切换导航条
此项目
正在载入...
登录
何书鹏
/
recruit
·
提交
转到一个项目
GitLab
转到仪表盘
项目
活动
文件
提交
管道
0
构建
0
图表
里程碑
问题
0
合并请求
0
成员
标记
维基
派生
网络
创建新的问题
下载为
邮件补丁
差异文件
浏览文件
作者
Karson
6 years ago
提交
5cb74b5e369fb655e500f6c7de2b2c845382bd52
1 个父辈
193f33f1
修复后台管理员权限判断
隐藏空白字符变更
内嵌
并排对比
正在显示
1 个修改的文件
包含
8 行增加
和
4 行删除
application/admin/controller/auth/Admin.php
application/admin/controller/auth/Admin.php
查看文件 @
5cb74b5
...
...
@@ -123,7 +123,7 @@ class Admin extends Backend
$this
->
token
();
$params
=
$this
->
request
->
post
(
"row/a"
);
if
(
$params
)
{
if
(
!
Validate
::
is
(
$params
[
'password'
],
'\S{6,16}'
))
{
if
(
!
Validate
::
is
(
$params
[
'password'
],
'\S{6,16}'
))
{
$this
->
error
(
__
(
"Please input correct password"
));
}
$params
[
'salt'
]
=
Random
::
alnum
();
...
...
@@ -158,12 +158,15 @@ class Admin extends Backend
if
(
!
$row
)
{
$this
->
error
(
__
(
'No Results were found'
));
}
if
(
!
in_array
(
$row
->
id
,
$this
->
childrenAdminIds
))
{
$this
->
error
(
__
(
'You have no permission'
));
}
if
(
$this
->
request
->
isPost
())
{
$this
->
token
();
$params
=
$this
->
request
->
post
(
"row/a"
);
if
(
$params
)
{
if
(
$params
[
'password'
])
{
if
(
!
Validate
::
is
(
$params
[
'password'
],
'\S{6,16}'
))
{
if
(
!
Validate
::
is
(
$params
[
'password'
],
'\S{6,16}'
))
{
$this
->
error
(
__
(
"Please input correct password"
));
}
$params
[
'salt'
]
=
Random
::
alnum
();
...
...
@@ -216,6 +219,7 @@ class Admin extends Backend
public
function
del
(
$ids
=
""
)
{
if
(
$ids
)
{
$ids
=
array_intersect
(
$this
->
childrenAdminIds
,
array_filter
(
explode
(
','
,
$ids
)));
// 避免越权删除管理员
$childrenGroupIds
=
$this
->
childrenGroupIds
;
$adminList
=
$this
->
model
->
where
(
'id'
,
'in'
,
$ids
)
->
where
(
'id'
,
'in'
,
function
(
$query
)
use
(
$childrenGroupIds
)
{
...
...
@@ -226,7 +230,7 @@ class Admin extends Backend
foreach
(
$adminList
as
$k
=>
$v
)
{
$deleteIds
[]
=
$v
->
id
;
}
$deleteIds
=
array_
diff
(
$deleteIds
,
[
$this
->
auth
->
id
]
);
$deleteIds
=
array_
values
(
array_diff
(
$deleteIds
,
[
$this
->
auth
->
id
])
);
if
(
$deleteIds
)
{
$this
->
model
->
destroy
(
$deleteIds
);
model
(
'AuthGroupAccess'
)
->
where
(
'uid'
,
'in'
,
$deleteIds
)
->
delete
();
...
...
@@ -234,7 +238,7 @@ class Admin extends Backend
}
}
}
$this
->
error
();
$this
->
error
(
__
(
'You have no permission'
)
);
}
/**
...
...
请
注册
或
登录
后发表评论