feat: improve security

web/app/controllers/reset_pw.php

@@ -36,6 +36,7 @@ function resetPassword() {
 		"update user_info",
 		"set", [
 			"password" => $newPW,
+			"remember_token" => '',
 			"extra" => DB::json_remove('extra', '$.reset_password_check_code', '$.reset_password_time'),
 		],
 		"where", [

web/app/controllers/super_manage.php

@@ -559,6 +559,7 @@ if ($cur_tab == 'index') {
 			"update user_info",
 			"set", [
 				"password" => getPasswordToStore($password, $vdata['username']),
+				"remember_token" => '',
 			],
 			"where", [
 				"username" => $vdata['username'],

web/app/controllers/user_info_edit.php

@@ -390,12 +390,13 @@ EOD);
 		DB::update([
 			"update user_info",
 			"set", [
-				'password' => getPasswordToStore($new_password, $user['username']),
+				"password" => getPasswordToStore($new_password, $user['username']),
+				"remember_token" => "",
 			],
 			"where", ["username" => $user['username']]
 		]);
 
-		dieWithJsonData(['status' => 'success', 'message' => '密码修改成功']);
+		dieWithAlert('密码修改成功！');
 	}
 } elseif ($cur_tab == 'privilege') {
 	$users_default_permissions = UOJContext::getMeta('users_default_permissions');

web/app/models/Auth.php

@@ -3,31 +3,43 @@
 class Auth {
 	public static function check() {
 		global $myUser;
+
 		return $myUser !== null;
 	}
+
 	public static function id() {
 		global $myUser;
+
 		if ($myUser === null) {
 			return null;
 		}
+
 		return $myUser['username'];
 	}
+
 	public static function user() {
 		global $myUser;
+
 		return $myUser;
 	}
+
 	public static function property($name) {
 		global $myUser;
+
 		if (!$myUser) {
 			return false;
 		}
+
 		return $myUser[$name];
 	}
+
 	public static function login($username, $remember = true) {
 		if (!validateUsername($username)) {
 			return;
 		}
+
 		$_SESSION['username'] = $username;
+
 		if ($remember) {
 			$remember_token = DB::selectSingle([
 				"select remember_token from user_info",
@@ -44,6 +56,8 @@ class Auth {
 			}
 
 			$_SESSION['last_login'] = time();
+			$_SESSION['remember_token'] = $remember_token;
+
 			$expire = time() + 60 * 60 * 24 * 7;
 			Cookie::safeSet('uoj_username', $username, $expire, '/', array('httponly' => true));
 			Cookie::safeSet('uoj_remember_token', $remember_token, $expire, '/', array('httponly' => true));
@@ -54,13 +68,17 @@ class Auth {
 			"set", ["last_login_time" => UOJTime::$time_now_str],
 			"where", ["username" => $username]
 		]);
+
+		session_regenerate_id(true);
 	}
 
 	public static function logout() {
 		session_unset();
+
 		Cookie::safeUnset(session_name(), '/');
 		Cookie::safeUnset('uoj_username', '/');
 		Cookie::safeUnset('uoj_remember_token', '/');
+
 		DB::update([
 			"update user_info",
 			"set", ["remember_token" => ''],
@@ -79,25 +97,39 @@ class Auth {
 			if (!validateUsername($_SESSION['username'])) {
 				return;
 			}
+
 			$myUser = UOJUser::query($_SESSION['username']);
+
+			// 当 remember_token 不同时，注销登录
+			if ($_SESSION['remember_token'] !== $myUser['remember_token']) {
+				$myUser = null;
+				return;
+			}
+
 			return;
 		}
 
 		$remember_token = Cookie::safeGet('uoj_remember_token', '/');
 		if ($remember_token != null) {
 			$username = Cookie::safeGet('uoj_username', '/');
+
 			if (!validateUsername($username)) {
 				return;
 			}
+
 			$myUser = UOJUser::query($username);
+
 			if ($myUser['remember_token'] !== $remember_token) {
 				$myUser = null;
 				return;
 			}
+
 			$_SESSION['username'] = $myUser['username'];
+
 			return;
 		}
 	}
+
 	public static function init() {
 		global $myUser;
 
@@ -105,15 +137,18 @@ class Auth {
 		if ($myUser && UOJUser::getAccountStatus($myUser) != 'ok') {
 			$myUser = null;
 		}
+
 		if ($myUser) {
 			if (!isset($_SESSION['last_login'])) {
 				$_SESSION['last_login'] = strtotime($myUser['last_login_time']);
 			}
+
 			$myUser = UOJUser::updateVisitHistory($myUser, [
 				'remote_addr' => UOJContext::remoteAddr(),
 				'http_x_forwarded_for' => UOJContext::httpXForwardedFor(),
 				'http_user_agent' => UOJContext::httpUserAgent()
 			]);
+
 			$_SESSION['last_visited'] = time();
 		}
 	}