api/app/controller/Admin.php

<?php
/**
 * Created by PhpStorm.
 * User: yancheng<cheng@love.xiaoyan.me>
 * Date: 2019/6/18
 * Time: 1:42 PM
 */

namespace app\controller;


use app\BaseController;
use app\model\AdminInfo;
use app\Request;
use app\util\ErrorCode;
use app\util\ErrorResponse;
use app\util\StringUtil;
use think\response\Json;

class Admin extends BaseController
{
    public function postLogin()
    {
        $username = $this->request->param("username");
        $password = $this->request->param("password");
        if (empty($username) || empty($password)) {
            return ErrorResponse::createError(ErrorCode::ERROR_PARAM_REQUIRED, '请提交正确的参数');
        }
        usleep(500000);
        $user = AdminInfo::where('username', $username)->find();

        if ($user->isEmpty()) {
            return ErrorResponse::createError(ErrorCode::ERROR_ADMIN_LOGIN_PWD, '用户名或者密码错误(1)');
        }
        if ($user->password != md5($username . $user->salt)) {
            return ErrorResponse::createError(ErrorCode::ERROR_ADMIN_LOGIN_PWD, '用户名或者密码错误(2)');;
        }
        $data = $user->getPartData(['id', 'username', 'email', 'avatar', 'last_login', 'sex']);
        $user->save(['last_login' => time()]);
        return Json::create($data);
    }

    public function updatePwd()
    {
        $originPwd = $this->request->post('origin');
        $newPwd = $this->request->post('new_pwd');
        $newPwd2 = $this->request->post('new_pwd2');

        if ($newPwd != $newPwd2) {
            return ErrorResponse::createError(
                ErrorCode::ERROR_ADMIN_LOGIN_PWD, '输入密码不一致'
            );
        }
        $admin = $this->getCurrentLoginAdmin();
        if (!$this->passwordIsCorrect($admin,$originPwd)){
            return ErrorResponse::createError(
                ErrorCode::ERROR_ADMIN_PWD_ERROR,'原始密码不正确'
            );
        }
        $salt = StringUtil::generateRandom(6);
        $admin->save([
            'password'=>StringUtil::getEncryptPassword($originPwd,$salt),
            'salt' => $salt
        ]);
        return \json(['code'=>0]);
    }


    private function passwordIsCorrect(AdminInfo $admin, string $originPwd)
    {
        return $admin->password == md5($originPwd . $admin->salt);
    }

    /**
     * @return AdminInfo
     * @throws \think\db\exception\DataNotFoundException
     * @throws \think\db\exception\ModelNotFoundException
     * @throws \think\exception\DbException
     */
    private function getCurrentLoginAdmin()
    {
        return AdminInfo::find(4);
    }
}