5 years ago · 32d6a983a3
--- a/app/Http/Controllers/Passport/AuthController.php
+++ b/app/Http/Controllers/Passport/AuthController.php
@@ -7,7 +7,6 @@ use App\Http\Requests\Passport\AuthRegister;
 
				 use App\Http\Requests\Passport\AuthForget;
			
 
				 use App\Http\Requests\Passport\AuthLogin;
			
 
				 use Illuminate\Http\Request;
			
 
				-use Illuminate\Support\Facades\Mail;
			
 
				 use Illuminate\Support\Facades\Cache;
			
 
				 use App\Models\User;
			
 
				 use App\Models\InviteCode;
			
@@ -93,7 +92,7 @@ class AuthController extends Controller
 
				         if (!$user) {
			
 
				             abort(500, '用户名或密码错误');
			
 
				         }
			
 
				-        if (!$this->multiPasswordVerify(
			
 
				+        if (!Helper::multiPasswordVerify(
			
 
				             $user->password_algo,
			
 
				             $password,
			
 
				             $user->password)
			
@@ -186,13 +185,4 @@ class AuthController extends Controller
 
				             'data' => true
			
 
				         ]);
			
 
				     }
			
 
				-
			
 
				-    private function multiPasswordVerify($algo, $password, $hash)
			
 
				-    {
			
 
				-        switch($algo) {
			
 
				-            case 'md5': return md5($password) === $hash;
			
 
				-            case 'sha256': return hash('sha256', $password) === $hash;
			
 
				-            default: return password_verify($password, $hash);
			
 
				-        }
			
 
				-    }
			
 
				 }
			
--- a/app/Http/Controllers/User/UserController.php
+++ b/app/Http/Controllers/User/UserController.php
@@ -32,7 +32,11 @@ class UserController extends Controller
 
				             abort(500, '新密码不能为空');
			
 
				         }
			
 
				         $user = User::find($request->session()->get('id'));
			
 
				-        if (!password_verify($request->input('old_password'), $user->password)) {
			
 
				+        if (!Helper::multiPasswordVerify(
			
 
				+            $user->password_algo,
			
 
				+            $request->input('old_password'),
			
 
				+            $user->password)
			
 
				+        ) {
			
 
				             abort(500, '旧密码有误');
			
 
				         }
			
 
				         $user->password = password_hash($request->input('new_password'), PASSWORD_DEFAULT);
			
--- a/app/Utils/Helper.php
+++ b/app/Utils/Helper.php
@@ -75,4 +75,13 @@ class Helper
 
				         }
			
 
				         return "vmess://" . base64_encode(json_encode($config)) . "\r\n";
			
 
				     }
			
 
				+
			
 
				+    public static function multiPasswordVerify($algo, $password, $hash)
			
 
				+    {
			
 
				+        switch($algo) {
			
 
				+            case 'md5': return md5($password) === $hash;
			
 
				+            case 'sha256': return hash('sha256', $password) === $hash;
			
 
				+            default: return password_verify($password, $hash);
			
 
				+        }
			
 
				+    }
			
 
				 }