Merge pull request #11 from xuanhuan/patch-6

更新重置密码，由用户自已输入，而不是自动生成。

Author: xuanhuan

user/_resetpwdtwo.php

@@ -8,9 +8,11 @@
 $mg = new Mailgun($mailgun_key);
 $domain = $mailgun_domain;
 //
-$code     = $_GET['code'];
-$email    = $_GET['email'];
-$uid      = $_GET['uid'];
+$code     = $_POST['code'];
+$email    = $_POST['email'];
+$uid      = $_POST['uid'];
+$password = $_POST['password'];
+$repasswd = $_POST['repasswd'];
 //
 $ur = new \Ss\User\UserInfo($uid);
 if($ur->GetEmail() == $email){
@@ -21,28 +23,29 @@
 if(!$rs){
     $a['code'] = '0';
     $a['msg']  =  "邮箱错误";
+}elseif($repasswd != $password){
+    $a['code'] = '0';
+    $a['msg'] = "两次密码输入不符";
+}elseif(strlen($password)<8){
+    $a['code'] = '0';
+    $a['msg'] = "密码太短";
 }else{
     $rst = new \Ss\User\ResetPwd($uid);
     $u   = new \Ss\User\User($uid);
     if($rst->IsCharOK($code,$uid)){
-        $NewPwd = md5(time().$uid.$email);
+        $NewPwd = $password;
         $mg->sendMessage($domain, array('from'    => "no-reply@".$mailgun_domain,
             'to'      => $email,
-            'subject' => $site_name."您的新密码",
-            'text'    => "您的新密码为:".$NewPwd));
+            'subject' => $site_name." 提示：您的新密码重置成功！",
+            'text'    => "您在 ".date("Y-m-d H:i:s")." 重置了密码。"));
         $u->UpdatePWd($NewPwd);
         $rst->Del($code,$uid);
         $a['code'] = '1';
         $a['ok'] = '1';
-        $a['msg']  =  "新密码已经发送到您的邮箱";
+        $a['msg']  =  "您的新密码重置成功！";
     }else{
         $a['code'] = '0';
         $a['msg']  =  "链接无效";
     }
 }
 echo json_encode($a);
-
-
-
-
-