[fix] 登录密码修改生成和验证方式

2023-03-23 13:35:23 +08:00 · 2023-03-23 13:35:23 +08:00 · 10aa220dfa
commit 10aa220dfa
parent 0e082647e5
4 changed files with 6 additions and 27 deletions
--- a/app/admin/logic/auth/AdminLogic.php
+++ b/app/admin/logic/auth/AdminLogic.php
@ -45,8 +45,7 @@ class AdminLogic extends BaseLogic
    {
        Db::startTrans();
        try {
-            $passwordSalt = Config::get('project.unique_identification');
-            $password = create_password($params['password'], $passwordSalt);
+            $password = password_hash($params['password'],PASSWORD_DEFAULT);
            $defaultAvatar = config('project.default_image.admin_avatar');
            $avatar = !empty($params['avatar']) ? FileService::setFileUrl($params['avatar']) : $defaultAvatar;

@ -102,8 +101,7 @@ class AdminLogic extends BaseLogic

            // 密码
            if (!empty($params['password'])) {
-                $passwordSalt = Config::get('project.unique_identification');
-                $data['password'] = create_password($params['password'], $passwordSalt);
+                $data['password'] = password_hash($params['password'],PASSWORD_DEFAULT);
            }

            // 禁用或更换角色后.设置token过期
@ -255,8 +253,7 @@ class AdminLogic extends BaseLogic
        ];

        if (!empty($params['password'])) {
-            $passwordSalt = Config::get('project.unique_identification');
-            $data['password'] = create_password($params['password'], $passwordSalt);
+            $data['password'] = password_hash($params['password'],PASSWORD_DEFAULT);
        }

        return Admin::update($data);
--- a/app/admin/validate/LoginValidate.php
+++ b/app/admin/validate/LoginValidate.php
@ -72,10 +72,8 @@ class LoginValidate extends BaseValidate
            $adminAccountSafeCache->record();
            return '账号不存在';
        }
-
-        $passwordSalt = Config::get('project.unique_identification');
-
-        if ($adminInfo['password'] !== create_password($password, $passwordSalt)) {
+        var_dump($adminInfo['password']);
+        if (!password_verify($password,$adminInfo['password'])) {
            $adminAccountSafeCache->record();
            return '密码错误';
        }
--- a/app/admin/validate/auth/editSelfValidate.php
+++ b/app/admin/validate/auth/editSelfValidate.php
@ -61,10 +61,7 @@ class editSelfValidate extends BaseValidate
        }

        $admin = Admin::findOrEmpty($data['admin_id']);
-        $passwordSalt = Config::get('project.unique_identification');
-        $oldPassword = create_password($data['password_old'], $passwordSalt);
-
-        if ($admin['password'] != $oldPassword) {
+        if (!password_verify($data['password_old'],$admin['password'])) {
            return '当前密码错误';
        }

--- a/app/functions.php
+++ b/app/functions.php
@ -21,19 +21,6 @@ if(!function_exists('substr_symbol_behind')){
    }
 }

-/**
- * @notes 生成密码加密密钥
- * @param string $plaintext
- * @param string $salt
- * @return string
- * @author 乔峰
- * @date 2021/12/28 18:24
- */
-function create_password(string $plaintext, string $salt) : string
-{
-    return md5($salt . md5($plaintext . $salt));
-}
-
 /**
 * @notes 随机生成token值
 * @param string $extra