forked from xyz2k8/demo-server-php
/
UserProcess.php
235 lines (217 loc) · 6.76 KB
/
UserProcess.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
<?php
/**
* 验证邮箱地址是否被注册
* @UserFunction
*/
function email_exists(Email $email){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
if ($db->fetchColumn('SELECT count(*) FROM `user` WHERE `email` = ?', $email)!=0) {
return true;
} else {
return false;
}
}
/**
* 验证手机号是否被注册
* @UserFunction
*/
function mobile_exists(Mobile $mobile){
return false;
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
if ($db->fetchColumn('SELECT count(*) FROM `user` WHERE `mobile` = ?', $mobile)!=0) {
return true;
} else {
return false;
}
}
/**
* 邮箱地址用户登录
* @UserFunction(method = POST|GET)
*/
function email_login(Email $email, String $password){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$user = $db->fetch('SELECT `id`, `username`, `portrait`, `passwd` FROM `user` WHERE `email` = ?', $email);
if ($user) {
if ($password != $user['passwd']) {
throw new ProException('email or password is error', 103);
}/* else if($user['status'] != 1) {
throw new ProException('user not Activation ', 105);
}*/ else {
setUserCredential($user['id']);
$user['status'] = 1;
unset($user['passwd']);
return $user;
}
} else {
throw new ProException('email or password is error', 104);
}
}
/**
* 手机号用户登录
* @UserFunction(method = POST)
*/
function mobile_login(Mobile $mobile, String $password){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$user = $db->fetch('SELECT `id`, `username`, `portrait`, `password`, `status` FROM `user` WHERE `mobile` = ?', $mobile);
if ($user) {
if ($password != $user['password']) {
throw new ProException('email or password is error', 103);
} else if($user['status'] != 1) {
throw new ProException('user not Activation', 105);
} else {
setUserCredential($user['id']);
unset($user['password']);
return $user;
}
} else {
throw new ProException('email or password is error', 104);
}
}
/**
* 退出登录
* @UserFunction(method = GET)
* @CheckLogin
*/
function logout(){
setcookie (AUTH_COOKIE_KEY, '', time() - 3600);
}
/**
* 用户注册
* @UserFunction(method = POST)
*/
function reg(Email $email,/* Mobile $mobile,*/ String $username, String $password){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
if ($db->fetchColumn('SELECT count(*) FROM `user` WHERE `email` = ?', $email) != 0) {
throw new ProException('email $email is exists ', 101);
} /*else if($db->fetchColumn('SELECT count(*) FROM `user` WHERE `mobile` = ?', $mobile) != 0) {
throw new ProException('mobile $mobile is exists ', 102);
} */else {
$portrait = 'http://www.gravatar.com/avatar/'.md5(strtolower(trim($email))).'?s=82&d=wavatar';
$db->insert('INSERT INTO `user` (`email`, `username`, `portrait`, `passwd`) values(?,?,?,?)', $email, $username, $portrait, $password);
//send_activatiton_code($mobile);
}
}
/**
* 激活手机号
* @UserFunction
*/
function activate(Mobile $mobile, Integer $code){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$_code = $db->fetchColumn('SELECT `code` FROM `activation_code` WHERE `mobile` = ?', $mobile);
if ($_code != $code->val) {
throw new ProException('Activation code is error', 106);
} else {
$db->exec('UPDATE `user` SET `status` = 1 WHERE `mobile` = ?', $mobile);
}
}
/**
* 发送激活码
* @UserFunction
*/
function send_activatiton_code(Mobile $mobile){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$code = 2000;
if ($db->fetchColumn('SELECT count(*) FROM `activation_code` WHERE `mobile` = ?', $mobile) == 0) {
$db->insert('INSERT INTO `activation_code` (`mobile`, `code`) values(?,?)', $mobile, $code);
} else {
$timestamp = $db->fetchColumn('SELECT `timestamp` FROM `activation_code` WHERE `mobile` = ?', $mobile);
if(time() - $timestamp > 60000) {
$db->exec('UPDATE `activation_code` SET `code` = ? WHERE `mobile` = ?', $code, $mobile);
} else {
throw new ProException('Activation code is sent too frequently', 107);
}
}
}
/**
* 获取token
* @UserFunction(method = GET)
* @CheckLogin
*/
function token(){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$user = $db->fetch('SELECT `id`, `email`, `username`, `portrait` FROM `user` WHERE `id` = ?', getCurrentUserId());
if($user) {
$token = ServerAPI::getInstance()->getToken($user['id'], $user['username'], $user['portrait']);
if (!$token) {
throw new Exception('API Server Error');
}
if ($token->code != 200) {
throw new ProException($token->errorMessage, $token->code);
} else {
unset($token->code);
unset($token->userId);
return $token;
}
} else {
throw new ProException('user not found', 108);
}
}
/**
* 获取某人用户资料
* @UserFunction(method = GET)
* @CheckLogin
*/
function profile(Integer $id){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$user = $db->fetch('SELECT `id`, `username`, `portrait` FROM `user` WHERE `id` = ?', $id);
if ($user) {
return $user;
} else {
throw new ProException('user not found', 109);
}
}
/**
* 获取某人用户资料
* @UserFunction(method = POST)
* @CheckLogin
*/
function update_profile(String $username){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$db->exec('UPDATE `user` SET `username`= ? WHERE `id` = ?',$username, getCurrentUserId());
}
/**
* 获取全部个人资料
* @UserFunction(method = GET)
* @CheckLogin
*/
function friends(){
$db = new DataBase(DB_DNS, DB_USER, DB_PASSWORD);
$result = $db->fetchAll('SELECT `id`, `username`, `portrait` FROM `user`');
return $result;
}
function setUserCredential($userId){
$_temp = rand(1000,9999).'|rongcloud|'.$userId.'|'.time();
setcookie(AUTH_COOKIE_KEY, do_mencrypt($_temp, AUTH_COOKIE_KEY), time() + 3600*24*30);
}
function getCurrentUserId(){
$credential = $_COOKIE[AUTH_COOKIE_KEY];
if(isset($credential)) {
$_temp = do_mdecrypt($credential, AUTH_COOKIE_KEY);
if (strpos($_temp,'rongcloud') == 5) {
$arr = explode('|', $_temp);
return $arr[2];
}
}
throw new ProException('credential is error', 111);
}
function do_mencrypt($input, $key) {
$key = substr(md5($key), 0, 24);
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return trim(chop(base64_encode($encrypted_data)));
}
function do_mdecrypt($input, $key) {
$input = trim(chop(base64_decode($input)));
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$key = substr(md5($key), 0, 24);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return trim(chop($decrypted_data));
}