view->config = Zend_Registry::get('config'); $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); $this->db = Zend_Registry::get('db'); $this->view->messages = $this->messenger->getMessages(); $this->view->theme = new Theme(); } function indexAction() { $this->view->pageID = "account-index"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->info = $usr->getUserInfo($uid); } function editAction() { $this->view->pageID = "account-edit"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->projectType = array( "无" => '', "国家973计划项目课题" => "国家973计划项目课题", "国家863计划课题"=>"国家863计划课题", "国家级科技支撑课题" => "国家级科技支撑课题", "国家级科技重大专项" => "国家级科技重大专项", "国家级国家重大工程" => "国家级国家重大工程", "国家级国家自然科学基金" => "国家级国家自然科学基金", "国际合作项目"=>"国际合作项目", "省部级项目" => "省部级项目", "其他项目工程" => "其他项目工程" ); $submit = $this->_getParam('submit'); if(!empty($submit)) { $data = $this->AccountEditParamFilter(); if($this->db->update("users",$data,"id=$uid")) { $this->view->AlertType = "alert-success"; $this->view->msg = "修改成功!"; $this->view->jump_url = "/account/edit"; return true; }else{ $this->view->AlertType = "alert-error"; $this->view->error = "修改失败,请重试"; $this->view->info = $data; return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } } function AccountEditParamFilter(){ $data = array(); $data['realname'] = substr(trim($this->_getParam('realname')),0,40); $data['unit'] = substr(trim($this->_getParam('unit')),0,100); $data['address'] = substr(trim($this->_getParam('address')),0,100); $data['phone'] = substr(trim($this->_getParam('phone')),0,15); $data['postcode'] = substr(trim($this->_getParam('postcode')),0,15); $data['project_type'] = substr(trim($this->_getParam('project_type')),0,100); $data['project_id'] = substr(trim($this->_getParam('project_id')),0,40); $data['project_title'] = substr(trim($this->_getParam('project_title')),0,100); $data['project'] = substr(trim($this->_getParam('project')),0,600); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function StringFilter($string){ $string = preg_replace ('/<[^>]*>/', ' ', $string); return $string; } function secureAction() { $this->view->pageID = "account-secure"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } $submit = $this->_getParam('submit'); if(!empty($submit)) { $data = $this->AccountSecureParamFilter(); $this->view->AlertType = "alert-error"; if(strlen($data['password'])>18 || strlen($data['new_password'])>18) { $this->view->error = "密码过长"; return true; } if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6) { $this->view->error = "密码过短,请输入大于6位的密码"; return true; } if(md5($data['new_password']) != md5($data['new_password_confrim'])) { $this->view->error = "两次输入的密码不相同"; return true; } $sql = "SELECT password FROM users WHERE id=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(md5($data['password']) != $row['password']) { $this->view->error = "原密码不正确"; return true; } $data['password'] = md5($data['new_password']); unset($data['new_password']); unset($data['new_password_confrim']); if($this->db->update("users",$data,"id=$uid")) { $this->view->AlertType = "alert-success"; $this->view->msg = "修改成功!"; $this->view->jump_url = "/account/secure"; return true; }else{ $this->view->AlertType = "alert-error"; $this->view->error = "修改失败,请重试"; $this->view->info = $data; return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } } function AccountSecureParamFilter(){ $data = array(); $data['password'] = trim($this->_getParam('password')); $data['new_password'] = trim($this->_getParam('new_password')); $data['new_password_confrim'] = trim($this->_getParam('new_password_confrim')); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function init() { $this->messenger=$this->_helper->getHelper('FlashMessenger'); } function postDispatch() { //$this->view->messages = $this->messenger->getMessages(); } function registerAction() { $form = new RegisterForm(); $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $ut = new UsersTable(); $u = $ut->createRow(); $u->username = $form->getValue('username'); $u->password = $form->getValue('password'); $u->email=$form->getValue('email'); if ($form->getValue('realname')) $u->realname=$form->getValue('realname'); if ($form->getValue('phone')) $u->phone=$form->getValue('phone'); if ($form->getValue('address')) $u->address=$form->getValue('address'); if ($form->getValue('unit')) $u->unit=$form->getValue('unit'); if ($form->getValue('project')) $u->project=$form->getValue('project'); if ($u->save()) { //发送欢迎邮件 $mail=new WestdcMailer($this->view->config->smtp); $body=file_get_contents($this->view->config->register->email->template); $body=str_replace("[username]",$formData['username'],$body); $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($formData['email']); //中文标题有乱码,在1.5版本中尚未解决 //ref: http://framework.zend.com/issues/browse/ZF-2532 $mail->setSubject('欢迎使用中国西部环境与生态数据中心'); $mail->send(); //自动登录系统 $this->login($formData['username'],$formData['password']); $this->_redirect('/'); } } else { $form->populate($formData); } } } function loginAction() { $form = new LoginForm(); $success=false; $message=''; $this->view->form = $form; $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) $this->_redirect('/account'); if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { if (!$this->login($formData['username'],$formData['password'])) { $this->messenger->addMessage('登录失败,请检查您的用户名和密码。'); } else $success=true; } if(!$success) { $flashMessenger = $this->_helper->getHelper('FlashMessenger'); $flashMessenger->setNamespace('actionErrors'); $flashMessenger->addMessage($message); $this->_redirect('/account/login'); } else { $tohref = $this->_request->getParam('href'); if(!empty($tohref)) { $this->_redirect($tohref); }else{ $this->_redirect($this->_request->getParam('return')); } if($_SERVER['REQUEST_URI']!='/account/login') { $this->_redirect($_SERVER['REQUEST_URI']); } } } else { //$formData['redirect'] = $redirect; //$form->populate($formData); } } function logoutAction() { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); require_once 'member.php'; $mb=new member(); member::flushcookie(); $this->_redirect('/'); } private function default_login($u,$p) { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password'); $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); //头像 include_once("Avatar.php"); $avatar = new Avatar(); $data->avatar = $avatar->Get($data->email,40); //组ID include_once("Users.php"); $usr = new Users($db); $data->gid = $usr->getGroup($data->id); $auth->getStorage()->write($data); $db->query("update users set ts_last_login=now() where username=?",array($u)); if ($this->_request->getParam('remember')) { $sql="select usertype from users where username='$u'"; $rs=$db->query($sql); $row=$rs->fetch(); //if($row['usertype']!='administrator') { require_once 'member.php'; $mb = new member(); $mb -> putcookie($u,md5($p)); } } return true; }else { return false; } return false; } private function aspnet_login($p,$salt,$password) { $p1=implode("\x00",str_split($p))."\x00"; $ball=base64_decode($salt).$p1; return trim($password)==base64_encode(sha1($ball,true)); } // 首先判断是否存在salt // 若有salt,则按照aspnet membership加密算法进行判断 function login($u,$p) { $ut= new UsersTable(); $db=$ut->getAdapter(); $sql="select password,salt from users where username=?"; $uq=$db->query($sql,array($u)); if ($urow=$uq->fetchObject()) { if (empty($urow->salt)) return $this->default_login($u,$p); else { //进行判断并进行转换到默认 if ($this->aspnet_login($p,$urow->salt,$urow->password)) { $sql="update users set password=md5(?),salt='' where username=?"; $db->query($sql,array($p,$u)); return $this->default_login($u,$p); } else return false; } } else { //没有对应的用户,登录失败 return false; } } function fetchpwdAction() { $ut= new UsersTable(); $db=$ut->getAdapter(); $form = new LostpwdForm(); $key=$this->_request->getParam('key'); $login=$this->_request->getParam('login'); if (empty($key) && empty($login)) { $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $sql="select * from users where email=?"; $uq=$db->query($sql,array($formData['email'])); if ($urow=$uq->fetchObject()) { //email the url to user $username=$urow->username; $sql="update users set activation=? where email=?"; $uid=uniqid(); $db->query($sql,array($uid,$formData['email'])); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户: 有人提出了针对此用户名的密码重置请求。 用户名:"; $body.=$username; $body.=" 若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。 "; $body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($formData['email']); $mail->setSubject('密码已重置'); $mail->send(); $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; $this->view->form=false;//do not echo form } else $this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。'); } } else $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; } else { $sql="select * from users where username=? and activation=?"; $uq=$db->query($sql,array($login,$key)); $tmp_pwd=uniqid(); if ($urow=$uq->fetchObject()) { $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; $db->query($sql,array($login,$key)); $mail=new WestdcMailer($this->view->config->smtp); $body="尊敬的西部数据中心用户: 您的密码已修改。 用户名:"; $body.=$login; $body.="密码:".$tmp_pwd; $body.=" http://westdc.westgis.ac.cn/account/login"; $mail->setBodyText($body); $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); $mail->addTo($urow->email); $mail->setSubject('您的新密码'); $mail->send(); $this->view->messages[]='请查收您新邮件中的新密码'; $this->view->form=false;//do not echo form } } } }