20

2026-04-04 08:52:59 +08:00
parent 66bcd8061a
commit d98ac8f146
33 changed files with 2565 additions and 328 deletions
@@ -86,6 +86,7 @@ class AccountController extends Crud
        $username = $request->post('username', '');
        $this->removeLoginLimit($username);
        $password = $request->post('password', '');
+        $code = $request->post('code', '');
        if (!$username) {
            return $this->fail('用户名不能为空');
        }
@@ -94,26 +95,33 @@ class AccountController extends Crud
         * @var Admin $admin
         */
        $admin = Admin::where('username', $username)->find();
-        // if (!$admin || !Util::passwordVerify($password, $admin->password)) {
-        //     return $this->fail('账户不存在或密码错误');
-        // }
-        //$secret = $admin['totp_secret'] ?:'EJGYB7OZR2W46XRX7VB3PXHSOY4LUAWCA5GTDAVTWKHXNDAAAIIP7AQ3JSO3XZJNX5J5OTIDEQVKLYFYIYNAXSCYF4GNZ2EMA4ORA3Y';
-        //\support\Log::alert($admin['totp_secret']);
-        $totp = \OTPHP\TOTP::create($admin->totp_secret);
-        //$secret = $totp->getSecret();
-        //$totp->setLabel('cansnow');
-        //$totp->setIssuer('DVPN');
-        //$qrCodeUri =$totp->getProvisioningUri();
-        //cp($secret);
-        //cp($qrCodeUri);
-        //cp('https://api.qrtool.cn/?text='.urlencode($qrCodeUri));
-        //cp($totp->at(time()));
-        if (!$totp->verify($request->post('code', ''))) {
-            return $this->fail('当前账户暂时无法登录1');
-        }
        if ($admin->status != 1) {
            return $this->fail('当前账户暂时无法登录');
        }
+        if(!$code && !$password){
+            return $this->fail('请输入验证码或密码');
+        }
+        if($code){
+            //$secret = $admin['totp_secret'] ?:'EJGYB7OZR2W46XRX7VB3PXHSOY4LUAWCA5GTDAVTWKHXNDAAAIIP7AQ3JSO3XZJNX5J5OTIDEQVKLYFYIYNAXSCYF4GNZ2EMA4ORA3Y';
+            //\support\Log::alert($admin['totp_secret']);
+            $totp = \OTPHP\TOTP::create($admin->totp_secret);
+            //$secret = $totp->getSecret();
+            //$totp->setLabel('cansnow');
+            //$totp->setIssuer('DVPN');
+            //$qrCodeUri =$totp->getProvisioningUri();
+            //cp($secret);
+            //cp($qrCodeUri);
+            //cp('https://api.qrtool.cn/?text='.urlencode($qrCodeUri));
+            //cp($totp->at(time()));
+            if (!$totp->verify($code)) {
+                return $this->fail('动态密码错误');
+            }
+        }
+        if($password){
+            if (!$admin || !Util::passwordVerify($password, $admin->password)) {
+                return $this->fail('账户不存在或密码错误');
+            }
+        }
        $admin->login_at = time();
        $admin->save();
        $this->removeLoginLimit($username);