move the password method option from database to .env

2016-07-24 12:50:19 +08:00 · 2016-07-24 12:50:19 +08:00 · beacdfa650
commit beacdfa650
parent cda005d5d6
3 changed files with 10 additions and 7 deletions
--- a/.env.example
+++ b/.env.example
@ -14,6 +14,10 @@ DB_USERNAME     = ""
 DB_PASSWORD     = ""
 DB_PREFIX       = ""

+# 密码加密方式
+# 可选的值有：MD5, SALTED2MD5, SHA256
+PWD_METHOD      = "MD5"
+
 # 盐，用于 token 加密
 # 修改为任意随机字符串以保证站点安全
 SALT            = "change-it+to*what)you^like"
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -44,7 +44,7 @@ class User
        $this->email             = \Utils::convertString($email);
        $this->eloquent_model    = ($uid == 0) ? UserModel::where('email', $this->email)->first() : UserModel::find($uid);

-        $class_name              = "App\Services\Cipher\\".\Option::get('encryption');
+        $class_name              = "App\Services\Cipher\\".$_ENV['PWD_METHOD'];
        $this->cipher            = new $class_name;

        if (!is_null($this->eloquent_model)) {
@ -60,12 +60,12 @@ class User

    public function checkPasswd($raw_passwd)
    {
-        return ($this->cipher->encrypt($raw_passwd) == $this->password);
+        return ($this->cipher->encrypt($raw_passwd, $_ENV['SALT']) == $this->password);
    }

    public function changePasswd($new_passwd)
    {
-        $this->eloquent_model->password = $this->cipher->encrypt($new_passwd);
+        $this->eloquent_model->password = $this->cipher->encrypt($new_passwd, $_ENV['SALT']);
        return $this->eloquent_model->save();
    }

@ -166,8 +166,7 @@ class User
    {
        // convert to timestamp
        $remaining_time = (strtotime($this->getLastSignTime()) + \Option::get('sign_gap_time') * 3600 - time()) / 3600;
-        return $return_remaining_time ? (int)$remaining_time : ($remaining_time <= 0);
-        //return (time() - strtotime($this->getLastSignTime()) > \Option::get('sign_gap_time') * 3600);
+        return $return_remaining_time ? round($remaining_time) : ($remaining_time <= 0);
    }

    public function getLastSignTime()
@ -186,7 +185,7 @@ class User
        $user = new UserModel();

        $user->email        = $this->email;
-        $user->password     = $this->cipher->encrypt($password);
+        $user->password     = $this->cipher->encrypt($password, $_ENV['SALT']);
        $user->ip           = $ip;
        $user->score        = \Option::get('user_initial_score');
        $user->last_sign_at = \Utils::getTimeFormatted(time() - 86400);
--- a/resources/views/user/index.tpl
+++ b/resources/views/user/index.tpl
@ -63,7 +63,7 @@
                            <i class="fa fa-calendar-check-o" aria-hidden="true"></i> &nbsp;每日签到
                        </button>
                        @else
-                        <button class="btn btn-primary pull-left" disabled="disabled">
+                        <button class="btn btn-primary pull-left" title="上次签到于 {{ $user->getLastSignTime() }}" disabled="disabled">
                            <i class="fa fa-calendar-check-o" aria-hidden="true"></i> &nbsp;{{ $user->canSign(true) }} 小时后可签到
                        </button>
                        @endif