public function execute(Request $request, Response $response, callable $next = null)
{
$body = $request->getParsedBody();
$adapter = new CredentialTreatmentAdapter($this->boot()->db);
$adapter->setTableName('entity_subject')->setIdentityColumn('login')->setCredentialColumn('password')->setIdentity($body['login'])->setCredential($body['password']);
$result = $this->boot()->auth->authenticate($adapter);
if ($result->isValid()) {
$data = $adapter->getResultRowObject(null, 'password');
$this->boot()->auth->getStorage()->write($data);
}
return $response->withHeader('Location', "/");
}
public function processAction()
{
// here come the data from LoginForm(admin/index)
if (!$this->request->isPost()) {
return $this->redirect()->toRoute(NULL, array('controller' => 'Auth', 'action' => 'auth'));
}
$post = $this->getRequest()->getPost();
//
$dbAdapter = $this->getServiceLocator()->get('Zend\\Db\\Adapter\\Adapter');
//
$config = $this->getServiceLocator()->get('Config');
//
$salt = $config['salt'];
//
$authAdapter = new CredentialTreatmentAdapter($dbAdapter, 'users', 'user_email', 'user_password', "MD5(?) AND user_role = 'admin'");
//
$authAdapter->setIdentity($post->user_email)->setCredential($post->user_password);
//
$auth = new AuthenticationService();
$result = $auth->authenticate($authAdapter);
//
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
//
$this->flashMessenger()->setNamespace('not_admin')->addMessage('wrong email/pasword');
//
return $this->redirect()->toRoute(NULL, array('controller' => 'Auth', 'action' => 'auth'));
//
break;
case Result::FAILURE_CREDENTIAL_INVALID:
//
$this->flashMessenger()->setNamespace('not_admin')->addMessage('admin-only allowed');
//
return $this->redirect()->toRoute(NULL, array('controller' => 'Auth', 'action' => 'auth'));
//
break;
case Result::SUCCESS:
$storage = $auth->getStorage();
$storage->write($authAdapter->getResultRowObject(null, 'user_password'));
$session = new Container('admin');
$time = 900;
if ($post->rememberMe) {
$session->remember = $time;
}
$session->user_email = $post->user_email;
return $this->redirect()->toRoute('index', array('controller' => 'Index', 'action' => 'index'));
break;
default:
//
break;
}
}
/**
* Faz a autenticação dos usuários
*
* @param array $params
* @return array
*/
public function authenticate($params)
{
if (!isset($params['username']) || !isset($params['password'])) {
throw new \Exception("Parâmetros inválidos");
}
$password = md5($params['password']);
$auth = new AuthenticationService();
$authAdapter = new AuthAdapter($this->dbAdapter);
$authAdapter->setTableName('user')->setIdentityColumn('username')->setCredentialColumn('password')->setIdentity($params['username'])->setCredential($password);
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()) {
throw new \Exception("Login ou senha inválidos");
}
//salva o user na sessão
$session = $this->getServiceManager()->get('Session');
$session->offsetSet('user', $authAdapter->getResultRowObject());
return true;
}
public function loginAction()
{
if ($this->userModuleOptions->getDisabledLogin()) {
echo "禁止登陆";
exit("indexuser");
//$b=$aaa['user'];
}
$options = $this->getRequest()->getPost();
$adapter = $this->getServiceLocator()->get('Zend\\Db\\Adapter\\Adapter');
$authAdapter = new CredentialTreatmentAdapter($adapter, 'user', 'email', 'password');
$authAdapter->setIdentity($options->get('email'));
$authAdapter->setCredential($options->get('password'));
$authService = new AuthenticationService(new Session('email'), $authAdapter);
/*$authService = $this->getServiceLocator()->get('my_auth_service');
$authService->setStorage(new Session('username'));
$authService->setAdapter($authAdapter);*/
$result = $authService->authenticate();
if ($result->isValid()) {
// $storage=new ArrayStorage(iterator_to_array($options));
// $manager=new SessionManager();
// $manager->setStorage($storage);
$userData = $this->getServiceLocator()->get('User\\Table\\UserTable')->getUser($options->get('email'));
$sessionContainer = new Container();
$sessionContainer->offsetSet("user", ["username" => $userData->username, "email" => $options->get('email')]);
$this->layout()->setVariable("username", $userData->username);
//how to asign?
if ($user = $authService->getIdentity()) {
$this->redirect()->toRoute('forum', ['controller' => 'index', 'action' => 'index']);
} else {
echo 'Not logged in';
}
// exit("suceess");
} else {
exit("die");
}
}
/**
* Authenticate user
*
* @param string $login Login
* @param string $password Password
*
* @return boolean
*/
public function authenticate($login, $password)
{
$authAdapter = new Adapter\DbTable\CredentialTreatmentAdapter($this->getAdapter());
$authAdapter->setTableName($this->name);
$authAdapter->setIdentityColumn('login');
$authAdapter->setCredentialColumn('password');
$authAdapter->setCredentialTreatment('? AND active = TRUE');
$authAdapter->setIdentity($login);
$authAdapter->setCredential(sha1($password));
$auth = new AuthenticationService(new Storage\Session(self::BACKEND_AUTH_NAMESPACE));
$result = $auth->authenticate($authAdapter);
$this->events()->trigger(__CLASS__, 'before.auth', $this);
if ($result->isValid()) {
$data = $authAdapter->getResultRowObject(null, 'password');
$this->setData((array) $data);
$this->setOrigData();
$auth->getStorage()->write($this);
$this->events()->trigger(__CLASS__, 'after.auth', $this);
return true;
}
$this->events()->trigger(__CLASS__, 'after.auth.failed', $this, array('login' => $login));
return false;
}
/**
* @param string $username
* @param string $password
* @return boolean
*/
public function authenticate($username, $password)
{
/* @var $sl \Zend\ServiceManager\ServiceManager */
$sl = $this->getServiceLocator();
$authAdapter = new CredentialTreatmentAdapter($sl->get('dbAdapter'), 'users', 'username', 'password', 'MD5(CONCAT(salt,?))');
$authAdapter->setIdentity($username);
$authAdapter->setCredential($password);
/* @var $result \Zend\Authentication\Result */
$result = $this->getAuthService()->authenticate($authAdapter);
if ($result->getCode() == \Zend\Authentication\Result::SUCCESS) {
/* @var $userMapper \User\Model\UserMapper */
$userMapper = $sl->get('User\\Model\\UserMapper');
/* @var $user \User\Model\User */
$user = $userMapper->get(null, $username);
$this->getAuthService()->getStorage()->write($user->getId());
return true;
}
return false;
}
public function routerShutdown(Yaf\Request_Abstract $request, Yaf\Response_Abstract $response)
{
// 路由之后才能获取这三个值
$module = strtolower($request->getModuleName());
$controller = strtolower($request->getControllerName());
$action = strtolower($request->getActionName());
$default = Registry::get("session");
// 可以传入Zend\Authentication\Storage\Session对象,实际关联一个SESSION容器
$auth = new AuthenticationService();
$storage = $auth->getStorage();
Registry::set('auth', $storage);
if ($auth->hasIdentity()) {
$storageData = $storage->read();
$access_time = 0;
if (!empty($storageData->access_time)) {
$access_time = (int) $storageData->access_time;
}
// 已经半小时没有活动了 实际SESSION可能并没有清除
if (time() - $access_time > 1800) {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$storageData->access_time = time();
$storage->write($storageData);
}
if ($controller === "auth") {
if ($action === "logout") {
$auth->clearIdentity();
$response->clearBody()->setRedirect("/auth/login");
exit;
}
if ($action === "login") {
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($request->isPost()) {
// 验证token
if (!isset($_POST['securityToken']) || $_POST['securityToken'] !== $default->offsetGet('securityToken')) {
//$response->clearBody()->setRedirect("/auth/login");
//exit;
}
// 需要验证的数据
$email = trim($_POST['email']);
$password = trim($_POST['password']);
if (empty($email) || empty($password)) {
$default->offsetSet("freshMessage", "邮件地址或密码不能为空");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 匹配邮件地址 和 密码
$user = new Table\UserModel();
$userRow = $user->getUserByEmail($email);
if (!empty($userRow)) {
// 查看是否已经被禁用
if ((int) $userRow['active'] < 1) {
$default->offsetSet("freshMessage", "账户已经禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
$hashPassword = trim($userRow['password']);
$salt = Ifeeline\Password::getPasswordSaltByHash($hashPassword);
$nowPassword = Ifeeline\Password::getPasswordHash($salt, $password);
if ($nowPassword !== $hashPassword) {
$default->offsetSet("freshMessage", "密码不正确");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
} else {
$default->offsetSet("freshMessage", "邮件地址不存在");
$response->clearBody()->setRedirect("/auth/login");
exit;
}
// 实际上,以上的密码比较已经结束 这里使用它的会话持久化功能
$dbAdapter = Registry::get('db');
$authAdapter = new CredentialTreatmentAdapter($dbAdapter);
$authAdapter->setTableName('user')->setIdentityColumn('email')->setCredentialColumn('password');
// 这里应该使用自定义的密码哈希算法,然后再传递进行比较
$authAdapter->setIdentity($email)->setCredential($nowPassword);
$result = $auth->authenticate($authAdapter);
// 这个IF应该永不会进入
if (!$result->isValid()) {
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
//break;
//break;
case Result::FAILURE_CREDENTIAL_INVALID:
//break;
//case Result::SUCCESS:
// break;
//break;
//case Result::SUCCESS:
// break;
default:
//$result->getMessages()
$default->offsetSet("freshMessage", "用户名或密码不正确.");
break;
}
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row = $authAdapter->getResultRowObject(null, array('password'));
// 账户被禁用(这不会执行)
if ((int) $row->active < 1) {
// 清楚认证信息
$auth->clearIdentity();
$default->offsetSet("freshMessage", "用户名已经被禁用.");
$response->clearBody()->setRedirect("/auth/login");
exit;
} else {
$row->access_time = time();
$storage = $auth->getStorage();
$storage->write($row);
// 成功登录
$response->clearBody()->setRedirect("/");
exit;
}
}
} else {
if ($controller !== "auth" || $controller === "auth" && $action !== "login") {
$response->clearBody()->setRedirect("/auth/login");
exit;
}
}
}
}
