Merge branch 'zhaoyue-dev3' into 'master'

MOD admin pass See merge request !35

Merge branch 'zhaoyue-dev3' into 'master'
MOD admin pass See merge request !35
zhaoyue
Commit 69d9b4d29944ed9c854594906bc872133594a797 2 parents 78ed5479 d1261131
Showing 1 changed file with 10 additions and 5 deletions
src/main/java/com/xkl/controller/uspih/AdminAccountController.java
--- a/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @69d9b4d
+++ b/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @69d9b4d
@@ -55,10 +55,10 @@ public class AdminAccountController {
         //未注册
         if (admin == null) {
             //提示用户名或密码错误
-             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR),HttpStatus.OK);
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
         String salt = admin.getSalt();
-         String adminType  = Integer.toString(admin.getType());
+         String adminType = Integer.toString(admin.getType());
         String str = account + password + adminType + salt; // 构建待加密字符串
         String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
 
@@ -68,7 +68,7 @@ public class AdminAccountController {
         if (!calcuPass.equals(pass_in_db) ||//密码错误
                 admin.getStatus() != 1) {//用户无效
             //提示用户名或密码错误
-             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR),HttpStatus.OK);
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
 
         //生成一个token，保存用户登录状态
@@ -101,16 +101,21 @@ public class AdminAccountController {
             //提示用户名或密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
+ 
         String salt = admin.getSalt();
+         String adminType = Integer.toString(admin.getType());
+         String str = account + password + adminType + salt; // 构建待加密字符串
+         String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
+ 
         String pass_in_db = admin.getPwd();
-         String calcuPass = SecurityTool.getPassword(account, password, salt);
         if (!calcuPass.equals(pass_in_db) ||//密码错误
                 admin.getStatus() != 1) {//用户无效
             //提示用户名或密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
         salt = SecurityTool.genSalt();
-         String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt);
+         str = account + newpwd + adminType + salt; // 构建待加密字符串
+         String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
         admin.setPwd(pass2Db);
         admin.setSalt(salt);
         adminRepository.save(admin);