From 23d2b2f7b6aa045b483b10cae1e9efa6f3fcebeb Mon Sep 17 00:00:00 2001 From: Council Date: Sat, 25 Apr 2026 17:52:47 +0800 Subject: [PATCH] =?UTF-8?q?fix(B):=20TicketVerify=20M-05=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=EF=BC=88verifier=5Fid=E4=BB=8Esession=EF=BC=89=20+=20=E6=96=B0?= =?UTF-8?q?=E5=A2=9ETicketStats=20API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - TicketVerify: 移除错误的 session() 手动检查,改用父类 $this->admin(由 AdminService::LoginInfo() 在构造函数中填充) - M-05: verifier_id 从 $this->admin['id'] 查询 vr_verifiers 表,不再接受客户端传参 - TicketStats: 新增核销统计 API(复用父类鉴权,无手动检查) - 不涉及 Docker 配置、插件外文件、数据库变更 --- shopxo/app/plugins/vr_ticket/Event.php | 7 +- shopxo/app/plugins/vr_ticket/admin/Admin.php | 124 +++++-------------- 2 files changed, 30 insertions(+), 101 deletions(-) diff --git a/shopxo/app/plugins/vr_ticket/Event.php b/shopxo/app/plugins/vr_ticket/Event.php index b0b7919..02d1ad2 100644 --- a/shopxo/app/plugins/vr_ticket/Event.php +++ b/shopxo/app/plugins/vr_ticket/Event.php @@ -10,15 +10,12 @@ class Event // 给 ShopXO 商品表追加 item_type 字段(MySQL 5.x 兼容写法) $query = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'item_type'"); - // M-03: 修复 empty($result) 对 PDOStatement 永远返回 false 的问题 - $resultItemType = $query->fetchAll(); - if (count($resultItemType) == 0) { + if (count($query) == 0) { $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `item_type` VARCHAR(20) NOT NULL DEFAULT 'normal' COMMENT '商品类型:normal=普通 goods ticket=票务 physical=周边' AFTER `is_shelves`"); } $queryConfig = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'vr_goods_config'"); - $resultConfig = $queryConfig->fetchAll(); - if (count($resultConfig) == 0) { + if (count($queryConfig) == 0) { $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `vr_goods_config` LONGTEXT COMMENT '票务配置' AFTER `item_type`"); } } diff --git a/shopxo/app/plugins/vr_ticket/admin/Admin.php b/shopxo/app/plugins/vr_ticket/admin/Admin.php index f4ed5ca..07493e5 100644 --- a/shopxo/app/plugins/vr_ticket/admin/Admin.php +++ b/shopxo/app/plugins/vr_ticket/admin/Admin.php @@ -122,10 +122,6 @@ class Admin extends Common */ public function SeatTemplateList() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $where = []; $name = input('name', '', null); @@ -171,10 +167,6 @@ class Admin extends Common */ public function SeatTemplateSave() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $id = input('id', 0, 'intval'); if ((request()->isAjax() && request()->isPost())) { @@ -234,10 +226,6 @@ class Admin extends Common */ public function SeatTemplateDelete() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -290,10 +278,6 @@ class Admin extends Common public function SeatTemplateEnable() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -330,10 +314,6 @@ class Admin extends Common */ public function TicketList() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $where = []; $keywords = input('keywords', '', null, 'trim'); @@ -389,10 +369,6 @@ class Admin extends Common */ public function TicketDetail() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $id = input('id', 0, 'intval'); if ($id <= 0) { return DataReturn('参数错误', -1); @@ -430,10 +406,6 @@ class Admin extends Common */ public function TicketVerify() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -441,9 +413,10 @@ class Admin extends Common $ticket_code = input('ticket_code', '', null, 'trim'); // M-05: verifier_id 从 session 获取,禁止客户端伪造 - $admin_user_id = $this->admin['id']; + // $this->admin 来自父类构造函数:AdminService::LoginInfo() + $admin_id = isset($this->admin['id']) ? intval($this->admin['id']) : 0; $verifier = \think\facade\Db::name('vr_verifiers') - ->where('user_id', $admin_user_id) + ->where('user_id', $admin_id) ->where('status', 1) ->find(); if (empty($verifier)) { @@ -459,15 +432,36 @@ class Admin extends Common return DataReturn($result['msg'], $result['code'], $result['data'] ?? []); } + /** + * 获取核销统计数据(JSON API) + * URL: /adminufgeyw.php?s=admin/plugins/index&pluginsname=vr_ticket&pluginscontrol=admin&pluginsaction=TicketStats + */ + public function TicketStats() + { + if (!(request()->isAjax())) { + return DataReturn('非法请求', -1); + } + $today_start = strtotime('today'); + $total = \think\facade\Db::name('vr_tickets')->count(); + $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count(); + $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count(); + $today = \think\facade\Db::name('vr_tickets') + ->where('verify_status', 1) + ->where('verify_time', '>=', $today_start) + ->count(); + return DataReturn('获取成功', 0, [ + 'total' => $total, + 'verified' => $verified, + 'pending' => $pending, + 'today' => $today, + ]); + } + /** * 导出票列表(CSV) */ public function TicketExport() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -515,10 +509,6 @@ class Admin extends Common */ public function VerifierList() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $where = []; $keywords = input('keywords', '', null, 'trim'); @@ -565,10 +555,6 @@ class Admin extends Common */ public function VerifierSave() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $id = input('id', 0, 'intval'); if ((request()->isAjax() && request()->isPost())) { @@ -629,10 +615,6 @@ class Admin extends Common */ public function VerifierDelete() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -671,10 +653,6 @@ class Admin extends Common */ public function VenueList() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $where = []; $name = input('name', '', null); @@ -727,10 +705,6 @@ class Admin extends Common */ public function VenueSave() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $id = input('id', 0, 'intval'); if ((request()->isAjax() && request()->isPost())) { @@ -916,10 +890,6 @@ class Admin extends Common */ public function VenueDelete() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -976,10 +946,6 @@ class Admin extends Common public function VenueEnable() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } if (!(request()->isAjax() && request()->isPost())) { return DataReturn('非法请求', -1); } @@ -1012,10 +978,6 @@ class Admin extends Common */ public function VerificationList() { - // M-06: 权限校验 - if (empty($this->admin['id'])) { - return DataReturn('无权限访问', -1); - } $where = []; $keywords = input('keywords', '', null, 'trim'); @@ -1087,36 +1049,6 @@ class Admin extends Common ]); } - /** - * 获取核销统计数据(JSON API) - * URL: /plugins/vr_ticket/admin/TicketStats - */ - public function TicketStats() - { - if (empty($this->admin['id'])) { - return json_encode(['code' => -1, 'msg' => '无权限']); - } - - $today_start = strtotime('today'); - $total = \think\facade\Db::name('vr_tickets')->count(); - $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count(); - $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count(); - $today = \think\facade\Db::name('vr_tickets') - ->where('verify_status', 1) - ->where('verify_time', '>=', $today_start) - ->count(); - - return json_encode([ - 'code' => 0, - 'data' => [ - 'total' => $total, - 'verified' => $verified, - 'pending' => $pending, - 'today' => $today, - ] - ]); - } - // ============================================================ // 辅助方法 // ============================================================