Home Explore Help
Register Sign In
Apq
/
v2board
mirror of https://github.com/v2board/v2board.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

support multi password hash verify

Tokumeikoi 5 years ago
parent
9ff815f853
commit
241cbd3016
3 changed files with 20 additions and 2 deletions
Unified View Show Diff Stats
  1. 15 1
      app/Http/Controllers/Passport/AuthController.php
  2. 1 0
      app/Http/Controllers/User/UserController.php
  3. 4 1
      database/update.sql

+ 15 - 1
app/Http/Controllers/Passport/AuthController.php
View File 

@@ -93,7 +93,11 @@ class AuthController extends Controller
 
         if (!$user) {
 
         if (!$user) {
 
             abort(500, '用户名或密码错误');
 
             abort(500, '用户名或密码错误');
 
         }
 
         }
 
-        if (!password_verify($password, $user->password)) {
 
+        if (!$this->multiPasswordVerify(
 
+            $user->password_algo,
 
+            $password,
 
+            $user->password)
 
+        ) {
 
             abort(500, '用户名或密码错误');
 
             abort(500, '用户名或密码错误');
 
         }
 
         }
 
 
 
@@ -173,6 +177,7 @@ class AuthController extends Controller
 
         }
 
         }
 
         $user = User::where('email', $request->input('email'))->first();
 
         $user = User::where('email', $request->input('email'))->first();
 
         $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
 
         $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
 
+        $user->password_algo = NULL;
 
         if (!$user->save()) {
 
         if (!$user->save()) {
 
             abort(500, '重置失败');
 
             abort(500, '重置失败');
 
         }
 
         }
 
@@ -181,4 +186,13 @@ class AuthController extends Controller
 
             'data' => true
 
             'data' => true
 
         ]);
 
         ]);
 
     }
 
     }
 
+
 
+    private function multiPasswordVerify($algo, $password, $hash)
 
+    {
 
+        switch($algo) {
 
+            case 'md5': return md5($password) === $hash;
 
+            case 'sha256': return hash('sha256', $password) === $hash;
 
+            default: return password_hash($password, PASSWORD_DEFAULT) === $hash;
 
+        }
 
+    }
 
 }
 
 }

+ 1 - 0
app/Http/Controllers/User/UserController.php
View File 

@@ -36,6 +36,7 @@ class UserController extends Controller
 
             abort(500, '旧密码有误');
 
             abort(500, '旧密码有误');
 
         }
 
         }
 
         $user->password = password_hash($request->input('new_password'), PASSWORD_DEFAULT);
 
         $user->password = password_hash($request->input('new_password'), PASSWORD_DEFAULT);
 
+        $user->password_algo = NULL;
 
         if (!$user->save()) {
 
         if (!$user->save()) {
 
             abort(500, '保存失败');
 
             abort(500, '保存失败');
 
         }
 
         }

+ 4 - 1
database/update.sql
View File 

@@ -133,4 +133,7 @@ ALTER TABLE `v2_order`
 
 DROP `method`;
 
 DROP `method`;
 
 
 
 ALTER TABLE `v2_invite_code`
 
 ALTER TABLE `v2_invite_code`
 
-ADD `pv` int(11) NOT NULL DEFAULT '0' AFTER `status`;
 
+ADD `pv` int(11) NOT NULL DEFAULT '0' AFTER `status`;
 
+
 
+ALTER TABLE `v2_user`
 
+ADD `password_algo` char(10) COLLATE 'utf8_general_ci' NULL AFTER `password`;