#coding=utf-8
# Redmine - project management software
# Copyright (C) 2006-2013 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AccountController < ApplicationController
helper :custom_fields
include CustomFieldsHelper
# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required
skip_before_filter :check_authentication, :only => [:login, :logout, :user_join, :avatar, :authentication, :professional_certification, :security_settings, :change_psd, :user_info]
before_filter :auth_login1, :only => [:avatar, :authentication, :professional_certification, :security_settings, :change_psd, :reset_psd, :user_info]
skip_before_filter :verify_authenticity_token, :only =>[:codepedia_login, :login, :register]
before_filter :require_login, only: [:avatar, :authentication, :professional_certification, :security_settings, :change_psd, :user_info, :user_auth, :apply_auth, :apply_pro_certification, :check_student_id,
:bind_email, :change_or_bind]
include ApplicationHelper
include AccountHelper
# Login request and validation
CODES = %W(1 2 3 4 5 6 7 8 9 A B C D E F G H J K L N M O P Q R S T U V W X Y Z)
def login
Rails.logger.info("login: request type is #{request.method}")
if params[:type] == "activated"
@message = l(:notice_account_activated)
elsif params[:type] == "expired"
@message = l(:notice_account_expired)
end
@name = params[:name]
@c_name = params[:c_name]
login = User.current.login
login_error = false
# login 匹配不到字母,或者 含有特殊字符 则login不规范
if (login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(login =~ /[@#\$%\^&\*]+/).nil?
login_error = true
end
if request.get?
@login = params[:login] || true
if User.current.logged?
# 判断用户基本资料是否完善,不完善讲强制完善基本资料,完善进入主页
user = UserExtensions.where(:user_id => User.current.id).first
Rails.logger.info("#######################login_error: ##{login_error}")
if User.current.lastname.blank? || user.school_id.blank? || user.identity.blank? || login_error
redirect_to user_info_path()
else
redirect_back_or_default user_path(User.current), :referer => true
end
else
render :layout => 'login'
end
else
# ajax请求类型
# REDO:测试的时候注意是否
if request.xhr?
login = params[:username].strip
password = params[:password]
# 验证用户名密码是否正确
@user, last_login_on = User.try_to_login(login, password)
if @user.present?
Rails.logger.info("successful_authentication, user is #{@user.try(:login)}")
# 登录重置session;重新开启session有效时间等
self.logged_user = @user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(@user)
end
# 记录用户登录行为
UserActions.create(:action_id => @user.id, :action_type => "Login", :user_id => @user.id)
end
respond_to do |format|
format.js
end
else
authenticate_user
end
end
end
def codepedia_login
logger.info("codepedia_login#########################################")
logger.info("#{params}")
user, last_login_on = User.try_to_login(params[:username], params[:password])
logger.info(user)
if user.blank?
render :json => { status: 0 }
else
render :json => { status: 1, user: user}
end
end
def user_join
if params[:type] == "activated"
@message = l(:notice_account_activated)
elsif params[:type] == "expired"
@message = l(:notice_account_expired)
end
if request.get?
@login = params[:login] || true
@name = params[:name]
if User.current.logged?
# 判断用户基本资料是否完善,不完善讲强制完善基本资料,完善进入主页
user = UserExtensions.where(:user_id => User.current.id).first
if user.gender.nil? || user.school_id.nil? || User.current.lastname.nil?
redirect_to my_account_path(:tip => 1)
elsif user.identity == 3 && user.school_id.nil?
redirect_to my_account_path(:tip => 1)
else
redirect_to user_path(User.current)
end
else
render :layout =>'login'
end
else
authenticate_user
end
end
def help
@index = params[:index].to_i == 0 ? 1 : params[:index].to_i
if @index == 6 && !User.current.logged?
redirect_to signin_path
return
end
code = CODES.sample(8).join
@resubmit = "#{code}"
@agreement = Help.first
@cooperation = Cooperation.all
@url = params[:url]
@com_coop_img = CooImg.where(:img_type => 'com_coop').order("position asc")
@edu_coop_img = CooImg.where(:img_type => 'edu_coop').order("position asc")
render :layout => 'base_edu'
end
def update_help
@edu_coop = "edu_coop"
@com_coop = "com_coop"
end
def update_agreement
if User.current.admin?
help = Help.first
unless params[:tabs]
if help.present?
case params[:tab].to_i
when 1
help.update_attribute(:agreement, params[:description])
redirect_to help_path(:index => 4)
when 2
help.update_attribute(:about_us, params[:description])
redirect_to help_path()
when 3
help.update_attribute(:help_center, params[:description])
redirect_to help_path(:index => 5)
end
else
case params[:tab].to_i
when 1
Help.create(:agreement => params[:description])
redirect_to help_path(:index => 4)
when 2
Help.create(:about_us => params[:description])
redirect_to help_path()
when 3
Help.create(:help_center => params[:description])
redirect_to help_path(:index => 5)
end
end
else
unless help.present?
Help.create(:status =>params[:status])
redirect_to help_path(:index => 2)
else
help.update_attribute(:status,params[:status])
redirect_to help_path(:index => 2)
end
end
else
redirect_to help_path()
end
end
def update_contact_us
if Cooperation.where(:user_type => params[:user_type]).present?
Cooperation.where(:user_type => params[:user_type]).first.update_attributes(:name => params[:name],:qq => params[:qq],:mail =>params[:mail])
else
Cooperation.create(:user_type => params[:user_type],:name =>params[:name],:qq =>params[:qq],:mail =>params[:mail])
end
redirect_to help_path(:index => 2)
end
def insert_suggest
content = "<p>[#{params[:question_kind]}]</p>" + "<p>问题页面网址:#{params[:url]}</p>" + params[:description]
PrivateMessage.create(:user_id => User.current.id, :target_id => 1, :sender_id => User.current.id, :receiver_id => 1, :content => content, :send_time => Time.now, :status => 1)
PrivateMessage.create(:user_id => 1, :target_id => User.current.id, :sender_id => User.current.id, :receiver_id => 1, :content => content, :send_time => Time.now, :status => 0)
redirect_to message_detail_user_path(User.current, :user_id => 1)
end
# 合作伙伴
def cooperative_partner
render :layout =>'base_edu'
end
def update_cooperative_part
diskfile1 = disk_filename(params[:sourse_type], params[:source_id])
diskfile2 = disk_coo_filename(params[:sourse_type], params[:source_id])
diskfile = diskfile1 + 'temp'
begin
FileUtils.mv diskfile, diskfile1, force: true if File.exist? diskfile
ensure
File.delete(diskfile) if File.exist?(diskfile)
end
if File.exist?(diskfile1)
pos = CooImg.order("position asc").last.position
CooImg.create(:src_states =>params[:img_url] ,:url_states => diskfile2,:img_type =>params[:sourse_type], :position => pos)
end
redirect_to help_path(:index => 3)
end
# 改变广告位置
# params: id: 广告的id, position:广告的新位置, type:图片类型
def change_coop_position
logger.info("##############{params[:position]}")
position = params[:position].to_i
type = params[:type]
img = CooImg.find params[:id]
coop_imgs = CooImg.where("img_type = ? and position > ?" , type, params[:position].to_i)
coop_imgs.map{|img| img.increment!(:position)}
img.update_attribute(:position, position + 1)
render :json => {status: 1}
end
def delete_coop
# @coo_img = CooImg.find_by_id(params[:id])
# @coo_img.destroy
# render_404 if @coo_img.nil?
# redirect_to help_path(:index => 3)
# rescue ActiveRecord::RecordNotFound
# render_404
@coo_img = CooImg.find_by_id(params[:id])
@sourse = @coo_img.url_states
diskfile = File.join(Rails.root, "public")
diskfile1 = diskfile + @sourse
unless diskfile1.nil? || diskfile1 == ""
path = File.dirname(diskfile1)
if File.directory?(path)
File.delete(diskfile1)
@coo_img.destroy
end
end
redirect_to help_path(:index => 3)
rescue Exception => e
logger.info e.message
respond_to do |format|
format.js
format.api {
if saved
render :action => 'upload', :status => :created
else
render_validation_errors(@avatar)
end
}
end
end
# Log out current user and redirect to welcome page
def logout
if User.current.anonymous?
redirect_to home_path
else
UserActions.create(:action_id => User.current.id, :action_type => "Logout", :user_id => User.current.id)
logout_user
# 记录用户登出行为
redirect_to home_path
end
# display the logout form
end
def heartbeat
render :json => session[:user_id]
end
# Lets user choose a new password
def lost_password
(redirect_to(signin_path); return) unless Setting.lost_password?
if params[:token]
@token = Token.find_token("recovery", params[:token].to_s)
if @token.nil? || @token.expired?
redirect_to signin_path
return
end
@user = @token.user
unless @user && @user.active?
redirect_to signin_path
return
end
if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
@token.destroy
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_url
return
end
end
render :template => "account/password_recovery"
return
else
if request.post?
user = User.find_by_mail(params[:mail].to_s)
# user not found or not active
unless user && user.active?
flash.now[:error] = l(:notice_account_unknown_email)
render :layout => 'static_base'
return
end
# user cannot change its password
unless user.change_password_allowed?
flash.now[:error] = l(:notice_can_t_change_password)
return
end
# create a new token for password recovery
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.run.lost_password(token)
flash[:notice] = l(:notice_account_lost_email_sent)
redirect_to lost_password_path
return
end
end
render :layout => 'login'
end
end
# User self-registration
def register
(redirect_to(signin_path); return) unless Setting.self_registration? || session[:auth_source_registration]
if request.get?
session[:auth_source_registration] = nil
@user = User.new(:language => current_language.to_s)
else
user_params = params[:user] || {}
if session[:auth_source_registration]
@user.activate
@user.login = session[:auth_source_registration][:login]
@user.auth_source_id = session[:auth_source_registration][:auth_source_id]
if @user.save
session[:auth_source_registration] = nil
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_path(:tip => 1)
end
else
us = UsersService.new
@user = us.register user_params.merge(:should_confirmation_password => false)
=begin
case Setting.self_registration
when '1'
#register_by_email_activation(@user)
unless @user.new_record?
# if params[:user][:phone] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
# redirect_to account_email_valid_path(:mail => @user.mail, :user_id => @user.id)
# else
self.logged_user = @user
redirect_to user_info_path()
# end
# flash[:notice] = l(:notice_account_register_done)
# render action: 'email_valid', locals: {:mail => @user.mail}
end
when '3'
#register_automatically(@user)
if !@user.new_record?
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to user_info_path()
else
redirect_to signin_path
end
else
#register_manually_by_administrator(@user)
unless @user.new_record?
account_pending
end
end
=end
if !@user.new_record?
self.logged_user = @user
flash[:notice] = l(:notice_account_activated)
redirect_to user_info_path()
else
redirect_to signin_path
end
if params[:user][:phone] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
reward_grade(@user, @user.id, 'Mail', 500)
elsif params[:user][:phone] =~ /^1\d{10}$/
reward_grade(@user, @user.id, 'Phone', 500)
end
end
end
end
# 注册完后绑定邮箱(可选)
def bind_email
@user = User.current
if request.get?
render :layout =>'login'
else
@user.update_attributes!(:mail => params[:mail])
reward_grade(@user, @user.id, 'Mail', 500)
redirect_to user_info_path()
end
end
# 注册完/绑定邮箱 后完善资料
def user_info
@user = User.current
#是否是Oschina过来的
@is_ecoder_user = @user.ecoder_user_id.to_i>0
#是否没设置过密码
@is_set_password = @user.hashed_password.present?
if request.get?
# 如果是登录的请求进来,则需要判断登录名是否合法
if (@user.login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(@user.login =~ /[@#\$%\^&\*\.]+/).nil?
@login_error = true
end
render :layout =>'login'
else
lg = @user.login
@pref = @user.pref
@se = @user.extensions
# 已授权的用户修改单位名称,需要重新授权
if @se.school_id != params[:occupation].to_i && @user.certification == 1
@user.certification = 0
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
if @is_ecoder_user && !@is_set_password
@user.password = params[:new_password]
@user.password_confirmation = params[:new_password_confirmation]
if @user.password.size<8
@password_len_error = true
render :user_info and return
end
if @user.password != @user.password_confirmation
@password_match_error = true
render :user_info and return
end
end
@user.lastname = params[:lastname]
@user.firstname = ""
@user.show_realname = params[:hide_realname] ? 0 : 1
@user.nickname = params[:hide_realname] ? params[:nickname] : params[:lastname]
@user.pref.attributes = params[:pref]
@user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
@user.mail = params[:mail] if params[:mail]
Rails.logger.info("###############login: #{params[:login]}")
if params[:login]
if (params[:login] =~ /(^(?=.*?[a-zA-Z]).*$)/).present? && (params[:login] =~ /[@#\$%\^&\*\.]+/).nil?
@user.login = params[:login]
Gitlab.client.edit_user(@user.gid, :username => params[:login]) if @user.gid
end
end
@se.school_id = params[:occupation]
@se.department_id = params[:department_id]
@se.gender = params[:sex]
# @se.location = params[:province] if params[:province]
# @se.location_city = params[:city] if params[:city]
@se.identity = params[:identity].to_i if params[:identity]
if @se.identity == 0
@se.technical_title = params[:te_technical_title] if params[:te_technical_title]
@se.student_id = nil
elsif @se.identity == 1
@se.student_id = params[:no] if params[:no]
@se.technical_title = nil
elsif @se.identity == 2
@se.technical_title = params[:pro_technical_title] if params[:pro_technical_title]
@se.student_id = nil
end
# @se.brief_introduction = params[:brief_introduction]
if @user.save && @se.save
reward_grade(@user, @user.id, 'Account', 500)
if @user.certification != 1
school_ids = School.where(:auto_users_trial => 1).map(&:id)
# 授权单位中的只有学生身份才自动授权,且创建试用授权记录
if !@se.school.nil? && school_ids.include?(@se.school_id) && @se.identity == 1
@user.certification = 1
@user.update_attributes(:certification => 1)
apply_action = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization", :status => 0).first
if apply_action.present?
apply_action.update_attributes(:status => 1, :noticed => 1)
else
ApplyAction.create(:user_id => @user.id, :container_type => "TrialAuthorization", :ip_addr => request.remote_ip, :status => 1, :noticed => 1)
end
end
end
# 授权的教师加入示例课堂
join_ex_course(@user) if @se.identity == 0 && @user.certification == 1
@user.pref.save
set_language_if_valid @user.language
flash[:notice] = l(:notice_account_updated)
first_update = Grade.where(:user_id => @user.id, :container_id => @user.id, :container_type => 'Account').first
if @user.certification == 1 || (Time.now.to_i - first_update.created_at.to_i) < 86400
if @user.certification != 1 && !@user.user_day_certifications.first.present? # 更新字段是为了在user页面弹框提示
@user.update_attributes(:certification => 3)
UserDayCertification.create(:user_id => @user.id, :status => 1)
end
redirect_to user_path(@user)
else
redirect_to my_account_url
end
return
else
@user.login = lg
logger.info "save user: #{@user.errors}"
end
end
end
def check_email
logger.info("###################################")
user_count = User.where(:login => params[:login]).count
status = user_count > 0 ? -1 : 0
render :json => {status: status}
end
#should_confirmation_password是否验证密码
def create_and_save_user login,password,email,password_confirmation,should_confirmation_password
@user = User.new
@user.admin = false
@user.register
@user.login = login
@user.mail = email
if should_confirmation_password && !password.blank? && !password_confirmation.blank?
@user.password,@user.password_confirmation = password,password_confirmation
elsif !should_confirmation_password && !password.blank?
@user.password = password
else
@user.password = ""
end
case Setting.self_registration
when '1'
register_by_email_activation(@user)
when '3'
register_automatically(@user)
else
register_manually_by_administrator(@user)
end
if @user.id != nil
ue = @user.user_extensions ||= UserExtensions.new
ue.user_id = @user.id
ue.save
end
@user
end
# Token based account activation
def activate
(redirect_to(signin_path); return) unless Setting.self_registration? && params[:token].present?
token = Token.find_token('register', params[:token].to_s)
type = l(:notice_account_expired) if (token && token.expired?)
(redirect_to(signin_path(:type => "expired")); return) unless token and !token.expired?
user = token.user
(redirect_to(signin_path); return) unless user.registered?
user.activate
if user.save
token.destroy
flash[:notice] = l(:notice_account_activated)
end
redirect_to signin_url(:type => "activated")
end
def api_register login,password,email
users_service = UsersService.new
users_service.register({login: login, password: password, email: eamil})
end
def valid_ajax
req = Hash.new(false)
req[:message] = ''
valid_attr = params[:valid]
valid_value = params[:value]
faker = User.new
if valid_attr.eql?('')
req[:valid] = User.where("phone = '#{params[:value]}' or mail = '#{params[:value]}' or login = '#{params[:value]}'").blank?
end
if valid_attr.eql?('login')
faker.login = valid_value
faker.valid?
req[:valid] = faker.errors[:login].blank?
req[:message] = faker.errors[:login]
end
if valid_attr.eql?('phone')
faker.phone = valid_value
faker.valid?
req[:valid] = faker.errors[:phone].blank?
req[:message] = ""
end
if valid_attr.eql?('mail')
faker.mail = valid_value
faker.valid?
req[:valid] = faker.errors[:mail].blank?
req[:message] = faker.errors[:mail]
end
req[:message] = l(:modal_valid_passing) if req[:message].blank?
render :json => req
end
# 手机号或邮箱是否已注册
def valid_register_user
req = Hash.new(false)
req[:message] = ''
valid_attr = params[:valid]
valid_value = params[:value]
if valid_attr.eql?('phone')
user = User.where(:phone => valid_value).first
req[:valid] = !user.nil?
req[:message] = user.nil? ? "该手机号未注册" : ""
elsif valid_attr.eql?('mail')
user = User.where(:mail => valid_value).first
req[:valid] = !user.nil?
req[:message] = user.nil? ? "该邮箱未注册" : ""
end
render :json => req
end
# 发送验证码:type 1:注册手机验证码 2:找回密码手机验证码 3:找回密码邮箱验证码 4:绑定手机 5:绑定邮箱 6:手机验证码登录 7:邮箱验证码登录 8:邮箱注册验证码
# 验证码是否有效
def valid_verification_code
req = Hash.new(false)
req[:valid] = false
type = params[:type].to_i
if Redmine::Configuration['gitlab_address'].include?("test") && params[:code] == "134790"
req[:valid] = true
else
if type == 1 || type == 2 || type == 4 || type == 6 || params[:phone] =~ /^1\d{10}$/
code = VerificationCode.where(:phone => params[:phone], :code => params[:code], :code_type => (params[:type].to_i != 1 && params[:type].to_i != 2 && params[:type].to_i != 4) ? 2 : params[:type].to_i ).last
else
code = VerificationCode.where(:email => params[:phone], :code => params[:code], :code_type => params[:type].to_i).last
end
req[:valid] = !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
end
render :json => req
end
# 发送验证码:type 1:注册手机验证码 2:找回密码手机验证码 3:找回密码邮箱验证码 4:绑定手机 5:绑定邮箱 6:手机验证码登录 7:邮箱验证码登录 8:邮箱注册验证码
def get_verification_code
code = %W(0 1 2 3 4 5 6 7 8 9)
type = params[:type].to_i
req = Hash.new(false)
req[:status] = 0
req[:msg] = ''
if type == 1
if User.where(:phone => params[:value]).count > 0
req[:status] = 2 #已注册
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => 1, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
elsif type == 8
if User.where(:mail => params[:value]).count > 0
req[:status] = 2 #已注册
else
begin
verification_code = code.sample(6).join
user = User.current
token = Token.new(:user => user, :action => "bind")
if token.save
Mailer.run.email_register(token, verification_code, params[:value])
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 8, :code => verification_code)
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
req[:msg] = params[:value].split("@")[1]
end
elsif type == 2 || type == 3 || type == 6 || type == 7
if params[:value] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
if User.where(:mail => params[:value]).count == 0
req[:status] = 2 #未注册
else
begin
verification_code = code.sample(6).join
user = User.where(:mail => params[:value]).first
if type == 3
token = Token.new(:user => user, :action => "recovery")
if token.save
Mailer.run.lost_password(token, verification_code)
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 3, :code => verification_code)
end
else
token = Token.new(:user => user, :action => "login")
if token.save
Mailer.run.code_login(token, verification_code)
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 7, :code => verification_code)
end
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 3
req[:link] = params[:value].split("@")[1]
end
elsif params[:value] =~ /^1\d{10}$/
if User.where(:phone => params[:value]).count == 0
req[:status] = 2
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => type, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
else
req[:status] = 2
end
else
if params[:value] =~ /^[a-zA-Z0-9]+([._\\]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
if User.where(:mail => params[:value]).count > 0
req[:status] = 2 #已绑定
req[:msg] = '该邮箱已被绑定'
else
begin
verification_code = code.sample(6).join
user = User.current
token = Token.new(:user => user, :action => "bind")
if token.save
Mailer.run.bind_email(token, verification_code, params[:value])
VerificationCode.create(:email => params[:value], :status => 1, :code_type => 5, :code => verification_code)
end
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 3
req[:msg] = params[:value].split("@")[1]
end
elsif params[:value] =~ /^1\d{10}$/
if User.where(:phone => params[:value]).count > 0
req[:status] = 2
req[:msg] = '该手机号已被绑定'
else
begin
verification_code = code.sample(6).join
status = Trustie::Sms.send(mobile: params[:value], code: verification_code)
if status == 0
VerificationCode.create(:phone => params[:value], :status => 1, :code_type => 4, :code => verification_code)
end
req[:msg] = code_msg status
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
req[:status] = 1
end
else
req[:status] = 2
end
end
Rails.logger.info "#{req[:status]} - #{req[:msg]}"
render :json => req
end
def avatar
@user = params[:user_id].nil? ? User.current : User.find(params[:user_id])
@setting_type = 2
render :layout => 'login'
end
# 实名认证
def authentication
@user = User.current
@apply_user_auth = ApplyUserAuthentication.where(:user_id => @user.id, :auth_type => 1).order("created_at asc").last
@setting_type = 3
render :layout => 'login'
end
# 职业认证
def professional_certification
@user = User.current
@apply_user_auth = ApplyUserAuthentication.where(:user_id => @user.id, :auth_type => 2, :status => [0, 2]).order("created_at asc").last
@setting_type = 4
render :layout => 'login'
end
def apply_auth
@user = User.current
old_name = @user.lastname+@user.firstname
@user.lastname = params[:lastname].strip
@user.firstname = ""
@user.ID_number = params[:ID_number].blank? ? nil : params[:ID_number]
if @user.save
@user.update_attributes(:authentication => 0)
if params[:upload_img] && params[:upload_img].to_i == 1
diskfile1 = disk_auth_filename('UserAuthentication', @user.id, 'ID')
diskfileID = diskfile1 + 'temp'
begin
FileUtils.mv diskfileID, diskfile1, force: true if File.exist? diskfileID
ensure
File.delete(diskfileID) if File.exist?(diskfileID)
end
end
# 提交认证
if params[:save_or_submit] && params[:save_or_submit] == "1"
if ApplyUserAuthentication.where(:user_id => @user.id, :status => 0, :auth_type => 1).count == 0
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 1)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_auth' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
# 已授权的用户修改真实姓名,需要重新授权
if @user.certification == 1 && old_name != params[:lastname]
school_ids = School.where(:auto_users_trial => 1).map(&:id)
if !(((@user.user_extensions.identity == 1 && @user.user_extensions.student_id.present?) || @user.user_extensions.identity == 0) && !@user.user_extensions.school.nil? && school_ids.include?(@user.user_extensions.school_id))
@user.update_attributes(:certification => 0)
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
end
end
redirect_to my_account_path
end
def apply_pro_certification
@user = User.current
@se = @user.extensions
# 已授权的用户修改单位名称,需要重新授权
if (@se.school_id != params[:occupation].to_i || @se.identity != params[:identity].to_i) && @user.certification == 1
@user.certification = 0
apply_user = ApplyAction.where(:user_id => @user.id, :container_type => "TrialAuthorization")
apply_user.update_all(:status => 2) unless apply_user.blank?
end
@se.school_id = params[:occupation]
@se.department_id = params[:department_id]
@se.identity = params[:identity].to_i if params[:identity]
if @se.identity == 0
@se.technical_title = params[:te_technical_title] if params[:te_technical_title]
@se.student_id = nil
elsif @se.identity == 1
@se.student_id = params[:no] if params[:no]
@se.technical_title = nil
elsif @se.identity == 2
@se.technical_title = params[:pro_technical_title] if params[:pro_technical_title]
@se.student_id = nil
end
if @user.save && @se.save
@user.update_attributes(:professional_certification => 0)
if params[:upload_img] && params[:upload_img].to_i == 1
diskfile2 = disk_auth_filename('UserAuthentication', @user.id, 'PRO')
diskfilePRO = diskfile2 + 'temp'
begin
FileUtils.mv diskfilePRO, diskfile2, force: true if File.exist? diskfilePRO
ensure
File.delete(diskfilePRO) if File.exist?(diskfilePRO)
end
end
# 提交认证
if params[:save_or_submit] && params[:save_or_submit] == "1"
if @se.identity == 1
if ApplyUserAuthentication.where(:user_id => @user.id, :status => 0, :auth_type => 2).count == 0
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 2)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_pro_certification' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
else
if File.exist?(diskfile2)
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0, :auth_type => 2)
begin
status = Trustie::Sms.send(mobile: '18173242757', send_type:'apply_pro_certification' , name: '管理员')
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
end
# 只对试用授权的用户处理,修改职业信息的时候,如果变成了教师,则判断用户是否已加入示例课堂,没有则将其加入
if @se.identity == 0 && @user.certification == 1
join_ex_course @user
end
end
redirect_to my_account_path
end
# 修改资料时判断学号是否已使用
def check_user_student_id
data = {result:0, account:""}
if params[:student_id] && params[:school_id]
if UserExtensions.where("student_id = '#{params[:student_id]}' and school_id = #{params[:school_id]} and user_id != #{User.current.id}").count > 0
user = User.where(:id => UserExtensions.where("student_id = '#{params[:student_id]}' and school_id = #{params[:school_id]} and user_id != #{User.current.id}").map(&:user_id)).first
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
render :json => data
end
# 实名认证时判断学号是否已使用
def check_student_id
data = {result:0, account:""}
if params[:student_id] && params[:school_id]
auth_count = User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id)).count
# apply_count = ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id), :professional_certification => 0).map(&:id)).count
if auth_count == 0
data[:result] = 1
else
user = User.where(:id => UserExtensions.where(:student_id => params[:student_id], :school_id => params[:school_id]).map(&:user_id)).first
if user != User.current
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
end
render :json => data
end
# 实名认证时判断证件号码是否已使用
def check_id_number
data = {result:0, account:""}
if params[:id_number]
id_number = [params[:id_number].downcase, params[:id_number].upcase]
auth_count = User.where(:ID_number => id_number, :authentication => 1).count
apply_count = ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:ID_number => id_number, :authentication => 0).map(&:id)).count
if auth_count == 0 && apply_count == 0
data[:result] = 1
else
user = auth_count != 0 ? User.where(:ID_number => id_number, :authentication => 1).first : ApplyUserAuthentication.where(:status => 0, :user_id => User.where(:ID_number => id_number, :authentication => 0).map(&:id)).first.user
if user != User.current
data[:account] = user.mail.blank? ? user.user_phone : user.user_mail
else
data[:result] = 1
end
end
end
render :json => data
end
def cancel_pro_apply
unless params[:auth_type] == "2" && User.current.professional_certification
@apply_user_auth = ApplyUserAuthentication.where(:user_id => User.current.id, :auth_type => params[:auth_type], :status => 0).first
if @apply_user_auth.present?
@apply_user_auth.tidings.destroy_all
@apply_user_auth.update_attribute('status', 3)
diskfile2 = disk_auth_filename('UserAuthentication', User.current.id, params[:auth_type].to_i == 1 ? 'ID' : 'PRO')
diskfilePRO = diskfile2 + 'temp'
FileUtils.rm diskfilePRO, :force => true
FileUtils.rm diskfile2, :force => true
end
end
@user = User.current
respond_to do |format|
format.js
format.html {
if params[:auth_type] == "1"
redirect_to authentication_account_path
else
redirect_to professional_certification_account_path
end
}
end
end
def apply_trail
apply_action = ApplyAction.where(:user_id => User.current.id, :container_type => "TrialAuthorization", :status => 0).first
school_ids = School.where(:auto_users_trial => 1).map(&:id)
user_ex = User.current.user_extensions
if user_ex.identity == 1 && user_ex.student_id.present? && !user_ex.school.nil? && school_ids.include?(user_ex.school_id)
User.current.update_attributes(:certification => 1)
logger.warn("apply_trail #######{User.current.login} ****#{User.current.user_extensions.school_id}")
@tip = "申请已提交,我们将在1分钟内完成审核"
unless apply_action.present?
ApplyAction.create(:user_id => User.current.id, :status => 1, :ip_addr => request.remote_ip, :container_type => "TrialAuthorization", :apply_reason => params[:apply_reason])
else
apply_action.update_attributes(:status => 1)
end
# begin
# if User.current.phone.present?
# status = Trustie::Sms.send(mobile:User.current.phone.to_s, send_type:'trial_authorization' ,user_name:User.current.show_name,result:'已通过')
# end
# rescue => e
# Rails.logger.error "发送验证码出错: #{e}"
# end
elsif !User.current.user_extensions.school.nil?
@tip = "申请已提交,我们将在5分钟内完成审核"
unless apply_action.present?
ApplyAction.create(:user_id => User.current.id, :status => 0, :ip_addr => request.remote_ip, :container_type => "TrialAuthorization", :apply_reason => params[:apply_reason])
begin
status = Trustie::Sms.send(mobile:17680641960, send_type:'user_apply_auth',name:'管理员' )
rescue => e
Rails.logger.error "发送验证码出错: #{e}"
end
end
end
if params[:from_user] && params[:from_user] == '1'
@url = "#{user_path(User.current)}"
else
@url = "#{my_account_path}"
end
respond_to do |format|
format.js
end
end
def user_auth
@user = User.current
diskfile1 = disk_auth_filename('UserAuthentication', @user.id, 'ID')
diskfile2 = disk_auth_filename('UserAuthentication', @user.id, 'PRO')
diskfileID = diskfile1 + 'temp'
diskfilePRO = diskfile2 + 'temp'
begin
FileUtils.mv diskfileID, diskfile1, force: true if File.exist? diskfileID
FileUtils.mv diskfilePRO, diskfile2, force: true if File.exist? diskfilePRO
ensure
File.delete(diskfileID) if File.exist?(diskfileID)
File.delete(diskfilePRO) if File.exist?(diskfilePRO)
end
if File.exist?(diskfile1) && File.exist?(diskfile2)
ApplyUserAuthentication.create(:user_id => @user.id, :status => 0)
end
redirect_to authentication_account_path
end
def security_settings
@user = User.current
@setting_type = 5
render :layout => 'login'
end
def change_psd
@user = User.current
@setting_type = 5
render :layout => 'login'
end
# 修改密码时判断密码是否输入正确
def valid_psd
@user = User.current
req = Hash.new(false)
req[:valid] = false
req[:valid] = @user.check_password?(params[:value])
render :json => req
end
def change_or_bind
@user = User.current
@type = params[:type]
@setting_type = 5
render :layout => 'login'
end
def bind_email_or_phone
@user = User.current
begin
ActiveRecord::Base.transaction do
if params[:type] == "phone"
@user.update_attributes!(:phone => params[:value])
reward_grade(@user, @user.id, 'Phone', 500)
else
@user.update_attributes!(:mail => params[:value])
# Gitlab.client.edit_user_email(@user.gid, :email => @user.mail) if @user.gid
reward_grade(@user, @user.id, 'Mail', 500)
end
end
rescue
raise ActiveRecord::Rollback
end
redirect_to my_account_path
end
def phone_bind
if request.get?
render :layout =>'login'
else
User.current.update_attributes!(:phone => params[:phone])
reward_grade(User.current, User.current.id, 'Phone', 500)
redirect_to user_path(User.current)
end
end
def unbind_phone
if User.current.mail.blank?
User.current.update_attribute('phone', nil)
User.current.lock!
redirect_to signin_path
else
User.current.update_attribute('phone', nil)
redirect_to my_account_path
end
end
def unbind_mail
if User.current.phone.blank?
User.current.update_attribute('mail', nil)
User.current.lock!
redirect_to signin_path
else
User.current.update_attribute('mail', nil)
redirect_to my_account_path
end
end
def wechat_bind
respond_to do |format|
format.html { render :layout => "login_bigdata"}
end
end
def reset_psd
if params[:lost_psd_phone] && params[:lost_psd_phone].strip != ""
@user = User.where("phone = '#{params[:lost_psd_phone].to_s}'").first
code = VerificationCode.where(:phone => params[:lost_psd_phone], :code => params[:code], :code_type => 2).last
elsif params[:lost_psd_email] && params[:lost_psd_email].strip != ""
@user = User.where("mail = '#{params[:lost_psd_email].to_s}'").first
code = VerificationCode.where(:email => params[:lost_psd_email], :code => params[:code], :code_type => 3).last
end
if !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
if @user.present?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
Token.where(:user_id => @user, :action => "recovery").destroy_all
respond_to do |format|
format.js
end
else
redirect_to signin_path
return
end
else
redirect_to signin_path
return
end
else
@status = 0
end
end
def email_valid
begin
@mail_type = params[:mail].split("@")[1]
@user = User.find(params[:user_id])
rescue
return render_404
end
respond_to do |format|
format.html { render :layout => "login_bigdata"}
format.js
end
end
def resendmail
result = {:status=>1, :email=>""}
user = User.find(params[:user]) if params[:user]
result[:email] = user.mail
token = Token.new(:user => user, :action => "register")
if token.save
# Mailer.run.register(token)
Mailer.register(token).deliver
else
yield if block_given?
result[:status] = 0
end
render :json => result
end
def change_email
user = User.find params[:user_id].to_i
user.update_attributes(:mail => params[:value])
token = Token.create(:user => user, :action => "register")
Mailer.run.register(token)
result = {:email => user.mail, :email_link => user.mail.split("@")[1]}
render :json => result
end
def email_activation
end
def gold_record
@user = User.current
# 用户签到情况
attendance = Attendance.where(:user_id => @user).first
@can_attendance = true
@next_attachment_score = 5
if attendance.present?
if time_between_days(Time.now, attendance.created_at) == 0
@can_attendance = false
end
@next_attachment_score = attendance.next_score
end
@type = params[:type] ? params[:type].to_i : 0
@user_grades = @type == 0 ? @user.grades.reorder("created_at desc") : @type == 1 ? @user.grades.where("score > 0").reorder("created_at desc") : @type == 2 ? @user.grades.where("score < 0").reorder("created_at desc") : []
@user_grades = paginateHelper @user_grades, 8
@setting_type = 7
respond_to do |format|
format.js
format.html{render :layout => 'base_edu_user'}
end
end
def experience_record
@user = User.current
# 用户评测情况
@evaluate = Output.where(:game_id => @user.games.map(&:id)).reorder("created_at desc").first
@user_experiences = @user.experiences.reorder("created_at desc")
@user_experiences = paginateHelper @user_experiences, 8
@setting_type = 8
respond_to do |format|
format.js
format.html{render :layout => 'base_edu_account'}
end
end
private
def authenticate_user
Rails.logger.info("authenticate_user start")
if Setting.openid? && using_open_id?
Rails.logger.info("authenticate_user start1")
open_id_authenticate(params[:openid_url])
elsif params[:code]
Rails.logger.info("authenticate_user start2")
code_authentication
else
Rails.logger.info("authenticate_user start3")
password_authentication
end
end
def password_authentication
user, last_login_on = User.try_to_login(params[:username], params[:password])
Rails.logger.info("password_authentication: params[:username] is #{params[:username]}, user is #{user}")
if user.nil?
Rails.logger.info("password_authentication: successful_authentication1")
invalid_credentials
elsif user.status == 2
Rails.logger.info("password_authentication: successful_authentication2")
@user = user
invalid_credentials_new
elsif user.new_record?
Rails.logger.info("password_authentication: successful_authentication3")
onthefly_creation_failed(user, {:login => user.login, :auth_source_id => user.auth_source_id })
else
# Valid user
Rails.logger.info("password_authentication: successful_authentication4")
successful_authentication(user, last_login_on)
end
end
def code_authentication
if params[:username] =~ /^[a-zA-Z0-9]+([._\\]*[a-zA-Z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$/
code = VerificationCode.where(:email => params[:username], :code => params[:code], :code_type => 7).last
user = User.where(:mail => params[:username]).first
elsif params[:username] =~ /^1\d{10}$/
code = VerificationCode.where(:phone => params[:username], :code => params[:code], :code_type => 6).last
user = User.where(:phone => params[:username]).first
end
if user && code && (Time.now.to_i - code.created_at.to_i) <= 10*60
user.update_column(:last_login_on, Time.now)
successful_authentication(user, user.last_login_on.nil? ? '' : user.last_login_on.to_s)
else
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_code)
redirect_to signin_path(:c_name=>params[:username])
end
end
def open_id_authenticate(openid_url)
back_url = signin_url(:autologin => params[:autologin])
authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => back_url, :method => :post) do |result, identity_url, registration|
if result.successful?
user = User.find_or_initialize_by_identity_url(identity_url)
if user.new_record?
# Self-registration off
(redirect_to(signin_path); return) unless Setting.self_registration?
# Create on the fly
user.login = registration['nickname'] unless registration['nickname'].nil?
user.mail = registration['email'] unless registration['email'].nil?
user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
end
end
end
end
end
def successful_authentication(user, last_login_on)
logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
# Valid user
self.logged_user = user
# generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin?
set_autologin_cookie(user)
end
call_hook(:controller_account_success_authentication_after, {:user => user })
code = /\d*/
# 记录用户登录行为
UserActions.create(:action_id => User.current.id, :action_type => "Login", :user_id => User.current.id)
=begin
if user.created_on.strftime('%Y-%m-%d %H:%M:%S') > "2018-01-01 00:00:00" && user.phone.blank?
redirect_to change_or_bind_path(:type => 'phone')
return
end
=end
#根据home_url生产正则表达式
eval("code = " + "/^" + home_url.gsub(/\//,"\\\/") + "\\\/*(welcome)?\\\/*(\\\/index\\\/*.*)?\$/")
login_error = false
if (User.current.login =~ /(^(?=.*?[a-zA-Z]).*$)/).nil? || !(User.current.login =~ /[@#\$%\^&\*]+/).nil?
login_error = true
end
if (code=~params[:back_url] || params[:back_url].to_s.include?('lost_password')) && last_login_on != '' && !login_error
# enroll_status_cookie(user)
redirect_to user_path(user,host: Setting.host_user)
else
if last_login_on == ''
redirect_to my_account_url
else
#by young
#redirect_back_or_default my_page_path
# 基本资料不完善的用户,将强制用户完善基本资料。
user = UserExtensions.where(:user_id => User.current.id).first
if User.current.lastname.blank? || user.school_id.blank? || user.identity.blank? || login_error
redirect_to user_info_path()
else
# enroll_status_cookie(User.current)
redirect_back_or_default User.current, params[:back_url]
end
end
end
end
def set_autologin_cookie(user)
token = Token.get_or_create_permanent_login_token(user)
cookie_options = {
:value => token.value,
:expires => 1.month.from_now,
:path => (Redmine::Configuration['autologin_cookie_path'] || '/'),
:secure => (Redmine::Configuration['autologin_cookie_secure'] ? true : false),
:httponly => true
}
if Redmine::Configuration['cookie_domain'].present?
cookie_options = cookie_options.merge(domain: Redmine::Configuration['cookie_domain'])
end
cookies[autologin_cookie_name] = cookie_options
end
# Onthefly creation failed, display the registration form to fill/fix attributes
def onthefly_creation_failed(user, auth_source_options = { })
@user = user
session[:auth_source_registration] = auth_source_options unless auth_source_options.empty?
render :action => 'register'
end
def invalid_credentials
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
flash[:error] = l(:notice_account_invalid_creditentials)
# render :layout => 'login'
redirect_to signin_path(:name=>params[:username])
end
def invalid_credentials_new
logger.warn "Failed login for '#{params[:username]}' from #{request.remote_ip} at #{Time.now.utc}"
# flash[:error] = l(:notice_account_invalid_creditentials_new)
# render signin_path(:login=>true)
render :action => 'email_activation',:layout => 'login_bigdata'
end
# Register a user for email activation.
#
# Pass a block for behavior when a user fails to save
def register_by_email_activation(user, &block)
token = Token.new(:user => user, :action => "register")
if user.save and token.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
Mailer.run.register(token)
flash[:notice] = l(:notice_account_register_done)
render action: 'email_valid', locals: {:mail => user.mail}
else
yield if block_given?
end
end
# Automatically register a user
#
# Pass a block for behavior when a user fails to save
def register_automatically(user, &block)
# Automatic activation
user.activate
user.last_login_on = Time.now
if user.save
UserStatus.create(:user_id => user.id, :changsets_count => 0, :watchers_count => 0)
self.logged_user = user
flash[:notice] = l(:notice_account_activated)
redirect_to my_account_url
else
yield if block_given?
end
end
# Manual activation by the administrator
#
# Pass a block for behavior when a user fails to save
def register_manually_by_administrator(user, &block)
if user.save
UserStatus.create(:user_id => user.id ,:changsets_count => 0, :watchers_count => 0)
# Sends an email to the administrators
Mailer.run.account_activation_request(user)
account_pending
else
yield if block_given?
end
end
def account_pending
flash[:notice] = l(:notice_account_pending)
redirect_to signin_url
end
end