From b9766d0c7b72bc6690771c4753c06c613d28ed99 Mon Sep 17 00:00:00 2001
From: tao <changlin_zhao@qq.com>
Date: Sat, 25 Dec 2021 13:52:30 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=90=8E=E5=8F=B0=E7=A7=98?=
 =?UTF-8?q?=E5=AF=86=E4=BF=AE=E6=94=B9=EF=BC=8C=E5=89=8D=E5=8F=B0=E6=96=87?=
 =?UTF-8?q?=E7=AB=A0=E8=AF=84=E8=AE=BA=E7=8A=B6=E6=80=81=E5=88=A4=E6=96=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                              |   4 +-
 addons/gitee - 快捷方式.lnk            | Bin 0 -> 687 bytes
 app/admin/controller/Admin.php         |  38 +++++------------
 app/admin/model/Admin.php              |  54 ++++++++++++++++++++++---
 app/common/model/User.php              |   1 +
 app/index/controller/Article.php       |  10 +++--
 config/taoler.php                      |   2 +-
 view/taoler/index/public/.gitignore    |   2 +-
 view/taoler/index/public/user-nav.html |   6 ---
 9 files changed, 72 insertions(+), 45 deletions(-)
 create mode 100644 addons/gitee - 快捷方式.lnk

diff --git a/README.md b/README.md
index d08d74c..c9aac95 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@
 > TaoLer是一个简单迅捷的轻论坛系统，适用于个人或组织区域型信息交流发布平台。
 
  * 官网：https://www.aieok.com
- * 版本：TaoLer 1.8.16
- * 日期：2021.12.21
+ * 版本：TaoLer 1.8.17
+ * 日期：2021.12.25
  
  webman版新架构已适配90%
 
diff --git a/addons/gitee - 快捷方式.lnk b/addons/gitee - 快捷方式.lnk
new file mode 100644
index 0000000000000000000000000000000000000000..722009e71eb4e2dd7dd2d57d6aac021d84104e2f
GIT binary patch
literal 687
zcmeZaU|?VrVFHp23<tm@gIhNP2ZI2RUHPUcE9}N~#-5cOJ&S)_XWX@Mi_d%@4VDDT
zGeXqE$$AD62Kj&o{udNpS!D_=y1~JqZD250l0o0qDh93y!3bb51aoEt?{X4gNY5-u
zO=YlQ;ACK7c)u?<INt~)t_M`%2v)_0&<JL^$tf_VGh{N9Fr)$@1JG&)25TUe0b-ED
zKs3aB1_mo2TNH?yf!M4=xeMgEi_6b%U;sJ{VlM+LgB}pZfXM`i(ghJf8U%6@3rg|}
zbkofX3M|ab6B%B}M1DW}M!<i`&f>PX*>C%%e+n_0?EFS>hm^<jTbeAl2+5lR-N(tm
zu)q{(wqbBU@LPkux11R|-IxEkAiShFO-T|co&vI19*9|h*cIplSP0et`5;XOA62)%
zcb5`a`jIK2XWr{IvOsYzAO>p!1r~DPfIQC+l5_wOM|Xgu6=V&_bhtI`so(r8BOyV>
z2a<3AVtAwj*`SyJ*}W_)S;KbfCBd!N7!LT~l(?V@6qf^Hut`9lK^=_j0+1{NgC!7y
y4A>}^>$0}Dz+<_GgWeL`iXM>TGe8PFfH;lYw<B@QMVA%-dFM6tp9=?x!vFw+517;d

literal 0
HcmV?d00001

diff --git a/app/admin/controller/Admin.php b/app/admin/controller/Admin.php
index a3348d5..8add350 100644
--- a/app/admin/controller/Admin.php
+++ b/app/admin/controller/Admin.php
@@ -176,34 +176,18 @@ class Admin extends AdminController
 		return View::fetch('set/user/repass');
     }
 	
-	//密码重设
-    public function repassSet()
-    {
-		$admin = AdminModel::find(Session::get('admin_id'));
-        if(Request::isAjax()){
-			$data = Request::param();
-			$salt = substr(md5(strtotime($admin['create_time'])),-6);
-			$pwd = substr_replace(md5($data['oldPassword']),$salt,0,6);
-			$data['oldPassword'] = md5($pwd);
-			if($admin['password'] != $data['oldPassword']){
-				return json(['code'=>-1,'msg'=>'当前密码错误']);
-			} elseif($data['password'] != $data['repassword']){
-					 return json(['code'=>-1,'msg'=>'两次密码不一致']);
-			} else {
-				$password = md5(substr_replace(md5($data['password']),$salt,0,6));
-				$result = $admin->update([
-				'id'	=>	$admin['id'],
-				'password' =>	$password
-				]);
-				if($result){
-					$res = ['code'=>0,'msg'=>'更新成功'];
-				} else {
-					$res = ['code'=>-1,'msg'=>'更新失败'];
-				}
-				return json($res);
-			}
+    //修改密码
+	public function repassSet() 
+	{
+		if(Request::isAjax()){
+			$data = Request::only(['oldPassword','password','repassword']);
+			$data['admin_id'] = $this->aid;
+			
+			$admin = new AdminModel;
+			$res = $admin->setpass($data);
+			return $res;
 		}
-    }
+	}
 	
 	//清除缓存Cache
 	public function clearCache(){
diff --git a/app/admin/model/Admin.php b/app/admin/model/Admin.php
index c7ed036..50b17b5 100644
--- a/app/admin/model/Admin.php
+++ b/app/admin/model/Admin.php
@@ -16,6 +16,12 @@ class Admin extends Model
     use SoftDelete;
     protected $deleteTime = 'delete_time';
     protected $defaultSoftDelete = 0;
+	protected $createTime = 'false';
+	
+	//自动对password进行md5加密
+    protected function setPasswordAttr($value){
+        return md5($value);
+    }
 	
 	//管理员关联角色
 /*
@@ -45,17 +51,19 @@ class Admin extends Model
     public function login($data)
     {
         //查询用户
-        $admin = Db::name('admin')->where('username',$data['username'])->where('delete_time',0)->find();
+        $admin = $this->where('username',$data['username'])->where('delete_time',0)->find();
+
 		if(is_null($admin)){
-			return '用户名或密码错误';
+			return json(['code'=>-1,'msg'=>'用户名或密码错误']);
 		}
 		if($admin['status'] !=1){
-			return '用户被禁用或未审核,请联系管理员';
+			return json(['code' => -1,'msg'=> '用户被禁用或未审核,请联系管理员']);
 		}
 		//对输入的密码字段进行MD5加密，再进行数据库的查询
 		$salt = substr(md5($admin['create_time']),-6);
 		$pwd = substr_replace(md5($data['password']),$salt,0,6);
 		$data['password'] = md5($pwd);
+		
         if($admin['password'] == $data['password']){
 			
 			//将用户数据写入Session
@@ -77,9 +85,45 @@ class Admin extends Model
                 );
 					
             //用户名密码正确返回1
-            return 1;
+            $res = ['code'=>0,'msg'=>'登陆成功', 'url'=>(string) url('index/index')];
         } else {
-			return "用户名或密码错误！";
+			$res = ['code'=>-1,'msg'=>'用户名或密码错误','url'=>(string) url('admin/login')];
 		}
+		return json($res);
     }
+	
+	//修改密码
+	public function setpass($data)
+	{
+		$admin = $this->find($data['admin_id']);
+		$salt = substr(md5($admin['create_time']),-6);
+		$oldPassword = $this->pass($salt,$data['oldPassword']);
+		if($oldPassword != $admin['password']){
+			return json(['code'=>-1,'msg'=>'当前密码错误']);
+		}
+		
+		if($data['password'] != $data['repassword']){
+			return json(['code'=>-1,'msg'=>'两次密码不一致']);
+		}
+
+		$data['password'] = substr_replace(md5($data['password']),$salt,0,6); 
+		$admin->password = $data['password'];
+		$result = $admin->save();
+		
+		if($result){
+			$res = ['code'=>0,'msg'=>'修改密码成功'];
+		} else {
+			$res = ['code'=>-1,'msg'=>'修改密码失败'];
+		}
+		
+		return json($res);
+	}
+	
+	//加密规则 加密字符串，原始秘密
+	protected function pass($salt, $pass)
+	{
+		$pwd = substr_replace(md5($pass),$salt,0,6);
+		return md5($pwd);
+	}
+	
 }
diff --git a/app/common/model/User.php b/app/common/model/User.php
index 4e1584e..a6dced7 100644
--- a/app/common/model/User.php
+++ b/app/common/model/User.php
@@ -155,6 +155,7 @@ class User extends Model
 		$user = $this->find($data['user_id']);
 		$salt = substr(md5($user['create_time']),-6);
 		$pwd = substr_replace(md5($data['nowpass']),$salt,0,6);
+		//原注册密码加密规则
 		$data['nowpass'] = md5($pwd);
 		$result = $data['nowpass'] == $user['password'];
 		if(!$result){
diff --git a/app/index/controller/Article.php b/app/index/controller/Article.php
index 77593da..7f173a6 100644
--- a/app/index/controller/Article.php
+++ b/app/index/controller/Article.php
@@ -84,12 +84,12 @@ class Article extends BaseController
 		$page = input('page') ? input('page') : 1;
         $article = new ArticleModel();
         $artDetail = $article->getArtDetail($id);
-		$arId = $artDetail->cate->id;
-		$tpl = Db::name('cate')->where('id',$arId)->value('detpl');
-		if(!$artDetail){
+		if(is_null($artDetail)){
 			// 抛出 HTTP 异常
 			throw new \think\exception\HttpException(404, '异常消息');
 		}
+		$arId = $artDetail->cate->id;
+		$tpl = Db::name('cate')->where('id',$arId)->value('detpl');
 		$comments = $artDetail->comments()->where('status',1)->order(['cai'=>'asc','create_time'=>'asc'])->paginate(['list_rows'=>10, 'page'=>$page]);
         //$comment = new \app\common\model\Comment();
         //$comments = $comment->getComment($id);
@@ -119,6 +119,10 @@ class Article extends BaseController
 			//获取评论
 			$data = Request::only(['content','article_id','user_id']);
 			$sendId = $data['user_id'];
+			$art = Db::name('article')->field('id,status,is_reply,delete_time')->find($data['article_id']);
+			if($art['delete_time'] != 0 || $art['status'] != 1 || $art['is_reply'] != 1){
+				return json(['code'=>-1, 'msg'=>'评论不可用状态']);
+			}
 			if(empty($data['content'])){
 				return json(['code'=>0, 'msg'=>'评论不能为空！']);
 			}
diff --git a/config/taoler.php b/config/taoler.php
index 3193b69..c65cb27 100644
--- a/config/taoler.php
+++ b/config/taoler.php
@@ -7,7 +7,7 @@ return [
 	//应用名,此项不可更改
 	'appname'	=> 'TaoLer',
     //版本配置
-    'version'   => '1.8.15',
+    'version'   => '1.8.17',
 	//加盐
 	'salt'		=> 'taoler',
 	//数据库备份目录
diff --git a/view/taoler/index/public/.gitignore b/view/taoler/index/public/.gitignore
index 28f97bf..f935021 100644
--- a/view/taoler/index/public/.gitignore
+++ b/view/taoler/index/public/.gitignore
@@ -1 +1 @@
-user-nav.html
\ No newline at end of file
+!.gitignore
diff --git a/view/taoler/index/public/user-nav.html b/view/taoler/index/public/user-nav.html
index b047eff..f8776de 100644
--- a/view/taoler/index/public/user-nav.html
+++ b/view/taoler/index/public/user-nav.html
@@ -23,12 +23,6 @@
       {:lang('my message')}
     </a>
   </li>
-  <li class="layui-nav-item {if($Request.action=='key')}layui-this{/if}">
-    <a href="{:url('Api/key')}">
-      <i class="layui-icon layui-icon-vercode"></i>
-      {:lang('my auth')}
-    </a>
-  </li>
   <li class="layui-nav-item">
     <a href="{:url('user/home',['id'=>session('user_id')])}">
       <i class="layui-icon layui-icon-home"></i>