管理员更改密码后需要重新登录

Author: walkor

src/plugin/admin/app/controller/AccountController.php

@@ -84,7 +84,7 @@ public function login(Request $request): Response
         $this->removeLoginLimit($username);
         $admin = $admin->toArray();
         $session = $request->session();
-        unset($admin['password']);
+        $admin['password'] = md5($admin['password']);
         $session->set('admin', $admin);
         return $this->json(0, '登录成功', [
             'nickname' => $admin['nickname'],

src/plugin/admin/app/functions.php

@@ -80,9 +80,11 @@ function user($fields = null)
  */
 function refresh_admin_session(bool $force = false)
 {
-    if (!$admin_id = admin_id()) {
+    $admin_session = session('admin');
+    if (!$admin_session) {
         return null;
     }
+    $admin_id = $admin_session['id'];
     $time_now = time();
     // session在2秒内不刷新
     $session_ttl = 2;
@@ -97,7 +99,12 @@ function refresh_admin_session(bool $force = false)
         return null;
     }
     $admin = $admin->toArray();
-    unset($admin['password']);
+    $admin['password'] = md5($admin['password']);
+    $admin_session['password'] = $admin_session['password'] ?? '';
+    if ($admin['password'] != $admin_session['password']) {
+        $session->forget('admin');
+        return null;
+    }
     // 账户被禁用
     if ($admin['status'] != 0) {
         $session->forget('admin');

src/plugin/admin/config/app.php

@@ -17,5 +17,5 @@
     'controller_suffix' => 'Controller',
     'controller_reuse' => false,
     'plugin_market_host' => 'https://www.workerman.net',
-    'version' => '0.6.19'
+    'version' => '0.6.20'
 ];