public function action_lock()
{
$post = $this->request->post();
if (isset($post['action']) && $post['action'] == 'unlock') {
if (!empty($post['password'])) {
if (Auth_ORM::instance()->check_password($post['password'])) {
jsonReturn(1001);
} else {
jsonReturn(4444, '密码错误,请重试!');
}
} else {
jsonReturn(4444, '参数错误');
}
} else {
Session::instance()->set('lockScreen', TRUE);
jsonReturn(1001);
}
}
public function action_login()
{
$this->auto_render = FALSE;
if ($this->request->is_ajax()) {
$post = $this->request->post();
$success = Auth_ORM::instance()->login($post['username'], $post['password']);
if ($success) {
$loginHistory = ORM::factory('User_LoginHistory');
$loginHistory->uid = $success;
$loginHistory->ip = clientIP();
$loginHistory->userAgent = $_SERVER['HTTP_USER_AGENT'];
$loginHistory->created = time();
$loginHistory->updated = time();
$loginHistory->save();
jsonReturn(1001, '登陆成功', '/manage/dashboard/index');
} else {
jsonReturn(1800);
}
}
$this->response->body(View::factory($this->theme . 'login', array('registerUrl' => '/register', 'findPasswordUrl' => '/findPassword')));
}
public function before()
{
if (Auth_ORM::instance()->logged_in()) {
# USER INFO
$this->user = Auth_ORM::instance()->get_user()->as_array();
# SITE ID
$siteId = Session::instance()->get('siteId');
$this->siteId = empty($siteId) ? ORM::factory('Site')->getSiteId($this->user['id']) : $siteId;
# IF HAVE NOT SITE
$count = ORM::factory('site', array('uid' => $this->user['id']))->count_all();
if (empty($count) && $this->request->action() != 'step1') {
$this->redirect('/manage/create/step1');
}
# CATEGORY
$category = Kohana::$config->load('category');
foreach ($category as $k => $v) {
if (isset($category[$k]['subCategory'])) {
foreach ($category[$k]['subCategory'] as $k2 => $c) {
$category[$k]['route'][] = $c['route'];
$category[$k]['subCategory'][$k2]['subRoute'][] = $c['route'];
if (isset($c['subCategory'])) {
foreach ($c['subCategory'] as $k3 => $d) {
$category[$k]['route'][] = $d['route'];
$category[$k]['subCategory'][$k2]['subRoute'][] = $d['route'];
}
}
}
}
}
$this->category = $category;
$this->route = $this->request->controller() . '::' . $this->request->action();
$data = array('siteTitle' => '简站(Simple-Site)', 'keywords' => '免费建站、微信网站、免费微信网站', 'siteUrl' => 'http://www.simple-site.cn', 'copyright' => 'Copyright © 2015 Simple-Site. All Rights Reserved', 'user' => $this->user, 'route' => $this->route, 'controller' => $this->request->controller(), 'action' => $this->request->action(), 'category' => $this->category);
foreach ($data as $key => $value) {
View::bind_global($key, $data[$key]);
}
} else {
$this->redirect('/login');
}
}
/**
* Constructor loads the user list into the class.
*/
public function __construct($config = array(), $id)
{
parent::__construct($config);
// Load user list
$this->_user = ORM::factory('User', $id);
}
}*/
$content = $content->find();
if ((bool) $content->loaded()) {
return $content;
}
/**
* Log out a user by removing the related session variables.
*
* @param boolean completely destroy the session
* @param boolean remove all tokens for user
* @return boolean
*/
public function logout($destroy = FALSE, $logout_all = FALSE)
{
parent::logout($destroy, $logout_all);
FB::logout(Url::base(FALSE, TRUE));
}
/**
* Ensure the user is logged in, else throw a 403 Exception.
*
* @throws HTTP_Exception
*/
protected function logged_in_required()
{
if ($this->auth->logged_in() == FALSE) {
throw HTTP_Exception::Factory(401, 'Login to access this page!');
}
}
public function filters()
{
if ($this->validation_required()) {
return array('password' => array(array(array(Auth_ORM::instance(), 'hash'))), 'username' => array(array('Security::xss_clean', array(':value'))), 'email' => array(array('Security::xss_clean', array(':value'))), 'bio' => array(array('Security::xss_clean', array(':value'))), 'website' => array(array('Security::xss_clean', array(':value'))), 'theme' => array(array('Security::xss_clean', array(':value'))));
} else {
return array('username' => array(array('Security::xss_clean', array(':value'))), 'bio' => array(array('Security::xss_clean', array(':value'))), 'website' => array(array('Security::xss_clean', array(':value'))));
}
}
public static function logout()
{
return Auth_ORM::instance()->logout();
}
/**
* Allow the user to login using Facebook
*/
function action_fb_login()
{
// Facebook login must be enabled in config/useradmin.php
if (!Kohana::config('useradmin')->facebook) {
Message::add('error', 'Facebook login is not enabled. Please register below.');
Request::instance()->redirect('user/register');
}
include Kohana::find_file('vendor', 'facebook/src/facebook');
// Create our Facebook SDK instance.
$facebook = new Facebook(array('appId' => Kohana::config('facebook')->app_id, 'secret' => Kohana::config('facebook')->secret, 'cookie' => true));
$me = null;
// Session based API call.
if ($facebook->getSession()) {
try {
$uid = $facebook->getUser();
// read user info as array from Graph API
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
// do nothing
}
}
// check if user is logged in
$user = ORM::factory('user')->where('facebook_user_id', '=', $facebook->getUser())->find();
if (is_numeric($user->id) && $user->id != '0') {
// found, log user in
Auth_ORM::instance()->force_login($user);
// redirect to the user account
Request::instance()->redirect('user/profile');
return;
}
// associated user not found; register the user
// retrieve user email from Facebook
if ($me != NULL && Validate::email($me['email'], TRUE)) {
// search for existing user using email
$user = ORM::factory('user')->where('email', '=', $me['email'])->find();
if (is_numeric($user->id) && $user->id != '0') {
// Note: there is minor security issue here - we trust the email supplied by Facebook
// They do perform a verification check for email addresses... and the data is signed.
// Hence this is not really a problem; I bet most of the implementations do trust Facebook.
// If you want, you can ask the user to enter their password to confirm, but it's
// a bit clunky - and adds more special cases like what if they don't remember the password?
// Then you have to allow them to reset the password using their email ....
Message::add('success', __('We found an existing account using your email address.'));
// found: "merge" with the existing user
$user->facebook_user_id = $facebook->getUser();
$user->save();
// force login
Auth_ORM::instance()->force_login($user);
// redirect to the user account
Request::instance()->redirect('user/profile');
return;
}
}
// not found: create a new user for real
if ($me != NULL) {
// Instantiate a new user
$user = ORM::factory('user');
// fill in values
// generate long random password (maximum that passes validation is 42 characters)
$password = $user->generate_password(42);
$values = array('username' => $user->generate_username($me['first_name'] . '.' . $me['last_name']), 'facebook_user_id' => $facebook->getUser(), 'password' => $password, 'password_confirm' => $password);
if (Validate::email($me['email'], TRUE)) {
$values['email'] = $me['email'];
}
$user->values($values);
// If the post data validates using the rules setup in the user model
if ($user->check()) {
// create the account
$user->save();
// Add the login role to the user (add a row to the db)
$login_role = new Model_Role(array('name' => 'login'));
$user->add('roles', $login_role);
// sign the user in
Auth::instance()->login($values['username'], $password);
// redirect to the user account
Request::instance()->redirect('user/profile');
} else {
// in case the data for some reason fails, the user will still see something sensible:
// the normal registration form.
// Load the view
$view = View::factory('user/register');
// Note how the first param is the path to the message file (e.g. /messages/register.php)
$view->errors = $user->validate()->errors('register');
// Pass on the old form values
$values['password'] = $values['password_confirm'] = '';
$view->set('defaults', $values);
$this->template->content = $view;
}
} else {
Message::add('error', 'Retrieving information from Facebook failed. Please register below.');
Request::instance()->redirect('user/register');
}
}
