SRCMS·轻响应 V1.8正式版

修复: 1. 后台无法查看生成的工单 2. 前端页面JS远程资源失效问题 3. 前台用户密码修改设计缺陷（Issued By 藏形匿影）优化: 1. 多处代码提升二次开发可读性新增: 1. 安全工单模块中动态更新功能
2016-12-03 21:42:04 +08:00
parent 3f830d2cee
commit 9cc8998300
48 changed files with 372 additions and 333 deletions
--- a/Application/User/Controller/ChangeController.class.php
+++ b/Application/User/Controller/ChangeController.class.php
@@ -3,17 +3,16 @@ namespace User\Controller;
 use Think\Controller;

 /**
- * @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
- * @copyright 2105-2018 SRCMS 
- * @homepage http://www.src.pw
- * @version 1.5
+ * @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
+ * @Copyright 2015-2020 SISMO
+ * @Project homepage https://github.com/CNSISMO
+ * @Version 1.8
 */


 class ChangeController extends BaseController{
    /**
     * 显示更改密码页面
-     * @return [type] [description]
     */
    public function index()
    {
@@ -32,28 +31,33 @@ class ChangeController extends BaseController{
        if(!IS_POST)$this->error("非法请求");
        $member = M('member');
        $id = session('userId');
-		$oldpassword =I('post.oldpassword','','md5');
-        $password =I('post.password','','md5');
+		$username = session('username');
+		$oldpassword = I('post.oldpassword','','md5');
+        $password = I('post.password','','md5');
+
+		//获取salt
+		$salt = $member->where(array('id'=>$id,'username'=>$username))->find();
+		$s_oldpassword = md5(md5(md5($salt['salt']).$oldpassword."SR")."CMS");
 		
        //验证原密码
-        $user = $member->where(array('id'=>$id,'password'=>$oldpassword))->find();
+        $user = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->find();
 		
        if(!$user) {
-            $this->error('邮箱不存在 :(') ;
+            $this->error('旧密码校验失败 :(') ;
        }
 		
-        //验证账户是否管理员        
+        //验证账户是否管理员，管理员无法在前台修改密码       
 		if($user['type'] == 2){
            $this->error('前台无法修改管理员密码 :(') ;
        }
    
-	
-	$member-> password=$password;
-    $result = $member->where(array('id'=>$id,'password'=>$oldpassword))->save();
+	$s_password = md5(md5(md5($salt['salt']).$password."SR")."CMS");
+	$member-> password=$s_password;
+    $result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save();
 	 if($result){  
        $this->success("修改成功",U('login/logout'));
        }else{  
-         $this->error('修改失败 :(') ;
+         $this->error('修改失败,请重试 :(',U('change/index')) ;
        }  
    }
 }