From b876ea360d76989762672f1275c31f611302db73 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Mon, 24 Oct 2016 13:40:19 +0800 Subject: [PATCH] update salt when updating password --- src/common/dao/user.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/common/dao/user.go b/src/common/dao/user.go index 49011ada0..765a504db 100644 --- a/src/common/dao/user.go +++ b/src/common/dao/user.go @@ -137,11 +137,12 @@ func ChangeUserPassword(u models.User, oldPassword ...string) (err error) { o := GetOrmer() var r sql.Result + salt := utils.GenerateRandomString() if len(oldPassword) == 0 { //In some cases, it may no need to check old password, just as Linux change password policies. - r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec() + r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, salt), salt, u.UserID).Exec() } else { - r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec() + r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, salt), salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec() } if err != nil {