feat: reset_password

2024-11-25 07:58:40 +00:00 · 2023-01-15 20:01:37 +08:00 · 2023-01-15 20:01:37 +08:00 · e43444e02d
commit e43444e02d
parent 4226b25e91
2 changed files with 199 additions and 127 deletions
--- a/web/app/controllers/forgot_pw.php
+++ b/web/app/controllers/forgot_pw.php
@ -1,8 +1,14 @@
 <?php
 requirePHPLib('form');
 use Gregwar\Captcha\PhraseBuilder;
 $forgot_form = new UOJBs4Form('forgot');
-	$forgot_form->addInput('username', 'text', '用户名', '',
+$forgot_form->addInput(
 	'username',
 	'text',
 	'用户名',
 	'',
 	function ($username, &$vdata) {
 		if (!validateUsername($username)) {
 			return '用户名不合法';
@ -15,26 +21,52 @@
 	},
 	null
 );
 $forgot_form->appendHTML(<<<EOD
 <div id="div-captcha" class="form-group">
 	<label for="input-captcha" class="col-sm-2 control-label">验证码</label>
 	<div class="col-sm-3" style="max-width: 60%">
 		<input type="text" class="form-control" id="input-captcha" name="captcha" placeholder="请输入验证码" maxlength="20" style="display: inline-block; width: 12em;" />
 		<div style="display: inline-block; margin-left: 8px; position: relative; top: -2px; cursor: pointer;">
 			<img id="captcha" src="" />
 		</div>
 		<span class="help-block" id="help-captcha" style="display: block"></span>
 	</div>
 </div>
 EOD);
 $forgot_form->handle = function (&$vdata) {
 	$user = $vdata['user'];
 	$password = $user["password"];
 	if (!isset($_SESSION['phrase']) || !PhraseBuilder::comparePhrases($_SESSION['phrase'], $_POST['captcha'])) {
 		becomeMsgPage('验证码错误！');
 	}
 	if (!$user['email']) {
 		becomeMsgPage('用户未填写邮件地址，请联系管理员重置！');
 	}
 	$oj_name = UOJConfig::$data['profile']['oj-name'];
 	$oj_name_short = UOJConfig::$data['profile']['oj-name-short'];
-		$sufs = base64url_encode($user['username'] . "." . md5($user['username'] . "+" . $password));
+	$check_code = md5($user['username'] . "+" . $password . '+' . UOJTime::$time_now_str);
-		$url = HTML::url("/reset-password", array('params' => array('p' => $sufs)));
+	$sufs = base64url_encode($user['username'] . "." . $check_code);
 	$url = HTML::url("/reset-password", ['params' => ['p' => $sufs]]);
 	$oj_url = HTML::url('/');
 	$name = $user['username'];
 	if ($user['realname']) {
 		$name .= ' (' . $user['realname'] . ')';
 	}
 	$html = <<<EOD
 <base target="_blank" />
-<p>{$user['username']}您好，</p>
+<p>{$name} 您好，</p>
 <p>您刚刚启用了{$oj_name_short}密码找回功能，请进入下面的链接重设您的密码：</p>
 <p><a href="$url">$url</a></p>
 <p>{$oj_name}</p>
-<style type="text/css">
+<p>您最近告知我们需要重置您在 {$oj_name_short} 上账号的密码。请访问以下链接：<a href="{$url}">{$url}</a> (如果无法点击链接，请试着复制链接并粘贴至浏览器中打开。)</p>
-body{font-size:14px;font-family:arial,verdana,sans-serif;line-height:1.666;padding:0;margin:0;overflow:auto;white-space:normal;word-wrap:break-word;min-height:100px}
+<p>如果您没有请求重置密码，则忽略此信息。该链接将在 72 小时后自动过期失效。</p>
-pre {white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}
+
-</style>
+<p>{$oj_name}</p>
 <p><a href="{$oj_url}">{$oj_url}</a></p>
 EOD;
 	$mailer = UOJMail::noreply();
@ -43,9 +75,19 @@ EOD;
 	$mailer->msgHTML($html);
 	if (!$mailer->send()) {
 		error_log($mailer->ErrorInfo);
-			becomeMsgPage('<div class="text-center"><h2>邮件发送失败，请重试 <span class="glyphicon glyphicon-remove"></span></h2></div>');
+		becomeMsgPage('<div class="text-center"><h2>邮件发送失败，请重试！</h2></div>');
 	} else {
-			becomeMsgPage('<div class="text-center"><h2>邮件发送成功 <span class="glyphicon glyphicon-ok"></span></h2></div>');
+		DB::update([
 			"update user_info",
 			"set", [
 				'extra' => DB::json_set('extra', '$.reset_password_check_code', $check_code, '$.reset_password_time', UOJTime::$time_now_str),
 			],
 			"where", [
 				"username" => $user['username'],
 			],
 		]);
 		becomeMsgPage('<div class="text-center"><h2>邮件发送成功，请检查收件箱！</h2><span>如果邮件未出现在收件箱中，请检查垃圾箱。</span></div>');
 	}
 };
 $forgot_form->submit_button_config['align'] = 'offset';
@ -56,4 +98,18 @@ EOD;
 <h2 class="page-header">找回密码</h2>
 <h4>请输入需要找回密码的用户名：</h4>
 <?php $forgot_form->printHTML(); ?>
 <script>
 	function refreshCaptcha() {
 		var timestamp = new Date().getTime();
 		$("#captcha").attr("src", "/captcha" + '?' + timestamp);
 	}
 	$(document).ready(function() {
 		refreshCaptcha();
 		$("#captcha").click(function(e) {
 			refreshCaptcha();
 		});
 	});
 </script>
 <?php echoUOJPageFooter() ?>
--- a/web/app/controllers/reset_pw.php
+++ b/web/app/controllers/reset_pw.php
@ -2,28 +2,44 @@
 if (!isset($_GET['p'])) {
 	become404Page();
 }
-	function resetPassword() {
+
 list($username, $check_code) = explode('.', base64url_decode($_GET['p']));
 $user = UOJUser::query($username);
 if (!$user) become404Page();
 if (!isset($check_code) || strlen($check_code) != 32) become404Page();
 $extra = UOJUser::getExtra($user);
 if ($check_code !== $extra['reset_password_check_code']) {
 	become404Page();
 }
 if (UOJTime::str2time($extra['reset_password_time'])->add(new DateInterval('P3D')) < UOJTime::$time_now) {
 	becomeMsgPage('链接已过期');
 }
 function resetPassword() {
 	global $user;
 	if (!isset($_POST['newPW']) || !validatePassword($_POST['newPW'])) {
 		return '操作失败，无效密码';
 	}
 		if (!isset($username) || !validateUsername($username)) {
 			return '不明错误';
 		}
 		if (!isset($check_code)) {
 			return '不明错误';
 		}
 	$newPW = $_POST['newPW'];
 		$user = UOJUser::query($username);
 		if ($user == null) {
 			return '不明错误';
 		}
 		if ($check_code !== md5($user['username'] . '+' . $user['password'])) {
 			return '不明错误';
 		}
 	$newPW = getPasswordToStore($newPW, $user['username']);
-		DB::update("update user_info set password = '$newPW' where username = '{$user['username']}'");
+
 	DB::update([
 		"update user_info",
 		"set", [
 			"password" => $newPW,
 			"extra" => DB::json_remove('extra', '$.reset_password_check_code', '$.reset_password_time'),
 		],
 		"where", [
 			"username" => $user['username'],
 		],
 	]);
 	return 'ok';
 }
 if (isset($_POST['reset'])) {