diff --git a/webapp/controller/EquipController.class.php b/webapp/controller/EquipController.class.php index 2c75f10..0cbe128 100644 --- a/webapp/controller/EquipController.class.php +++ b/webapp/controller/EquipController.class.php @@ -78,6 +78,12 @@ class EquipController{ public function equipInfo() { $account_id = $_REQUEST['account_id']; + //登录校验 + $login = loginVerify($account_id, $_REQUEST['session_id']); + if (!$login) { + phpcommon\sendError(ERR_USER_BASE + 1, 'session无效'); + return; + } $conn = $this->getMysql($account_id); $equip_list = array(); if (!$conn) { @@ -136,6 +142,12 @@ class EquipController{ public function updateEquip() { $account_id = $_REQUEST['account_id']; + //登录校验 + $login = loginVerify($account_id, $_REQUEST['session_id']); + if (!$login) { + phpcommon\sendError(ERR_USER_BASE + 1, 'session无效'); + return; + } $conn = $this->getMysql($account_id); $skin_list = array(); if (!$conn) { @@ -199,6 +211,12 @@ class EquipController{ public function freeTryEquip() { $account_id = $_REQUEST['account_id']; + //登录校验 + $login = loginVerify($account_id, $_REQUEST['session_id']); + if (!$login) { + phpcommon\sendError(ERR_USER_BASE + 1, 'session无效'); + return; + } $conn = $this->getMysql($account_id); $equip_id = $_REQUEST['equip_id']; $equip_level = $_REQUEST['equip_level']; @@ -220,7 +238,7 @@ class EquipController{ )); if (!$row) { $ret = $conn->execScript('INSERT INTO equip(accountid, equip_id, equip_level, equip_experience_level, active_time) ' . - ' VALUES(:accountid, :equip_id, 1, 0, :active_time);', + ' VALUES(:accountid, :equip_id, 1, 9, :active_time);', array( ':accountid' => $account_id, ':equip_id' => $equip_id,