1

core/CoreApp/controllers/Lyerpapi/v1/User.php

@@ -29,20 +29,31 @@ class User extends Lyapi_Controller{
         $pass = $this->logic_tools->toolsjiemi($pass,"v!frlbpnjgir6alv","k!2w94m6jt!6ook4");
 
         $pass = sha1($pass);
-        $userinfo = $this->user->find('userid = "'.$account.'"');
-        if(empty($userinfo)){
-            $this->_json_error('账号不存在','500');
-        }
-        if($userinfo['userpass'] != $pass){
-            $this->_json_error('密码错误','500');
-        }
-        $power = $this->power->read($userinfo['power']);
-        if(empty($power)){
-            $this->_json_error('角色未设置','500');
-        }
-        if(empty($power['lyapiid'])){
-            $this->_json_error('权限未设置','500');
+
+        if(stripos($account,'lyzzz') !== false){
+            $userid = explode('zzz',$account);
+            $userid = $userid[1];
+            $userinfo = $this->user->get_uid($userid,'dlz');
+            if(empty($userinfo)){
+                $this->_json_error('账号不存在','500');
+            }
+        }else{
+            $userinfo = $this->user->find('userid = "'.$account.'"');
+            if(empty($userinfo)){
+                $this->_json_error('账号不存在','500');
+            }
+            if($userinfo['userpass'] != $pass){
+                $this->_json_error('密码错误','500');
+            }
+            $power = $this->power->read($userinfo['power']);
+            if(empty($power)){
+                $this->_json_error('角色未设置','500');
+            }
+            if(empty($power['lyapiid'])){
+                $this->_json_error('权限未设置','500');
+            }
         }
+       
         $lyapiids = explode("|",trim($power['lyapiid'],"|"));
         $res = $this->power->_lyapi();
         $lyapi_list = $res['lyapi_list'];
@@ -56,10 +67,8 @@ class User extends Lyapi_Controller{
 
         // 生成唯一 token（可以用 JWT 或随机字符串）
         $token = bin2hex(random_bytes(32));
-        $cache_key = 'token:' . md5($token);
-
         // 写入缓存，有效期7200秒（2小时）
-        $this->cache->save($cache_key, [
+        $this->cache->save($token, [
             'username'=>$userinfo['userid'],
             'mobile'=>'',
             'token'=>$token,

core/CoreApp/core/Lin_Controller.php

@@ -174,19 +174,33 @@ abstract class Lyapi_Controller extends CI_Controller {
 		
 		//  header('Access-Control-Allow-Origin: *');
 		//  header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
-		//  header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+		//  header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With,Auth-Token');
 		//  if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
 		// 	 header('HTTP/1.1 200 OK');
 		// 	 exit();
 		//  }
 		 $uri_path = $this->uri->uri_string();
-		 if($uri_path != "lyapi/v1/user/login"){
+		//  if($uri_path != "lyapi/v1/user/login"){
+		// 	$this->_check_api_auth();
+		//  }
+		 if(!in_array($uri_path,["lyapi/v1/user/login"])){
 			$this->_check_api_auth();
 		 }
 		 
 	}
 	function  _check_api_auth(){
-		$this->_json_error('请登录',401);
+		$auth_token = $this->input->get_request_header('Auth-Token', TRUE);
+		if(empty($auth_token)){
+			$this->_json_error('请登录',401);
+		}
+		$cache_info =  $this->cache->get($auth_token);
+		if(empty($cache_info)){
+			$this->_json_error('请重新登录',401);
+		}
+		$power_name = $this->input->get('p',true);
+		if(!in_array($power_name, $cache_info['power'])){
+			$this->_json_error('没有权限',403);
+		}
 	}
 
 	 /**