Location: PHPKode > projects > ATUIN > atuin/app/controllers/AuthController.php
<?php

class AuthController extends Zend_Controller_Action 
{
    function init() 
    {
        $this->initView();
        $this->view->baseUrl = $this->_request->getBaseUrl();

        /* load "general" configuration from settings.ini */
        $this->cfg = new Zend_Config_Ini('../app/config/settings.ini', 'general');
    }
	
    function indexAction() 
    {
        $this->_redirect('/');
    }
   
    function loginAction() 
    {
        $redirect = $this->getRequest()->getParam('redirect_to');
        $username = '';
      
        $view = new Zend_View();
        $view->message = '';
        if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') 
        {
            // collect the data from the user
            $filter = new Zend_Filter_StripTags();
            $username = $filter->filter($this->_request->getPost('username'));
            $password = $filter->filter($this->_request->getPost('password'));
            $filename = '../app/controllers/password.txt';
            $redirect = $filter->filter($this->_request->getPost('redirect'));
            
            if (empty($username) || empty($password)) 
            {
                $view->message = 'Please fill out all fields.';
            }
            else 
            {
                // get role
                $dir = $this->cfg->userpath;
                if(file_exists($dir . $username . '.xml')) 
                {
                    $xml = simplexml_load_file($dir . $username . '.xml');
                    $realm = $xml->status;
                    // setup Zend_Auth adapter for a database table
                    $authAdapter = new Zend_Auth_Adapter_Digest($filename, $realm, $username, $password);
                    // do the authentication
                    $result = $authAdapter->authenticate();
                    if ($result->isValid()) 
                    {
                        $identity = $result->getIdentity();
                        $defaultNamespace = new Zend_Session_Namespace('Default');
                        $defaultNamespace->identity = $identity;
                        $this->_redirect($this->cfg->baseUrl . $redirect);
                    } 
                    else 
                    {
                        //failure: clear database row from session
                        $view->message = 'Login failed';
                    }
                }
                else 
                {
                    $view->message = "The profile \"" . $username . "\" doesn't exist.";
                }
            }
        }
        $view->title = "Login";
        $view->setScriptPath('../app/views/scripts');
        $view->assign('message', (string) $view->message);
        $view->assign('baseUrl', (string) $this->cfg->baseUrl);
        $view->assign('domain', (string) $this->cfg->domain);
        $view->assign('redirect', (string) $redirect);
        $view->assign('pagetitle', (string) $this->cfg->pagetitle);
        $view->assign('pagesubtitle', (string) $this->cfg->pagesubtitle);
        $view->assign('layout', (string) $this->cfg->layout);
        $view->assign('username', (string) $username);
        echo $view->render('auth/login.php');
    }
   
    function logoutAction() 
    {
        $redirect = $this->getRequest()->getParam('redirect_to');
        Zend_Session::destroy();
        $this->_redirect($this->cfg->baseUrl . $redirect);
    }

    function registerAction() 
    {
        $redirect = $this->getRequest()->getParam('redirect_to');
        $username = '';
        $email = '';

        $view = new Zend_View();
        $view->message = '';
        if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') 
        {
            // collect the data from the user
            $filter = new Zend_Filter_StripTags();
            $username = $filter->filter($this->_request->getPost('username'));
            $email = $filter->filter($this->_request->getPost('email'));
            $password = $filter->filter($this->_request->getPost('password'));
            $password2 = $filter->filter($this->_request->getPost('password2'));
            $filename = '../app/controllers/password.txt'; 
            $realm = 'member';
            $redirect = $filter->filter($this->_request->getPost('redirect'));
            if (!file_exists($filename)) 
            {
                print "The requested file doesn't exists";
            }
            if (empty($username) || empty($email) || empty($password) || empty($password2)) 
            {
                $view->message = 'Please fill out all fields.';
            }
            else 
            {
                $pat = "/^[a-zA-Z0-9-_.]+@[a-zA-Z0-9-_.]+\.[a-zA-Z]{2,4}$/";
                if(preg_match($pat, $email)) 
                {
                    if($password == $password2) 
                    {
                        if($code == $captcha) 
                        {
                            // create userprofil
                            $xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
                            $xml .= "<profil>\n";
                            $xml .= "   <username>" . $username . "</username>\n";
                            $xml .= "   <email>" . $email . "</email>\n";
                            $xml .= "   <status>member</status>\n";
                            $xml .= "</profil>";
                            // user dir
                            $dir = $this->cfg->userpath;
                            // filename
                            $file = $username . ".xml";
                            // check if nick is already used
                            if (file_exists($dir . $file)) 
                            {
                                $view->message = 'An account with this name exists already. Please choose another one.';
                            }
                            else 
                            {
                                // write it!
                                $fp = fopen($dir . $file, "w");
                                fwrite($fp, $xml);
                                // add new user for authentication
                                $str = $username . ':' . $realm . ':' . $password;
                                $new = md5($str);
                                $passwdlist = fopen('../app/controllers/password.txt', 'a');
                                fwrite($passwdlist, $username . ':' . $realm . ':' . $new . "\n");
                                fclose($passwdlist);
                                // send mail
                                // ...
                                $this->_redirect($this->cfg->baseUrl . 'auth/login/');
                            }
                        } 
                        else 
                        {
                            $view->message = 'Your entered captcha is not correct.';
                        }
                    }
                    else 
                    {
                        $view->message = 'Your entered passwords are not the same.';
                    }
                }
                else 
                {
                    $view->message = 'Bad email adress format. Please check again.';
                }
            }
        }
        $view->title = "Sign up";
        $view->setScriptPath('../app/views/scripts');
        $view->assign('message', (string) $view->message);
        $view->assign('baseUrl', (string) $this->cfg->baseUrl);
        $view->assign('domain', (string) $this->cfg->domain);
        $view->assign('redirect', (string) $redirect);
        $view->assign('pagetitle', (string) $this->cfg->pagetitle);
        $view->assign('pagesubtitle', (string) $this->cfg->pagesubtitle);
        $view->assign('layout', (string) $this->cfg->layout);
        // fill out fileds after error
        $view->assign('username', (string) $username);
        $view->assign('email', (string) $email);
        echo $view->render('auth/register.php');
    }
   
    /**
     * function newPwdAction
     */
    public function newPwdAction() 
    {
        $username = $this->getRequest()->getParam('username');
        $file = $this->cfg->userpath . $username . '.xml';
        $profile = simplexml_load_file($file);
        $passwordfile = file('../app/controllers/password.txt');
        // create new password
        $chars = "abcdefghijkmnopqrstuvwxyz023456789";
        srand((double)microtime()*1000000);
        $i = 0;
        $pass = '';
        while ($i <= 7) 
        {
            $num = rand() % 33;
            $tmp = substr($chars, $num, 1);
            $pass = $pass . $tmp;
            $i++;
        }
        //send mail
        $message = "your new password for your account " . $username . ":";
        $message .= "\n\n" . $pass;
        $betreff = "new password for your account";
        mail($profile->email, $betreff, $message, "From: atuin administration <hide@address.com>");
        // update password.txt
        $pwd = '';
        foreach($passwordfile as $line) 
        {
            if($username == substr($line, 0, strlen($username))) 
            {
                $str = $username . ':' . $profile->status . ':' . $pass;
                $md5 = md5($str);
                $new = $username . ':' . $profile->status . ':' . $md5 . "\n";
                $pwd .= $new;
            }
            else 
            {
                $pwd .= $line;
            }
        }
        $fp = fopen('../app/controllers/password.txt', "w");
        fwrite($fp, $pwd);
        //echo $pass; exit();
        $this->_redirect($this->cfg->baseUrl . 'auth/login');
    }
}
?>
Return current item: ATUIN