c581395a9c
feat(Phase2): Issue 1 修复购买提交流程
...
- Goods.php: 注入 seatSpecMap 到票务模板
- ticket_detail.html: submit() 改 POST + 4维spec数组
关键修复:
- submit() 使用隐藏表单 POST 到 Buy 链路(不再用 location.href)
- spec 从 seatSpecMap[seatKey].spec 读取完整4维数组
- extension_data 嵌套在 order_base 内
- 直接 JSON.stringify,不需要 base64
2026-04-21 11:41:59 +08:00
9f3a46e5a1
fix(vr_ticket): 修复硬删除按钮 + 清理残留代码
...
1. Admin.php SeatTemplateDelete/VenueDelete:
- is_delete → is_delete_time(ShopXO Goods 表软删除字段)
- VenueDelete 新增 value='hard' 参数支持(兼容 submit-ajax)
2. list.html:
- 删除按钮从 btn-open-delete-confirm 改为 submit-ajax
- 删除按钮移出条件判断,始终可见
- 移除残留的 old modal + custom JS handler
3. 清理 shopxo/app/event.php 变动(还原)
2026-04-20 18:06:23 +08:00
95346206dc
fix: 移除不存在的座位模板菜单 + 调整删除提示文案 + 取消阻塞式商品关联检查
...
1. Hook.php:移除 'plugins-vr_ticket-seat' 菜单项(对应 view 文件已删除)
2. Admin.php VenueDelete/SeatTemplateDelete:
- 移除硬删除前的商品关联阻塞检查
- 改为直接删除 + 在返回结果中附带 has_goods 标记
- 审计日志记录 has_goods 字段
3. view/venue/list.html:删除确认弹窗文案改为
'删除后,关联商品的场馆信息将被自动清除'
2026-04-20 15:48:11 +08:00
df8353a697
feat: 真删除功能 + 三按钮布局 + seat_template 视图补全
...
后端(Admin.php):
- SeatTemplateDelete/VenueDelete:新增 hard_delete 参数
- hard_delete=0(默认):软删除(status→0),返回'已禁用'
- hard_delete=1:真删除,先检查商品关联再 DELETE
- SeatTemplateEnable/VenueEnable:新增启用 API,含审计日志
前端(view/venue/list.html):
- 按钮改为三按钮布局:编辑 / 禁用/启用 / 删除
- 删除按钮点击后弹出警告弹窗
- 警告:删除记录不会导致已上架商品内容变动
- 若需同步,请编辑对应商品并保存
- 禁用/启用按钮使用 submit-ajax,data-view=reload 自动刷新
新增(admin/view/seat_template/):
- list.html:座位模板列表(三按钮布局,与 venue/list.html 相同)
- save.html:座位模板编辑页(基础版,seat_map 由 venue 编辑器管理)
2026-04-20 15:08:27 +08:00
c03737308b
fix(Admin): 改用 random_int() CSPRNG,修正 UUID v4 版本/变体位
...
mt_rand() → random_int()(防种子预测)
版本号 nibble: 8 → 4(符合 RFC 4122 UUID v4)
变体位保持 10xx 格式不变
2026-04-20 13:21:44 +08:00
1244adfaae
feat(Admin): SeatTemplateSave 时为无 id 的 room 生成 UUID
...
兜底逻辑:在保存场馆模板时,遍历 rooms,
若 room.id 为空则用 time()+mt_rand 生成唯一 UUID。
不修改已有数据的读取逻辑(读取端已有 room_N 兼容兜底)。
2026-04-20 12:58:19 +08:00
2452fde466
refactor(vr_ticket): full plugin restructure - Admin.php root pattern + Hook.php
...
Phase 2 completion - complete backend management rebuild:
Plugin architecture change (旧 → 新):
- 删: admin/controller/ 子目录多控制器 → 留: admin/Admin.php 单控制器
- 删: admin/view/ → 留: view/{module}/
- 删: EventListener.php, app.php, plugin.json → 留: Hook.php, config.json
New files:
- Hook.php: 插件钩子入口(侧边栏菜单 + 订单支付处理)
- config.json: 插件配置(is_enable 等)
- install.sql / uninstall.sql: 安装卸载脚本
- view/venue/list.html, save.html: 场馆管理视图(AmazeUI)
- view/admin/setup.html: 插件设置页
Modified files:
- service/AuditService.php, BaseService.php, SeatSkuService.php, TicketService.php
- admin/Admin.php: 全新 Admin.php 根目录控制器
ShopXO core changes:
- app/index/controller/Goods.php: ticket 类型商品详情页路由
- app/service/AdminPowerService.php: 权限系统适配
- config/shopxo.php: 配置
AmazeUI frontend migration:
- All views migrated from LayUI to AmazeUI
- Vue 3 editor for venue/seat configuration
- CDN: unpkg.com → cdn.staticfile.net
Fixes included:
- Infinite loading (missing footer include)
- Vue3 textarea interpolation bug
- Template path resolution (../../../plugins/...)
- Hook return fields (id/url/is_show)
- DB field names verified from source
2026-04-17 00:46:00 +08:00
f6bcad6bfb
fix: 表名前缀修复 + 创建缺失的audit_log表
...
- BaseService::table() 从 'plugins_vr_' 改为 'vr_'
(原名 plugins_vr_seat_templates → ShopXO前缀后变成 vrt_plugins_vr_seat_templates,实际表名是 vrt_vr_seat_templates)
- Admin.php 所有硬编码 Db::name('plugins_vr_xxx') 改为 Db::name('vr_xxx')
- 在数据库创建缺失的 vrt_vr_audit_log 表
2026-04-16 17:23:40 +08:00
35c10a7f66
council(security): SecurityEngineer - add missing VenueList methods + security audit
...
Security findings:
- SQL injection: LOW (query builder + parameter binding)
- XSS: LOW (ThinkPHP auto-escape, no |raw detected)
- Path traversal: LOW (all view paths hardcoded)
- CSRF: MEDIUM (ShopXO framework-level gap, out of scope for plugin)
Critical fix: admin/Admin.php was missing VenueList(), VenueSave(),
VenueDelete() — sidebar URL "/plugins/vr_ticket/admin/venueList" would
return 500 error. Added all three methods with v3.0 seat_map support.
P1 garbled name: documented DB fix SQL for shx_plugins + vrt_power tables.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 08:53:41 +08:00
000a0990e7
council(round3): merge main (BackendArchitect Phase 2 fixes) + FrontendDev Admin.php routing
...
BackendArchitect 贡献:
- Vrticket.php (app/admin/controller/) - 独立后台控制器
- 视图复制到 app/admin/view/default/plugins/view/vr_ticket/admin/view/
- admin/controller/Plugins.php - 插件路由入口
- admin/controller/Venue.php + view/venue/ - 场馆管理
- app.php - 插件主文件
FrontendDev 贡献(本次):
- admin/Admin.php - 统一入口控制器(admin/ 子目录模式)
- plugin.json - sidebar URL 改为 camelCase 格式匹配 ucfirst()
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 08:35:26 +08:00
b41e268a77
council(round3): FrontendDev - fix admin/Admin.php routing + camelCase sidebar URLs
...
路由分析结论:
- PluginsService::PluginsControlCall 使用 ucfirst() 转换类名
- sidebar URL /plugins/vr_ticket/admin/seatTemplateList
- → class=\app\plugins\vr_ticket\admin\Admin, method=SeatTemplateList()
- admin/Admin.php 方法名使用 camelCase 与 URL 匹配
修改内容:
- admin/Admin.php: 更新注释,方法名已使用 camelCase ✓
- plugin.json: sidebar URL 从 snake_case 改为 camelCase 格式
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 08:34:50 +08:00
5749edf6ad
fix(Phase 2): 修复后台路由+视图路径,Vrticket控制器上线
...
- 新增 Vrticket.php(ThinkPHP小写路由约定,类名Vrticket)
- 修复视图标签:{include} → {{include}}(ShopXO使用{{}}分隔符)
- 视图文件同步到 app/admin/view/default/plugins/view/vr_ticket/
- 插件控制器类名 Seattemplate(ThinkPHP路由适配)
- plugin.json 新增场馆配置菜单项
- 删除废弃的 plugins/index.html 符号链接
- 自动载入:app.php 注册 app\plugins\ 命名空间映射
2026-04-16 07:59:27 +08:00
49e256a9ab
feat(Phase 3-1): Vue3 交互式场馆配置表单编辑器 save.html
...
- admin/view/venue/save.html:Vue3 CDN 嵌入
- 实时彩色座位预览(每格 30x30px,背景色=zone.color,悬浮显示座位号/分区/价格)
- 动态增删分区(char/name/price/color + 预设色板)
- 每排座位行编辑器(动态 input)
- 双向同步:改 zone char/color → 预览即时刷新
- 初始默认值:3 区(VIP区/看台区/普通区),6座/排
- mounted() 回填:zones_json / map_json / venue_json
- computed 序列化:zonesJson / seatMapRowsJson / venueJson → 隐藏字段
- Venue.php 补充:新增 venue_json 字段供 Vue3 回填
- venue_json = {name, address, image}
关联:docs/11_EDITOR_AND_INJECTION_DESIGN.md v3.0
2026-04-15 22:06:21 +08:00
136efb9b92
feat(Phase 3-1): Venue.php CRUD + list.html + BatchGenerate venue.name 动态读取
...
- 新增 admin/controller/Venue.php:场馆配置 CRUD
- list(): 解析 seat_map.venue.name 展示,zone_count / seat_count
- save(): 构建 v3.0 seat_map JSON(venue + map + seats + sections)
- delete(): 软删除 + 审计日志
- preview(): 调试接口,返回 seat_map JSON + seat_count
- 新增 admin/view/venue/list.html:场馆列表页
- 改造 SeatSkuService.php BatchGenerate:
- ensureVrSpecTypes() 增加 $venueName 参数
- $vr-场馆 spec 值从 seat_map.venue.name 读取,不再硬编码
- 降级:取模板 name 或 '未命名场馆'
关联:docs/11_EDITOR_AND_INJECTION_DESIGN.md v3.0
2026-04-15 22:02:03 +08:00
deacdedb01
council(execute): BackendArchitect - restore view files from merge conflict
...
Resolve Round 4 merge conflict by restoring verifier views and ticket
detail from commit 6f49b8355
2026-04-15 14:23:16 +08:00
59928d1196
Merge council/FrontendDev: complete admin views + export button fix
...
Resolves merge conflicts:
- Verifier.php: keep parent (CONCAT fix, fetch-then-map pattern)
- ticket/detail.html, verifier/list.html, verifier/save.html: stage as-is (no conflict markers)
2026-04-15 14:21:46 +08:00
b9ef6ef675
council(execute): BackendArchitect - fix Verification.php column() bug + S4 audit log design
...
- Fix Verification.php:55 - ThinkPHP column() does not support multi-field
mapping; replaced with select() + PHP foreach to build id-keyed array
- Add complete S4 audit log design to plan.md:
- vr_audit_log table already exists in EventListener.php
- AuditService interface design (log/getAdminContext/makeRequestId)
- Integration points table for all sensitive operations
- Append-only tamper-proof strategy
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:20:14 +08:00
2a6d7bdbf7
council(execute): FrontendDev - Round 4: export button fix + mark Phase 2 complete
...
- Fix P1 bug: ticket/list.html export button (GET→POST form) matching IS_AJAX_POST
- Mark all plan.md tasks complete (seat templates, tickets, verifiers, verifications views)
- BackendArchitect: AuditService.php (S4 design), Verifier.php CONCAT fix, Verification.php column() fix
- BackendArchitect: SeatTemplate.php countSeats fix, TicketService.php transaction fix
- BackendArchitect: EventListener.php audit_log table added
- SecurityEngineer: S1-S5 security audit complete
- [CONSENSUS: YES] all three agents vote YES
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:20:03 +08:00
1d24075f4c
Merge council/BackendArchitect: add missing verifier views + fix Verifier.php CONCAT bug
2026-04-15 14:12:24 +08:00
255c8ed2bf
council(review): SecurityEngineer - Phase 2 security audit complete + P1 Verifier.php fix
...
Security audit findings (Task S1/S2/S3/S5 done):
- Task S1: Admin auth chain verified (Base extends Common OK)
- Task S2: SQL injection audit complete (no injection, P1 code bug found)
- FIXED: Verifier.php:45 CONCAT column() syntax error → select()+PHP concat
- Task S3: XSS/CSRF audit complete (no risk in admin context)
- Task S5: IDOR audit complete (admin context acceptable)
- Task S4 (audit log design): still pending
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:11:43 +08:00
8ca3b2d67b
council(execute): FrontendDev - merge Round 3 view files to main
...
FrontendDev Round 3 deliverables:
- All 7 admin view files (new + URL fixes)
- Resolve plan.md conflict: keep merged version + add Round 3 summary
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:11:36 +08:00
6f49b8355c
council(execute): BackendArchitect - add missing verifier views + fix CONCAT bug in Verifier.php
...
Round 3 completed:
- NEW: verifier/list.html (Layui table + search + enable/disable)
- NEW: verifier/save.html (user select + name + status form)
- NEW: ticket/detail.html (QR code + manual verify form)
- FIX: Verifier.php CONCAT column() → select() + PHP concat (P1)
- FIX: Ticket.php detail() adds $verifiers list for detail.html
- UPDATE: plan.md marks B1~B5 Done, S1~S5 pending SecurityEngineer
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:11:35 +08:00
649ae484e8
council(execute): FrontendDev - Round 3: complete all admin view files
...
- Fix all MyUrl() → PluginsAdminUrl() in seat_template/list.html, save.html
- Fix ticket/list.html + verification/list.html URLs
- Create ticket/detail.html (QR code, ticket info, goods/verifier linkage)
- Create verifier/list.html (search, status filter, disable)
- Create verifier/save.html (user select, name, status toggle)
- Update plan.md task status
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:10:33 +08:00
b768d34dff
council(execute): BackendArchitect - fix P0/P1 blocking issues in Phase 2
...
[P0] Fix plugin Base controller to extend ShopXO Common class:
- Now extends Common instead of standalone class
- Automatically gets IsLogin() + IsPower() + ViewInit()
- All child controllers (SeatTemplate/Ticket/Verifier/Verification) inherit fix
[P1] Fix code bugs found during codebase analysis:
- Verifier.php: column('nickname|username', 'id') → CONCAT SQL (syntax error)
- SeatTemplate.php: countSeats() wrong logic (count × rows → per-row scan)
- Ticket.php: verify() returned view on POST → always JSON
- Ticket.php: detail() returned view on error → JSON
- SeatTemplate.php: delete() returned view on POST → JSON, plus soft-delete
[P1] Fix verifyTicket() in TicketService:
- Wrap in Db::transaction() for atomicity
- Add SELECT ... FOR UPDATE pessimistic lock to prevent double-verify
- Add try/catch with error logging
[P2] Fix export() memory issue:
- Replace select() with cursor() to avoid OOM on large datasets
Also: update plan.md with Round 2 findings, claim Task B1/B2/B3/B5
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-15 14:03:00 +08:00
1afd547444
feat: import ShopXO v6.8.0 sourcecode (vendor/runtime excluded)
...
- ShopXO core + plugins/vr_ticket
- Goods.php item_type=ticket routing (Phase 1)
- vr_ticket plugin skeleton (Phase 0/1)
- Admin auth Base controller (Phase 2)
- All Phase 0/1/2 code included
Closes: tracks all ShopXO core modifications in monorepo
2026-04-15 13:09:44 +08:00
Council