mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-08 15:28:42 +00:00
feat: improve security
This commit is contained in:
parent
14a2ab6f20
commit
8314eb6760
@ -36,6 +36,7 @@ function resetPassword() {
|
||||
"update user_info",
|
||||
"set", [
|
||||
"password" => $newPW,
|
||||
"remember_token" => '',
|
||||
"extra" => DB::json_remove('extra', '$.reset_password_check_code', '$.reset_password_time'),
|
||||
],
|
||||
"where", [
|
||||
|
@ -559,6 +559,7 @@ if ($cur_tab == 'index') {
|
||||
"update user_info",
|
||||
"set", [
|
||||
"password" => getPasswordToStore($password, $vdata['username']),
|
||||
"remember_token" => '',
|
||||
],
|
||||
"where", [
|
||||
"username" => $vdata['username'],
|
||||
|
@ -390,12 +390,13 @@ EOD);
|
||||
DB::update([
|
||||
"update user_info",
|
||||
"set", [
|
||||
'password' => getPasswordToStore($new_password, $user['username']),
|
||||
"password" => getPasswordToStore($new_password, $user['username']),
|
||||
"remember_token" => "",
|
||||
],
|
||||
"where", ["username" => $user['username']]
|
||||
]);
|
||||
|
||||
dieWithJsonData(['status' => 'success', 'message' => '密码修改成功']);
|
||||
dieWithAlert('密码修改成功!');
|
||||
}
|
||||
} elseif ($cur_tab == 'privilege') {
|
||||
$users_default_permissions = UOJContext::getMeta('users_default_permissions');
|
||||
|
@ -3,31 +3,43 @@
|
||||
class Auth {
|
||||
public static function check() {
|
||||
global $myUser;
|
||||
|
||||
return $myUser !== null;
|
||||
}
|
||||
|
||||
public static function id() {
|
||||
global $myUser;
|
||||
|
||||
if ($myUser === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $myUser['username'];
|
||||
}
|
||||
|
||||
public static function user() {
|
||||
global $myUser;
|
||||
|
||||
return $myUser;
|
||||
}
|
||||
|
||||
public static function property($name) {
|
||||
global $myUser;
|
||||
|
||||
if (!$myUser) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $myUser[$name];
|
||||
}
|
||||
|
||||
public static function login($username, $remember = true) {
|
||||
if (!validateUsername($username)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$_SESSION['username'] = $username;
|
||||
|
||||
if ($remember) {
|
||||
$remember_token = DB::selectSingle([
|
||||
"select remember_token from user_info",
|
||||
@ -44,6 +56,8 @@ class Auth {
|
||||
}
|
||||
|
||||
$_SESSION['last_login'] = time();
|
||||
$_SESSION['remember_token'] = $remember_token;
|
||||
|
||||
$expire = time() + 60 * 60 * 24 * 7;
|
||||
Cookie::safeSet('uoj_username', $username, $expire, '/', array('httponly' => true));
|
||||
Cookie::safeSet('uoj_remember_token', $remember_token, $expire, '/', array('httponly' => true));
|
||||
@ -54,13 +68,17 @@ class Auth {
|
||||
"set", ["last_login_time" => UOJTime::$time_now_str],
|
||||
"where", ["username" => $username]
|
||||
]);
|
||||
|
||||
session_regenerate_id(true);
|
||||
}
|
||||
|
||||
public static function logout() {
|
||||
session_unset();
|
||||
|
||||
Cookie::safeUnset(session_name(), '/');
|
||||
Cookie::safeUnset('uoj_username', '/');
|
||||
Cookie::safeUnset('uoj_remember_token', '/');
|
||||
|
||||
DB::update([
|
||||
"update user_info",
|
||||
"set", ["remember_token" => ''],
|
||||
@ -79,25 +97,39 @@ class Auth {
|
||||
if (!validateUsername($_SESSION['username'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
$myUser = UOJUser::query($_SESSION['username']);
|
||||
|
||||
// 当 remember_token 不同时,注销登录
|
||||
if ($_SESSION['remember_token'] !== $myUser['remember_token']) {
|
||||
$myUser = null;
|
||||
return;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$remember_token = Cookie::safeGet('uoj_remember_token', '/');
|
||||
if ($remember_token != null) {
|
||||
$username = Cookie::safeGet('uoj_username', '/');
|
||||
|
||||
if (!validateUsername($username)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$myUser = UOJUser::query($username);
|
||||
|
||||
if ($myUser['remember_token'] !== $remember_token) {
|
||||
$myUser = null;
|
||||
return;
|
||||
}
|
||||
|
||||
$_SESSION['username'] = $myUser['username'];
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
public static function init() {
|
||||
global $myUser;
|
||||
|
||||
@ -105,15 +137,18 @@ class Auth {
|
||||
if ($myUser && UOJUser::getAccountStatus($myUser) != 'ok') {
|
||||
$myUser = null;
|
||||
}
|
||||
|
||||
if ($myUser) {
|
||||
if (!isset($_SESSION['last_login'])) {
|
||||
$_SESSION['last_login'] = strtotime($myUser['last_login_time']);
|
||||
}
|
||||
|
||||
$myUser = UOJUser::updateVisitHistory($myUser, [
|
||||
'remote_addr' => UOJContext::remoteAddr(),
|
||||
'http_x_forwarded_for' => UOJContext::httpXForwardedFor(),
|
||||
'http_user_agent' => UOJContext::httpUserAgent()
|
||||
]);
|
||||
|
||||
$_SESSION['last_visited'] = time();
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user