|
|
@@ -57,7 +57,7 @@ class OauthController extends BaseController
|
|
|
if($isDec==1 && $item['allow']=='declarer'){
|
|
|
return true;
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
@@ -95,7 +95,9 @@ class OauthController extends BaseController
|
|
|
* @throws \yii\base\Exception
|
|
|
*/
|
|
|
public function actionLogin() {
|
|
|
- $userName = Yii::$app->request->post('userName');
|
|
|
+ $userName = preg_replace("/[^A-Z0-9]/", "", Yii::$app->request->post('userName'));
|
|
|
+ $posts = Yii::$app->request->post();
|
|
|
+ $posts['userName'] = $userName;
|
|
|
$model = new LoginForm(
|
|
|
[
|
|
|
'userName' =>$userName
|
|
|
@@ -106,7 +108,7 @@ class OauthController extends BaseController
|
|
|
}else {
|
|
|
$model->scenario = 'login';
|
|
|
}
|
|
|
- if ($model->load(Yii::$app->request->post(), '') && $model->login()) {
|
|
|
+ if ($model->load($posts, '') && $model->login()) {
|
|
|
$token = Yii::$app->getUser()->getToken();
|
|
|
return static::notice($token);
|
|
|
} else {
|
|
|
@@ -201,4 +203,4 @@ class OauthController extends BaseController
|
|
|
return static::notice('非法访问', 400);
|
|
|
}
|
|
|
|
|
|
-}
|
|
|
+}
|
theo