diff --git a/web/app/controllers/forgot_pw.php b/web/app/controllers/forgot_pw.php index c50d5d9..783e60b 100644 --- a/web/app/controllers/forgot_pw.php +++ b/web/app/controllers/forgot_pw.php @@ -1,59 +1,115 @@ addInput('username', 'text', '用户名', '', - function($username, &$vdata) { - if (!validateUsername($username)) { - return '用户名不合法'; - } - $vdata['user'] = UOJUser::query($username); - if (!$vdata['user']) { - return '该用户不存在'; - } - return ''; - }, - null - ); - $forgot_form->handle = function(&$vdata) { - $user = $vdata['user']; - $password = $user["password"]; - - $oj_name = UOJConfig::$data['profile']['oj-name']; - $oj_name_short = UOJConfig::$data['profile']['oj-name-short']; - $sufs = base64url_encode($user['username'] . "." . md5($user['username'] . "+" . $password)); - $url = HTML::url("/reset-password", array('params' => array('p' => $sufs))); - $html = <<addInput( + 'username', + 'text', + '用户名', + '', + function ($username, &$vdata) { + if (!validateUsername($username)) { + return '用户名不合法'; + } + $vdata['user'] = UOJUser::query($username); + if (!$vdata['user']) { + return '该用户不存在'; + } + return ''; + }, + null +); +$forgot_form->appendHTML(<< + +
+ +
+ +
+ +
+ +EOD); +$forgot_form->handle = function (&$vdata) { + $user = $vdata['user']; + $password = $user["password"]; + + if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) { + becomeMsgPage('验证码错误!'); + } + + if (!$user['email']) { + becomeMsgPage('用户未填写邮件地址,请联系管理员重置!'); + } + + $oj_name = UOJConfig::$data['profile']['oj-name']; + $oj_name_short = UOJConfig::$data['profile']['oj-name-short']; + $check_code = md5($user['username'] . "+" . $password . '+' . UOJTime::$time_now_str); + $sufs = base64url_encode($user['username'] . "." . $check_code); + $url = HTML::url("/reset-password", ['params' => ['p' => $sufs]]); + $oj_url = HTML::url('/'); + $name = $user['username']; + + if ($user['realname']) { + $name .= ' (' . $user['realname'] . ')'; + } + + $html = << -

{$user['username']}您好,

-

您刚刚启用了{$oj_name_short}密码找回功能,请进入下面的链接重设您的密码:

-

$url

-

{$oj_name}

+

{$name} 您好,

- +

您最近告知我们需要重置您在 {$oj_name_short} 上账号的密码。请访问以下链接:{$url} (如果无法点击链接,请试着复制链接并粘贴至浏览器中打开。)

+

如果您没有请求重置密码,则忽略此信息。该链接将在 72 小时后自动过期失效。

+ +

{$oj_name}

+

{$oj_url}

EOD; - - $mailer = UOJMail::noreply(); - $mailer->addAddress($user['email'], $user['username']); - $mailer->Subject = $oj_name_short."密码找回"; - $mailer->msgHTML($html); - if (!$mailer->send()) { - error_log($mailer->ErrorInfo); - becomeMsgPage('

邮件发送失败,请重试

'); - } else { - becomeMsgPage('

邮件发送成功

'); - } - }; - $forgot_form->submit_button_config['align'] = 'offset'; - - $forgot_form->runAtServer(); - ?> + + $mailer = UOJMail::noreply(); + $mailer->addAddress($user['email'], $user['username']); + $mailer->Subject = $oj_name_short . " 密码找回"; + $mailer->msgHTML($html); + if (!$mailer->send()) { + error_log($mailer->ErrorInfo); + becomeMsgPage('

邮件发送失败,请重试!

'); + } else { + DB::update([ + "update user_info", + "set", [ + 'extra' => DB::json_set('extra', '$.reset_password_check_code', $check_code, '$.reset_password_time', UOJTime::$time_now_str), + ], + "where", [ + "username" => $user['username'], + ], + ]); + + becomeMsgPage('

邮件发送成功,请检查收件箱!

如果邮件未出现在收件箱中,请检查垃圾箱。
'); + } +}; +$forgot_form->submit_button_config['align'] = 'offset'; + +$forgot_form->runAtServer(); +?>

请输入需要找回密码的用户名:

printHTML(); ?> + diff --git a/web/app/controllers/reset_pw.php b/web/app/controllers/reset_pw.php index 59080fe..0331f96 100644 --- a/web/app/controllers/reset_pw.php +++ b/web/app/controllers/reset_pw.php @@ -1,39 +1,55 @@ add(new DateInterval('P3D')) < UOJTime::$time_now) { + becomeMsgPage('链接已过期'); +} + +function resetPassword() { + global $user; + + if (!isset($_POST['newPW']) || !validatePassword($_POST['newPW'])) { + return '操作失败,无效密码'; } - function resetPassword() { - list($username, $check_code) = explode('.', base64url_decode($_GET['p'])); - if (!isset($_POST['newPW']) || !validatePassword($_POST['newPW'])) { - return '操作失败,无效密码'; - } - if (!isset($username) || !validateUsername($username)) { - return '不明错误'; - } - if (!isset($check_code)) { - return '不明错误'; - } - - $newPW = $_POST['newPW']; - $user = UOJUser::query($username); - if ($user == null) { - return '不明错误'; - } - if ($check_code !== md5($user['username'] . '+' . $user['password'])) { - return '不明错误'; - } - $newPW = getPasswordToStore($newPW, $user['username']); - DB::update("update user_info set password = '$newPW' where username = '{$user['username']}'"); - return 'ok'; - } - if (isset($_POST['reset'])) { - die(resetPassword()); - } - ?> + + $newPW = $_POST['newPW']; + $newPW = getPasswordToStore($newPW, $user['username']); + + DB::update([ + "update user_info", + "set", [ + "password" => $newPW, + "extra" => DB::json_remove('extra', '$.reset_password_check_code', '$.reset_password_time'), + ], + "where", [ + "username" => $user['username'], + ], + ]); + + return 'ok'; +} +if (isset($_POST['reset'])) { + die(resetPassword()); +} +?> +$REQUIRE_LIB['dialog'] = ''; +$REQUIRE_LIB['md5'] = ''; +?>
@@ -44,60 +60,60 @@ - -
-
-
-
+
+
+ +
+