view->config = Zend_Registry::get('config'); $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); $this->db = Zend_Registry::get('db'); $this->view->messages = $this->messenger->getMessages(); $this->view->theme = new Theme(); } function indexAction() { $this->view->pageID = "account-index"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->info = $usr->getUserInfo($uid); } function editAction() { $this->view->pageID = "account-edit"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->projectType = array( "无" => '', "国家973计划项目课题" => "国家973计划项目课题", "国家863计划课题"=>"国家863计划课题", "国家级科技支撑课题" => "国家级科技支撑课题", "国家级科技重大专项" => "国家级科技重大专项", "国家级国家重大工程" => "国家级国家重大工程", "国家级国家自然科学基金" => "国家级国家自然科学基金", "国际合作项目"=>"国际合作项目", "省部级项目" => "省部级项目", "其他项目工程" => "其他项目工程" ); $submit = $this->_getParam('submit'); if(!empty($submit)) { $data = $this->AccountEditParamFilter(); if($this->db->update("users",$data,"id=$uid")) { $this->view->AlertType = "alert-success"; $this->view->msg = "修改成功！"; $this->view->jump_url = "/account/edit"; return true; }else{ $this->view->AlertType = "alert-error"; $this->view->error = "修改失败，请重试"; $this->view->info = $data; return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } } function AccountEditParamFilter(){ $data = array(); $data['realname'] = substr(trim($this->_getParam('realname')),0,40); $data['unit'] = substr(trim($this->_getParam('unit')),0,100); $data['address'] = substr(trim($this->_getParam('address')),0,100); $data['phone'] = substr(trim($this->_getParam('phone')),0,15); $data['postcode'] = substr(trim($this->_getParam('postcode')),0,15); $data['project_type'] = substr(trim($this->_getParam('project_type')),0,100); $data['project_id'] = substr(trim($this->_getParam('project_id')),0,40); $data['project_title'] = substr(trim($this->_getParam('project_title')),0,100); $data['project'] = substr(trim($this->_getParam('project')),0,600); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function StringFilter($string){ $string = preg_replace ('/<[^>]*>/', ' ', $string); return $string; } function secureAction() { $this->view->pageID = "account-secure"; include_once("helper/view.php"); include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } $opt = $this->_getParam('opt'); $submit = $this->_getParam('submit'); if(empty($opt)) { $this->view->section = "password"; if(!empty($submit)) { $data = $this->AccountSecureParamFilter(); $this->view->AlertType = "alert-error"; if(strlen($data['password'])>18 || strlen($data['new_password'])>18) { $this->view->error = view::Error("密码过长"); return true; } if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6) { $this->view->error = view::Error("密码过短，请输入大于6位的密码"); return true; } if(md5($data['new_password']) != md5($data['new_password_confrim'])) { $this->view->error = view::Error("两次输入的密码不相同"); return true; } $sql = "SELECT password FROM users WHERE id=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(md5($data['password']) != $row['password']) { $this->view->error = view::Error("原密码不正确"); return true; } $data['password'] = md5($data['new_password']); unset($data['new_password']); unset($data['new_password_confrim']); if($this->db->update("users",$data,"id=$uid")) { view::Post($this,array("content"=>'修改成功！','url'=>'/account/secure')); return true; }else{ $this->view->error = view::Error("修改失败"); return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } }//password if($opt == "email") { $this->view->section = "email"; if(!empty($submit)) { $email = $this->_getParam('email'); $password = $this->_getParam('password'); if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) { $this->view->error = view::Error("错误的邮箱格式"); return true; } $sql = "SELECT password FROM users WHERE id=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(md5($password) != $row['password']) { $this->view->error = view::Error("原密码错误"); return true; } $data['email'] = $email; if($this->db->update("users",$data,"id=$uid")) { view::Post($this,array("content"=>'修改成功！','url'=>'/account/secure')); return true; }else{ $this->view->error = view::Error("修改失败"); return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } }//email } function AccountSecureParamFilter(){ $data = array(); $data['password'] = trim($this->_getParam('password')); $data['new_password'] = trim($this->_getParam('new_password')); $data['new_password_confrim'] = trim($this->_getParam('new_password_confrim')); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function init() { $this->messenger=$this->_helper->getHelper('FlashMessenger'); } function postDispatch() { //$this->view->messages = $this->messenger->getMessages(); } function registerAction() { $request = new \Zend_Controller_Request_Http(); if($request->isXmlHttpRequest()) { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $account = new Account(); $data = $account->getParam($this->_request); $result = $account->register($data); if(!empty($result)) { $this->jsonexit($result); return true; } $this->jsonexit(array('error'=>'|o| 服务器掉链子了，请重试')); return true; }else{ //$this->_helper->layout->disableLayout(); } $success=false; $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) $this->_redirect('/'); $submit = $this->_getParam('submit'); if(!empty($submit)) { $account = new Account(); $this->view->data = $data = $account->getParam($this->_request); $result = $account->register($data); if(!empty($result)) { if(isset($result['error'])) { $this->view->place = $result['place']; $this->view->error = $result['error']; return true; } if(isset($result['success'])) { $this->_redirect('/'); return true; } }else{ $this->view->error = "处理中出现问题"; return true; } } }//用户注册 function loginAction() { $request = new \Zend_Controller_Request_Http(); if($request->isXmlHttpRequest()) { } $captcha = new Captcha(); $success=false; $options = array( 'module' => $this->_request->getModuleName(), 'controller' => $this->_request->getControllerName(), 'action' => $this->_request->getActionName(), ); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { if($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login") { $this->_redirect("/"); }else{ $this->_redirect($_SERVER['REQUEST_URI']); } } $tohref = $this->_request->getParam('href'); if($_SERVER['REQUEST_URI'] !== "/account/login") { $this->view->href = $_SERVER['REQUEST_URI']; }else{ $this->view->href = "/"; } if(!empty($tohref)) { $this->view->href = $tohref; } $submit = $this->_getParam("submit"); if(!empty($submit)) { $captchaword = trim($this->_request->getParam('captcha')); if($captcha->isValid($captchaword) !== true) { $this->view->error = view::Error("验证码错误"); $this->view->captcha = $captcha->setCaptcha(); return true; } $data = array( 'username' => $this->_getParam('username'), 'password' => $this->_getParam('password') ); $account = new Account(); $result = $account->login($data); if(!empty($result)) { if(isset($result['error'])) { $this->view->error = $result['error']; $this->view->captcha = $captcha->setCaptcha(); return true; } if(isset($result['success'])) { $this->_redirect($this->view->href); return true; } }else{ $this->view->captcha = $captcha->setCaptcha(); $this->view->error = "处理中出现问题"; return true; } } $this->view->captcha = $captcha->setCaptcha(); }//登陆 function captchaAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $captcha = $this->loadCaptcha(); $url = $this->setCaptcha($captcha,true); echo $url; return true; } function logoutAction() { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); require_once 'member.php'; $mb=new member(); member::flushcookie(); $this->_redirect('/'); } private function default_login($u,$p) { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password'); $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); //头像 include_once("Avatar.php"); $avatar = new Avatar(); $data->avatar = $avatar->Get($data->email,40); //组ID include_once("Users.php"); $usr = new Users($db); $data->gid = $usr->getGroup($data->id); $auth->getStorage()->write($data); $db->query("update users set ts_last_login=now() where username=?",array($u)); if ($this->_request->getParam('remember')) { $sql="select usertype from users where username='$u'"; $rs=$db->query($sql); $row=$rs->fetch(); //if($row['usertype']!='administrator') { require_once 'member.php'; $mb = new member(); $mb -> putcookie($u,md5($p)); } } return true; }else { return false; } return false; } private function aspnet_login($p,$salt,$password) { $p1=implode("\x00",str_split($p))."\x00"; $ball=base64_decode($salt).$p1; return trim($password)==base64_encode(sha1($ball,true)); } // 首先判断是否存在salt // 若有salt，则按照aspnet membership加密算法进行判断 function login($u,$p) { $ut= new UsersTable(); $db=$ut->getAdapter(); $sql="select password,salt from users where username=?"; $uq=$db->query($sql,array($u)); if ($urow=$uq->fetchObject()) { if (empty($urow->salt)) return $this->default_login($u,$p); else { //进行判断并进行转换到默认 if ($this->aspnet_login($p,$urow->salt,$urow->password)) { $sql="update users set password=md5(?),salt='' where username=?"; $db->query($sql,array($p,$u)); return $this->default_login($u,$p); } else return false; } } else { //没有对应的用户，登录失败 return false; } } function fetchpwdAction() { $ut= new UsersTable(); $db=$ut->getAdapter(); $form = new LostpwdForm(); $key=$this->_request->getParam('key'); $login=$this->_request->getParam('login'); if (empty($key) && empty($login)) { $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $sql="select * from users where email=?"; $uq=$db->query($sql,array($formData['email'])); if ($urow=$uq->fetchObject()) { //email the url to user $username=$urow->username; $sql="update users set activation=? where email=?"; $uid=uniqid(); $db->query($sql,array($uid,$formData['email'])); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户： 有人提出了针对此用户名的密码重置请求。 用户名："; $body.=$username; $body.=" 若想重置您的密码请打开下面的链接，否则请忽略此邮件，一切如常。 "; $body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($formData['email']); $mail->setSubject('密码已重置'); $mail->send(); $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; $this->view->form=false;//do not echo form } else $this->messenger->addMessage('对不起，没有找到对应的电子邮件地址。'); } } else $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; } else { $sql="select * from users where username=? and activation=?"; $uq=$db->query($sql,array($login,$key)); $tmp_pwd=uniqid(); if ($urow=$uq->fetchObject()) { $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; $db->query($sql,array($login,$key)); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户： 您的密码已修改。 用户名："; $body.=$login; $body.="密码：".$tmp_pwd; $body.=" http://westdc.westgis.ac.cn/account/login"; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($urow->email); $mail->setSubject('您的新密码'); $mail->send(); $this->view->messages[]='请查收您新邮件中的新密码'; $this->view->form=false;//do not echo form } } } //找回密码 /* //westdc cross doamin login public function wcdloginAction() { $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $id = $this->_getParam('id'); $cert = $this->_getParam('cert'); $account = new Account; $status = $account->wcdLogin($id,$cert); if($status == true) { echo "login success!"; }else{ echo "error"; } return; } */ }