lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-03 14:10:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

reset password update auth_key

Browse Source
This commit is contained in:
xiaomlove
2025-04-05 21:43:37 +07:00
parent 1841f1377a
commit 291f5c03b5
4 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/demo.yml vendored
View File

@@ -1,7 +1,7 @@
name: deploy to demo site name: deploy to demo site
on: #on:
push: # push:
branches: [ "php8" ] # branches: [ "php8" ]
# Environment variables available to all jobs and steps in this workflow # Environment variables available to all jobs and steps in this workflow
env: env:

2
app/Models/User.php
View File

@@ -185,7 +185,7 @@ class User extends Authenticatable implements FilamentUser, HasName
'username', 'email', 'passhash', 'secret', 'stylesheet', 'editsecret', 'added', 'enabled', 'status', 'username', 'email', 'passhash', 'secret', 'stylesheet', 'editsecret', 'added', 'enabled', 'status',
'leechwarn', 'leechwarnuntil', 'page', 'class', 'uploaded', 'downloaded', 'clientselect', 'showclienterror', 'last_home', 'leechwarn', 'leechwarnuntil', 'page', 'class', 'uploaded', 'downloaded', 'clientselect', 'showclienterror', 'last_home',
'seedbonus', 'downloadpos', 'vip_added', 'vip_until', 'title', 'invites', 'attendance_card', 'seedbonus', 'downloadpos', 'vip_added', 'vip_until', 'title', 'invites', 'attendance_card',
'seed_points_per_hour', 'passkey', 'seed_points_per_hour', 'passkey', 'auth_key'
]; ];
/** /**

2
app/Repositories/UserRepository.php
View File

@@ -129,6 +129,7 @@ class UserRepository extends BaseRepository
'username' => $username, 'username' => $username,
'email' => $email, 'email' => $email,
'secret' => $secret, 'secret' => $secret,
'auth_key' => mksecret(),
'editsecret' => '', 'editsecret' => '',
'passhash' => $passhash, 'passhash' => $passhash,
'stylesheet' => $setting['defstylesheet'], 'stylesheet' => $setting['defstylesheet'],
@@ -165,6 +166,7 @@ class UserRepository extends BaseRepository
$update = [ $update = [
'secret' => $secret, 'secret' => $secret,
'passhash' => $passhash, 'passhash' => $passhash,
'auth_key' => mksecret(),
]; ];
$user->update($update); $user->update($update);
return true; return true;

7
public/recover.php
View File

@@ -85,11 +85,10 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]
$sec = mksecret(); $sec = mksecret();
// $newpasshash = md5($sec . $newpassword . $sec); $newpasshash = hash('sha256', $sec.hash('sha256', $newpassword));
$newpasshash = hash('sha256', $newpassword); $authKey = mksecret();
$newpasshash = hash('sha256', $sec.$newpasshash);
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__); sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . ", auth_key=". sqlesc($authKey) . " WHERE id=" . sqlesc($id)." AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows()) if (!mysql_affected_rows())
stderr($lang_recover['std_error'], $lang_recover['std_unable_updating_user_data']); stderr($lang_recover['std_error'], $lang_recover['std_unable_updating_user_data']);