From 59a9c0d3950f56815d245970fadea53f9df34320 Mon Sep 17 00:00:00 2001 From: pbootcms Date: Sat, 27 Jun 2026 01:20:35 +0800 Subject: [PATCH 1/2] =?UTF-8?q?fix=20#38=20=E4=BF=AE=E5=A4=8D=E6=89=BE?= =?UTF-8?q?=E5=9B=9E=E5=AF=86=E7=A0=81=E9=AA=8C=E8=AF=81=E7=A0=81=E4=B8=B2?= =?UTF-8?q?=E6=89=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/home/controller/MemberController.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/home/controller/MemberController.php b/apps/home/controller/MemberController.php index 9775763..7e4ddf6 100644 --- a/apps/home/controller/MemberController.php +++ b/apps/home/controller/MemberController.php @@ -270,7 +270,7 @@ public function retrieve(){ if (! $checkcode) { alert_back('验证码不能为空!'); } - if ($checkcode != session('checkcode')) { + if ($checkcode != session('retrieve_checkcode')) { alert_back('验证码错误!'); } $where = ['username' => $username]; @@ -278,14 +278,14 @@ public function retrieve(){ if(!$userInfo){ alert_back('该用户不存在!'); } - if(!empty($userInfo['useremail']) && $userInfo['useremail'] != $email){ + if(empty($userInfo['useremail']) || strcasecmp($userInfo['useremail'], $email) !== 0){ alert_back('与注册邮箱不匹配,请联系管理员!'); } $data = [ - 'useremail' => $email, 'password' => md5(md5($password)) ]; $this->model->updatePassword($where,$data); + unset($_SESSION['retrieve_checkcode']); alert_location('修改成功!', Url::home('member/login'), 1); } else { $content = parent::parser($this->htmldir . 'member/retrieve.html'); // 框架标签解析 @@ -499,7 +499,7 @@ public function sendEmail() session('lastsend', time()); // 记录最后提交时间 $mail_subject = "【" . CMSNAME . "】您有新的验证码信息,请注意查收!"; $code = create_code(4); - session('checkcode', strtolower($code)); + session($retrieve ? 'retrieve_checkcode' : 'checkcode', strtolower($code)); $mail_body = "您的验证码为:" . $code; $mail_body .= '
来自网站 ' . get_http_url() . ' (' . date('Y-m-d H:i:s') . ')'; $rs = sendmail($this->config(), $to, $mail_subject, $mail_body); @@ -562,4 +562,4 @@ public function _empty() { _404('您访问的地址不存在,请核对再试!'); } -} \ No newline at end of file +} From 483ee38f25c5b89563fb1ca90b5344d3c88d292e Mon Sep 17 00:00:00 2001 From: pbootcms Date: Sat, 27 Jun 2026 14:08:11 +0800 Subject: [PATCH 2/2] =?UTF-8?q?fix=20#38=20=E7=BB=91=E5=AE=9A=E6=89=BE?= =?UTF-8?q?=E5=9B=9E=E5=AF=86=E7=A0=81=E9=AA=8C=E8=AF=81=E7=A0=81=E9=82=AE?= =?UTF-8?q?=E7=AE=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/home/controller/MemberController.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/apps/home/controller/MemberController.php b/apps/home/controller/MemberController.php index 7e4ddf6..dc9ee4c 100644 --- a/apps/home/controller/MemberController.php +++ b/apps/home/controller/MemberController.php @@ -265,12 +265,15 @@ public function retrieve(){ // 验证码验证 $checkcode = strtolower(post('checkcode', 'var')); $email = post('email'); + $retrieve_email = strtolower(trim($email)); $username = post('username'); $password = post('password'); if (! $checkcode) { alert_back('验证码不能为空!'); } - if ($checkcode != session('retrieve_checkcode')) { + $retrieve_checkcode = session('retrieve_checkcode'); + $session_retrieve_email = session('retrieve_email'); + if (! $retrieve_checkcode || ! $session_retrieve_email || $checkcode != $retrieve_checkcode || $retrieve_email != $session_retrieve_email) { alert_back('验证码错误!'); } $where = ['username' => $username]; @@ -286,6 +289,7 @@ public function retrieve(){ ]; $this->model->updatePassword($where,$data); unset($_SESSION['retrieve_checkcode']); + unset($_SESSION['retrieve_email']); alert_location('修改成功!', Url::home('member/login'), 1); } else { $content = parent::parser($this->htmldir . 'member/retrieve.html'); // 框架标签解析 @@ -500,6 +504,9 @@ public function sendEmail() $mail_subject = "【" . CMSNAME . "】您有新的验证码信息,请注意查收!"; $code = create_code(4); session($retrieve ? 'retrieve_checkcode' : 'checkcode', strtolower($code)); + if ($retrieve) { + session('retrieve_email', strtolower(trim($to))); + } $mail_body = "您的验证码为:" . $code; $mail_body .= '
来自网站 ' . get_http_url() . ' (' . date('Y-m-d H:i:s') . ')'; $rs = sendmail($this->config(), $to, $mail_subject, $mail_body);