修改了首页，增加了数据上传功能（未完成），修改了登录和注册程序

2012-04-20 12:56:50 +00:00 · 2012-04-20 12:56:50 +00:00 · af03bace74
parent a538246580
commit af03bace74
18 changed files with 1917 additions and 549 deletions
--- a/application/default/controllers/AccountController.php
+++ b/application/default/controllers/AccountController.php
@ -1,300 +1,654 @@
-<?php
-
-class AccountController extends Zend_Controller_Action 
-{
-    function indexAction()
-    {
-        $this->_redirect('/');
-    }
-    function init()
-    {
-    	$this->messenger=$this->_helper->getHelper('FlashMessenger');
-    }
-    function postDispatch()
-    {    	
-    	//$this->view->messages = $this->messenger->getMessages();
-    }
-    function preDispatch()
-    {
-    	$this->view->config = Zend_Registry::get('config');
-		$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
-		//$this->db=Zend_Registry::get('db');
-		$this->view->messages = $this->messenger->getMessages();
-    }  
-        
-    function registerAction()
-    {
-        $form = new RegisterForm();
-        $this->view->form = $form;
-        
-        if ($this->_request->isPost()) {
-            $formData = $this->_request->getPost();
-            if ($form->isValid($formData)) {
-                $ut = new UsersTable();
-                $u = $ut->createRow();
-                $u->username = $form->getValue('username');
-                $u->password = $form->getValue('password');
-                $u->email=$form->getValue('email');
-                if ($form->getValue('realname'))  $u->realname=$form->getValue('realname');
-                if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
-                if ($form->getValue('address')) $u->address=$form->getValue('address');
-                if ($form->getValue('unit')) $u->unit=$form->getValue('unit');                
-                if ($form->getValue('project'))  $u->project=$form->getValue('project');
-                if ($u->save()) {
-                	//发送欢迎邮件
-                	$mail=new WestdcMailer($this->view->config->smtp);
-						$body=file_get_contents($this->view->config->register->email->template);
-						$body=str_replace("[username]",$formData['username'],$body);
-                	$mail->setBodyText($body);
-						$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
-                	$mail->addTo($formData['email']);
-                	//中文标题有乱码，在1.5版本中尚未解决
-                	//ref: http://framework.zend.com/issues/browse/ZF-2532
-                	$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
-    					$mail->send();
-
-                	//自动登录系统
-                	$this->login($formData['username'],$formData['password']);
-                	$this->_redirect('/');
-                }
-            } else {
-                $form->populate($formData);
-            }
-        }
-    }
-    function editAction()
-    {
-    	$form=new UsereditForm();
-    	$this->view->form=$form;
-    	$auth = Zend_Auth::getInstance();
-    	$user = $auth->getIdentity();
-    	if ($this->_request->isPost()) {
-			$formData = $this->_request->getPost();
-         if ($form->isValid($formData)) {  
-         	//save user info
-         	$ut=new UsersTable();
-         	$row=$ut->fetchRow('id='.$formData['id']);
-         	if (md5($formData['oldpassword'])==$row->password && $formData['password']) {
-         	//修改密码
-					$row->password=md5($formData['password']);
-				}
-        		if ($formData['email']) $row->email=$formData['email'];
-         	if ($formData['phone']) $row->phone=$formData['phone'];
-         	if ($formData['realname']) $row->realname=$formData['realname'];
-         	if ($formData['unit']) $row->unit=$formData['unit'];
-         	if ($formData['address']) $row->address=$formData['address'];
-         	if ($formData['project']) $row->project=$formData['project'];
-         	$row->save();
-         	//todo:更新session信息
-         }  	
-    	} else {
-    		/*$formData['id']=$user->id;
-    		$formData['email']=$user->email;
-    		$formData['phone']=$user->phone;
-    		$formData['realname']=$user->realname;
-    		$formData['unit']=$user->unit;
-    		$formData['address']=$user->address;
-    		$formData['project']=$user->project;*/
-    		$ut=new UsersTable();
-    		$row=$ut->fetchRow('id='.$user->id);
-    		$formData['email']=$row->email;
-    		$formData['phone']=$row->phone;
-    		$formData['realname']=$row->realname;
-    		$formData['unit']=$row->unit;
-    		$formData['address']=$row->address;
-    		$formData['project']=$row->project;
-    		$formData['id']=$row->id;
-    		$form->populate($formData);
-    	}
-    }
-    function loginAction()
-    {
-        $form = new LoginForm();
-        $success=false;
-        $message='';
-        $this->view->form = $form;
-        $auth = Zend_Auth::getInstance();
-        if ($auth->hasIdentity())   $this->_redirect('/account');
-        if ($this->_request->isPost()) {
-            $formData = $this->_request->getPost();
-            if ($form->isValid($formData)) {
-                if (!$this->login($formData['username'],$formData['password']))
-                {
-                	$this->messenger->addMessage('登录失败，请检查您的用户名和密码。');
-                } else $success=true;
-            }
-       
-         if(!$success) {
-         	$flashMessenger = $this->_helper->getHelper('FlashMessenger');
-         	$flashMessenger->setNamespace('actionErrors');
-         	$flashMessenger->addMessage($message);
-         	$this->_redirect('/account/login');
-         } else 
-         {
-         	$tohref = $this->_request->getParam('href');
-         	if(!empty($tohref))
-         	{
-         		$this->_redirect($tohref);
-         	}else{
-         		$this->_redirect($this->_request->getParam('return'));
-         	}
-         	
-         }
-		} else {
-			//$formData['redirect'] = $redirect;
-			//$form->populate($formData);
-		}
-    }
-    
-    function logoutAction()
-    {
-    	$auth = Zend_Auth::getInstance();
-    	$auth->clearIdentity();
-    	require_once 'member.php';
-    	$mb=new member();
-    	$mb::flushcookie();
-    	$this->_redirect('/');
-    }	
-
-    private function default_login($u,$p)
-    {
-    	$auth = Zend_Auth::getInstance();
-    	$db=Zend_Registry::get('db');
-    	
-    	$authAdapter = new Zend_Auth_Adapter_DbTable($db);
-    	$authAdapter->setTableName('users')
-                            ->setIdentityColumn('username')
-                            ->setCredentialColumn('password');
-      $authAdapter->setIdentity($u)->setCredential(md5($p));
-      $result = $auth->authenticate($authAdapter);
-      if ($result->isValid()) {
-      	
-      	// success: store database row to auth's storage   	
-         $data = $authAdapter->getResultRowObject(null,'password');
-         $auth->getStorage()->write($data); 
-         $db->query("update users set ts_last_login=now() where username=?",array($u));
-         
-      	 if ($this->_request->getParam('remember')) {
-      	 	$sql="select usertype from users where username='$u'";
-      	 	$rs=$db->query($sql);
-      	 	$row=$rs->fetch();
-      	 	//if($row['usertype']!='administrator')
-      	 	{
-				require_once 'member.php';
-				$mb =  new member();
-				$mb -> putcookie($u,md5($p));
-      	 	}
-		 }
-         
-         return true;
-      }
-      return false;
-     }
-     private function aspnet_login($p,$salt,$password)
-     {
-       $p1=implode("\x00",str_split($p))."\x00";
-       $ball=base64_decode($salt).$p1;
-       return trim($password)==base64_encode(sha1($ball,true));
-     }
-    // 首先判断是否存在salt
-    // 若有salt，则按照aspnet membership加密算法进行判断
-    function login($u,$p)
-    {
-      $ut= new UsersTable();
-      $db=$ut->getAdapter();
-      $sql="select password,salt from users where username=?";
-      $uq=$db->query($sql,array($u));
-      if ($urow=$uq->fetchObject())
-      {
-        if (empty($urow->salt))
-          return $this->default_login($u,$p);
-        else {          
-          //进行判断并进行转换到默认
-          if ($this->aspnet_login($p,$urow->salt,$urow->password))
-          {
-            $sql="update users set password=md5(?),salt='' where username=?";
-            $db->query($sql,array($p,$u));
-            return $this->default_login($u,$p);
-          } else 
-            return false;
-        }
-      } else {
-        //没有对应的用户，登录失败
-        return false;
-      }
-    }
-	function fetchpwdAction()
-	{
-      $ut= new UsersTable();
-      $db=$ut->getAdapter();
-		$form = new LostpwdForm();
-		$key=$this->_request->getParam('key');
-		$login=$this->_request->getParam('login');
-		if (empty($key) && empty($login)) {
-        	$this->view->form = $form;
-        	if ($this->_request->isPost()) {
-            $formData = $this->_request->getPost();
-            if ($form->isValid($formData)) {
-            	$sql="select * from users where email=?";
-            	$uq=$db->query($sql,array($formData['email']));
-            	if ($urow=$uq->fetchObject())
-            	{
-            		//email the url to user
-            		$username=$urow->username;
-            		$sql="update users set activation=? where email=?";
-            		$uid=uniqid();
-            		$db->query($sql,array($uid,$formData['email']));
-                	$mail=new WestdcMailer($this->view->config->smtp);
-                	$body="尊敬的西部数据中心用户：
-    有人提出了针对此用户名的密码重置请求。
-	
-	用户名：";
-						$body.=$username;
-						$body.="
-
- 若想重置您的密码请打开下面的链接，否则请忽略此邮件，一切如常。
-";
-						$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
-                	$mail->setBodyText($body);
-						$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
-                	$mail->addTo($formData['email']);
-                	$mail->setSubject('密码已重置');
-    					$mail->send();
-            		$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
-            		$this->view->form=false;//do not echo form
-            	} else             	
-                	$this->messenger->addMessage('对不起，没有找到对应的电子邮件地址。');
-            } 
-      	} else 
-          	$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
-		} else {
-			$sql="select * from users where username=? and activation=?";
-			$uq=$db->query($sql,array($login,$key));
-			$tmp_pwd=uniqid();
-			if ($urow=$uq->fetchObject())
-			{
-				$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
-				$db->query($sql,array($login,$key));
-				$mail=new WestdcMailer($this->view->config->smtp);
-                	$body="尊敬的西部数据中心用户：
-    您的密码已修改。
-	
-	用户名：";
-						$body.=$login;
-						$body.="密码：".$tmp_pwd;
-						$body.="
-    http://westdc.westgis.ac.cn/account/login";
-                	$mail->setBodyText($body);
-						$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
-                	$mail->addTo($urow->email);
-                	$mail->setSubject('您的新密码');
-    					$mail->send();
-            		$this->view->messages[]='请查收您新邮件中的新密码';
-            		$this->view->form=false;//do not echo form
-				 
-			}
-		}
-
-    }
-}
-
+<?php
+
+class AccountController extends Zend_Controller_Action 
+{
+    function indexAction()
+    {
+        $this->_redirect('/');
+    }
+    function init()
+    {
+    	$this->messenger=$this->_helper->getHelper('FlashMessenger');
+    }
+    function postDispatch()
+    {    	
+    	//$this->view->messages = $this->messenger->getMessages();
+    }
+    function preDispatch()
+    {
+    	$this->view->config = Zend_Registry::get('config');
+		$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
+		$this->db=Zend_Registry::get('db');
+		$this->view->messages = $this->messenger->getMessages();
+    }
+        
+    function registerAction()
+    {
+        $reg = $this->_request->getParam('submit');
+        if(!empty($reg))
+		{
+			$this->_helper->layout->disableLayout();
+  			$this->_helper->viewRenderer->setNoRender();
+			try{
+				
+				$username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8');
+				$name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
+				$email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8');
+				$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
+				$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
+				$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
+				$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
+				$password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8');
+				$password_confirm  = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8');
+				$vdcode  = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
+				
+				include_once('ajax/box.php');
+				
+				if(strlen($username)<6)
+				{
+					echo box::warning('用户名不能少于6个字符');
+					exit();
+				}
+				
+				if(strlen($username)>20)
+				{
+					echo box::warning('用户名不能超过20个字符');
+					exit();
+				}
+				
+				if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username))
+				{
+					echo box::warning("用户名只能包含英文字母及数字");
+					exit();
+				}
+				
+				if(strlen($name)<2)
+				{
+					echo box::warning("姓名太短");
+					exit();
+				}
+				
+				if(strlen($name)>32)
+				{
+					echo box::warning("姓名太长");
+					exit();
+				}
+				
+				if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name))
+				{
+					echo box::warning("姓名中包含非法字符");
+					exit();
+				}
+					
+				if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
+				{
+					echo box::warning("请输入正确的Email地址");
+					exit();
+				}
+				
+				if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone))
+				{
+					echo box::warning("请输入正确的电话号码");
+					exit();
+				}
+				
+				if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit))
+				{
+					echo box::warning("输入的内容中包含非法字符");
+					exit();
+				}
+				
+				if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address))
+				{
+					echo box::warning("地址中包含非法字符");
+					exit();
+				}
+				
+				$match = "/[\"|'|\\\]/i";
+				
+				if(preg_match($match,$password) || preg_match($match,$password_confirm))
+				{
+					echo box::warning("密码中包含非法字符，请重新输入");
+					exit();
+				}
+				
+				if(empty($password))
+				{
+					echo box::warning("请输入密码");
+					exit();
+				}
+				
+				if(strlen($password)<6)
+				{
+					echo box::warning("密码太短");
+					exit();
+				}
+				
+				if(strlen($password)>20)
+				{
+					echo box::warning("密码长度不能超过20个字符");
+					exit();
+				}
+				
+				if($password!==$password_confirm)
+				{
+					echo box::warning("两次输入的密码不同");
+					exit();
+				}
+				
+				$sql = "select id from users where username like '%$username%'";
+				$rs = $this->db->query($sql);
+				$row = $rs->fetch();
+				
+				if($row['id']>0)
+				{
+					echo box::warning("该用户名已经被占用，请更换");
+					exit();
+				}
+				
+				$sql = "select id from users where email like '%$email%'";
+				$rs = $this->db->query($sql);
+				$row = $rs->fetch();
+				
+				if($row['id']>0)
+				{
+					echo box::warning("该Email已经被使用，请更换");
+					exit();
+				}
+				
+				if($vdcode != $_SESSION['vdcodes'])
+				{
+					echo box::warning("验证码错误");
+					exit();
+				}
+				
+				$sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,usertype)
+						VALUES (?,?,?,?,?,?,?,?,?)";
+						
+				$sth = $this->db->prepare($sql);
+				$ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,'member'));
+				
+				//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
+				//		VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
+				//$ec = $this->db->exec($sql);
+				if($ec)
+				{
+					$this->login($username,md5($password));
+					echo box::success("<script>$('#signup').hide();$('#info').html('注册成功!<br /><a href=\"\/\">网站首页</a>  <a href=\"\/account\/edit\">我的帐号</a>')</script>");
+					exit();
+				}
+				else
+				{
+					echo box::warning("An error occurred!Re-try please!");
+					exit();
+				}
+			}catch(Exception $e){
+				echo box::warning("An error occurred!".$e->getMessage());
+				exit();
+			}
+		}//ajax 注册
+    }
+	
+	
+    function editAction()
+    {
+		$auth = Zend_Auth::getInstance();
+        if ($auth->hasIdentity())
+		{
+			$user = $auth->getIdentity();
+            $username = $user->username;
+			$sql = "select * from users where username='$username'";
+			$rs = $this->db->query($sql);
+			$rows = $rs->fetch();
+			$this->view->user = $rows;
+		}
+    }
+	
+	
+	function saveoptAction()
+	{
+		$this->_helper->layout->disableLayout();
+  		$this->_helper->viewRenderer->setNoRender();
+		
+		$opt = $this->_request->getParam('opt');
+		
+		$auth = Zend_Auth::getInstance();
+        if ($auth->hasIdentity())
+		{
+			$user = $auth->getIdentity();
+            $username = $user->username;
+			$sql = "select * from users where username='$username'";
+			$rs = $this->db->query($sql);
+			$rows = $rs->fetch();
+			$this->view->user = $rows;
+		}
+		else
+		{
+			echo "You must log in";
+			exit();
+		}
+		
+		if($opt == 'general')
+		{
+			$realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
+			$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
+			$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
+			$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
+			$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
+			
+			try{
+				
+				if(empty($realname))
+				{
+					echo "Please enter your Name";
+					exit();
+				}
+				
+				$sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project' WHERE id='{$rows['id']}'";
+				if($this->db->query($sql))
+				{
+					echo "Saved!";
+					exit();
+				}else{
+					echo "Failed!";
+					exit();
+				}
+				
+				//Error!Retry please!SQLSTATE[42P02]: Undefined parameter: 7 错误: 没有参数 $1 CONTEXT: Error occurred on dblink connection named "unnamed": could not execute command.
+			}catch (Exception $e){
+				echo "An error occurred!";
+				exit();
+			}
+		}
+		
+		else if ($opt == 'email')
+		{
+			$email = substr(trim($this->_request->getParam('email')),0,100);
+			$password = trim($this->_request->getParam('password'));
+			
+			try{
+				
+				if(empty($email))
+				{
+					echo "Please enter your E-mail";
+					exit();
+				}
+				
+				if(empty($password))
+				{
+					echo "Please enter your password";
+					exit();
+				}
+				
+				if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
+				{
+					echo "Incorrect email";
+					exit();
+				}
+				
+				if(md5($password)!==$rows['password']){
+					echo "The password you entered is incorrect.Please re-enter your password";
+					exit();
+				}
+				
+				$sql = "UPDATE users SET email='$email' where id='{$rows['id']}'";
+				if($this->db->query($sql))
+				{
+					echo "Saved!";
+					exit();
+				}else{
+					echo "Failed!";
+					exit();
+				}
+			}catch(Exception $e){
+				echo "An error occurred!";
+				exit();
+			}
+			
+		}
+		
+		else if ($opt == 'password')
+		{
+			$password = trim($this->_request->getParam('password'));
+			$password_new = trim($this->_request->getParam('password_new'));
+			$password_confirm = trim($this->_request->getParam('password_confirm'));
+			
+			$match = "/[\"|'|\\\]/i";
+			
+			if(empty($password))
+			{
+				echo "Please enter your password";
+				exit();
+			}
+			
+			if(empty($password_new))
+			{
+				echo "Please enter your new password";
+				exit();
+			}
+			
+			if($password==$password_new)
+			{
+				echo "New password cannot be same as the old";
+				exit();
+			}
+			
+			if(empty($password_confirm))
+			{
+				echo "Please re-enter your new password";
+				exit();
+			}
+			
+			if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password))
+			{
+				echo "The password you entered is incorrect.Please re-enter your password";
+				exit();
+			}
+			
+			if(strlen($password_new)<6)
+			{
+				echo "Your new password is too short";
+				exit();
+			}
+			
+			if(strlen($password_new)>20)
+			{
+				echo "Your new password is too long";
+				exit();
+			}
+			
+			if(md5($password_new) !== md5($password_confirm))
+			{
+				echo "Entered passwords differ from the another";
+				exit();
+			}
+			
+			try{
+				
+				$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'";
+				if($this->db->query($sql))
+				{
+					echo "Changes Saved!";
+					exit();
+				}else{
+					echo "Failed!Please check the input content";
+					exit();
+				}
+				
+			}catch(Exception $e){
+				echo "An error occurred!";
+				exit();
+			}
+			
+		}
+		
+		else
+		{
+			exit();
+		}
+	} //saveopt ajax修改用户信息	
+	
+    function loginAction()
+    {
+		$submit = $this->_request->getParam('submit');
+		
+		if(!empty($submit))
+		{
+		
+		$this->_helper->layout->disableLayout();
+		$this->_helper->viewRenderer->setNoRender();
+
+        $success=false;
+        $message='';
+
+        $auth = Zend_Auth::getInstance();
+        if ($auth->hasIdentity())
+		$this->_redirect('/account');
+		
+		$username = trim($this->_request->getParam('username'));
+		$password = trim($this->_request->getParam('password'));
+		$vdcode  = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
+		
+		include_once('ajax/box.php');
+				
+		if(empty($username))
+		{
+			echo box::warning('请输入用户名');
+			exit();
+		}
+		
+		if(empty($password))
+		{
+			echo box::warning('请输入密码');
+			exit();
+		}
+		
+		if(empty($vdcode))
+		{
+			echo box::warning('请输入验证码');
+			exit();
+		}
+		 
+		 if($vdcode != $_SESSION['vdcodes'])
+		{
+			echo box::warning("验证码错误");
+			exit();
+		}
+		
+		if (!$this->login($username,$password))
+        {
+            echo box::error('用户名或密码错误');
+			exit();
+         }
+		 
+		 else 
+		 {
+		 	echo box::success('登录成功，<a href="/">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\'\/\';",2000);</script>');
+			exit();
+		 }
+
+       
+         
+         $tohref = $this->_request->getParam('href');
+         if(!empty($tohref))
+         {
+         		$this->_redirect($tohref);
+         }else{
+         		$this->_redirect($this->_request->getParam('return'));
+         }
+		 
+		}
+    }
+    
+    function logoutAction()
+    {
+		$this->_helper->layout->disableLayout();
+		$this->_helper->viewRenderer->setNoRender();
+		
+		$auth = Zend_Auth::getInstance();
+        if ($auth->hasIdentity())
+    	{
+			$auth->clearIdentity();
+			require_once 'member.php';
+			member::flushcookie();
+			$this->_redirect('/');
+		}
+    }
+
+    private function default_login($u,$p)
+    {
+    	$auth = Zend_Auth::getInstance();
+    	$db=Zend_Registry::get('db');
+    	
+    	$authAdapter = new Zend_Auth_Adapter_DbTable($db);
+    	$authAdapter->setTableName('users')
+                            ->setIdentityColumn('username')
+                            ->setCredentialColumn('password');
+      $authAdapter->setIdentity($u)->setCredential(md5($p));
+      $result = $auth->authenticate($authAdapter);
+      if ($result->isValid()) {
+      	
+      	// success: store database row to auth's storage   	
+         $data = $authAdapter->getResultRowObject(null,'password');
+         $auth->getStorage()->write($data); 
+         $db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u));
+         
+      	 if ($this->_request->getParam('remember')) {
+				require_once 'member.php';
+				$mb =  new member();
+				$mb -> putcookie($u,md5($p));
+		 }
+         
+         return true;
+      }
+      return false;
+     }
+     private function aspnet_login($p,$salt,$password)
+     {
+       $p1=implode("\x00",str_split($p))."\x00";
+       $ball=base64_decode($salt).$p1;
+       return trim($password)==base64_encode(sha1($ball,true));
+     }
+    // 首先判断是否存在salt
+    // 若有salt，则按照aspnet membership加密算法进行判断
+    function login($u,$p)
+    {
+		$db=Zend_Registry::get('db');
+      $sql="select password,salt from users where username=?";
+      $uq=$db->query($sql,array($u));
+      if ($urow=$uq->fetchObject())
+      {
+        if (empty($urow->salt))
+          return $this->default_login($u,$p);
+        else {          
+          //进行判断并进行转换到默认
+          if ($this->aspnet_login($p,$urow->salt,$urow->password))
+          {
+            $sql="update users set password=md5(?),salt='' where username=?";
+            $db->query($sql,array($p,$u));
+            return $this->default_login($u,$p);
+          } else 
+            return false;
+        }
+      } else {
+        //没有对应的用户，登录失败
+        return false;
+      }
+    }
+	
+	function fetchpwdAction()
+	{
+		
+		$this->_helper->layout->disableLayout();
+		$this->_helper->viewRenderer->setNoRender();
+
+        $auth = Zend_Auth::getInstance();
+        if ($auth->hasIdentity())
+		$this->_redirect('/account');
+		
+		$email = $this->_request->getParam('email');
+		
+		include_once('ajax/box.php');
+		if(empty($email))
+		{
+			echo box::warning('请输入要找回密码的账户所对应的Email地址');
+			exit();
+		}
+		
+		if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
+		{
+			echo box::warning("请输入正确的Email地址");
+			exit();
+		}
+		
+		$sql = "SELECT * FROM users WHERE email=?";
+		$sth = $this->db->prepare($sql);
+		$sth->execute(array($email));
+		$row = $sth->fetch();
+		
+		if($row['id']=='')
+		{
+			echo box::error("未找到对应用户");
+			exit();
+		}
+		
+		
+		//email the url to user
+        $username=$row['username'];
+        $sql="update users set activation=? where email=?";
+        $uid=uniqid();
+        $db->query($sql,array($uid,$formData['email']));
+                	$mail=new WestdcMailer($this->view->config->smtp);
+						$mailtp=new EmailText($this->db,
+							'member-fetchpwd',
+							array('user' => $username,'uid'=>$uid)
+						);
+						$mail->setBodyText($mailtp->getBody());
+						$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
+						$mail->setSubject($mailtp->getSubject());
+        $mail->addTo($email);
+    	$mail->send();
+        $this->view->messages[]='Please check the activation link in your email.';
+        $this->view->form=false;//do not echo form
+		
+		
+		
+      $ut= new UsersTable();
+      $db=$ut->getAdapter();
+		$form = new LostpwdForm();
+		$key=$this->_request->getParam('key');
+		$login=$this->_request->getParam('login');
+		if (empty($key) && empty($login)) {
+        	$this->view->form = $form;
+        	if ($this->_request->isPost()) {
+            $formData = $this->_request->getPost();
+            if ($form->isValid($formData)) {
+            	$sql="select * from users where email=?";
+            	$uq=$db->query($sql,array($formData['email']));
+            	if ($urow=$uq->fetchObject())
+            	{
+            		//email the url to user
+            		$username=$urow->username;
+            		$sql="update users set activation=? where email=?";
+            		$uid=uniqid();
+            		$db->query($sql,array($uid,$formData['email']));
+                	$mail=new WestdcMailer($this->view->config->smtp);
+						$mailtp=new EmailText($this->db,
+							'member-fetchpwd',
+							array('user' => $username,'uid'=>$uid)
+						);
+						$mail->setBodyText($mailtp->getBody());
+						$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
+						$mail->setSubject($mailtp->getSubject());
+                	$mail->addTo($formData['email']);
+    					$mail->send();
+            		$this->view->messages[]='Please check the activation link in your email.';
+            		$this->view->form=false;//do not echo form
+            	} else             	
+                	$this->messenger->addMessage('Sorry, the email is not found.');
+            } 
+      	} else 
+          	$this->view->messages[]='Please input your email, you will get the new password in your email.';
+		} else {
+			$sql="select * from users where username=? and activation=?";
+			$uq=$db->query($sql,array($login,$key));
+			$tmp_pwd=uniqid();
+			if ($urow=$uq->fetchObject())
+			{
+				$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
+				$db->query($sql,array($login,$key));
+				$mail=new WestdcMailer($this->view->config->smtp);
+				$mailtp=new EmailText($this->db,'member-resetpwd',
+						array('user' => $login,'pwd'=>$tmp_pwd));
+				$mail->setBodyText($mailtp->getBody());
+				$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
+				$mail->setSubject($mailtp->getSubject());
+          	$mail->addTo($urow->email);
+				$mail->send();
+        		$this->view->messages[]='Please check your new password in your email.';
+        		$this->view->form=false;//do not echo form
+			}
+		}
+    }// function fetchpwdAction()
+}
+
--- a/application/default/controllers/ServiceController.php
+++ b/application/default/controllers/ServiceController.php
@ -56,6 +56,13 @@ class ServiceController extends Zend_Controller_Action
 			print base64_decode($thumb['data']);
 		}						
 	}
+	
+	public function getFileinfo($id){	
+		$sql = "select * from attachments where id='$id'";
+		$re= $this->db->query($sql);
+		$row= $re->fetch();
+		return $row;
+	}

    /*
    * 查看数据缩略大图
@ -115,8 +122,8 @@ class ServiceController extends Zend_Controller_Action
    		$sql="select id,title,uuid,description,filesize,fileformat from metadata where east<? and west>? and north<? and south>?";
    		if (!empty($key)) {
 				$search=new Search($key);
-				$where=$search->sql_expr(array("title","description"));
-				$sql.= " and ".$where;
+				$where=$search->sql_expr(array("title","description"));
+				$sql.= " and ".$where;
 				$sql.= " order by title";
    			$rows=$this->db->fetchAll($sql,array($e,$w,$n,$s,'%'.$key.'%','%'.$key.'%'));
    		} else {
@ -240,7 +247,7 @@ class ServiceController extends Zend_Controller_Action
 			$sql="select uuid,title,datatype,filesize,id from normalmetadata";
 			$md=$this->db->fetchAll($sql);
 			foreach($md as $m)
-			{
+			{
 				print $m["uuid"].",";
 				print $m["title"].",";
 				print ($m["datatype"]?"内部":"公开").",";
@ -1052,7 +1059,7 @@ class ServiceController extends Zend_Controller_Action
 			{
 				if($page > 0)
 				{
-					$pre = '<div class="pagnv"><a href="javascript:void(0);" onclick="recommend('. ($page-1) .')" class="pleft"><img src="/images/scroll_left.gif" /></a></div>';
+					$pre = '<div class="pagnv"><a href="javascript:void(0);" onClick="recommend('. ($page-1) .')" class="pleft"><img src="/images/scroll_left.gif" /></a></div>';
 				}
 				if($num > $pageSize*($page+1))
 				{
@ -1187,7 +1194,7 @@ class ServiceController extends Zend_Controller_Action
 				{
 					$pre = '<span class="disabled">&lt;</span>';
 				}else{
-					$pre = '<a href="javascript:void(0);" onclick="showdata('.$id.','. ($page-1) .')">&lt;</a>';
+					$pre = '<a href="javascript:void(0);" onClick="showdata('.$id.','. ($page-1) .')">&lt;</a>';
 				}
 				if($num <= $pageSize*($page+1))
 				{
@ -1214,42 +1221,42 @@ class ServiceController extends Zend_Controller_Action
 			}
 		echo '</ul>';
 		echo $pagnation;
-	}//文档页面相关数据
-	function geonetworkAction()
-	{
+	}//文档页面相关数据
+	function geonetworkAction()
+	{
 		$this->_helper->viewRenderer->setNoRender();
-		$this->_helper->layout->disableLayout();
+		$this->_helper->layout->disableLayout();
 		$auth = Zend_Auth::getInstance();
-		$url = $this->config->geonetwork->url.'/srv/cn/'.urldecode($this->_request->getParam('url'));
-		if (!$auth->hasIdentity())
-		{
-			$this->_redirect('/account/login?href=/service/geonetwork?url='.$url);
-		}
-		$user = $auth->getIdentity();
-		//need to get pwd from database
-		$sql='select username,md5(password) as pwd from users where id='.$user->id;
-		$this->db->setFetchMode(Zend_Db::FETCH_OBJ);
-		$row=$this->db->fetchRow($sql); 
-		$login=$this->config->geonetwork->url.'/srv/en/xml.user.login?username='.$row->username.'&password='.$row->pwd;
-		$body='<html>
-		<script type="text/javascript" src="/js/jquery-1.7.min.js"></script>
-		<script type="text/javascript">
-		var b = null;
-		$(document).ready(function() {
-			$.get(
- 				"'.$login.'",
- 				{},
- 				function(data){
-  					var url = "'.$url.'";    
-					$(location).attr("href",url);
- 				}
-			);
-		});
-		</script>
-		<body></body>
+		$url = $this->config->geonetwork->url.'/srv/cn/'.urldecode($this->_request->getParam('url'));
+		if (!$auth->hasIdentity())
+		{
+			$this->_redirect('/account/login?href=/service/geonetwork?url='.$url);
+		}
+		$user = $auth->getIdentity();
+		//need to get pwd from database
+		$sql='select username,md5(password) as pwd from users where id='.$user->id;
+		$this->db->setFetchMode(Zend_Db::FETCH_OBJ);
+		$row=$this->db->fetchRow($sql); 
+		$login=$this->config->geonetwork->url.'/srv/en/xml.user.login?username='.$row->username.'&password='.$row->pwd;
+		$body='<html>
+		<script type="text/javascript" src="/js/jquery-1.7.min.js"></script>
+		<script type="text/javascript">
+		var b = null;
+		$(document).ready(function() {
+			$.get(
+ 				"'.$login.'",
+ 				{},
+ 				function(data){
+  					var url = "'.$url.'";    
+					$(location).attr("href",url);
+ 				}
+			);
+		});
+		</script>
+		<body></body>
 		</html>';
 		$this->getResponse()->setHeader('Content-Type', 'text/html')
-                           ->setBody($body);
+                           ->setBody($body);
 	}	
 	
 	/*
@ -1262,30 +1269,30 @@ class ServiceController extends Zend_Controller_Action
 		include_once('ImgCode.php');
        $imagecode=new Custom_Controller_Plugin_ImgCode();
        $imagecode->image2();
-    }
-	
-	//header output	
-	function headerAction()
-	{
+    }
+	
+	//header output	
+	function headerAction()
+	{
 		$this->_helper->layout->disableLayout();
-		$this->_helper->viewRenderer->setNoRender();
-		$header=file_get_contents('../application/default/views/scripts/header.phtml');
+		$this->_helper->viewRenderer->setNoRender();
+		$header=file_get_contents('../application/default/views/scripts/header.phtml');
 		$content='<link rel="stylesheet" type="text/css" media="screen"
-             href="/css/default.css" />';
-		$content.=eval('?>'.$header);
-		$content.='<script src="/js/navi.js" type="text/javascript"></script>';
+             href="/css/default.css" />';
+		$content.=eval('?>'.$header);
+		$content.='<script src="/js/navi.js" type="text/javascript"></script>';
 		$this->getResponse()->setHeader('Content-Type', 'text/html')
-                           ->setBody($content);
-	}
-	
-	//footer output
-	function footerAction()
-	{
+                           ->setBody($content);
+	}
+	
+	//footer output
+	function footerAction()
+	{
 		$this->_helper->layout->disableLayout();
-		$this->_helper->viewRenderer->setNoRender();
-		$footer=file_get_contents('../application/default/views/scripts/footer.phtml');
+		$this->_helper->viewRenderer->setNoRender();
+		$footer=file_get_contents('../application/default/views/scripts/footer.phtml');
 		$this->getResponse()->setHeader('Content-Type', 'text/html')
-                           ->setBody($footer);
-	}
+                           ->setBody($footer);
+	}
 	    
 }
--- a/application/default/controllers/SubmitController.php
+++ b/application/default/controllers/SubmitController.php
@ -32,12 +32,12 @@ class SubmitController extends Zend_Controller_Action
    function helpAction(){
 	   
   }//helpAction()帮助文档
-   
-   //新建元数据
-   function newdataAction()
-   {
+   
+   //新建元数据
+   function newdataAction()
+   {
 	   $ac = $this->_request->getParam('ac');
-	   $id = $this->_request->getParam('id');
+	   $id = $this->_request->getParam('id');
 	   $this->wdb=Zend_Db::factory($this->view->config->geonetwork);
 	   
 	   $auth = Zend_Auth::getInstance();
@ -49,10 +49,10 @@ class SubmitController extends Zend_Controller_Action
 	   
 	   //在geonetwork中查看单条数据
 	   if (!empty($id) && empty($ac))
-	   {
+	   {
 	   	$this->view->url='metadata.show?id='.$id;
 	   	$this->_helper->viewRenderer('newdata-view');	   	
-	   }
+	   }
 	   //查看属于自己的所有的未提交数据列表
 	   else if((empty($ac) && empty($uuid))|| $ac=='list')
 	   {
@ -71,168 +71,333 @@ class SubmitController extends Zend_Controller_Action
 			$paginator->setView($this->view);
 			Zend_View_Helper_PaginationControl::setDefaultViewPartial('pagination_param.phtml');
 			$this->view->paginator=$paginator;			
-	   }
+	   }
 	   //元数据导入
 	   else if($ac=="import")
 	   {
 			$this->_helper->viewRenderer('newdata-import');
-	   }	   	   
+	   }	   	   
 	   //从模板新建元数据
 	   else if($ac=="add")
-	   {
+	   {
 	   	$keywords = $this->_request->getParam('q');
-			if(!empty($keywords))
+			if(!empty($keywords))
 			{
 				$this->view->q = $keywords;
-				$sql = "SELECT md.title,md.uuid,md.description,gn.id as gid FROM normalmetadata md 
+				$sql = "SELECT md.title,md.uuid,md.description,gn.id as gid FROM normalmetadata md 
 					left join geonetworkmetadata gn on md.uuid=gn.uuid
 					WHERE gn.id is not null";
 				$search=new Search($keywords);
 				$where=$search->sql_expr(array("md.title","md.description"));
-				$sql.=' and '.$where;
+				$sql.=' and '.$where;
 				$sql.=" order by md.ts_created desc";
 				$sth = $this->db->prepare($sql);
 				$sth->execute();
 				$rows = $sth->fetchAll();
-		
+		
 				$paginator = Zend_Paginator::factory($rows);
 				$paginator->setCurrentPageNumber($this->_getParam('page'));
 				$paginator->setItemCountPerPage(10);
 				$paginator->setView($this->view);
 				Zend_View_Helper_PaginationControl::setDefaultViewPartial('pagination_param.phtml');
-				$this->view->paginator=$paginator;
-			}
-			$sql="select id,(regexp_matches(data,'<resTitle>(.*)</resTitle>'))[1] as title from metadata where istemplate='y' and schemaid='iso19115'";
-			$sth=$this->wdb->prepare($sql);
-			$sth->execute();
-			$this->view->templates=$sth->fetchAll();
+				$this->view->paginator=$paginator;
+			}
+			$sql="select id,(regexp_matches(data,'<resTitle>(.*)</resTitle>'))[1] as title from metadata where istemplate='y' and schemaid='iso19115'";
+			$sth=$this->wdb->prepare($sql);
+			$sth->execute();
+			$this->view->templates=$sth->fetchAll();
 			$this->_helper->viewRenderer('newdata-add');
-	   }
-	   
-		//提交数据
-		else if($ac=="commit")
-		{
-			$this->_helper->layout->disableLayout();
-			$this->_helper->viewRenderer->setNoRender();
-		   
-			$data = "";
-			try{
-				$id = $this->_request->getParam('id');
-				if(empty($id) || !is_numeric($id))
-				{
-					$data = array("error"=>"参数错误");
-					$this->jsonexit($data);
-					return true;
-				}
-			   
-				$changelog = $this->_request->getParam('changelog');
-				if(empty($changelog))
-				{
-					$data = array("error"=>$this->alertbox('warning','请输入变更信息'));
-					$this->jsonexit($data);
-					return true;
-				}
-			   				
-				// 1. 权限认定：当前用户必须和其owner相同
-				// 数据应当没有评审状态，没有作者信息
-				$sql="select gn.id from geonetworkmetadata gn
-					left join mdstatus s on gn.uuid=s.uuid
-					left join mdauthor a on s.uuid=a.uuid
-					where s.id is not null and a.id is not null and gn.id=?";
-				$sth=$this->db->prepare($sql);
-				$sth->execute(array($id));
-				$row=$sth->fetch();
-				if (!emtpy($row))
-				{
-					$data = array("error"=>'错误的入口');
-					$this->jsonexit($data);
-					return true;
-				}
-				
-				$sql="select uuid from metadata where id=? and owner=?";
-				$sth=$this->wdb->prepare($sql);
-				$sth->execute(array($id,$u_id));
-				$row=$sth->fetch();
-				if (empty($row))
-				{
-					$data = array("error"=>'无权限修改数据');
-					$this->jsonexit($data);
-					return true;
-				}
-				// 保存数据作者信息
-				$sql="insert into mdauthor (uuid,userid,ts_activated,status) values(?,?,now(),1)";
-				$sth=$this->db->query($sql,array($row['uuid'],$u_id));
-				
-				// 2. 保存变化记录 save changelog & userid for the latest version
-				$sql = "UPDATE mdversion SET changelog=?,userid=? WHERE id in (select id from mdversion where uuid=? order by ts_created desc limit 1)";
-				$this->db->query($sql,array($changelog,$u_id,$row['uuid']));
-				
-				// 3. 保存数据评审状态
-				//导入元数据
-				$iso=new ISO19115();
-				$iso->saveDB($this->db,$row['xml']);
-				//进入评审库
-				$sql="insert into mdstatus (uuid,status,userid) select uuid,0,? from mdversion where id=?";
-				$this->db->query($sql,array($u_id,$id));
-						
-				//email to admin
-				$mail=new WestdcMailer($this->view->config->smtp);
-				$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
-				$mailtp=new EmailText($this->db,"metadata-new-admin",array(
-									'user' => $user->username,
-									'uuid' => $iso->uuid,
-									'email'=> $user->email,
-									//元数据标题
-									'title'=> $iso->resTitle,
-									));
-				$mail->setBodyText($mailtp->getBody());
-				$mail->setSubject($mailtp->getSubject());
-				if($this->debug==0)
-				{
-					$mail->addTo($this->view->config->service->email);
-				}else{
-					$mail->addTo($this->debug_email);
-				}
-				$mail->send();
-								
-				unset($mail);
-				unset($mailtp);
-				//email to author
-				$mail=new WestdcMailer($this->view->config->smtp);
-				$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
-				$mailtp=new EmailText($this->db,"metadata-new-author",array(
-									'user' => $user->username,
-									'uuid' => $iso->uuid,
-									'email'=> $user->email,
-									//元数据标题
-									'title'=> $iso->resTitle,
-									));
-				$mail->setBodyText($mailtp->getBody());
-				$mail->setSubject($mailtp->getSubject());
-				if($this->debug==0)
-				{
-					$mail->addTo($user->email);
-					$mail->addCc($this->view->config->service->email);
-				}else{
-					$mail->addTo($this->debug_email);
-				}
-				@$mail->send();
-					
-				$data = array("commited"=>1,"error"=>$this->alertbox('ok','该版本已经成功提交，请等待数据中心进一步处理!'));
-				$this->jsonexit($data);
-				return true;			
-			}catch(Exception $e) {
-			   $msg = "提交失败，请确认权限后重试";
-			   if($this->debug>0)
-			   {$msg .= $e->getMessage();}
-			   $data = array("error"=>$this->alertbox('error',$msg));
-			   $this->jsonexit($data);
-			   return true;
-			}
-	   }
+	   }
+	   
+		//提交数据
+		else if($ac=="commit")
+		{
+			$this->_helper->layout->disableLayout();
+			$this->_helper->viewRenderer->setNoRender();
+		   
+			$data = "";
+			try{
+				$id = $this->_request->getParam('id');
+				if(empty($id) || !is_numeric($id))
+				{
+					$data = array("error"=>"参数错误");
+					$this->jsonexit($data);
+					return true;
+				}
+			   
+				$changelog = $this->_request->getParam('changelog');
+				if(empty($changelog))
+				{
+					$data = array("error"=>$this->alertbox('warning','请输入变更信息'));
+					$this->jsonexit($data);
+					return true;
+				}
+			   				
+				// 1. 权限认定：当前用户必须和其owner相同
+				// 数据应当没有评审状态，没有作者信息
+				$sql="select gn.id from geonetworkmetadata gn
+					left join mdstatus s on gn.uuid=s.uuid
+					left join mdauthor a on s.uuid=a.uuid
+					where s.id is not null and a.id is not null and gn.id=?";
+				$sth=$this->db->prepare($sql);
+				$sth->execute(array($id));
+				$row=$sth->fetch();
+				if (!emtpy($row))
+				{
+					$data = array("error"=>'错误的入口');
+					$this->jsonexit($data);
+					return true;
+				}
+				
+				$sql="select uuid from metadata where id=? and owner=?";
+				$sth=$this->wdb->prepare($sql);
+				$sth->execute(array($id,$u_id));
+				$row=$sth->fetch();
+				if (empty($row))
+				{
+					$data = array("error"=>'无权限修改数据');
+					$this->jsonexit($data);
+					return true;
+				}
+				// 保存数据作者信息
+				$sql="insert into mdauthor (uuid,userid,ts_activated,status) values(?,?,now(),1)";
+				$sth=$this->db->query($sql,array($row['uuid'],$u_id));
+				
+				// 2. 保存变化记录 save changelog & userid for the latest version
+				$sql = "UPDATE mdversion SET changelog=?,userid=? WHERE id in (select id from mdversion where uuid=? order by ts_created desc limit 1)";
+				$this->db->query($sql,array($changelog,$u_id,$row['uuid']));
+				
+				// 3. 保存数据评审状态
+				//导入元数据
+				$iso=new ISO19115();
+				$iso->saveDB($this->db,$row['xml']);
+				//进入评审库
+				$sql="insert into mdstatus (uuid,status,userid) select uuid,0,? from mdversion where id=?";
+				$this->db->query($sql,array($u_id,$id));
+						
+				//email to admin
+				$mail=new WestdcMailer($this->view->config->smtp);
+				$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
+				$mailtp=new EmailText($this->db,"metadata-new-admin",array(
+									'user' => $user->username,
+									'uuid' => $iso->uuid,
+									'email'=> $user->email,
+									//元数据标题
+									'title'=> $iso->resTitle,
+									));
+				$mail->setBodyText($mailtp->getBody());
+				$mail->setSubject($mailtp->getSubject());
+				if($this->debug==0)
+				{
+					$mail->addTo($this->view->config->service->email);
+				}else{
+					$mail->addTo($this->debug_email);
+				}
+				$mail->send();
+								
+				unset($mail);
+				unset($mailtp);
+				//email to author
+				$mail=new WestdcMailer($this->view->config->smtp);
+				$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
+				$mailtp=new EmailText($this->db,"metadata-new-author",array(
+									'user' => $user->username,
+									'uuid' => $iso->uuid,
+									'email'=> $user->email,
+									//元数据标题
+									'title'=> $iso->resTitle,
+									));
+				$mail->setBodyText($mailtp->getBody());
+				$mail->setSubject($mailtp->getSubject());
+				if($this->debug==0)
+				{
+					$mail->addTo($user->email);
+					$mail->addCc($this->view->config->service->email);
+				}else{
+					$mail->addTo($this->debug_email);
+				}
+				@$mail->send();
+					
+				$data = array("commited"=>1,"error"=>$this->alertbox('ok','该版本已经成功提交，请等待数据中心进一步处理!'));
+				$this->jsonexit($data);
+				return true;			
+			}catch(Exception $e) {
+			   $msg = "提交失败，请确认权限后重试";
+			   if($this->debug>0)
+			   {$msg .= $e->getMessage();}
+			   $data = array("error"=>$this->alertbox('error',$msg));
+			   $this->jsonexit($data);
+			   return true;
+			}
+	   }
   }
   
   
+   function uploadAction(){
+	   
+	   $uuid = $this->_request->getParam('uuid');
+	   
+	   $this->view->uuid=$uuid;
+	   
+	   $ac = $this->_request->getParam('ac');
+	   
+	   $dataFilePath = "../data/";
+	   
+	   if($ac=='submit')
+	   {
+		  	
+			$this->_helper->layout()->disableLayout();
+			$this->_helper->viewRenderer->setNoRender();
+			
+			$auth = Zend_Auth::getInstance();
+			if($auth->hasIdentity())
+			{
+				$user = $auth->getIdentity();
+				$userid = $user->id;
+			}
+			
+			if(empty($userid))
+			{
+				$data = array("error"=>'请先登录后进行操作');
+				$this->jsonexit($data);
+				return true;
+			}
+			
+			if(empty($uuid))
+			{
+				$data = array("error"=>'参数错误'.$uuid);
+				$this->jsonexit($data);
+				return true;
+			}
+			
+			$files = $_REQUEST['files'];
+			
+			if(empty($files) || !is_array($files))
+			{
+				$data = array("error"=>'请先上传文件');
+				$this->jsonexit($data);
+				return true;
+			}
+			
+			//sql
+			
+			$data = array("error"=>'数据文件保存成功');
+			$this->jsonexit($data);
+			return true;
+			
+			
+		   
+		   
+	   }
+	   
+	   
+	   if(empty($ac) && !empty($_FILES['Filedata']))
+	   {
+		    $this->_helper->layout()->disableLayout();
+			$this->_helper->viewRenderer->setNoRender();
+			$data = "";
+			try{
+				$auth = Zend_Auth::getInstance();
+				if($auth->hasIdentity())
+				{
+					$user = $auth->getIdentity();
+					$userid = $user->id;
+				}
+				
+				if(empty($userid)||!is_numeric($userid)){
+					$data = array("error"=>'请先登录');
+					$this->jsonexit($data);
+					return true;
+				}
+				
+				include("files.php");
+				$msg = files::dataFilesUpload($dataFilePath,$_FILES['Filedata'],'datafiles',$uuid);
+				
+				if(empty($msg['error']))
+				{
+					$filename = $msg['db_path'];
+					$filesize = $msg['file_size'];
+					$filedesc = $this->_request->getParam('filedesc');
+					$filetype = $this->_request->getParam('dir');
+					$realname = $msg['realname'];
+					$fileurl  = $msg['file_url'];
+	
+					$sql = "insert into attachments (filename,filetype,filedesc,userid,filesize,realname) values ('$filename','datafiles','$filedesc','$userid','$filesize','$realname') RETURNING id";
+					$sth = $this->db->prepare($sql);
+					$sth->execute();
+					$att = $sth->fetch(PDO::FETCH_ASSOC);
+					$attid = $att['id'];
+					
+					$html = $realname.'[已完成]<input type="hidden" name="files[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
+					
+					$data = array(
+						'html'=>$html,
+						'attid'=>$attid,
+						'error'=>''
+					);
+					echo Zend_Json::encode($data);
+					exit();
+				}else{
+					@unlink($filename);
+					$data = array(
+						'error'=>'附件上传失败:'.$msg['error'],
+					);
+					echo Zend_Json::encode($data);
+					exit();
+				}
+	
+			}catch(Exception $e){
+				if($this->debug>0)
+				{
+					$error="错误：".$e->getMessage();
+				}else{
+					$error="处理中发生错误";
+				}
+				$data = array(
+					'error'=>$error,
+				);
+				echo Zend_Json::encode($data);
+				exit();
+			}
+	   }
+	   
+	   if($ac == 'del')
+	   {
+		    $this->_helper->layout()->disableLayout();
+			$this->_helper->viewRenderer->setNoRender();
+			
+			$id = $this->_request->getParam('id');
+			
+			$info = $this->getFileinfo($id);
+			$filepath = $dataFilePath.$info['filename'];
+			try{
+				$auth = Zend_Auth::getInstance();
+				if($auth->hasIdentity())
+				{
+					$user = $auth->getIdentity();
+					$userid = $user->id;
+					$sql = "delete from attachments where id='$id' and userid='$userid'";
+					if($this->db->exec($sql)>0)
+					{
+						@unlink($filepath);
+						echo "ok";
+					}
+				}
+				
+			}catch(Exception $e){}
+			//不输出任何错误
+	   }
+	   
+   }
+
+
+	public function getFileinfo($id){	
+		$sql = "select * from attachments where id='$id'";
+		$re= $this->db->query($sql);
+		$row= $re->fetch();
+		return $row;
+	}
+   
   //成为作者后的后继处理工作
   private function author_first($uuid,$author)
   {
--- a/application/default/views/scripts/account/login.phtml
+++ b/application/default/views/scripts/account/login.phtml
@ -1,23 +1,96 @@
-<?php
-	$this->headTitle($this->config->title->site);
-	$this->headTitle('用户登录');
-	$this->headTitle()->setSeparator(' - ');
-	$this->headLink()->appendStylesheet('/css/register.css');
-	$this->breadcrumb('<a href="/">首页</a>');
-	$this->breadcrumb('<a href="/account/login">用户登录</a>');
-	$this->breadcrumb()->setSeparator(' > ');
-?>
-<div id="info">
-<img src="/images/Login_title.gif" alt="西部数据中心用户登录" />
-<?php echo $this->form;?>
-</div>
-<div id="tool">
-<a href="/account/fetchpwd">忘记密码？</a><a href="/account/register">注册新用户</a>
-</div>
-<?php if (!empty($this->messages)) : ?>
-<div id="message">
-<?php 
-foreach ($this->messages as $info)echo $info;
- ?>
-</div>
-<?php endif; ?>
+<?php
+	$this->headTitle($this->config->title->site);
+	$this->headTitle('首页');
+	$this->headScript()->appendFile('/static/js/ajaxform.js');
+?>
+<!-- Page title -->
+<div id="pagetitle">
+	<div class="wrapper"></div>
+</div>
+<!-- End of Page title -->
+	
+	<!-- Page content -->
+	<div id="page">
+		<!-- Wrapper -->
+		<div class="wrapper-login" style="width:400px;margin:0px auto;">
+				<!-- Login form -->
+				<section class="full">					
+					
+					<h3>登录</h3>
+
+					<form id="loginform" method="post">
+
+						<p>
+							<label class="required" for="username">用户名 Username:</label><br/>
+							<input type="text" id="username" class="full" value="" name="username"/>
+						</p>
+						
+						<p>
+							<label class="required" for="password">密码 Password:</label><br/>
+							<input type="password" id="password" class="full" value="" name="password"/>
+						</p>
+                        
+                        <p>
+                        <label class="required">验证码 Validation code</label><br />
+                        <img id="imgcode" style="margin-bottom:-10px;cursor:pointer;border:0px;" src="/service/imgcode" onClick="this.src=this.src+'?'">&nbsp;<input type="text" name="vdcode" id="vdcode" maxlength="4" value="" /><br />
+                        <small>请输入图片中的字母和或数字，<a href="javascript:;" onClick="document.getElementById('imgcode').src=document.getElementById('imgcode').src+'?'">看不清?</a></small>
+                        </p>
+						
+						<p>
+							<input type="checkbox" id="remember" class="" value="1" name="remember"/>
+							<label class="choice" for="remember">记住我? Remember me?</label>
+						</p>
+						
+						<p>
+							<input type="submit" class="btn btn-green big" id="login_btn" value="登录 Login"/> &nbsp; <a href="javascript: //;" onclick="$('#emailform').slideDown(); return false;" title="忘记密码?">Forgot password?</a>
+						</p>
+                        <p id="login_return"></p>
+						<div class="clear">&nbsp;</div>
+                        <input type="hidden" name="submit" value="1" />
+
+					</form>
+					
+					<form id="emailform" style="display:none" method="post" action="#">
+						<div class="box">
+							<p id="emailinput">
+								<label for="email">Email:</label><br/>
+								<input type="text" id="getpwdemail" class="full" value="" name="email"/>
+							</p>
+							<p>
+								<input type="submit" class="btn" value="Send" id="getpwd"/>
+							</p>
+                            <p id="getpwd_return">
+                            	
+                            </p>
+						</div>
+					</form>
+					<script>
+					$('#loginform').ajaxform({
+							'submitBtn':'#login_btn',
+							'returnInfoBox':'#login_return',
+							'url':'/account/login'
+						});
+						
+						$('#loginform').bind('submit',function(){
+							 $('#login_btn').click();
+							 return false;
+							});
+						
+						$('#emailform').ajaxform({
+							'submitBtn':'#getpwd',
+							'returnInfoBox':'#getpwd_return',
+							'url':'/account/fetchpwd'
+						});
+						
+						$('#emailform').bind('submit',function(){
+							$('#getpwd').click();
+							 return false;
+							});
+					</script>
+				</section>
+				<!-- End of login form -->
+				
+		</div>
+		<!-- End of Wrapper -->
+	</div>
+	<!-- End of Page content -->
--- a/application/default/views/scripts/account/register.phtml
+++ b/application/default/views/scripts/account/register.phtml
@ -1,18 +1,90 @@
-<?php
-	$this->headTitle($this->config->title->site);
-	$this->headTitle('用户注册');
-	$this->headTitle()->setSeparator(' - ');
-	$this->headLink()->appendStylesheet('/css/register.css');
-	$this->breadcrumb('<a href="/">首页</a>');
-	$this->breadcrumb('<a href="/account/register">用户注册</a>');
-	$this->breadcrumb()->setSeparator(' > ');
-?>
-<div id="info">
-<img src="/images/pass_login1.gif" />&nbsp;确认服务条款&nbsp;&nbsp;
-<img src="/images/pass_pic_arrowhead_2.gif" />&nbsp;&nbsp;
-<img src="/images/pass_login2.gif" />&nbsp;填写基本信息&nbsp;&nbsp;
-<img src="/images/pass_pic_arrowhead_2.gif" />&nbsp;&nbsp;
-<img src="/images/pass_login3.gif" />&nbsp;注册完成
-
-
-<?php echo $this->form;?></div>
+<?php
+	$this->headTitle($this->config->title->site);
+	$this->headTitle('首页');
+	$this->headScript()->appendFile('/static/js/ajaxform.js');
+	$this->headScript()->appendFile('/static/js/jquery.passwordStrength.js');
+?>
+<!-- Page title -->
+<div id="pagetitle">
+	<div class="wrapper"></div>
+</div>
+<!-- End of Page title -->
+	
+	<!-- Page content -->
+	<div id="page">
+		<!-- Wrapper -->
+		<div class="wrapper-login" style="width:400px;margin:0px auto;">
+				<!-- Login form -->
+				<section class="full">					
+					<form id="signup">
+                    <fieldset>
+                    	<legend>注册</legend>
+                        <p>
+                        <label class="required">用户名 Username:</label><br />
+                        <input type="text" name="username" value="" class="half" /><br />
+                        <small>用于在网站登录</small>
+                        </p>
+                        <p>
+                        <label class="required">姓名 Name:</label><br />
+                        <input type="text" name="name" value="" class="half" /><br />
+                        <small>请填写真实姓名</small>
+                        </p>
+                        <p>
+                        <label class="required">电子邮箱 Email:</label><br />
+                        <input type="text" name="email" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>联系电话 Phone number:</label><br />
+                        <input type="text" name="phone" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>单位 Employer:</label><br />
+                        <input type="text" name="employer" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>地址 Address:</label><br />
+                        <input type="text" name="address" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>隶属项目 Project:</label><br />
+                        <textarea name="project" class="half"></textarea>
+                        </p>
+                        <p>
+                        <label class="required">密码 Password:</label><br />
+                        <input type="password" name="password" value="" id="password" class="half" />
+                        </p>
+                        <p>
+                        <div id="passwordStrengthDiv" class="is0"></div>
+                        </p>
+                        <p>
+                        <label class="required">确认密码 Re-type password:</label><br />
+                        <input type="password" name="password_confirm" id="password_confirm" value="" class="half" />
+                        </p>
+                        <p>
+                        <label class="required">验证码 Validation code</label><br />
+                        <img id="imgcode" style="margin-bottom:-10px;cursor:pointer;border:0px;" src="/service/imgcode" onClick="this.src=this.src+'?'">&nbsp;<input type="text" name="vdcode" id="vdcode" maxlength="4" value="" /><br />
+                        <small>请输入图片中的字母和或数字</small>
+                        </p>
+                        <p id="save_signup_returninfo"></p>
+                        <p>
+                        <button type="button" class="btn btn-green" id="save_signup">注册 Sign Up</button> <button type="reset" id="reset" class="btn">重置 Cancel</button>
+                        </p>
+                        </fieldset>
+                    </form>
+                    <p id="info">
+                        
+                    </p>
+					<script>
+					$('#signup').ajaxform({
+							//'form':'#signup',
+							'submitBtn':'#save_signup',
+							'returnInfoBox':'#save_signup_returninfo',
+							'url':'/account/register/submit/1'
+						});
+					$('#password').passwordStrength();
+					</script>
+				</section>
+		</div>
+      </div>
+
+	<!-- End of Page content -->
--- a/application/default/views/scripts/account/sign.phtml
+++ b/application/default/views/scripts/account/sign.phtml
@ -0,0 +1,90 @@
+<?php
+	$this->headTitle($this->config->title->site);
+	$this->headTitle('首页');
+	$this->headScript()->appendFile('/static/js/ajaxform.js');
+	$this->headScript()->appendFile('/static/js/jquery.passwordStrength.js');
+?>
+<!-- Page title -->
+<div id="pagetitle">
+	<div class="wrapper"></div>
+</div>
+<!-- End of Page title -->
+	
+	<!-- Page content -->
+	<div id="page">
+		<!-- Wrapper -->
+		<div class="wrapper-login">
+				<!-- Login form -->
+				<section class="full">					
+					<form id="signup">
+                    <fieldset>
+                    	<legend>注册</legend>
+                        <p>
+                        <label class="required">用户名 Username:</label><br />
+                        <input type="text" name="username" value="" class="half" /><br />
+                        <small>用于在网站登录</small>
+                        </p>
+                        <p>
+                        <label class="required">姓名 Name:</label><br />
+                        <input type="text" name="name" value="" class="half" /><br />
+                        <small>请填写真实姓名</small>
+                        </p>
+                        <p>
+                        <label class="required">电子邮箱 Email:</label><br />
+                        <input type="text" name="email" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>联系电话 Phone number:</label><br />
+                        <input type="text" name="phone" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>单位 Employer:</label><br />
+                        <input type="text" name="employer" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>地址 Address:</label><br />
+                        <input type="text" name="address" value="" class="half" />
+                        </p>
+                        <p>
+                        <label>隶属项目 Project:</label><br />
+                        <textarea name="project" class="half"></textarea>
+                        </p>
+                        <p>
+                        <label class="required">密码 Password:</label><br />
+                        <input type="password" name="password" value="" id="password" class="half" />
+                        </p>
+                        <p>
+                        <div id="passwordStrengthDiv" class="is0"></div>
+                        </p>
+                        <p>
+                        <label class="required">确认密码 Re-type password:</label><br />
+                        <input type="password" name="password_confirm" id="password_confirm" value="" class="half" />
+                        </p>
+                        <p>
+                        <label class="required">验证码 Validation code</label><br />
+                        <img id="imgcode" style="margin-bottom:-10px;cursor:pointer;border:0px;" src="/vd" onClick="this.src=this.src+'?'">&nbsp;<input type="text" name="vdcode" id="vdcode" maxlength="4" value="" /><br />
+                        <small>请输入图片中的字母和或数字</small>
+                        </p>
+                        <p id="save_signup_returninfo"></p>
+                        <p>
+                        <button type="button" class="btn btn-green" id="save_signup">注册 Sign Up</button> <button type="reset" id="reset" class="btn">重置 Cancel</button>
+                        </p>
+                        </fieldset>
+                    </form>
+                    <p id="info">
+                        
+                    </p>
+					<script>
+					$('#signup').ajaxform({
+							//'form':'#signup',
+							'submitBtn':'#save_signup',
+							'returnInfoBox':'#save_signup_returninfo',
+							'url':'/account/register/submit/1'
+						});
+					$('#password').passwordStrength();
+					</script>
+				</section>
+		</div>
+      </div>
+
+	<!-- End of Page content -->
--- a/application/default/views/scripts/index/index.phtml
+++ b/application/default/views/scripts/index/index.phtml
@ -16,7 +16,11 @@
            <span id="links"><a href="<?= $this->feature['detailurl']; ?>">详细</a></span>
            </div>
        </div>
-        <img src="/static/images/dmad.jpg" class="mt12" />
+        <div class="dmad" style="margin:10px 0px;overflow:hidden;width:660px;height:120px;">
+        	<ul id='dmadslider'>
+              <li><img src="/static/images/dmad.jpg" /></li>
+             </ul>
+        </div>
 		<div class="tbox mt12">
        	<div class="title corners-top"><a href="/data/<?php echo $this->mdrandom->uuid; ?>" title="<?php echo $this->mdrandom->title; ?>"><?php echo $this->mdrandom->title; ?></a><span class="more"><a href="/data" >更多数据>></a></span></div>
            <div class="content">
@ -58,7 +62,7 @@
    </div><!-- left -->
    <div class="width3 fright">
        <div class="tbox">
-            <ul id='slideshowHolder'>
+            <ul id='slideshowHolder' style="width:278px;height:220px;overflow:hidden;">
              <?php 
 			 foreach ($this->mdrandoms as $v)
 			 {
--- a/application/default/views/scripts/submit/navi.phtml
+++ b/application/default/views/scripts/submit/navi.phtml
@ -1,6 +1,5 @@
 <ul>
-<li><a href="/submit/">介绍</a></li>
+<li><a href="/submit/">介绍</a></li>
 <li><a href="/submit/newdata">新建元数据</a></li>
-<li><a href="/submit/upload">上传数据</a></li>
 <li><a href="/submit/">已提交的数据</a></li>
 </ul>
--- a/application/default/views/scripts/submit/newdata.phtml
+++ b/application/default/views/scripts/submit/newdata.phtml
@ -43,6 +43,7 @@ $this->breadcrumb()->setSeparator(' > ');
 				| <a href="/service/geonetwork?url=metadata.edit?id=<?php echo $item['id']; ?>">在geonetwork里修改</a>
 				| <a href="/service/geonetwork?url=metadata.delete?id=<?php echo $item['id']; ?>">删除此条数据</a>
 				| <a onclick="$('#commit_submit').attr('onclick','commit(\'<?php echo $item['id'];?>\');');" href="#commitform" class="more inline">提交评审发布</a>
+                | <a href="/submit/upload/uuid/<?php echo $item['uuid'];?>">上传数据</a>
 				】</p>
 			</li>
     <?php
--- a/application/default/views/scripts/submit/upload.phtml
+++ b/application/default/views/scripts/submit/upload.phtml
@ -0,0 +1,139 @@
+<?php
+$this->headTitle($this->config->title->site);
+$this->headTitle($this->config->title->submit);
+$this->headTitle()->setSeparator(' - ');
+$this->headScript()->appendFile('/js/jquery-1.7.min.js');
+$this->headLink()->appendStylesheet('/css/author.css');
+if(!empty($this->uuid))
+{
+$this->headLink()->appendStylesheet('/static/js/uploadify/uploadify.css');
+$this->headScript()->appendFile('/static/js/uploadify/swfobject.js');
+$this->headScript()->appendFile('/static/js/uploadify/jquery.uploadify.v2.1.4.min.js');
+}
+$this->headScript()->appendFile('/js/jquery.colorbox-min.js');
+$this->headLink()->appendStylesheet('/css/colorbox.css');	
+$this->breadcrumb('<a href="/">首页</a>');
+$this->breadcrumb($this->config->title->submit);
+$this->breadcrumb()->setSeparator(' > ');
+?>
+<!-- 左侧导航 -->
+<div id='sidebar'>
+    <div id='leftnavi'>
+    <?= $this->partial('submit/navi.phtml'); ?>
+    </div>
+</div>
+<!-- //左侧导航 -->
+
+<!-- 页面内容 -->
+<div id="wapper">
+	
+    <form id='datafiles'>
+    
+    	<?php if(!empty($this->uuid))
+				{	
+		 ?>
+    	
+        <input type="hidden" name="uuid" value="<?php echo $this->uuid;?>" />
+    	<p>
+    	<label>数据上传:</label>
+        <div><input id="file_upload" name="Filedata" type="file" /></div>
+    	<input type="button" class="btn btn-small" onclick="$('#file_upload').uploadifyUpload();" value="上传" />
+        <div id="datalist"></div>
+        </p>
+        
+        <button type="button" onclick="Submit()" class="btn-green btn">提交</button>
+        <?php }else{
+			
+		echo "参数错误!";	
+			
+		}?>
+        
+    
+    </form>
+</div>
+<!-- //页面内容 -->
+<script>
+<?php if(!empty($this->uuid))
+{
+	?>
+$(document).ready(function() {
+	
+	
+	$('#file_upload').uploadify({
+        'uploader'  : '/static/js/uploadify/uploadify.swf',
+		'scriptData': {'PHPSESSID' : '<?php echo session_id(); ?>','uuid':'<?php echo $this->uuid;?>'},
+        'script'    : '/submit/upload',
+        'cancelImg' : '/static/js/uploadify/cancel.png',
+        'folder'    : '/uploads',
+		'sizeLimit' : 52428800,
+		'queueSizeLimit' : 10,
+		'multi'     : true,
+        'auto'      : false,
+		'displayData' : 'speed',
+		'buttonImg'   : '/static/js/uploadify/selectfile.gif',
+		'onComplete'  : function(event, ID, fileObj, response, data) {
+							var obj = jQuery.parseJSON(response);
+							if(obj.error=='')
+							{
+								html = obj.html;
+							}
+							else{html=uploadError(obj.error,obj.attid);}
+							  $('<li/>', {
+									"id":'uploadedItem_'+obj.attid,
+									"class":'uploadifyQueueItem',
+									"html": html
+								}).appendTo('#datalist');
+								$('#deletebtn_'+obj.attid).bind('click', function() {
+									deleteatt(obj.attid);
+							});
+						},
+		'onError'     : function (event,ID,fileObj,errorObj) {
+						  alert(errorObj.type + ' Error: ' + errorObj.info);
+						}
+      });
+});
+function Submit(){
+	$.ajax({
+		'type':"POST",
+		'url':'/submit/upload/',
+		'data':'ac=submit&'+$('#datafiles').serialize(),
+		'success':function(data){
+			if (typeof(data)=='object')
+			{
+			  if(typeof(data.error)!='undefined')
+			  {$.colorbox({'innerWidth':'50%','html':data.error});}
+			  if(typeof(data.deleted)!='undefined')
+			  {$('#list_'+data.deleted).fadeOut("slow",function(){$(this).remove();});}
+			  if(typeof(data.commited)!='undefined')
+			  {$('#changelog').val('');$('#commit_submit').attr('onclick','');}
+			}
+			else{ 
+			  $.colorbox({'innerWidth':'50%','html':'<img src="/images/alert_big_warning.png" /><h4>出现错误，请稍候再试</h4>'});
+			}
+		},
+		'timeout': 30000,
+		'error': function(){
+			$.colorbox({'innerWidth':'50%','html':'<img src="/images/alert_big_error.png" /><h4>处理中出现错误，请刷新页面后重试</h4>'});
+		 }
+	});
+}
+function deleteatt(attid){
+	$.ajax({
+	type:"POST",
+	url:'/submit/upload/ac/del/id/'+attid,
+	data:'',
+	success:function(html){
+		$('#uploadedItem_'+attid).remove();
+	},
+	beforeSend:function(){
+		$('#deletebtn_'+attid).html('<img src="/images/11887177066.gif" />');
+	}
+	});
+}
+function uploadError(msg,id){
+	var html = msg+'<div class="cancel"><a href="javascript:;" id="deletebtn_'+id+'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
+	return html;
+}
+<?php } ?>
+$('#wapper').width($('.body').width()-$('#sidebar').width()-20);
+</script>
--- a/application/models/ajax/box.php
+++ b/application/models/ajax/box.php
@ -0,0 +1,23 @@
+<?php
+class box
+{
+	function __construct()
+	{
+
+	}
+	
+	static function warning($text)
+	{
+		return '<div class="box box-warning">'.$text.'</div>';
+	}
+	
+	static function success($text)
+	{
+		return '<div class="box box-success">'.$text.'</div>';
+	}
+	
+	static function error($text)
+	{
+		return '<div class="box box-error">'.$text.'</div>';
+	}
+}
--- a/application/models/files.php
+++ b/application/models/files.php
@ -27,7 +27,8 @@ class files{
 			'media' => array('swf', 'flv', 'mp3', 'wav', 'wma', 'wmv', 'mid', 'avi', 'mpg', 'asf', 'rm', 'rmvb'),
 			'file' => array('doc', 'docx', 'xls', 'xlsx', 'ppt', 'htm', 'html', 'txt', 'zip', 'rar', 'gz', 'bz2'),
 			'reviewatt'=>array('doc', 'docx', 'xls', 'xlsx', 'ppt', 'htm', 'html', 'txt', 'zip', 'rar', 'gz', 'bz2','gif', 'jpg', 'jpeg', 'png', 'bmp','pdf','odt'),
-			'md'=>array('doc', 'docx', 'xls', 'xlsx', 'ppt', 'htm', 'html', 'txt', 'zip', 'rar', 'gz', 'bz2','gif', 'jpg', 'jpeg', 'png', 'bmp','pdf','odt')
+			'md'=>array('doc', 'docx', 'xls', 'xlsx', 'ppt', 'htm', 'html', 'txt', 'zip', 'rar', 'gz', 'bz2','gif', 'jpg', 'jpeg', 'png', 'bmp','pdf','odt'),
+			'datafiles'=>array('zip','*')
 		);
 		//最大文件大小
 		$max_size = 10485760;
@ -75,8 +76,9 @@ class files{
 				$file_ext = array_pop($temp_arr);
 				$file_ext = trim($file_ext);
 				$file_ext = strtolower($file_ext);
+				
 				//检查扩展名
-				if (in_array($file_ext, $ext_arr[$dir_name]) === false) {
+				if (in_array($file_ext, $ext_arr[$dir_name]) === false && !in_array('*',$ext_arr[$dir_name])) {
 					$msg['error'] = "上传文件扩展名是不允许的扩展名。\n只允许" . implode(",", $ext_arr[$dir_name]) . "格式。";
 				}
 				else
@ -142,6 +144,132 @@ class files{
 		}
 	}//文件上传
 	
+	static function dataFilesUpload($path,$files,$dir,$uuid)
+	{
+		$msg=array();
+		
+		//判断UUID
+		if(empty($uuid))
+		{
+			$msg['error']="缺少参数";
+			return $msg;
+		}
+		
+		if(empty($files))
+		{
+			$msg['error']="缺少文件";
+			return $msg;
+		}
+		
+		
+		//文件保存目录路径
+		$save_path = $path;
+		//文件保存目录URL
+		$save_url = $path;
+		//定义允许上传的文件扩展名
+		$ext_arr = array(
+			'datafiles'=>array('zip','*')
+		);
+		//最大文件大小
+		$max_size = 10485760;
+		
+		//$save_path = realpath($save_path). '/';
+		
+		//有上传文件时
+		if (empty($files) === false) {
+			
+			//原文件名
+			$file_name = $files['name'];
+			//服务器上临时文件名
+			$tmp_name = $files['tmp_name'];
+			//文件大小
+			$file_size = $files['size'];
+			//目录名
+			$dir_name = empty($dir) ? 'image' : trim($dir);
+			//检查文件名
+			if (!$file_name) {
+				$msg['error'] = "请选择文件。";
+			}
+			//检查目录
+			else if (@is_dir($save_path) === false) {
+				$msg['error'] = "上传目录不存在。请联系管理员";
+			}
+			//检查目录写权限
+			else if (@is_writable($save_path) === false) {
+				$msg['error'] = "上传目录没有写权限。请联系管理员";
+			}
+			//检查是否已上传
+			else if (@is_uploaded_file($tmp_name) === false) {
+				$msg['error'] = "临时文件可能不是上传文件。或者文件类型不在允许的范围内，请重新上传";
+			}
+			//检查文件大小
+			else if ($file_size > $max_size) {
+				$msg['error'] = "上传文件大小超过限制。";
+			}
+			//检查目录名
+			else if (empty($ext_arr[$dir_name])) {
+				$msg['error'] = "目录名不正确。";
+			}
+			else
+			{
+				//获得文件扩展名
+				$temp_arr = explode(".", $file_name);
+				$file_ext = array_pop($temp_arr);
+				$file_ext = trim($file_ext);
+				$file_ext = strtolower($file_ext);
+				
+				//检查扩展名
+				if (in_array($file_ext, $ext_arr[$dir_name]) === false && !in_array('*',$ext_arr[$dir_name])) {
+					$msg['error'] = "上传文件扩展名是不允许的扩展名。\n只允许" . implode(",", $ext_arr[$dir_name]) . "格式。";
+				}
+				else
+				{
+					//创建文件夹
+					
+					$dbsave = ""; //数据库中存放的路径
+					
+					if ($dir_name !== '') {
+						$save_path .= $dir_name . "/";
+						$save_url .= $dir_name . "/";
+						$dbsave = $dir_name.'/';
+						if (!file_exists($save_path)) {
+							mkdir($save_path);
+						}
+					}
+					
+					if($uuid!='')
+					{
+						$save_path .= $uuid . "/";
+						$save_url .= $uuid . "/";
+						$dbsave = $uuid.'/';
+						if (!file_exists($save_path)) {
+							mkdir($save_path);
+						}
+					}
+					
+					//新文件名
+					$new_file_name = date("YmdHis") . '_' . rand(10000, 99999) . '.' . $file_ext;
+					//移动文件
+					$file_path = $save_path . $new_file_name;
+					
+					if (move_uploaded_file($tmp_name, $file_path) === false) {
+						$msg['error'] = "上传文件失败。";
+					}
+					//数据库最终存储的文件
+					$dbsave .= $new_file_name; 
+					@chmod($file_path, 0644);
+					$file_url = $save_url . $new_file_name;
+					$msg['file_url'] = $file_url;
+					$msg['file_size'] = $file_size;
+					$msg['db_path'] = $dbsave;
+					$msg['realname'] = $file_name;
+					$msg['file_type'] = $dir_name;
+				}//检查扩展名
+			}//目录正确性
+			return $msg;
+		}
+	}//数据文件上传
+	
 	/**
 	* getOne()
 	*
--- a/htdocs/static/css/default.css
+++ b/htdocs/static/css/default.css
@ -27,7 +27,7 @@ input, select {vertical-align:middle;}
 ul,ul li{list-style:none;}
 /* Base
 ---------------------------------------------------------------------*/
-body {font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;line-height:1.5;font-size:12px;background-color:#FFF;color:#666;margin:0 auto;}
+body {font-family:Arial, Helvetica, sans-serif;line-height:1.5;font-size:12px;background-color:#FFF;color:#666;margin:0 auto;}
 a {outline:none;}
 h1,h2,h3,h4,h5,h6 {color:#4D5762;position:relative;word-spacing:-0.1em;}
 h4,h5,h6 {font-weight:bold;}
@ -181,6 +181,8 @@ input[type="submit"]:hover,.btn:hover, .btn:focus, .btn:active {outline:medium n
 .header .nav .main ul li{float:right;background:url(/static/images/nav_tab.png) 0 0 no-repeat;width:130px;height:32px;line-height:32px;text-align:center;margin:0 2px;font-size:14px;font-weight:bold;}
 .header .nav .main ul li:hover{background:url(/static/images/nav_tab_hover.gif) 0 0 no-repeat;}
 .header .nav .main ul li.current{background:url(/static/images/nav_tab_hover.gif) 0 0 no-repeat;}
+.header .nav .main ul li a span{font-size:16px;font-family:"黑体",Tahoma, Geneva, sans-serif;font-weight:normal;}
+

 .footer{border-top:1px solid #003e67;border-bottom:1px solid #003e67;text-align:center;padding:10px 0;margin:10px 0 10px 0;}

@ -230,4 +232,7 @@ input[type="submit"]:hover,.btn:hover, .btn:focus, .btn:active {outline:medium n

 #slideshowHolder{ background-repeat:no-repeat; background-position:center center;}
 #featureimg{border-width:1px;border-style:solid;float:left;margin:5px;width:250px;}
-.thumbimg{border-width:1px;border-style:solid;float:left;margin:5px;}
+.thumbimg{border-width:1px;border-style:solid;float:left;margin:5px;}
+
+#dmadslider{position: relative; height: 120px; width: 660px;}
+#dmadslider li{height:120px;width:660px;position:absolute;left:0px;top: 0px;}
--- a/htdocs/static/images/dmad.jpg
+++ b/htdocs/static/images/dmad.jpg
--- a/htdocs/static/js/ajaxform.js
+++ b/htdocs/static/js/ajaxform.js
@ -0,0 +1,54 @@
+(function( $ ){
+
+  $.fn.ajaxform = function(options) {
+	  
+		var defualts = {
+			//提交按钮
+			'submitBtn':'#submit',
+			//method
+			'method':'POST',
+			//返回信息的容器
+			'returnInfoBox':'',
+			//加载时按钮上显示的文字
+			'loadingText':'<img src="/images/ajax-loading-small.gif" />Submit...',
+			//ajax url
+			'url':''
+		};  
+        var opts = $.extend({}, defualts, options);  
+		var form = $(this);
+		//this.each(function() {
+			if(opts.submitBtn=='' || opts.url=='')
+			{
+				return false;
+			}
+			
+			var savebtn = opts.submitBtn;
+			var reinfo = opts.returnInfoBox;
+			var btn = $(savebtn).html();
+			
+			if(opts.returnInfoBox == '')
+			{
+				$(this).append('<p class="ajax-return-info-box"></p>');
+				reinfo = opts.form + ' .ajax-return-info-box';
+			}
+			
+			$(opts.submitBtn).bind('click', function() {
+			  $.ajax({
+					'type':"POST",
+					'url':opts.url,
+					'data':form.serialize(),
+					'success':function(html){
+						$(savebtn).html(btn);
+						$(reinfo).html(html);
+						setTimeout("$('"+savebtn+"').removeAttr('disabled');$('"+reinfo+"').html('')",3000);
+					},
+					'beforeSend':function(){
+						$(savebtn).attr('disabled','disabled');
+						$(savebtn).html(opts.loadingText);
+					}
+				});
+			});
+
+		//});
+  };
+})( jQuery );
--- a/htdocs/static/js/ie6.js
+++ b/htdocs/static/js/ie6.js
@ -0,0 +1,11 @@
+
+$(function(){
+ if($.browser.msie && $.browser.version<7)
+  $('#top').before(
+   '<div id="ie6detect">'+
+   'It has been detected that you are using Internet Explorer 6 or lower.<br />Unfortunately this is an unsupported '+
+   'browser and you won\'t be able to view this website properly.<br />We recommend upgrading to a newer version of '+
+   'Internet Explorer or FireFox.'+
+   '</div>'
+  );
+});
--- a/htdocs/static/js/jquery.floom.js
+++ b/htdocs/static/js/jquery.floom.js
@ -0,0 +1,181 @@
+
+window.onerror=function(desc,page,line,chr){
+/* alert('JavaScript error occurred! \n'
+  +'\nError description: \t'+desc
+  +'\nPage address:      \t'+page
+  +'\nLine number:       \t'+line
+ );*/
+}
+
+$(function(){
+ $('a').focus(function(){this.blur();});
+ SI.Files.stylizeAll();
+ slider.init();
+
+ $('input.text-default').each(function(){
+  $(this).attr('default',$(this).val());
+ }).focus(function(){
+  if($(this).val()==$(this).attr('default'))
+   $(this).val('');
+ }).blur(function(){
+  if($(this).val()=='')
+   $(this).val($(this).attr('default'));
+ });
+
+ $('input.text,textarea.text').focus(function(){
+  $(this).addClass('textfocus');
+ }).blur(function(){
+  $(this).removeClass('textfocus');
+ });
+
+ var popopenobj=0,popopenaobj=null;
+ $('a.popup').click(function(){
+  var pid=$(this).attr('rel').split('|')[0],_os=parseInt($(this).attr('rel').split('|')[1]);
+  var pobj=$('#'+pid);
+  if(!pobj.length)
+   return false;
+  if(typeof popopenobj=='object' && popopenobj.attr('id')!=pid){
+   popopenobj.hide(50);
+   $(popopenaobj).parent().removeClass(popopenobj.attr('id').split('-')[1]+'-open');
+   popopenobj=null;
+  }
+  return false;
+ });
+ $('p.images img').click(function(){
+  var newbg=$(this).attr('src').split('bg/bg')[1].split('-thumb')[0];
+  $(document.body).css('backgroundImage','url('+_siteRoot+'images/bg/bg'+newbg+'.jpg)');
+ 
+  $(this).parent().find('img').removeClass('on');
+  $(this).addClass('on');
+  return false;
+ });
+ $(window).load(function(){
+  $.each(css_ims,function(){(new Image()).src=_siteRoot+'css/images/'+this;});
+  $.each(css_cims,function(){
+   var css_im=this;
+   $.each(['blue','purple','pink','red','grey','green','yellow','orange'],function(){
+    (new Image()).src=_siteRoot+'css/'+this+'/'+css_im;
+   });
+  });
+ }); 
+ $('div.sc-large div.img:has(div.tml)').each(function(){
+  $('div.tml',this).hide();
+  $(this).append('<a href="#" class="tml_open">&nbsp;</a>').find('a').css({
+   left:parseInt($(this).offset().left)+864,top:parseInt($(this).offset().top)+1
+  }).click(function(){
+   $(this).siblings('div.tml').slideToggle();
+   return false;
+  }).focus(function(){this.blur();}); 
+ });
+});
+var slider={
+ num:-1,
+ cur:0,
+ cr:[],
+ al:null,
+ at:10*1000,
+ ar:true,
+ init:function(){
+  if(!slider.data || !slider.data.length)
+   return false;
+
+  var d=slider.data;
+  slider.num=d.length;
+  var pos=Math.floor(Math.random()*1);//slider.num);
+  for(var i=0;i<slider.num;i++){
+   $('#'+d[i].id).css({left:((i-pos)*1000)});
+   $('#slide-nav').append('<a id="slide-link-'+i+'" href="#" onclick="slider.slide('+i+');return false;" onfocus="this.blur();">'+(i+1)+'</a>');
+  }
+
+  $('img,div#slide-controls',$('div#slide-holder')).fadeIn();
+  slider.text(d[pos]);
+  slider.on(pos);
+  slider.cur=pos;
+  window.setTimeout('slider.auto();',slider.at);
+ },
+ auto:function(){
+  if(!slider.ar)
+   return false;
+
+  var next=slider.cur+1;
+  if(next>=slider.num) next=0;
+  slider.slide(next);
+ },
+ slide:function(pos){
+  if(pos<0 || pos>=slider.num || pos==slider.cur)
+   return;
+
+  window.clearTimeout(slider.al);
+  slider.al=window.setTimeout('slider.auto();',slider.at);
+
+  var d=slider.data;
+  for(var i=0;i<slider.num;i++)
+   $('#'+d[i].id).stop().animate({left:((i-pos)*1000)},1000,'swing');
+  
+  slider.on(pos);
+  slider.text(d[pos]);
+  slider.cur=pos;
+ },
+ on:function(pos){
+  $('#slide-nav a').removeClass('on');
+  $('#slide-nav a#slide-link-'+pos).addClass('on');
+ },
+ text:function(di){
+  slider.cr['a']=di.client;
+  slider.cr['b']=di.desc;
+  slider.ticker('#slide-client span',di.client,0,'a');
+  slider.ticker('#slide-desc',di.desc,0,'b');
+ },
+ ticker:function(el,text,pos,unique){
+  if(slider.cr[unique]!=text)
+   return false;
+
+  ctext=text.substring(0,pos)+(pos%2?'-':'_');
+  $(el).html(ctext);
+
+  if(pos==text.length)
+   $(el).html(text);
+  else
+   window.setTimeout('slider.ticker("'+el+'","'+text+'",'+(pos+1)+',"'+unique+'");',30);
+ }
+};
+// STYLING FILE INPUTS 1.0 | Shaun Inman <http://www.shauninman.com/> | 2007-09-07
+if(!window.SI){var SI={};};
+SI.Files={
+ htmlClass:'SI-FILES-STYLIZED',
+ fileClass:'file',
+ wrapClass:'cabinet',
+ 
+ fini:false,
+ able:false,
+ init:function(){
+  this.fini=true;
+ },
+ stylize:function(elem){
+  if(!this.fini){this.init();};
+  if(!this.able){return;};
+  
+  elem.parentNode.file=elem;
+  elem.parentNode.onmousemove=function(e){
+   if(typeof e=='undefined') e=window.event;
+   if(typeof e.pageY=='undefined' &&  typeof e.clientX=='number' && document.documentElement){
+    e.pageX=e.clientX+document.documentElement.scrollLeft;
+    e.pageY=e.clientY+document.documentElement.scrollTop;
+   };
+   var ox=oy=0;
+   var elem=this;
+   if(elem.offsetParent){
+    ox=elem.offsetLeft;
+    oy=elem.offsetTop;
+    while(elem=elem.offsetParent){
+     ox+=elem.offsetLeft;
+     oy+=elem.offsetTop;
+    };
+   };
+  };
+ },
+ stylizeAll:function(){
+  if(!this.fini){this.init();};
+  if(!this.able){return;};
+ }
+};
--- a/htdocs/static/js/jquery.passwordStrength.js
+++ b/htdocs/static/js/jquery.passwordStrength.js
@ -0,0 +1,62 @@
+$.fn.passwordStrength = function(options){
+	return this.each(function(){
+		var that = this;that.opts = {};
+		that.opts = $.extend({}, $.fn.passwordStrength.defaults, options);
+		
+		that.div = $(that.opts.targetDiv);
+		that.defaultClass = that.div.attr('class');
+		
+		that.percents = (that.opts.classes.length) ? 100 / that.opts.classes.length : 100;
+		 v = $(this).keyup(function(){
+			if( typeof el == "undefined" )
+				this.el = $(this);
+			var s = getPasswordStrength (this.value);
+			var p = this.percents;
+			var t = Math.floor( s / p );			
+			if( 100 <= s ) t = this.opts.classes.length - 1;	
+			this.div.removeAttr('class').addClass( this.defaultClass ).addClass( this.opts.classes[ t ]);	
+		})		
+	});
+	//»ñÈ¡ÃÜÂëÇ¿¶È
+	function getPasswordStrength(H){
+		var D=(H.length);
+		if(D>5){
+			D=5
+		}
+		var F=H.replace(/[0-9]/g,"");
+		var G=(H.length-F.length);
+		if(G>3){G=3}
+		var A=H.replace(/\W/g,"");
+		var C=(H.length-A.length);
+		if(C>3){C=3}
+		var B=H.replace(/[A-Z]/g,"");
+		var I=(H.length-B.length);
+		if(I>3){I=3}
+		var E=((D*10)-20)+(G*10)+(C*15)+(I*10);
+		if(E<0){E=0}
+		if(E>100){E=100}
+		return E
+	}
+
+};
+	
+$.fn.passwordStrength.defaults = {
+	classes : Array('is10','is20','is30','is40','is50','is60','is70','is80','is90','is100'),
+	targetDiv : '#passwordStrengthDiv',
+	cache : {}
+}
+$.passwordStrength = {};
+$.passwordStrength.getRandomPassword = function(size){
+		var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+		var size = size || 8;
+		var i = 1;
+		var ret = ""
+		while ( i <= size ) {
+			$max = chars.length-1;
+			$num = Math.floor(Math.random()*$max);
+			$temp = chars.substr($num, 1);
+			ret += $temp;
+			i++;
+		}
+		return ret;			
+}