refactor(auth): use legacy md5 password flow

2026-04-02 03:34:12 +00:00
parent e0733cf672
commit e566e1613b
3 changed files with 10 additions and 27 deletions
@@ -48,36 +48,24 @@ class Member extends Model

    /**
     * 验证密码
-     * 支持两种密码格式:
-     * 1. 新格式: bcrypt hash (60字符, 以 $2y$ 开头)
-     * 2. 旧格式: 双重MD5 (32字符)
+     * 当前项目统一使用双重 MD5。
     *
     * @param string $password 明文密码
     * @return bool
     */
    public function verifyPassword(string $password): bool
    {
-        $hash = $this->password;
-
-        // 新格式: bcrypt
-        if (strlen($hash) === 60 && strpos($hash, '$2y$') === 0) {
-            return password_verify($password, $hash);
-        }
-
-        // 旧格式: 双重MD5 (兼容原系统)
-        $legacyHash = md5(md5($password));
-        return $legacyHash === $hash;
+        return self::makePassword($password) === $this->password;
    }

    /**
-     * 升级密码为 bcrypt 格式
+     * 生成系统使用的密码摘要
     * @param string $password 明文密码
-     * @return bool
+     * @return string
     */
-    public function upgradePassword(string $password): bool
+    public static function makePassword(string $password): string
    {
-        $this->password = password_hash($password, PASSWORD_DEFAULT);
-        return $this->save();
+        return md5(md5($password));
    }

    /**
@@ -45,11 +45,6 @@ class AuthService
            throw new \Exception('账号已过期，请联系客服续费', 4003);
        }

-        // 密码升级：旧MD5格式自动升级为bcrypt
-        if (strlen($member->password) === 32) {
-            $member->upgradePassword($password);
-        }
-
        // 记录登录日志
        $member->logLogin(true, 'password');

@@ -97,7 +92,7 @@ class AuthService
        // 创建用户
        $member = new Member();
        $member->username = $username;
-        $member->password = password_hash($password, PASSWORD_DEFAULT);
+        $member->password = Member::makePassword($password);
        $member->email = $email;
        $member->formtypeid = $formtypeid ?? 0;
        $member->v_type = 0; // 默认套餐
@@ -195,7 +190,7 @@ class AuthService
            throw new \Exception('原密码错误', 4007);
        }

-        $member->password = password_hash($newPassword, PASSWORD_DEFAULT);
+        $member->password = Member::makePassword($newPassword);
        return $member->save();
    }
 }