예제 #1
0
 public function routerShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
 {
     /* 验证是否为命令行方式 */
     if ($request->isCli()) {
         $action = $request->getActionName();
         $locate_param = strpos($request->getRequestUri(), '?');
         $locate = strpos($request->getActionName(), '?');
         /* 验证action是否有传参 */
         if ($locate !== false) {
             $query_list = array();
             //重新设置action
             $request->setActionName(substr($action, 0, $locate));
             //截取query_string
             $query_string = substr($request->getRequestUri(), $locate_param + 1);
             //解析query_string
             parse_str($query_string, $query_list);
             //循环set到param
             foreach ($query_list as $key => $value) {
                 $request->setParam($key, $value);
             }
         }
     }
     $request_uri = strtolower($request->getModuleName() . '/' . $request->getControllerName() . '/' . $request->getActionName());
     $request->setRequestUri($request_uri);
     $request->setModuleName(ucfirst($request->getModuleName()));
     $request->setControllerName(underline_to_camel(ucfirst($request->getControllerName())));
     $request->setActionName(underline_to_camel($request->getActionName()));
     /* 保存请求地址 */
     Yaf\Registry::set('request_uri', $request_uri);
 }
예제 #2
0
파일: Auth.php 프로젝트: vfeelit/YZend
 public function routerShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
 {
     // 路由之后才能获取这三个值
     $module = strtolower($request->getModuleName());
     $controller = strtolower($request->getControllerName());
     $action = strtolower($request->getActionName());
     $default = Registry::get("session");
     // 可以传入Zend\Authentication\Storage\Session对象,实际关联一个SESSION容器
     $auth = new AuthenticationService();
     $storage = $auth->getStorage();
     Registry::set('auth', $storage);
     if ($auth->hasIdentity()) {
         $storageData = $storage->read();
         $access_time = 0;
         if (!empty($storageData->access_time)) {
             $access_time = (int) $storageData->access_time;
         }
         // 已经半小时没有活动了 实际SESSION可能并没有清除
         if (time() - $access_time > 1800) {
             $auth->clearIdentity();
             $response->clearBody()->setRedirect("/auth/login");
             exit;
         } else {
             $storageData->access_time = time();
             $storage->write($storageData);
         }
         if ($controller === "auth") {
             if ($action === "logout") {
                 $auth->clearIdentity();
                 $response->clearBody()->setRedirect("/auth/login");
                 exit;
             }
             if ($action === "login") {
                 $response->clearBody()->setRedirect("/");
                 exit;
             }
         }
     } else {
         if ($request->isPost()) {
             // 验证token
             if (!isset($_POST['securityToken']) || $_POST['securityToken'] !== $default->offsetGet('securityToken')) {
                 //$response->clearBody()->setRedirect("/auth/login");
                 //exit;
             }
             // 需要验证的数据
             $email = trim($_POST['email']);
             $password = trim($_POST['password']);
             if (empty($email) || empty($password)) {
                 $default->offsetSet("freshMessage", "邮件地址或密码不能为空");
                 $response->clearBody()->setRedirect("/auth/login");
                 exit;
             }
             // 匹配邮件地址 和 密码
             $user = new Table\UserModel();
             $userRow = $user->getUserByEmail($email);
             if (!empty($userRow)) {
                 // 查看是否已经被禁用
                 if ((int) $userRow['active'] < 1) {
                     $default->offsetSet("freshMessage", "账户已经禁用.");
                     $response->clearBody()->setRedirect("/auth/login");
                     exit;
                 }
                 $hashPassword = trim($userRow['password']);
                 $salt = Ifeeline\Password::getPasswordSaltByHash($hashPassword);
                 $nowPassword = Ifeeline\Password::getPasswordHash($salt, $password);
                 if ($nowPassword !== $hashPassword) {
                     $default->offsetSet("freshMessage", "密码不正确");
                     $response->clearBody()->setRedirect("/auth/login");
                     exit;
                 }
             } else {
                 $default->offsetSet("freshMessage", "邮件地址不存在");
                 $response->clearBody()->setRedirect("/auth/login");
                 exit;
             }
             // 实际上,以上的密码比较已经结束  这里使用它的会话持久化功能
             $dbAdapter = Registry::get('db');
             $authAdapter = new CredentialTreatmentAdapter($dbAdapter);
             $authAdapter->setTableName('user')->setIdentityColumn('email')->setCredentialColumn('password');
             // 这里应该使用自定义的密码哈希算法,然后再传递进行比较
             $authAdapter->setIdentity($email)->setCredential($nowPassword);
             $result = $auth->authenticate($authAdapter);
             // 这个IF应该永不会进入
             if (!$result->isValid()) {
                 switch ($result->getCode()) {
                     case Result::FAILURE_IDENTITY_NOT_FOUND:
                         //break;
                     //break;
                     case Result::FAILURE_CREDENTIAL_INVALID:
                         //break;
                         //case Result::SUCCESS:
                         //    break;
                     //break;
                     //case Result::SUCCESS:
                     //    break;
                     default:
                         //$result->getMessages()
                         $default->offsetSet("freshMessage", "用户名或密码不正确.");
                         break;
                 }
                 $response->clearBody()->setRedirect("/auth/login");
                 exit;
             } else {
                 $row = $authAdapter->getResultRowObject(null, array('password'));
                 // 账户被禁用(这不会执行)
                 if ((int) $row->active < 1) {
                     // 清楚认证信息
                     $auth->clearIdentity();
                     $default->offsetSet("freshMessage", "用户名已经被禁用.");
                     $response->clearBody()->setRedirect("/auth/login");
                     exit;
                 } else {
                     $row->access_time = time();
                     $storage = $auth->getStorage();
                     $storage->write($row);
                     // 成功登录
                     $response->clearBody()->setRedirect("/");
                     exit;
                 }
             }
         } else {
             if ($controller !== "auth" || $controller === "auth" && $action !== "login") {
                 $response->clearBody()->setRedirect("/auth/login");
                 exit;
             }
         }
     }
 }