const User = require('../../models/User'); const bcrypt = require('bcryptjs'); // 注册 exports.register = async (req, res) => { const { username, password } = req.body; if (!username || !password) { return res.render('user/register', { error: '用户名和密码不能为空' }); } const exist = await User.findOne({ username }); if (exist) { return res.render('user/register', { error: '用户名已存在' }); } const hash = await bcrypt.hash(password, 10); const user = new User({ username, password: hash }); await user.save(); res.redirect('/login'); }; // 登录 exports.login = async (req, res) => { const { username, password } = req.body; const user = await User.findOne({ username }); if (!user) { return res.render('user/login', { error: '用户不存在' }); } if (user.status === 'frozen') { return res.render('user/login', { error: '账号已被冻结' }); } const match = await bcrypt.compare(password, user.password); if (!match) { return res.render('user/login', { error: '密码错误' }); } req.session.user = { _id: user._id, username: user.username, role: user.role }; if (username === 'admin') { // 跳转到后台管理页面 return res.redirect('/admin'); } res.redirect('/'); }; // 登出 exports.logout = (req, res) => { req.session.destroy(() => { res.redirect('/login'); }); }; // 修改密码 exports.changePassword = async (req, res) => { if (!req.session.user) { return res.status(401).json({ success: false, message: '请先登录' }); } const { oldPassword, newPassword } = req.body; if (!oldPassword || !newPassword) { return res.json({ success: false, message: '参数不完整' }); } try { const user = await User.findById(req.session.user._id); if (!user) { return res.json({ success: false, message: '用户不存在' }); } const match = await bcrypt.compare(oldPassword, user.password); if (!match) { return res.json({ success: false, message: '原密码错误' }); } const hash = await bcrypt.hash(newPassword, 10); user.password = hash; await user.save(); res.json({ success: true }); } catch (err) { console.error('修改密码失败:', err); res.status(500).json({ success: false, message: '服务器错误' }); } };