/**
  * 获得RSA算法的公钥, 并将私钥记录在Session中
  *
  * 该方法一般用于重要的数据加密, 如登录或注册时的密码加密
  */
 public function getPublicKey()
 {
     $rsa = new RSA();
     $rsa->create();
     $content = array('pubkey' => $rsa->getPublicKey());
     $this->session->set('rsa_private_key', $rsa->getPrivateKey());
     $this->responseJson(200, 'OK', $content)->send();
 }
Exemple #2
0
 /**
  * 用户注册动作
  *
  * @param string $username
  * @param string $password
  * @param string $nickname
  * @param string $regDate
  * @param string $regIp
  */
 public function postRegAction($username, $password, $nickname, $regDate, $regIp)
 {
     if (!$this->security->checkToken()) {
         $this->response(403, 'Forbidden', '未通过安全验证')->send();
         return;
     }
     $this->db->begin();
     try {
         //RSA解密密码
         if (!$this->session->has('rsa_private_key')) {
             $this->response(403, 'Forbidden', '传输了未经加密的密码')->send();
         }
         $rsa = new RSA();
         $rsa->setPrivateKey($this->session->get('rsa_private_key'));
         $password = $rsa->decrypt($password);
         //注册用户
         $user = new UserController();
         $user->postUserAction($username, $password, 'sha1_salt_sha1', 1, $regDate, $regIp);
         $meta = new UserMetaController();
         $meta->postUserMetaAction($user->resource->UID, 'nickname', $nickname);
         $this->db->commit();
         $this->responseJson(200, '注册成功')->send();
         //登陆用户
         $sso = new SsoController();
         $sso->postLoginAction($username, $password, $regDate, $regIp);
         $this->session->set('auth', array('id' => $sso->resource->UID, 'username' => $sso->resource->username, 'ticket' => $sso->resource->ticket, 'auto_signin' => false, 'created_at' => time()));
     } catch (ResourceException $e) {
         $this->db->rollback();
         switch ($e->getCode()) {
             case 409:
                 $this->responseJson($e->getCode(), '用户或昵称已存在')->send();
                 break;
             case 500:
                 $this->responseJson($e->getCode(), '服务器错误')->send();
                 break;
             default:
                 throw new RuntimeException('使用不存在的返回值');
                 break;
         }
     }
 }