From 202e9d89181db5093b052192417aca8b99c012fa Mon Sep 17 00:00:00 2001 From: thinkgem Date: Sun, 20 Sep 2020 18:42:25 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=89=8B=E6=9C=BA=E5=8F=B7?= =?UTF-8?q?=E7=9F=AD=E4=BF=A1=E9=AA=8C=E8=AF=81=E7=A0=81=E7=99=BB=E5=BD=95?= =?UTF-8?q?=20user.loginByValidCode=3Dtrue=EF=BC=9B=E8=B0=83=E6=95=B4=20sy?= =?UTF-8?q?sLogin=E3=80=81sysIndex=E3=80=81menuTree=E3=80=81forgetPwd?= =?UTF-8?q?=E3=80=81registerUser=20=E7=9A=84=E7=9B=AE=E5=BD=95=EF=BC=8C?= =?UTF-8?q?=E6=96=B9=E4=BE=BF=E8=A6=86=E5=86=99=E5=92=8C=E7=90=86=E8=A7=A3?= =?UTF-8?q?=EF=BC=9B=E5=A2=9E=E5=8A=A0=20=E8=87=AA=E5=AE=9A=E4=B9=89?= =?UTF-8?q?=E4=B8=BB=E9=A2=98=E8=A7=86=E5=9B=BE=20=E7=9A=84=20readme.txt?= =?UTF-8?q?=20=E5=B8=AE=E5=8A=A9=E6=96=87=E4=BB=B6=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../modules/sys/web/AccountController.java | 29 ++++++++++--------- .../resources/static/modules/sys/forgetPwd.js | 1 - .../static/modules/sys/registerUser.js | 1 - parent/pom.xml | 2 +- 4 files changed, 16 insertions(+), 17 deletions(-) diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java index d8d37043..afb8867b 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java @@ -140,13 +140,14 @@ public class AccountController extends BaseController{ @ApiImplicitParam(name = "password", value = "新密码", required = true, paramType="query", type="String"), }) public String savePwdByValidCode(User user, String fpValidCode, HttpServletRequest request) { + String userCode = UserUtils.getCache("fp" + "UserCode"); String s = validValidCode("fp", user.getLoginCode(), fpValidCode, request); if (s != null) { return s; } // 更新为新密码 try{ - userService.updatePassword(user.getUserCode(), user.getPassword()); + userService.updatePassword(userCode, user.getPassword()); }catch(ServiceException se){ return renderResult(Global.FALSE, se.getMessage()); } @@ -200,9 +201,9 @@ public class AccountController extends BaseController{ * @author ThinkGem */ private String validValidCode(String type, String loginCode, String loginValidCode, HttpServletRequest request) { - String userCode = (String)UserUtils.getCache(type + "UserCode"); - String loginCode2 = (String)UserUtils.getCache(type + "LoginCode"); - String validCode = (String)UserUtils.getCache(type + "ValidCode"); + String userCode = UserUtils.getCache(type + "UserCode"); + String loginCode2 = UserUtils.getCache(type + "LoginCode"); + String validCode = UserUtils.getCache(type + "ValidCode"); Date date = (Date)UserUtils.getCache(type + "LastDate"); // 一同验证保存的用户名和验证码是否正确(如果只校验验证码,不验证用户名,则会有获取验证码后修改用户名的漏洞) @@ -290,8 +291,8 @@ public class AccountController extends BaseController{ @ApiImplicitParam(name = "password", value = "新密码", required = true, paramType="query", type="String"), }) public String savePwdByPwdQuestion(User user, HttpServletRequest request) { - String userCode = (String)UserUtils.getCache("fpUserCode"); - String loginCode = (String)UserUtils.getCache("fpLoginCode"); + String userCode = UserUtils.getCache("fpUserCode"); + String loginCode = UserUtils.getCache("fpLoginCode"); // 一同验证保存的用户名和验证码是否正确(如果只校验验证码,不验证用户名,则会有获取验证码后修改用户名的漏洞) if (!(userCode != null && loginCode != null && loginCode.equals(user.getLoginCode()))){ @@ -426,14 +427,14 @@ public class AccountController extends BaseController{ if (!"true".equals(Global.getConfig("sys.account.registerUser"))){ return renderResult(Global.FALSE, text("当前系统没有开启注册功能!")); } - String corpCode = (String)UserUtils.getCache("regCorpCode"); - String corpName = (String)UserUtils.getCache("regCorpName"); - String userType = (String)UserUtils.getCache("regUserType"); - String loginCode = (String)UserUtils.getCache("regLoginCode"); - String userName = (String)UserUtils.getCache("regUserName"); - String email = (String)UserUtils.getCache("regEmail"); - String mobile = (String)UserUtils.getCache("regMobile"); - String validCode = (String)UserUtils.getCache("regValidCode"); + String corpCode = UserUtils.getCache("regCorpCode"); + String corpName = UserUtils.getCache("regCorpName"); + String userType = UserUtils.getCache("regUserType"); + String loginCode = UserUtils.getCache("regLoginCode"); + String userName = UserUtils.getCache("regUserName"); + String email = UserUtils.getCache("regEmail"); + String mobile = UserUtils.getCache("regMobile"); + String validCode = UserUtils.getCache("regValidCode"); Date date = (Date)UserUtils.getCache("regLastDate"); // 一同验证保存的用户名和验证码是否正确(如果只校验验证码,不验证用户名,则会有获取验证码后修改用户名的漏洞) diff --git a/modules/core/src/main/resources/static/modules/sys/forgetPwd.js b/modules/core/src/main/resources/static/modules/sys/forgetPwd.js index 156ac1b0..e0edf756 100644 --- a/modules/core/src/main/resources/static/modules/sys/forgetPwd.js +++ b/modules/core/src/main/resources/static/modules/sys/forgetPwd.js @@ -81,7 +81,6 @@ $(function(){ location = ctx + '/login'; }else{ js.showMessage(data.message); - $('#forgetForm').reset(); } }); } diff --git a/modules/core/src/main/resources/static/modules/sys/registerUser.js b/modules/core/src/main/resources/static/modules/sys/registerUser.js index 205f4bc3..41e0c90a 100644 --- a/modules/core/src/main/resources/static/modules/sys/registerUser.js +++ b/modules/core/src/main/resources/static/modules/sys/registerUser.js @@ -73,7 +73,6 @@ $(function(){ location = ctx + '/login'; }else{ js.showMessage(data.message); - $('#registerForm').reset(); } }); } diff --git a/parent/pom.xml b/parent/pom.xml index 516c5ea6..054e2fe1 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -48,7 +48,7 @@ 3.5.5 2.0.5 3.2 - 1.1.23 + 1.1.22 1.6.0 2.8.0-release 3.1-SNAPSHOT