SRCMS·轻响应 V1.8正式版

修复:
1. 后台无法查看生成的工单
2. 前端页面JS远程资源失效问题
3.  前台用户密码修改设计缺陷（Issued By 藏形匿影）
优化:
1. 多处代码提升二次开发可读性
新增:
1. 安全工单模块中动态更新功能

Application/User/Controller/BaseController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class BaseController extends Controller {

Application/User/Controller/ChangeController.class.php

@@ -3,17 +3,16 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 
 class ChangeController extends BaseController{
     /**
      * 显示更改密码页面
-     * @return [type] [description]
      */
     public function index()
     {
@@ -32,28 +31,33 @@ class ChangeController extends BaseController{
         if(!IS_POST)$this->error("非法请求");
         $member = M('member');
         $id = session('userId');
-		$oldpassword =I('post.oldpassword','','md5');
-        $password =I('post.password','','md5');
+		$username = session('username');
+		$oldpassword = I('post.oldpassword','','md5');
+        $password = I('post.password','','md5');
+
+		//获取salt
+		$salt = $member->where(array('id'=>$id,'username'=>$username))->find();
+		$s_oldpassword = md5(md5(md5($salt['salt']).$oldpassword."SR")."CMS");
 		
         //验证原密码
-        $user = $member->where(array('id'=>$id,'password'=>$oldpassword))->find();
+        $user = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->find();
 		
         if(!$user) {
-            $this->error('邮箱不存在 :(') ;
+            $this->error('旧密码校验失败 :(') ;
         }
 		
-        //验证账户是否管理员        
+        //验证账户是否管理员，管理员无法在前台修改密码       
 		if($user['type'] == 2){
             $this->error('前台无法修改管理员密码 :(') ;
         }
     
-	
-	$member-> password=$password;
-    $result = $member->where(array('id'=>$id,'password'=>$oldpassword))->save();
+	$s_password = md5(md5(md5($salt['salt']).$password."SR")."CMS");
+	$member-> password=$s_password;
+    $result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save();
 	 if($result){  
         $this->success("修改成功",U('login/logout'));
         }else{  
-         $this->error('修改失败 :(') ;
+         $this->error('修改失败,请重试 :(',U('change/index')) ;
         }  
     }
 }

Application/User/Controller/ForgetController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class ForgetController extends Controller {
@@ -43,6 +43,7 @@ class ForgetController extends Controller {
         }
         //验证输入邮箱是否存在
         $user = $member->where(array('username'=>$username,'email'=>$email))->find();
+		$salt = $member->where(array('email'=>$email,'username'=>$username))->find();
 		
         if(!$user) {
             $this->error('邮箱不存在 :(') ;
@@ -60,7 +61,7 @@ class ForgetController extends Controller {
         import('ORG.Net.Mail');  
         $str = '1234567890abcdefghijklmnopqrstuvwxyz';
         $passwd=$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)];
-        $content = md5($passwd);
+        $content = md5(md5(md5($salt['salt']).md5($passwd)."SR")."CMS");
 		$member = M('member');
 		$member-> password=$content;
 		$member ->where(array('username'=>$username,'email'=>$email))->save();

Application/User/Controller/GiftController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class GiftController extends BaseController{

Application/User/Controller/IndexController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class IndexController extends BaseController {

Application/User/Controller/InfoController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:21 2016/1/26
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.6
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class InfoController extends BaseController{

Application/User/Controller/LoginController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
 class LoginController extends Controller {

Application/User/Controller/PostController.class.php

@@ -3,10 +3,10 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
  
 class PostController extends BaseController

Application/User/Controller/RegController.class.php

@@ -3,20 +3,15 @@ namespace User\Controller;
 use Think\Controller;
 
 /**
- * @author Zhou Yuyang <1009465756@qq.com> 11:28 2016/1/26
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.6
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
  */
 
-
-/**
- * 注册页面
- */
 class RegController extends Controller{
     /**
      * 用户列表
-     * @return [type] [description]
      */
     public function index()
     {
@@ -41,7 +36,7 @@ class RegController extends Controller{
     }
   
     /**
-     * 添加用户
+     * 用户注册
      */
     public function add()
     {

Application/User/View/Change/index.html

@@ -10,7 +10,7 @@
 	<form action="{:U('change/change')}" method="post">
 	<div class="form-group">
 		<label>旧密码</label>
-		<input class="form-control" type="text" name="oldpassword" placeholder="请输入旧密码">
+		<input class="form-control" type="password" name="oldpassword" placeholder="请输入旧密码">
 	</div>
 	<div class="form-group">
 		<label>密码</label>

Application/User/View/Public/header.html

@@ -36,17 +36,12 @@
 			  <li class="dropdown">
                  <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><?php echo session('username')?><span class="caret"></span></a>
                   <ul class="dropdown-menu">
-                    <!--<li><a href="#">Action</a></li>
-                    <li><a href="#">更改密码</a></li>
-                    <li><a href="#">Something else here</a></li>
-                    <li role="separator" class="divider"></li>
-                    <li class="dropdown-header">Nav header</li>-->
 					<li><a href="{:U('change/index')}">更改密码</a></li>
                     <li><a href="{:U('login/logout')}">退出登录</a></li>
                   </ul>
                 </li>
               </ul>
             </div>
-        </div><!--/.navbar-collapse -->
+        </div>
       </div>
     </nav>