diff --git a/app/Http/Controllers/Guest/OrderController.php b/app/Http/Controllers/Guest/OrderController.php index 9bddca33..13315c27 100644 --- a/app/Http/Controllers/Guest/OrderController.php +++ b/app/Http/Controllers/Guest/OrderController.php @@ -18,6 +18,9 @@ class OrderController extends Controller { public function alipayNotify(Request $request) { + if (!(int)config('v2board.alipay_enable')) { + die('fail'); + } // Log::info('alipayNotifyData: ' . json_encode($_POST)); $gateway = Omnipay::create('Alipay_AopF2F'); $gateway->setSignType('RSA2'); //RSA/RSA2 @@ -57,6 +60,9 @@ class OrderController extends Controller { // Log::info('stripeNotifyData: ' . json_encode($request->input())); + if (!(int)config('v2board.stripe_alipay_enable') && !(int)config('v2board.stripe_wepay_enable')) { + die('fail'); + } \Stripe\Stripe::setApiKey(config('v2board.stripe_sk_live')); try { $event = \Stripe\Webhook::constructEvent( @@ -99,6 +105,9 @@ class OrderController extends Controller public function bitpayXNotify(Request $request) { + if (!(int)config('v2board.bitpayx_enable')) { + die('fail'); + } $inputString = file_get_contents('php://input', 'r'); // Log::info('bitpayXNotifyData: ' . $inputString); $inputStripped = str_replace(array("\r", "\n", "\t", "\v"), '', $inputString); @@ -132,6 +141,9 @@ class OrderController extends Controller public function mgateNotify(Request $request) { + if (!(int)config('v2board.mgate_enable')) { + die('fail'); + } $mgate = new MGate(config('v2board.mgate_url'), config('v2board.mgate_app_id'), config('v2board.mgate_app_secret')); if (!$mgate->verify($request->input())) { abort(500, 'fail'); @@ -144,6 +156,9 @@ class OrderController extends Controller public function epayNotify(Request $request) { + if (!(int)config('v2board.epay_enable')) { + die('fail'); + } $epay = new Epay(config('v2board.epay_url'), config('v2board.epay_pid'), config('v2board.epay_key')); if (!$epay->verify($request->input())) { abort(500, 'fail'); diff --git a/app/Http/Controllers/Staff/UserController.php b/app/Http/Controllers/Staff/UserController.php index 20ee14d4..bf16f1d2 100644 --- a/app/Http/Controllers/Staff/UserController.php +++ b/app/Http/Controllers/Staff/UserController.php @@ -17,8 +17,13 @@ class UserController extends Controller if (empty($request->input('id'))) { abort(500, '参数错误'); } + $user = User::where('is_admin', 0) + ->where('id', $request->input('id')) + ->where('is_staff', 0) + ->first(); + if (!$user) abort(500, '用户不存在'); return response([ - 'data' => User::find($request->input('id')) + 'data' => $user ]); } diff --git a/app/Http/Controllers/User/UserController.php b/app/Http/Controllers/User/UserController.php index c8688b47..6ae3c679 100755 --- a/app/Http/Controllers/User/UserController.php +++ b/app/Http/Controllers/User/UserController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers\User; use App\Http\Controllers\Controller; +use App\Http\Requests\User\UserTransfer; use App\Http\Requests\User\UserUpdate; use App\Http\Requests\User\UserChangePassword; use Illuminate\Http\Request; @@ -162,15 +163,12 @@ class UserController extends Controller ]); } - public function transfer(Request $request) + public function transfer(UserTransfer $request) { $user = User::find($request->session()->get('id')); if (!$user) { abort(500, __('user.user.transfer.user_not_exist')); } - if ($request->input('transfer_amount') <= 0) { - abort(500, __('user.user.transfer.params_wrong')); - } if ($request->input('transfer_amount') > $user->commission_balance) { abort(500, __('user.user.transfer.insufficient_commission_balance')); } diff --git a/app/Http/Requests/User/UserTransfer.php b/app/Http/Requests/User/UserTransfer.php new file mode 100644 index 00000000..d1928e15 --- /dev/null +++ b/app/Http/Requests/User/UserTransfer.php @@ -0,0 +1,29 @@ + 'required|integer|min:1' + ]; + } + + public function messages() + { + return [ + 'transfer_amount.required' => '划转金额不能为空', + 'transfer_amount.integer' => __('user.user.transfer.params_wrong'), + 'transfer_amount.min' => __('user.user.transfer.params_wrong') + ]; + } +}