westdc-zf1/application/default/controllers/AccountController.php

594 lines
18 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class AccountController extends Zend_Controller_Action
{
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db = Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
$this->view->theme = new Theme();
}
function indexAction()
{
$this->view->pageID = "account-index";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->info = $usr->getUserInfo($uid);
}
function editAction()
{
$this->view->pageID = "account-edit";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->projectType = array(
"" => '',
"国家973计划项目课题" => "国家973计划项目课题",
"国家863计划课题"=>"国家863计划课题",
"国家级科技支撑课题" => "国家级科技支撑课题",
"国家级科技重大专项" => "国家级科技重大专项",
"国家级国家重大工程" => "国家级国家重大工程",
"国家级国家自然科学基金" => "国家级国家自然科学基金",
"国际合作项目"=>"国际合作项目",
"省部级项目" => "省部级项目",
"其他项目工程" => "其他项目工程"
);
$submit = $this->_getParam('submit');
if(!empty($submit))
{
$data = $this->AccountEditParamFilter();
if($this->db->update("users",$data,"id=$uid"))
{
$this->view->AlertType = "alert-success";
$this->view->msg = "修改成功!";
$this->view->jump_url = "/account/edit";
return true;
}else{
$this->view->AlertType = "alert-error";
$this->view->error = "修改失败,请重试";
$this->view->info = $data;
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}
function AccountEditParamFilter(){
$data = array();
$data['realname'] = substr(trim($this->_getParam('realname')),0,40);
$data['unit'] = substr(trim($this->_getParam('unit')),0,100);
$data['address'] = substr(trim($this->_getParam('address')),0,100);
$data['phone'] = substr(trim($this->_getParam('phone')),0,15);
$data['postcode'] = substr(trim($this->_getParam('postcode')),0,15);
$data['project_type'] = substr(trim($this->_getParam('project_type')),0,100);
$data['project_id'] = substr(trim($this->_getParam('project_id')),0,40);
$data['project_title'] = substr(trim($this->_getParam('project_title')),0,100);
$data['project'] = substr(trim($this->_getParam('project')),0,600);
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function StringFilter($string){
$string = preg_replace ('/<[^>]*>/', ' ', $string);
return $string;
}
function secureAction()
{
$this->view->pageID = "account-secure";
include_once("helper/view.php");
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
$opt = $this->_getParam('opt');
$submit = $this->_getParam('submit');
if(empty($opt))
{
$this->view->section = "password";
if(!empty($submit))
{
$data = $this->AccountSecureParamFilter();
$this->view->AlertType = "alert-error";
if(strlen($data['password'])>18 || strlen($data['new_password'])>18)
{
$this->view->error = view::Error("密码过长");
return true;
}
if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6)
{
$this->view->error = view::Error("密码过短请输入大于6位的密码");
return true;
}
if(md5($data['new_password']) != md5($data['new_password_confrim']))
{
$this->view->error = view::Error("两次输入的密码不相同");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($data['password']) != $row['password'])
{
$this->view->error = view::Error("原密码不正确");
return true;
}
$data['password'] = md5($data['new_password']);
unset($data['new_password']);
unset($data['new_password_confrim']);
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//password
if($opt == "email")
{
$this->view->section = "email";
if(!empty($submit))
{
$email = $this->_getParam('email');
$password = $this->_getParam('password');
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
$this->view->error = view::Error("错误的邮箱格式");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($password) != $row['password'])
{
$this->view->error = view::Error("原密码错误");
return true;
}
$data['email'] = $email;
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//email
}
function AccountSecureParamFilter(){
$data = array();
$data['password'] = trim($this->_getParam('password'));
$data['new_password'] = trim($this->_getParam('new_password'));
$data['new_password_confrim'] = trim($this->_getParam('new_password_confrim'));
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$form = new RegisterForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$ut = new UsersTable();
$u = $ut->createRow();
$u->username = $form->getValue('username');
$u->password = $form->getValue('password');
$u->email=$form->getValue('email');
if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
if ($form->getValue('address')) $u->address=$form->getValue('address');
if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
if ($form->getValue('project')) $u->project=$form->getValue('project');
if ($u->save()) {
//发送欢迎邮件
$mail=new WestdcMailer($this->view->config->smtp);
$body=file_get_contents($this->view->config->register->email->template);
$body=str_replace("[username]",$formData['username'],$body);
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
//中文标题有乱码在1.5版本中尚未解决
//ref: http://framework.zend.com/issues/browse/ZF-2532
$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
$mail->send();
//自动登录系统
$this->login($formData['username'],$formData['password']);
$this->_redirect('/');
}
} else {
$form->populate($formData);
}
}
}
function loginAction()
{
include_once("helper/view.php");
$success=false;
$options = array(
'module' => $this->_request->getModuleName(),
'controller' => $this->_request->getControllerName(),
'action' => $this->_request->getActionName(),
);
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
view::Post($this,"您已经登录,无需重复登录",-1);
return true;
}
$tohref = $this->_request->getParam('href');
if(($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login"))
{
$this->view->href = $_SERVER['REQUEST_URI'];
}
if($tohref == "/account/login")
{
$this->view->href = $tohref = "/";
}
if(!empty($tohref))
{
$this->view->href = $tohref;
}
$captcha = $this->loadCaptcha();
$submit = $this->_getParam("submit");
if(!empty($submit))
{
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$captchaword = trim($this->_request->getParam('captcha'));
if(empty($username))
{
$this->setCaptcha($captcha);
$this->view->error = "请输入用户名";
return true;
}
if(empty($password))
{
$this->setCaptcha($captcha);
$this->view->error = "请输入密码";
return true;
}
if(empty($captchaword))
{
$this->setCaptcha($captcha);
$this->view->error = "请输入验证码";
return true;
}
if(!isset($_SESSION['captcha']))
{
$_SESSION['captcha'] = md5(time());
}
if ($captchaword != $_SESSION['captcha']) {
$this->setCaptcha($captcha);
$this->view->error = "验证码错误";
return true;
}
if (!$this->login($username,$password))
{
$this->setCaptcha($captcha);
$this->view->error = "用户名或密码错误";
$this->view->userid = $username;
return true;
}
else
{
if(!empty($tohref))
{
view::Post($this,"登录成功,正在跳转",$tohref);
return true;
}
}
}else{
$this->setCaptcha($captcha);
}
}
function loadCaptcha()
{
$captcha = new Zend_Captcha_Image(array(
'captcha' => 'Image',
'wordLen' => 4,
'fontsize'=>16,
'width' => 100,
'height' => 38,
'dotNoiseLevel'=>2,
'lineNoiseLevel'=>1,
'timeout' => 300,
'font' => '../data/fonts/ggbi.ttf',
'imgDir' => 'vdimg/',
'imgUrl' => '/vdimg',
));
return $captcha;
}
function setCaptcha(Zend_Captcha_Image $captcha,$ajax = false){
$captcha->generate();
$_SESSION['captcha'] = $captcha->getWord();
$url = $captcha->getImgUrl()
.$captcha->getId()
.$captcha->getSuffix();
if(!$ajax)
{
$this->view->captcha = $url;
}else{
return $url;
}
}
function captchaAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$captcha = $this->loadCaptcha();
$url = $this->setCaptcha($captcha,true);
echo $url;
return true;
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
member::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
//头像
include_once("Avatar.php");
$avatar = new Avatar();
$data->avatar = $avatar->Get($data->email,40);
//组ID
include_once("Users.php");
$usr = new Users($db);
$data->gid = $usr->getGroup($data->id);
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
//if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}else
{
return false;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
有人提出了针对此用户名的密码重置请求。
用户名:";
$body.=$username;
$body.="
若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。
";
$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
$mail->setSubject('密码已重置');
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
您的密码已修改。
用户名:";
$body.=$login;
$body.="密码:".$tmp_pwd;
$body.="
http://westdc.westgis.ac.cn/account/login";
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($urow->email);
$mail->setSubject('您的新密码');
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
} //找回密码
}