_redirect('/'); } function init() { $this->messenger=$this->_helper->getHelper('FlashMessenger'); } function postDispatch() { //$this->view->messages = $this->messenger->getMessages(); } function preDispatch() { $this->view->config = Zend_Registry::get('config'); $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); //$this->db=Zend_Registry::get('db'); $this->view->messages = $this->messenger->getMessages(); } function registerAction() { $form = new RegisterForm(); $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $ut = new UsersTable(); $u = $ut->createRow(); $u->username = $form->getValue('username'); $u->password = $form->getValue('password'); $u->email=$form->getValue('email'); if ($form->getValue('realname')) $u->realname=$form->getValue('realname'); if ($form->getValue('phone')) $u->phone=$form->getValue('phone'); if ($form->getValue('address')) $u->address=$form->getValue('address'); if ($form->getValue('unit')) $u->unit=$form->getValue('unit'); if ($form->getValue('project')) $u->project=$form->getValue('project'); if ($u->save()) { //发送欢迎邮件 $mail=new WestdcMailer($this->view->config->smtp); $body=file_get_contents($this->view->config->register->email->template); $body=str_replace("[username]",$formData['username'],$body); $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($formData['email']); //中文标题有乱码,在1.5版本中尚未解决 //ref: http://framework.zend.com/issues/browse/ZF-2532 $mail->setSubject('欢迎使用中国西部环境与生态数据中心'); $mail->send(); //自动登录系统 $this->login($formData['username'],$formData['password']); $this->_redirect('/'); } } else { $form->populate($formData); } } } function editAction() { $form=new UsereditForm(); $this->view->form=$form; $auth = Zend_Auth::getInstance(); $user = $auth->getIdentity(); if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { //save user info $ut=new UsersTable(); $row=$ut->fetchRow('id='.$formData['id']); if (md5($formData['oldpassword'])==$row->password && $formData['password']) { //修改密码 $row->password=md5($formData['password']); } if ($formData['email']) $row->email=$formData['email']; if ($formData['phone']) $row->phone=$formData['phone']; if ($formData['realname']) $row->realname=$formData['realname']; if ($formData['unit']) $row->unit=$formData['unit']; if ($formData['address']) $row->address=$formData['address']; if ($formData['project']) $row->project=$formData['project']; $row->save(); //todo:更新session信息 } } else { /*$formData['id']=$user->id; $formData['email']=$user->email; $formData['phone']=$user->phone; $formData['realname']=$user->realname; $formData['unit']=$user->unit; $formData['address']=$user->address; $formData['project']=$user->project;*/ $ut=new UsersTable(); $row=$ut->fetchRow('id='.$user->id); $formData['email']=$row->email; $formData['phone']=$row->phone; $formData['realname']=$row->realname; $formData['unit']=$row->unit; $formData['address']=$row->address; $formData['project']=$row->project; $formData['id']=$row->id; $form->populate($formData); } } function loginAction() { $form = new LoginForm(); $success=false; $message=''; $this->view->form = $form; $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) $this->_redirect('/account'); if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { if (!$this->login($formData['username'],$formData['password'])) { $this->messenger->addMessage('登录失败,请检查您的用户名和密码。'); } else $success=true; } if(!$success) { $flashMessenger = $this->_helper->getHelper('FlashMessenger'); $flashMessenger->setNamespace('actionErrors'); $flashMessenger->addMessage($message); $this->_redirect('/account/login'); } else { $tohref = $this->_request->getParam('href'); if(!empty($tohref)) { $this->_redirect($tohref); }else{ $this->_redirect($this->_request->getParam('return')); } } } else { //$formData['redirect'] = $redirect; //$form->populate($formData); } } function logoutAction() { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); require_once 'member.php'; $mb=new member(); $mb::flushcookie(); $this->_redirect('/'); } private function default_login($u,$p) { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password'); $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); $auth->getStorage()->write($data); $db->query("update users set ts_last_login=now() where username=?",array($u)); if ($this->_request->getParam('remember')) { $sql="select usertype from users where username='$u'"; $rs=$db->query($sql); $row=$rs->fetch(); //if($row['usertype']!='administrator') { require_once 'member.php'; $mb = new member(); $mb -> putcookie($u,md5($p)); } } return true; } return false; } private function aspnet_login($p,$salt,$password) { $p1=implode("\x00",str_split($p))."\x00"; $ball=base64_decode($salt).$p1; return trim($password)==base64_encode(sha1($ball,true)); } // 首先判断是否存在salt // 若有salt,则按照aspnet membership加密算法进行判断 function login($u,$p) { $ut= new UsersTable(); $db=$ut->getAdapter(); $sql="select password,salt from users where username=?"; $uq=$db->query($sql,array($u)); if ($urow=$uq->fetchObject()) { if (empty($urow->salt)) return $this->default_login($u,$p); else { //进行判断并进行转换到默认 if ($this->aspnet_login($p,$urow->salt,$urow->password)) { $sql="update users set password=md5(?),salt='' where username=?"; $db->query($sql,array($p,$u)); return $this->default_login($u,$p); } else return false; } } else { //没有对应的用户,登录失败 return false; } } function fetchpwdAction() { $ut= new UsersTable(); $db=$ut->getAdapter(); $form = new LostpwdForm(); $key=$this->_request->getParam('key'); $login=$this->_request->getParam('login'); if (empty($key) && empty($login)) { $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $sql="select * from users where email=?"; $uq=$db->query($sql,array($formData['email'])); if ($urow=$uq->fetchObject()) { //email the url to user $username=$urow->username; $sql="update users set activation=? where email=?"; $uid=uniqid(); $db->query($sql,array($uid,$formData['email'])); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户: 有人提出了针对此用户名的密码重置请求。 用户名:"; $body.=$username; $body.=" 若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。 "; $body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($formData['email']); $mail->setSubject('密码已重置'); $mail->send(); $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; $this->view->form=false;//do not echo form } else $this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。'); } } else $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; } else { $sql="select * from users where username=? and activation=?"; $uq=$db->query($sql,array($login,$key)); $tmp_pwd=uniqid(); if ($urow=$uq->fetchObject()) { $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; $db->query($sql,array($login,$key)); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户: 您的密码已修改。 用户名:"; $body.=$login; $body.="密码:".$tmp_pwd; $body.=" http://westdc.westgis.ac.cn/account/login"; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($urow->email); $mail->setSubject('您的新密码'); $mail->send(); $this->view->messages[]='请查收您新邮件中的新密码'; $this->view->form=false;//do not echo form } } } }