refactor(auth): use legacy md5 password flow
This commit is contained in:
nepiedg
@@ -162,13 +162,13 @@ $members = \app\api\model\Member::where('disabled', 0)->select();
|
||||
// 新增
|
||||
$member = new \app\api\model\Member;
|
||||
$member->username = 'test';
|
||||
$member->password = password_hash('123456', PASSWORD_DEFAULT);
|
||||
$member->password = \app\api\model\Member::makePassword('123456');
|
||||
$member->save();
|
||||
|
||||
// 或
|
||||
\app\api\model\Member::create([
|
||||
'username' => 'test',
|
||||
'password' => password_hash('123456', PASSWORD_DEFAULT),
|
||||
'password' => \app\api\model\Member::makePassword('123456'),
|
||||
]);
|
||||
|
||||
// 更新
|
||||
|
||||
@@ -48,36 +48,24 @@ class Member extends Model
|
||||
|
||||
/**
|
||||
* 验证密码
|
||||
* 支持两种密码格式:
|
||||
* 1. 新格式: bcrypt hash (60字符, 以 $2y$ 开头)
|
||||
* 2. 旧格式: 双重MD5 (32字符)
|
||||
* 当前项目统一使用双重 MD5。
|
||||
*
|
||||
* @param string $password 明文密码
|
||||
* @return bool
|
||||
*/
|
||||
public function verifyPassword(string $password): bool
|
||||
{
|
||||
$hash = $this->password;
|
||||
|
||||
// 新格式: bcrypt
|
||||
if (strlen($hash) === 60 && strpos($hash, '$2y$') === 0) {
|
||||
return password_verify($password, $hash);
|
||||
}
|
||||
|
||||
// 旧格式: 双重MD5 (兼容原系统)
|
||||
$legacyHash = md5(md5($password));
|
||||
return $legacyHash === $hash;
|
||||
return self::makePassword($password) === $this->password;
|
||||
}
|
||||
|
||||
/**
|
||||
* 升级密码为 bcrypt 格式
|
||||
* 生成系统使用的密码摘要
|
||||
* @param string $password 明文密码
|
||||
* @return bool
|
||||
* @return string
|
||||
*/
|
||||
public function upgradePassword(string $password): bool
|
||||
public static function makePassword(string $password): string
|
||||
{
|
||||
$this->password = password_hash($password, PASSWORD_DEFAULT);
|
||||
return $this->save();
|
||||
return md5(md5($password));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -45,11 +45,6 @@ class AuthService
|
||||
throw new \Exception('账号已过期,请联系客服续费', 4003);
|
||||
}
|
||||
|
||||
// 密码升级:旧MD5格式自动升级为bcrypt
|
||||
if (strlen($member->password) === 32) {
|
||||
$member->upgradePassword($password);
|
||||
}
|
||||
|
||||
// 记录登录日志
|
||||
$member->logLogin(true, 'password');
|
||||
|
||||
@@ -97,7 +92,7 @@ class AuthService
|
||||
// 创建用户
|
||||
$member = new Member();
|
||||
$member->username = $username;
|
||||
$member->password = password_hash($password, PASSWORD_DEFAULT);
|
||||
$member->password = Member::makePassword($password);
|
||||
$member->email = $email;
|
||||
$member->formtypeid = $formtypeid ?? 0;
|
||||
$member->v_type = 0; // 默认套餐
|
||||
@@ -195,7 +190,7 @@ class AuthService
|
||||
throw new \Exception('原密码错误', 4007);
|
||||
}
|
||||
|
||||
$member->password = password_hash($newPassword, PASSWORD_DEFAULT);
|
||||
$member->password = Member::makePassword($newPassword);
|
||||
return $member->save();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user