend_Registry::get('db'); - - $authAdapter = new Zend_Auth_Adapter_DbTable($db); - $authAdapter->setTableName('users') - ->setIdentityColumn('username') - ->setCredentialColumn('password'); - $authAdapter->setIdentity($u)->setCredential(md5($p)); - $result = $auth->authenticate($authAdapter); - if ($result->isValid()) { - - // success: store database row to auth's storage - $data = $authAdapter->getResultRowObject(null,'password'); - $auth->getStorage()->write($data); - $db->query("update users set ts_last_login=now() where username=?",array($u)); - - if ($this->_request->getParam('remember')) { - $sql="select usertype from users where username='$u'"; - $rs=$db->query($sql); - $row=$rs->fetch(); - if($row['usertype']!='administrator') - { - require_once 'member.php'; - $mb = new member(); - $mb -> putcookie($u,md5($p)); - } - } - - return true; - } - return false; - } - private function aspnet_login($p,$salt,$password) - { - $p1=implode("\x00",str_split($p))."\x00"; - $ball=base64_decode($salt).$p1; - return trim($password)==base64_encode(sha1($ball,true)); - } - // 首先判断是否存在salt - // 若有salt,则按照aspnet membership加密算法进行判断 - function login($u,$p) - { - $ut= new UsersTable(); - $db=$ut->getAdapter(); - $sql="select password,salt from users where username=?"; - $uq=$db->query($sql,array($u)); - if ($urow=$uq->fetchObject()) - { - if (empty($urow->salt)) - return $this->default_login($u,$p); - else { - //进行判断并进行转换到默认 - if ($this->aspnet_login($p,$urow->salt,$urow->password)) - { - $sql="update users set password=md5(?),salt='' where username=?"; - $db->query($sql,array($p,$u)); - return $this->default_login($u,$p); - } else - return false; - } - } else { - //没有对应的用户,登录失败 - return false; - } - } - function fetchpwdAction() - { - $ut= new UsersTable(); - $db=$ut->getAdapter(); - $form = new LostpwdForm(); - $key=$this->_request->getParam('key'); - $login=$this->_request->getParam('login'); - if (empty($key) && empty($login)) { - $this->view->form = $form; - if ($this->_request->isPost()) { - $formData = $this->_request->getPost(); - if ($form->isValid($formData)) { - $sql="select * from users where email=?"; - $uq=$db->query($sql,array($formData['email'])); - if ($urow=$uq->fetchObject()) - { - //email the url to user - $username=$urow->username; - $sql="update users set activation=? where email=?"; - $uid=uniqid(); - $db->query($sql,array($uid,$formData['email'])); - $mail=new WestdcMailer($this->view->config->smtp); - $body="尊敬的西部数据中心用户: - 有人提出了针对此用户名的密码重置请求。 - - 用户名:"; - $body.=$username; - $body.=" - - 若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。 -"; - $body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid; - $mail->setBodyText($body); - $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); - $mail->addTo($formData['email']); - $mail->setSubject('密码已重置'); - $mail->send(); - $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; - $this->view->form=false;//do not echo form - } else - $this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。'); - } - } else - $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; - } else { - $sql="select * from users where username=? and activation=?"; - $uq=$db->query($sql,array($login,$key)); - $tmp_pwd=uniqid(); - if ($urow=$uq->fetchObject()) - { - $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; - $db->query($sql,array($login,$key)); - $mail=new WestdcMailer($this->view->config->smtp); - $body="尊敬的西部数据中心用户: - 您的密码已修改。 - - 用户名:"; - $body.=$login; - $body.="密码:".$tmp_pwd; - $body.=" - http://westdc.westgis.ac.cn/account/login"; - $mail->setBodyText($body); - $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); - $mail->addTo($urow->email); - $mail->setSubject('您的新密码'); - $mail->send(); - $this->view->messages[]='请查收您新邮件中的新密码'; - $this->view->form=false;//do not echo form - - } - } - - } -} - +_redirect('/'); + } + function init() + { + $this->messenger=$this->_helper->getHelper('FlashMessenger'); + } + function postDispatch() + { + //$this->view->messages = $this->messenger->getMessages(); + } + function preDispatch() + { + $this->view->config = Zend_Registry::get('config'); + $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); + //$this->db=Zend_Registry::get('db'); + $this->view->messages = $this->messenger->getMessages(); + } + + function registerAction() + { + $form = new RegisterForm(); + $this->view->form = $form; + + if ($this->_request->isPost()) { + $formData = $this->_request->getPost(); + if ($form->isValid($formData)) { + $ut = new UsersTable(); + $u = $ut->createRow(); + $u->username = $form->getValue('username'); + $u->password = $form->getValue('password'); + $u->email=$form->getValue('email'); + if ($form->getValue('realname')) $u->realname=$form->getValue('realname'); + if ($form->getValue('phone')) $u->phone=$form->getValue('phone'); + if ($form->getValue('address')) $u->address=$form->getValue('address'); + if ($form->getValue('unit')) $u->unit=$form->getValue('unit'); + if ($form->getValue('project')) $u->project=$form->getValue('project'); + if ($u->save()) { + //发送欢迎邮件 + $mail=new WestdcMailer($this->view->config->smtp); + $body=file_get_contents($this->view->config->register->email->template); + $body=str_replace("[username]",$formData['username'],$body); + $mail->setBodyText($body); + $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); + $mail->addTo($formData['email']); + //中文标题有乱码,在1.5版本中尚未解决 + //ref: http://framework.zend.com/issues/browse/ZF-2532 + $mail->setSubject('欢迎使用中国西部环境与生态数据中心'); + $mail->send(); + + //自动登录系统 + $this->login($formData['username'],$formData['password']); + $this->_redirect('/'); + } + } else { + $form->populate($formData); + } + } + } + function editAction() + { + $form=new UsereditForm(); + $this->view->form=$form; + $auth = Zend_Auth::getInstance(); + $user = $auth->getIdentity(); + if ($this->_request->isPost()) { + $formData = $this->_request->getPost(); + if ($form->isValid($formData)) { + //save user info + $ut=new UsersTable(); + $row=$ut->fetchRow('id='.$formData['id']); + if (md5($formData['oldpassword'])==$row->password && $formData['password']) { + //修改密码 + $row->password=md5($formData['password']); + } + if ($formData['email']) $row->email=$formData['email']; + if ($formData['phone']) $row->phone=$formData['phone']; + if ($formData['realname']) $row->realname=$formData['realname']; + if ($formData['unit']) $row->unit=$formData['unit']; + if ($formData['address']) $row->address=$formData['address']; + if ($formData['project']) $row->project=$formData['project']; + $row->save(); + //todo:更新session信息 + } + } else { + /*$formData['id']=$user->id; + $formData['email']=$user->email; + $formData['phone']=$user->phone; + $formData['realname']=$user->realname; + $formData['unit']=$user->unit; + $formData['address']=$user->address; + $formData['project']=$user->project;*/ + $ut=new UsersTable(); + $row=$ut->fetchRow('id='.$user->id); + $formData['email']=$row->email; + $formData['phone']=$row->phone; + $formData['realname']=$row->realname; + $formData['unit']=$row->unit; + $formData['address']=$row->address; + $formData['project']=$row->project; + $formData['id']=$row->id; + $form->populate($formData); + } + } + function loginAction() + { + $form = new LoginForm(); + $success=false; + $message=''; + $this->view->form = $form; + $auth = Zend_Auth::getInstance(); + if ($auth->hasIdentity()) $this->_redirect('/account'); + if ($this->_request->isPost()) { + $formData = $this->_request->getPost(); + if ($form->isValid($formData)) { + if (!$this->login($formData['username'],$formData['password'])) + { + $this->messenger->addMessage('登录失败,请检查您的用户名和密码。'); + } else $success=true; + } + + if(!$success) { + $flashMessenger = $this->_helper->getHelper('FlashMessenger'); + $flashMessenger->setNamespace('actionErrors'); + $flashMessenger->addMessage($message); + $this->_redirect('/account/login'); + } else + { + $tohref = $this->_request->getParam('href'); + if(!empty($tohref)) + { + $this->_redirect($tohref); + }else{ + $this->_redirect($this->_request->getParam('return')); + } + + } + } else { + //$formData['redirect'] = $redirect; + //$form->populate($formData); + } + } + + function logoutAction() + { + $auth = Zend_Auth::getInstance(); + $auth->clearIdentity(); + require_once 'member.php'; + $mb=new member(); + member::flushcookie(); + $this->_redirect('/'); + } + + private function default_login($u,$p) + { + $auth = Zend_Auth::getInstance(); + $db=Zend_Registry::get('db'); + + $authAdapter = new Zend_Auth_Adapter_DbTable($db); + $authAdapter->setTableName('users') + ->setIdentityColumn('username') + ->setCredentialColumn('password'); + $authAdapter->setIdentity($u)->setCredential(md5($p)); + $result = $auth->authenticate($authAdapter); + if ($result->isValid()) { + + // success: store database row to auth's storage + $data = $authAdapter->getResultRowObject(null,'password'); + $auth->getStorage()->write($data); + $db->query("update users set ts_last_login=now() where username=?",array($u)); + + if ($this->_request->getParam('remember')) { + $sql="select usertype from users where username='$u'"; + $rs=$db->query($sql); + $row=$rs->fetch(); + if($row['usertype']!='administrator') + { + require_once 'member.php'; + $mb = new member(); + $mb -> putcookie($u,md5($p)); + } + } + + return true; + }else + { + return false; + } + return false; + } + private function aspnet_login($p,$salt,$password) + { + $p1=implode("\x00",str_split($p))."\x00"; + $ball=base64_decode($salt).$p1; + return trim($password)==base64_encode(sha1($ball,true)); + } + // 首先判断是否存在salt + // 若有salt,则按照aspnet membership加密算法进行判断 + function login($u,$p) + { + $ut= new UsersTable(); + $db=$ut->getAdapter(); + $sql="select password,salt from users where username=?"; + $uq=$db->query($sql,array($u)); + if ($urow=$uq->fetchObject()) + { + if (empty($urow->salt)) + return $this->default_login($u,$p); + else { + //进行判断并进行转换到默认 + if ($this->aspnet_login($p,$urow->salt,$urow->password)) + { + $sql="update users set password=md5(?),salt='' where username=?"; + $db->query($sql,array($p,$u)); + return $this->default_login($u,$p); + } else + return false; + } + } else { + //没有对应的用户,登录失败 + return false; + } + } + function fetchpwdAction() + { + $ut= new UsersTable(); + $db=$ut->getAdapter(); + $form = new LostpwdForm(); + $key=$this->_request->getParam('key'); + $login=$this->_request->getParam('login'); + if (empty($key) && empty($login)) { + $this->view->form = $form; + if ($this->_request->isPost()) { + $formData = $this->_request->getPost(); + if ($form->isValid($formData)) { + $sql="select * from users where email=?"; + $uq=$db->query($sql,array($formData['email'])); + if ($urow=$uq->fetchObject()) + { + //email the url to user + $username=$urow->username; + $sql="update users set activation=? where email=?"; + $uid=uniqid(); + $db->query($sql,array($uid,$formData['email'])); + $mail=new WestdcMailer($this->view->config->smtp); + $body="尊敬的西部数据中心用户: + 有人提出了针对此用户名的密码重置请求。 + + 用户名:"; + $body.=$username; + $body.=" + + 若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。 +"; + $body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid; + $mail->setBodyText($body); + $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); + $mail->addTo($formData['email']); + $mail->setSubject('密码已重置'); + $mail->send(); + $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; + $this->view->form=false;//do not echo form + } else + $this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。'); + } + } else + $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; + } else { + $sql="select * from users where username=? and activation=?"; + $uq=$db->query($sql,array($login,$key)); + $tmp_pwd=uniqid(); + if ($urow=$uq->fetchObject()) + { + $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; + $db->query($sql,array($login,$key)); + $mail=new WestdcMailer($this->view->config->smtp); + $body="尊敬的西部数据中心用户: + 您的密码已修改。 + + 用户名:"; + $body.=$login; + $body.="密码:".$tmp_pwd; + $body.=" + http://westdc.westgis.ac.cn/account/login"; + $mail->setBodyText($body); + $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); + $mail->addTo($urow->email); + $mail->setSubject('您的新密码'); + $mail->send(); + $this->view->messages[]='请查收您新邮件中的新密码'; + $this->view->form=false;//do not echo form + + } + } + + } +} + diff --git a/application/models/LoginForm.php b/application/models/LoginForm.php index 4f17cba1..81d961d0 100755 --- a/application/models/LoginForm.php +++ b/application/models/LoginForm.php @@ -1,50 +1,82 @@ -setName('login'); - - $username = new Zend_Form_Element_Text('username'); - $username->setLabel('用户名') - ->setRequired(true) - ->addFilter('StripTags') - ->addFilter('StringTrim') - ->addValidator('NotEmpty'); - - $password=new Zend_Form_Element_Password('password'); - $password->setLabel('密码')->setRequired(true); - - $remember=new Zend_Form_Element_Checkbox('remember'); - $remember->setLabel('记住我'); - $id = new Zend_Form_Element_Hidden('id'); - - $submit = new Zend_Form_Element_Submit('submit'); - $submit->setLabel('登录'); - $submit->setAttrib('id', 'submitbutton'); - - $this->addElements(array($id, $username, $password, $remember, $submit)); - $this->clearDecorators(); - $this->addDecorator('FormElements') - ->addDecorator('HtmlTag', array('tag' => '