From 66a1a9027aab1dad3a27c4c6f53d5f3cfd01f7ae Mon Sep 17 00:00:00 2001
From: cxt <853663049@qq.com>
Date: Mon, 8 Apr 2019 17:56:33 +0800
Subject: [PATCH] =?UTF-8?q?=E6=89=BE=E5=9B=9E=E5=AF=86=E7=A0=81=E5=90=8E?=
 =?UTF-8?q?=E7=AB=AF=E5=8A=A0=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/account_controller.rb    | 25 +++++++++++++++---------
 app/views/account/lost_password.html.erb |  2 +-
 app/views/account/reset_psd.js.erb       |  6 +++++-
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 0b4a5841..21b22de2 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -685,7 +685,7 @@ class AccountController < ApplicationController
       else
         code = VerificationCode.where(:email => params[:phone], :code => params[:code], :code_type => params[:type].to_i).last
       end
-      req[:valid] = !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
+
     end
     render :json => req
   end
@@ -1183,24 +1183,31 @@ class AccountController < ApplicationController
   def reset_psd
     if params[:lost_psd_phone] && params[:lost_psd_phone].strip != ""
       @user = User.where("phone = '#{params[:lost_psd_phone].to_s}'").first
+      code = VerificationCode.where(:phone => params[:lost_psd_phone], :code => params[:code], :code_type => 2).last
+
     elsif params[:lost_psd_email] && params[:lost_psd_email].strip != ""
       @user = User.where("mail = '#{params[:lost_psd_email].to_s}'").first
+      code = VerificationCode.where(:email => params[:lost_psd_email], :code => params[:code], :code_type => 3).last
     end
 
-    if @user.present?
-      @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
-      if @user.save
-        Token.where(:user_id => @user, :action => "recovery").destroy_all
-        respond_to do |format|
-          format.js
+    if !code.nil? && (Time.now.to_i - code.created_at.to_i) <= 10*60
+      if @user.present?
+        @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
+        if @user.save
+          Token.where(:user_id => @user, :action => "recovery").destroy_all
+          respond_to do |format|
+            format.js
+          end
+        else
+          redirect_to signin_path
+          return
         end
       else
         redirect_to signin_path
         return
       end
     else
-      redirect_to signin_path
-      return
+      @status = 0
     end
   end
 
diff --git a/app/views/account/lost_password.html.erb b/app/views/account/lost_password.html.erb
index cc6170f7..93e6615a 100644
--- a/app/views/account/lost_password.html.erb
+++ b/app/views/account/lost_password.html.erb
@@ -28,7 +28,7 @@
           <div style="height: 25px"><p class="color-orange edu-txt-left none" id="reset_password_confirmation_notice">两次输入的密码不一致</p></div>
 
           <p class="clearfix mt10">
-            <input type="text" class="input-48-45 edu-txt-center fl" id="lost_psd_ver_code" placeholder="请输入验证码"/>
+            <input type="text" class="input-48-45 edu-txt-center fl" name="code" id="lost_psd_ver_code" placeholder="请输入验证码"/>
             <a href="javascript:void(0);" disabled onclick="get_lost_psd_code(this);" class="gain-code" id="lost_psd_get_code">获取验证码</a>
             <div style="height: 25px">
               <p class="color-orange edu-txt-left none" id="lost_psd_input_testcode">发送验证码</p>
diff --git a/app/views/account/reset_psd.js.erb b/app/views/account/reset_psd.js.erb
index 851d151c..0e5143b2 100644
--- a/app/views/account/reset_psd.js.erb
+++ b/app/views/account/reset_psd.js.erb
@@ -1 +1,5 @@
-notice_box_redirect("<%= signin_path %>", "登录密码已重置，请重新登录");
\ No newline at end of file
+<% if @status.present? %>
+notice_box("验证码有误，请重新输入");
+<% else %>
+notice_box_redirect("<%= signin_path %>", "登录密码已重置，请重新登录");
+<% end %>
\ No newline at end of file