westdc-zf1/application/default/controllers/AccountController.php

608 lines
17 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
use Mail\Mail;
use Open\Client;
use Users\Account;
use Helpers\Captcha;
use Helpers\View as view;
class AccountController extends Zend_Controller_Action
{
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db = Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
$this->view->theme = new Theme();
}
function indexAction()
{
$this->view->pageID = "account-index";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->info = $usr->getUserInfo($uid);
}
function editAction()
{
$this->view->pageID = "account-edit";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
include_once("Avatar.php");
$avatar = new Avatar();
$this->view->avatar = $avatar->Get($user->email,140);
$this->view->projectType = array(
"" => '',
"国家973计划项目课题" => "国家973计划项目课题",
"国家863计划课题"=>"国家863计划课题",
"国家级科技支撑课题" => "国家级科技支撑课题",
"国家级科技重大专项" => "国家级科技重大专项",
"国家级国家重大工程" => "国家级国家重大工程",
"国家级国家自然科学基金" => "国家级国家自然科学基金",
"国际合作项目"=>"国际合作项目",
"省部级项目" => "省部级项目",
"其他项目工程" => "其他项目工程"
);
$submit = $this->_getParam('submit');
if(!empty($submit))
{
$data = $this->AccountEditParamFilter();
if($this->db->update("users",$data,"id=$uid"))
{
$this->view->AlertType = "alert-success";
$this->view->msg = "修改成功!";
$this->view->jump_url = "/account/edit";
return true;
}else{
$this->view->AlertType = "alert-error";
$this->view->error = "修改失败,请重试";
$this->view->info = $data;
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}
function AccountEditParamFilter(){
$data = array();
$data['realname'] = substr(trim($this->_getParam('realname')),0,40);
$data['unit'] = substr(trim($this->_getParam('unit')),0,100);
$data['address'] = substr(trim($this->_getParam('address')),0,100);
$data['phone'] = substr(trim($this->_getParam('phone')),0,15);
$data['postcode'] = substr(trim($this->_getParam('postcode')),0,15);
$data['project_type'] = substr(trim($this->_getParam('project_type')),0,100);
$data['project_id'] = substr(trim($this->_getParam('project_id')),0,40);
$data['project_title'] = substr(trim($this->_getParam('project_title')),0,100);
$data['project'] = substr(trim($this->_getParam('project')),0,600);
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function StringFilter($string){
$string = preg_replace ('/<[^>]*>/', ' ', $string);
return $string;
}
function secureAction()
{
$this->view->pageID = "account-secure";
include_once("Users.php");
$usr = new Users($this->db);
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$uid = $user->id;
}
$opt = $this->_getParam('opt');
$submit = $this->_getParam('submit');
if(empty($opt))
{
$this->view->section = "password";
if(!empty($submit))
{
$data = $this->AccountSecureParamFilter();
$this->view->AlertType = "alert-error";
if(strlen($data['password'])>18 || strlen($data['new_password'])>18)
{
$this->view->error = view::Error("密码过长");
return true;
}
if(strlen($data['new_password'])<=6 || strlen($data['new_password_confrim'])<=6)
{
$this->view->error = view::Error("密码过短请输入大于6位的密码");
return true;
}
if(md5($data['new_password']) != md5($data['new_password_confrim']))
{
$this->view->error = view::Error("两次输入的密码不相同");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($data['password']) != $row['password'])
{
$this->view->error = view::Error("原密码不正确");
return true;
}
$data['password'] = md5($data['new_password']);
unset($data['new_password']);
unset($data['new_password_confrim']);
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//password
if($opt == "email")
{
$this->view->section = "email";
if(!empty($submit))
{
$email = $this->_getParam('email');
$password = $this->_getParam('password');
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
$this->view->error = view::Error("错误的邮箱格式");
return true;
}
$sql = "SELECT password FROM users WHERE id=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if(md5($password) != $row['password'])
{
$this->view->error = view::Error("原密码错误");
return true;
}
$data['email'] = $email;
if($this->db->update("users",$data,"id=$uid"))
{
view::Post($this,array("content"=>'修改成功!','url'=>'/account/secure'));
return true;
}else{
$this->view->error = view::Error("修改失败");
return true;
}
}else{
$this->view->info = $usr->getUserInfo($uid);
}
}//email
}
function AccountSecureParamFilter(){
$data = array();
$data['password'] = trim($this->_getParam('password'));
$data['new_password'] = trim($this->_getParam('new_password'));
$data['new_password_confrim'] = trim($this->_getParam('new_password_confrim'));
foreach($data as $k=>$v)
{
$data[$k] = $this->StringFilter($v);
}
return $data;
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$form = new RegisterForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$ut = new UsersTable();
$u = $ut->createRow();
$u->username = $form->getValue('username');
$u->password = $form->getValue('password');
$u->email=$form->getValue('email');
if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
if ($form->getValue('address')) $u->address=$form->getValue('address');
if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
if ($form->getValue('project')) $u->project=$form->getValue('project');
if ($u->save()) {
//注册邮件
$mail_template = "member-register";
$mail_data = array(
'name'=>$formData['username'],
);
$mail = new Mail();
$mail->loadTemplate($mail_template,$mail_data);
$mail->addTo($formData['email'],$formData['username']);
$mail->send();
//自动登录系统
$this->login($formData['username'],$formData['password']);
$this->_redirect('/');
}
} else {
$form->populate($formData);
}
}
}
function loginAction()
{
$options = array(
'module' => $this->_request->getModuleName(),
'controller' => $this->_request->getControllerName(),
'action' => $this->_request->getActionName(),
);
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
view::Post($this,"您已经登录,无需重复登录",-1);
return true;
}
$tohref = $this->_request->getParam('href');
if(($options['module']=="default" && $options['controller'] == "account" && $options['action'] == "login"))
{
$this->view->href = $_SERVER['REQUEST_URI'];
}
if($tohref == "/account/login")
{
$this->view->href = $tohref = "/";
}
if(!empty($tohref))
{
$this->view->href = $tohref;
}
$captcha = new Captcha();
$submit = $this->_getParam("submit");
if(!empty($submit))
{
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$captchaword = trim($this->_request->getParam('captcha'));
$account = new Account();
$status = $account->login(array(
'username' => $username,
'password' => $password
));
if(isset($status['error']))
{
$this->view->error = $status;
$this->view->captcha = $captcha->setCaptcha();
return true;
}
if(!$captcha->isValid($captchaword))
{
$this->view->error = "验证码错误";
$this->view->captcha = $captcha->setCaptcha();
return true;
}
view::Post($this,"登录成功,正在跳转",$tohref);
return true;
}
$this->view->captcha = $captcha->setCaptcha();
}
function loadCaptcha()
{
$captcha = new Zend_Captcha_Image(array(
'captcha' => 'Image',
'wordLen' => 4,
'fontsize'=>16,
'width' => 100,
'height' => 38,
'dotNoiseLevel'=>2,
'lineNoiseLevel'=>1,
'timeout' => 300,
'font' => '../data/fonts/ggbi.ttf',
'imgDir' => 'vdimg/',
'imgUrl' => '/vdimg',
));
return $captcha;
}
function setCaptcha(Zend_Captcha_Image $captcha,$ajax = false){
$captcha->generate();
$_SESSION['captcha'] = $captcha->getWord();
$url = $captcha->getImgUrl()
.$captcha->getId()
.$captcha->getSuffix();
if(!$ajax)
{
$this->view->captcha = $url;
}else{
return $url;
}
}
function captchaAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$captcha = $this->loadCaptcha();
$url = $this->setCaptcha($captcha,true);
echo $url;
return true;
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
member::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
//头像
include_once("Avatar.php");
$avatar = new Avatar();
$data->avatar = $avatar->Get($data->email,40);
//组ID
include_once("Users.php");
$usr = new Users($db);
$data->gid = $usr->getGroup($data->id);
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
//if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}else
{
return false;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
//发邮件
$mail_template = "users-changepassword";
$mail_data = array(
'name'=>$username,
'url' => view::getHostLink()."/account/fetchpwd/".$username."/".$uid
);
$mail = new Mail();
$mail->loadTemplate($mail_template,$mail_data);
$mail->addTo($formData['email'],$username);
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
//发邮件
$mail_template = "users-changepassword";
$mail_data = array(
'name'=>$login,
'tmp_pwd' => $tmp_pwd
);
$mail = new Mail();
$mail->loadTemplate($mail_template,$mail_data);
$mail->addTo($urow->email,$login);
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
} //找回密码
//OAuth2登录跳转页面
public function oauth2loginAction()
{
$type = $this->_getParam('type');
$client = new Client();
$url = $client->makeRequestCodeUrl($type);
view::Post($this,"为您转入科技网登录入口",$url);
}
//oauth2登录回调地址
public function callbackAction()
{
$type = $this->_getParam('type');
$code = $this->_getParam('code');
$client = new Client($type);
$client->initSource();
$target = $client->getSource()->getTarget($type);
$this->view->target_name = $target['name'];
$token = $client->requestToken($code);
if(is_string($token))
{
view::Post($this,$token,'/account/login');
}
$status = $client->storageTokenData($type,$token);
if($status === true)
{
echo "<script>self.location='/index'</script>";
}else{
echo $status;
}
}
}