📄 users_controller.php.svn-base
字号:
// If a user has submitted form data: if (!empty($this->data)) { $this->data['User']['username'] = strtolower($this->data['User']['username']); $_someone = $this->User->findByUsername($this->data['User']['username']); // They're in the database if(!empty($_someone['User']['id'])) { if (empty($_someone['User']['confirmationcode'])) { if ($_someone['User']['password'] == sha1($this->data['User']['password'])) { $this->Session->write('User', $_someone['User']); if ($this->nbClient) { $this->returnJoeyStatusCode($this->SUCCESS); } else { $this->redirect('/uploads/index'); exit(); } } else { // This is a password error if ($this->nbClient) { $this->returnJoeyStatusCode($this->ERROR_LOGIN); } $this->set('error_mesg', 'Sorry, cannot login. Please check your username or password.'); } } else { if ($this->nbClient) { $this->returnJoeyStatusCode($this->ERROR_ACTIVATION); } $this->set('error_mesg', 'Sorry, your account has not been activated. Please check your email.'); } } else { // This is a generalized, non-specific error if ($this->nbClient) { $this->returnJoeyStatusCode($this->ERROR_LOGIN); } $this->set('error_mesg', 'Sorry, cannot login. Please check your username or password.'); } } if (BrowserAgent::isMobile()) { $this->action = 'mp_login'; $this->layout = 'mp'; } else { $this->action = 'login'; } } /** * */ function logout() { $this->Session->delete('User'); $this->redirect('/'); exit; } // When the user clicks on the reset password email link ... function resetpassword() { // They clicked on the link if (array_key_exists('pass', $this->params) && array_key_exists(0, $this->params['pass']) && array_key_exists(1, $this->params['pass'])) { $_username = $this->params['pass'][0]; $_epw = $this->params['pass'][1]; $this->set("username", $_username); $this->set("epw", $_epw); } // They hit submit on the form if (isset($this->data)) { // $_username = $_POST['username']; // $_epw = $_POST['epw']; $_newpass = $this->data['User']['newpass']; $_newpass2 = $this->data['User']['newpass2']; } // Why are they here? if (!isset($_username) || empty($_username) || !isset($_epw) || empty($_epw)) { $this->redirect('/'); exit; } else { // Find the user by username $_someone = $this->User->findByUsername(strtolower($_username)); if(!empty($_someone['User']['id'])) { if ($_epw == md5($_someone['User']['password'])) { // if the password is set if (!empty($_newpass)) { if ($_newpass == $_newpass2) { // do the reset $this->User->id = $_someone['User']['id']; $this->User->saveField('password', sha1($_newpass)); $this->redirect('/'); } else { // Display Form with error $this->set('error_mesg', 'The password and confirmation do not match!'); } } } else { // The epw does not match the username. Possible spoof. Fail $this->redirect('/'); exit; } } else { // The username does not exist. Possible spoof. Fail $this->redirect('/'); exit; } } } // Ask the username / email to reset password function resetpasswordemail() { $this->pageTitle = 'Reset your password'; $this->set('flowContext',"resetpassword"); // If a user has submitted form data: if (!empty($this->data)) { // Find the user by username $_someone = $this->User->findByUsername(strtolower($this->data['User']['username'])); // If not, find her by email address if(empty($_someone['User']['id'])) { $_someone = $this->User->findByEmail(strtolower($this->data['User']['email'])); } // They're in the database if(!empty($_someone['User']['id'])) { $epw = md5($_someone['User']['password']); $this->User->id = $_someone['User']['id']; $this->User->saveField('confirmationcode', null); // Make an email message. $_message = "Please click on the following link to reset your password:\n\n ".FULL_BASE_URL."/users/resetpassword/".$_someone['User']['username']."/".$epw." \n"; // Send a mail to the user mail($_someone['User']['email'], 'Joey password reset', $_message, "From: ".JOEY_EMAIL_ADDRESS."\r\n"); $this->flash('Please check your email to reset password.', '/', 2); exit; } } } /** * */ function register() { $this->pageTitle = 'Register'; $this->set('phones', $this->Phone->generateList(null,null,null,'{n}.Phone.id','{n}.Phone.name')); $this->set('operators', $this->Operator->generateList(null,null,null,'{n}.Operator.id','{n}.Operator.provider')); // If a user has submitted form data: if (!empty($this->data)) { $this->data['User']['username'] = strtolower ($this->data['User']['username']); $test1 = $this->User->findByUsername($this->data['User']['username']); $test2 = $this->User->findByEmail($this->data['User']['email']); // Do some special validation // The username is already in use if (!empty($test1['User']['id'])) { $this->User->invalidate('username'); $this->set('error_username', 'Your username is already in use, please choose a different username.'); } // The email address is already in use if (!empty($test2['User']['id'])) { $this->User->invalidate('email'); $this->set('error_email', 'Your email address is already in use, please choose a different email address.'); } // The passwords don't match if ($this->data['User']['password'] != $this->data['User']['confirmpassword']) { $this->User->invalidate('confirmpassword'); } // If all our data validates if ($this->User->validates($this->data) && $this->Phone->validates($this->data) && $this->Operator->validates($this->data)) { // Encrypt the password $this->data['User']['password'] = sha1($this->data['User']['password']); // Assign a unique confirmation code $this->data['User']['confirmationcode'] = uniqid(); // Fill in the FKs. Shouldn't cake do this for me? $this->data['User']['phone_id'] = $this->data['Phone']['name']; $this->data['User']['operator_id'] = $this->data['Operator']['provider']; // Save the info. We already validated it, so this should never // fail. If it does fail, I'm betting someone messed with the form // data manually and an FK isn't lining up...that's a shame. if ($this->User->save($this->data)) { $_user_id = $this->User->id; // Create directories on the disk for the user to store their uploads if (! (mkdir(UPLOAD_DIR."/{$_user_id}") && mkdir(UPLOAD_DIR."/{$_user_id}/previews") && mkdir(UPLOAD_DIR."/{$_user_id}/originals"))) { // I sincerely hope it's a rare case that this fails. At // this point, the user is in the database, but we can't // create directories for them to put their stuff. We can't // use a transaction here, because we wouldn't have the // user's id (since it comes from the database), so we can't // rollback our changes. Instead, we'll make a last ditch // effort to whack the user, and then set an error message. $this->User->del($_user_id); $this->set('error_mesg', 'Registration failed. Please try again.'); } else { // Make an email message. $_message = "Please click on the following link or use the code {$this->data['User']['confirmationcode']} to activate your registration. ".FULL_BASE_URL."/users/activate/{$this->data['User']['confirmationcode']} ."; // Send a mail to the user mail($this->data['User']['email'], 'Welcome to Joey', $_message, "From: ".JOEY_EMAIL_ADDRESS."\r\n"); // Grab their information from the database, and store in the session $_newuser = $this->User->findByEmail($this->data['User']['email']); $this->Session->write('User', $_newuser['User']); // They're outta here $this->flash('Registration successful. Please check your email.', '/uploads/index', 2); } } else { $this->set('error_mesg', 'Registration failed. Please try again.'); } } else { // Since we're using &&'s in the if() statement above, there is a // chance some of these didn't run. If we run them all manually, we // can provide a complete set of error messages to the user all in // one go. $this->User->validates($this->data); $this->Phone->validates($this->data); $this->Operator->validates($this->data); // Send the errors to the form $this->validateErrors($this->User, $this->Phone, $this->Operator); } } } }?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -