/** * 重置密码页,验证链接有效性,页面发送邮件调用sendResetPwdEmail()方法 */ public function resetPwd() { $param = input(''); $bool = $this->verifyUrl($param); if ($bool) { $this->assign("param", $param); return $this->fetch('resetpwd'); } else { abort(404, '链接失效或错误'); } } /** * 执行重置密码 */ public function doResetPwd() { $param = input('param.'); // 验证链接有效性 $bool = $this->verifyUrl($param); if ($bool) { $validateRes = is_pwd($param['password']); if (!$validateRes) { return info(lang("密码必须包含大小写字母,数字,长度为8~16"), 0); } if ($param['password'] != $param['rpassword']) { return info('两次密码输入不一致', 1); } else { $c = explode('+', base64_decode($param['c'])); try { model('User')->where(['email' => $c[0]])->update(['password' => mduser($param['password'])]); return info('密码重置成功'); } catch (Exception $e) { return info('密码重置失败,请联系管理员'); } } } else { abort(404, '链接失效或错误'); } } /** * 重置密码发送邮箱 */ public function sendResetPwdEmail() { $param = input('post.email'); if (empty($param)) { return false; } $data = model('user')->getRow(['email' => $param], 'id,it_code,password'); if (empty($data)) { return info('邮箱未注册', 0); } $time = time(); $key1 = base64_encode($param . '+' . $time); $key2 = md5($data['id'] . $data['it_code'] . $data['password'] . $time . config('user_auth_key')); $url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME'] . url('/resetPwd', ['c' => $key1, 'k' => $key2]); $body = "<b>" . $data['it_code'] . ',您好:</b></br></br></n>' . ' 感谢您使用门户平台!</br></br>' . ' 请<a href="' . $url . '">点击这里重置密码</a>。'; $receiver = array($param); // 发送邮件方法另见下一篇文章 $res = send_mail($receiver, '门户平台密码重置', $body); if ($res) { return info('邮件发送成功,请查收邮件', 1); } else { return info('邮件发送失败,请联系管理员', 0); } } /** * 验证链接有效性 */ private function verifyUrl($param) { if (empty($param['c']) || empty($param['k'])) { return false; } $c = explode('+', base64_decode($param['c'])); if (count($c) != 2) { return false; } // 用户数据不存在 页面失效 $userData = model('user')->getRow(['email' => $c[0]], 'id,it_code,password'); if (empty($userData)) { return false; } // 密码重置后 页面失效 $key = md5($userData['id'] . $userData['it_code'] . $userData['password'] . $c[1] . config('user_auth_key')); if ($key != $param['k']) { return false; } // 时间过1800s 页面失效 if ($c[1] + 1800 < time()) { return false; } return true; }