強制綁定手機和修改密碼的規則 · 未名

# 賬號安全：優化教師賬號強制綁定手機和修改密碼的規則修改的內容主要是： 1、教師賬號必須綁定手機。即原來的強制綁定手機或郵箱，修改為強制綁定手機。 2、修改密碼必須通過手機驗證碼。即每次修改密碼都需要輸入綁定的手機號獲取驗證碼才能修改。 3、賬號若一個月沒有登錄，需要驗證手機。具體頁面顯示見原型。 ***** 使用未名賬號體系的課堂，彈窗順序如下：強制綁定手機 > 未登錄超過1個月的身份驗證 > 強制修改密碼 > 版本更新內容提示即賬號安全提示的優先級要高于版本更新內容提示 ![](https://box.kancloud.cn/f8360a1352abd4373dbcc594ac8c2d19_341x748.png) ## 文件入口 D:\wamp\www\ketang.test\weike\themes\custom3\views\version2\login\themeType3\indexTeacher_cus.php ## 密碼重置 http://ketang311.wm3dao.com/?r=user/getUserPwd&phone=15920914758&userId=672669&code=794362&isFromPhone=true&pageType=phone ## 修改密碼入口 http://ketang.test/index.php?r=ktUser/password ***** ``` $(function(){ // Show bind phone > Show identity verify > Show modify password > Show notice box var isShowBindPhone = <?php echo V2IdentityService::factory()->getBoundPhone($userID) ? 0 : 1?>; if (isShowBindPhone) { tb_show('安全提示', '#TB_inline?width=400&height=250&inlineId=bind-box&modal=true', false); } else { var isVerifyIdentity = <?php echo V2UserService::factory()->isVerifyIdentity($userID) ? 1 : 0?>; isVerifyIdentity = 0; // todo test code, need to remove if (isVerifyIdentity) { // todo your code // tb_show('身份驗證彈窗', '#TB_inline?width=400&height=250&inlineId=bind-box&modal=true'); } else { var isTipModifiedPwd = <?php echo V4SystemService::factory()->isTipModifiedPwd() ? 1 : 0?>; if (isTipModifiedPwd) { tb_show('安全提示', '#TB_inline?width=400&height=250&inlineId=safe-box&modal=true', false); } else { var isShowNotice = <?php echo UserService::factory() ->getUpdateNoticeValue($userID, WK::UPDATE_NOTIC_ITEM_ID_V3) ? 0 : 1?>; if (isShowNotice) { wk.notice.config('<?php echo $this->createUrl("/site/popNoticeV3", [ "width" => 802, 'height' => 550 ])?>', '<?php echo $this->createUrl("/login/saveNoticeBoxValue", ['itemID' => WK::UPDATE_NOTIC_ITEM_ID_V3])?>'); wk.notice.init(); } } } } //if (isTipModifiedPwd) { // tb_show('安全提示','#TB_inline?width=400&height=250&inlineId=safe-box&modal=true',false); //} // //checkIsBindEmailPhone(); //// 檢測用戶是否已經綁定了郵箱或手機，默認密碼是否是123456 by wangbo 2019-2-28 //function checkIsBindEmailPhone() { // var url = "<?php //echo $this->createUrl('ktUser/checkUserDefaultPassword');?>//"; // $.get(url, function(data){ // // noBindEmailOrPhone : 檢測用戶是否已經綁定了郵箱或手機 // if (data == "noBindEmailOrPhone") { // tb_show('安全提示','#TB_inline?width=400&height=250&inlineId=bind-box&modal=true',false); // } // // UnsafePass : 判斷是否為初始密碼123456 // if (data == "UnsafePass") { // tb_show('安全提示','#TB_inline?width=400&height=250&inlineId=unpass-box&modal=true',false); // } // }); //} // 用戶信息 by wuzhc (function(){ $.ajax({ url: "<?php echo $this->createUrl('ktUser/teacherInfo');?>", data:{}, type: "get", dataType:'json', success:function(data){ var user = data.user || {}; $("#site-sch").html(user.school); $("#site-subj").html(user.subject); $("#site-rank").html(user.rank); $("#site-activeness").html(user.activeness); }, error:function(){ console.log('獲取用戶信息失敗'); } }); })(); // 資源統計 by wuzhc (function(){ $.ajax({ url: "<?php echo $this->createUrl('ktUser/teacherStat');?>", data:{}, type: "get", dataType:'json', success:function(data){ var list = data.data || []; for (var i = 0, len = list.length; i < len; i++) { var key = 'site-' + list[i].type; $("#"+key).text(list[i].total); } }, error:function(){ console.log('數據統計失敗'); } }); })(); //跳轉自UC同步登錄 pengjch 2017-09-20 var synUc = "<?php echo $this->createUrl('default/synuclogin',array('appid'=>''));?>"; $(".js_jspx").click(function (e) { e.preventDefault(e); window.open(synUc+$(this).data('appid')); }) $(".js_jssq").click(function (e) { e.preventDefault(e); window.open(synUc+$(this).data('appid')); }) $(".js_shaike").click(function (e) { e.preventDefault(e); window.open(synUc+$(this).data('appid')); }) $(".js_ktyj").click(function (e) { e.preventDefault(e); window.open(synUc+$(this).data('appid')); }) }); ``` ### 未登錄超過1個月的彈窗 ![](https://box.kancloud.cn/6541eff835aed6022faae7182d7e74e2_1326x501.png) ### 驗證碼 http://ketang311.wm3dao.com/index.php?r=user/getUserPwd ![](./img/R/2019-04-04_100845.png) D:\wamp\www\ketang.test\framework\web\widgets\captcha\CCaptcha.php D:\wamp\www\ketang.test\weike\protected\controllers\UserController.php ``` /** * 找回密碼：發送手機號碼 * @var String $phone 手機號碼 * @var String $code 驗證碼 * @var int $userId 用戶ID * @var array $userArr 存放綁定該手機號碼的所有用戶 * @author Cyrus 2013/10/30 */ public function actionSendPhonePwd() { if (!Yii::app()->user->isGuest) { //未登錄情況下方能執行操作 echo CJSON::encode(array('result' => 'unlogin')); Yii::app()->end(); } $phone = RequestUtils::getNormalRequest('phone'); $code = RequestUtils::getNormalRequest('code'); $userId = RequestUtils::getNormalRequest('userId'); if (!VerifyUtils::checkMobile($phone)) { //手機格式不正確 echo CJSON::encode(array('result' => 'noPhone')); Yii::app()->end(); } $phoneDetail = V2IdentityService::factory()->getPhone(null,Yii::app()->params['APPLICATION_PARENT_MAP'][WEB_APP_ID],$phone); if (!$phoneDetail) { //手機號碼不存在 echo CJSON::encode(array('result' => 'noExists')); Yii::app()->end(); } if ($code) { if (!$userId) { echo CJSON::encode(array('result' => 'error')); } if (Yii::app()->session['phone_code'] == $code) { $rs = V2IdentityService::factory()->checkPhoneCode($phone, $code); if ($rs) { echo CJSON::encode(array('result' => 'success', 'userId' => $userId, 'phone' => $phone, 'code' => Yii::app()->session['phone_code'])); Yii::app()->end(); } echo CJSON::encode(array('result' => 'error')); Yii::app()->end(); } echo CJSON::encode(array('result' => 'verifyError')); Yii::app()->end(); } else { //發送手機驗證碼 /** @var string $captchaCode 驗證碼，防止用戶重復發送手機驗證短信 add by wuzhc 2016-07-14 */ $captchaCode = RequestUtils::getNormalRequest('captchaCode'); if ($captchaCode != $this->createAction('captcha')->getVerifyCode()) { echo CJSON::encode(array('result' => 'codeError')); Yii::app()->end(); } //$phone_code = VerifyUtils::getRandomCode(6); if ($phoneDetail) { //$rs = true; //$rs = IdentityService::factory()->sendCodeToPhone($phone, $phone_code); $phone_code = V2IdentityService::factory()->sendPhoneCode($phoneDetail->fdUserID,$phone); if ($phone_code) { //發送成功 Yii::app()->session['phone_code'] = $phone_code; //驗證碼存入session echo CJSON::encode(array('result' => 'success', 'record' => 'one', 'userId' => $phoneDetail->user->id)); Yii::app()->end(); } else { $result = $phone_code == -1 ? 'sendLimit' : 'error'; echo CJSON::encode(array('result' => $result)); Yii::app()->end(); } } echo CJSON::encode(array('result' => 'error')); Yii::app()->end(); } } ``` 發送短信，要在服務器上測試。 {"result":"success","record":"one","userId":"672669"} //成功返回 D:\wamp\www\ketang.test\weike\protected\controllers\SiteController.php ``` public function actionVerifyIdentitySendPhonePwd() { if (Yii::app()->user->isGuest) { //登錄情況下方能執行操作 echo CJSON::encode(array('result' => 'unlogin')); Yii::app()->end(); } $phone = RequestUtils::getNormalRequest('phone'); $code = RequestUtils::getNormalRequest('code'); // $userId = RequestUtils::getNormalRequest('userId'); if (!VerifyUtils::checkMobile($phone)) { //手機格式不正確 echo CJSON::encode(array('result' => 'noPhone')); Yii::app()->end(); } $phoneDetails = IdentityService::factory()->getBindPhoneUser($phone); if (!$phoneDetails) { //手機號碼不存在 echo CJSON::encode(array('result' => 'noExists')); Yii::app()->end(); } $phoneDetail = V2IdentityService::factory()->getPhone(null,Yii::app()->params['APPLICATION_PARENT_MAP'][WEB_APP_ID],$phone); if (!$phoneDetail) { //手機號碼不存在 echo CJSON::encode(array('result' => 'noExists')); Yii::app()->end(); } $captchaCode = RequestUtils::getNormalRequest('captchaCode'); if ($captchaCode != $this->createAction('captcha')->getVerifyCode()) { echo CJSON::encode(array('result' => 'codeError')); Yii::app()->end(); } if ($phoneDetail) { $phone_code = V2IdentityService::factory()->sendPhoneCode($phoneDetail->fdUserID,$phone); if ($phone_code) { //發送成功 Yii::app()->session['phone_code'] = $phone_code; //驗證碼存入session echo CJSON::encode(array('result' => 'success', 'record' => 'one', 'userId' => $phoneDetail->user->id)); Yii::app()->end(); } else { $result = $phone_code == -1 ? 'sendLimit' : 'error'; echo CJSON::encode(array('result' => $result)); Yii::app()->end(); } } echo CJSON::encode(array('result' => 'error')); Yii::app()->end(); } ``` 參考：http://ketang311.wm3dao.com/index.php?r=user/getUserPwd ### 倒計時功能 √ ``` /** 倒計時 * @param total 總時間 * @param str 字符 * @param original 選擇器 */ function counter(count,original) { var countdown = setInterval(CountDown, 1000); function CountDown() { original.addClass("button_off").html("重新發送("+count+")"); if (count == 0) { original.removeClass("button_off").html("重新發送"); clearInterval(countdown); } count--; } } ``` ### 驗證短信是否正確 √ /?r=site/verifyIdentitySendPhonePwd D:\wamp\www\ketang.test\weike\protected\controllers\SiteController.php