alroyso 2 dias atrás
pai
commit
f5e011c3ce

+ 12 - 31
.idea/workspace.xml

@@ -5,37 +5,9 @@
   </component>
   <component name="ChangeListManager">
     <list default="true" id="09451f28-815a-407f-8951-727d305b50a4" name="Changes" comment="Changes">
-      <change afterPath="$PROJECT_DIR$/.idea/blade.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/dataSources/1e09a6f5-c562-4514-a27d-37e0d8ac0291.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/dataSources/1e09a6f5-c562-4514-a27d-37e0d8ac0291/storage_v2/_src_/schema/api_niubiyun_xyz.sL_PIA.meta" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/dataSources/1e09a6f5-c562-4514-a27d-37e0d8ac0291/storage_v2/_src_/schema/api_niubiyun_xyz.sL_PIA.zip" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/dataSources/1e09a6f5-c562-4514-a27d-37e0d8ac0291/storage_v2/_src_/schema/information_schema.FNRwLQ.meta" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/deployment.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/laravel-idea.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/modules.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/neiyou_user_web.iml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/php.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/phpspec.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/sshConfigs.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/vcs.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/app/Http/Controllers/User/Google2FAController.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/app/Http/Middleware/Google2FAMiddleware.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/composer.lock" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/config/google2fa.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/database/migrations/7.4/2024_06_21_000000_add_2fa_columns_to_users_table.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/resources/views/user/2fa/index.blade.php" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/resources/views/user/2fa/verify.blade.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/app/Http/Controllers/AuthController.php" beforeDir="false" afterPath="$PROJECT_DIR$/app/Http/Controllers/AuthController.php" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/app/Http/Controllers/UserController.php" beforeDir="false" afterPath="$PROJECT_DIR$/app/Http/Controllers/UserController.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/app/Http/Kernel.php" beforeDir="false" afterPath="$PROJECT_DIR$/app/Http/Kernel.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/app/Models/UserLoginLog.php" beforeDir="false" afterPath="$PROJECT_DIR$/app/Models/UserLoginLog.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/composer.json" beforeDir="false" afterPath="$PROJECT_DIR$/composer.json" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/resources/views/down/dowload.blade.php" beforeDir="false" afterPath="$PROJECT_DIR$/resources/views/down/dowload.blade.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/resources/views/down/layouts.blade.php" beforeDir="false" afterPath="$PROJECT_DIR$/resources/views/down/layouts.blade.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/resources/views/user/layouts.blade.php" beforeDir="false" afterPath="$PROJECT_DIR$/resources/views/user/layouts.blade.php" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/resources/views/user/profile.blade.php" beforeDir="false" afterPath="$PROJECT_DIR$/resources/views/user/profile.blade.php" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/routes/user.php" beforeDir="false" afterPath="$PROJECT_DIR$/routes/user.php" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -404,7 +376,8 @@
       <workItem from="1741676812529" duration="3956000" />
       <workItem from="1741754825074" duration="1828000" />
       <workItem from="1741756792720" duration="702000" />
-      <workItem from="1741757796035" duration="7092000" />
+      <workItem from="1741757796035" duration="7383000" />
+      <workItem from="1741765840066" duration="6415000" />
     </task>
     <task id="LOCAL-00001" summary="Changes">
       <option name="closed" value="true" />
@@ -678,7 +651,15 @@
       <option name="project" value="LOCAL" />
       <updated>1741681720809</updated>
     </task>
-    <option name="localTasksCounter" value="35" />
+    <task id="LOCAL-00035" summary="Changes">
+      <option name="closed" value="true" />
+      <created>1741765285372</created>
+      <option name="number" value="00035" />
+      <option name="presentableId" value="LOCAL-00035" />
+      <option name="project" value="LOCAL" />
+      <updated>1741765285372</updated>
+    </task>
+    <option name="localTasksCounter" value="36" />
     <servers />
   </component>
   <component name="TypeScriptGeneratedFilesManager">

+ 24 - 44
app/Http/Controllers/UserController.php

@@ -154,7 +154,27 @@ class UserController extends Controller
     {
         $user = auth()->user();
         if ($request->isMethod('POST')) {
+            // 检查用户是否开启了双重验证
+            if (!$user->google2fa_enable) {
+                // 如果用户未开启双重验证,重定向到双重验证设置页面
+                return redirect('/2fa')->withErrors('您必须先开启双重验证才能修改个人资料');
+            }
+            
             $oldPassword = $user->password;
+
+            // 验证双重验证码
+            $data = $request->all();
+            if (!isset($data['code']) || empty($data['code'])) {
+                return Redirect::back()->withErrors('修改个人资料需要输入双重验证码');
+            }
+
+            $google2fa = new Google2FA();
+            $valid = $google2fa->verifyKey($user->google2fa_secret, $data['code']);
+
+            if (!$valid) {
+                return Redirect::back()->withErrors('双重验证码无效,请重试');
+            }
+
             // 修改密码
             if ($request->has(['password', 'new_password'])) {
                 $data = $request->only(['password', 'new_password', 'code']);
@@ -171,21 +191,6 @@ class UserController extends Controller
                 if ($user->id === 1 && config('app.demo')) {
                     return Redirect::back()->withErrors(trans('auth.password.reset.error.demo'));
                 }
-                
-                // 检查用户是否开启了双重验证
-                if ($user->google2fa_enable) {
-                    // 验证双重验证码
-                    if (!isset($data['code']) || empty($data['code'])) {
-                        return Redirect::back()->withErrors('修改密码需要输入双重验证码');
-                    }
-                    
-                    $google2fa = new Google2FA();
-                    $valid = $google2fa->verifyKey($user->google2fa_secret, $data['code']);
-                    
-                    if (!$valid) {
-                        return Redirect::back()->withErrors('双重验证码无效,请重试');
-                    }
-                }
 
                 if (! $user->update(['password' => $data['new_password']])) {
                     return Redirect::back()->withErrors(trans('common.update_action', ['action' => trans('common.failed')]));
@@ -207,23 +212,7 @@ class UserController extends Controller
 
             // 修改联系方式
             if ($request->has(['email','username', 'wechat', 'qq'])) {
-                //ol_emil
                 $data = $request->only(['newemail','email','username', 'wechat', 'qq', 'code']);
-                
-                // 检查用户是否开启了双重验证
-                if ($user->google2fa_enable) {
-                    // 验证双重验证码
-                    if (!isset($data['code']) || empty($data['code'])) {
-                        return Redirect::back()->withErrors('修改邮箱需要输入双重验证码');
-                    }
-                    
-                    $google2fa = new Google2FA();
-                    $valid = $google2fa->verifyKey($user->google2fa_secret, $data['code']);
-                    
-                    if (!$valid) {
-                        return Redirect::back()->withErrors('双重验证码无效,请重试');
-                    }
-                }
 
                 $email = $data['newemail'];
                 $pattern = "/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/";
@@ -232,12 +221,10 @@ class UserController extends Controller
                     return Redirect::back()->withErrors(trans('common.update_action', ['action' => trans('common.error_email')]));
                 }
 
-                if ( User::where('email', $data['newemail'])->count() >= 1) {
+                if (User::where('email', $data['newemail'])->count() >= 1) {
                     return Redirect::back()->withErrors(trans('common.update_action', ['action' => trans('common.failed_email')]));
                 }
-//                if (empty($data['qq'])) {
-//                    return Redirect::back()->withErrors(trans('validation.required', ['attribute' => trans('validation.attributes.qq')]));
-//                }
+
                 if (empty($data['username'])) {
                     return Redirect::back()->withErrors(trans('validation.required', ['attribute' => trans('validation.attributes.username')]));
                 }
@@ -248,22 +235,15 @@ class UserController extends Controller
                     'qq' => $data['qq'],
                     'ol_emil' => $data['email'],
                 ];
-//                var_dump($newData); die();
-//                $data['old_email'] = $data['email'];
-//                $data['email'] = $data['newemail'];
-//                var_dump($data);
-//                die();
+
                 if (! $user->update($newData)) {
                     return Redirect::back()->withErrors(trans('common.update_action', ['action' => trans('common.failed')]));
                 }
 
                 Helpers::addEmailLog($user->id,$data['email'],$data['newemail']);
 
+                return Redirect::back()->with('successMsg', trans('common.update_action', ['action' => trans('common.success')]));
             }
-
-
-
-            return Redirect::back()->with('successMsg', trans('common.update_action', ['action' => trans('common.success')]));
         }
 
         return view('user.profile');

+ 19 - 11
resources/views/user/profile.blade.php

@@ -33,6 +33,14 @@
                     @if($errors->any())
                         <x-alert type="danger" :message="$errors->all()"/>
                     @endif
+                    
+                    @if(!Auth::user()->google2fa_enable)
+                    <div class="alert alert-warning">
+                        <i class="icon wb-warning" aria-hidden="true"></i> 
+                        <strong>安全提示:</strong> 您必须先<a href="/2fa" class="alert-link">开启双重验证</a>才能修改个人资料。这是为了保护您的账户安全。
+                    </div>
+                    @endif
+                    
                     <div class="panel-body nav-tabs-animate nav-tabs-horizontal" data-plugin="tabs">
                         <ul class="nav nav-tabs nav-tabs-line" role="tablist">
                             <li class="nav-item" role="presentation">
@@ -51,11 +59,11 @@
                                     @csrf
                                     <div class="form-group row">
                                         <label for="password" class="col-md-2 col-form-label">{{trans('auth.password.original')}}</label>
-                                        <input type="password" class="form-control col-md-5 round" name="password" id="password" autofocus required/>
+                                        <input type="password" class="form-control col-md-5 round" name="password" id="password" autofocus required {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-group row">
                                         <label for="new_password" class="col-md-2  col-form-label">{{trans('auth.password.new')}}</label>
-                                        <input type="password" class="form-control col-md-5 round" name="new_password" id="new_password" required/>
+                                        <input type="password" class="form-control col-md-5 round" name="new_password" id="new_password" required {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     
                                     @if(Auth::user()->google2fa_enable)
@@ -69,7 +77,7 @@
                                     @endif
                                     
                                     <div class="form-actions">
-                                        <button type="submit" class="btn btn-info">{{trans('common.submit')}}</button>
+                                        <button type="submit" class="btn btn-info" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}>{{trans('common.submit')}}</button>
                                     </div>
                                     
                                     @if(!Auth::user()->google2fa_enable)
@@ -85,11 +93,11 @@
                                     @csrf
                                     <div class="form-group row">
                                         <label for="email" class="col-md-2 col-form-label">邮箱</label>
-                                        <input type="text" class="form-control col-md-5 round" name="email" id="email" value="{{Auth::getUser()->email}}"/>
+                                        <input type="text" class="form-control col-md-5 round" name="email" id="email" value="{{Auth::getUser()->email}}" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-group row">
                                         <label for="newemail" class="col-md-2 col-form-label">新邮箱</label>
-                                        <input type="text" class="form-control col-md-5 round" name="newemail" id="newemail" value="" />
+                                        <input type="text" class="form-control col-md-5 round" name="newemail" id="newemail" value="" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     
                                     @if(Auth::user()->google2fa_enable)
@@ -116,18 +124,18 @@
 
                                     <div class="form-group row">
                                         <label for="username" class="col-md-2 col-form-label">{{trans('validation.attributes.username')}}</label>
-                                        <input type="text" class="form-control col-md-5 round" name="username" id="username" value="{{Auth::getUser()->username}}"/>
+                                        <input type="text" class="form-control col-md-5 round" name="username" id="username" value="{{Auth::getUser()->username}}" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-group row">
                                         <label for="wechat" class="col-md-2 col-form-label">{{trans('common.payment.wechat')}}</label>
-                                        <input type="text" class="form-control col-md-5 round" name="wechat" id="wechat" value="{{Auth::getUser()->wechat}}"/>
+                                        <input type="text" class="form-control col-md-5 round" name="wechat" id="wechat" value="{{Auth::getUser()->wechat}}" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-group row">
                                         <label for="qq" class="col-md-2 col-form-label">QQ</label>
-                                        <input type="number" class="form-control col-md-5 round" name="qq" id="qq" value="{{Auth::getUser()->qq}}"/>
+                                        <input type="number" class="form-control col-md-5 round" name="qq" id="qq" value="{{Auth::getUser()->qq}}" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-actions">
-                                        <button type="submit" class="btn btn-info">{{trans('common.submit')}}</button>
+                                        <button type="submit" class="btn btn-info" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}>{{trans('common.submit')}}</button>
                                     </div>
                                     
                                     @if(!Auth::user()->google2fa_enable)
@@ -143,10 +151,10 @@
                                     @csrf
                                     <div class="form-group row">
                                         <label for="passwd" class="col-md-2 col-form-label"> {{trans('user.account.connect_password')}} </label>
-                                        <input type="text" class="form-control col-md-5 round" name="passwd" id="passwd" value="{{Auth::getUser()->passwd}}" required/>
+                                        <input type="text" class="form-control col-md-5 round" name="passwd" id="passwd" value="{{Auth::getUser()->passwd}}" required {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}/>
                                     </div>
                                     <div class="form-actions">
-                                        <button type="submit" class="btn btn-info"> {{trans('common.submit')}} </button>
+                                        <button type="submit" class="btn btn-info" {{ !Auth::user()->google2fa_enable ? 'disabled' : '' }}> {{trans('common.submit')}} </button>
                                     </div>
                                 </form>
                             </div>