【类 型】:fix
【原 因】:删除用户时 是可以删除自己的 【过 程】:token里面记录用户id 删除用户时判断有没有 自身id 【影 响】: # 类型 包含: # feat:新功能(feature) # fix:修补bug # docs:文档(documentation) # style: 格式(不影响代码运行的变动) # refactor:重构(即不是新增功能,也不是修改bug的代码变动) # test:增加测试 # chore:构建过程或辅助工具的变动
This commit is contained in:
air
parent
5e7a9ed0cb
commit
d233215cdb
@ -235,9 +235,13 @@ class AdminController extends PublicController
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_REQUEST['idArr']) {
|
if (!empty($_REQUEST['idArr']) && is_array($_REQUEST['idArr'])) {
|
||||||
|
// 判断是否包含自身 ID
|
||||||
|
if (in_array($this->admin_id, $_REQUEST['idArr'])) {
|
||||||
|
echo json_encode(array('status' => 0, 'msg' => '不能删除自身'));
|
||||||
|
exit;
|
||||||
|
}
|
||||||
// 获取要删除的航线ID数组
|
// 获取要删除的航线ID数组
|
||||||
$idArr = explode(',', strval($_REQUEST['idArr']));
|
|
||||||
$where['id'] = array("in", $_REQUEST['idArr']);
|
$where['id'] = array("in", $_REQUEST['idArr']);
|
||||||
//data数据
|
//data数据
|
||||||
$data['del'] = '1';
|
$data['del'] = '1';
|
||||||
|
|||||||
@ -31,7 +31,7 @@ class LoginController extends Controller
|
|||||||
$adminuserDb = D('adminuser');
|
$adminuserDb = D('adminuser');
|
||||||
$where['name'] = $_POST['username'];
|
$where['name'] = $_POST['username'];
|
||||||
$where['del'] = '0';
|
$where['del'] = '0';
|
||||||
$adminInfo = $adminuserDb->where($where)->field('name,uname,pwd,qx,shop_id,photo,lasttime')->find();
|
$adminInfo = $adminuserDb->where($where)->field('id,name,uname,pwd,qx,shop_id,photo,lasttime')->find();
|
||||||
if ($adminInfo) {
|
if ($adminInfo) {
|
||||||
if (MD5(MD5($_POST['password'])) == $adminInfo['pwd']) {
|
if (MD5(MD5($_POST['password'])) == $adminInfo['pwd']) {
|
||||||
//登陆成功
|
//登陆成功
|
||||||
@ -51,7 +51,7 @@ class LoginController extends Controller
|
|||||||
//删除多余信息
|
//删除多余信息
|
||||||
unset($adminInfo['pwd']);
|
unset($adminInfo['pwd']);
|
||||||
//创建token
|
//创建token
|
||||||
$token = $this->makeToken(array('shop_id' => $this->shop_id));
|
$token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id']));
|
||||||
//登陆成功 返回token
|
//登陆成功 返回token
|
||||||
echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE);
|
echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -14,6 +14,7 @@ use PhpMqtt\Client\ConnectionSettings;
|
|||||||
class PublicController extends Controller
|
class PublicController extends Controller
|
||||||
{
|
{
|
||||||
protected $tokenShop_id;
|
protected $tokenShop_id;
|
||||||
|
protected $admin_id;
|
||||||
//****************
|
//****************
|
||||||
//构造函数
|
//构造函数
|
||||||
//****************
|
//****************
|
||||||
@ -29,8 +30,9 @@ class PublicController extends Controller
|
|||||||
try {
|
try {
|
||||||
// 解码 JWT Token
|
// 解码 JWT Token
|
||||||
$decoded = JWT::decode($token, new Key($jwtKey, 'HS256'));
|
$decoded = JWT::decode($token, new Key($jwtKey, 'HS256'));
|
||||||
// Token 没有过期,继续处理 token验证通过 获取shop_id
|
// Token 没有过期,继续处理 token验证通过 获取shop_id admin_id
|
||||||
$this->tokenShop_id = $decoded->shop_id;
|
$this->tokenShop_id = $decoded->shop_id;
|
||||||
|
$this->admin_id = $decoded->admin_id;
|
||||||
} catch (\Firebase\JWT\ExpiredException $e) {
|
} catch (\Firebase\JWT\ExpiredException $e) {
|
||||||
// Token 过期
|
// Token 过期
|
||||||
echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期'));
|
echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期'));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user