예제 #1
0
 /**
  * 用户登录 处理表单
  */
 public function rLogin()
 {
     if (IS_POST) {
         $username = trim($this->_post('username'));
         $password = trim($this->_post('password'));
         $shlencryption = new userEncryption();
         $shlencryption->shlEncryption($password);
         //传入
         $user = D('User');
         $resultFromDB = $user->where('user_name="' . $username . '" OR user_email="' . $username . '"')->select();
         if ($resultFromDB) {
             if (strcmp($resultFromDB[0]['user_pwd'], $shlencryption->to_string()) == 0) {
                 //登录成功
                 session('LoginUser', $resultFromDB[0]);
                 //设置安全验证cookie,防止CSRF攻击
                 $op_ticket_value = $_SESSION['LoginUser']['user_name'] . $_SESSION['LoginUser']['user_id'];
                 setcookie('op_ticket', $op_ticket_value, time() + 3600);
                 //登录加积分2点
                 addIntegral($resultFromDB[0]['user_integral'], 2, $resultFromDB[0]['user_level'], $resultFromDB[0]['user_id']);
                 U('UserHome/index', array(), 'html', true);
             } else {
                 //密码错误
                 $this->error('密码错误', '__APP__/Login.html');
             }
         } else {
             //用户不存在
             $this->error('用户不存在', '__APP__/Login.html');
         }
     } else {
         $this->error('非法操作', '__APP__/Login.html');
     }
 }
예제 #2
0
 /**
  * 把新添加的文章进行保存
  */
 public function save()
 {
     // 保存操作,然后跳转到相应文章界面
     if ($this->checkAuthority() && $_POST['security_ticket'] == md5($_COOKIE['op_ticket'])) {
         $currentUser = session('LoginUser');
         $article = D('Article');
         $data['article_title'] = $this->_post('title', "strip_tags");
         if (trim($_REQUEST['title']) == '') {
             $this->error('标题不能为空');
         }
         $data['article_authorId'] = $currentUser['user_id'];
         $data['article_author'] = $currentUser['user_name'];
         $data['article_content'] = $_POST['content'];
         if (trim($_REQUEST['content']) == '') {
             $this->error('内容不能为空');
         }
         $data['article_categoryId'] = $_POST['category'];
         $result = $article->add($data);
         if ($result) {
             //存储图片路径
             $articleImg = M('ArticleImg');
             $imgPaths = explode("-", $this->_post('paths'));
             $pathsql = 'insert into ' . C('DB_PREFIX') . 'articleImg values (' . $result . ', "';
             foreach ($imgPaths as $path) {
                 if (trim($path) != '') {
                     $dpathsql = $pathsql . $path . '")';
                     $articleImg->query($dpathsql);
                 }
             }
             //添加文章tags
             $tag = M('tag');
             $tagStr = str_replace(',', ',', $this->_post('tags', "strip_tags"));
             $tags = explode(',', $tagStr);
             foreach ($tags as $tagName) {
                 if (trim($tagName) != '') {
                     $tagdata['tag_name'] = trim($tagName);
                     $tag->add($tagdata);
                 }
             }
             //更新article和tag对应关系表
             $articleTag = D('article_tag');
             foreach ($tags as $tagName) {
                 $tagId = $tag->field('tag_id')->where('tag_name="' . trim($tagName) . '"')->select();
                 $arttagdata['article_id'] = $result;
                 $arttagdata['tag_id'] = $tagId[0]['tag_id'];
                 $articleTag->add($arttagdata);
             }
             //更改category_size
             $category = M('category');
             $sql = 'update ' . C('DB_PREFIX') . 'category set category_size=category_size+1 where category_id="' . $_POST['category'] . '"';
             $category->query($sql);
             //给用户添加积分5
             addIntegral($currentUser['user_integral'], 5, $currentUser['user_level'], $currentUser['user_id']);
             $this->success('添加成功', U('UserHome/index'));
         } else {
             $this->error($article->getError() . '添加文章出错');
         }
     } else {
         $this->error('请先登录', U('/login'));
     }
 }