public function dispatchLoopShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
if ($response->getBody() !== '') {
echo $response->getBody();
}
$response->setBody(ob_get_clean());
}
public function postDispatch(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
//disableView or return false in controller or empty template file will lead response body eq ''
if (isset($response->layout) && !empty($response->getBody())) {
$response->setBody(call_user_func($response->layout, $response->getBody()));
}
}
public function dispatchLoopShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
$response->setBody(ob_get_clean());
}
public function routerShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
// 路由之后才能获取这三个值
$module = strtolower($request->getModuleName());
$controller = strtolower($request->getControllerName());
$action = strtolower($request->getActionName());
$default = Registry::get("session");
// 可以传入Zend\Authentication\Storage\Session对象,实际关联一个SESSION容器
$auth = new AuthenticationService();
$storage = $auth->getStorage();
Registry::set('auth', $storage);
if ($auth->hasIdentity()) {
$storageData = $storage->read();
$access_time = 0;
if (!empty($storageData->access_time)) {
$access_time = (int) $storageData->access_time;
}
// 已经半小时没有活动了 实际SESSION可能并没有清除
if (time() - $access_time > 1800) {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$storageData->access_time = time();
$storage->write($storageData);
}
if ($controller === "auth") {
if ($action === "logout") {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
}
if ($action === "login") {
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($request->isPost()) {
// 验证token
if (!isset($_POST['securityToken']) || $_POST['securityToken'] !== $default->offsetGet('securityToken')) {
//$response->clearBody()->setRedirect("/auth/login");
//exit;
}
// 需要验证的数据
$email = trim($_POST['email']);
$password = trim($_POST['password']);
if (empty($email) || empty($password)) {
$default->offsetSet("freshMessage", "邮件地址或密码不能为空");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 匹配邮件地址 和 密码
$user = new Table\UserModel();
$userRow = $user->getUserByEmail($email);
if (!empty($userRow)) {
// 查看是否已经被禁用
if ((int) $userRow['active'] < 1) {
$default->offsetSet("freshMessage", "账户已经禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
$hashPassword = trim($userRow['password']);
$salt = Ifeeline\Password::getPasswordSaltByHash($hashPassword);
$nowPassword = Ifeeline\Password::getPasswordHash($salt, $password);
if ($nowPassword !== $hashPassword) {
$default->offsetSet("freshMessage", "密码不正确");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
} else {
$default->offsetSet("freshMessage", "邮件地址不存在");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 实际上,以上的密码比较已经结束 这里使用它的会话持久化功能
$dbAdapter = Registry::get('db');
$authAdapter = new CredentialTreatmentAdapter($dbAdapter);
$authAdapter->setTableName('user')->setIdentityColumn('email')->setCredentialColumn('password');
// 这里应该使用自定义的密码哈希算法,然后再传递进行比较
$authAdapter->setIdentity($email)->setCredential($nowPassword);
$result = $auth->authenticate($authAdapter);
// 这个IF应该永不会进入
if (!$result->isValid()) {
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
//break;
//break;
case Result::FAILURE_CREDENTIAL_INVALID:
//break;
//case Result::SUCCESS:
// break;
//break;
//case Result::SUCCESS:
// break;
default:
//$result->getMessages()
$default->offsetSet("freshMessage", "用户名或密码不正确.");
break;
}
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row = $authAdapter->getResultRowObject(null, array('password'));
// 账户被禁用(这不会执行)
if ((int) $row->active < 1) {
// 清楚认证信息
$auth->clearIdentity();
$default->offsetSet("freshMessage", "用户名已经被禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row->access_time = time();
$storage = $auth->getStorage();
$storage->write($row);
// 成功登录
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($controller !== "auth" || $controller === "auth" && $action !== "login") {
$response->clearBody()->setRedirect("/auth/login");
exit;
}
}
}
}
