public function action_login()
{
if (HTTP_Request::POST == $this->request->method() && Security::check(Arr::get($this->request->post(), 'csrf', '')) && Captcha::valid($_POST['captcha'])) {
$remember = array_key_exists('remember', $this->request->post()) ? (bool) $this->request->post('remember') : FALSE;
$user = Auth::instance()->login($this->request->post('username'), $this->request->post('password'), $remember);
if ($user) {
HTTP::redirect($this->config->get('admin_url'));
} else {
Session::instance()->set('error', 'Логин или пароль не верный');
$errors = array('Логин или пароль не верный.');
}
}
$this->template = 'login';
parent::before();
$captcha = Captcha::instance();
$csrf = Security::token(true);
$this->template->title = 'Вход в админ панель';
$this->template->bind('errors', $errors)->bind('csrf', $csrf)->bind('captcha', $captcha);
$errors = null;
if (Auth::instance()->get_user()) {
$auth = Auth::instance();
$has_admin_role = $auth->logged_in('admin');
if ($has_admin_role) {
$session = Session::instance();
$session->set('redirectAfterLogin', $_SERVER['REQUEST_URI']);
HTTP::redirect('/' . $this->admin_url . '/');
}
}
}
public function action_register()
{
//check user logged in or not
if (Auth::instance()->logged_in()) {
Request::instance()->redirect('/');
//go to home page
}
$captcha = Captcha::instance('login');
if (Request::$method == "POST") {
if (Captcha::valid($_POST['captcha'])) {
$user = new User();
$post = $user->validate_register($_POST);
if ($post->check()) {
$post = $post->as_array();
$user->email = $post['email'];
$user->username = $post['username'];
$user->active = false;
$user->sex = $post['sex'];
$user->active_code = md5(time());
$user->save();
Session::set('reg_email', $user->email);
Request::instance()->redirect('/site/register_done');
} else {
$_POST = $post->as_array();
$data['errors'] = $post->errors();
}
} else {
$data['errors'] = array('captcha' => 'Mã bảo mật không đúng!');
}
}
$this->template->title = __('Đăng ký tài khoản');
$data['captcha'] = $captcha;
$this->template->content = View::factory('frontend/site/register', $data);
}
public function action_login()
{
$captcha = Captcha::instance();
$this->template->captcha = $captcha;
$this->template->message = '';
if (Auth::instance()->logged_in()) {
$this->redirect('/');
}
$username = Arr::get($_POST, 'username', '');
$password = Arr::get($_POST, 'password', '');
$remember = (bool) Arr::get($_POST, 'remember', false);
$error = false;
$message = false;
if ($this->request->method() == Request::POST) {
$cpt = Captcha::valid($_POST['captcha']);
if ($cpt) {
if (Auth::instance()->login($username, $password, $remember)) {
$this->redirect('manage');
} else {
$error = true;
//$this->set('error', true);
}
} else {
$message = true;
//$this->set('error', true);
}
}
$this->set('username', $username)->set('remember', $remember ? 'checked' : '')->set('error', $error)->set('message', $message);
}
function action_index()
{
// Check if already logged in
if ($this->admin->islogged() === TRUE) {
$this->template->content = $this->admin->genpage();
} else {
$this->template->content = $this->admin->showlogin();
}
// Check if login data sended
if (isset($_POST['login']) and isset($_POST['password']) and isset($_POST['captcha'])) {
if (Captcha::valid($_POST['captcha'])) {
// Check auth
$auth = $this->admin->checklogin();
if ($auth === TRUE) {
Session::instance()->set('islogged', 'on');
$this->request->redirect('admin');
} else {
if (gettype($auth) == 'string') {
$this->template->err = $auth;
}
}
} else {
$this->template->err = 'Неверно введена капча';
}
}
}
public function action_doreg()
{
$mobile = Arr::get($_POST, 'mobile');
$pwd = Arr::get($_POST, 'password');
$checkcode = Arr::get($_POST, 'checkcode');
$backurl = Arr::get($_POST, 'backurl');
//验证码
$checkcode = strtolower($checkcode);
$flag = Model_Member::checkExist('mobile', $mobile);
if (!$flag) {
Common::showMsg('手机号码重复,请重新填写', '-1');
}
if (!Captcha::valid($checkcode)) {
Common::showMsg('验证码错误', '-1');
}
$model = ORM::factory('member');
$model->mobile = $mobile;
$model->pwd = md5($pwd);
$model->logintime = time();
$model->nickname = substr_replace($mobile, '***', 3, 3);
$model->save();
if ($model->saved()) {
Model_Member::login($mobile, $pwd);
Common::showMsg('注册成功', $backurl);
} else {
//Common::showMsg('注册失败,请联系网站管理员','-1');
}
}
public function action_register()
{
if (!empty($_POST)) {
$username = Arr::get($_POST, 'username');
$password = Arr::get($_POST, 'password');
$password2 = Arr::get($_POST, 'password2');
$vcode = Arr::get($_POST, 'vcode');
if ($password !== $password2) {
exit('两次密码不匹配');
}
if (!Captcha::valid($vcode)) {
exit('验证码错误');
}
$auth = Auth::instance('member');
$password = $auth->hash($password);
$user_data = array('username' => $username, 'password' => $password, 'created_at' => time());
$m_member = Model::factory('member', 'admin');
$user_exist = $m_member->has(array('username' => $username));
if (!$user_exist) {
$ret = $m_member->insert($user_data);
if ($ret !== false) {
$user_data['id'] = $ret[0];
if ($auth->force_login($user_data)) {
$this->redirect(Request::$referrer);
}
} else {
exit('注册失败');
}
} else {
exit('用户名已存在');
}
}
$this->content = View::factory('common/user_register');
}
protected function rule_captcha()
{
if ($this->value === '' or $this->value === NULL) {
$this->errors['required'] = TRUE;
} elseif (Captcha::valid($this->value, $this->group) == FALSE) {
$this->errors['captcha'] = TRUE;
}
}
protected function validate_this()
{
// use Captcha's buit-in validation
if (!Captcha::valid(Input::instance()->post($this->name))) {
$this->error = $this->error_msg;
return $this->error;
}
}
function action_login()
{
if ($_POST) {
if (Captcha::valid($_POST['captcha']) and $this->auth->login($_POST['username'], $_POST['password'], !empty($_POST['remember']) ? TRUE : FALSE) == TRUE) {
$this->request->redirect('admin');
} else {
$this->request->redirect('admin');
}
}
}
/**
* The default action - show the home page
*/
public function index()
{
if ($this->request->isPost()) {
var_dump(Captcha::valid($this->request->getParam('vcode')));
} else {
//echo '<p><img src="' . $this->getBaseUrl(). 'captcha/basic"></p>';
echo '<p><img src="' . $this->getBaseUrl() . 'captcha/alpha"></p>';
//echo '<p><img src="' . $this->getBaseUrl(). 'captcha/black"></p>';
echo '<form method="post"><input type="text" name="vcode"><input type="submit" value="Valid"></form>';
}
exit;
}
public function action_signin()
{
//echo Auth::instance()->hash_password('hungxalo');
#If user already signed-in
if (Auth::instance()->logged_in() != 0) {
#redirect to the user account
Request::instance()->redirect('admin/site/index');
}
$captcha = Captcha::instance();
$data = array();
$data['captcha'] = $captcha;
#If there is a post and $_POST is not empty
if ($_POST) {
//print_r($_POST);
if (Captcha::valid($_POST['captcha'])) {
#Instantiate a new user
$array = Validate::factory($_POST)->rules('email', array('not_empty' => NULL, 'min_length' => array(4), 'max_length' => array(127), 'email' => NULL))->rules('password', array('not_empty' => null))->filter(TRUE, 'trim');
// Get the remember login option
$remember = isset($array['remember']);
// Login starts out invalid
$status = FALSE;
if ($array->check()) {
$user = Auth::instance();
#Check Auth
$status = $user->login($array['email'], $array['password'], $remember);
#If the post data validates using the rules setup in the user model
if ($status) {
#redirect to the user account
Request::instance()->redirect('admin/site/index');
} else {
$array->error('email', 'username_available');
#Get errors for display in view
$data['errors'] = $array->errors('admin/login');
}
} else {
$data['errors'] = $array->errors('admin/login');
}
} else {
$data['errors'] = array('captcha' => 'Captcha invalid!');
}
// Captcha::invalid_count()
//echo $captcha->invalid_count();
}
$this->template->title = "Đăng nhập vào hệ thống";
$this->template->section_title = "Đăng nhập vào hệ thống";
$this->template->content = View::factory('/admin/site/login', $data);
}
public function page1()
{
$view = new View('signup/page1');
// Load Captcha library, you can supply the name of the config group you would like to use.
$captcha = new Captcha();
// Form info
$form = array('username' => '', 'password' => '', 'password_confirm' => '', 'email' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
// Ban bots (that accept session cookies) after 50 invalid responses.
// Be careful not to ban real people though! Set the threshold high enough.
if ($captcha->invalid_count() > 49) {
exit('Bye! Stupid bot.');
}
// Form submitted
if ($_POST) {
// Add some rules, the input field, followed by a list of checks, carried out in order
$valid_c = Captcha::valid($this->input->post('captcha_response'));
$this->user = ORM::factory('user');
$post = $this->input->post();
if ($this->user->validate($post) && $valid_c) {
$this->user->save();
$this->session->set('uid', $this->user->id);
$this->user->add(ORM::factory('role', 'login'));
$this->auth->login($this->user, $post['password']);
url::redirect('/signup/page2');
exit(0);
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
$errors = arr::overwrite($errors, $post->errors('signup_errors'));
if (!$valid_c) {
$errors['captcha_response'] = "Invalid";
}
}
}
// Put the vars in the template
$view->set("errors", $errors);
$this->template->content = $view;
$this->template->content->captcha = $captcha;
$this->template->content->form = $form;
}
public function action_ajax_login()
{
$checkcode = Arr::get($_POST, 'checkcode');
$username = Arr::get($_POST, 'username');
$password = Arr::get($_POST, 'password');
$out = array();
//验证码
$checkcode = strtolower($checkcode);
if (!Captcha::valid($checkcode)) {
$out['status'] = 'checkcode_err';
echo json_encode($out);
exit;
}
//用户名密码验证
$password = md5($password);
$userinfo = ORM::factory('admin')->where("username='******' and password='******'")->find();
if (!$userinfo->loaded()) {
$out['status'] = 'password_err';
echo json_encode($out);
exit;
}
$logintime = time();
$ip = $this->getIp();
$userinfo->logintime = $logintime;
$userinfo->loginip = $ip;
$userinfo->update();
$userinfo = $userinfo->as_array();
//将用户信息保存到session
$session = Session::instance();
$serectkey = Common::authcode($userinfo['username'] . '||' . $userinfo['password'], '');
$session->set('username', $serectkey);
Cookie::set('username', $serectkey);
$session->set('userid', $userinfo['id']);
$session->set('roleid', $userinfo['roleid']);
$rolemodule = ORM::factory('role_module')->where("roleid='{$userinfo['roleid']}'")->as_array();
$session->set('rolemodule', $rolemodule);
$out['status'] = 'ok';
echo json_encode($out);
}
public function action_index()
{
//смотрим шаблон для виджета
$id = $this->request->param('id');
$widget = new Model_Widget();
$template = $widget->getTempalte('callback', $id);
if ($template) {
$this->template = View::factory('widgets/' . $template);
}
if (isset($_POST['callback-order'])) {
if (Captcha::valid(Arr::get($_POST, 'comm-captcha'))) {
$base = new Model_Base();
$options = $base->getOptions();
$vData = $_POST;
$validation = Validation::factory($vData);
$validation->rule('cb-name', 'not_empty');
$validation->rule('cb-name', 'min_length', array(':value', '2'));
$validation->rule('cb-name', 'max_length', array(':value', '250'));
$validation->rule('cb-phone', 'not_empty');
$validation->rule('cb-phone', 'phone');
$validation->rule('cb-phone', 'min_length', array(':value', '6'));
$validation->rule('cb-phone', 'max_length', array(':value', '15'));
if (!$validation->check()) {
$this->errors = $validation->errors('callbackErrors');
} else {
$name = Arr::get($_POST, 'cb-name', '');
$phone = Arr::get($_POST, 'cb-phone', '');
//отправляем письмо
$config = Kohana::$config->load('email');
Email::connect($config);
$to = $config['options']['callback_email'];
//$to = '*****@*****.**';
$subject = 'Поступила заявка с сайта ' . $options['sitename'] . ' от ' . $name . '';
$from = $config['options']['username'];
$message = '<h2>Новая заявка</h2>';
$message .= 'Отправитель: <b>' . $name . ', </b><br>';
$message .= 'Тел: <b>' . $phone . ', </b><br>';
$message .= '<em>Отправлено: ' . date("G:i:s M j Y") . '</em>';
Email::send($to, $from, $subject, $message, $html = TRUE);
if (count($this->errors) > 0) {
$base = new Model_Base();
$options = $base->getOptions();
$to = $options['admin_email'];
$subject = 'Ошибки на сайте ' . $options['sitename'];
$from = $config['options']['username'];
foreach ($this->errors as $error) {
$message = '<h2>Ошибка</h2>';
$message .= $error;
$message .= ' <em>Отправлено: ' . date("G:i:s M j Y") . '</em>';
}
Email::send($to, $from, $subject, $message, $html = TRUE);
} else {
$this->messages[] = 'Спасибо! Ваш вопрос успешно отправлен.';
}
}
} else {
$this->errors['captcha'] = "Код введен неверно";
}
}
$captcha_image = Captcha::instance()->render();
$this->template->captcha = $captcha_image;
$this->template->errors = $this->errors;
$this->template->messages = $this->messages;
}
public function action_reminder()
{
$reminder = false;
$template = View::factory('reminder');
if (!Auth::instance()->logged_in()) {
if ($this->request->method() == Request::POST) {
if (Captcha::valid($_POST['captcha'])) {
$user = ORM::factory('User')->where('username', '=', Arr::get($_POST, 'username', ''))->find();
if ($user->loaded() && $user->network_reg == 0 && empty($user->link_activate)) {
$date = date("Y-m-d H:i:s");
$code = md5($date . $user->password);
$save_code = ORM::factory('User', $user->id);
$save_code->link_recovery = $code;
$save_code->save();
$reminder = true;
} else {
$mas_err = array();
$mas_err[] = I18n::get("Пользователь с таким логином не зарегистрирован.");
$error = true;
$template->set('errors', $mas_err)->set('error', $error);
}
} else {
$mas_err = array();
$mas_err[] = I18n::get("Неправильно ввели код подтверждения.");
$error = true;
$template->set('errors', $mas_err)->set('error', $error);
}
}
}
$template->set('reminder', $reminder)->set('return', '/')->render();
$this->response->body($template->render());
}
function action_add_comment($postid)
{
$this->allowcomment = $this->post->get_access($this->postid);
$this->action_post_main();
$this->action_main_categories();
if (Captcha::valid($_POST['captcha']) and $this->allowcomment == 1) {
$this->validate = $this->comment->validate_comment();
if ($this->post->check_post($postid) == TRUE and $this->validate === TRUE) {
$this->comment->add_comment($postid);
} else {
$this->template->content->errors = $this->validate;
}
}
$this->action_comments_params();
}
/**
* Validate the captcha
* @param Validate $array
* @param string $field
*/
public function captcha_valid(Validate $array, $field)
{
if (!Captcha::valid($array[$field])) {
$array->error($field, 'invalid');
}
}
public function action_reminder()
{
$errors = NULL;
if (!Auth::instance()->logged_in()) {
if ($this->request->post()) {
if (Captcha::valid($_POST['captcha'])) {
$user = ORM::factory('User')->where('username', '=', Arr::get($_POST, 'username', ''))->find();
if ($user->loaded() && $user->network_reg == 0 && empty($user->link_activate)) {
$date = date("Y-m-d H:i:s");
$code = md5($date . $user->password);
Email::connect();
Email::View('reminder');
Email::set(array('username' => $user->username, 'id' => $code, 'url' => str_replace('/auth/reminder', '', URL::current(true))));
Email::send($user->email, array('*****@*****.**', 'e-history.kz'), "E-history.kz, ссылка для смены пароля.", '', true);
$save_code = ORM::factory('User', $user->id);
$save_code->link_recovery = $code;
$save_code->save();
Message::success('Ссылка для восстановления пароля отправлена на указанный при регистрации адрес электронной почты.');
$this->redirect('/', 301);
} else {
$errors['login'] = I18n::get("Пользователь с таким логином не зарегистрирован.");
}
} else {
$errors['captcha'] = I18n::get("Неправильно ввели код подтверждения.");
}
}
}
$this->set('errors', $errors);
}
/**
* 处理提交
*
* @param array $data
* @return Member 失败则返回false
*/
protected function post($data, $error_num)
{
if (!$data['username']) {
$this->message = '用户名不能空';
$this->error_input = 'username';
return false;
}
if (!$data['password']) {
$this->message = '密码不能空';
$this->error_input = 'password';
return false;
}
$db = Database::instance(Model_Admin::DATABASE);
try {
if ($error_num) {
# 有登录错误
$config = Core::config('admin/core');
if ($error_num >= $config['login_error_show_captcha_num'] - 1) {
if (Captcha::valid($data['captcha']) < 0) {
throw new Exception('验证码错误');
}
}
}
$member = Auth::instance('admin')->check_user($data['username'], $data['password']);
if ($error_num) {
# 清除登录记录
$db->delete('admin_login_error_log', array('ip' => HttpIO::IP));
}
$id = (int) $member->id;
$_POST['password'] = '******';
//日志中隐藏密码项
if ($member->project != Core::$project && !$member->perm()->is_super_perm()) {
throw new Exception('不允许通过此页面登录', -1);
}
if ($member->shielded) {
throw new Exception('您已被屏蔽', -1);
}
} catch (Exception $e) {
if ($e->getCode() === 0) {
# 验证失败
$error_num++;
if ($error_num === 1) {
$db->insert('admin_login_error_log', array('ip' => HttpIO::IP, 'timeline' => TIME, 'error_num' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']));
} else {
$db->update('admin_login_error_log', array('timeline' => TIME, 'error_num+' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']), array('ip' => HttpIO::IP));
}
}
$this->message = $e->getMessage();
$this->error_input = 'password';
$id = 0;
$member = false;
}
# 记录登录日志
$db->insert(Core::config('admin/log.tablename'), array('uri' => $_SERVER["REQUEST_URI"], 'type' => 'login', 'ip' => HttpIO::IP, 'referer' => $_SERVER["HTTP_REFERER"], 'post' => serialize($_POST), 'admin_id' => $id));
return $member;
}
/**
* Returns TRUE if the POST has a valid CSRF
*
* Usage:<br>
* <code>
* if ($this->valid_post('upload_photo')) { ... }
* </code>
*
* @param string|NULL $submit Submit value [Optional]
* @return boolean Return TRUE if it's valid $_POST
*
* @uses Request::is_post
* @uses Request::post_max_size_exceeded
* @uses Request::get_post_max_size
* @uses Request::post
* @uses Message::error
* @uses CSRF::valid
* @uses Captcha::valid
*/
public function valid_post($submit = NULL)
{
if (!$this->request->is_post()) {
return FALSE;
}
if (Request::post_max_size_exceeded()) {
$this->_errors = array('_action' => __('Max file size of :max Bytes exceeded!', array(':max' => Request::get_post_max_size())));
return FALSE;
}
if (!is_null($submit)) {
if (!isset($_POST[$submit])) {
$this->_errors = array('_action' => __('This form has altered. Please try submitting it again.'));
return FALSE;
}
}
$_token = $this->request->post('_token');
$_action = $this->request->post('_action');
$has_csrf = !empty($_token) and !empty($_action);
$valid_csrf = CSRF::valid($_token, $_action);
if ($has_csrf and !$valid_csrf) {
// CSRF was submitted but expired
$this->_errors = array('_token' => __('This form has expired. Please try submitting it again.'));
return FALSE;
}
if (isset($_POST['_captcha'])) {
$captcha = $this->request->post('_captcha');
if (empty($captcha)) {
// CSRF was not entered
$this->_errors = array('_captcha' => __('The security code can\'t be empty.'));
return FALSE;
} elseif (!Captcha::valid($captcha)) {
$this->_errors = array('_captcha' => __('The security answer was wrong.'));
return FALSE;
}
}
return $has_csrf and $valid_csrf;
}
public function action_register()
{
if (Common::config(['admin', 'SignInSignUp'])) {
$email = $password = $error = $captcha = '';
if ($this->auth->logged_in()) {
self::goMenu();
}
if (!empty($_POST)) {
if (!empty($_POST['email'])) {
$email = \Zver\StringHelper::load($_POST['email'])->toHTMLEntities()->get();
}
if (!empty($_POST['password'])) {
$password = \Zver\StringHelper::load($_POST['password'])->toHTMLEntities()->get();
}
if (!empty($_POST['captcha'])) {
$captcha = $_POST['captcha'];
}
if (!empty($email) && !empty($password) && !empty($captcha)) {
$exist = ORM::factory('User')->where('username', '=', $email)->find();
if (!empty($exist->id)) {
$error = 'Пользователь с таким email уже существует. Введите другой email.';
} elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
$error = 'Введите email правильно.';
} elseif (!Captcha::valid($_POST['captcha'])) {
$error = 'Неправильно введен проверочный код.';
} else {
$success = false;
try {
$user = new Model_User();
$user->username = $email;
$user->email = $email;
$user->registered = date('Y-m-d H:i:s');
$user->password = $password;
$user->save();
DB::insert('roles_users')->values(['user_id' => $user->id, 'role_id' => DB::select('id')->from('roles')->where('name', '=', 'user')])->execute();
if ($this->auth->login($email, $password)) {
$success = true;
}
} catch (\Exception $e) {
}
if ($success) {
Admin::setMessage('Вы успешно зарегистрировались!', 'success');
self::goMenu();
}
}
} else {
if (empty($email)) {
$error = 'Введите email.';
} elseif (empty($password)) {
$error = 'Введите пароль.';
} else {
$error = 'Введите проверочный код';
}
}
}
$this->template->content = View::factory('Admin/Register/Template', ['password' => $password, 'email' => $email, 'error' => $error]);
}
}
/**
* Demontrates how to use the Captcha library.
*/
public function captcha()
{
// Look at the counters for valid and invalid
// responses in the Session Profiler.
new Profiler();
// Load Captcha library, you can supply the name
// of the config group you would like to use.
$captcha = new Captcha();
// Ban bots (that accept session cookies) after 50 invalid responses.
// Be careful not to ban real people though! Set the threshold high enough.
if ($captcha->invalid_count() > 49) {
exit('Bye! Stupid bot.');
}
// Form submitted
if ($_POST) {
// Captcha::valid() is a static method that can be used as a Validation rule also.
if (Captcha::valid($this->input->post('captcha_response'))) {
echo '<p style="color:green">Good answer!</p>';
} else {
echo '<p style="color:red">Wrong answer!</p>';
}
// Validate other fields here
}
// Show form
echo form::open();
echo '<p>Other form fields here...</p>';
// Don't show Captcha anymore after the user has given enough valid
// responses. The "enough" count is set in the captcha config.
if (!$captcha->promoted()) {
echo '<p>';
echo $captcha->render();
// Shows the Captcha challenge (image/riddle/etc)
echo '</p>';
echo form::input('captcha_response');
} else {
echo '<p>You have been promoted to human.</p>';
}
// Close form
echo form::submit(array('value' => 'Check'));
echo form::close();
}
function action_add_comment($postid)
{
$this->allowcomment = $this->post->get_access($this->postid);
$this->action_post_main();
$this->action_main_categories();
$this->username = Auth::instance()->get_user()->username;
if (Captcha::valid($_POST['captcha']) and $this->allowcomment == 1 or !empty($this->username)) {
$this->validate = $this->comment->validate_comment();
if ($this->post->check_post($postid) == TRUE and $this->validate === TRUE) {
$this->comment->add_comment($postid);
Cookie::$expiration = Date::WEEK;
Cookie::set('comment_username', $_POST['username']);
Cookie::set('comment_url', $_POST['url']);
$this->request->redirect($_SERVER['HTTP_REFERER']);
} else {
$this->template->content->errors = $this->validate;
}
}
$this->action_comments_params();
}
/**
* 处理提交
*
* @param array $data
* @return \Member 失败则返回false
*/
protected function post($data, $error_num)
{
if (!$data['username']) {
$this->message = \__('Username can not be empty');
$this->error_input = 'username';
return false;
}
if (!$data['password']) {
$this->message = \__('The password can not be empty');
$this->error_input = 'password';
return false;
}
$db = \Database::instance(\Model_Admin::DATABASE);
try {
if ($error_num) {
# 有登录错误
$config = \Core::config('admin.login');
if ($error_num >= $config['error_show_captcha_num'] - 1) {
if (\Captcha::valid($data['captcha']) < 0) {
$this->error_input = 'captcha';
throw new \Exception(\__('Verification code error'));
}
}
}
$member_finder = new \ORM_Admin_Member_Finder();
$member = $member_finder->get_member_by_username($data['username']);
if (!$member) {
$this->error_input = 'username';
throw new \Exception(\__('User does not exist'));
}
if (!$member->check_password($data['password'])) {
$this->error_input = 'password';
throw new \Exception(\__('Password is incorrect'));
}
if ($error_num) {
# 清除登录记录
$db->delete('admin_login_error_log', array('ip' => \HttpIO::IP));
}
$id = (int) $member->id;
$_POST['password'] = '******';
//日志中隐藏密码项
if ($member->project != \Bootstrap::$project && !$member->perm()->is_super_perm()) {
throw new \Exception(\__('Not allowed to login through this page'), -1);
}
if ($member->shielded) {
$this->error_input = 'username';
throw new \Exception(\__('You have been blocked'), -1);
}
} catch (\Exception $e) {
if (0 === $e->getCode()) {
# 验证失败
$error_num++;
if (1 === $error_num) {
$db->insert('admin_login_error_log', array('ip' => \HttpIO::IP, 'timeline' => \TIME, 'error_num' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']));
} else {
$db->update('admin_login_error_log', array('timeline' => \TIME, 'error_num+' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']), array('ip' => \HttpIO::IP));
}
}
$this->message = $e->getMessage();
$id = 0;
$member = false;
}
# 记录登录日志
$db->insert('admin_log', array('uri' => $_SERVER["REQUEST_URI"], 'type' => 'login', 'ip' => \HttpIO::IP, 'referer' => $_SERVER["HTTP_REFERER"], 'post' => \serialize($_POST), 'admin_id' => $id));
return $member;
}
public function action_index()
{
$template = View::factory("template");
$content = View::factory("registration");
$captcha = Captcha::instance();
$root_page = "registration";
$template->root_page = $root_page;
$username = Arr::get($_POST, 'username', '');
$email = Arr::get($_POST, 'email', '');
$phone = Arr::get($_POST, 'username', '');
$name = Arr::get($_POST, 'name', '');
$content->username = $username;
$content->email = $email;
$content->phone = $phone;
$content->name = $name;
$content->error = "";
$content->captcha = $captcha;
if (!Auth::instance()->logged_in()) {
if (isset($_POST['reg'])) {
if (Arr::get($_POST, 'username', '') == "") {
$error = View::factory('error');
$error->zag = "Не указан логин!";
$error->mess = " Укажите Ваш логин.";
$content->error = $error;
} else {
if (Arr::get($_POST, 'email', '') == "") {
$error = View::factory('error');
$error->zag = "Не указана почта!";
$error->mess = " Укажите Вашу почту.";
$content->error = $error;
} else {
if (Arr::get($_POST, 'password', '') == "") {
$error = View::factory('error');
$error->zag = "Не указан пароль!";
$error->mess = " Укажите Ваш пароль.";
$content->error = $error;
} else {
if (Arr::get($_POST, 'password', '') != Arr::get($_POST, 'password2', '')) {
$error = View::factory('error');
$error->zag = "Пароли не совпадают!";
$error->mess = " Проверьте правильность подтверждения пароля.";
$content->error = $error;
} else {
if (!Captcha::valid($_POST['checkcode'])) {
$error = View::factory('error');
$error->zag = "Контрольный текст не совпадает!";
$error->mess = " Укажите правильно контрольный текст.";
$content->error = $error;
} else {
if (strlen(preg_replace("/[^0-9]+/i", "", $_POST['username'])) != 11) {
$error = View::factory('error');
$error->zag = "Некорректный номер телефона!";
$error->mess = " Укажите правильно номер телефона.";
$content->error = $error;
} else {
$user = ORM::factory('User');
$user->values(array('username' => $_POST['username'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_confirm' => $_POST['password2']));
$some_error = false;
try {
$user->save();
$user->add("roles", ORM::factory("Role", 1));
} catch (ORM_Validation_Exception $e) {
$some_error = $e->errors('models');
}
if ($some_error) {
$error = View::factory('error');
$error->zag = "Ошибка регистрационных данных!";
$error->mess = " Проверьте правильность ввода данных.";
if (isset($some_error['username'])) {
if ($some_error['username'] == "models/user.username.unique") {
$error->zag = "Такое имя уже есть в базе!";
$error->mess = " Придумайте новое.";
}
} else {
if (isset($some_error['email'])) {
if ($some_error['email'] == "email address must be an email address") {
$error->zag = "Некорректный формат почты!";
$error->mess = " Проверьте правильность написания почты.";
}
if ($some_error['email'] == "models/user.email.unique") {
$error->zag = "Такая почта есть в базе!";
$error->mess = " Укажите другую почту.";
}
}
}
$content->error = $error;
} else {
Auth::instance()->login($_POST['username'], $_POST['password'], true);
Model::factory("Users")->addNewUser($_POST);
$to = $_POST['email'];
$subj_tpl = View::factory('register_subject');
$body_tpl = View::factory('register_body');
$subject = $subj_tpl->render();
$from = '*****@*****.**';
$body_tpl->login = $_POST['username'];
$body_tpl->password = $_POST['password'];
$message = $body_tpl->render();
$bound = "0";
$header = "From: Teleantenna25.ru<*****@*****.**>\r\n";
$header .= "Subject: {$subject}\n";
$header .= "Mime-Version: 1.0\n";
$header .= "Content-Type: multipart/mixed; boundary=\"{$bound}\"";
$body = "\n\n--{$bound}\n";
$body .= "Content-type: text/html; charset=\"utf-8\"\n";
$body .= "Content-Transfer-Encoding: quoted-printable\n\n";
$body .= "{$message}";
$result = false;
if (mail($to, $subject, $body, $header)) {
$result = true;
}
if ($result) {
$site_result = $result;
$content = View::factory('alert_success');
$content->zag = "Вы успешно зарегистрированы! ";
$content->mess = "";
}
}
}
}
}
}
}
}
}
}
$template->content = $content;
$this->response->body($template);
}
/**
* add book
*/
public function action_addguest()
{
$data = array('msg' => '');
$captcha = Captcha::instance('default');
$session = Session::instance();
$data['page'] = $session->get("page", '');
if (isset($_POST['btnSubmit'])) {
$book = new Model_Guestbook();
if (Captcha::valid($_POST['captcha'])) {
if ($book->insBook()) {
$data['msg'] = 'Запись добавлена';
} else {
$data['msg'] = 'Запись не добавлена';
}
} else {
$data['msg'] = 'Капча не верна';
}
}
$content = View::factory('addguestview');
$content->captcha = $captcha;
$content->bind('data', $data);
$this->template->content = $content;
}
