Home Explore Help
Register Sign In
wangyu
/
eitc-erm-java
Watch 1
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

惠州石化岗检信息平台可任意篡改用户的登录IP

matianxiang 2 months ago
parent
e00d9165be
commit
052df2bcd8
1 changed files with 4 additions and 0 deletions
Unified View Show Diff Stats
  1. 4 0
      eitc-admin/src/main/java/com/eitc/web/controller/system/SysUserController.java

+ 4 - 0
eitc-admin/src/main/java/com/eitc/web/controller/system/SysUserController.java
View File 

@@ -146,6 +146,8 @@ public class SysUserController extends BaseController
146 
         }
 146 
         }
147 
         user.setCreateBy(getUsername());
 147 
         user.setCreateBy(getUsername());
148 
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
 148 
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
149 
+        user.setLoginIp(null);
150 
+        user.setLoginDate(null);
149 
         return toAjax(userService.insertUser(user));
 151 
         return toAjax(userService.insertUser(user));
150 
     }
 152 
     }
151
153 
 
@@ -172,6 +174,8 @@ public class SysUserController extends BaseController
172 
             return error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
 174 
             return error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
173 
         }
 175 
         }
174 
         user.setUpdateBy(getUsername());
 176 
         user.setUpdateBy(getUsername());
177 
+        user.setLoginIp(null);
178 
+        user.setLoginDate(null);
175 
         return toAjax(userService.updateUser(user));
 179 
         return toAjax(userService.updateUser(user));
176 
     }
 180 
     }
177
181