From d233215cdb2430aec798700896f1379cdbcff215 Mon Sep 17 00:00:00 2001 From: air <30444667+sszdot@users.noreply.github.com> Date: Thu, 12 Jun 2025 15:25:04 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=20=20=E5=9E=8B=E3=80=91?= =?UTF-8?q?=EF=BC=9Afix=20=E3=80=90=E5=8E=9F=20=20=E5=9B=A0=E3=80=91?= =?UTF-8?q?=EF=BC=9A=E5=88=A0=E9=99=A4=E7=94=A8=E6=88=B7=E6=97=B6=20?= =?UTF-8?q?=E6=98=AF=E5=8F=AF=E4=BB=A5=E5=88=A0=E9=99=A4=E8=87=AA=E5=B7=B1?= =?UTF-8?q?=E7=9A=84=20=E3=80=90=E8=BF=87=20=20=E7=A8=8B=E3=80=91=EF=BC=9A?= =?UTF-8?q?token=E9=87=8C=E9=9D=A2=E8=AE=B0=E5=BD=95=E7=94=A8=E6=88=B7id?= =?UTF-8?q?=20=20=E5=88=A0=E9=99=A4=E7=94=A8=E6=88=B7=E6=97=B6=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E6=9C=89=E6=B2=A1=E6=9C=89=20=E8=87=AA=E8=BA=ABid=20?= =?UTF-8?q?=E3=80=90=E5=BD=B1=20=20=E5=93=8D=E3=80=91=EF=BC=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # 类型 包含: # feat:新功能(feature) # fix:修补bug # docs:文档(documentation) # style: 格式(不影响代码运行的变动) # refactor:重构(即不是新增功能,也不是修改bug的代码变动) # test:增加测试 # chore:构建过程或辅助工具的变动 --- FlyCube/MpApi/Controller/AdminController.class.php | 8 ++++++-- FlyCube/MpApi/Controller/LoginController.class.php | 4 ++-- FlyCube/MpApi/Controller/PublicController.class.php | 4 +++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php index 0478955..c6257c8 100644 --- a/FlyCube/MpApi/Controller/AdminController.class.php +++ b/FlyCube/MpApi/Controller/AdminController.class.php @@ -235,9 +235,13 @@ class AdminController extends PublicController exit; } - if ($_REQUEST['idArr']) { + if (!empty($_REQUEST['idArr']) && is_array($_REQUEST['idArr'])) { + // 判断是否包含自身 ID + if (in_array($this->admin_id, $_REQUEST['idArr'])) { + echo json_encode(array('status' => 0, 'msg' => '不能删除自身')); + exit; + } // 获取要删除的航线ID数组 - $idArr = explode(',', strval($_REQUEST['idArr'])); $where['id'] = array("in", $_REQUEST['idArr']); //data数据 $data['del'] = '1'; diff --git a/FlyCube/MpApi/Controller/LoginController.class.php b/FlyCube/MpApi/Controller/LoginController.class.php index fed1084..4a9a029 100644 --- a/FlyCube/MpApi/Controller/LoginController.class.php +++ b/FlyCube/MpApi/Controller/LoginController.class.php @@ -31,7 +31,7 @@ class LoginController extends Controller $adminuserDb = D('adminuser'); $where['name'] = $_POST['username']; $where['del'] = '0'; - $adminInfo = $adminuserDb->where($where)->field('name,uname,pwd,qx,shop_id,photo,lasttime')->find(); + $adminInfo = $adminuserDb->where($where)->field('id,name,uname,pwd,qx,shop_id,photo,lasttime')->find(); if ($adminInfo) { if (MD5(MD5($_POST['password'])) == $adminInfo['pwd']) { //登陆成功 @@ -51,7 +51,7 @@ class LoginController extends Controller //删除多余信息 unset($adminInfo['pwd']); //创建token - $token = $this->makeToken(array('shop_id' => $this->shop_id)); + $token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id'])); //登陆成功 返回token echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE); } else { diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php index 263c107..f5e1dae 100644 --- a/FlyCube/MpApi/Controller/PublicController.class.php +++ b/FlyCube/MpApi/Controller/PublicController.class.php @@ -14,6 +14,7 @@ use PhpMqtt\Client\ConnectionSettings; class PublicController extends Controller { protected $tokenShop_id; + protected $admin_id; //**************** //构造函数 //**************** @@ -29,8 +30,9 @@ class PublicController extends Controller try { // 解码 JWT Token $decoded = JWT::decode($token, new Key($jwtKey, 'HS256')); - // Token 没有过期,继续处理 token验证通过 获取shop_id + // Token 没有过期,继续处理 token验证通过 获取shop_id admin_id $this->tokenShop_id = $decoded->shop_id; + $this->admin_id = $decoded->admin_id; } catch (\Firebase\JWT\ExpiredException $e) { // Token 过期 echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期'));