westdc-zf1/application/default/controllers/AccountController.php

<?php

class AccountController extends Zend_Controller_Action 
{
    function indexAction()
    {
        $this->_redirect('/');
    }
    function init()
    {
    	$this->messenger=$this->_helper->getHelper('FlashMessenger');
    }
    function postDispatch()
    {
    	$this->view->config = Zend_Registry::get('config');
    	$this->view->messages = $this->messenger->getMessages();
    }
    function preDispatch()
    {
		$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
    }  
        
    function registerAction()
    {
        $form = new RegisterForm();
        $this->view->form = $form;
        
        if ($this->_request->isPost()) {
            $formData = $this->_request->getPost();
            if ($form->isValid($formData)) {
                $ut = new UsersTable();
                $u = $ut->createRow();
                $u->username = $form->getValue('username');
                $u->password = $form->getValue('password');
                $u->email=$form->getValue('email');
                if ($form->getValue('realname'))  $u->realname=$form->getValue('realname');
                if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
                if ($form->getValue('address')) $u->address=$form->getValue('address');
                if ($form->getValue('unit')) $u->unit=$form->getValue('unit');                
                if ($form->getValue('project'))  $u->project=$form->getValue('project');
                if ($u->save()) {
                	//发送欢迎邮件
                	$mail = new Zend_Mail('utf-8');
						$body=file_get_contents($this->view->config->register->email->template);
						$body=str_replace("[username]",$formData['username'],$body);
                	$mail->setBodyText($body);
                	$mail->setFrom('westdc@westgis.ac.cn');
                	$mail->addTo($formData['email']);
                	//中文标题有乱码，在1.5版本中尚未解决
                	//ref: http://framework.zend.com/issues/browse/ZF-2532
                	$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
				$tr=new Zend_Mail_Transport_Smtp($this->view->config->smtp->host,
					array('ssl' => $this->view->config->smtp->ssl,
					'auth'=>$this->view->config->smtp->auth,
					'username'=>$this->view->config->smtp->username,
					'password'=>$this->view->config->smtp->password));
    			$mail->send($tr);

                	//自动登录系统
                	$this->login($formData['username'],$formData['password']);
                	$this->_redirect('/');
                }
            } else {
                $form->populate($formData);
            }
        }
    }
    function editAction()
    {
    	$form=new UsereditForm();
    	$this->view->form=$form;
    	$auth = Zend_Auth::getInstance();
    	$user = $auth->getIdentity();
    	if ($this->_request->isPost()) {
			$formData = $this->_request->getPost();
         if ($form->isValid($formData)) {  
         	//save user info
         	$ut=new UsersTable();
         	$row=$ut->fetchRow('id='.$formData['id']);
         	if (md5($formData['oldpassword'])==$row->password && $formData['password']) {
         	//修改密码
					$row->password=md5($formData['password']);
				}
        		if ($formData['email']) $row->email=$formData['email'];
         	if ($formData['phone']) $row->phone=$formData['phone'];
         	if ($formData['realname']) $row->realname=$formData['realname'];
         	if ($formData['unit']) $row->unit=$formData['unit'];
         	if ($formData['address']) $row->address=$formData['address'];
         	if ($formData['project']) $row->project=$formData['project'];
         	$row->save();
         	//todo:更新session信息
         }  	
    	} else {
    		/*$formData['id']=$user->id;
    		$formData['email']=$user->email;
    		$formData['phone']=$user->phone;
    		$formData['realname']=$user->realname;
    		$formData['unit']=$user->unit;
    		$formData['address']=$user->address;
    		$formData['project']=$user->project;*/
    		$ut=new UsersTable();
    		$row=$ut->fetchRow('id='.$user->id);
    		$formData['email']=$row->email;
    		$formData['phone']=$row->phone;
    		$formData['realname']=$row->realname;
    		$formData['unit']=$row->unit;
    		$formData['address']=$row->address;
    		$formData['project']=$row->project;
    		$formData['id']=$row->id;
    		$form->populate($formData);
    	}
    }
    function loginAction()
    {
        $form = new LoginForm();
        $success=false;
        $message='';
        $this->view->form = $form;
        $auth = Zend_Auth::getInstance();
        if ($auth->hasIdentity())   $this->_redirect('/account');
        if ($this->_request->isPost()) {
            $formData = $this->_request->getPost();
            if ($form->isValid($formData)) {
                if (!$this->login($formData['username'],$formData['password']))
                {
                	$this->messenger->addMessage('登录失败，请检查您的用户名和密码。');
                } else $success=true;
            }
       
         if(!$success) {
         	$flashMessenger = $this->_helper->getHelper('FlashMessenger');
         	$flashMessenger->setNamespace('actionErrors');
         	$flashMessenger->addMessage($message);
         	$this->_redirect('/account/login');
         } else $this->_redirect($this->_request->getParam('return'));
		} else {
			//$formData['redirect'] = $redirect;
			//$form->populate($formData);
		}
    }
    
    function logoutAction()
    {
    	$auth = Zend_Auth::getInstance();
    	$auth->clearIdentity();
    	$this->_redirect('/');
    }	

    private function default_login($u,$p)
    {
    	$auth = Zend_Auth::getInstance();
    	$db=Zend_Registry::get('db');
    	$authAdapter = new Zend_Auth_Adapter_DbTable($db);
    	$authAdapter->setTableName('users')
                            ->setIdentityColumn('username')
                            ->setCredentialColumn('password');
      $authAdapter->setIdentity($u)->setCredential(md5($p));
		if ($this->_request->getParam('remember')) {
			$authNamespace = new Zend_Session_Namespace('westdc'); 
			$authNamespace->setExpirationSeconds(2592000);
		}
      $result = $auth->authenticate($authAdapter);
      if ($result->isValid()) {
      	// success: store database row to auth's storage   	
         $data = $authAdapter->getResultRowObject(null,'password');
         $auth->getStorage()->write($data); 
         $db->query("update users set ts_last_login=now() where username=?",array($u));
         return true;
      }
      return false;
     }
     private function aspnet_login($p,$salt,$password)
     {
       $p1=implode("\x00",str_split($p))."\x00";
       $ball=base64_decode($salt).$p1;
       return trim($password)==base64_encode(sha1($ball,true));
     }
    // 首先判断是否存在salt
    // 若有salt，则按照aspnet membership加密算法进行判断
    function login($u,$p)
    {
      $ut= new UsersTable();
      $db=$ut->getAdapter();
      $sql="select password,salt from users where username=?";
      $uq=$db->query($sql,array($u));
      if ($urow=$uq->fetchObject())
      {
        if (empty($urow->salt))
          return $this->default_login($u,$p);
        else {          
          //进行判断并进行转换到默认
          if ($this->aspnet_login($p,$urow->salt,$urow->password))
          {
            $sql="update users set password=md5(?),salt='' where username=?";
            $db->query($sql,array($p,$u));
            return $this->default_login($u,$p);
          } else 
            return false;
        }
      } else {
        //没有对应的用户，登录失败
        return false;
      }
    }
}