--- fenglin/bbs/section_master_service.php 2025/04/09 04:11:19 1.1 +++ fenglin/bbs/section_master_service.php 2025/04/23 05:13:56 1.4 @@ -1,4 +1,4 @@ - "master", - "errMsg" => "不能对自己操作", - )); - - mysqli_close($db_conn); - exit(json_encode($result_set)); - } - if (!$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M) || ($type == 1 && (!$_SESSION["BBS_priv"]->checkpriv($sid, S_ADMIN)))) { @@ -143,9 +131,11 @@ // Check existing section master $has_major = false; $user_found = false; + $user_type = 0; $sql = "SELECT UID, major FROM section_master - WHERE SID = $sid AND enable AND (NOW() BETWEEN begin_dt AND end_dt)"; + WHERE SID = $sid AND enable AND (NOW() BETWEEN begin_dt AND end_dt) + FOR UPDATE"; $rs = mysqli_query($db_conn, $sql); if ($rs == false) @@ -162,6 +152,7 @@ if ($uid == $row["UID"]) { $user_found = true; + $user_type = $row["major"]; } if (!$has_major && $row["major"]) @@ -183,16 +174,31 @@ exit(json_encode($result_set)); } - if ((!$user_found) && ($op == 2 || $op == 3)) + if ($op == 2 || $op == 3) { - $result_set["return"]["code"] = -1; - array_push($result_set["return"]["errorFields"], array( - "id" => "master", - "errMsg" => "未找到记录", - )); + if (!$user_found) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "master", + "errMsg" => "未找到记录", + )); + + mysqli_close($db_conn); + exit(json_encode($result_set)); + } + + if ($user_type == 1 && (!$_SESSION["BBS_priv"]->checkpriv($sid, S_ADMIN))) + { + $result_set["return"]["code"] = -1; + array_push($result_set["return"]["errorFields"], array( + "id" => "master", + "errMsg" => "没有管理员权限", + )); - mysqli_close($db_conn); - exit(json_encode($result_set)); + mysqli_close($db_conn); + exit(json_encode($result_set)); + } } switch($op)