public function actionLogout()
{
$access_token = Yii::app()->request->getParam('access_token');
if (!$access_token) {
Error::output(Error::ERR_NO_LOGIN);
}
$model = UserLogin::model()->find('token = :token', array(':token' => $access_token));
if ($model) {
$model->delete();
}
//退出成功
Out::jsonOutput(array('return' => 1));
}
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
// find user record by email address (username)
$UserLogin = UserLogin::model()->findByAttributes(array('LoginEmail' => $this->username, 'IsActive' => 1));
if ($UserLogin === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
if ($UserLogin->UserPassword !== md5($this->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->errorCode = self::ERROR_NONE;
// set user login ID
$this->userLoginID = $UserLogin->UserLoginID;
// assign user role in auth manager
$userRole = UserRole::model()->findByPk($UserLogin->UserRoleID)->RoleType;
$currentRoles = Yii::app()->authManager->getRoles($this->userLoginID);
if (!array_key_exists($userRole, $currentRoles)) {
// remove old role if role changes
if (!empty($currentRoles)) {
AuthAssignment::model()->deleteAll('userid = :userid', array('userid' => $this->userLoginID));
}
Yii::app()->authManager->assign($userRole, $this->userLoginID);
Yii::app()->authManager->save();
}
// UserProfile
//$UserProfile = UserProfile::model()->findByAttributes(array('UserLoginID'=>$UserLogin->UserLoginID));
$UserProfile = UserProfile::model()->with('companies')->findByAttributes(array('UserLoginID' => $UserLogin->UserLoginID));
// echo '<pre>';
// print_r($UserProfile);
// die();
// create session variables
$this->setState('fullName', sprintf('%s %s', $UserProfile->FirstName, $UserProfile->LastName));
// full user name
$this->setState('companyID', $UserProfile->CompanyID);
// user email
$this->setState('userProfileID', $UserProfile->UserProfileID);
// user email
$this->setState('email', $UserLogin->LoginEmail);
// user email
$this->setState('companyName', $UserProfile->companies->CompanyName);
// user email
$this->setState('agreeToTerms', $UserProfile->AgreeToTerms);
// user email
$this->setState('isFacilitator', $UserProfile->IsFacilitator);
// user email
$this->setState('UserRoleID', $UserLogin->UserRoleID);
// user email
}
}
return !$this->errorCode;
}
/**
* Recovery password
*/
public function actionRecovery()
{
$form = new UserRecoveryForm();
if (Yii::app()->user->id) {
$this->redirect(Yii::app()->controller->module->returnUrl);
} else {
$email = isset($_GET['email']) ? $_GET['email'] : '';
$activkey = isset($_GET['activkey']) ? $_GET['activkey'] : '';
if ($email && $activkey) {
$form2 = new UserChangePassword();
$find = User::model()->notsafe()->findByAttributes(array('email' => $email));
$login = UserLogin::model()->notsafe()->findByAttributes(array('password_key' => $activkey));
if (isset($find) && isset($login) && $find->user_id == $login->user_id) {
if (isset($_POST['UserChangePassword'])) {
$form2->attributes = $_POST['UserChangePassword'];
if ($form2->validate()) {
$login->password = Yii::app()->controller->module->encrypting($form2->password);
$login->activkey = null;
$login->save();
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("New password is saved."));
$this->redirect(Yii::app()->controller->module->recoveryUrl);
}
}
$this->render('changepassword', array('form' => $form2));
} else {
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("Incorrect recovery link."));
$this->redirect(Yii::app()->controller->module->recoveryUrl);
}
} else {
if (isset($_POST['UserRecoveryForm'])) {
$form->attributes = $_POST['UserRecoveryForm'];
if ($form->validate()) {
$user = UserLogin::model()->notsafe()->findbyPk($form->user_id);
$user->password_key = UserModule::encrypting(microtime() . $user->username);
$user->save();
$activation_url = 'http://' . $_SERVER['HTTP_HOST'] . $this->createUrl(implode(Yii::app()->controller->module->recoveryUrl), array("activkey" => $user->password_key, "email" => $user->user->email));
$subject = UserModule::t("You have requested the password recovery site {site_name}", array('{site_name}' => Yii::app()->name));
$message = UserModule::t("You have requested the password recovery site {site_name}. To receive a new password, go to {activation_url}.", array('{site_name}' => Yii::app()->name, '{activation_url}' => $activation_url));
UserModule::sendMail($user->user->email, $subject, $message);
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("Please check your email. An instructions was sent to your email address."));
$this->refresh();
}
}
$this->render('recovery', array('form' => $form));
}
}
}
/**
* Authenticates a user.
*
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$userLogin = UserLogin::model()->notsafe()->findByAttributes(array('username' => $this->username));
if ($userLogin === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
if (Yii::app()->getModule('user')->encrypting($this->password) !== $userLogin->password) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->_id = $userLogin->user->user_id;
$this->username = $userLogin->username;
$this->setState('lastLoginTime', $userLogin->last_login);
$this->errorCode = self::ERROR_NONE;
}
}
return !$this->errorCode;
}
public function beforeControllerAction($controller, $action)
{
if (parent::beforeControllerAction($controller, $action)) {
//如果需要登陆就检测用户是否登陆
if (defined('NEED_LOGIN') && NEED_LOGIN) {
//检测
$accessToken = Yii::app()->request->getParam('access_token');
if (!$accessToken) {
Error::output(Error::ERR_NO_LOGIN);
} else {
//检测token有没有过期
$userLogin = UserLogin::model()->find("token = :token AND login_time + " . Yii::app()->params['login_expire_time'] . " > " . time(), array(':token' => $accessToken));
if ($userLogin) {
//根据用户id查询用户信息
$memberInfo = Members::model()->find('id = :id', array(':id' => $userLogin->user_id));
if (!$memberInfo) {
Error::output(Error::ERR_NO_LOGIN);
}
//转换成数组
$memberInfo = CJSON::decode(CJSON::encode($memberInfo));
//把用户信息存放到user里面供访问
unset($memberInfo['password'], $memberInfo['salt']);
//如果存在头像,就返回
if ($memberInfo['avatar']) {
//取图片数据
$material = Material::model()->findByPk($memberInfo['avatar']);
$memberInfo['avatar'] = array('host' => Yii::app()->params['img_url'], 'filepath' => $material->filepath, 'filename' => $material->filename);
}
$this->_user = $memberInfo;
} else {
Error::output(Error::ERR_NO_LOGIN);
}
}
}
return true;
} else {
return false;
}
}
/**
* Change password
*/
public function actionChangepassword()
{
$model = new UserChangePassword();
if (Yii::app()->user->id) {
// ajax validator
if (isset($_POST['ajax']) && $_POST['ajax'] === 'changepassword-form') {
echo CActiveForm::validate($model);
Yii::app()->end();
}
if (isset($_POST['UserChangePassword'])) {
$model->attributes = $_POST['UserChangePassword'];
if ($model->validate()) {
$new_password = UserLogin::model()->notsafe()->findbyPk(Yii::app()->user->id);
$new_password->password = UserModule::encrypting($model->password);
$new_password->save();
Yii::app()->user->setFlash('profileMessage', UserModule::t("New password is saved."));
$this->redirect(array("profile"));
}
}
$this->render('changepassword', array('model' => $model));
}
}
public function checkexists($attribute, $params)
{
if (!$this->hasErrors()) {
if (strpos($this->login_or_email, "@")) {
$user = User::model()->findByAttributes(array('email' => $this->login_or_email));
if ($user) {
$this->user_id = $user->user_id;
}
} else {
$user = UserLogin::model()->findByAttributes(array('username' => $this->login_or_email));
if ($user) {
$this->user_id = $user->user_id;
}
}
if ($user === null) {
if (strpos($this->login_or_email, "@")) {
$this->addError("login_or_email", UserModule::t("Email is incorrect."));
} else {
$this->addError("login_or_email", UserModule::t("Username is incorrect."));
}
}
}
}
/**
* Validates that the reset email exists
*/
public function validateResetEmail()
{
if (trim($this->ResetEmail) == '') {
$this->addError('ResetEmail', 'Account email address required to preform password reset.');
} else {
$userLoginRecord = UserLogin::model()->findByAttributes(array('LoginEmail' => $this->ResetEmail));
if ($userLoginRecord == null) {
$this->addError('ResetEmail', 'An account with the provided email address could not be found.');
}
}
return !$this->hasErrors();
}
public function actionReactivate()
{
// check permissions
if (!Yii::app()->user->checkAccess('manageUser')) {
Helper::authException();
}
// make sure the UserLoginID is defined
//$userLoginId = Helper::verifyId($_GET['id'], 'UserLogin');
$userLoginId = $_GET['id'];
// get user name for message
$UserProfile = UserProfile::model()->findByAttributes(array('UserLoginID' => $userLoginId));
$userName = sprintf('%s %s', $UserProfile->FirstName, $UserProfile->LastName);
// set event do 'Deleted' status
$UserLogin = UserLogin::model()->findByPk($userLoginId);
$UserLogin->IsActive = 1;
$UserLogin->scenario = 'activate';
if ($UserLogin->save()) {
// set success message for user
Yii::app()->user->setFlash('success', sprintf('The user \'%s\' has been reactivated.', $userName));
} else {
// set success message for user
Yii::app()->user->setFlash('failure', sprintf('The user \'%s\' could not be reactivated.', $userName));
}
// return to dashboard
$this->redirect($this->createUrl('user/dashboard'));
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
*
* @param integer $id
* the ID of the model to be loaded
* @return UserLogin the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = UserLogin::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
*/
public function actionUpdate()
{
$model = $this->loadModel();
$login = $model->userLogin;
if (isset($_POST['User'])) {
$model->attributes = $_POST['User'];
$login->attributes = $_POST['UserLogin'];
if ($model->validate() && $login->validate()) {
$old_password = UserLogin::model()->notsafe()->findByPk($model->user_id);
if ($old_password->password != $login->password) {
$login->password = Yii::app()->controller->module->encrypting($login->password);
}
$model->updated_by = Yii::app()->user->id;
$model->save();
$login->save();
$this->redirect(array('view', 'id' => $model->user_id));
} else {
$login->validate();
}
}
$this->render('update', array('model' => $model, 'login' => $login));
}
private function lastViset()
{
$lastVisit = UserLogin::model()->notsafe()->findByPk(Yii::app()->user->id);
$lastVisit->last_login = date('Y-m-d H:i:s');
$lastVisit->save();
}