1

我对 Yii 框架很陌生。我遇到了一个现有的 Yii 应用程序的问题。

那里有一个“忘记密码”功能。它的工作原理是,输入用户名和安全问题答案。如果两者都正确,系统将发送一个链接到用户的电子邮件以进行密码重置。下面是函数:

public function actionCheckAnswer()
    {
        if(IS_AJAX && isset($_POST['answer']) && isset($_POST['username']))
        {
            $username=$_POST['username'];
            $answer=$_POST['answer'];
            $user=User::model()->findByAttributes(array('username'=>$username));
            if($user!=null)
            {
                $realAnswer = $user->secretAnswer;
                if(strlen($realAnswer)>0)
                {
                    $profile=Profile::model()->findByAttributes(array('userId'=>$user->id));
                    if($this->checkAnswerSpam($profile->id))
                    {
                        if(strtolower($realAnswer)==strtolower($answer))
                        {
                            Activity::log(22, null, $profile->id, -1);
                            $stamp=Activity::model()->getLogTime(null, $profile->id, -1, 22);
                            $hash=$profile->id.'_'.sha1($profile->id.$stamp);
                            $url=Yii::app()->createAbsoluteUrl('site/recover').'/'.$hash;
                                                        echo $url;
                            $this->sendPasswordRecoveryLink($profile->fullName, $profile->email, $url);
                            //echo '<br />'.CHtml::link($url, $url).'<br />';
                            echo 'Correct! A link to your password recovery form has been sent to your e-mail. The link expires in 1 hour.<br />If you don\'t receive a mail, please check your spam folder.';
                        } else {
                            Activity::log(24, null, $profile->id, -1);
                            echo 'Sorry, that answer is not correct.';
                        }
                    } 
                } else {
                    echo 'Sorry, you have not set a secret question answer.';
                }
            } else {
                echo 'No user "'.$username.'" found.';
            }
        }
    }

目前,此功能不会发送电子邮件。我做了一些故障排除,发现这Activity::log(22, null, $profile->id, -1);给了我一个错误。如果我对此行发表评论,那么它将发送带有密码重置链接的电子邮件,但它始终是一个过期的链接。下面是日志功能:

public function log($action=0, $trainingId=null, $profileId=null, $piId=null)
    {
        if($profileId==null) $profileId=Yii::app()->user->profileId;
        if($piId==null) $piId=(isset(Yii::app()->user->piId))?Yii::app()->user->piId:0;
        $activity=new Activity;
        $activity->trainingId=$trainingId;
        $activity->profileId=$profileId;
        $activity->piId=$piId;
        $activity->action=$action;
        $activity->save();
    }

以下是检查到期限制的功能。

public function getLogTime($trainingId, $profileId, $piId, $action)
    {
        $all = Activity::model()->findAllByAttributes(array(
            'trainingId'=>$trainingId,
            'profileId'=>$profileId,
            'piId'=>$piId,
            'action'=>$action,
        ));
        foreach($all as $single) $return = $single;
        return $return->timestamp;
    }

    public function checkRecoveryHash($hash)
    {
        $explode=explode('_', $hash);
        $stamp=$this->getLogTime(null, $explode[0], -1, 22);
        if(strlen($stamp)>0)
        {
            $time=time();
            $stamptime=strtotime($stamp);
            $passed=$time-$stamptime;
            if($passed < 720*720) //1 hour
                return true;
            else
                return false;
        }
    }

我不确定哪个部分以及如何修改。谁能告诉我怎么了?

4

0 回答 0