From 32582e7150e841a53012ec90f4149d83d3562c2f Mon Sep 17 00:00:00 2001
From: yaooo <272523191@qq.com>
Date: Fri, 27 Oct 2023 14:01:51 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E7=94=A8=E6=88=B7=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/BaseController.php  |  4 ++--
 app/api/controller/User.php | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/app/api/BaseController.php b/app/api/BaseController.php
index 9b1f6db..fdfb8e8 100644
--- a/app/api/BaseController.php
+++ b/app/api/BaseController.php
@@ -100,9 +100,9 @@ abstract class BaseController
         $header = Request::header();
         $token = $header['token'] ?? '';
         // 取消登录验证
-        if ($this->controller != 'user' && $this->action != 'login') {
+        if ($this->action != 'login') {
             if (!Session::has($session_admin) || !$token) {
-                $this->apiError('请先登录');
+                $this->apiError('用户未登录');
             }
         }
         if ($token) {
diff --git a/app/api/controller/User.php b/app/api/controller/User.php
index d89de13..2260ab5 100644
--- a/app/api/controller/User.php
+++ b/app/api/controller/User.php
@@ -9,10 +9,13 @@ namespace app\api\controller;
 
 use app\api\BaseController;
 use app\api\middleware\Auth;
+use app\user\validate\AdminCheck;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use think\facade\Db;
 use think\facade\Request;
+use think\exception\ValidateException;
+
 
 class User extends BaseController
 {
@@ -81,4 +84,33 @@ class User extends BaseController
         $userInfo = Db::name('Admin')->where(['id' => $uid])->find();
         $this->apiSuccess('请求成功', ['user' => $userInfo]);
     }
+
+    public function editPassword(Request $request)
+    {
+        $param = get_params();			
+        try {
+            validate(AdminCheck::class)->scene('editPwd')->check($param);
+        } catch (ValidateException $e) {
+            // 验证失败 输出错误信息
+            $this->apiError($e->getError());
+        }
+        $uid = $this->uid;
+        
+        $admin = Db::name('Admin')->where(['id' => $uid])->find();
+        $old_psw = set_password($param['old_pwd'], $admin['salt']);
+        if ($admin['pwd'] != $old_psw) {
+            $this->apiError('旧密码错误');
+        }
+
+        $salt = set_salt(20);
+        $new_pwd = set_password($param['pwd'], $salt);
+        $data = [
+            'reg_pwd' => '',
+            'salt' => $salt,
+            'pwd' => $new_pwd,
+            'update_time' => time(),
+        ];
+        Db::name('Admin')->where(['id' => $uid])->strict(false)->field(true)->update($data);
+        $this->apiSuccess('请求成功', ['user' => $userInfo]);
+    }
 }