diff --git a/themes/tajian/controller/FrontapiController.php b/themes/tajian/controller/FrontapiController.php index 3b84cb0..82102d7 100644 --- a/themes/tajian/controller/FrontapiController.php +++ b/themes/tajian/controller/FrontapiController.php @@ -430,7 +430,7 @@ eof; } //生成4随机数,并保存生成时间,10 分钟内有效 - protected function generateRandSmsCode() { + protected function generateRandSmsCode($cellphone) { if(session_status() !== PHP_SESSION_ACTIVE) { session_start(); } @@ -439,23 +439,27 @@ eof; $_SESSION['randSmsCode'] = $rndCode; $_SESSION['randSmsCode_created'] = time(); + $_SESSION['smsCodePhone'] = $cellphone; //保存发送验证码的手机号码,便于在登录、注册的时候验证 return $rndCode; } //短信验证码 10 分钟内有效 - protected function getMySmsCode() { + protected function getMySmsCode($cellphone) { if(session_status() !== PHP_SESSION_ACTIVE) { session_start(); } $rndCode = !empty($_SESSION['randSmsCode']) ? $_SESSION['randSmsCode'] : 0; $rndCode_created = !empty($_SESSION['randSmsCode_created']) ? $_SESSION['randSmsCode_created'] : 0; + $codeSentPhoneNumber = !empty($_SESSION['smsCodePhone']) ? $_SESSION['smsCodePhone'] : 0; $current_time = time(); $max_cache_time = !empty(FSC::$app['config']['sms_code_cache_time']) ? FSC::$app['config']['sms_code_cache_time'] : 600; if (!empty($rndCode_created) && $current_time - $rndCode_created > $max_cache_time) { $rndCode = 0; + }else if (empty($codeSentPhoneNumber) || $cellphone != $codeSentPhoneNumber) { //检查发送验证码的手机号码跟提交的是否一致 + $rndCode = 0; } return $rndCode; @@ -500,7 +504,7 @@ eof; //尝试发送短信验证码 $params = array( 'phoneNumber' => $cellphone, - 'codeNumber' => $this->generateRandSmsCode(), + 'codeNumber' => $this->generateRandSmsCode($cellphone), 'action' => $action, ); $params['sign'] = $this->sign($params, FSC::$app['config']['service_3rd_api_key']); @@ -565,7 +569,7 @@ eof; } //验证短信验证码是否正确 - $mySmsCode = $this->getMySmsCode(); + $mySmsCode = $this->getMySmsCode($cellphone); if (empty($mySmsCode) || $mySmsCode != $sms_code) { $err = "{$sms_code} 验证码已过期或错误,请检查是否输入正确"; } @@ -629,7 +633,7 @@ eof; } //验证短信验证码是否正确 - $mySmsCode = $this->getMySmsCode(); + $mySmsCode = $this->getMySmsCode($cellphone); if (empty($mySmsCode) || $mySmsCode != $sms_code) { $err = "{$sms_code} 验证码已过期或错误,请检查是否输入正确"; }