Browse Source

惠州石化岗检信息平台可任意篡改用户的登录IP

matianxiang 2 months ago
parent
commit
052df2bcd8

+ 4 - 0
eitc-admin/src/main/java/com/eitc/web/controller/system/SysUserController.java

@@ -146,6 +146,8 @@ public class SysUserController extends BaseController
146 146
         }
147 147
         user.setCreateBy(getUsername());
148 148
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
149
+        user.setLoginIp(null);
150
+        user.setLoginDate(null);
149 151
         return toAjax(userService.insertUser(user));
150 152
     }
151 153
 
@@ -172,6 +174,8 @@ public class SysUserController extends BaseController
172 174
             return error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
173 175
         }
174 176
         user.setUpdateBy(getUsername());
177
+        user.setLoginIp(null);
178
+        user.setLoginDate(null);
175 179
         return toAjax(userService.updateUser(user));
176 180
     }
177 181