bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
westdc-zf1/application/default/controllers/AccountController.php

655 lines
18 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$reg = $this->_request->getParam('submit');
if(!empty($reg))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
try{
$username = mb_substr(trim($this->_request->getParam('username')),0,100,'utf-8');
$name = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$email = mb_substr(trim($this->_request->getParam('email')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
$password = mb_substr(trim($this->_request->getParam('password')),0,22,'utf-8');
$password_confirm = mb_substr(trim($this->_request->getParam('password_confirm')),0,22,'utf-8');
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(strlen($username)<6)
{
echo box::warning('用户名不能少于6个字符');
exit();
}
if(strlen($username)>20)
{
echo box::warning('用户名不能超过20个字符');
exit();
}
if(!preg_match("/^[a-zA-Z][a-zA-Z0-9_]{4,19}$/",$username))
{
echo box::warning("用户名只能包含英文字母及数字");
exit();
}
if(strlen($name)<2)
{
echo box::warning("姓名太短");
exit();
}
if(strlen($name)>32)
{
echo box::warning("姓名太长");
exit();
}
if(preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\+|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$name))
{
echo box::warning("姓名中包含非法字符");
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
if(!empty($phone) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$phone))
{
echo box::warning("请输入正确的电话号码");
exit();
}
if(!empty($unit) && preg_match("/[\"|'|~|!|#|\$|%|\^|\&|\*|\{|\}|\[|\]|:|;|<|>|\?|\/]/",$unit))
{
echo box::warning("输入的内容中包含非法字符");
exit();
}
if(!empty($address) && preg_match("/[\"|'|~|!|\$|%|\^|\&|\*|\{|\}|\?|\/]/",$address))
{
echo box::warning("地址中包含非法字符");
exit();
}
$match = "/[\"|'|\\\]/i";
if(preg_match($match,$password) || preg_match($match,$password_confirm))
{
echo box::warning("密码中包含非法字符,请重新输入");
exit();
}
if(empty($password))
{
echo box::warning("请输入密码");
exit();
}
if(strlen($password)<6)
{
echo box::warning("密码太短");
exit();
}
if(strlen($password)>20)
{
echo box::warning("密码长度不能超过20个字符");
exit();
}
if($password!==$password_confirm)
{
echo box::warning("两次输入的密码不同");
exit();
}
$sql = "select id from users where username like '%$username%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该用户名已经被占用,请更换");
exit();
}
$sql = "select id from users where email like '%$email%'";
$rs = $this->db->query($sql);
$row = $rs->fetch();
if($row['id']>0)
{
echo box::warning("该Email已经被使用请更换");
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
$sql = "INSERT INTO users (username,password,email,realname,unit,address,project,phone,usertype)
VALUES (?,?,?,?,?,?,?,?,?)";
$sth = $this->db->prepare($sql);
$ec = $sth->execute(array($username,md5($password),$email,$name,$unit,$address,$project,$phone,'member'));
//$sql = "INSERT INTO users (username,password,usertype,email,realname,unit,address,project,phone)
// VALUES ('$username','".md5($password)."','member','$email','$name','$unit','$address','$project','$phone')";
//$ec = $this->db->exec($sql);
if($ec)
{
$this->login($username,md5($password));
echo box::success("<script>$('#signup').hide();$('#info').html('注册成功!<br /><a href=\"\/\">网站首页</a> <a href=\"\/account\/edit\">我的帐号</a>')</script>");
exit();
}
else
{
echo box::warning("An error occurred!Re-try please!");
exit();
}
}catch(Exception $e){
echo box::warning("An error occurred!".$e->getMessage());
exit();
}
}//ajax 注册
}
function editAction()
{
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
}
function saveoptAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$opt = $this->_request->getParam('opt');
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$user = $auth->getIdentity();
$username = $user->username;
$sql = "select * from users where username='$username'";
$rs = $this->db->query($sql);
$rows = $rs->fetch();
$this->view->user = $rows;
}
else
{
echo "You must log in";
exit();
}
if($opt == 'general')
{
$realname = mb_substr(trim($this->_request->getParam('name')),0,100,'utf-8');
$phone = mb_substr(trim($this->_request->getParam('phone')),0,100,'utf-8');
$unit = mb_substr(trim($this->_request->getParam('employer')),0,200,'utf-8');
$address = mb_substr(trim($this->_request->getParam('address')),0,250,'utf-8');
$project = mb_substr(trim($this->_request->getParam('project')),0,500,'utf-8');
try{
if(empty($realname))
{
echo "Please enter your Name";
exit();
}
$sql = "UPDATE users SET realname='$realname',phone='$phone',unit='$unit',address='$address',project='$project' WHERE id='{$rows['id']}'";
if($this->db->query($sql))
{
echo "Saved!";
exit();
}else{
echo "Failed!";
exit();
}
//Error!Retry please!SQLSTATE[42P02]: Undefined parameter: 7 错误: 没有参数 $1 CONTEXT: Error occurred on dblink connection named "unnamed": could not execute command.
}catch (Exception $e){
echo "An error occurred!";
exit();
}
}
else if ($opt == 'email')
{
$email = substr(trim($this->_request->getParam('email')),0,100);
$password = trim($this->_request->getParam('password'));
try{
if(empty($email))
{
echo "Please enter your E-mail";
exit();
}
if(empty($password))
{
echo "Please enter your password";
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo "Incorrect email";
exit();
}
if(md5($password)!==$rows['password']){
echo "The password you entered is incorrect.Please re-enter your password";
exit();
}
$sql = "UPDATE users SET email='$email' where id='{$rows['id']}'";
if($this->db->query($sql))
{
echo "Saved!";
exit();
}else{
echo "Failed!";
exit();
}
}catch(Exception $e){
echo "An error occurred!";
exit();
}
}
else if ($opt == 'password')
{
$password = trim($this->_request->getParam('password'));
$password_new = trim($this->_request->getParam('password_new'));
$password_confirm = trim($this->_request->getParam('password_confirm'));
$match = "/[\"|'|\\\]/i";
if(empty($password))
{
echo "Please enter your password";
exit();
}
if(empty($password_new))
{
echo "Please enter your new password";
exit();
}
if($password==$password_new)
{
echo "New password cannot be same as the old";
exit();
}
if(empty($password_confirm))
{
echo "Please re-enter your new password";
exit();
}
if(preg_match($match,$password) || preg_match($match,$password_new) || preg_match($match,$password_confirm) || $rows['password']!== md5($password))
{
echo "The password you entered is incorrect.Please re-enter your password";
exit();
}
if(strlen($password_new)<6)
{
echo "Your new password is too short";
exit();
}
if(strlen($password_new)>20)
{
echo "Your new password is too long";
exit();
}
if(md5($password_new) !== md5($password_confirm))
{
echo "Entered passwords differ from the another";
exit();
}
try{
$sql = "UPDATE users SET password='".md5($password_new)."' WHERE username='$username'";
if($this->db->query($sql))
{
echo "Changes Saved!";
exit();
}else{
echo "Failed!Please check the input content";
exit();
}
}catch(Exception $e){
echo "An error occurred!";
exit();
}
}
else
{
exit();
}
} //saveopt ajax修改用户信息
function loginAction()
{
$submit = $this->_request->getParam('submit');
if(!empty($submit))
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$success=false;
$message='';
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$username = trim($this->_request->getParam('username'));
$password = trim($this->_request->getParam('password'));
$vdcode = strtolower(substr(trim($this->_request->getParam('vdcode')),0,4));
include_once('ajax/box.php');
if(empty($username))
{
echo box::warning('请输入用户名');
exit();
}
if(empty($password))
{
echo box::warning('请输入密码');
exit();
}
if(empty($vdcode))
{
echo box::warning('请输入验证码');
exit();
}
if($vdcode != $_SESSION['vdcodes'])
{
echo box::warning("验证码错误");
exit();
}
if (!$this->login($username,$password))
{
echo box::error('用户名或密码错误');
exit();
}
else
{
echo box::success('登录成功,<a href="/">如果页面没有跳转请点击这里</a><script>var t = setTimeout("self.location=\'\/\';",2000);</script>');
exit();
}
$tohref = $this->_request->getParam('href');
if(!empty($tohref))
{
$this->_redirect($tohref);
}else{
$this->_redirect($this->_request->getParam('return'));
}
}
}
function logoutAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
{
$auth->clearIdentity();
require_once 'member.php';
member::flushcookie();
$this->_redirect('/');
}
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$db->query($db->quoteInto("update users set ts_last_login=now() where username=?",$u));
if ($this->_request->getParam('remember')) {
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
return true;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$db=Zend_Registry::get('db');
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity())
$this->_redirect('/account');
$email = $this->_request->getParam('email');
include_once('ajax/box.php');
if(empty($email))
{
echo box::warning('请输入要找回密码的账户所对应的Email地址');
exit();
}
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email))
{
echo box::warning("请输入正确的Email地址");
exit();
}
$sql = "SELECT * FROM users WHERE email=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($email));
$row = $sth->fetch();
if($row['id']=='')
{
echo box::error("未找到对应用户");
exit();
}
//email the url to user
$username=$row['username'];
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('user' => $username,'uid'=>$uid)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($email);
$mail->send();
$this->view->messages[]='Please check the activation link in your email.';
$this->view->form=false;//do not echo form
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,
'member-fetchpwd',
array('user' => $username,'uid'=>$uid)
);
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($formData['email']);
$mail->send();
$this->view->messages[]='Please check the activation link in your email.';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('Sorry, the email is not found.');
}
} else
$this->view->messages[]='Please input your email, you will get the new password in your email.';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$mailtp=new EmailText($this->db,'member-resetpwd',
array('user' => $login,'pwd'=>$tmp_pwd));
$mail->setBodyText($mailtp->getBody());
$mail->setFrom($this->view->config->service->email,'WDSCAR Service Team');
$mail->setSubject($mailtp->getSubject());
$mail->addTo($urow->email);
$mail->send();
$this->view->messages[]='Please check your new password in your email.';
$this->view->form=false;//do not echo form
}
}
}// function fetchpwdAction()
}
Reference in New Issue View Git Blame Copy Permalink