fix(B): TicketVerify M-05修复（verifier_id从session） + 新增TicketStats API

- TicketVerify: 移除错误的 session() 手动检查，改用父类 $this->admin（由 AdminService::LoginInfo() 在构造函数中填充）
- M-05: verifier_id 从 $this->admin['id'] 查询 vr_verifiers 表，不再接受客户端传参
- TicketStats: 新增核销统计 API（复用父类鉴权，无手动检查）
- 不涉及 Docker 配置、插件外文件、数据库变更

shopxo/app/plugins/vr_ticket/Event.php

@@ -10,15 +10,12 @@ class Event
         
         // 给 ShopXO 商品表追加 item_type 字段（MySQL 5.x 兼容写法）
         $query = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'item_type'");
-        // M-03: 修复 empty($result) 对 PDOStatement 永远返回 false 的问题
+        if (count($query) == 0) {
-        $resultItemType = $query->fetchAll();
-        if (count($resultItemType) == 0) {
             $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `item_type` VARCHAR(20) NOT NULL DEFAULT 'normal' COMMENT '商品类型：normal=普通 goods ticket=票务 physical=周边' AFTER `is_shelves`");
         }
 
         $queryConfig = $db->query("SHOW COLUMNS FROM `{$prefix}goods` LIKE 'vr_goods_config'");
-        $resultConfig = $queryConfig->fetchAll();
+        if (count($queryConfig) == 0) {
-        if (count($resultConfig) == 0) {
             $db->execute("ALTER TABLE `{$prefix}goods` ADD COLUMN `vr_goods_config` LONGTEXT COMMENT '票务配置' AFTER `item_type`");
         }
     }

shopxo/app/plugins/vr_ticket/admin/Admin.php

@@ -122,10 +122,6 @@ class Admin extends Common
      */
     public function SeatTemplateList()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $where = [];
 
         $name = input('name', '', null);
@@ -171,10 +167,6 @@ class Admin extends Common
      */
     public function SeatTemplateSave()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $id = input('id', 0, 'intval');
 
         if ((request()->isAjax() && request()->isPost())) {
@@ -234,10 +226,6 @@ class Admin extends Common
      */
     public function SeatTemplateDelete()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -290,10 +278,6 @@ class Admin extends Common
 
     public function SeatTemplateEnable()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -330,10 +314,6 @@ class Admin extends Common
      */
     public function TicketList()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $where = [];
 
         $keywords = input('keywords', '', null, 'trim');
@@ -389,10 +369,6 @@ class Admin extends Common
      */
     public function TicketDetail()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $id = input('id', 0, 'intval');
         if ($id <= 0) {
             return DataReturn('参数错误', -1);
@@ -430,10 +406,6 @@ class Admin extends Common
      */
     public function TicketVerify()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -441,9 +413,10 @@ class Admin extends Common
         $ticket_code = input('ticket_code', '', null, 'trim');
 
         // M-05: verifier_id 从 session 获取，禁止客户端伪造
-        $admin_user_id = $this->admin['id'];
+        // $this->admin 来自父类构造函数：AdminService::LoginInfo()
+        $admin_id = isset($this->admin['id']) ? intval($this->admin['id']) : 0;
         $verifier = \think\facade\Db::name('vr_verifiers')
-            ->where('user_id', $admin_user_id)
+            ->where('user_id', $admin_id)
             ->where('status', 1)
             ->find();
         if (empty($verifier)) {
@@ -459,15 +432,36 @@ class Admin extends Common
         return DataReturn($result['msg'], $result['code'], $result['data'] ?? []);
     }
 
+    /**
+     * 获取核销统计数据（JSON API）
+     * URL: /adminufgeyw.php?s=admin/plugins/index&pluginsname=vr_ticket&pluginscontrol=admin&pluginsaction=TicketStats
+     */
+    public function TicketStats()
+    {
+        if (!(request()->isAjax())) {
+            return DataReturn('非法请求', -1);
+        }
+        $today_start = strtotime('today');
+        $total = \think\facade\Db::name('vr_tickets')->count();
+        $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count();
+        $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count();
+        $today = \think\facade\Db::name('vr_tickets')
+            ->where('verify_status', 1)
+            ->where('verify_time', '>=', $today_start)
+            ->count();
+        return DataReturn('获取成功', 0, [
+            'total'    => $total,
+            'verified' => $verified,
+            'pending'  => $pending,
+            'today'    => $today,
+        ]);
+    }
+
     /**
      * 导出票列表（CSV）
      */
     public function TicketExport()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -515,10 +509,6 @@ class Admin extends Common
      */
     public function VerifierList()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $where = [];
 
         $keywords = input('keywords', '', null, 'trim');
@@ -565,10 +555,6 @@ class Admin extends Common
      */
     public function VerifierSave()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $id = input('id', 0, 'intval');
 
         if ((request()->isAjax() && request()->isPost())) {
@@ -629,10 +615,6 @@ class Admin extends Common
      */
     public function VerifierDelete()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -671,10 +653,6 @@ class Admin extends Common
      */
     public function VenueList()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $where = [];
 
         $name = input('name', '', null);
@@ -727,10 +705,6 @@ class Admin extends Common
      */
     public function VenueSave()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $id = input('id', 0, 'intval');
 
         if ((request()->isAjax() && request()->isPost())) {
@@ -916,10 +890,6 @@ class Admin extends Common
      */
     public function VenueDelete()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -976,10 +946,6 @@ class Admin extends Common
 
     public function VenueEnable()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         if (!(request()->isAjax() && request()->isPost())) {
             return DataReturn('非法请求', -1);
         }
@@ -1012,10 +978,6 @@ class Admin extends Common
      */
     public function VerificationList()
     {
-        // M-06: 权限校验
-        if (empty($this->admin['id'])) {
-            return DataReturn('无权限访问', -1);
-        }
         $where = [];
 
         $keywords = input('keywords', '', null, 'trim');
@@ -1087,36 +1049,6 @@ class Admin extends Common
         ]);
     }
 
-    /**
-     * 获取核销统计数据（JSON API）
-     * URL: /plugins/vr_ticket/admin/TicketStats
-     */
-    public function TicketStats()
-    {
-        if (empty($this->admin['id'])) {
-            return json_encode(['code' => -1, 'msg' => '无权限']);
-        }
-
-        $today_start = strtotime('today');
-        $total = \think\facade\Db::name('vr_tickets')->count();
-        $verified = \think\facade\Db::name('vr_tickets')->where('verify_status', 1)->count();
-        $pending = \think\facade\Db::name('vr_tickets')->where('verify_status', 0)->count();
-        $today = \think\facade\Db::name('vr_tickets')
-            ->where('verify_status', 1)
-            ->where('verify_time', '>=', $today_start)
-            ->count();
-
-        return json_encode([
-            'code' => 0,
-            'data' => [
-                'total'    => $total,
-                'verified' => $verified,
-                'pending'  => $pending,
-                'today'    => $today,
-            ]
-        ]);
-    }
-
     // ============================================================
     // 辅助方法
     // ============================================================