From beacdfa650019cd9e7a7e78ed2bd881286c57625 Mon Sep 17 00:00:00 2001 From: printempw Date: Sun, 24 Jul 2016 12:50:19 +0800 Subject: [PATCH] move the password method option from database to .env --- .env.example | 4 ++++ app/Models/User.php | 11 +++++------ resources/views/user/index.tpl | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index dfa4a6c1..f1de95b4 100644 --- a/.env.example +++ b/.env.example @@ -14,6 +14,10 @@ DB_USERNAME = "" DB_PASSWORD = "" DB_PREFIX = "" +# 密码加密方式 +# 可选的值有:MD5, SALTED2MD5, SHA256 +PWD_METHOD = "MD5" + # 盐,用于 token 加密 # 修改为任意随机字符串以保证站点安全 SALT = "change-it+to*what)you^like" diff --git a/app/Models/User.php b/app/Models/User.php index aa42a51d..7d1da1a5 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -44,7 +44,7 @@ class User $this->email = \Utils::convertString($email); $this->eloquent_model = ($uid == 0) ? UserModel::where('email', $this->email)->first() : UserModel::find($uid); - $class_name = "App\Services\Cipher\\".\Option::get('encryption'); + $class_name = "App\Services\Cipher\\".$_ENV['PWD_METHOD']; $this->cipher = new $class_name; if (!is_null($this->eloquent_model)) { @@ -60,12 +60,12 @@ class User public function checkPasswd($raw_passwd) { - return ($this->cipher->encrypt($raw_passwd) == $this->password); + return ($this->cipher->encrypt($raw_passwd, $_ENV['SALT']) == $this->password); } public function changePasswd($new_passwd) { - $this->eloquent_model->password = $this->cipher->encrypt($new_passwd); + $this->eloquent_model->password = $this->cipher->encrypt($new_passwd, $_ENV['SALT']); return $this->eloquent_model->save(); } @@ -166,8 +166,7 @@ class User { // convert to timestamp $remaining_time = (strtotime($this->getLastSignTime()) + \Option::get('sign_gap_time') * 3600 - time()) / 3600; - return $return_remaining_time ? (int)$remaining_time : ($remaining_time <= 0); - //return (time() - strtotime($this->getLastSignTime()) > \Option::get('sign_gap_time') * 3600); + return $return_remaining_time ? round($remaining_time) : ($remaining_time <= 0); } public function getLastSignTime() @@ -186,7 +185,7 @@ class User $user = new UserModel(); $user->email = $this->email; - $user->password = $this->cipher->encrypt($password); + $user->password = $this->cipher->encrypt($password, $_ENV['SALT']); $user->ip = $ip; $user->score = \Option::get('user_initial_score'); $user->last_sign_at = \Utils::getTimeFormatted(time() - 86400); diff --git a/resources/views/user/index.tpl b/resources/views/user/index.tpl index d9375ab0..18415ea2 100644 --- a/resources/views/user/index.tpl +++ b/resources/views/user/index.tpl @@ -63,7 +63,7 @@  每日签到 @else - @endif