From b16509ff0a9a9124ff9842333d54477f9a861741 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Mon, 27 Mar 2023 21:32:04 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E4=BF=AE=E6=94=B9userid?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/sys_admin_user_edit.php          | 22 +++++++++++++++++++---
 src/admin/templets/sys_admin_user_edit.htm |  3 ++-
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/src/admin/sys_admin_user_edit.php b/src/admin/sys_admin_user_edit.php
index 6e440e72..56e3d6ed 100644
--- a/src/admin/sys_admin_user_edit.php
+++ b/src/admin/sys_admin_user_edit.php
@@ -41,13 +41,29 @@ if ($dopost == 'saveedit') {
         $typeid = join(',', $typeids);
         if ($typeid == '0') $typeid = '';
     }
+    $olduserid = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $olduserid);
+    $userid = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userid);
+    $usql = "";
+    if ($olduserid !== $userid) {
+        $row = $dsql->GetOne("SELECT mid FROM `#@__member` WHERE userid LIKE '$userid' ");
+        if (is_array($row)) {
+            ShowMsg("您指定的会员名<span class='text-primary'>{$userid}</span>已存在，请使用别的会员名", "-1");
+            exit();
+        }
+        $row = $dsql->GetOne("SELECT id FROM `#@__admin` WHERE userid LIKE '$userid' ");
+        if (is_array($row)) {
+            ShowMsg("您指定的会员名<span class='text-primary'>{$userid}</span>已存在，请使用别的会员名", "-1");
+            exit();
+        }
+        $usql = ",userid='$userid'";
+    }
     if ($id != 1) {
-        $query = "UPDATE `#@__admin` SET uname='$uname',usertype='$usertype',tname='$tname',email='$email',typeid='$typeid' $pwd WHERE id='$id'";
+        $query = "UPDATE `#@__admin` SET uname='$uname',usertype='$usertype',tname='$tname',email='$email',typeid='$typeid' $pwd $usql WHERE id='$id'";
     } else {
-        $query = "UPDATE `#@__admin` SET uname='$uname',tname='$tname',email='$email',typeid='$typeid' $pwd WHERE id='$id'";
+        $query = "UPDATE `#@__admin` SET uname='$uname',tname='$tname',email='$email',typeid='$typeid' $pwd $usql WHERE id='$id'";
     }
     $dsql->ExecuteNoneQuery($query);
-    $query = "UPDATE `#@__member` SET uname='$uname',email='$email'$pwdm WHERE mid='$id'";
+    $query = "UPDATE `#@__member` SET uname='$uname',email='$email'$pwdm $usql WHERE mid='$id'";
     $dsql->ExecuteNoneQuery($query);
     ShowMsg("成功修改一个用户", "sys_admin_user.php");
     exit();
diff --git a/src/admin/templets/sys_admin_user_edit.htm b/src/admin/templets/sys_admin_user_edit.htm
index a97d7324..2c51653f 100644
--- a/src/admin/templets/sys_admin_user_edit.htm
+++ b/src/admin/templets/sys_admin_user_edit.htm
@@ -17,9 +17,10 @@
 				<input type="hidden" name="dopost" value="saveedit">
 				<input type="hidden" name="_csrf_token" value="<?php echo $GLOBALS['csrf_token'];?>">
 				<input type="hidden" name="id" value="<?php echo $row['id']?>">
+				<input type="hidden" name="olduserid" value="<?php echo $row['userid']?>">
 				<tr>
 					<td width="260">会员名：</td>
-					<td><?php echo $row['userid']?></td>
+					<td><input type="text" name="userid" id="userid" value="<?php echo $row['userid']?>" class="admin-input-sm"></td>
 				</tr>
 				<tr>
 					<td>昵称：</td>