westdc-zf1/application/default/controllers/AccountController.php

319 lines
12 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
class AccountController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function init()
{
$this->messenger=$this->_helper->getHelper('FlashMessenger');
}
function postDispatch()
{
//$this->view->messages = $this->messenger->getMessages();
}
function preDispatch()
{
$this->view->config = Zend_Registry::get('config');
$this->_request->setParam('return', $this->_request->getServer('REQUEST_URI'));
//$this->db=Zend_Registry::get('db');
$this->view->messages = $this->messenger->getMessages();
}
function registerAction()
{
$form = new RegisterForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$ut = new UsersTable();
$u = $ut->createRow();
$u->username = $form->getValue('username');
$u->password = $form->getValue('password');
$u->email=$form->getValue('email');
if ($form->getValue('realname')) $u->realname=$form->getValue('realname');
if ($form->getValue('phone')) $u->phone=$form->getValue('phone');
if ($form->getValue('address')) $u->address=$form->getValue('address');
if ($form->getValue('unit')) $u->unit=$form->getValue('unit');
if ($form->getValue('project')) $u->project=$form->getValue('project');
if ($u->save()) {
//发送欢迎邮件
$mail=new WestdcMailer($this->view->config->smtp);
$body=file_get_contents($this->view->config->register->email->template);
$body=str_replace("[username]",$formData['username'],$body);
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
//中文标题有乱码在1.5版本中尚未解决
//ref: http://framework.zend.com/issues/browse/ZF-2532
$mail->setSubject('欢迎使用中国西部环境与生态数据中心');
$mail->send();
//自动登录系统
$this->login($formData['username'],$formData['password']);
$this->_redirect('/');
}
} else {
$form->populate($formData);
}
}
}
function editAction()
{
$form=new UsereditForm();
$this->view->form=$form;
$auth = Zend_Auth::getInstance();
$user = $auth->getIdentity();
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
//save user info
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$formData['id']);
if (md5($formData['oldpassword'])==$row->password && $formData['password']) {
//修改密码
$row->password=md5($formData['password']);
}
if ($formData['email']) $row->email=$formData['email'];
if ($formData['phone']) $row->phone=$formData['phone'];
if ($formData['realname']) $row->realname=$formData['realname'];
if ($formData['unit']) $row->unit=$formData['unit'];
if ($formData['address']) $row->address=$formData['address'];
if ($formData['project']) $row->project=$formData['project'];
$row->save();
//todo:更新session信息
}
} else {
/*$formData['id']=$user->id;
$formData['email']=$user->email;
$formData['phone']=$user->phone;
$formData['realname']=$user->realname;
$formData['unit']=$user->unit;
$formData['address']=$user->address;
$formData['project']=$user->project;*/
$ut=new UsersTable();
$row=$ut->fetchRow('id='.$user->id);
$formData['email']=$row->email;
$formData['phone']=$row->phone;
$formData['realname']=$row->realname;
$formData['unit']=$row->unit;
$formData['address']=$row->address;
$formData['project']=$row->project;
$formData['id']=$row->id;
$form->populate($formData);
}
}
function loginAction()
{
$form = new LoginForm();
$success=false;
$message='';
$this->view->form = $form;
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) $this->_redirect('/account');
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
if (!$this->login($formData['username'],$formData['password']))
{
$this->messenger->addMessage('登录失败,请检查您的用户名和密码。');
} else $success=true;
}
if(!$success) {
$flashMessenger = $this->_helper->getHelper('FlashMessenger');
$flashMessenger->setNamespace('actionErrors');
$flashMessenger->addMessage($message);
$this->_redirect('/account/login');
} else
{
$tohref = $this->_request->getParam('href');
if(!empty($tohref))
{
$this->_redirect($tohref);
}else{
$this->_redirect($this->_request->getParam('return'));
}
if($_SERVER['REQUEST_URI']!='/account/login')
{
$this->_redirect($_SERVER['REQUEST_URI']);
}
}
} else {
//$formData['redirect'] = $redirect;
//$form->populate($formData);
}
}
function logoutAction()
{
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
require_once 'member.php';
$mb=new member();
member::flushcookie();
$this->_redirect('/');
}
private function default_login($u,$p)
{
$auth = Zend_Auth::getInstance();
$db=Zend_Registry::get('db');
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName('users')
->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($u)->setCredential(md5($p));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// success: store database row to auth's storage
$data = $authAdapter->getResultRowObject(null,'password');
//头像
include_once("Avatar.php");
$avatar = new Avatar();
$data->avatar = $avatar->Get($data->email,40);
//组ID
include_once("Users.php");
$usr = new Users($db);
$data->gid = $usr->getGroup($data->id);
$auth->getStorage()->write($data);
$db->query("update users set ts_last_login=now() where username=?",array($u));
if ($this->_request->getParam('remember')) {
$sql="select usertype from users where username='$u'";
$rs=$db->query($sql);
$row=$rs->fetch();
//if($row['usertype']!='administrator')
{
require_once 'member.php';
$mb = new member();
$mb -> putcookie($u,md5($p));
}
}
return true;
}else
{
return false;
}
return false;
}
private function aspnet_login($p,$salt,$password)
{
$p1=implode("\x00",str_split($p))."\x00";
$ball=base64_decode($salt).$p1;
return trim($password)==base64_encode(sha1($ball,true));
}
// 首先判断是否存在salt
// 若有salt则按照aspnet membership加密算法进行判断
function login($u,$p)
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$sql="select password,salt from users where username=?";
$uq=$db->query($sql,array($u));
if ($urow=$uq->fetchObject())
{
if (empty($urow->salt))
return $this->default_login($u,$p);
else {
//进行判断并进行转换到默认
if ($this->aspnet_login($p,$urow->salt,$urow->password))
{
$sql="update users set password=md5(?),salt='' where username=?";
$db->query($sql,array($p,$u));
return $this->default_login($u,$p);
} else
return false;
}
} else {
//没有对应的用户,登录失败
return false;
}
}
function fetchpwdAction()
{
$ut= new UsersTable();
$db=$ut->getAdapter();
$form = new LostpwdForm();
$key=$this->_request->getParam('key');
$login=$this->_request->getParam('login');
if (empty($key) && empty($login)) {
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$sql="select * from users where email=?";
$uq=$db->query($sql,array($formData['email']));
if ($urow=$uq->fetchObject())
{
//email the url to user
$username=$urow->username;
$sql="update users set activation=? where email=?";
$uid=uniqid();
$db->query($sql,array($uid,$formData['email']));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
有人提出了针对此用户名的密码重置请求。
用户名:";
$body.=$username;
$body.="
若想重置您的密码请打开下面的链接,否则请忽略此邮件,一切如常。
";
$body.="http://westdc.westgis.ac.cn/account/fetchpwd/".$username."/".$uid;
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($formData['email']);
$mail->setSubject('密码已重置');
$mail->send();
$this->view->messages[]='请检查您的新邮件中的确认激活链接。';
$this->view->form=false;//do not echo form
} else
$this->messenger->addMessage('对不起,没有找到对应的电子邮件地址。');
}
} else
$this->view->messages[]='请输入您的电子邮件地址。您将通过电子邮件收到新密码。';
} else {
$sql="select * from users where username=? and activation=?";
$uq=$db->query($sql,array($login,$key));
$tmp_pwd=uniqid();
if ($urow=$uq->fetchObject())
{
$sql="update users set salt='',activation='',password=md5('".$tmp_pwd."') where username=? and activation=?";
$db->query($sql,array($login,$key));
$mail=new WestdcMailer($this->view->config->smtp);
$body="尊敬的西部数据中心用户:
您的密码已修改。
用户名:";
$body.=$login;
$body.="密码:".$tmp_pwd;
$body.="
http://westdc.westgis.ac.cn/account/login";
$mail->setBodyText($body);
$mail->setFrom($this->view->config->service->email,'西部数据中心服务组');
$mail->addTo($urow->email);
$mail->setSubject('您的新密码');
$mail->send();
$this->view->messages[]='请查收您新邮件中的新密码';
$this->view->form=false;//do not echo form
}
}
}
}