no message

.gitignore

@@ -15,3 +15,5 @@ npm-debug.log
 yarn-error.log
 public
 uploads/picture
+test.js
+test.php

app/Http/Controllers/Api/UsersController.php

@@ -56,7 +56,7 @@ class UsersController extends Controller
             if (empty($user)) {
                 return Base::retError('账号或密码错误。');
             }
-            if ($user['userpass'] != Base::md52($userpass)) {
+            if ($user['userpass'] != Base::md52($userpass, $user['encrypt'])) {
                 return Base::retError('账号或密码错误！');
             }
         }
@@ -259,12 +259,16 @@ class UsersController extends Controller
         }
         //
         if ($user['setpass']) {
-            $verify = DB::table('users')->where(['id'=>$user['id'], 'userpass'=>Base::md52($oldpass)])->count();
+            $verify = DB::table('users')->where(['id'=>$user['id'], 'userpass'=>Base::md52($oldpass, Users::token2encrypt())])->count();
             if (empty($verify)) {
                 return Base::retError('请填写正确的旧密码！');
             }
         }
-        DB::table('users')->where('id', $user['id'])->update(['encrypt' => Base::generatePassword(6), 'userpass'=>Base::md52($newpass)]);
+        $encrypt = Base::generatePassword(6);
+        DB::table('users')->where('id', $user['id'])->update([
+            'encrypt' => $encrypt,
+            'userpass' => Base::md52($newpass, $encrypt)
+        ]);
         return Base::retSuccess('修改成功');
     }
 

app/Module/Users.php

@@ -41,9 +41,11 @@ class Users
             return Base::retError('密码最多只能设置32位数！');
         }
         //开始注册
+        $encrypt = Base::generatePassword(6);
         $inArray = [
+            'encrypt' => $encrypt,
             'username' => $username,
-            'userpass' => Base::md52($userpass),
+            'userpass' => Base::md52($userpass, $encrypt),
             'regip' => Base::getIp(),
             'regdate' => Base::time()
         ];
@@ -123,6 +125,20 @@ class Users
     }
 
     /**
+     * token获取encrypt
+     * @return mixed|string
+     */
+    public static function token2encrypt()
+    {
+        $authorization = Base::getToken();
+        $encrypt = '';
+        if ($authorization) {
+            list($id, $username, $encrypt, $timestamp) = explode("@", base64_decode($authorization) . "@@@@");
+        }
+        return $encrypt ?: '';
+    }
+
+    /**
      * 用户身份认证（获取用户信息）
      * @return array|mixed
      */
@@ -181,10 +197,6 @@ class Users
      */
     public static function token($userinfo)
     {
-        if (strlen($userinfo['encrypt']) < 6) {
-            $userinfo['encrypt'] = Base::generatePassword(6);
-            DB::table('users')->where('id', $userinfo['id'])->update(['encrypt' => $userinfo['encrypt']]);
-        }
         return base64_encode($userinfo['id'] . '@' . $userinfo['username'] . '@' . $userinfo['encrypt'] . '@' . Base::time() . '@' . Base::generatePassword(6));
     }