/**
* 用户登录 处理表单
*/
public function rLogin()
{
if (IS_POST) {
$username = trim($this->_post('username'));
$password = trim($this->_post('password'));
$shlencryption = new userEncryption();
$shlencryption->shlEncryption($password);
//传入
$user = D('User');
$resultFromDB = $user->where('user_name="' . $username . '" OR user_email="' . $username . '"')->select();
if ($resultFromDB) {
if (strcmp($resultFromDB[0]['user_pwd'], $shlencryption->to_string()) == 0) {
//登录成功
session('LoginUser', $resultFromDB[0]);
//设置安全验证cookie,防止CSRF攻击
$op_ticket_value = $_SESSION['LoginUser']['user_name'] . $_SESSION['LoginUser']['user_id'];
setcookie('op_ticket', $op_ticket_value, time() + 3600);
//登录加积分2点
addIntegral($resultFromDB[0]['user_integral'], 2, $resultFromDB[0]['user_level'], $resultFromDB[0]['user_id']);
U('UserHome/index', array(), 'html', true);
} else {
//密码错误
$this->error('密码错误', '__APP__/Login.html');
}
} else {
//用户不存在
$this->error('用户不存在', '__APP__/Login.html');
}
} else {
$this->error('非法操作', '__APP__/Login.html');
}
}
/**
* 把新添加的文章进行保存
*/
public function save()
{
// 保存操作,然后跳转到相应文章界面
if ($this->checkAuthority() && $_POST['security_ticket'] == md5($_COOKIE['op_ticket'])) {
$currentUser = session('LoginUser');
$article = D('Article');
$data['article_title'] = $this->_post('title', "strip_tags");
if (trim($_REQUEST['title']) == '') {
$this->error('标题不能为空');
}
$data['article_authorId'] = $currentUser['user_id'];
$data['article_author'] = $currentUser['user_name'];
$data['article_content'] = $_POST['content'];
if (trim($_REQUEST['content']) == '') {
$this->error('内容不能为空');
}
$data['article_categoryId'] = $_POST['category'];
$result = $article->add($data);
if ($result) {
//存储图片路径
$articleImg = M('ArticleImg');
$imgPaths = explode("-", $this->_post('paths'));
$pathsql = 'insert into ' . C('DB_PREFIX') . 'articleImg values (' . $result . ', "';
foreach ($imgPaths as $path) {
if (trim($path) != '') {
$dpathsql = $pathsql . $path . '")';
$articleImg->query($dpathsql);
}
}
//添加文章tags
$tag = M('tag');
$tagStr = str_replace(',', ',', $this->_post('tags', "strip_tags"));
$tags = explode(',', $tagStr);
foreach ($tags as $tagName) {
if (trim($tagName) != '') {
$tagdata['tag_name'] = trim($tagName);
$tag->add($tagdata);
}
}
//更新article和tag对应关系表
$articleTag = D('article_tag');
foreach ($tags as $tagName) {
$tagId = $tag->field('tag_id')->where('tag_name="' . trim($tagName) . '"')->select();
$arttagdata['article_id'] = $result;
$arttagdata['tag_id'] = $tagId[0]['tag_id'];
$articleTag->add($arttagdata);
}
//更改category_size
$category = M('category');
$sql = 'update ' . C('DB_PREFIX') . 'category set category_size=category_size+1 where category_id="' . $_POST['category'] . '"';
$category->query($sql);
//给用户添加积分5
addIntegral($currentUser['user_integral'], 5, $currentUser['user_level'], $currentUser['user_id']);
$this->success('添加成功', U('UserHome/index'));
} else {
$this->error($article->getError() . '添加文章出错');
}
} else {
$this->error('请先登录', U('/login'));
}
}