Authored by htoooth

fix securiry

... ... @@ -247,7 +247,7 @@ router.post('/account/checkmobile', AccountController.checkMobile);
router.post('/account/checkmobilemsg', AccountController.checkMobileMsg);
router.post('/account/sendmobilemsg', AccountController.sendMobileMsg);
router.post('/account/sendmobilemsg', captcha.requiredAPI, AccountController.sendMobileMsg);
router.post('/account/modifymobile', AccountController.modifyMobile);
... ...
... ... @@ -135,6 +135,7 @@ router.post('/passport/back/email',
// 提交按钮手机AP
router.post('/passport/back/mobile',
captcha.requiredAPI,
back.validateInputPage,
back.sendCodePage,
back.saveInSession);
... ...
... ... @@ -249,10 +249,14 @@ function sendMobileMsg(mobileV) {
mobile: mobileV
};
captcha.hideTip();
if (baseQs.checkCode) {
reqData.checkCode = baseQs.checkCode;
}
reqData.verifyCode = captcha.getResults();
$.post('/home/account/sendmobilemsg', reqData, function(data) {
if (typeof data.code !== 'undefined' && data.code === 200) {
canSend = false;
... ... @@ -260,6 +264,8 @@ function sendMobileMsg(mobileV) {
code();
}, 1000);
$ccheckInfo.html('');
} else if (data.code && data.code === 405) {
captcha.showTip(data.message);
} else {
$ccheckInfo.html('<div class="form-error">验证码发送失败</div>');
}
... ... @@ -476,10 +482,8 @@ $(function() {
});
$('#send-mobile-code').on('click', function() {
captcha.check().then(function() {
sendcode();
});
});
if ($('#newPwd').length > 0) {
$('#newPwd').on('input', function() {
... ...
... ... @@ -129,16 +129,18 @@ $phoneNum.keyup(function() {
// 下一步
$btn.click(function(e) {
var url = '/passport/back/email';
if (!validatePhone()) {
return;
}
if (/^[0-9]+$/.test($.trim($phoneNum.val()))) {
$('#find-form').attr('action', '/passport/back/mobile');
url = '/passport/back/mobile';
}
if (hasPh) {
$.post('/passport/back/email', {
$.post(url, {
verifyCode: captcha.getResults(),
phoneNum: $('#phone-num').val(),
area: $('#country-code-hide').val()
... ...