diff --git a/.env.example b/.env.example
index dfa4a6c1..f1de95b4 100644
--- a/.env.example
+++ b/.env.example
@@ -14,6 +14,10 @@ DB_USERNAME = ""
DB_PASSWORD = ""
DB_PREFIX = ""
+# 密码加密方式
+# 可选的值有:MD5, SALTED2MD5, SHA256
+PWD_METHOD = "MD5"
+
# 盐,用于 token 加密
# 修改为任意随机字符串以保证站点安全
SALT = "change-it+to*what)you^like"
diff --git a/app/Models/User.php b/app/Models/User.php
index aa42a51d..7d1da1a5 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -44,7 +44,7 @@ class User
$this->email = \Utils::convertString($email);
$this->eloquent_model = ($uid == 0) ? UserModel::where('email', $this->email)->first() : UserModel::find($uid);
- $class_name = "App\Services\Cipher\\".\Option::get('encryption');
+ $class_name = "App\Services\Cipher\\".$_ENV['PWD_METHOD'];
$this->cipher = new $class_name;
if (!is_null($this->eloquent_model)) {
@@ -60,12 +60,12 @@ class User
public function checkPasswd($raw_passwd)
{
- return ($this->cipher->encrypt($raw_passwd) == $this->password);
+ return ($this->cipher->encrypt($raw_passwd, $_ENV['SALT']) == $this->password);
}
public function changePasswd($new_passwd)
{
- $this->eloquent_model->password = $this->cipher->encrypt($new_passwd);
+ $this->eloquent_model->password = $this->cipher->encrypt($new_passwd, $_ENV['SALT']);
return $this->eloquent_model->save();
}
@@ -166,8 +166,7 @@ class User
{
// convert to timestamp
$remaining_time = (strtotime($this->getLastSignTime()) + \Option::get('sign_gap_time') * 3600 - time()) / 3600;
- return $return_remaining_time ? (int)$remaining_time : ($remaining_time <= 0);
- //return (time() - strtotime($this->getLastSignTime()) > \Option::get('sign_gap_time') * 3600);
+ return $return_remaining_time ? round($remaining_time) : ($remaining_time <= 0);
}
public function getLastSignTime()
@@ -186,7 +185,7 @@ class User
$user = new UserModel();
$user->email = $this->email;
- $user->password = $this->cipher->encrypt($password);
+ $user->password = $this->cipher->encrypt($password, $_ENV['SALT']);
$user->ip = $ip;
$user->score = \Option::get('user_initial_score');
$user->last_sign_at = \Utils::getTimeFormatted(time() - 86400);
diff --git a/resources/views/user/index.tpl b/resources/views/user/index.tpl
index d9375ab0..18415ea2 100644
--- a/resources/views/user/index.tpl
+++ b/resources/views/user/index.tpl
@@ -63,7 +63,7 @@
每日签到
@else
-