<?php

/**
 * Validator for Login.
 */
final class LoginValidator {

    private function __construct() {
       
    }

    /**
     * Validate the given username and password.
     * @param $username and $password to be validated
     * @return array array of {@link Error} s
     */
    public static function validate($username, $password) {
        $errors = array();
        $username = trim($username);
        if (!$username) {
            $errors[] = new Error('username', '用户名不能为空。');
        } elseif (strlen($username)<3) {
            $errors[] = new Error('username', '用户名长度不能小于3个字符。');
        } elseif (strlen($username)>30) {
            $errors[] = new Error('username', '用户名长度不能超过30个字符。');
        } elseif (!preg_match('/^[A-Za-z]+$/',substr($username, 0, 1))) {
            $errors[] = new Error('username', '用户名必须以字母开头。');
        } elseif (!preg_match('/^[A-Za-z0-9_]+$/', $username)) {
            $errors[] = new Error('username', '用户名只能是字母、数字以及下划线( _ )的组合。');
        } elseif (!trim($password)) {
            $errors[] = new Error('password', '密码不能为空。');
        } else {
            // check whether use exists or not
            $dao = new UserDao();
            $user = $dao->findByName($username);

            if ($user) {
                if (!($user->getPassword() == sha1($user->getSalt() . $password))) {
                    $errors[] = new Error('password', '用户名或密码错误。');
                }
            } else {
                $errors[] = new Error('username', '用户名不存在。');
            }
        }
        return $errors;
    }
}

?>

$username = null;
$password = null;

$msg = "";

if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = addslashes(trim(stripslashes($_POST ['username'])));
    $password = addslashes(trim(stripslashes($_POST ['password'])));
    // validate
    $errors = LoginValidator::validate($username, $password);
   
    if (empty($errors)) {
        // save the latest ip or login time into database, then processing page forwarding
        $dao = new UserDao();
        $user = $dao->findByName($username);
        $last_login_ip = Utils::getIpAddress();
        $user->setLastLoginIp($last_login_ip);
        $now = new DateTime();
        $user->setLastLoginTime($now);
        $dao->save($user);
        UserLogin::setUserInfo($user);
        Flash::addFlash('登录成功！');
        Utils::redirect('welcome');
    }
   
    foreach ($errors as $e) {
        $msg .= $e->getMessage()."<br>";
    }