Ejemplo n.º 1
0
 public function loginIn()
 {
     //判断参数是否合法
     $email = $_POST['em'];
     $passwd = $_POST['pass'];
     $check = $_POST['check'];
     $email = filter_var($email, FILTER_SANITIZE_EMAIL);
     $regex = '/[^A-Za-z0-9]/';
     if (!filter_var($email, FILTER_VALIDATE_EMAIL) || preg_match($regex, $passwd) || strlen($passwd) < 6) {
         $result['errNum'] = '0006';
         $result['errMsg'] = errorcode::$error[$result['errNum']];
         $this->renderJson($result);
     }
     //读取mysql
     $userModel = new userModel();
     $passwd = md5($passwd);
     $ret = $userModel->select($email, $passwd);
     $retEmail = null;
     if (is_object($ret)) {
         $retEmail = $ret->fetch_array()['email'];
     }
     if (!$ret || !$retEmail) {
         $result['errNum'] = '0001';
         $result['errMsg'] = errorcode::$error[$result['errNum']];
         $this->renderJson($result);
     }
     //写入session
     if ($check == "yes") {
         $_SESSION['email'] = $email;
     }
     $result['email'] = $retEmail;
     $result['errNum'] = '0000';
     $result['errMsg'] = errorcode::$error[$result['errNum']];
     $this->renderJson($result);
 }
     if (is_null($user)) {
         $view = "error";
         $pagetitle = "Controller : Votre profil n'a pas été correctement trouvé dans la base de donnée...";
     } else {
         $view = "profil";
     }
     break;
 case "updateUser":
     if (!isset($_SESSION['login'])) {
         $view = "error";
         $pagetitle = "Controller = Vous n'êtes pas connecté.";
         break;
     }
     if ($_SESSION['login'] == escape($_GET['login']) || $_SESSION['admin'] == 1) {
         $data = array("pseudo" => escape($_GET['login']));
         $userToUpdate = userModel::select($data);
         $zePseudo = escape($_GET['login']);
         $zeName = $userToUpdate->name;
         $zeMail = $userToUpdate->mail;
     } else {
         $view = "error";
         $pagetitle = "Controller = Vous n'avez pas les droits pour modifier ce profil.";
         break;
     }
     $isDisabled = "readonly";
     //On ne peut pas modifier la clé de la table
     $label = "Mise à jour";
     $submit = "Mettre à jour";
     $action = "confirmUpdate";
     $view = "formUser";
     break;