aa

application/api/controller/User.php

@@ -314,18 +314,27 @@ class User extends Api
      * @param string mobile      手机号重置
      * @param string email      邮箱重置
      * @param string newpassword 新密码
+     * @param string newpassword_confirm 新密码
      * @param string captcha     验证码
      */
     public function resetpwd()
     {
-        $type = $this->request->post("type");
+        $this->_validate([
+            'newpassword'=>['require','min:6'],
+            'newpassword_confirm'=>['require','min:6'],
+        ]);
         $mobile = $this->request->post("mobile");
         $email = $this->request->post("email");
         $newpassword = $this->request->post("newpassword");
+        $newpassword_confirm = $this->request->post("newpassword_confirm");
         $captcha = $this->request->post("captcha");
-        if (!$newpassword || !$captcha) {
+        if (!$newpassword || !$captcha || !$newpassword_confirm) {
             $this->error(__('Invalid parameters'));
         }
+        if($newpassword!==$newpassword_confirm){
+            $this->error('两次密码不一致');
+        }
+        $type = $mobile?'mobile':'email';
         //验证Token
         if (!Validate::make()->check(['newpassword' => $newpassword], ['newpassword' => 'require|regex:\S{6,30}'])) {
             $this->error(__('Password must be 6 to 30 characters'));
@@ -334,28 +343,30 @@ class User extends Api
             if (!Validate::regex($mobile, "^1\d{10}$")) {
                 $this->error(__('Mobile is incorrect'));
             }
-            $user = \app\common\model\User::getByMobile($mobile);
+            $user = UserModel::getByMobile($mobile);
             if (!$user) {
-                $this->error(__('User not found'));
+                $this->error(__('用户不存在'));
             }
             $ret = Sms::check($mobile, $captcha, 'resetpwd');
             if (!$ret) {
                 $this->error(__('Captcha is incorrect'));
             }
             Sms::flush($mobile, 'resetpwd');
-        } else {
+        } elseif($type=='email') {
             if (!Validate::is($email, "email")) {
                 $this->error(__('Email is incorrect'));
             }
-            $user = \app\common\model\User::getByEmail($email);
+            $user = UserModel::getByEmail($email);
             if (!$user) {
-                $this->error(__('User not found'));
+                $this->error(__('用户不存在'));
             }
             $ret = Ems::check($email, $captcha, 'resetpwd');
             if (!$ret) {
                 $this->error(__('Captcha is incorrect'));
             }
             Ems::flush($email, 'resetpwd');
+        }else{
+            $this->error('无法完成重置');
         }
         //模拟一次登录
         $this->auth->direct($user->id);

application/common/library/Ems.php

@@ -2,6 +2,7 @@
 
 namespace app\common\library;
 
+use think\Env;
 use think\Hook;
 use function AlibabaCloud\Client\env;
 
@@ -91,7 +92,7 @@ class Ems
      */
     public static function check($email, $code, $event = 'default')
     {
-        if($code==env('sms.testcode')){
+        if($code==Env::get('sms.testcode')){
             return true;
         }
         $time = time() - self::$expire;