view->config = Zend_Registry::get('config'); $this->_request->setParam('return', $this->_request->getServer('REQUEST_URI')); $this->db = Zend_Registry::get('db'); $this->view->messages = $this->messenger->getMessages(); $this->view->theme = new Theme(); } function indexAction() { $this->view->pageID = "account-index"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->info = $usr->getUserInfo($uid); } function editAction() { $this->view->pageID = "account-edit"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } include_once("Avatar.php"); $avatar = new Avatar(); $this->view->avatar = $avatar->Get($user->email,140); $this->view->projectType = array( "无" => '', "国家973计划项目课题" => "国家973计划项目课题", "国家863计划课题"=>"国家863计划课题", "国家级科技支撑课题" => "国家级科技支撑课题", "国家级科技重大专项" => "国家级科技重大专项", "国家级国家重大工程" => "国家级国家重大工程", "国家级国家自然科学基金" => "国家级国家自然科学基金", "国际合作项目"=>"国际合作项目", "省部级项目" => "省部级项目", "其他项目工程" => "其他项目工程" ); $submit = $this->_getParam('submit'); if(!empty($submit)) { $data = $this->AccountEditParamFilter(); if($this->db->update("users",$data,"id=$uid")) { $this->view->AlertType = "alert-success"; $this->view->msg = "修改成功！"; $this->view->jump_url = "/account/edit"; return true; }else{ $this->view->AlertType = "alert-error"; $this->view->error = "修改失败，请重试"; $this->view->info = $data; return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } } function AccountEditParamFilter(){ $data = array(); $data['realname'] = substr(trim($this->_getParam('realname')),0,40); $data['unit'] = substr(trim($this->_getParam('unit')),0,100); $data['address'] = substr(trim($this->_getParam('address')),0,100); $data['phone'] = substr(trim($this->_getParam('phone')),0,15); $data['postcode'] = substr(trim($this->_getParam('postcode')),0,15); $data['project_type'] = substr(trim($this->_getParam('project_type')),0,100); $data['project_id'] = substr(trim($this->_getParam('project_id')),0,40); $data['project_title'] = substr(trim($this->_getParam('project_title')),0,100); $data['project'] = substr(trim($this->_getParam('project')),0,600); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function StringFilter($string){ $string = preg_replace ('/<[^>]*>/', ' ', $string); return $string; } function secureAction() { $this->view->pageID = "account-secure"; include_once("Users.php"); $usr = new Users($this->db); $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $uid = $user->id; } $opt = $this->_getParam('opt'); $submit = $this->_getParam('submit'); if(empty($opt)) { $this->view->section = "password"; if(!empty($submit)) { $data = $this->AccountSecureParamFilter(); $this->view->AlertType = "alert-error"; if(strlen($data['password'])>18 || strlen($data['new_password'])>18) { $this->view->error = view::Error("密码过长"); return true; } if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6) { $this->view->error = view::Error("密码过短，请输入大于6位的密码"); return true; } if(md5($data['new_password']) != md5($data['new_password_confrim'])) { $this->view->error = view::Error("两次输入的密码不相同"); return true; } $sql = "SELECT password FROM users WHERE id=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(md5($data['password']) != $row['password']) { $this->view->error = view::Error("原密码不正确"); return true; } $data['password'] = md5($data['new_password']); unset($data['new_password']); unset($data['new_password_confrim']); if($this->db->update("users",$data,"id=$uid")) { view::Post($this,array("content"=>'修改成功！','url'=>'/account/secure')); return true; }else{ $this->view->error = view::Error("修改失败"); return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } }//password if($opt == "email") { $this->view->section = "email"; if(!empty($submit)) { $email = $this->_getParam('email'); $password = $this->_getParam('password'); if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) { $this->view->error = view::Error("错误的邮箱格式"); return true; } $sql = "SELECT password FROM users WHERE id=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); if(md5($password) != $row['password']) { $this->view->error = view::Error("原密码错误"); return true; } $data['email'] = $email; if($this->db->update("users",$data,"id=$uid")) { view::Post($this,array("content"=>'修改成功！','url'=>'/account/secure')); return true; }else{ $this->view->error = view::Error("修改失败"); return true; } }else{ $this->view->info = $usr->getUserInfo($uid); } }//email } function AccountSecureParamFilter(){ $data = array(); $data['password'] = trim($this->_getParam('password')); $data['new_password'] = trim($this->_getParam('new_password')); $data['new_password_confrim'] = trim($this->_getParam('new_password_confrim')); foreach($data as $k=>$v) { $data[$k] = $this->StringFilter($v); } return $data; } function init() { $this->messenger=$this->_helper->getHelper('FlashMessenger'); } function postDispatch() { //$this->view->messages = $this->messenger->getMessages(); } function registerAction() { $form = new RegisterForm(); $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $ut = new UsersTable(); $u = $ut->createRow(); $u->username = $form->getValue('username'); $u->password = $form->getValue('password'); $u->email=$form->getValue('email'); if ($form->getValue('realname')) $u->realname=$form->getValue('realname'); if ($form->getValue('phone')) $u->phone=$form->getValue('phone'); if ($form->getValue('address')) $u->address=$form->getValue('address'); if ($form->getValue('unit')) $u->unit=$form->getValue('unit'); if ($form->getValue('project')) $u->project=$form->getValue('project'); if ($u->save()) { //注册邮件 $mail_template = "member-register-en"; $mail_data = array( 'name'=>$formData['username'], ); $mail = new Mail(); $mail->loadTemplate($mail_template,$mail_data); $mail->addTo($formData['email'],$formData['username']); $mail->send(); //自动登录系统 $this->login($formData['username'],$formData['password']); $this->_redirect('/'); } } else { $form->populate($formData); } } } function loginAction() { $success=false; $options = array( 'module' => $this->_request->getModuleName(), 'controller' => $this->_request->getControllerName(), 'action' => $this->_request->getActionName(), ); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { view::Post($this,"您已经登录，无需重复登录",-1); return true; } $tohref = $this->_request->getParam('href'); if(($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login")) { $this->view->href = $_SERVER['REQUEST_URI']; } if($tohref == "/account/login") { $this->view->href = $tohref = "/"; } if(!empty($tohref)) { $this->view->href = $tohref; } $captcha = $this->loadCaptcha(); $submit = $this->_getParam("submit"); if(!empty($submit)) { $username = trim($this->_request->getParam('username')); $password = trim($this->_request->getParam('password')); $captchaword = trim($this->_request->getParam('captcha')); if(empty($username)) { $this->setCaptcha($captcha); $this->view->error = "请输入用户名"; return true; } if(empty($password)) { $this->setCaptcha($captcha); $this->view->error = "请输入密码"; return true; } if(empty($captchaword)) { $this->setCaptcha($captcha); $this->view->error = "请输入验证码"; return true; } if(!isset($_SESSION['captcha'])) { $_SESSION['captcha'] = md5(time()); } if ($captchaword != $_SESSION['captcha']) { $this->setCaptcha($captcha); $this->view->error = "验证码错误"; return true; } if (!$this->login($username,$password)) { $this->setCaptcha($captcha); $this->view->error = "用户名或密码错误"; $this->view->userid = $username; return true; } else { if(!empty($tohref)) { view::Post($this,"登录成功，正在跳转",$tohref); return true; } } }else{ $this->setCaptcha($captcha); } } function loadCaptcha() { $captcha = new Zend_Captcha_Image(array( 'captcha' => 'Image', 'wordLen' => 4, 'fontsize'=>16, 'width' => 100, 'height' => 38, 'dotNoiseLevel'=>2, 'lineNoiseLevel'=>1, 'timeout' => 300, 'font' => '../data/fonts/ggbi.ttf', 'imgDir' => 'vdimg/', 'imgUrl' => '/vdimg', )); return $captcha; } function setCaptcha(Zend_Captcha_Image $captcha,$ajax = false){ $captcha->generate(); $_SESSION['captcha'] = $captcha->getWord(); $url = $captcha->getImgUrl() .$captcha->getId() .$captcha->getSuffix(); if(!$ajax) { $this->view->captcha = $url; }else{ return $url; } } function captchaAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $captcha = $this->loadCaptcha(); $url = $this->setCaptcha($captcha,true); echo $url; return true; } function logoutAction() { $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); require_once 'member.php'; $mb=new member(); member::flushcookie(); $this->_redirect('/'); } private function default_login($u,$p) { $auth = Zend_Auth::getInstance(); $db=Zend_Registry::get('db'); $authAdapter = new Zend_Auth_Adapter_DbTable($db); $authAdapter->setTableName('users') ->setIdentityColumn('username') ->setCredentialColumn('password'); $authAdapter->setIdentity($u)->setCredential(md5($p)); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { // success: store database row to auth's storage $data = $authAdapter->getResultRowObject(null,'password'); //头像 include_once("Avatar.php"); $avatar = new Avatar(); $data->avatar = $avatar->Get($data->email,40); //组ID include_once("Users.php"); $usr = new Users($db); $data->gid = $usr->getGroup($data->id); $auth->getStorage()->write($data); $db->query("update users set ts_last_login=now() where username=?",array($u)); if ($this->_request->getParam('remember')) { $sql="select usertype from users where username='$u'"; $rs=$db->query($sql); $row=$rs->fetch(); //if($row['usertype']!='administrator') { require_once 'member.php'; $mb = new member(); $mb -> putcookie($u,md5($p)); } } return true; }else { return false; } return false; } private function aspnet_login($p,$salt,$password) { $p1=implode("\x00",str_split($p))."\x00"; $ball=base64_decode($salt).$p1; return trim($password)==base64_encode(sha1($ball,true)); } // 首先判断是否存在salt // 若有salt，则按照aspnet membership加密算法进行判断 function login($u,$p) { $ut= new UsersTable(); $db=$ut->getAdapter(); $sql="select password,salt from users where username=?"; $uq=$db->query($sql,array($u)); if ($urow=$uq->fetchObject()) { if (empty($urow->salt)) return $this->default_login($u,$p); else { //进行判断并进行转换到默认 if ($this->aspnet_login($p,$urow->salt,$urow->password)) { $sql="update users set password=md5(?),salt='' where username=?"; $db->query($sql,array($p,$u)); return $this->default_login($u,$p); } else return false; } } else { //没有对应的用户，登录失败 return false; } } function fetchpwdAction() { $ut= new UsersTable(); $db=$ut->getAdapter(); $form = new LostpwdForm(); $key=$this->_request->getParam('key'); $login=$this->_request->getParam('login'); if (empty($key) && empty($login)) { $this->view->form = $form; if ($this->_request->isPost()) { $formData = $this->_request->getPost(); if ($form->isValid($formData)) { $sql="select * from users where email=?"; $uq=$db->query($sql,array($formData['email'])); if ($urow=$uq->fetchObject()) { //email the url to user $username=$urow->username; $sql="update users set activation=? where email=?"; $uid=uniqid(); $db->query($sql,array($uid,$formData['email'])); //发邮件 $mail_template = "users-changepassword"; $mail_data = array( 'name'=>$username, 'url' => view::getHostLink()."/account/fetchpwd/".$username."/".$uid ); $mail = new Mail(); $mail->loadTemplate($mail_template,$mail_data); $mail->addTo($formData['email'],$username); $mail->send(); $this->view->messages[]='请检查您的新邮件中的确认激活链接。'; $this->view->form=false;//do not echo form } else $this->messenger->addMessage('对不起，没有找到对应的电子邮件地址。'); } } else $this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。'; } else { $sql="select * from users where username=? and activation=?"; $uq=$db->query($sql,array($login,$key)); $tmp_pwd=uniqid(); if ($urow=$uq->fetchObject()) { $sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?"; $db->query($sql,array($login,$key)); //发邮件 $mail_template = "users-changepassword"; $mail_data = array( 'name'=>$login, 'tmp_pwd' => $tmp_pwd ); $mail = new Mail(); $mail->loadTemplate($mail_template,$mail_data); $mail->addTo($urow->email,$login); $mail->send(); $this->view->messages[]='请查收您新邮件中的新密码'; $this->view->form=false;//do not echo form } } } //找回密码 }