lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-03 06:00:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

reset password update auth_key

Browse Source
This commit is contained in:
xiaomlove
2025-04-05 21:43:37 +07:00
parent 1841f1377a
commit 291f5c03b5
4 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/demo.yml vendored
View File

@@ -1,8 +1,8 @@
name: deploy to demo site
on:
push:
branches: [ "php8" ]
#on:
# push:
# branches: [ "php8" ]
# Environment variables available to all jobs and steps in this workflow
env:
SSH_KEY: ${{secrets.DEMO_SSH_KEY}}
@@ -35,6 +35,6 @@ jobs:
run: ssh demo "cd $DEMO_WEB_ROOT && php artisan nexus:update --tag=dev"
- name: Update
run: ssh demo "cd $DEMO_WEB_ROOT && php artisan nexus:update"

2
app/Models/User.php
View File

@@ -185,7 +185,7 @@ class User extends Authenticatable implements FilamentUser, HasName
'username', 'email', 'passhash', 'secret', 'stylesheet', 'editsecret', 'added', 'enabled', 'status',
'leechwarn', 'leechwarnuntil', 'page', 'class', 'uploaded', 'downloaded', 'clientselect', 'showclienterror', 'last_home',
'seedbonus', 'downloadpos', 'vip_added', 'vip_until', 'title', 'invites', 'attendance_card',
'seed_points_per_hour', 'passkey',
'seed_points_per_hour', 'passkey', 'auth_key'
];
/**

2
app/Repositories/UserRepository.php
View File

@@ -129,6 +129,7 @@ class UserRepository extends BaseRepository
'username' => $username,
'email' => $email,
'secret' => $secret,
'auth_key' => mksecret(),
'editsecret' => '',
'passhash' => $passhash,
'stylesheet' => $setting['defstylesheet'],
@@ -165,6 +166,7 @@ class UserRepository extends BaseRepository
$update = [
'secret' => $secret,
'passhash' => $passhash,
'auth_key' => mksecret(),
];
$user->update($update);
return true;

7
public/recover.php
View File

@@ -85,11 +85,10 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$sec = mksecret();
// $newpasshash = md5($sec . $newpassword . $sec);
$newpasshash = hash('sha256', $newpassword);
$newpasshash = hash('sha256', $sec.$newpasshash);
$newpasshash = hash('sha256', $sec.hash('sha256', $newpassword));
$authKey = mksecret();
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . ", auth_key=". sqlesc($authKey) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows())
stderr($lang_recover['std_error'], $lang_recover['std_unable_updating_user_data']);