Merge pull request #521 from visuddhinanda/master

重置密码+字段有效性校验

app/db/user.php

@@ -218,7 +218,8 @@ class User extends Table
 					$mail->Password   = Email["Password"];                               //SMTP password
 					$mail->SMTPSecure = Email["SMTPSecure"];            //Enable implicit TLS encryption
 					$mail->Port       = Email["Port"];                                    //TCP port to connect to 465; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
-		
+					$mail->CharSet =  'UTF-8';
+					$mail->Encoding = 'base64';
 					//Recipients
 					$mail->setFrom(Email["From"], Email["Sender"]);
 					$mail->addAddress($email);     //Add a recipient Name is optional
@@ -326,7 +327,7 @@ class User extends Table
 		}
 		if(mb_strlen($nickname,"UTF-8")<1){
 			$this->result["ok"]=false;
-			$this->result["message"]="::nicknamename_too_short";
+			$this->result["message"]="::nickname_too_short";
 			return false;
 		}
 		return true;

app/public/lang/default.json

@@ -647,6 +647,11 @@
 		"username_too_short": "username too short",
 		"username_invaild_symbol": "username invaild symbol",
 		"password_invaild_symbol": "password invaild symbol",
+		"error_net_404": "Not Found",
+		"error_net_500": "Internal Server Error",
+		"error_net_timeout": "Timeout",
+		"error_net_abort": "abort",
+		"error_net_parsererror": "parser error",
 		"": ""
 	},
 	"grammastr": [

app/public/lang/en.json

@@ -646,6 +646,11 @@
 		"username_too_short": "username too short",
 		"username_invaild_symbol": "username invaild symbol",
 		"password_invaild_symbol": "password invaild symbol",
+		"error_net_404": "Not Found",
+		"error_net_500": "Internal Server Error",
+		"error_net_timeout": "Timeout",
+		"error_net_abort": "abort",
+		"error_net_parsererror": "parser error",
 		"": ""
 	},
 	"grammastr": [

app/public/lang/my.json

@@ -646,6 +646,11 @@
 		"username_too_short": "username too short",
 		"username_invaild_symbol": "username invaild symbol",
 		"password_invaild_symbol": "password invaild symbol",
+		"error_net_404": "Not Found",
+		"error_net_500": "Internal Server Error",
+		"error_net_timeout": "Timeout",
+		"error_net_abort": "abort",
+		"error_net_parsererror": "parser error",
 		"": ""
 	},
 	"grammastr": [

app/public/lang/si.json

@@ -652,6 +652,11 @@
 		"username_too_short": "username too short",
 		"username_invaild_symbol": "username invaild symbol",
 		"password_invaild_symbol": "password invaild symbol",
+		"error_net_404": "Not Found",
+		"error_net_500": "Internal Server Error",
+		"error_net_timeout": "Timeout",
+		"error_net_abort": "abort",
+		"error_net_parsererror": "parser error",
 		"": ""
 	},
 	"grammastr": [

app/public/lang/zh-cn.json

@@ -649,6 +649,11 @@
 		"username_too_short": "用户名过短",
 		"username_invaild_symbol": "用户名包含无效字符",
 		"password_invaild_symbol": "密码包含无效字符",
+		"error_net_404": "网页不存在",
+		"error_net_500": "服务器内部错误",
+		"error_net_timeout": "请求超时",
+		"error_net_abort": "放弃",
+		"error_net_parsererror": "数据解析错误",
 		"": ""
 	},
 	"grammastr": [

app/public/lang/zh-tw.json

@@ -648,6 +648,11 @@
 		"username_too_short": "用戶名過短",
 		"username_invaild_symbol": "用戶名包含無效字符",
 		"password_invaild_symbol": "密碼包含無效字符",
+		"error_net_404": "網頁不存在",
+		"error_net_500": "服務器內部錯誤",
+		"error_net_timeout": "請求超時",
+		"error_net_abort": "放棄",
+		"error_net_parsererror": "數據解析錯誤",
 		"": ""
 	},
 	"grammastr": [

app/ucenter/forgot_pwd.php

@@ -191,7 +191,7 @@ require_once "../public/function.php";
 
 					</form>
 					<div id="button_area">
-						<button  onclick="submit()" style="background-color: var(--link-hover-color);border-color: var(--link-hover-color);" >
+						<button id="send"  onclick="submit()" style="background-color: var(--link-hover-color);border-color: var(--link-hover-color);" >
 						<?php echo $_local->gui->continue; ?>
 						</button>
 					</div>
@@ -206,6 +206,7 @@ require_once "../public/function.php";
 	
 	function submit(){
 		$("#message").text("正在发送...");
+		$(this).text("正在发送...");
 		$(this).prop("disabled",true);
 	$.getJSON(
 		"../api/user.php",
@@ -222,16 +223,19 @@ require_once "../public/function.php";
 			$("#message").addClass("form_error");
 			//发送失败enable发送按钮
 			$(this).prop("disabled",false);
+			$(this).text("再次发送");
 		}
 		}).fail(function(jqXHR, textStatus, errorThrown){
-			$("#message").removeClass("form_error");
-			$("#message").text(textStatus);	
-			//发送失败enable发送按钮
-			$(this).prop("disabled",false);		
+			$("#message").addClass("form_error");
 			switch (textStatus) {
 				case "timeout":
+					$("#message").text(gLocal.gui["error_net_timeout"]);	
+					//发送失败enable发送按钮
+					$(this).prop("disabled",false);
+					$(this).text("再次发送");
 					break;
 				case "error":
+					$("#message").text(gLocal.gui["error_net_"+jqXHR.status]);
 					switch (jqXHR.status) {
 						case 404:
 							break;
@@ -242,8 +246,10 @@ require_once "../public/function.php";
 					}
 					break;
 				case "abort":
+					$("#message").text(gLocal.gui["error_net_abort"]);	
 					break;
-				case "parsererror":			
+				case "parsererror":
+					$("#message").text(gLocal.gui["error_net_parsererror"]);	
 					console.log("delete-parsererror",jqXHR.responseText);
 					break;
 				default:

app/ucenter/reset.php

@@ -24,6 +24,7 @@ if (!isset($_GET["token"])) {
 		<script src="../public/js/comm.js"></script>
 		<script src="../studio/js/jquery-3.3.1.min.js"></script>
 		<script src="../studio/js/fixedsticky.js"></script>
+		<script src="../ucenter/sign.js"></script>
 		<style>
 		#login_body{
 			display: flex;
@@ -191,7 +192,7 @@ if (!isset($_GET["token"])) {
 					<div>
 						<div>
 							<span id='tip_username' class='form_field_name'><?php echo $_local->gui->account; ?></span>
-							<input type="input" id="username" name="username"  value="" />
+							<input type="input" maxlength="32" id="username" name="username"  value="" />
 						</div>
 						<div id="error_username" class="form_error"> </div>
 						<div class="form_help"></div>
@@ -200,8 +201,8 @@ if (!isset($_GET["token"])) {
 					<div>
 						<div>
 							<span id='tip_password' class='form_field_name'><?php echo $_local->gui->password; ?></span>
-							<input type="password" id="password" name="password" placeholder="密码" value="" />
-							<input type="password" id="repassword" name="repassword" placeholder="再次输入密码" value="" />
+							<input type="password" id="password" maxlength="32" name="password" placeholder="密码" value="" />
+							<input type="password" id="repassword" maxlength="32" name="repassword" placeholder="再次输入密码" value="" />
 						</div>
 						<div class="form_help">至少6个字符</div>
 						<div id="error_password" class="form_error"></div>
@@ -210,7 +211,7 @@ if (!isset($_GET["token"])) {
 					<input type="hidden"  id="token" name="token" value="<?php echo $_REQUEST["token"]; ?>" />
 				</form>
 				<div id="button_area">
-					<button  onclick="submit()" style="background-color: var(--link-hover-color);border-color: var(--link-hover-color);" >
+					<button  onclick="reset_submit()" style="background-color: var(--link-hover-color);border-color: var(--link-hover-color);" >
 					<?php echo $_local->gui->continue; ?>
 					</button>
 				</div>	
@@ -226,7 +227,19 @@ if (!isset($_GET["token"])) {
 	<script>
 	login_init();
 
-	function submit(){
+	function reset_submit(){
+		let hasError = false;
+		if($("#password").val()!==$("#repassword").val()){
+		$("#error_password").text("两次密码输入不一致");
+			hasError = true;
+		}
+		if(isValidPassword($("#password").val())==false){
+			$("#error_password").text("密码包含无效字符。 ' / , 空格 '");
+			hasError = true;
+		}
+		if(hasError){
+			return;
+		}
 		$.ajax({
 			type: 'POST',
 			url:"../api/user.php?_method=reset_pwd",

app/ucenter/reset_pwd_letter.html

@@ -4,7 +4,7 @@ wikipali reset password
 如果您没有进行过此操作请忽略这个邮件。
 </p>
 <p>
-点击此链接重置您的wikipali账号的密码。
+点击此链接重置您的wikipali账号的密码。此链接一小时内有效。
 <a href="%ResetLink%">%ResetString%</a>
 </p>
 <p>

app/ucenter/sign.js

@@ -1,20 +1,32 @@
+function isValidPassword(str){
+	let patt=new RegExp(/\s|\//);
+	if(patt.test(str)){
+		return false;
+	}else{
+		return true;
+	}
+}
+function isValidUserName(str){
+	let patt=new RegExp(/@|\s|\//);
+	if(patt.test(str)){
+		return false;
+	}else{
+		return true;
+	}
+}
 function submit(){
 	let hasError = false;
 	if($("#password").val()!==$("#repassword").val()){
 		$("#error_password").text("两次密码输入不一致");
 		hasError = true;
 	}
-	let patt1=new RegExp(/\s|\//);
-	if(patt1.test($("#password").val())){
+	if(isValidPassword($("#password").val())==false){
 		$("#error_password").text("密码包含无效字符。  / 空格 ");
 		hasError = true;
 	}
 
-
-	let username = $("#username").val();
-	let patt2=new RegExp(/@|\s|\//);
-	if(patt2.test(username)){
-		$("#error_username").text("用户名包含无效字符。@  / 空格 ");
+	if(isValidUserName($("#username").val())==false){
+		$("#error_password").text("用户名包含无效字符。@  / 空格 ");
 		hasError = true;
 	}