找回密码后端加验证

6 years ago · 66a1a9027a
parent 1780153ba2
commit 66a1a9027a
3 changed files with 22 additions and 11 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -685,7 +685,7 @@ class AccountController < ApplicationController
      else
        code = VerificationCode.where(:email => params[:phone], :code => params[:code], :code_type => params[:type].to_i).last
      end
-      req[:valid] = !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
+
    end
    render :json => req
  end
@ -1183,24 +1183,31 @@ class AccountController < ApplicationController
  def reset_psd
    if params[:lost_psd_phone] && params[:lost_psd_phone].strip != ""
      @user = User.where("phone = '#{params[:lost_psd_phone].to_s}'").first
+      code = VerificationCode.where(:phone => params[:lost_psd_phone], :code => params[:code], :code_type => 2).last
+
    elsif params[:lost_psd_email] && params[:lost_psd_email].strip != ""
      @user = User.where("mail = '#{params[:lost_psd_email].to_s}'").first
+      code = VerificationCode.where(:email => params[:lost_psd_email], :code => params[:code], :code_type => 3).last
    end

-    if @user.present?
-      @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
-      if @user.save
-        Token.where(:user_id => @user, :action => "recovery").destroy_all
-        respond_to do |format|
-          format.js
+    if !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
+      if @user.present?
+        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
+        if @user.save
+          Token.where(:user_id => @user, :action => "recovery").destroy_all
+          respond_to do |format|
+            format.js
+          end
+        else
+          redirect_to signin_path
+          return
        end
      else
        redirect_to signin_path
        return
      end
    else
-      redirect_to signin_path
-      return
+      @status = 0
    end
  end

--- a/app/views/account/lost_password.html.erb
+++ b/app/views/account/lost_password.html.erb
@ -28,7 +28,7 @@
          <div style="height: 25px"><p class="color-orange edu-txt-left none" id="reset_password_confirmation_notice">两次输入的密码不一致</p></div>

          <p class="clearfix mt10">
-            <input type="text" class="input-48-45 edu-txt-center fl" id="lost_psd_ver_code" placeholder="请输入验证码"/>
+            <input type="text" class="input-48-45 edu-txt-center fl" name="code" id="lost_psd_ver_code" placeholder="请输入验证码"/>
            <a href="javascript:void(0);" disabled onclick="get_lost_psd_code(this);" class="gain-code" id="lost_psd_get_code">获取验证码</a>
            <div style="height: 25px">
              <p class="color-orange edu-txt-left none" id="lost_psd_input_testcode">发送验证码</p>
--- a/app/views/account/reset_psd.js.erb
+++ b/app/views/account/reset_psd.js.erb
@ -1 +1,5 @@
-notice_box_redirect("<%= signin_path %>", "登录密码已重置，请重新登录");
+<% if @status.present? %>
+notice_box("验证码有误，请重新输入");
+<% else %>
+notice_box_redirect("<%= signin_path %>", "登录密码已重置，请重新登录");
+<% end %>