public function execute(Request $request, Response $response, callable $next = null)
{
$body = $request->getParsedBody();
$adapter = new CredentialTreatmentAdapter($this->boot()->db);
$adapter->setTableName('entity_subject')->setIdentityColumn('login')->setCredentialColumn('password')->setIdentity($body['login'])->setCredential($body['password']);
$result = $this->boot()->auth->authenticate($adapter);
if ($result->isValid()) {
$data = $adapter->getResultRowObject(null, 'password');
$this->boot()->auth->getStorage()->write($data);
}
return $response->withHeader('Location', "/");
}
/**
* Faz a autenticação dos usuários
*
* @param array $params
* @return array
*/
public function authenticate($params)
{
if (!isset($params['username']) || !isset($params['password'])) {
throw new \Exception("Parâmetros inválidos");
}
$password = md5($params['password']);
$auth = new AuthenticationService();
$authAdapter = new AuthAdapter($this->dbAdapter);
$authAdapter->setTableName('user')->setIdentityColumn('username')->setCredentialColumn('password')->setIdentity($params['username'])->setCredential($password);
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()) {
throw new \Exception("Login ou senha inválidos");
}
//salva o user na sessão
$session = $this->getServiceManager()->get('Session');
$session->offsetSet('user', $authAdapter->getResultRowObject());
return true;
}
/**
* Authenticate user
*
* @param string $login Login
* @param string $password Password
*
* @return boolean
*/
public function authenticate($login, $password)
{
$authAdapter = new Adapter\DbTable\CredentialTreatmentAdapter($this->getAdapter());
$authAdapter->setTableName($this->name);
$authAdapter->setIdentityColumn('login');
$authAdapter->setCredentialColumn('password');
$authAdapter->setCredentialTreatment('? AND active = TRUE');
$authAdapter->setIdentity($login);
$authAdapter->setCredential(sha1($password));
$auth = new AuthenticationService(new Storage\Session(self::BACKEND_AUTH_NAMESPACE));
$result = $auth->authenticate($authAdapter);
$this->events()->trigger(__CLASS__, 'before.auth', $this);
if ($result->isValid()) {
$data = $authAdapter->getResultRowObject(null, 'password');
$this->setData((array) $data);
$this->setOrigData();
$auth->getStorage()->write($this);
$this->events()->trigger(__CLASS__, 'after.auth', $this);
return true;
}
$this->events()->trigger(__CLASS__, 'after.auth.failed', $this, array('login' => $login));
return false;
}
public function routerShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
// 路由之后才能获取这三个值
$module = strtolower($request->getModuleName());
$controller = strtolower($request->getControllerName());
$action = strtolower($request->getActionName());
$default = Registry::get("session");
// 可以传入Zend\Authentication\Storage\Session对象,实际关联一个SESSION容器
$auth = new AuthenticationService();
$storage = $auth->getStorage();
Registry::set('auth', $storage);
if ($auth->hasIdentity()) {
$storageData = $storage->read();
$access_time = 0;
if (!empty($storageData->access_time)) {
$access_time = (int) $storageData->access_time;
}
// 已经半小时没有活动了 实际SESSION可能并没有清除
if (time() - $access_time > 1800) {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$storageData->access_time = time();
$storage->write($storageData);
}
if ($controller === "auth") {
if ($action === "logout") {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
}
if ($action === "login") {
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($request->isPost()) {
// 验证token
if (!isset($_POST['securityToken']) || $_POST['securityToken'] !== $default->offsetGet('securityToken')) {
//$response->clearBody()->setRedirect("/auth/login");
//exit;
}
// 需要验证的数据
$email = trim($_POST['email']);
$password = trim($_POST['password']);
if (empty($email) || empty($password)) {
$default->offsetSet("freshMessage", "邮件地址或密码不能为空");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 匹配邮件地址 和 密码
$user = new Table\UserModel();
$userRow = $user->getUserByEmail($email);
if (!empty($userRow)) {
// 查看是否已经被禁用
if ((int) $userRow['active'] < 1) {
$default->offsetSet("freshMessage", "账户已经禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
$hashPassword = trim($userRow['password']);
$salt = Ifeeline\Password::getPasswordSaltByHash($hashPassword);
$nowPassword = Ifeeline\Password::getPasswordHash($salt, $password);
if ($nowPassword !== $hashPassword) {
$default->offsetSet("freshMessage", "密码不正确");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
} else {
$default->offsetSet("freshMessage", "邮件地址不存在");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 实际上,以上的密码比较已经结束 这里使用它的会话持久化功能
$dbAdapter = Registry::get('db');
$authAdapter = new CredentialTreatmentAdapter($dbAdapter);
$authAdapter->setTableName('user')->setIdentityColumn('email')->setCredentialColumn('password');
// 这里应该使用自定义的密码哈希算法,然后再传递进行比较
$authAdapter->setIdentity($email)->setCredential($nowPassword);
$result = $auth->authenticate($authAdapter);
// 这个IF应该永不会进入
if (!$result->isValid()) {
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
//break;
//break;
case Result::FAILURE_CREDENTIAL_INVALID:
//break;
//case Result::SUCCESS:
// break;
//break;
//case Result::SUCCESS:
// break;
default:
//$result->getMessages()
$default->offsetSet("freshMessage", "用户名或密码不正确.");
break;
}
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row = $authAdapter->getResultRowObject(null, array('password'));
// 账户被禁用(这不会执行)
if ((int) $row->active < 1) {
// 清楚认证信息
$auth->clearIdentity();
$default->offsetSet("freshMessage", "用户名已经被禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row->access_time = time();
$storage = $auth->getStorage();
$storage->write($row);
// 成功登录
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($controller !== "auth" || $controller === "auth" && $action !== "login") {
$response->clearBody()->setRedirect("/auth/login");
exit;
}
}
}
}
