_redirect('/'); } function init() { $this->messenger=$this->_helper->getHelper('FlashMessenger'); } function postDispatch() { //$this->view->messages = $this->messenger->getMessages(); } function preDispatch() { $this->view->config = Zend_Registry::get('config'); $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); $this->db=Zend_Registry::get('db'); $this->view->messages = $this->messenger->getMessages(); } function registerAction() { $reg = $this->_request->getParam('submit'); if(!empty($reg)) { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); try{ $username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8'); $name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8'); $email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8'); $phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8'); $postcode = mb_substr(trim($this->_request->getParam('postcode')),0,10,'utf-8'); $unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8'); $address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8'); $project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8'); $password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8'); $password_confirm = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8'); $vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4)); include_once('ajax/box.php'); if(strlen($username)<6) { echo box::warning('用户名不能少于6个字符'); exit(); } if(strlen($username)>20) { echo box::warning('用户名不能超过20个字符'); exit(); } if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username)) { echo box::warning("用户名只能包含英文字母及数字"); exit(); } if(strlen($name)<2) { echo box::warning("姓名太短"); exit(); } if(strlen($name)>32) { echo box::warning("姓名太长"); exit(); } if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name)) { echo box::warning("姓名中包含非法字符"); exit(); } if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) { echo box::warning("请输入正确的Email地址"); exit(); } if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone)) { echo box::warning("请输入正确的电话号码"); exit(); } if(!empty($postcode) && !is_numeric($postcode)) { echo box::warning("请输入正确的邮政编码"); exit(); } if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit)) { echo box::warning("输入的内容中包含非法字符"); exit(); } if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address)) { echo box::warning("地址中包含非法字符"); exit(); } $match = "/[\"|'|\\\]/i"; if(preg_match($match,$password) || preg_match($match,$password_confirm)) { echo box::warning("密码中包含非法字符，请重新输入"); exit(); } if(empty($password)) { echo box::warning("请输入密码"); exit(); } if(strlen($password)<6) { echo box::warning("密码太短"); exit(); } if(strlen($password)>20) { echo box::warning("密码长度不能超过20个字符"); exit(); } if($password!==$password_confirm) { echo box::warning("两次输入的密码不同"); exit(); } $sql = "select id from users where username like '%$username%'"; $rs = $this->db->query($sql); $row = $rs->fetch(); if($row['id']>0) { echo box::warning("该用户名已经被占用，请更换"); exit(); } $sql = "select id from users where email like '%$email%'"; $rs = $this->db->query($sql); $row = $rs->fetch(); if($row['id']>0) { echo box::warning("该Email已经被使用，请更换"); exit(); } if($vdcode != $_SESSION['vdcodes']) { echo box::warning("验证码错误"); exit(); } $sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,postcode,usertype) VALUES (?,?,?,?,?,?,?,?,?,?)"; $sth = $this->db->prepare($sql); $ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,$postcode,'member')); //$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone) // VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')"; //$ec = $this->db->exec($sql); if($ec) { $this->login($username,md5($password)); echo box::success(""); exit(); } else { echo box::warning("处理中发生错误，请重试"); exit(); } }catch(Exception $e){ echo box::warning("发生错误:".$e->getMessage()); exit(); } }//ajax 注册 } function editAction() { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $user = $auth->getIdentity(); $username = $user->username; $sql = "select * from users where username='$username'"; $rs = $this->db->query($sql); $rows = $rs->fetch(); $this->view->user = $rows; } } function saveoptAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $opt = $this->_request->getParam('opt'); include_once('ajax/box.php'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $user = $auth->getIdentity(); $username = $user->username; $sql = "select * from users where username='$username'"; $rs = $this->db->query($sql); $rows = $rs->fetch(); $this->view->user = $rows; } else { echo "You must log in"; exit(); } if($opt == 'general') { $realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8'); $phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8'); $unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8'); $address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8'); $project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8'); $postcode = mb_substr(trim((int)$this->_request->getParam('postcode')),0,10,'utf-8'); try{ if(empty($realname)) { echo box::warning("请输入姓名"); exit(); } $sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project',postcode='$postcode' WHERE id='{$rows['id']}'"; if($this->db->query($sql)) { echo box::success("保存成功"); exit(); }else{ echo box::error("修改失败，请重试"); exit(); } }catch (Exception $e){ echo box::error("修改失败，请重试"); exit(); } } else if ($opt == 'email') { $email = substr(trim($this->_request->getParam('email')),0,100); $password = trim($this->_request->getParam('password')); try{ if(empty($email)) { echo box::warning("请输入电子邮件地址"); exit(); } if(empty($password)) { echo box::warning("请输入密码"); exit(); } if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) { echo box::warning("请输入正确的电子邮件地址"); exit(); } if(md5($password)!==$rows['password']){ echo box::warning("密码错误"); exit(); } $sql = "UPDATE users SET email='$email' where id='{$rows['id']}'"; if($this->db->query($sql)) { echo box::success("修改成功"); exit(); }else{ echo box::error("修改失败，请重试"); exit(); } }catch(Exception $e){ echo box::error("修改失败，请重试"); exit(); } } else if ($opt == 'password') { $password = trim($this->_request->getParam('password')); $password_new = trim($this->_request->getParam('password_new')); $password_confirm = trim($this->_request->getParam('password_confirm')); $match = "/[\"|'|\\\]/i"; if(empty($password)) { echo box::warning("请输入当前密码"); exit(); } if(empty($password_new)) { echo box::warning("请输入新密码"); exit(); } if($password==$password_new) { echo box::warning("新密码不能与当前的密码相同"); exit(); } if(empty($password_confirm)) { echo box::warning("请再次输入新密码"); exit(); } if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password)) { echo box::warning("您输入的内容中包含非法字符"); exit(); } if(strlen($password_new)<6) { echo box::warning("新密码太短"); exit(); } if(strlen($password_new)>20) { echo box::warning("新密码太长"); exit(); } if(md5($password_new) !== md5($password_confirm)) { echo box::warning("您两次输入的新密码不同"); exit(); } try{ $sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'"; if($this->db->query($sql)) { echo box::success("修改成功"); exit(); }else{ echo box::error("修改失败，请重试"); exit(); } }catch(Exception $e){ echo box::error("修改失败，请重试"); exit(); } } else { exit(); } } //saveopt ajax修改用户信息 function loginAction() { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) $this->_redirect('/account'); $href = $this->_getParam('href'); if(!empty($href)) { $this->view->href = $href; } if($_SERVER['REQUEST_URI']!='/account/login') { $this->view->href = $_SERVER['REQUEST_URI']; } } function dologinAction(){ $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $submit = $this->_request->getParam('submit'); if(!empty($submit)) { $success=false; $message=''; $username = trim($this->_request->getParam('username')); $password = trim($this->_request->getParam('password')); $vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4)); include_once('ajax/box.php'); if(empty($username)) { echo box::warning('请输入用户名'); exit(); } if(empty($password)) { echo box::warning('请输入密码'); exit(); } if(empty($vdcode)) { echo box::warning('请输入验证码'); exit(); } if($vdcode != $_SESSION['vdcodes']) { echo box::warning("验证码错误"); exit(); } if (!$this->login($username,$password)) { echo box::error('用户名或密码错误'); exit(); } else { $href = $this->_getParam('href'); if(!empty($href)) { $tohref = $href; }else{ $tohref = "/"; } echo box::success('登录成功，如果页面没有跳转请点击这里'); exit(); } } } function logoutAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $auth->clearIdentity(); require_once 'member.php'; member::flushcookie(); $this->_redirect('/'); } } private function default_login($u,$p) { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password'); $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); $auth->getStorage()->write($data); $db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u)); if ($this->_request->getParam('remember')) { require_once 'member.php'; $mb = new member(); $mb -> putcookie($u,md5($p)); } return true; } return false; } private function aspnet_login($p,$salt,$password) { $p1=implode("\x00",str_split($p))."\x00"; $ball=base64_decode($salt).$p1; return trim($password)==base64_encode(sha1($ball,true)); } // 首先判断是否存在salt // 若有salt，则按照aspnet membership加密算法进行判断 function login($u,$p) { $db=Zend_Registry::get('db'); $sql="select password,salt from users where username=?"; $uq=$db->query($sql,array($u)); if ($urow=$uq->fetchObject()) { if (empty($urow->salt)) return $this->default_login($u,$p); else { //进行判断并进行转换到默认 if ($this->aspnet_login($p,$urow->salt,$urow->password)) { $sql="update users set password=md5(?),salt='' where username=?"; $db->query($sql,array($p,$u)); return $this->default_login($u,$p); } else return false; } } else { //没有对应的用户，登录失败 return false; } } function fetchpwdAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) $this->_redirect('/account'); $email = $this->_request->getParam('email'); include_once('ajax/box.php'); if(empty($email)) { echo box::warning('请输入要找回密码的账户所对应的Email地址'); exit(); } if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) { echo box::warning("请输入正确的Email地址"); exit(); } $sql = "SELECT * FROM users WHERE email=?"; $sth = $this->db->prepare($sql); $sth->execute(array($email)); $row = $sth->fetch(); if($row['id']=='') { echo box::error("未找到对应用户"); exit(); } //email the url to user $username=$row['username']; $sql="update users set activation=? where email=?"; $uid=uniqid(); $link = "http://".$_SERVER ['HTTP_HOST']."/account/getpasswd?a=$uid&u=$username"; $this->db->query($sql,array($uid,$email)); $mail=new WestdcMailer($this->view->config->smtp); $mailtp=new EmailText($this->db, 'member-fetchpwd', array('link' => $link) ); $mail->setBodyText($mailtp->getBody()); $mail->setFrom($this->view->config->service->email,$this->view->config->service->poster); $mail->setSubject($mailtp->getSubject()); $mail->addTo($email); @$mail->send(); echo box::success('请查看已经发送至您邮箱中的激活链接'); exit(); }// function fetchpwdAction() function getpasswdAction(){ $ac = $this->_getParam('ac'); $activation = $this->_getParam('a'); $uid = $this->_getParam('u'); if(empty($ac)) { $this->view->resetid = $activation; $this->view->uid = $uid; } //echo $ac.$activation.$uid;exit(); if($ac == 'set' && !empty($activation) && !empty($uid)) { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $sql = "SELECT * FROM users WHERE activation=? AND username=?"; $sth = $this->db->prepare($sql); $sth->execute(array($activation,$uid)); $row = $sth->fetch(); if(empty($row['id'])) { echo box::warning("操作失败,您的访问中出现问题"); exit(); } else { $password_new = trim($this->_request->getParam('password_new')); $password_confirm = trim($this->_request->getParam('password_confirm')); include_once("ajax/box.php"); $match = "/[\"|'|\\\]/i"; if(empty($password_new)) { echo box::warning("请输入新密码"); exit(); } if(empty($password_confirm)) { echo box::warning("请再次输入新密码"); exit(); } if(preg_match($match,$password_new) || preg_match($match,$password_confirm)) { echo box::warning("您输入的内容中包含非法字符"); exit(); } if(strlen($password_new)<6) { echo box::warning("新密码太短"); exit(); } if(strlen($password_new)>20) { echo box::warning("新密码太长"); exit(); } if(md5($password_new) !== md5($password_confirm)) { echo box::warning("您两次输入的新密码不同"); exit(); } try{ $sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$uid' AND activation='$activation'"; if($this->db->query($sql)) { $sql = "UPDATE users SET activation='' WHERE username='$uid' AND activation='$activation'"; $this->db->query($sql); echo box::success("修改成功"); exit(); }else{ echo box::error("修改失败，请重试"); exit(); } }catch(Exception $e){ echo box::error("修改失败，请重试"); exit(); } } } } }