Merge branch 'dev1.4.1' of http://192.168.3.207:10080/group3/qmx_admin into dev1.4.1

README.md

@@ -1,5 +1,5 @@
 # qmx_admin
 
 新企明星后台管理后端程序
-v1.4
-大会员自定义版本
+v1.4.1
+登录安全修改：登录和用户管理添加用户时增加短信验证码

src/github.com/baiy/Cadmin-server-go/models/user/user.go

@@ -66,6 +66,10 @@ func Add(username, password string, status int, description string, phone string
 	if exist.Id > 0 {
 		return errors.New(fmt.Sprintf("[%s] 用户已经存在", username))
 	}
+	phoneExist, _ := GetByPhone(phone)
+	if phoneExist.Id > 0 {
+		return errors.New(fmt.Sprintf("[%s] 手机号已经存在", phone))
+	}
 	_, err := models.Db.Insert("admin_user").Rows(
 		goqu.Record{"username": username, "password": password, "status": status, "description": description, "phone": phone},
 	).Executor().Exec()
@@ -77,6 +81,10 @@ func Updata(id int, username, password string, status int, description string, p
 	if exist.Id > 0 && exist.Id != id {
 		return errors.New(fmt.Sprintf("[%s] 用户已经存在", username))
 	}
+	phoneExist, _ := GetByPhone(phone)
+	if phoneExist.Id > 0 && phoneExist.Id != id {
+		return errors.New(fmt.Sprintf("[%s] 手机号已经存在", phone))
+	}
 	record := goqu.Record{"username": username, "status": status, "description": description, "phone": phone}
 
 	if password != "" {

src/github.com/baiy/Cadmin-server-go/system/user/user.go

@@ -2,6 +2,10 @@ package user
 
 import (
 	"errors"
+	"github.com/gorilla/sessions"
+	"log"
+	"qfw/util"
+	"time"
 
 	thisModel "github.com/baiy/Cadmin-server-go/models/user"
 
@@ -9,9 +13,12 @@ import (
 	"github.com/baiy/Cadmin-server-go/system/utils"
 
 	"github.com/baiy/Cadmin-server-go/admin"
+	index_ "github.com/baiy/Cadmin-server-go/system/index"
 	"github.com/doug-martin/goqu/v9"
 )
 
+var store = sessions.NewCookieStore([]byte("something-very-secret-save"))
+
 func Lists(context *admin.Context) (interface{}, error) {
 	userId := context.User.Id
 	param := new(struct {
@@ -63,6 +70,8 @@ func Save(context *admin.Context) (interface{}, error) {
 		Description string `form:"description"`
 		Status      int    `form:"status"  validate:"required"`
 		Phone       string `form:"phone" `
+		PhoneCode   string `form:"phoneCode"`
+		LoginType   string `form:"loginType"`
 	})
 
 	err := context.Form(param)
@@ -73,6 +82,28 @@ func Save(context *admin.Context) (interface{}, error) {
 	if param.Password != "" {
 		password = string(admin.Passworder.Hash([]byte(param.Password)))
 	}
+	if param.LoginType == "2" { //点击发送手机验证码
+		_, err := thisModel.GetByPhone(param.Phone)
+		if err == nil {
+			return nil, errors.New("手机号已绑定其他账号")
+		}
+		if SendPhoneIdentCode(context, param.Phone) {
+			return map[string]interface{}{"status": 3}, nil
+		} else {
+			return nil, errors.New("手机验证码发送失败")
+		}
+	} else if param.LoginType == "3" { //验证手机验证码
+		session, err := store.Get(context.HttpRequest, "qmx_phone_code_save")
+		if err != nil {
+			log.Println("phone-session2获取失败")
+			return nil, nil
+		}
+		phoneCode := util.ObjToString(session.Values["code"])
+		// phone := util.ObjToString(session.Values["phone"])
+		if phoneCode != param.PhoneCode {
+			return nil, errors.New("手机验证码错误")
+		}
+	}
 	if param.Id == 0 {
 		if param.Password == "" {
 			return nil, errors.New("添加用户密码不能为空")
@@ -82,6 +113,35 @@ func Save(context *admin.Context) (interface{}, error) {
 	return nil, thisModel.Updata(param.Id, param.Username, password, param.Status, param.Description, param.Phone)
 }
 
+//发送验证码
+func SendPhoneIdentCode(context *admin.Context, phone string) bool {
+	r := context.HttpRequest
+	w := context.HttpResponseWriter
+	session, err := store.Get(r, "qmx_phone_code_save")
+	if err != nil {
+		log.Println("phone-session1获取失败")
+		return false
+	}
+	lastSentTime := util.Int64All(session.Values["identCodeTime"])
+	//60秒之内不允许重复发
+	if lastSentTime > 0 && time.Now().Unix()-lastSentTime <= 60 {
+		return false
+	}
+	s_ranNum := util.GetRandom(6) //生成随机数
+	session.Values["code"] = s_ranNum
+	session.Values["phone"] = phone
+	session.Values["identCodeTime"] = time.Now().Unix()
+	session.Options.MaxAge = 300
+	if err := session.Save(r, w); err != nil {
+		log.Println("session1保存错误,验证码")
+	}
+	//发送短信
+	param := map[string]string{"code": s_ranNum}
+	log.Println("短信验证码", phone, s_ranNum)
+	index_.SendSMS("2828060", phone, param)
+	return true
+}
+
 func Remove(context *admin.Context) (interface{}, error) {
 	id, err := context.InputInt("id")
 	if err != nil {