From 10aa220dfa6da0ea26ddbaa4a342108c7c245c0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=86=89=E6=8C=BD=E6=B8=85=E9=A3=8E?= <1550969027@qq.com> Date: Thu, 23 Mar 2023 13:35:23 +0800 Subject: [PATCH] =?UTF-8?q?[fix]=20=E7=99=BB=E5=BD=95=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=94=9F=E6=88=90=E5=92=8C=E9=AA=8C=E8=AF=81?= =?UTF-8?q?=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/admin/logic/auth/AdminLogic.php | 9 +++------ app/admin/validate/LoginValidate.php | 6 ++---- app/admin/validate/auth/editSelfValidate.php | 5 +---- app/functions.php | 13 ------------- 4 files changed, 6 insertions(+), 27 deletions(-) diff --git a/app/admin/logic/auth/AdminLogic.php b/app/admin/logic/auth/AdminLogic.php index f426f07..3e85c82 100755 --- a/app/admin/logic/auth/AdminLogic.php +++ b/app/admin/logic/auth/AdminLogic.php @@ -45,8 +45,7 @@ class AdminLogic extends BaseLogic { Db::startTrans(); try { - $passwordSalt = Config::get('project.unique_identification'); - $password = create_password($params['password'], $passwordSalt); + $password = password_hash($params['password'],PASSWORD_DEFAULT); $defaultAvatar = config('project.default_image.admin_avatar'); $avatar = !empty($params['avatar']) ? FileService::setFileUrl($params['avatar']) : $defaultAvatar; @@ -102,8 +101,7 @@ class AdminLogic extends BaseLogic // 密码 if (!empty($params['password'])) { - $passwordSalt = Config::get('project.unique_identification'); - $data['password'] = create_password($params['password'], $passwordSalt); + $data['password'] = password_hash($params['password'],PASSWORD_DEFAULT); } // 禁用或更换角色后.设置token过期 @@ -255,8 +253,7 @@ class AdminLogic extends BaseLogic ]; if (!empty($params['password'])) { - $passwordSalt = Config::get('project.unique_identification'); - $data['password'] = create_password($params['password'], $passwordSalt); + $data['password'] = password_hash($params['password'],PASSWORD_DEFAULT); } return Admin::update($data); diff --git a/app/admin/validate/LoginValidate.php b/app/admin/validate/LoginValidate.php index 5ba4cfe..fff794d 100644 --- a/app/admin/validate/LoginValidate.php +++ b/app/admin/validate/LoginValidate.php @@ -72,10 +72,8 @@ class LoginValidate extends BaseValidate $adminAccountSafeCache->record(); return '账号不存在'; } - - $passwordSalt = Config::get('project.unique_identification'); - - if ($adminInfo['password'] !== create_password($password, $passwordSalt)) { + var_dump($adminInfo['password']); + if (!password_verify($password,$adminInfo['password'])) { $adminAccountSafeCache->record(); return '密码错误'; } diff --git a/app/admin/validate/auth/editSelfValidate.php b/app/admin/validate/auth/editSelfValidate.php index 9987d0f..992fc97 100755 --- a/app/admin/validate/auth/editSelfValidate.php +++ b/app/admin/validate/auth/editSelfValidate.php @@ -61,10 +61,7 @@ class editSelfValidate extends BaseValidate } $admin = Admin::findOrEmpty($data['admin_id']); - $passwordSalt = Config::get('project.unique_identification'); - $oldPassword = create_password($data['password_old'], $passwordSalt); - - if ($admin['password'] != $oldPassword) { + if (!password_verify($data['password_old'],$admin['password'])) { return '当前密码错误'; } diff --git a/app/functions.php b/app/functions.php index b3fbd92..2e73956 100644 --- a/app/functions.php +++ b/app/functions.php @@ -21,19 +21,6 @@ if(!function_exists('substr_symbol_behind')){ } } -/** - * @notes 生成密码加密密钥 - * @param string $plaintext - * @param string $salt - * @return string - * @author 乔峰 - * @date 2021/12/28 18:24 - */ -function create_password(string $plaintext, string $salt) : string -{ - return md5($salt . md5($plaintext . $salt)); -} - /** * @notes 随机生成token值 * @param string $extra