/**
* 注册
*/
public function registerAction()
{
$username = trim($this->getRequest()->getPost('username', ''));
$password = trim($this->getRequest()->getPost('password', ''));
$email = trim($this->getRequest()->getPost('email', ''));
//校验参数是否为空
if (empty($username) || empty($password) || empty($email)) {
$this->getView->assign('message', '参数不能为空');
$this->getView->render('/user/index.phtml');
}
$userModel = new UserModel();
//校验用户名是否存在
$isExistUsername = $userModel->getUserByUsername($username);
if ($isExistUsername) {
$this->getView->assign('message', '用户名已存在');
$this->getView->render('/user/index.phtml');
}
//校验邮箱是否存在
$isExistEmail = $userModel->getUserByEmail($email);
if ($isExistEmail) {
$this->getView()->assign('message', '邮箱已存在');
$this->getView()->render('/user/index.phtml');
}
//进行注册
$flag = $userModel->addUser($username, $password, $email);
//如果成功,登录返回首页
if ($flag) {
Yaf_Session::getInstance()->set('userId', $flag);
$this->getView()->render('/index/index.phtml');
} else {
$this->getView()->assign('message', '注册失败');
$this->getView()->render('/user/index.phtml');
}
}
function getUserTable($username)
{
$userModel = new UserModel();
$user = $userModel->getUserByUsername($username);
$result = "";
if ($user) {
$result = "<div class = 'small-8 column userAccount'>\n\t\t\t\t\t\t<form action='' method='post'>\n\t\t\t\t\t\t\t<label>First name: \n\t\t\t\t\t\t\t\t<input type='text' name = 'firstname' value='{$user->firstname}' />\n\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<label>Last name: \n\t\t\t\t\t\t\t\t<input type='text' name = 'lastname' value='{$user->lastname}' />\n\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<label>Email: \n\t\t\t\t\t\t\t\t<input type='text' name = 'email' value='{$user->email}' />\n\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<label>Username: \n\t\t\t\t\t\t\t\t<input type='text' name = 'username' value='{$user->username}' />\n\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<input name='modify' type='submit' value=' Modify ' id='mod'>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t</form>\t\n\t\t\t\t\t </div>";
}
return $result;
}
/**
* 后台登录验证
*/
public function sigin()
{
//接收用户提交数据
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
//验证码
$captcha = trim($_REQUEST['captcha']);
if (empty($captcha)) {
// 跳转登录页面
$this->error('index.php', '验证码不能为空!');
}
//验证数据
if (empty($username) or empty($password)) {
// 跳转登录页面
$this->error('index.php', '用户名或密码不能为空!');
}
// 验证码比对
Captcha::IsCaptcha($captcha);
if (!$captcha) {
// 跳转登录页面
$this->error('index.php', '验证码错误!');
}
//合理性验证
$admin = new UserModel();
//查询表中是否存在当前用户数据
$user = $admin->getUserByUsername($username);
//判断用户是否存在
if (!$user) {
$this->error('index.php', '当前用户名不存在!');
}
//对比密码 拼接密码进行md5验证
if ($user['u_password'] == md5('sh_' . $password)) {
$_SESSION['adminuser'] = $user;
// 更新IP地址及登录时间
$admin->setUpdateLoginInfo($user['u_id']);
// 添加登录日志
$logs = new LogsModel();
$logs->insertOne($user['u_name'] . "用户登录");
//判断用户是否选择了记住用户信息
// if (isset($_POST['remember'])) {
// //设置cookies
// setcookie('U_id',$user['id'],time()+7*24*3600);
// }
//登录成功
$this->success('index.php?c=Index&a=index', '验证成功!', 1);
} else {
$this->error('index.php', '用户密码错误!!');
}
}
/**
* Login
*
* @return string
*/
public function loginAction()
{
$success = false;
$error = '';
require_once ZOODPP_APP . '/models/UserModel.php';
$username = $this->getParam('username');
$password = $this->getParam('password');
$persistent = $this->getParam('persistent');
$persistent = $persistent ? 1 : 0;
$user = UserModel::getUserByUsername($username);
if (empty($user)) {
$error = 'User is not existent';
} else {
if ($user['password'] != $password) {
$error = 'Incorrect password';
} else {
$success = true;
}
}
if ($success) {
require_once ZOODPP_APP . '/models/SessionModel.php';
$sessionid = session_id();
$csession = SessionModel::getSessionBySessionid($sessionid);
$session = array('sessionid' => $sessionid, 'userid' => $user['userid'], 'username' => $user['username'], 'persistent' => $persistent, 'ip' => Zood_Util::clientIP(), 'user_agent' => $_SERVER['HTTP_USER_AGENT']);
if ($csession) {
SessionModel::updateSession($session, $sessionid);
} else {
SessionModel::addSession($session);
}
if ($persistent) {
setcookie('ZOODSID', $sessionid, time() + 36000 * 24 * 30, '/');
} else {
setcookie('ZOODSID', $sessionid, null, '/');
}
$_SESSION['ZOODSID'] = $sessionid;
$u = $this->getU();
header('Location: ' . $u);
exit;
} else {
$this->addResult(self::RESULT_SUCCESS, 'php', 'login/index.php');
$this->setData($this->getUserParams());
$this->setData('error', $error);
$this->setData('u', $this->getU());
return self::RESULT_SUCCESS;
}
}
<?php
include_once "models/user_model.php";
$userModel = new UserModel();
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$reverror = '';
if (isset($_POST['addreview'])) {
if (empty($_POST['comment'])) {
$reverror = "You must write your review";
} else {
$description = $_POST['comment'];
//echo $_SESSION['login_user'];
$user = $userModel->getUserByUsername($_SESSION['login_user']);
$idUser = $user->idUser;
$idBook = $_SESSION['current_book'];
// To protect MySQL injection for Security purpose
$description = stripslashes($description);
$description = mysql_real_escape_string($description);
$idUser = stripslashes($idUser);
$idUser = mysql_real_escape_string($idUser);
$idBook = stripslashes($idBook);
$idBook = mysql_real_escape_string($idBook);
require "testdb.php";
$query = "INSERT INTO review(description, approved, idUser, idBook) VALUES ('{$description}', 0, {$idUser}, {$idBook})";
//echo $query;
$result = mysql_query($query) or die(mysql_error());
if ($result) {
echo "Your review was saved";
} else {
/**
* @desc 获取球员所加入的球队
*/
public function actionGetUserTeams()
{
if (!Yii::app()->request->isAjaxRequest) {
throw new CHttpException(500, '此方法只允许ajax调用');
}
$masterId = CommonFunction::getUserId();
$leagueModel = new LeagueModel();
$res = $leagueModel->findByMaster($masterId, 1);
if (empty($res)) {
throw new CHttpException(500, '该用户无权限管理联赛');
}
$username = Yii::app()->request->getQuery('username');
$user = new UserModel();
$userRes = $user->getUserByUsername($username);
if (empty($userRes)) {
CommonFunction::ajaxResult(State::$SUSSION_CODE, State::$SUSSION_MSG, "noteam");
} else {
$userid = $userRes[0]->objectId;
}
// var_dump($userRes);
// echo $userid;
$teamModel = new TeamModel();
$userTeams = $teamModel->findTeamsByCaptain($userid);
$userTeamNameArr = array();
foreach ($userTeams as $userTeam) {
if (isset($userTeam->name)) {
array_push($userTeamNameArr, $userTeam->name);
}
}
CommonFunction::ajaxResult(State::$SUSSION_CODE, State::$SUSSION_MSG, array('response' => json_encode($userTeamNameArr)));
}