bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
westdc-zf1/application/default/controllers/AccountController.php

723 lines
18 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$reg = $this->_request->getParam('submit');
if(!empty($reg))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
try{
$username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8');
$name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$postcode = mb_substr(trim($this->_request->getParam('postcode')),0,10,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8');
$password_confirm = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8');
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(strlen($username)<6)
{
echo box::warning('用户名不能少于6个字符');
exit();
}
if(strlen($username)>20)
{
echo box::warning('用户名不能超过20个字符');
exit();
}
if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username))
{
echo box::warning("用户名只能包含英文字母及数字");
exit();
}
if(strlen($name)<2)
{
echo box::warning("姓名太短");
exit();
}
if(strlen($name)>32)
{
echo box::warning("姓名太长");
exit();
}
if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name))
{
echo box::warning("姓名中包含非法字符");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone))
{
echo box::warning("请输入正确的电话号码");
exit();
}
if(!empty($postcode) && !is_numeric($postcode))
{
echo box::warning("请输入正确的邮政编码");
exit();
}
if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit))
{
echo box::warning("输入的内容中包含非法字符");
exit();
}
if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address))
{
echo box::warning("地址中包含非法字符");
exit();
}
$match = "/[\"|'|\\\]/i";
if(preg_match($match,$password) || preg_match($match,$password_confirm))
{
echo box::warning("密码中包含非法字符,请重新输入");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(strlen($password)<6)
{
echo box::warning("密码太短");
exit();
}
if(strlen($password)>20)
{
echo box::warning("密码长度不能超过20个字符");
exit();
}
if($password!==$password_confirm)
{
echo box::warning("两次输入的密码不同");
exit();
}
$sql = "select id from users where username like '%$username%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该用户名已经被占用,请更换");
exit();
}
$sql = "select id from users where email like '%$email%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该Email已经被使用请更换");
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
$sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,postcode,usertype)
VALUES (?,?,?,?,?,?,?,?,?,?)";
$sth = $this->db->prepare($sql);
$ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,$postcode,'member'));
//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
// VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
//$ec = $this->db->exec($sql);
if($ec)
{
$this->login($username,md5($password));
echo box::success("<script>$('#signup').hide();$('#info').html('注册成功!<br /><a href=\"\/\">网站首页</a> <a href=\"\/account\/edit\">我的帐号</a>')</script>");
exit();
}
else
{
echo box::warning("处理中发生错误,请重试");
exit();
}
}catch(Exception $e){
echo box::warning("发生错误:".$e->getMessage());
exit();
}
}//ajax 注册
}
function editAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
}
function saveoptAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$opt = $this->_request->getParam('opt');
include_once('ajax/box.php');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
else
{
echo "You must log in";
exit();
}
if($opt == 'general')
{
$realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$postcode = mb_substr(trim((int)$this->_request->getParam('postcode')),0,10,'utf-8');
try{
if(empty($realname))
{
echo box::warning("请输入姓名");
exit();
}
$sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project',postcode='$postcode' WHERE id='{$rows['id']}'";
if($this->db->query($sql))
{
echo box::success("保存成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch (Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else if ($opt == 'email')
{
$email = substr(trim($this->_request->getParam('email')),0,100);
$password = trim($this->_request->getParam('password'));
try{
if(empty($email))
{
echo box::warning("请输入电子邮件地址");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的电子邮件地址");
exit();
}
if(md5($password)!==$rows['password']){
echo box::warning("密码错误");
exit();
}
$sql = "UPDATE users SET email='$email' where id='{$rows['id']}'";
if($this->db->query($sql))
{
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else if ($opt == 'password')
{
$password = trim($this->_request->getParam('password'));
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
$match = "/[\"|'|\\\]/i";
if(empty($password))
{
echo box::warning("请输入当前密码");
exit();
}
if(empty($password_new))
{
echo box::warning("请输入新密码");
exit();
}
if($password==$password_new)
{
echo box::warning("新密码不能与当前的密码相同");
exit();
}
if(empty($password_confirm))
{
echo box::warning("请再次输入新密码");
exit();
}
if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password))
{
echo box::warning("您输入的内容中包含非法字符");
exit();
}
if(strlen($password_new)<6)
{
echo box::warning("新密码太短");
exit();
}
if(strlen($password_new)>20)
{
echo box::warning("新密码太长");
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo box::warning("您两次输入的新密码不同");
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'";
if($this->db->query($sql))
{
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
else
{
exit();
}
} //saveopt ajax修改用户信息
function loginAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$href = $this->_getParam('href');
if(!empty($href))
{
$this->view->href = $href;
}
if($_SERVER['REQUEST_URI']!='/account/login')
{
$this->view->href = $_SERVER['REQUEST_URI'];
}
}
function dologinAction(){
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$submit = $this->_request->getParam('submit');
if(!empty($submit))
{
$success=false;
$message='';
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(empty($username))
{
echo box::warning('请输入用户名');
exit();
}
if(empty($password))
{
echo box::warning('请输入密码');
exit();
}
if(empty($vdcode))
{
echo box::warning('请输入验证码');
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
if (!$this->login($username,$password))
{
echo box::error('用户名或密码错误');
exit();
}
else
{
$href = $this->_getParam('href');
if(!empty($href))
{
$tohref = $href;
}else{
$tohref = "/";
}
echo box::success('登录成功,<a href="'.$tohref.'">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\''.$tohref.'\';",2000);</script>');
exit();
}
}
}
function logoutAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$auth->clearIdentity();
require_once 'member.php';
member::flushcookie();
$this->_redirect('/');
}
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u));
if ($this->_request->getParam('remember')) {
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
return true;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$db=Zend_Registry::get('db');
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$email = $this->_request->getParam('email');
include_once('ajax/box.php');
if(empty($email))
{
echo box::warning('请输入要找回密码的账户所对应的Email地址');
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
$sql = "SELECT * FROM users WHERE email=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($email));
$row = $sth->fetch();
if($row['id']=='')
{
echo box::error("未找到对应用户");
exit();
}
//email the url to user
$username=$row['username'];
$sql="update users set activation=? where email=?";
$uid=uniqid();
$link = "http://".$_SERVER ['HTTP_HOST']."/account/getpasswd?a=$uid&u=$username";
$this->db->query($sql,array($uid,$email));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('link' => $link)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,$this->view->config->service->poster);
$mail->setSubject($mailtp->getSubject());
$mail->addTo($email);
@$mail->send();
echo box::success('请查看已经发送至您邮箱中的激活链接');
exit();
}// function fetchpwdAction()
function getpasswdAction(){
$ac = $this->_getParam('ac');
$activation = $this->_getParam('a');
$uid = $this->_getParam('u');
if(empty($ac))
{
$this->view->resetid = $activation;
$this->view->uid = $uid;
}
//echo $ac.$activation.$uid;exit();
if($ac == 'set' && !empty($activation) && !empty($uid))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$sql = "SELECT * FROM users WHERE activation=? AND username=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($activation,$uid));
$row = $sth->fetch();
if(empty($row['id']))
{
echo box::warning("操作失败,您的访问中出现问题");
exit();
}
else
{
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
include_once("ajax/box.php");
$match = "/[\"|'|\\\]/i";
if(empty($password_new))
{
echo box::warning("请输入新密码");
exit();
}
if(empty($password_confirm))
{
echo box::warning("请再次输入新密码");
exit();
}
if(preg_match($match,$password_new) || preg_match($match,$password_confirm))
{
echo box::warning("您输入的内容中包含非法字符");
exit();
}
if(strlen($password_new)<6)
{
echo box::warning("新密码太短");
exit();
}
if(strlen($password_new)>20)
{
echo box::warning("新密码太长");
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo box::warning("您两次输入的新密码不同");
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$uid' AND activation='$activation'";
if($this->db->query($sql))
{
$sql = "UPDATE users SET activation='' WHERE username='$uid' AND activation='$activation'";
$this->db->query($sql);
echo box::success("修改成功");
exit();
}else{
echo box::error("修改失败,请重试");
exit();
}
}catch(Exception $e){
echo box::error("修改失败,请重试");
exit();
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink