diff --git a/controllers/AccountController.go b/controllers/AccountController.go index 8cdfc2e8..d5672482 100644 --- a/controllers/AccountController.go +++ b/controllers/AccountController.go @@ -8,7 +8,6 @@ import ( "github.com/lifei6671/mindoc/mail" "github.com/astaxie/beego" - "github.com/astaxie/beego/logs" "github.com/lifei6671/gocaptcha" "github.com/lifei6671/mindoc/conf" "github.com/lifei6671/mindoc/models" @@ -25,7 +24,6 @@ func (c *AccountController) Login() { c.Prepare() c.TplName = "account/login.tpl" - if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { u := c.GetString("url") if u == "" { @@ -34,7 +32,7 @@ func (c *AccountController) Login() { if u == "" { u = conf.URLFor("HomeController.Index") } - c.Redirect(u,302) + c.Redirect(u, 302) } var remember CookieRemember // 如果 Cookie 中存在登录信息 @@ -62,6 +60,10 @@ func (c *AccountController) Login() { } } + if account == "" || password == "" { + c.JsonResult(6002, "账号或密码不能为空") + } + member, err := models.NewMember().Login(account, password) if err == nil { member.LastLoginTime = time.Now() @@ -75,10 +77,10 @@ func (c *AccountController) Login() { remember.Time = time.Now() v, err := utils.Encode(remember) if err == nil { - c.SetSecureCookie(conf.GetAppKey(), "login", v,time.Now().Add(time.Hour * 24 * 30).Unix()) + c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour * 24 * 30).Unix()) } } - u,_ := url.PathUnescape(c.GetString("url")) + u, _ := url.PathUnescape(c.GetString("url")) if u == "" { u = c.Ctx.Request.Header.Get("Referer") } @@ -88,11 +90,11 @@ func (c *AccountController) Login() { c.JsonResult(0, "ok", u) } else { - logs.Error("用户登录 =>", err) + beego.Error("用户登录 ->", err) c.JsonResult(500, "账号或密码错误", nil) } - }else{ - u,_ := url.PathUnescape(c.GetString("url")) + } else { + u, _ := url.PathUnescape(c.GetString("url")) if u == "" { u = c.Ctx.Request.Header.Get("Referer") } @@ -130,7 +132,7 @@ func (c *AccountController) Register() { //如果用户登录了,则跳转到网站首页 if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { - c.Redirect(conf.URLFor("HomeController.Index"),302) + c.Redirect(conf.URLFor("HomeController.Index"), 302) } // 如果没有开启用户注册 if v, ok := c.Option["ENABLED_REGISTER"]; ok && !strings.EqualFold(v, "true") { @@ -244,7 +246,7 @@ func (c *AccountController) FindPassword() { data := map[string]interface{}{ "SITE_NAME": c.Option["SITE_NAME"], "url": conf.URLFor("AccountController.FindPassword", "token", member_token.Token, "mail", email), - "BaseUrl": c.BaseUrl(), + "BaseUrl": c.BaseUrl(), } body, err := c.ExecuteViewPathTemplate("account/mail_template.tpl", data) @@ -261,7 +263,7 @@ func (c *AccountController) FindPassword() { Host: mailConf.SmtpHost, Port: mailConf.SmtpPort, Secure: mailConf.Secure, - Identity:"", + Identity: "", } beego.Info(mailConfig) @@ -406,7 +408,7 @@ func (c *AccountController) Logout() { u := c.Ctx.Request.Header.Get("Referer") - c.Redirect(conf.URLFor("AccountController.Login","url",u), 302) + c.Redirect(conf.URLFor("AccountController.Login", "url", u), 302) } // 验证码 diff --git a/utils/password.go b/utils/password.go index a3d30d31..fc445f87 100644 --- a/utils/password.go +++ b/utils/password.go @@ -23,24 +23,24 @@ const ( //加密密码 func PasswordHash(pass string) (string, error) { - salt_secret, err := salt_secret() + saltSecret, err := salt_secret() if err != nil { return "", err } - salt, err := salt(salt_local_secret + salt_secret) + salt, err := salt(salt_local_secret + saltSecret) if err != nil { return "", err } interation := randInt(1, 20) - hash, err := hash(pass, salt_secret, salt, int64(interation)) + hash, err := hash(pass, saltSecret, salt, int64(interation)) if err != nil { return "", err } - interation_string := strconv.Itoa(interation) - password := salt_secret + delmiter + interation_string + delmiter + hash + delmiter + salt + interationString := strconv.Itoa(interation) + password := saltSecret + delmiter + interationString + delmiter + hash + delmiter + salt return password, nil @@ -48,7 +48,7 @@ func PasswordHash(pass string) (string, error) { //校验密码是否有效 func PasswordVerify(hashing string, pass string) (bool, error) { - data := trim_salt_hash(hashing) + data := trimSaltHash(hashing) interation, _ := strconv.ParseInt(data["interation_string"], 10, 64) @@ -66,40 +66,48 @@ func PasswordVerify(hashing string, pass string) (bool, error) { } func hash(pass string, salt_secret string, salt string, interation int64) (string, error) { - var pass_salt string = salt_secret + pass + salt + salt_secret + pass + salt + pass + pass + salt + var passSalt = salt_secret + pass + salt + salt_secret + pass + salt + pass + pass + salt var i int - hash_pass := salt_local_secret - hash_start := sha512.New() - hash_center := sha256.New() - hash_output := sha256.New224() + hashPass := salt_local_secret + hashStart := sha512.New() + hashCenter := sha256.New() + hashOutput := sha256.New224() i = 0 for i <= stretching_password { i = i + 1 - hash_start.Write([]byte(pass_salt + hash_pass)) - hash_pass = hex.EncodeToString(hash_start.Sum(nil)) + _, err := hashStart.Write([]byte(passSalt + hashPass)) + if err != nil { + return "", err + } + hashPass = hex.EncodeToString(hashStart.Sum(nil)) } i = 0 for int64(i) <= interation { i = i + 1 - hash_pass = hash_pass + hash_pass + hashPass = hashPass + hashPass } i = 0 for i <= stretching_password { i = i + 1 - hash_center.Write([]byte(hash_pass + salt_secret)) - hash_pass = hex.EncodeToString(hash_center.Sum(nil)) + _, err := hashCenter.Write([]byte(hashPass + salt_secret)) + if err != nil { + return "", err + } + hashPass = hex.EncodeToString(hashCenter.Sum(nil)) } - hash_output.Write([]byte(hash_pass + salt_local_secret)) - hash_pass = hex.EncodeToString(hash_output.Sum(nil)) + if _,err := hashOutput.Write([]byte(hashPass + salt_local_secret)); err != nil { + return "", err + } + hashPass = hex.EncodeToString(hashOutput.Sum(nil)) - return hash_pass, nil + return hashPass, nil } -func trim_salt_hash(hash string) map[string]string { +func trimSaltHash(hash string) map[string]string { str := strings.Split(hash, delmiter) return map[string]string{