From feb780157f86ff334c671fa86be871549aab0425 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BC=97=E4=BA=A7-=E7=8E=8B=E5=9D=A4?= Date: Sun, 10 Aug 2025 10:39:57 +0800 Subject: [PATCH] upgolang --- route_adm.go | 25 +- web/admin/ap/paper.go | 16 +- web/admin/autotask/task.go | 2 +- web/admin/common.go | 38 +- web/admin/common.php | 20 +- web/admin/datasse/index.go | 4 +- web/admin/demo/catlist.html | 251 ++++++++ web/admin/demo/catlist.php | 523 ++++++++++++++++ .../ecc_ukey_ad.html} | 0 .../ecc_ukey_ad.php} | 4 +- .../demo/{index_fb.html => dyn/index.html} | 24 +- .../{tool_realip.html => dyn/realip.html} | 0 .../demo/{tool_realip.php => dyn/realip.php} | 4 +- .../demo/{demo_rsa.html => dyn/rsa.html} | 0 web/admin/demo/{demo_rsa.php => dyn/rsa.php} | 4 +- .../demo/{demo_web3.html => dyn/web3.html} | 0 .../demo/{demo_web3.php => dyn/web3.php} | 4 +- web/admin/demo/{ => front}/demo_css.html | 0 web/admin/demo/{ => front}/demo_cssn.html | 0 web/admin/demo/{ => front}/demo_dom.html | 0 web/admin/demo/{ => front}/demo_drag.html | 0 web/admin/demo/{ => front}/demo_flip.html | 0 web/admin/demo/front/demo_gamepad.html | 48 ++ web/admin/demo/{ => front}/demo_jq.html | 0 web/admin/demo/{ => front}/demo_loading.html | 0 web/admin/demo/{ => front}/demo_proxy.html | 0 web/admin/demo/{ => front}/demo_shadow.html | 0 web/admin/demo/{ => front}/form_checkbox.html | 12 +- .../demo/{ => front}/form_daterange.html | 16 +- web/admin/demo/{ => front}/form_datetime.html | 16 +- web/admin/demo/{ => front}/form_inputbet.html | 20 +- web/admin/demo/{ => front}/form_inputcyc.html | 16 +- .../demo/{ => front}/form_inputunitedit.html | 16 +- web/admin/demo/{ => front}/form_map.html | 16 +- web/admin/demo/{ => front}/form_md.html | 12 +- web/admin/demo/{ => front}/form_radio.html | 12 +- web/admin/demo/{ => front}/form_selcas.html | 12 +- web/admin/demo/{ => front}/form_select.html | 12 +- web/admin/demo/{ => front}/form_selmulti.html | 12 +- web/admin/demo/{ => front}/form_switch.html | 12 +- web/admin/demo/{ => front}/form_textarea.html | 16 +- .../demo/{ => front}/form_timepoint.html | 16 +- web/admin/demo/{ => front}/form_upload.html | 34 +- web/admin/demo/{ => front}/index.html | 20 +- .../{demo_ajax.html => front/win_ajax.html} | 2 +- .../{demo_alert.html => front/win_alert.html} | 2 +- .../win_alertcb.html} | 2 +- .../win_button.html} | 2 +- .../win_showend.html} | 2 +- .../win_tabcard.html} | 0 .../{demo_toast.html => front/win_toast.html} | 2 +- web/admin/demo/lineedit.html | 116 ++++ web/admin/demo/lineedit.php | 138 +++++ web/admin/demo/multicat.html | 341 ++++++++++ web/admin/demo/multicat.php | 182 ++++++ web/admin/{ap/demo.go => demo/normal.go} | 108 ++-- web/admin/{ap/demo.html => demo/normal.html} | 0 web/admin/{ap/demo.php => demo/normal.php} | 52 +- web/admin/demo/safeop.html | 414 +++++++++++++ web/admin/demo/safeop.php | 582 ++++++++++++++++++ web/admin/demo/setpage.html | 244 ++++++++ web/admin/demo/setpage.php | 250 ++++++++ web/admin/demo/tool_alipaycb.html | 113 ---- web/admin/demo/ultable.html | 105 ++++ web/admin/demo/ultable.php | 84 +++ web/admin/index.go | 16 +- web/admin/index.html | 40 +- web/admin/login.go | 24 +- web/admin/login.php | 4 +- web/admin/rigger/admin.go | 30 +- web/admin/rigger/autotask.go | 16 +- web/admin/rigger/autotskrun.go | 16 +- web/admin/rigger/cata.go | 12 +- web/admin/rigger/cataindex.go | 12 +- web/admin/rigger/chgpass.go | 16 +- web/admin/rigger/chgpass.php | 2 +- web/admin/rigger/config.go | 12 +- web/admin/rigger/debug_user.go | 16 +- web/admin/rigger/depart.go | 20 +- web/admin/rigger/funcslow.go | 12 +- web/admin/rigger/logdb.go | 12 +- web/admin/rigger/logfile.go | 6 +- web/admin/rigger/menu.go | 26 +- web/admin/rigger/mock.go | 12 +- web/admin/rigger/online.go | 12 +- web/admin/rigger/power.go | 12 +- web/admin/rigger/role.go | 8 +- web/admin/rigger/role_u.go | 8 +- web/admin/rigger/statsdb.go | 4 +- web/admin/rigger/statsfunc.go | 12 +- web/admin/rigger/statssrv.go | 4 +- web/admin/upload.go | 8 +- web/admin/welcome.go | 4 +- web/admin/wsdemo/index.go | 2 +- web/admin/wsdemo/index.html | 4 +- web/jscss/ciy.js | 9 +- web/jscss/ciy_websocket.js | 152 +++++ web/jscss/ciycmp.js | 2 +- web/ud/demo/211215_6165.png | Bin 0 -> 11143 bytes zciyon/c.go | 10 +- zciyon/web.go | 26 +- zciyphp/comm.php | 7 - 102 files changed, 3997 insertions(+), 569 deletions(-) create mode 100644 web/admin/demo/catlist.html create mode 100644 web/admin/demo/catlist.php rename web/admin/demo/{demo_ecc_ukey_ad.html => dyn/ecc_ukey_ad.html} (100%) rename web/admin/demo/{demo_ecc_ukey_ad.php => dyn/ecc_ukey_ad.php} (94%) rename web/admin/demo/{index_fb.html => dyn/index.html} (73%) rename web/admin/demo/{tool_realip.html => dyn/realip.html} (100%) rename web/admin/demo/{tool_realip.php => dyn/realip.php} (98%) rename web/admin/demo/{demo_rsa.html => dyn/rsa.html} (100%) rename web/admin/demo/{demo_rsa.php => dyn/rsa.php} (98%) rename web/admin/demo/{demo_web3.html => dyn/web3.html} (100%) rename web/admin/demo/{demo_web3.php => dyn/web3.php} (97%) rename web/admin/demo/{ => front}/demo_css.html (100%) rename web/admin/demo/{ => front}/demo_cssn.html (100%) rename web/admin/demo/{ => front}/demo_dom.html (100%) rename web/admin/demo/{ => front}/demo_drag.html (100%) rename web/admin/demo/{ => front}/demo_flip.html (100%) create mode 100644 web/admin/demo/front/demo_gamepad.html rename web/admin/demo/{ => front}/demo_jq.html (100%) rename web/admin/demo/{ => front}/demo_loading.html (100%) rename web/admin/demo/{ => front}/demo_proxy.html (100%) rename web/admin/demo/{ => front}/demo_shadow.html (100%) rename web/admin/demo/{ => front}/form_checkbox.html (90%) rename web/admin/demo/{ => front}/form_daterange.html (83%) rename web/admin/demo/{ => front}/form_datetime.html (83%) rename web/admin/demo/{ => front}/form_inputbet.html (84%) rename web/admin/demo/{ => front}/form_inputcyc.html (83%) rename web/admin/demo/{ => front}/form_inputunitedit.html (82%) rename web/admin/demo/{ => front}/form_map.html (82%) rename web/admin/demo/{ => front}/form_md.html (83%) rename web/admin/demo/{ => front}/form_radio.html (88%) rename web/admin/demo/{ => front}/form_selcas.html (89%) rename web/admin/demo/{ => front}/form_select.html (89%) rename web/admin/demo/{ => front}/form_selmulti.html (90%) rename web/admin/demo/{ => front}/form_switch.html (87%) rename web/admin/demo/{ => front}/form_textarea.html (81%) rename web/admin/demo/{ => front}/form_timepoint.html (83%) rename web/admin/demo/{ => front}/form_upload.html (85%) rename web/admin/demo/{ => front}/index.html (90%) rename web/admin/demo/{demo_ajax.html => front/win_ajax.html} (98%) rename web/admin/demo/{demo_alert.html => front/win_alert.html} (99%) rename web/admin/demo/{demo_alertcb.html => front/win_alertcb.html} (95%) rename web/admin/demo/{demo_button.html => front/win_button.html} (99%) rename web/admin/demo/{demo_showend.html => front/win_showend.html} (96%) rename web/admin/demo/{demo_tabcard.html => front/win_tabcard.html} (100%) rename web/admin/demo/{demo_toast.html => front/win_toast.html} (97%) create mode 100644 web/admin/demo/lineedit.html create mode 100644 web/admin/demo/lineedit.php create mode 100644 web/admin/demo/multicat.html create mode 100644 web/admin/demo/multicat.php rename web/admin/{ap/demo.go => demo/normal.go} (93%) rename web/admin/{ap/demo.html => demo/normal.html} (100%) rename web/admin/{ap/demo.php => demo/normal.php} (97%) create mode 100644 web/admin/demo/safeop.html create mode 100644 web/admin/demo/safeop.php create mode 100644 web/admin/demo/setpage.html create mode 100644 web/admin/demo/setpage.php delete mode 100644 web/admin/demo/tool_alipaycb.html create mode 100644 web/admin/demo/ultable.html create mode 100644 web/admin/demo/ultable.php create mode 100644 web/jscss/ciy_websocket.js create mode 100644 web/ud/demo/211215_6165.png diff --git a/route_adm.go b/route_adm.go index f32e092..3a5d625 100644 --- a/route_adm.go +++ b/route_adm.go @@ -7,6 +7,7 @@ import ( "ciyon/web/admin/ap" "ciyon/web/admin/autotask" "ciyon/web/admin/datasse" + "ciyon/web/admin/demo" "ciyon/web/admin/rigger" "ciyon/web/admin/wsdemo" c "ciyon/zciyon" @@ -130,16 +131,6 @@ func setWebRoute_adm(web *c.CiyWebServer) { }, }) web.RouterFunc("admin/ap", map[string]map[string]func(http.ResponseWriter, *http.Request) bool{ - "demo": { - "list": ap.Demo_list, - "del": ap.Demo_del, - "getdata": ap.Demo_getdata, - "update": ap.Demo_update, - "audit": ap.Demo_audit, - "exportxls": ap.Demo_exportxls, - "importxls_in": ap.Demo_importxls_in, - "importxls_data": ap.Demo_importxls_data, - }, "paper": { "init": ap.Paper_init, "update": ap.Paper_update, @@ -147,6 +138,18 @@ func setWebRoute_adm(web *c.CiyWebServer) { "del": ap.Paper_del, }, }) + web.RouterFunc("admin/demo", map[string]map[string]func(http.ResponseWriter, *http.Request) bool{ + "normal": { + "list": demo.Normal_list, + "del": demo.Normal_del, + "getdata": demo.Normal_getdata, + "update": demo.Normal_update, + "audit": demo.Normal_audit, + "exportxls": demo.Normal_exportxls, + "importxls_in": demo.Normal_importxls_in, + "importxls_data": demo.Normal_importxls_data, + }, + }) web.RouterFunc("admin/autotask", map[string]map[string]func(http.ResponseWriter, *http.Request) bool{ "task": { "main": autotask.Task_main, @@ -166,7 +169,7 @@ func setWebRoute_adm(web *c.CiyWebServer) { "logout": admin.Login_logout, "restorage": admin.Login_restorage, }, - "manage": { + "index": { "init": admin.Index_init, "favadd": admin.Index_favadd, "favdel": admin.Index_favdel, diff --git a/web/admin/ap/paper.go b/web/admin/ap/paper.go index 6d280e8..04db44f 100644 --- a/web/admin/ap/paper.go +++ b/web/admin/ap/paper.go @@ -22,7 +22,7 @@ func paper_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) { } func Paper_init(w http.ResponseWriter, r *http.Request) bool { post := c.NewCiyPost(w, r) - _, userid := admin.Verifyfast(c.CiyDB, post) + _, userid := admin.Verifyfast(r, c.CiyDB, post) if userid == 0 { return false } @@ -79,11 +79,11 @@ func Paper_init(w http.ResponseWriter, r *http.Request) bool { once["input"] = input ret["once"] = once } - return c.SuccJSON(w, ret) + return c.SuccJSON(w, r, ret) } func Paper_update(w http.ResponseWriter, r *http.Request) bool { post := c.NewCiyPost(w, r) - _, userid := admin.Verifyfast(c.CiyDB, post) + _, userid := admin.Verifyfast(r, c.CiyDB, post) if userid == 0 { return false } @@ -142,11 +142,11 @@ func Paper_update(w http.ResponseWriter, r *http.Request) bool { if err != nil { return c.ErrJSON(w, "事务"+err.Error()) } - return c.SuccJSON(w) + return c.SuccJSON(w, r) } func Paper_getdata(w http.ResponseWriter, r *http.Request) bool { post := c.NewCiyPost(w, r) - _, userid := admin.Verifyfast(c.CiyDB, post) + _, userid := admin.Verifyfast(r, c.CiyDB, post) if userid == 0 { return false } @@ -162,11 +162,11 @@ func Paper_getdata(w http.ResponseWriter, r *http.Request) bool { return c.ErrJSON(w, "读取失败:"+err.Error()) } } - return c.SuccJSON(w, ret) + return c.SuccJSON(w, r, ret) } func Paper_del(w http.ResponseWriter, r *http.Request) bool { post := c.NewCiyPost(w, r) - _, userid := admin.Verifyfast(c.CiyDB, post) + _, userid := admin.Verifyfast(r, c.CiyDB, post) if userid == 0 { return false } @@ -194,5 +194,5 @@ func Paper_del(w http.ResponseWriter, r *http.Request) bool { if err != nil { return c.ErrJSON(w, "事务"+err.Error()) } - return c.SuccJSON(w) + return c.SuccJSON(w, r) } diff --git a/web/admin/autotask/task.go b/web/admin/autotask/task.go index e867369..5d2a231 100644 --- a/web/admin/autotask/task.go +++ b/web/admin/autotask/task.go @@ -38,7 +38,7 @@ func Main() bool { } func Task_main(w http.ResponseWriter, r *http.Request) bool { post := c.NewCiyPost(w, r) - rsuser, err := admin.Verifyuser(c.CiyDB, post) + rsuser, err := admin.Verifyuser(r, c.CiyDB, post) if err != nil { w.Write([]byte("您未登录")) return false diff --git a/web/admin/common.go b/web/admin/common.go index b79c149..ab445f1 100644 --- a/web/admin/common.go +++ b/web/admin/common.go @@ -2,21 +2,31 @@ package admin import ( "fmt" + "net/http" "strings" + "sync" c "ciyon/zciyon" ) +var Gtokentype string //cookie(更安全,只支持https) 、 localstorage(兼容性好) var Gtokenfield string //header api field var Gtokensalt string //登录盐值 +var Gtokenswapsec int //更换JWT时间 +var Gtokenexpsec int //过期退出时间 var Gdefpass string //默认密码 +var Gusermap sync.Map //用户全局缓存 + func init() { + Gtokentype = "localstorage" Gtokenfield = "ciyadm" Gtokensalt = "bka02$59gG" + Gtokenswapsec = 3600 + Gtokenexpsec = 86400 * 7 Gdefpass = "1q2w" } -func Verifyfast(db *c.CiyMysql, post *c.CiyPost) (map[string]any, int) { - rsuser, err := Verifyuser(c.CiyDB, post) +func Verifyfast(r *http.Request, db *c.CiyMysql, post *c.CiyPost) (map[string]any, int) { + rsuser, err := Verifyuser(r, c.CiyDB, post) if err != nil { c.ErrJSON(post.W, "请重新登录", 2) return nil, 0 @@ -24,13 +34,13 @@ func Verifyfast(db *c.CiyMysql, post *c.CiyPost) (map[string]any, int) { return rsuser, c.Toint(rsuser["id"]) } -func Verifyuser(db *c.CiyMysql, post *c.CiyPost) (map[string]any, error) { - ciyauth := post.R.Header.Get(Gtokenfield) +func Verifyuser(r *http.Request, db *c.CiyMysql, post *c.CiyPost) (map[string]any, error) { + ciyauth := post.R.Header.Get("ciyauth") if ciyauth == "" { - ciyauth = c.GetQuery("_"+Gtokenfield, post.R) + ciyauth = c.GetQuery("_ciyauth", post.R) } if ciyauth == "" { - return nil, fmt.Errorf("verify nofind %v in header or query", Gtokenfield) + return nil, fmt.Errorf("verify nofind ciyauth header or query") } auth := c.Str_JSON(c.Encrypt(ciyauth, "D", Gtokensalt)) if auth == nil { @@ -48,6 +58,9 @@ func Verifyuser(db *c.CiyMysql, post *c.CiyPost) (map[string]any, error) { if c.Tostr(onlinerow["sid"]) != c.Tostr(auth["_s"]) { return nil, fmt.Errorf("verify sid not match oid=%v", onlinerow["id"]) } + if c.Toint(onlinerow["exptimes"]) < c.Tostamp()-Gtokenexpsec { + return nil, fmt.Errorf("verify exptimes timeout oid=%v", onlinerow["id"]) + } if c.Toint(onlinerow["usrchg"]) == 9 { csql := c.NewCiySQL("zc_admin") csql.Where("id", auth["_o"]) @@ -60,17 +73,24 @@ func Verifyuser(db *c.CiyMysql, post *c.CiyPost) (map[string]any, error) { } } if c.Toint(onlinerow["usrchg"]) == 2 { - post.W.Header().Set(Gtokenfield+"re", "true") + post.W.Header().Set("_re", "true") } if c.Toint(onlinerow["exptimes"]) > c.Tostamp() { return auth, nil } - exptimes := c.Tostamp() + 86400 + exptimes := c.Tostamp() + Gtokenswapsec sid := c.Randstr(10) auth["_s"] = sid authstr := c.JSON_Str(auth) newauth := c.Encrypt(authstr, "E", Gtokensalt) - post.W.Header().Set(Gtokenfield, newauth) + ctx := r.Context().Value(c.GhttpKey) + if ctx != nil { + reqCtx := ctx.(*c.RequestContext) + if reqCtx != nil { + reqCtx.CiyAuth = newauth + } + } + //post.W.Header().Set(Gtokenfield, newauth) userid := c.Toint(auth["id"]) db.UserID = userid updata := map[string]any{} diff --git a/web/admin/common.php b/web/admin/common.php index 690cc65..251f701 100644 --- a/web/admin/common.php +++ b/web/admin/common.php @@ -18,9 +18,9 @@ */ $_token = array(); -$_token['type'] = 'cookie'; //cookie(更安全) 、 localstorage(兼容性好) -$_token['swapsec'] = 3600; //更换JWT时间 -$_token['expsec'] = 86400*7; //过期退出时间 +$_token['type'] = 'localstorage'; //cookie(更安全,只支持https) 、 localstorage(兼容性好) +$_token['swapsec'] = 6; //更换JWT时间 +$_token['expsec'] = 86400 * 7; //过期退出时间 $_token['field'] = 'ciyadm'; $_token['salt'] = 'bka02$59gG'; //做数据加解密时的加密因子,每个项目都不要相同。 @@ -33,11 +33,11 @@ function verifyfast() { function verifyuser() { global $db; global $_token; - if (isset($_COOKIE[$_token['field']])) + if ($_token['type'] == 'cookie') $ciyauth = $_COOKIE[$_token['field']]; - else if (isset($_SERVER['HTTP_CIYAUTH'])) - $ciyauth = $_SERVER['HTTP_CIYAUTH']; else + $ciyauth = $_SERVER['HTTP_CIYAUTH']; + if (!$ciyauth) $ciyauth = get('_ciyauth'); $auth = json_decode(encrypt($ciyauth, 'D', $_token['salt']), true); if ($auth == null) @@ -76,12 +76,10 @@ function verifyuser() { $enauth = encrypt($authstr, 'E', $_token['salt']); if ($_token['type'] == 'cookie') { - $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly'; - if (ishttps()) - $headercookie .= '; SameSite=None; Secure'; - header($headercookie); //Cookie方式,安全性好 + $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly; SameSite=None; Secure'; + header($headercookie); } else { - $_token['__ciyauth'] = $enauth; //Localstorage方式,兼容性更好 + $_token['__ciyauth'] = $enauth; //header('_ciyauth: ' . $enauth); } return $auth; diff --git a/web/admin/datasse/index.go b/web/admin/datasse/index.go index 4780b9c..719d57e 100644 --- a/web/admin/datasse/index.go +++ b/web/admin/datasse/index.go @@ -13,7 +13,7 @@ func DataSSE_demo(w http.ResponseWriter, r *http.Request) bool { return false } post := c.NewCiyPost(w, r) - rsuser, err := admin.Verifyuser(c.CiyDB, post) + rsuser, err := admin.Verifyuser(r, c.CiyDB, post) if err != nil { c.SSESend_event(w, "请重新登录") return false @@ -43,7 +43,7 @@ func DataSSE_demo_ch(w http.ResponseWriter, r *http.Request) bool { return false } post := c.NewCiyPost(w, r) - rsuser, err := admin.Verifyuser(c.CiyDB, post) + rsuser, err := admin.Verifyuser(r, c.CiyDB, post) if err != nil { c.SSESend_event(w, "请重新登录") return false diff --git a/web/admin/demo/catlist.html b/web/admin/demo/catlist.html new file mode 100644 index 0000000..77a0093 --- /dev/null +++ b/web/admin/demo/catlist.html @@ -0,0 +1,251 @@ + + + + + + + + + + + + + +
+
+
    +
    +
    +
    + +
    +
    +
    + + +
    +
    +
    +
    +
    +
    + 添加管理员 + 导入 + 导出 +
    +
    +
    Loading...
    +
    +
    +
    +
    + 全选 + 反选 + | + 批量删除 +
    +
    +
    +
    +
    +
    + +
    + + + + + + + + + + + + \ No newline at end of file diff --git a/web/admin/demo/catlist.php b/web/admin/demo/catlist.php new file mode 100644 index 0000000..0ee3c51 --- /dev/null +++ b/web/admin/demo/catlist.php @@ -0,0 +1,523 @@ +get('query'); + $csql = new \ciy\sql('zc_admin'); + $csql->where('departid', $post->get('departid')); + $liid = objint($query, 'liid'); + if ($liid > 0) + $csql->where('stpstatus', $liid); + $csql->where('name like', objstr($query, 'name')); + $csql->where('mobile like', objstr($query, 'mobile')); + $csql->where('sex', objstr($query, 'sex')); + $csql->wheredaterange('logintimes', objstr($query, 'logintimes')); + $csql->wheredaterange('addtimes', objstr($query, 'addtimes')); + $order = objstr($query, 'order', 'id desc'); + $csql->order($order); + $query['order'] = $order; + return [$query, $csql]; + } + public static function json_init() { + global $db; + $rsuser = verifyfast(); + $post = new \ciy\post(); + list($where, $csql) = self::setwhere($db, $post); + $pageno = $post->getint('pageno', 1); + $pagecount = $post->getint('pagecount', 10); + $csql->limit($pageno, $pagecount); + $mainrowcount = $post->getint('count'); + $rows = $db->get($csql, $mainrowcount); + $ret = array('where' => $where, 'pageno' => $pageno, 'pagecount' => $pagecount, 'count' => $mainrowcount, 'list' => $rows); + if ($post->getbool('field')) { + $field = array(); + $fshow = $db->getfield($field, 'zc_admin'); + foreach ($field as $fr => $v) { + if ($post->is('_' . $fr)) + $field[$fr]['c'] = ',' . $field[$fr]['c']; + } + $fshow = fieldadd($fshow, $field, 0, '_btn', '操作'); + $ret['field'] = $field; + $ret['fshow'] = $fshow; + } + + if ($post->getbool('once')) { + $ret['once'] = array(); + $input = array(); + $input[] = array( + 'type' => 'input', + 'form' => 'name', + 'name' => '姓名', + 'prop' => ' style="width:8em;"' + ); + $input[] = array( + 'type' => 'input', + 'form' => 'mobile', + 'name' => '手机号', + 'prop' => ' style="width:8em;"' + ); + $input[] = array( + 'type' => 'select', + 'form' => 'sex', + 'name' => '性别', + 'select' => 'sex', + 'all' => '全部' + ); + $input[] = array( + 'type' => 'daterange', + 'form' => 'logintimes', + 'name' => '登录时间' + ); + $input[] = array( + 'type' => 'daterange', + 'form' => 'addtimes', + 'name' => '注册时间' + ); + $ret['once']['input'] = $input; + $csql = (new \ciy\sql('zc_depart'))->column('id,upid,name,isuse'); + $ret['once']['zc_depart'] = $db->get($csql); + $csql = new \ciy\sql('zc_role'); + $csql->column('id,name'); + $ret['once']['zc_role'] = $db->get($csql); + } + return succjson($ret); + } + public static function json_update() { + global $db; + $rsuser = verifyfast(); + $post = new \ciy\post(); + $id = $post->getint('id'); + $name = $post->get('name'); + if (empty($name)) + return errjson('请填写姓名'); + $stpstatus = $post->getint('stpstatus'); + if ($stpstatus <= 0) + return errjson('请填写状态'); + $mobile = $post->get('mobile'); + if (empty($mobile)) + return errjson('请填写手机号'); + $sex = $post->getint('sex'); + if ($sex <= 0) + return errjson('请填写性别'); + $departid = $post->getint('departid'); + if ($departid == 0) + return errjson('请选择组织/部门'); + $roleid = $post->getint('roleid'); + $icon = $post->get('icon'); + $datarow = null; + if ($id > 0) { + if (nopower($db, $rsuser['id'], 'p500u')) + return errjson('您未被授权操作修改'); + $csql = new \ciy\sql('zc_admin'); + $csql->where('id', $id); + $datarow = $db->getone($csql); + if (!is_array($datarow)) + return errjson('数据不存在'); + if ($datarow['roleid'] != $roleid) { + if (nopower($db, $rsuser['id'], 'p500r')) + return errjson('您没有赋予角色的权限'); + } else + $roleid = 0; + } else { + if (nopower($db, $rsuser['id'], 'p500a')) + return errjson('您未被授权操作新增'); + if (nopower($db, $rsuser['id'], 'p500r')) + $roleid = 0; + } + if ($roleid > 0) { + $csql = new \ciy\sql('zc_role'); + $csql->where('id', $roleid); + $rolerow = $db->getone($csql); + if (!is_array($rolerow)) + return errjson('角色不存在'); + } + try { + $db->begin(); + $csql = new \ciy\sql('zc_admin'); + $csql->where('mobile', $mobile); + $csql->column('id'); + $chkid = toint($db->get1($csql)); + if ($chkid > 0 && (($id > 0 && $chkid != $id) || $id == 0)) + throw new \Exception('CIYIGN数据已存在'); + + $updata = array(); + $updata['icon'] = $icon; + $updata['name'] = $name; + $updata['stpstatus'] = $stpstatus; + $updata['mobile'] = $mobile; + $updata['sex'] = $sex; + $updata['departid'] = $departid; + $updata['roleid'] = $roleid; + if ($roleid > 0) { + $updata['power'] = $rolerow['power']; + } + $csql = new \ciy\sql('zc_admin'); + if ($id > 0) { + $csql->where('id', $id); + if ($db->update($csql, $updata) === false) + throw new \Exception('更新失败:' . $db->error); + if ($stpstatus == 10) { + if ($roleid > 0 || $datarow['name'] != $name || $datarow['icon'] != $icon) + if ($db->execute('update zc_online set usrchg=2 where user=?', array($id)) === false) + throw new \Exception('更新online失败:' . $db->error); + } else { + if ($db->execute('delete from zc_online where user=?', array($id)) === false) + throw new \Exception('删除online失败:' . $db->error); + } + if ($datarow['name'] != $name) + $db->execute('update zc_online set usrchg=2'); + } else { + $updata['addtimes'] = tostamp(); + if ($db->insert($csql, $updata) === false) + throw new \Exception('新增失败:' . $db->error); + $id = $db->insert_id(); + if ($db->execute('update zc_online set usrchg=2') === false) + throw new \Exception('更新online失败:' . $db->error); + } + $updata['id'] = $id; + savelogdb($db, $rsuser['id'], 'zc_admin', $datarow, $updata); + $db->commit(); + } catch (\Exception $ex) { + $db->rollback(); + savelogfile('err_db', $ex->getMessage()); + return errjson($ex->getMessage()); + } + $ret['data'] = $updata; + return succjson($ret); + } + public static function json_del() { + global $db; + $rsuser = verifyfast(); + if (nopower($db, $rsuser['id'], 'p500d')) + return errjson('您未被授权操作'); + + $post = new \ciy\post(); + $ids = $post->get('ids'); + if (empty($ids)) + return errjson('请选择至少一条'); + $csql = new \ciy\sql('zc_admin'); + $csql->where('id in', $ids); + $rows = $db->get($csql); + $vids = array(); + try { + $db->begin(); + foreach ($rows as $row) { + $delid = $row['id']; + if ($rsuser['id'] == $delid) + throw new \Exception('CIYIGN不能删除本人'); + if ($row['id'] == 10) + throw new \Exception('CIYIGN不能删除超级管理员'); + delme($db, $delid, 'zc_admin'); + $db->execute('delte from zc_online where user=?', array($delid)); + savelogdb($db, $rsuser['id'], 'zc_admin', $row, null); + $vids[] = $delid; + } + $db->commit(); + } catch (\Exception $ex) { + $db->rollback(); + savelogfile('err_db', $ex->getMessage()); + return errjson($ex->getMessage()); + } + $db->execute('update zc_online set usrchg=2'); + $ret['ids'] = $vids; + return succjson($ret); + } + public static function json_repass() { + global $db; + $rsuser = verifyfast(); + global $_token; + if (nopower($db, $rsuser['id'], 'p500p')) + return errjson('您未被授权操作'); + $post = new \ciy\post(); + $id = $post->getint('id'); + $newpass = rand(100000, 999999); + try { + $db->begin(); + $updata = array(); + $updata['trytime'] = 0; + $updata['password'] = sha256($newpass . $_token['salt']); + $csql = new \ciy\sql('zc_admin'); + $csql->where('id', $id); + if ($db->update($csql, $updata) === false) + throw new \Exception('更新失败:' . $db->error); + if ($db->execute('delete from zc_online where user=?', array($id)) === false) + throw new \Exception('删除online失败:' . $db->error); + $db->commit(); + } catch (\Exception $ex) { + $db->rollback(); + savelogfile('err_db', $ex->getMessage()); + return errjson($ex->getMessage()); + } + $ret['msg'] = '重置后密码: ' . $newpass; + return succjson($ret); + } + public static function json_exportxls() { + global $db; + $rsuser = verifyfast(); + if (nopower($db, $rsuser['id'], 'p500e')) + return errjson('您未被授权操作'); + $post = new \ciy\post(); + $csql = new \ciy\sql('zc_admin'); + + list($where, $csql) = self::setwhere($db, $post); + $rows = $db->get($csql); + if (count($rows) > 10000) + return errjson('将导出' . count($rows) . '条,不建议超过1万条,请筛选缩小范围'); + $fields = array(); + $fields[] = array('width' => 60, 'style' => 'c', 'field' => 'id', 'name' => '行码'); + $fields[] = array('width' => 100, 'style' => 'l', 'field' => 'name', 'name' => '姓名'); + $fields[] = array('width' => 60, 'style' => 'c', 'field' => 'stpstatus', 'name' => '状态'); + $fields[] = array('width' => 100, 'style' => 'l', 'field' => 'mobile', 'name' => '手机号'); + $fields[] = array('width' => 60, 'style' => 'c', 'field' => 'sex', 'name' => '性别'); + $fields[] = array('width' => 100, 'style' => 'l', 'field' => 'departid', 'name' => '所属组织'); + $fields[] = array('width' => 100, 'style' => 'l', 'field' => 'logintimes', 'name' => '活跃时间'); + $fields[] = array('width' => 100, 'style' => 'l', 'field' => 'addtimes', 'name' => '注册时间'); + $code_stpstatus = getcatas($db, 'stpstatus', 'zc_cata'); + $code_sex = getcatas($db, 'sex', 'zc_cata'); + $csql = (new \ciy\sql('zc_depart'))->column('id,upid,name'); + $code_departid = $db->get($csql); + $datas = array(); + foreach ($rows as $row) { + $dat = array(); + foreach ($fields as $field) { + $field = $field['field']; + $val = isset($row[$field]) ? $row[$field] : ''; + if ($field == 'id') + $val = enid($val); + if ($field == 'stpstatus') + $val = ccode($code_stpstatus, $val); + if ($field == 'sex') + $val = ccode($code_sex, $val); + if ($field == 'departid') + $val = implode('-', mcode($code_departid, $val)); + if ($field == 'logintimes') + $val = ($val == 0 ? '--' : date('Y-m-d H:i', $val)); + if ($field == 'addtimes') + $val = ($val == 0 ? '--' : date('Y-m-d H:i', $val)); + $dat[] = $val; + } + $datas[] = $dat; + } + + $param = array(); + $param['field'] = $fields; + $param['data'] = $datas; + + $param['sheetname'] = '数据报表'; + $param['titleheight'] = '25'; //列头高度 + $param['landscape'] = true; //横向打印 + $param['fixtopage'] = true; //打印整个工作表 + + $param['toptitle'] = '管理员数据报表'; + // $param['total'] = array(); + // $param['total'][] = array('name'=>'合计','merge'=>8,'style'=>'l'); + // $param['total'][] = array('name'=>'=SUM(R[-'.count($datas).']C:R[-1]C)','style'=>'r'); + // $param['total'][] = array('name'=>'=MAX(R[-'.count($datas).']C:R[-1]C)','style'=>'r'); + // $param['total'][] = array('name'=>'','style'=>'l'); + // $param['total'][] = array('name'=>'','style'=>'l'); + + //$param['rowstop'] = '众产CIYPHP';//顶部行 + //$param['rowsfooter'] = '合计';//底部行 + + $str = \ciy\excel::general_excel_xml($param); + $filename = ''; + if (empty($filename)) + $filename = date('Y-m-d_H-i-s') . rand(1000, 9999); + $filename .= '.xls'; + file_put_contents(PATH_WEB . 'ud/tmp/' . $filename, $str); + return succjson(array('url' => '/ud/tmp/' . $filename)); + } + public static function json_importxls_in() { + global $db; + $rsuser = verifyfast(); + if (nopower($db, $rsuser['id'], 'p500a')) + return errjson('您未被授权操作新增'); + + $post = new \ciy\post(); + $file = $post->get('file'); + if (!file_exists(PATH_WEB . 'ud/' . $file)) + return errjson('文件不存在'); + require_once PATH_ROOT . '../libs/phpoffice/autoload.php'; + $spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load(PATH_WEB . 'ud/' . $file); + $sheet = $spreadsheet->getActiveSheet(); + $datas = $sheet->toArray('', true, true, false); + $datacnt = count($datas); + if ($datacnt < 2) + return errjson('数据为空'); + $html = ''; + $headsn = array(); + $headsn[] = '姓名.name'; + $headsn[] = '手机号.mobile'; + $headsn[] = '性别.sex'; + $headsn[] = '所属组织.departid'; + $xlsidx = 1; + if (empty($datas[0][count($headsn) - 1])) + $xlsidx = 2; + $heads = array(); + foreach ($headsn as $_head) { + $hd = explode('.', $_head); + if (count($hd) < 2) + continue; + $heads[] = array( + 'idx' => array_search($hd[0], $datas[$xlsidx - 1]), + 'fld' => $hd[1], + 'name' => $hd[0] + ); + } + $code_sex = getcatas($db, 'sex', 'zc_cata'); + $csql = (new \ciy\sql('zc_depart'))->column('id,upid,name'); + $code_departid = $db->get($csql); + $html .= '
    '; + $html .= ''; + $html .= ''; + foreach ($heads as $arr) { + $html .= ''; + } + $html .= ''; + $cnt = 0; + $uniques = array(); + $id = 0; + for ($rowidx = $xlsidx; $rowidx < $datacnt; $rowidx++) { + $lineidx = $rowidx - $xlsidx + 1; + $hrhtml = ''; + $firsthtml = ''; + $bempty = true; + $unqs = array(); + $csql = new \ciy\sql('zc_admin'); + foreach ($heads as $arr) { + $name = $arr['name']; + $errmsg = ''; //数据有误,显示红色说明 + $showdat = ''; //显示在表格中的数据 + if ($arr['idx'] > -1) + $showdat = trim($datas[$rowidx][$arr['idx']]); + if ($showdat == '--') + $showdat = ''; + $value = $showdat; //在表单中的数据(转换后) + $ext = ''; //扩展表单 + if ($name == '行码') { + if (empty($showdat)) { + $value = 0; + $showdat = '新增'; + } else { + $id = deid($showdat); + if ($id == 0) + $errmsg = $name . '解析错误'; + else { + $csqlchk = new \ciy\sql('zc_admin'); + $csqlchk->where('id', $id)->column('id'); + $chkid = toint($db->get1($csqlchk)); + if ($chkid != $id) + $errmsg = $name . '在数据库中不存在'; + $value = $id; + } + } + } else if ($name == '姓名') { + if (empty($showdat)) { + $errmsg = $name . '为必填项'; + } + } else if ($name == '手机号') { + $csql->where('mobile', $showdat); + $unqs[] = $showdat; + if (empty($showdat)) { + $errmsg = $name . '为必填项'; + } + } else if ($name == '性别') { + if (empty($showdat)) { + $errmsg = $name . '为必填项'; + } else { + $value = dcode($code_sex, $showdat); + if ($value == -1) + $errmsg = $name . '文字与系统数据不匹配'; + } + } else if ($name == '所属组织') { + if (empty($showdat)) { + $value = 0; + } else { + $dats = explode('-', $showdat); + $value = dcode($code_departid, $dats[count($dats) - 1]); + if ($value == -1) + $errmsg = $name . '文字与系统数据不匹配'; + } + } + if (!empty($showdat)) + $bempty = false; + + if (empty($errmsg)) + $hrhtml .= ''; + else + $hrhtml .= ''; + } + if ($bempty) + continue; + + if (count($unqs) > 0) { + $unq = implode('|', $unqs); + if (in_array($unq, $uniques)) + $firsthtml = ''; + else { + $uniques[] = $unq; + $csql->column('id'); + $chkid = toint($db->get1($csql)); + if ($chkid > 0 && (($id > 0 && $chkid != $id) || $id == 0)) + $firsthtml = ''; + } + } + $html .= '' . $firsthtml . $hrhtml . ''; + $cnt++; + } + $html .= '
    #' . $arr['name'] . '
    ' . $lineidx . '
    ' . $showdat . '' . $ext . '
    ' . $showdat . '
    重复
    重复
    '; + $html .= ''; + $html .= '共' . $cnt . '条数据'; + return succjson(array('html' => $html, 'count' => $cnt)); + } + public static function json_importxls_data() { + global $db; + $rsuser = verifyfast(); + if (nopower($db, $rsuser['id'], 'p500a')) + return errjson('您未被授权操作新增'); + $post = new \ciy\post(); + $total = $post->getint('total'); + try { + $db->begin(); + for ($i = 1; $i <= $total; $i++) { + $id = $post->getint('id_' . $i); + $name = $post->get('name_' . $i); + $mobile = $post->get('mobile_' . $i); + $sex = $post->get('sex_' . $i); + $departid = $post->get('departid_' . $i); + $csql = new \ciy\sql('zc_admin'); + $csql->where('mobile', $mobile); + $csql->column('id'); + $chkid = toint($db->get1($csql)); + if ($chkid > 0 && (($id > 0 && $chkid != $id) || $id == 0)) + throw new \Exception('CIYIGN发现数据有重复'); + + $updata = array(); + $updata['name'] = $name; + $updata['mobile'] = $mobile; + $updata['stpstatus'] = 10; + $updata['sex'] = $sex; + $updata['departid'] = $departid; + $updata['addtimes'] = tostamp(); + $csql = new \ciy\sql('zc_admin'); + if ($id == 0) { + if ($db->insert($csql, $updata) === false) + throw new \Exception('新增失败:' . $db->error); + } else { + $csql->where('id', $id); + if ($db->update($csql, $updata) === false) + throw new \Exception('更新失败:' . $db->error); + } + } + $db->commit(); + } catch (\Exception $ex) { + $db->rollback(); + savelogfile('err_db', $ex->getMessage()); + return errjson($ex->getMessage()); + } + $db->execute('update zc_online set usrchg=2'); + return succjson(); + } +} diff --git a/web/admin/demo/demo_ecc_ukey_ad.html b/web/admin/demo/dyn/ecc_ukey_ad.html similarity index 100% rename from web/admin/demo/demo_ecc_ukey_ad.html rename to web/admin/demo/dyn/ecc_ukey_ad.html diff --git a/web/admin/demo/demo_ecc_ukey_ad.php b/web/admin/demo/dyn/ecc_ukey_ad.php similarity index 94% rename from web/admin/demo/demo_ecc_ukey_ad.php rename to web/admin/demo/dyn/ecc_ukey_ad.php index bb53260..3a1a847 100644 --- a/web/admin/demo/demo_ecc_ukey_ad.php +++ b/web/admin/demo/dyn/ecc_ukey_ad.php @@ -1,8 +1,8 @@ get('pubkey'); diff --git a/web/admin/demo/index_fb.html b/web/admin/demo/dyn/index.html similarity index 73% rename from web/admin/demo/index_fb.html rename to web/admin/demo/dyn/index.html index c318ebf..b80a2c3 100644 --- a/web/admin/demo/index_fb.html +++ b/web/admin/demo/dyn/index.html @@ -22,41 +22,33 @@ websocket示例。
    - SSE + SSE SSE示例。
    - bigscreen - 数据大屏实现原理。 + realip + 复杂网络环境下获取真实ip
    - rsa sign + rsa sign RSA私钥签名
    - ecc sign + ecc sign ECC UKey签名(VN)
    - web3 + web3 web3登录、签名、验签
    - mail + mail Mail收发邮件。
    - deepseek + deepseek DeepSeek接口。
    -
    - alipaycb - 阿里API,回调数据分析 -
    -
    - realip - 复杂网络环境下获取真实ip -
    diff --git a/web/admin/demo/tool_realip.html b/web/admin/demo/dyn/realip.html similarity index 100% rename from web/admin/demo/tool_realip.html rename to web/admin/demo/dyn/realip.html diff --git a/web/admin/demo/tool_realip.php b/web/admin/demo/dyn/realip.php similarity index 98% rename from web/admin/demo/tool_realip.php rename to web/admin/demo/dyn/realip.php index b08cdcf..089bed9 100644 --- a/web/admin/demo/tool_realip.php +++ b/web/admin/demo/dyn/realip.php @@ -1,8 +1,8 @@ get('header')); diff --git a/web/admin/demo/demo_rsa.html b/web/admin/demo/dyn/rsa.html similarity index 100% rename from web/admin/demo/demo_rsa.html rename to web/admin/demo/dyn/rsa.html diff --git a/web/admin/demo/demo_rsa.php b/web/admin/demo/dyn/rsa.php similarity index 98% rename from web/admin/demo/demo_rsa.php rename to web/admin/demo/dyn/rsa.php index a827ac0..0dc0113 100644 --- a/web/admin/demo/demo_rsa.php +++ b/web/admin/demo/dyn/rsa.php @@ -1,8 +1,8 @@ get('pubkey'); diff --git a/web/admin/demo/demo_web3.html b/web/admin/demo/dyn/web3.html similarity index 100% rename from web/admin/demo/demo_web3.html rename to web/admin/demo/dyn/web3.html diff --git a/web/admin/demo/demo_web3.php b/web/admin/demo/dyn/web3.php similarity index 97% rename from web/admin/demo/demo_web3.php rename to web/admin/demo/dyn/web3.php index 8ef6b82..13a52dd 100644 --- a/web/admin/demo/demo_web3.php +++ b/web/admin/demo/dyn/web3.php @@ -1,8 +1,8 @@ get('addr'); diff --git a/web/admin/demo/demo_css.html b/web/admin/demo/front/demo_css.html similarity index 100% rename from web/admin/demo/demo_css.html rename to web/admin/demo/front/demo_css.html diff --git a/web/admin/demo/demo_cssn.html b/web/admin/demo/front/demo_cssn.html similarity index 100% rename from web/admin/demo/demo_cssn.html rename to web/admin/demo/front/demo_cssn.html diff --git a/web/admin/demo/demo_dom.html b/web/admin/demo/front/demo_dom.html similarity index 100% rename from web/admin/demo/demo_dom.html rename to web/admin/demo/front/demo_dom.html diff --git a/web/admin/demo/demo_drag.html b/web/admin/demo/front/demo_drag.html similarity index 100% rename from web/admin/demo/demo_drag.html rename to web/admin/demo/front/demo_drag.html diff --git a/web/admin/demo/demo_flip.html b/web/admin/demo/front/demo_flip.html similarity index 100% rename from web/admin/demo/demo_flip.html rename to web/admin/demo/front/demo_flip.html diff --git a/web/admin/demo/front/demo_gamepad.html b/web/admin/demo/front/demo_gamepad.html new file mode 100644 index 0000000..d4324f3 --- /dev/null +++ b/web/admin/demo/front/demo_gamepad.html @@ -0,0 +1,48 @@ + + + + + GamePad手柄示例 + + + + + + + + +
    getGamepads 0-3
    +
    + 
    
+        
    
+        
    
+        
    
+    
    
+    
+    
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/demo_jq.html b/web/admin/demo/front/demo_jq.html
similarity index 100%
rename from web/admin/demo/demo_jq.html
rename to web/admin/demo/front/demo_jq.html
diff --git a/web/admin/demo/demo_loading.html b/web/admin/demo/front/demo_loading.html
similarity index 100%
rename from web/admin/demo/demo_loading.html
rename to web/admin/demo/front/demo_loading.html
diff --git a/web/admin/demo/demo_proxy.html b/web/admin/demo/front/demo_proxy.html
similarity index 100%
rename from web/admin/demo/demo_proxy.html
rename to web/admin/demo/front/demo_proxy.html
diff --git a/web/admin/demo/demo_shadow.html b/web/admin/demo/front/demo_shadow.html
similarity index 100%
rename from web/admin/demo/demo_shadow.html
rename to web/admin/demo/front/demo_shadow.html
diff --git a/web/admin/demo/form_checkbox.html b/web/admin/demo/front/form_checkbox.html
similarity index 90%
rename from web/admin/demo/form_checkbox.html
rename to web/admin/demo/front/form_checkbox.html
index 2b31723..b039431 100644
--- a/web/admin/demo/form_checkbox.html
+++ b/web/admin/demo/front/form_checkbox.html
@@ -42,6 +42,7 @@
         
         改变值
         改选项
+        
    
         
    占位
    
         
    占位
    
         
    占位
    
@@ -49,7 +50,7 @@
 
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
     
-    
+    
 
     
     
-    
+    
 
     
     
     
-    
+    
     
     
-    
+    
     
diff --git a/web/admin/demo/demo_alert.html b/web/admin/demo/front/win_alert.html
similarity index 99%
rename from web/admin/demo/demo_alert.html
rename to web/admin/demo/front/win_alert.html
index 049da9f..044e744 100644
--- a/web/admin/demo/demo_alert.html
+++ b/web/admin/demo/front/win_alert.html
@@ -212,7 +212,7 @@
 
     
     
-    
+    
     
diff --git a/web/admin/demo/demo_alertcb.html b/web/admin/demo/front/win_alertcb.html
similarity index 95%
rename from web/admin/demo/demo_alertcb.html
rename to web/admin/demo/front/win_alertcb.html
index 962962c..46578b1 100644
--- a/web/admin/demo/demo_alertcb.html
+++ b/web/admin/demo/front/win_alertcb.html
@@ -31,7 +31,7 @@
 
     
     
-    
+    
     
-    
+    
     
     
-    
+    
     
diff --git a/web/admin/demo/demo_tabcard.html b/web/admin/demo/front/win_tabcard.html
similarity index 100%
rename from web/admin/demo/demo_tabcard.html
rename to web/admin/demo/front/win_tabcard.html
diff --git a/web/admin/demo/demo_toast.html b/web/admin/demo/front/win_toast.html
similarity index 97%
rename from web/admin/demo/demo_toast.html
rename to web/admin/demo/front/win_toast.html
index 8dbccba..df22f4b 100644
--- a/web/admin/demo/demo_toast.html
+++ b/web/admin/demo/front/win_toast.html
@@ -83,7 +83,7 @@
 
     
     
-    
+    
     
diff --git a/web/admin/demo/lineedit.html b/web/admin/demo/lineedit.html
new file mode 100644
index 0000000..b907ebf
--- /dev/null
+++ b/web/admin/demo/lineedit.html
@@ -0,0 +1,116 @@
+
+
+
+
+	
+	
+	
+	
+	
+
+
+
+	
    
+		
    
+			
    
+				
    
+				
    
+					
+					帮助
+				
    
+			
    
+		
    
+		
    
+			
    Loading...
    
+			
    
+			
    
+				
    
+					全选
+					反选
+					|
+					批量删除
+				
    
+				
    
+			
    
+		
    
+	
    
+	
+	
+	
+	
+	
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/lineedit.php b/web/admin/demo/lineedit.php
new file mode 100644
index 0000000..89032c9
--- /dev/null
+++ b/web/admin/demo/lineedit.php
@@ -0,0 +1,138 @@
+get('query');
+        $csql = new \ciy\sql('zc_config');
+        $csql->where('types like', objstr($query, 'types'));
+        $csql->where('params like', objstr($query, 'params'));
+        $order = objstr($query, 'order', 'id desc');
+        $csql->order($order);
+        $query['order'] = $order;
+        return [$query, $csql];
+    }
+    public static function json_init() {
+        global $db;
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        list($where, $csql) = self::setwhere($db, $post);
+        $pageno = $post->getint('pageno', 1);
+        $pagecount = $post->getint('pagecount', 10);
+        $csql->limit($pageno, $pagecount);
+        $mainrowcount = $post->getint('count');
+        $rows = $db->get($csql, $mainrowcount);
+        $rows[] = array('id' => 0, 'types' => '');
+        $ret = array('where' => $where, 'pageno' => $pageno, 'pagecount' => $pagecount, 'count' => $mainrowcount, 'list' => $rows);
+        if ($post->getbool('field')) {
+            $field = array();
+            $fshow = '';
+            $fshow = fieldadd($fshow, $field, -1, 'types', '参数代码');
+            $fshow = fieldadd($fshow, $field, -1, 'params', '参数值');
+            $fshow = fieldadd($fshow, $field, -1, '_btn', '操作');
+            $field['types']['thwidth'] = '12em';
+            $field['params']['thwidth'] = '21em';
+            $ret['fshow'] = $fshow;
+            $ret['field'] = $field;
+        }
+        if ($post->getbool('once')) {
+            $ret['once'] = array();
+            $input = array();
+            $input[] = array(
+                'type' => 'input', 'form' => 'types', 'name' => '参数代码', 'prop' => ' style="width:8em;"'
+            );
+            $input[] = array(
+                'type' => 'input', 'form' => 'params', 'name' => '参数值', 'prop' => ' style="width:8em;"'
+            );
+            $ret['once']['input'] = $input;
+        }
+        return succjson($ret);
+    }
+
+    public static function json_update() {
+        global $db;
+        $rsuser = verifyfast();
+
+        if (nopower($db, $rsuser['id'], 'p600u'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $id = $post->getint('id');
+        $types = $post->get('types');
+        if ($types == '')
+            return errjson('请填写代码');
+        $params = $post->get('params');
+        $datarow = null;
+        if ($id > 0) {
+            $csql = new \ciy\sql('zc_config');
+            $csql->where('id', $id);
+            $datarow = $db->getone($csql);
+            if (!is_array($datarow))
+                return errjson('数据不存在');
+        }
+        try {
+            $db->begin();
+            $csql = new \ciy\sql('zc_config');
+            $csql->where('types', $types);
+            $csql->column('id');
+            $chkid = toint($db->get1($csql));
+            if ($chkid > 0 && (($id > 0 && $chkid != $id) || $id == 0))
+                throw new \Exception('CIYIGN代码重复');
+
+            $updata = array();
+            $updata['types'] = $types;
+            $updata['params'] = $params;
+            $csql = new \ciy\sql('zc_config');
+            if ($id > 0) {
+                $csql->where('id', $id);
+                if ($db->update($csql, $updata) === false)
+                    throw new \Exception('更新失败:' . $db->error);
+            } else {
+                if ($db->insert($csql, $updata) === false)
+                    throw new \Exception('新增失败:' . $db->error);
+                $id = $db->insert_id();
+            }
+            $updata['id'] = $id;
+            savelogdb($db, $rsuser['id'], 'zc_config', $datarow, $updata);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['data'] = $updata;
+        return succjson($ret);
+    }
+
+    public static function json_del() {
+        global $db;
+        $rsuser = verifyfast();
+
+        if (nopower($db, $rsuser['id'], 'p600d'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $ids = $post->get('ids');
+        if (empty($ids))
+            return errjson('请选择至少一条');
+        $csql = new \ciy\sql('zc_config');
+        $csql->where('id in', $ids);
+        $rows = $db->get($csql);
+        $vids = array();
+        try {
+            $db->begin();
+            foreach ($rows as $row) {
+                $delid = $row['id'];
+                delme($db, $delid, 'zc_config');
+                savelogdb($db, $rsuser['id'], 'zc_config', $row, null);
+                $vids[] = $delid;
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['ids'] = $vids;
+        return succjson($ret);
+    }
+}
diff --git a/web/admin/demo/multicat.html b/web/admin/demo/multicat.html
new file mode 100644
index 0000000..20aec03
--- /dev/null
+++ b/web/admin/demo/multicat.html
@@ -0,0 +1,341 @@
+
+
+
+
+	
+	
+	
+	
+	
+
+
+
+	
    
+		
    
+			
    
+				
    
+				
    
+					
+					添加新部门
+					部门结构
+					批量删除
+				
    
+			
    
+		
    
+		
    
+			
    Loading...
    
+			
    
+		
    
+	
    
+	
+	
+	
+	
+	
+	
+	
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/multicat.php b/web/admin/demo/multicat.php
new file mode 100644
index 0000000..432de49
--- /dev/null
+++ b/web/admin/demo/multicat.php
@@ -0,0 +1,182 @@
+order('csort desc,id');
+        $rows = $db->get($csql);
+        $ret = array('list' => $rows);
+        if ($post->getbool('field')) {
+            $field = array();
+            $fshow = $db->getfield($field, 'zc_depart');
+            $fshow = fieldadd($fshow, $field, -1, '_btn', '操作');
+            $field['csort']['thwidth'] = '6em';
+            $field['leaderuser']['thwidth'] = '15em';
+            $ret['field'] = $field;
+            $ret['fshow'] = $fshow;
+        }
+        if ($post->getbool('once')) {
+            $ret['once'] = array();
+            $input = array();
+            $input[] = array(
+                'type' => 'input', 'form' => 'name', 'name' => '组织名称', 'prop' => ' style="width:8em;"'
+            );
+            $ret['once']['input'] = $input;
+        }
+        return succjson($ret);
+    }
+
+    public static function json_update() {
+        global $db;
+        $rsuser = verifyfast();
+        
+        if (nopower($db, $rsuser['id'], 'p501u'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $updata = array();
+        $id = $post->getint('id');
+        $name = $post->get('name');
+        if ($name == '')
+            return errjson('请填写部门名称');
+        $upid = $post->getint('upid');
+        $csort = $post->getint('csort');
+        $isuse = $post->getint('isuse');
+        $leaderuser = $post->getint('leaderuser');
+        $csql = new \ciy\sql('zc_depart');
+        $csql->where('id', $id);
+        $datarow = $db->getone($csql);
+        if (!is_array($datarow))
+            return errjson('数据不存在');
+
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['name'] = $name;
+            $updata['isuse'] = $isuse;
+            $updata['upid'] = $upid;
+            $updata['csort'] = $csort;
+            $updata['leaderuser'] = $leaderuser;
+            $csql = new \ciy\sql('zc_depart');
+            $csql->where('id', $id);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $updata['id'] = $id;
+            savelogdb($db, $rsuser['id'], 'zc_depart', $datarow, $updata);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    public static function json_del() {
+        global $db;
+        $rsuser = verifyfast();
+        
+        if (nopower($db, $rsuser['id'], 'p501d'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $csql = new \ciy\sql('zc_depart');
+        $ids = $post->get('ids');
+        if (empty($ids))
+            return errjson('请选择至少一条');
+        $csql->where('id in', $ids);
+        $rows = $db->get($csql);
+        $vids = array();
+        try {
+            $db->begin();
+            foreach ($rows as $row) {
+                $delid = $row['id'];
+                delcheck($db, $delid, 'zc_admin', 'departid', '人员');
+                delcheck($db, $delid, 'zc_depart', 'upid', '下级部门');
+                delme($db, $delid, 'zc_depart');
+                savelogdb($db, $rsuser['id'], 'zc_depart', $row, null);
+                $vids[] = $delid;
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['ids'] = $vids;
+        return succjson($ret);
+    }
+    public static function json_modifyupid() {
+        global $db;
+        $rsuser = verifyfast();
+        
+        if (nopower($db, $rsuser['id'], 'p501u'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $id = $post->getint('id');
+        $newupid = $post->getint('newupid');
+        $csql = new \ciy\sql('zc_depart');
+        $csql->where('id', $id);
+        $datarow = $db->getone($csql);
+        if (!is_array($datarow))
+            return errjson('数据不存在');
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['upid'] = $newupid;
+            $csql = new \ciy\sql('zc_depart');
+            $csql->where('id', $id);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('操作数据库失败:' . $db->error);
+            $updata['id'] = $id;
+            savelogdb($db, $rsuser['id'], 'zc_depart', $datarow, $updata);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    public static function json_multiadd() {
+        global $db;
+        $rsuser = verifyfast();
+        
+        if (nopower($db, $rsuser['id'], 'p501u'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $upid = $post->getint('upid');
+        $multi = explode("\n", $post->get('multi'));
+
+        $cnt = 0;
+        try {
+            $db->begin();
+            foreach ($multi as $m) {
+                $m = trim($m);
+                if (empty($m))
+                    continue;
+                $updata = array();
+                $updata['name'] = $m;
+                $updata['isuse'] = 1;
+                $updata['upid'] = $upid;
+                $updata['csort'] = 10;
+                $csql = new \ciy\sql('zc_depart');
+                if ($db->insert($csql, $updata) === false)
+                    throw new \Exception('新增失败:' . $db->error);
+                $updata['id'] = $db->insert_id();
+                $cnt++;
+                savelogdb($db, $rsuser['id'], 'zc_depart', null, $updata);
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        if ($cnt == 0)
+            return errjson('没有任何新增');
+        return succjson();
+    }
+}
diff --git a/web/admin/ap/demo.go b/web/admin/demo/normal.go
similarity index 93%
rename from web/admin/ap/demo.go
rename to web/admin/demo/normal.go
index a9b86b5..49cddc6 100644
--- a/web/admin/ap/demo.go
+++ b/web/admin/demo/normal.go
@@ -1,4 +1,4 @@
-package ap
+package demo
 
 import (
 	"ciyon/web/admin"
@@ -12,10 +12,10 @@ import (
 	"strings"
 )
 
-func demo_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
+func normal_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 	ret := map[string]any{}
 	query := post.Getobj("query")
-	csql := c.NewCiySQL("ap_demo")
+	csql := c.NewCiySQL("demo_normal")
 	liid := c.Getint(query, "liid")
 	if liid > 0 {
 		csql.Where("auditstatus", liid)
@@ -47,13 +47,13 @@ func demo_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 	query["order"] = order
 	return query, csql
 }
-func Demo_list(w http.ResponseWriter, r *http.Request) bool {
+func Normal_list(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
-	where, csql := demo_setwhere(post)
+	where, csql := normal_setwhere(post)
 	csql.Column("!content")
 	pageno := post.Getint("pageno", 1)
 	pagecount := post.Getint("pagecount", 10)
@@ -111,7 +111,7 @@ func Demo_list(w http.ResponseWriter, r *http.Request) bool {
 			"form":   "isopen",
 			"type":   "select",
 			"name":   "是否开启",
-			"select": c.CiyDB.Getdbcodes("ap_demo", "isopen"),
+			"select": c.CiyDB.Getdbcodes("demo_normal", "isopen"),
 			"all":    "全部",
 		})
 		input = append(input, map[string]any{
@@ -152,25 +152,24 @@ func Demo_list(w http.ResponseWriter, r *http.Request) bool {
 			"select": orders,
 		})
 		once["input"] = input
-		once["renzheng"] = c.CiyDB.Getdbcodes("ap_demo", "renzheng")
+		once["renzheng"] = c.CiyDB.Getdbcodes("demo_normal", "renzheng")
 		// csql = c.NewCiySQL("zc_menu")
 		// csql.Column("id,name")
 		// once["zc_menu"], _, _ = c.CiyDB.Get(csql)
 		ret["once"] = once
 	}
 	ret["zc_menu"] = c.Getrelation(c.CiyDB, rows, "zc_menu", "menuid", map[string]string{"column": "id,name"}, map[string]string{"queryid": "id"})
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
-func Demo_getdata(w http.ResponseWriter, r *http.Request) bool {
+func Normal_getdata(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, _userid := admin.Verifyfast(c.CiyDB, post)
+	_, _userid := admin.Verifyfast(r, c.CiyDB, post)
 	if _userid == 0 {
 		return false
 	}
 	id := post.Getint("id")
 	ret := map[string]any{}
-	csql := c.NewCiySQL("ap_demo")
-	csql.Column("content,md")
+	csql := c.NewCiySQL("demo_normal")
 	csql.Where("id", id)
 	datarow, _ := c.CiyDB.Getone(csql)
 	if datarow == nil {
@@ -183,11 +182,11 @@ func Demo_getdata(w http.ResponseWriter, r *http.Request) bool {
 		menurows, _, _ := c.CiyDB.Get(csql)
 		ret["zc_menu"] = menurows
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
-func Demo_update(w http.ResponseWriter, r *http.Request) bool {
+func Normal_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, _userid := admin.Verifyfast(c.CiyDB, post)
+	_, _userid := admin.Verifyfast(r, c.CiyDB, post)
 	if _userid == 0 {
 		return false
 	}
@@ -233,7 +232,7 @@ func Demo_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	var datarow map[string]any
 	if id > 0 {
-		csql := c.NewCiySQL("ap_demo")
+		csql := c.NewCiySQL("demo_normal")
 		csql.Where("id", id)
 		datarow, err = c.CiyDB.Getone(csql)
 		if err != nil {
@@ -246,7 +245,7 @@ func Demo_update(w http.ResponseWriter, r *http.Request) bool {
 
 	var updata = map[string]any{}
 	err = c.CiyDB.Tran(func() error {
-		csql := c.NewCiySQL("ap_demo")
+		csql := c.NewCiySQL("demo_normal")
 		csql.Where("name", name)
 		csql.Column("id")
 		chkid := c.Toint(c.CiyDB.Get1(csql))
@@ -285,7 +284,7 @@ func Demo_update(w http.ResponseWriter, r *http.Request) bool {
 		updata["eartmpr"] = eartmpr
 		updata["content"] = content
 		updata["md"] = md
-		csql = c.NewCiySQL("ap_demo")
+		csql = c.NewCiySQL("demo_normal")
 		if id > 0 {
 			csql.Where("id", id)
 			_, err = c.CiyDB.Update(csql, updata)
@@ -298,7 +297,7 @@ func Demo_update(w http.ResponseWriter, r *http.Request) bool {
 		if err != nil {
 			return fmt.Errorf("更新失败:%v", err)
 		}
-		admin.SaveLogDB(c.CiyDB, "ap_demo", datarow, updata)
+		admin.SaveLogDB(c.CiyDB, "demo_normal", datarow, updata)
 		return nil
 	})
 	if err != nil {
@@ -306,12 +305,12 @@ func Demo_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
-func Demo_audit(w http.ResponseWriter, r *http.Request) bool {
+func Normal_audit(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -319,11 +318,15 @@ func Demo_audit(w http.ResponseWriter, r *http.Request) bool {
 	// 	return c.ErrJSON(w, "您未被授权操作")
 	// }
 	ids := post.Get("ids")
-	status := post.Getint("status")
+	auditstatus := post.Getint("auditstatus")
+	auditmsg := post.Get("auditmsg")
 	if ids == "" {
 		return c.ErrJSON(w, "请选择至少一条")
 	}
-	csql := c.NewCiySQL("ap_demo")
+	if auditstatus == 90 && auditmsg == "" {
+		return c.ErrJSON(w, "请填写驳回原因")
+	}
+	csql := c.NewCiySQL("demo_normal")
 	csql.Where("id in", ids)
 	rows, _, err := c.CiyDB.Get(csql)
 	if err != nil {
@@ -333,10 +336,11 @@ func Demo_audit(w http.ResponseWriter, r *http.Request) bool {
 	var updata = map[string]any{}
 	err = c.CiyDB.Tran(func() error {
 		for _, row := range rows {
-			updata["auditstatus"] = status
+			updata["auditstatus"] = auditstatus
 			updata["audituser"] = userid
 			updata["audittimes"] = c.Tostamp()
-			csql = c.NewCiySQL("ap_demo")
+			updata["auditmsg"] = auditmsg
+			csql = c.NewCiySQL("demo_normal")
 			csql.Where("id", row["id"])
 			_, err = c.CiyDB.Update(csql, updata)
 			if err != nil {
@@ -352,11 +356,11 @@ func Demo_audit(w http.ResponseWriter, r *http.Request) bool {
 	ret := map[string]any{}
 	ret["data"] = updata
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
-func Demo_del(w http.ResponseWriter, r *http.Request) bool {
+func Normal_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -367,7 +371,7 @@ func Demo_del(w http.ResponseWriter, r *http.Request) bool {
 	if ids == "" {
 		return c.ErrJSON(w, "请选择至少一条")
 	}
-	csql := c.NewCiySQL("ap_demo")
+	csql := c.NewCiySQL("demo_normal")
 	csql.Where("id in", ids)
 	rows, _, err := c.CiyDB.Get(csql)
 	if err != nil {
@@ -379,8 +383,8 @@ func Demo_del(w http.ResponseWriter, r *http.Request) bool {
 			delid := c.Toint(row["id"])
 			//c.Delcheck(c.CiyDB, delid, "tablexx", "xxid", "xxx");
 			//c.Delall(c.CiyDB, delid, "tablexx", "xxid", "xxx");
-			c.Delme(c.CiyDB, delid, "ap_demo")
-			admin.SaveLogDB(c.CiyDB, "ap_demo", row, nil)
+			c.Delme(c.CiyDB, delid, "demo_normal")
+			admin.SaveLogDB(c.CiyDB, "demo_normal", row, nil)
 			vids = append(vids, delid)
 		}
 		return nil
@@ -390,19 +394,19 @@ func Demo_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
-func Demo_exportxls(w http.ResponseWriter, r *http.Request) bool {
+func Normal_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
 	// if admin.Nopower(c.CiyDB, userid, "p00e") {
 	// 	return c.ErrJSON(w, "您未被授权操作")
 	// }
-	_, csql := demo_setwhere(post)
+	_, csql := normal_setwhere(post)
 	rows, _, err := c.CiyDB.Get(csql)
 	if err != nil {
 		return c.ErrJSON(w, "读取错误", err)
@@ -448,8 +452,8 @@ func Demo_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	code_auditstatus := admin.Getcatas(c.CiyDB, "auditstatus")
 	code_audituser := c.Getrelation(c.CiyDB, rows, "xa_user", "audituser")
 	code_menuid, _, _ := c.CiyDB.Get(c.NewCiySQL("zc_menu").Column("id,name"))
-	code_isuse := c.CiyDB.Getdbcodes("ap_demo", "isuse")
-	code_isopen := c.CiyDB.Getdbcodes("ap_demo", "isopen")
+	code_isuse := c.CiyDB.Getdbcodes("demo_normal", "isuse")
+	code_isopen := c.CiyDB.Getdbcodes("demo_normal", "isopen")
 	code_mauditstatus := admin.Getcatas(c.CiyDB, "auditstatus")
 	code_prodcata := admin.Getcatas(c.CiyDB, "prodcata")
 	code_areacode, _, _ := c.CiyDB.Get(c.NewCiySQL("ciy_arearpc").Column("id,name,upid"))
@@ -559,11 +563,11 @@ func Demo_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["url"] = filename
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
-func Demo_importxls_in(w http.ResponseWriter, r *http.Request) bool {
+func Normal_importxls_in(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -646,8 +650,8 @@ func Demo_importxls_in(w http.ResponseWriter, r *http.Request) bool {
 	code_auditstatus := admin.Getcatas(c.CiyDB, "auditstatus")
 	code_userid, _, _ := c.CiyDB.Get(c.NewCiySQL("xa_user").Column("id,name"))
 	code_menuid, _, _ := c.CiyDB.Get(c.NewCiySQL("zc_menu").Column("id,name"))
-	code_isuse := c.CiyDB.Getdbcodes("ap_demo", "isuse")
-	code_isopen := c.CiyDB.Getdbcodes("ap_demo", "isopen")
+	code_isuse := c.CiyDB.Getdbcodes("demo_normal", "isuse")
+	code_isopen := c.CiyDB.Getdbcodes("demo_normal", "isopen")
 	code_mauditstatus := admin.Getcatas(c.CiyDB, "auditstatus")
 	code_prodcata := admin.Getcatas(c.CiyDB, "prodcata")
 	code_areacode, _, _ := c.CiyDB.Get(c.NewCiySQL("ciy_arearpc").Column("id,name,upid"))
@@ -669,7 +673,7 @@ func Demo_importxls_in(w http.ResponseWriter, r *http.Request) bool {
 		firsthtml := "
    " + lineidx + "
    "
 		bempty := true
 		unqs := make([]string, 0)
-		csql := c.NewCiySQL("ap_demo")
+		csql := c.NewCiySQL("demo_normal")
 		for _, arr := range heads {
 			name := arr["name"]
 			errmsg := ""  //数据有误,显示红色说明
@@ -692,7 +696,7 @@ func Demo_importxls_in(w http.ResponseWriter, r *http.Request) bool {
 					if id == 0 {
 						errmsg = name + "解析错误"
 					} else {
-						csqlchk := c.NewCiySQL("ap_demo")
+						csqlchk := c.NewCiySQL("demo_normal")
 						csqlchk.Where("id", id).Column("id")
 						chkid := c.Toint(c.CiyDB.Get1(csqlchk))
 						if chkid != id {
@@ -1071,14 +1075,14 @@ func Demo_importxls_in(w http.ResponseWriter, r *http.Request) bool {
 	html += "\n"
 	html += "\n"
 	html += "共" + c.Tostr(cnt) + "条数据\n"
-	return c.SuccJSON(w, map[string]any{
+	return c.SuccJSON(w, r, map[string]any{
 		"html":  html,
 		"count": cnt,
 	})
 }
-func Demo_importxls_data(w http.ResponseWriter, r *http.Request) bool {
+func Normal_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -1117,7 +1121,7 @@ func Demo_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 			weightg := post.Get("weightg_" + istr)
 			eartmpr := post.Get("eartmpr_" + istr)
 			content := post.Get("content_" + istr)
-			csql := c.NewCiySQL("ap_demo")
+			csql := c.NewCiySQL("demo_normal")
 			csql.Where("name", name)
 			csql.Column("id")
 			chkid := c.Toint(c.CiyDB.Get1(csql))
@@ -1156,7 +1160,7 @@ func Demo_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 			updata["eartmpr"] = eartmpr
 			updata["content"] = content
 			updata["addtimes"] = c.Tostamp()
-			csql = c.NewCiySQL("ap_demo")
+			csql = c.NewCiySQL("demo_normal")
 			var err error
 			if id == 0 {
 				_, err = c.CiyDB.Insert(csql, updata)
@@ -1173,5 +1177,5 @@ func Demo_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/ap/demo.html b/web/admin/demo/normal.html
similarity index 100%
rename from web/admin/ap/demo.html
rename to web/admin/demo/normal.html
diff --git a/web/admin/ap/demo.php b/web/admin/demo/normal.php
similarity index 97%
rename from web/admin/ap/demo.php
rename to web/admin/demo/normal.php
index 51ebafc..ec87ca1 100644
--- a/web/admin/ap/demo.php
+++ b/web/admin/demo/normal.php
@@ -1,11 +1,11 @@
 get('query');
-        $csql = new \ciy\sql('ap_demo');
+        $csql = new \ciy\sql('demo_normal');
         $liid = objint($query, 'liid');
         if ($liid > 0)
             $csql->where('auditstatus', $liid);
@@ -51,7 +51,7 @@ class demo {
         $rsuser = verifyfast();
         $post = new \ciy\post();
         list($where, $csql) = self::setwhere($db, $post);
-        $csql->column('!content,md', $db->getraw('show full fields from ap_demo'));
+        $csql->column('!content,md', $db->getraw('show full fields from demo_normal'));
         $pageno = $post->getint('pageno', 1);
         $pagecount = $post->getint('pagecount', 10);
         $csql->limit($pageno, $pagecount);
@@ -62,7 +62,7 @@ class demo {
         $ret = array('where' => $where, 'pageno' => $pageno, 'pagecount' => $pagecount, 'count' => $mainrowcount, 'list' => $rows);
         if ($post->getbool('field')) {
             $field = array();
-            $fshow = $db->getfield($field, 'ap_demo');
+            $fshow = $db->getfield($field, 'demo_normal');
             foreach ($field as $fr => $v) {
                 if (get('_' . $fr))
                     $field[$fr]['c'] = ',' . $field[$fr]['c'];
@@ -97,7 +97,7 @@ class demo {
         $id = $post->getint('id');
         $act = $post->get('act');
         if ($id > 0) {
-            $csql = new \ciy\sql('ap_demo');
+            $csql = new \ciy\sql('demo_normal');
             $csql->where('id', $id);
             $row = $db->getone($csql);
             if (!is_array($row))
@@ -169,7 +169,7 @@ class demo {
             return errjson('请填写默认标题');
         $datarow = null;
         if ($id > 0) {
-            $csql = new \ciy\sql('ap_demo');
+            $csql = new \ciy\sql('demo_normal');
             $csql->where('id', $id);
             $datarow = $db->getone($csql);
             if (!is_array($datarow))
@@ -219,7 +219,7 @@ class demo {
             $updata['addtimes'] = tostamp();
             $updata['content'] = $content;
             $updata['md'] = $md;
-            $csql = new \ciy\sql('ap_demo');
+            $csql = new \ciy\sql('demo_normal');
             if ($id > 0) {
                 $csql->where('id', $id);
                 if ($db->update($csql, $updata) === false)
@@ -236,7 +236,7 @@ class demo {
                 $id = $db->insert_id();
             }
             $updata['id'] = $id;
-            //savelogdb($db, $rsuser['id'], 'ap_demo', $datarow, $updata);
+            //savelogdb($db, $rsuser['id'], 'demo_normal', $datarow, $updata);
             $db->commit();
         } catch (\Exception $ex) {
             $db->rollback();
@@ -257,7 +257,7 @@ class demo {
         $ids = $post->get('ids');
         if (empty($ids))
             return errjson('请选择至少一条');
-        $csql = new \ciy\sql('ap_demo');
+        $csql = new \ciy\sql('demo_normal');
         $csql->where('id in', $ids);
         $rows = $db->get($csql);
         $vids = array();
@@ -267,8 +267,8 @@ class demo {
                 $delid = $row['id'];
                 //delcheck($db, $delid, 'tablexx', 'xxid', '管理员');
                 //delall($db, $delid, 'tablexx', 'xxid', '运动员');  //deltimeall
-                delme($db, $delid, 'ap_demo');
-                savelogdb($db, $rsuser['id'], 'ap_demo', $row, null);
+                delme($db, $delid, 'demo_normal');
+                savelogdb($db, $rsuser['id'], 'demo_normal', $row, null);
                 $vids[] = $delid;
             }
             $db->commit();
@@ -294,21 +294,21 @@ class demo {
         $auditmsg = $post->get('auditmsg');
         if ($auditstatus == 90 && empty($auditmsg))
             return errjson('请填写驳回原因');
-        $csql = new \ciy\sql('ap_demo');
+        $csql = new \ciy\sql('demo_normal');
         $csql->where('id in', $ids);
         $rows = $db->get($csql);
         $ids = array();
         try {
             $db->begin();
             foreach ($rows as $row) {
-                $csql = new \ciy\sql('ap_demo');
+                $csql = new \ciy\sql('demo_normal');
                 $csql->where('id', $row['id']);
                 $updata = array();
                 $updata['auditstatus'] = $auditstatus;
                 $updata['audituser'] = $rsuser['id'];
                 $updata['audittimes'] = tostamp();
                 $updata['auditmsg'] = $auditmsg;
-                $csql = new \ciy\sql('ap_demo');
+                $csql = new \ciy\sql('demo_normal');
                 $csql->where('id', $row['id']);
                 if ($db->update($csql, $updata) === false)
                     throw new \Exception('审核失败:' . $db->error);
@@ -386,14 +386,14 @@ class demo {
         $code_auditstatus = getcatas($db, 'auditstatus');
         $code_audituser = getcatas($db, 'adminuser');
         $code_menuid = getrelation($db, $rows, 'zc_menu', 'menuid', 'id,name');
-        $code_isuse = $db->getdbcodes('ap_demo', 'isuse');
-        $code_isopen = $db->getdbcodes('ap_demo', 'isopen');
+        $code_isuse = $db->getdbcodes('demo_normal', 'isuse');
+        $code_isopen = $db->getdbcodes('demo_normal', 'isopen');
         $code_sigstatus = getcatas($db, 'auditstatus');
         $code_mauditstatus = getcatas($db, 'auditstatus');
         $code_prodcata = $db->get((new \ciy\sql('zc_depart'))->column('id,name,upid'));
         $code_areacode = $db->get((new \ciy\sql('ciy_arearpc'))->column('id,name,upid'));
-        $code_renzheng = $db->getdbcodes('ap_demo', 'renzheng');
-        $code_ppint = $db->getdbcodes('ap_demo', 'ppint');
+        $code_renzheng = $db->getdbcodes('demo_normal', 'renzheng');
+        $code_ppint = $db->getdbcodes('demo_normal', 'ppint');
         $datas = array();
         foreach ($rows as $row) {
             $dat = array();
@@ -552,14 +552,14 @@ class demo {
             );
         }
         $code_menuid = $db->get((new \ciy\sql('zc_menu'))->column('id,name'));
-        $code_isuse = $db->getdbcodes('ap_demo', 'isuse');
-        $code_isopen = $db->getdbcodes('ap_demo', 'isopen');
+        $code_isuse = $db->getdbcodes('demo_normal', 'isuse');
+        $code_isopen = $db->getdbcodes('demo_normal', 'isopen');
         $code_sigstatus = getcatas($db, 'auditstatus');
         $code_mauditstatus = getcatas($db, 'auditstatus');
         $code_prodcata = $db->get((new \ciy\sql('zc_depart'))->column('id,name,upid'));
         $code_areacode = $db->get((new \ciy\sql('ciy_arearpc'))->column('id,name,upid'));
-        $code_renzheng = $db->getdbcodes('ap_demo', 'renzheng');
-        $code_ppint = $db->getdbcodes('ap_demo', 'ppint');
+        $code_renzheng = $db->getdbcodes('demo_normal', 'renzheng');
+        $code_ppint = $db->getdbcodes('demo_normal', 'ppint');
         $html .= '
    ';
         $html .= '';
         $html .= '';
@@ -576,7 +576,7 @@ class demo {
             $firsthtml = '';
             $bempty = true;
             $unqs = array();
-            $csql = new \ciy\sql('ap_demo');
+            $csql = new \ciy\sql('demo_normal');
             foreach ($heads as $arr) {
                 $name = $arr['name'];
                 $errmsg = ''; //数据有误,显示红色说明
@@ -596,7 +596,7 @@ class demo {
                         if ($id == 0)
                             $errmsg = $name . '解析错误';
                         else {
-                            $csqlchk = new \ciy\sql('ap_demo');
+                            $csqlchk = new \ciy\sql('demo_normal');
                             $csqlchk->where('id', $id)->column('id');
                             $chkid = toint($db->get1($csqlchk));
                             if ($chkid != $id)
@@ -1064,7 +1064,7 @@ class demo {
                 $updata['skt'] = $post->get('skt_' . $i);
                 $updata['idcard'] = $post->get('idcard_' . $i);
                 $updata['content'] = $post->get('content_' . $i);
-                $csql = new \ciy\sql('ap_demo');
+                $csql = new \ciy\sql('demo_normal');
                 if ($id == 0) {
                     $updata['auditstatus'] = 2;
                     $updata['addtimes'] = tostamp();
diff --git a/web/admin/demo/safeop.html b/web/admin/demo/safeop.html
new file mode 100644
index 0000000..52b211d
--- /dev/null
+++ b/web/admin/demo/safeop.html
@@ -0,0 +1,414 @@
+
+
+
+
+    
+    
+    
+    
+    
+
+
+
+    
    
+        
    
+            
      
+            
      
+                
      
+                
      
+                    
+                
      
+            
      
+        
+        
      
+            单笔转账
+            批量录入转账
+            Excel导入转账
+            开始转账操作
+        
      
+        
      
+            
      Loading...
      
+            
      
+            
      
+                
      
+                    全选
+                    反选
+                    |
+                    批量删除
+                
      
+                
      
+            
      
+        
      
+    
      
+    
+
+    
+    
      #
      ' . $lineidx . '
      
+            
+                
+                
+                
+                
+                
+                
+                
+            
+        
      类型*金额*账户*姓名*身份证号备注
      
+        
+    
      
+
+    
+    
+    
+    
+    
+    
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/safeop.php b/web/admin/demo/safeop.php
new file mode 100644
index 0000000..53afdbd
--- /dev/null
+++ b/web/admin/demo/safeop.php
@@ -0,0 +1,582 @@
+get('query');
+        $csql = new \ciy\sql('ap_transfer');
+        $liid = objint($query, 'liid');
+        if ($liid > 0)
+            $csql->where('accounttype', $liid);
+        $val = objstr($query, 'id');
+        if (!empty($val) && $val[0] == 'P')
+            $csql->where('id', substr($val, 1));
+        $csql->wherenumrange('amount', objstr($query, 'amount_1'), objstr($query, 'amount_2'), 100);
+        $csql->where('tranaccount like', objstr($query, 'tranaccount'));
+        $csql->where('tranname like', objstr($query, 'tranname'));
+        $csql->where('tranidid like', objstr($query, 'tranidid'));
+        $csql->where('memo like', objstr($query, 'memo'));
+        $csql->wheredaterange('addtimes', objstr($query, 'addtimes'));
+        $csql->where('apiuser', objstr($query, 'apiuser'));
+        $order = objstr($query, 'order', 'id desc');
+        $csql->order($order);
+        $query['order'] = $order;
+        return [$query, $csql];
+    }
+
+    public static function json_list() {
+        global $db;
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        list($where, $csql) = self::setwhere($db, $post);
+        $csql->where('orderstatus', 10);
+        $pageno = $post->getint('pageno', 1);
+        $pagecount = $post->getint('pagecount', 10);
+        $csql->limit($pageno, $pagecount);
+        $mainrowcount = $post->getint('count');
+        $rows = $db->get($csql, $mainrowcount);
+        if ($rows === false)
+            return errjson($db->error);
+        $ret = array('where' => $where, 'pageno' => $pageno, 'pagecount' => $pagecount, 'count' => $mainrowcount, 'list' => $rows);
+        if ($post->getbool('field')) {
+            $field = array();
+            $fshow = $db->getfield($field, 'ap_transfer');
+            foreach ($field as $fr => $v) {
+                if (get('_' . $fr))
+                    $field[$fr]['c'] = ',' . $field[$fr]['c'];
+                if ($fr == 'merchantid')
+                    $field[$fr]['c'] = ',' . $field[$fr]['c'];
+            }
+            $field['orderstatus']['c'] = '';
+            $field['fee']['c'] = '';
+            $field['wano']['c'] = '';
+            $field['uptimes']['c'] = '';
+            $field['orderno']['c'] = '';
+            $field['pubkeyid']['c'] = '';
+            $field['signtimes']['c'] = '';
+            $field['tranreceipt']['c'] = '';
+            $field['errmsg']['c'] = '';
+            $ret['field'] = $field;
+            $ret['fshow'] = $fshow;
+        }
+        if ($post->getbool('once')) {
+            $ret['once'] = array();
+            $input = array();
+            $input[] = array('type' => 'input', 'form' => 'id', 'name' => '流水号', 'prop' => ' style="width:8em;"');
+            $input[] = array('type' => 'num', 'form' => 'amount', 'name' => '金额', 'prop' => ' style="width:4em;"');
+            $input[] = array('type' => 'input', 'form' => 'tranaccount', 'name' => '账号', 'prop' => ' style="width:8em;"');
+            $input[] = array('type' => 'input', 'form' => 'tranname', 'name' => '姓名', 'prop' => ' style="width:8em;"');
+            $input[] = array('type' => 'input', 'form' => 'tranidid', 'name' => '身份证号', 'prop' => ' style="width:8em;"');
+            $input[] = array('type' => 'input', 'form' => 'memo', 'name' => '备注', 'prop' => ' style="width:8em;"');
+            $input[] = array('type' => 'daterange', 'form' => 'addtimes', 'name' => '创建时间');
+            $input[] = array('type' => 'select', 'form' => 'apiuser', 'name' => '操作人', 'all' => '全部', 'select' => 'meruser');
+            $ret['once']['input'] = $input;
+            $csql = new \ciy\sql('hf_merchantbase');
+            $csql->where('id', $rsuser['s_b']);
+            $ret['once']['merchant'] = $db->getone($csql);
+            $csql = new \ciy\sql('hf_merchantpubkey');
+            $csql->where('merchantid', $rsuser['s_b']);
+            $ret['once']['hf_merchantpubkey'] = $db->get($csql);
+            // if($ret['once']['merchant']['safecase'] > 10){
+            //     $csql = new \ciy\sql('hf_merchantuser');
+            //     $csql->where('id', $ret['once']['merchant']['s_b']);
+            //     $ret['once']['merchant'] = $db->getone($csql);
+
+            // }
+        }
+        return succjson($ret);
+    }
+    public static function json_update() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p u'))
+        //    return errjson('您未被授权操作');
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $rsuser['s_b']);
+        $merchantrow = $db->getone($csql);
+        $post = new \ciy\post();
+        $id = $post->getint('id');
+        $data = array();
+        $data['accounttype'] = $post->getint('accounttype');
+        $data['amount'] = $post->getint('amount');
+        $data['tranaccount'] = $post->get('tranaccount');
+        $data['tranname'] = $post->get('tranname');
+        $data['tranidid'] = $post->get('tranidid');
+        $data['memo'] = $post->get('memo');
+        $retchk = check_transtr($data['amount'], $data['accounttype'], $data['tranaccount'], $data['tranname'], $data['tranidid'], $data['memo'], $merchantrow['safecase']);
+        if (is_string($retchk))
+            return errjson($retchk);
+        if ($id > 0) {
+            $csql = new \ciy\sql('ap_transfer');
+            $csql->where('merchantid', $rsuser['s_b']);
+            $csql->where('id', $id);
+            $datarow = $db->getone($csql);
+            if (!is_array($datarow))
+                return errjson('数据不存在');
+        }
+        try {
+            $db->begin();
+            $updata = self::updatedata($db, $rsuser, $id, $data, $merchantrow);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['data'] = $updata;
+        return succjson($ret);
+    }
+    public static function json_multiedit() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p u'))
+        //    return errjson('您未被授权操作');
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $rsuser['s_b']);
+        $merchantrow = $db->getone($csql);
+        $post = new \ciy\post();
+        $count = $post->getint('count');
+        $datas = array();
+        for ($i = 0; $i < $count; $i++) {
+            if ($post->get('accounttype_' . $i) == '')
+                continue;
+            $data = array();
+            $data['accounttype'] = $post->getint('accounttype_' . $i);
+            $data['accounttype'] = ($data['accounttype'] == 1 ? 20 : 10);
+            $data['amount'] = $post->getint('amount_' . $i);
+            $data['tranaccount'] = $post->get('tranaccount_' . $i);
+            $data['tranname'] = $post->get('tranname_' . $i);
+            $data['tranidid'] = $post->get('tranidid_' . $i);
+            $data['memo'] = $post->get('memo_' . $i);
+            $retchk = check_transtr($data['amount'], $data['accounttype'], $data['tranaccount'], $data['tranname'], $data['tranidid'], $data['memo'], $merchantrow['safecase']);
+            if (is_string($retchk))
+                return errjson('第' . ($i + 1) . '行,' . $retchk);
+            $datas[] = $data;
+        }
+        try {
+            $db->begin();
+            foreach ($datas as $data) {
+                self::updatedata($db, $rsuser, 0, $data, $merchantrow);
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    static function updatedata($db, $rsuser, $id, $data, $merchantrow) {
+        $updata = array();
+        $updata['amount'] = $data['amount'];
+        $updata['accounttype'] = $data['accounttype'];
+        $updata['tranaccount'] = $data['tranaccount'];
+        $updata['tranname'] = $data['tranname'];
+        $updata['tranidid'] = $data['tranidid'];
+        $updata['memo'] = $data['memo'];
+        $updata['apiuser'] = $rsuser['id'];
+        $csql = new \ciy\sql('ap_transfer');
+        if ($id > 0) {
+            $csql->where('id', $id);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+        } else {
+            $updata['providerid'] = $rsuser['s_a'];
+            $updata['merchantid'] = $rsuser['s_b'];
+            $updata['thirdno'] = '';
+            $updata['orderstatus'] = 10;
+            $updata['iswa'] = $merchantrow['bwa'];
+            $updata['wano'] = '';
+            $updata['addtimes'] = tostamp();
+            $updata['signtimes'] = 0;
+            $updata['uptimes'] = 0;
+            $updata['orderno'] = '';
+            $updata['payfundno'] = '';
+            $updata['signature'] = '';
+            $updata['pubkeyid'] = 0;
+            $updata['fee'] = 0;
+            $updata['tranreceipt'] = 10;
+            $updata['errmsg'] = '';
+            if ($db->insert($csql, $updata) === false)
+                throw new \Exception('新增失败:' . $db->error);
+            $id = $db->insert_id();
+        }
+        $updata['id'] = $id;
+        return $updata;
+    }
+
+    public static function json_del() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p d'))
+        //    return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $ids = $post->get('ids');
+        if (empty($ids))
+            return errjson('请选择至少一条');
+        $csql = new \ciy\sql('ap_transfer');
+        $csql->where('merchantid', $rsuser['s_b']);
+        $csql->where('id in', $ids);
+        $rows = $db->get($csql);
+        $vids = array();
+        try {
+            $db->begin();
+            foreach ($rows as $row) {
+                if ($row['orderstatus'] != 10)
+                    continue;
+                $delid = $row['id'];
+                //delcheck($db, $delid, 'tablexx', 'xxid', '管理员');
+                //delall($db, $delid, 'tablexx', 'xxid', '运动员');  //deltimeall
+                delme($db, $delid, 'ap_transfer');
+                $vids[] = $delid;
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['ids'] = $vids;
+        return succjson($ret);
+    }
+
+    public static function json_getdopay() {
+        global $db;
+        $rsuser = verifyfast();
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $rsuser['s_b']);
+        $merchantrow = $db->getone($csql);
+        $csql = new \ciy\sql('ap_transfer');
+        $csql->where('merchantid', $rsuser['s_b']);
+        $csql->where('orderstatus', 10);
+        $orderrows = $db->get($csql);
+        $ret['datas'] = array();
+        $money = 0;
+        foreach ($orderrows as $orderrow) {
+            $money += $orderrow['amount'];
+            $ret['datas'][] = array(
+                'id' => $orderrow['id'],
+                'hash' => hash('sha256', signorder($orderrow))
+            );
+        }
+        $ret['total'] = count($orderrows);
+        $ret['money'] = $money;
+        $ret['safecase'] = $merchantrow['safecase'];
+        if ($ret['safecase'] > 0) {
+            $csql = new \ciy\sql('hf_merchantuser');
+            $csql->where('id', $rsuser['id']);
+            $userrow = $db->getone($csql);
+            if ($userrow['pubkeyid'] > 0) {
+                $csql = new \ciy\sql('hf_merchantpubkey');
+                $csql->where('id', $userrow['pubkeyid']);
+                $csql->where('safecase', $merchantrow['safecase']);
+                $pubkeyrow = $db->getone($csql);
+                $ret['pubkey'] = $pubkeyrow['pubkey'];
+            }
+        }
+        return succjson($ret);
+    }
+    public static function json_dopay() {
+        global $db;
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        //if (nopower($db, $rsuser['id'], 'p d'))
+        //    return errjson('您未被授权操作');
+        $csql = new \ciy\sql('hf_merchantuser');
+        $csql->where('id', $rsuser['id']);
+        $userrow = $db->getone($csql);
+        if (empty($userrow['password']))
+            return errjson('请先设置初始登录密码');
+        $csql = new \ciy\sql('hf_merchantalipaycharge');
+        $csql->where('merchantid', $userrow['merchantid']);
+        $csql->where('addtimes<', time() - 60);
+        $csql->where('orderstatus<100');
+        if (toint($db->get1($csql)) > 0)//检查商户余额,结合本次下单金额与手续费欠费金额,是否低于,低于提示。
+            return errjson('有未结算的手续费,请稍后下单,请稍后下单或检查账户余额');
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $userrow['merchantid']);
+        $merchantrow = $db->getone($csql);
+        if (!is_array($merchantrow))
+            return errjson('商户不存在');
+        $tp = date('H') * 3600 + date('i') * 60 + date('s') + 1;
+        if ($merchantrow['stpt'] < $merchantrow['endpt']) {
+            if ($tp < $merchantrow['stpt'] || $tp > $merchantrow['endpt'])
+                return errjson('当前时间不在服务时间范围内');
+        } else {
+            if ($tp < $merchantrow['stpt'] && $tp > $merchantrow['endpt'])
+                return errjson('当前时间不在服务时间范围内');
+        }
+        if ($merchantrow['saasstatus'] != 10)
+            return errjson('商户已被暂停服务');
+        $csql = new \ciy\sql('hf_providerbase');
+        $csql->where('id', $merchantrow['providerid']);
+        $providerrow = $db->getone($csql);
+        if (!is_array($providerrow))
+            return errjson('服务商不存在');
+        if ($providerrow['providerstatus'] != 10)
+            return errjson('转账服务暂停,请联系服务商!');
+        if ($providerrow['depositmoney'] <= 0)
+            return errjson('转账服务暂停,请联系服务商');
+        $signs = $post->get('sign');
+        if ($merchantrow['safecase'] == 10) {
+            if (empty($userrow['password2']))
+                return errjson('请先在右上角下拉菜单中,设置安全密码');
+            $authtime = $post->getint('auth');
+            if (abs($authtime / 1000 - tostamp()) > 300) {
+                return errjson('您的本地时间与服务器时间相差超过5分钟,请调整本机时间。
      服务器时间: ' . date('Y-m-d H:i:s') . '
      您本机时间: ' . date('Y-m-d H:i:s', $authtime / 1000));
+            }
+            if ($post->get('pass') != sha512($userrow['password2'] . $authtime)) {
+                sleep(2);
+                return errjson('安全密码错误');
+            }
+            sleep(1);
+        } else {
+            $csql = new \ciy\sql('hf_merchantpubkey');
+            $csql->where('id', $userrow['pubkeyid']);
+            $pubkeyrow = $db->getone($csql);
+            if (!is_array($pubkeyrow))
+                return errjson('未找到数字证书');
+            if ($merchantrow['safecase'] == 20) {
+                $retsign = verifysign_web3($pubkeyrow['pubkey'], $signs);
+                if (is_string($retsign))
+                    return errjson($retsign);
+            }
+            if ($merchantrow['safecase'] == 30) {
+                $retsign = verifysign_vn($pubkeyrow['pubkey'], $signs);
+                if (is_string($retsign))
+                    return errjson($retsign);
+            }
+        }
+        try {
+            $db->begin();
+            foreach ($signs as $sign) {
+                $updata = array();
+                $updata['orderstatus'] = 20;
+                $updata['apiuser'] = $rsuser['id'];
+                if ($merchantrow['safecase'] > 10) {
+                    $updata['signtimes'] = tostamp();
+                    $updata['signature'] = $sign['sign'];
+                    $updata['pubkeyid'] = $userrow['pubkeyid'];
+                }
+                $csql = new \ciy\sql('ap_transfer');
+                $csql->where('id', $sign['id']);
+                $csql->where('orderstatus', 10);
+                if ($db->update($csql, $updata) === false)
+                    throw new \Exception('转账失败:' . $db->error);
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+
+
+    public static function json_importxls_in() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p i'))
+        //    return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $file = PATH_WEB . '/ud' . $post->get('file');
+        if (!file_exists($file))
+            return errjson('文件不存在');
+        require_once PATH_ROOT . '../libs/phpoffice/autoload.php';
+        $spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($file);
+        $sheet = $spreadsheet->getActiveSheet();
+        $datas = $sheet->toArray('', true, true, false);
+        $datacnt = count($datas);
+        if ($datacnt < 2)
+            return errjson('数据为空');
+        $html = '';
+        $headsn = array();
+        $headsn[] = '行码.id';
+        $headsn[] = '账号类型.accounttype';
+        $headsn[] = '金额.amount';
+        $headsn[] = '账号.tranaccount';
+        $headsn[] = '姓名.tranname';
+        $headsn[] = '身份证号.tranidid';
+        $headsn[] = '备注.memo';
+        $xlsidx = 1;
+        if (empty($datas[0][count($headsn) - 1]))
+            $xlsidx = 2;
+        $heads = array();
+        foreach ($headsn as $_head) {
+            $hd = explode('.', $_head);
+            if (count($hd) < 2)
+                continue;
+            $heads[] = array(
+                'idx' => array_search($hd[0], $datas[$xlsidx - 1]),
+                'fld' => $hd[1],
+                'name' => $hd[0]
+            );
+        }
+        $code_accounttype = getcatas($db, 'accounttype');
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $rsuser['s_b']);
+        $merchantrow = $db->getone($csql);
+        $html .= '
      ';
+        $html .= '';
+        $html .= '';
+        foreach ($heads as $arr) {
+            $html .= '';
+        }
+        $html .= '';
+        $cnt = 0;
+        $uniques = array();
+        $id = 0;
+        for ($rowidx = $xlsidx; $rowidx < $datacnt; $rowidx++) {
+            $bfull = false;
+            foreach ($datas[$rowidx] as $dat) {
+                if (empty($dat))
+                    continue;
+                $bfull = true;
+                break;
+            }
+            if (!$bfull)
+                continue;
+            $lineidx = $rowidx - $xlsidx + 1;
+            $hrhtml = '';
+            $firsthtml = '';
+            $bempty = true;
+            $unqs = array();
+            $csql = new \ciy\sql('ap_transfer');
+            $data = array();
+            foreach ($heads as $arr) {
+                $name = $arr['name'];
+                $errmsg = ''; //数据有误,显示红色说明
+                $showdat = ''; //显示在表格中的数据
+                if ($arr['idx'] > -1)
+                    $showdat = trim($datas[$rowidx][$arr['idx']]);
+                if ($showdat == '--')
+                    $showdat = '';
+                $value = $showdat; //在表单中的数据(转换后)
+                $ext = ''; //扩展表单
+                if ($name == '行码') {
+                    if (empty($showdat)) {
+                        $value = 0;
+                        $showdat = '新增';
+                    } else {
+                        $id = deid($showdat);
+                        if ($id == 0)
+                            $errmsg = $name . '解析错误';
+                        else {
+                            $csqlchk = new \ciy\sql('ap_transfer');
+                            $csqlchk->where('id', $id);
+                            $chkrow = $db->getone($csqlchk);
+                            if (!is_array($chkrow))
+                                $errmsg = $name . '在数据库中不存在';
+                            if ($chkrow['orderstatus'] != 10)
+                                $errmsg = $name . '状态错误';
+                            $value = $id;
+                        }
+                    }
+                } else if ($name == '账号类型') {
+                    if (empty($showdat)) {
+                        $errmsg = $name . '为必填项';
+                    } else {
+                        $value = dcode($code_accounttype, $showdat);
+                        $data['accounttype'] = $data;
+                        if ($value == -1)
+                            $errmsg = $name . '文字与系统数据不匹配';
+                    }
+                } else if ($name == '金额') {
+                    $showdat = str_replace(',', '', $showdat);
+                    if (!is_numeric($showdat))
+                        $errmsg = $name . '不是数字';
+                    else
+                        $value = toint((float)$showdat * 100);
+                    $data['amount'] = $value;
+                    if ($value < 0.1)
+                        $errmsg = $name . '不能小于0.1元';
+                } else if ($name == '账号') {
+                    if (empty($showdat)) {
+                        $errmsg = $name . '必填';
+                    }
+                    $data['tranaccount'] = $showdat;
+                } else if ($name == '姓名') {
+                    if (empty($showdat)) {
+                        $errmsg = $name . '必填';
+                    }
+                    $data['tranname'] = $showdat;
+                } else if ($name == '身份证号') {
+                    if (empty($showdat)) {
+                        $value = '';
+                    }
+                    $data['tranidid'] = $showdat;
+                } else if ($name == '备注') {
+                    if (empty($showdat)) {
+                        $value = '';
+                    }
+                    $data['memo'] = $showdat;
+                }
+                if (!empty($showdat))
+                    $bempty = false;
+
+                if (empty($errmsg))
+                    $hrhtml .= '';
+                else
+                    $hrhtml .= '';
+            }
+            if ($bempty)
+                continue;
+
+            $retchk = check_transtr($data['amount'], $data['accounttype'], $data['tranaccount'], $data['tranname'], $data['tranidid'], $data['memo'], $merchantrow['safecase']);
+            if (is_string($retchk))
+                $firsthtml = '';
+            else if (count($unqs) > 0) {
+                $unq = implode('|', $unqs);
+                if (in_array($unq, $uniques))
+                    $firsthtml = '';
+                else {
+                    $uniques[] = $unq;
+                    $csql->column('id');
+                    $chkid = toint($db->get1($csql));
+                    if ($chkid > 0 && (($id > 0 && $chkid != $id) || $id == 0))
+                        $firsthtml = '';
+                }
+            }
+            $html .= '' . $firsthtml . $hrhtml . '';
+            $cnt++;
+        }
+        $html .= '
      #' . $arr['name'] . '
      ' . $lineidx . '
      ' . $showdat . '' . $ext . '
      ' . $showdat . '
      重复
      重复
      重复
      ';
+        $html .= '';
+        $html .= '共' . $cnt . '条数据';
+        return succjson(array('html' => $html, 'count' => $cnt));
+    }
+
+    public static function json_importxls_data() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p i'))
+        //    return errjson('您未被授权操作');
+        $csql = new \ciy\sql('hf_merchantbase');
+        $csql->where('id', $rsuser['s_b']);
+        $merchantrow = $db->getone($csql);
+        $post = new \ciy\post();
+        $total = $post->getint('total');
+        try {
+            $db->begin();
+            for ($i = 1; $i <= $total; $i++) {
+                $id = $post->getint('id_' . $i);
+                $data = array();
+                $data['accounttype'] = $post->get('accounttype_' . $i);
+                $data['amount'] = $post->get('amount_' . $i);
+                $data['tranaccount'] = $post->get('tranaccount_' . $i);
+                $data['tranname'] = $post->get('tranname_' . $i);
+                $data['tranidid'] = $post->get('tranidid_' . $i);
+                $data['memo'] = $post->get('memo_' . $i);
+                self::updatedata($db, $rsuser, $id, $data, $merchantrow);
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+}
diff --git a/web/admin/demo/setpage.html b/web/admin/demo/setpage.html
new file mode 100644
index 0000000..40fa02b
--- /dev/null
+++ b/web/admin/demo/setpage.html
@@ -0,0 +1,244 @@
+
+
+
+
+    
+    
+    
+    
+    
+
+
+
+    
      
+        
      
+            
      
+                
      
+                    服务图片设置
+                    
      
+                        
      
+                            
      
+                                
      
+                                    
+                                    
      
+                                        
+                                    
      
+                                
      
+                                
      
+                                    
      
+                                        
+                                    
      
+                                
      
+                            
      
+                        
      
+                    
      
+                
      
+            
      
+            
      
+                
      
+                    收款账号设置
+                    
      
+                        
      
+                            
      
+                                
      
+                                    
+                                    
      
+                                        
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                    
      
+                                
      
+                                
      
+                                    
      
+                                        
+                                    
      
+                                
      
+                            
      
+                        
      
+                    
      
+                
      
+            
      
+            
      
+                
      
+                    API接入设置
+                    
      
+                        
      
+                            
      
+                                
      
+                                    
+                                    
      
+                                        
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                        
      appCertPublicKey_[num].crt
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                        
      alipayRootCert.crt
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                        
      alipayCertPublicKey_RSA2.crt
+                                    
      
+                                
      
+                                
      
+                                    
+                                    
      
+                                        
+                                        
      应用私钥RSA2048*.txt
+                                    
      
+                                
      
+                                
      
+                                    
      
+                                        
+                                        
+                                    
      
+                                
      
+                            
      
+                        
      
+                    
      
+                
      
+            
      
+        
      
+
+        
      
+        
      
+    
      
+    
+    
+    
+    
+    
+    
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/setpage.php b/web/admin/demo/setpage.php
new file mode 100644
index 0000000..66730fe
--- /dev/null
+++ b/web/admin/demo/setpage.php
@@ -0,0 +1,250 @@
+where('id', $rsuser['s_a']);
+        $ret['data'] = $db->getone($csql);
+        $csql = new \ciy\sql('hf_providerkey');
+        $csql->where('id', $rsuser['s_a']);
+        $csql->column('ali_appid');
+        $ret['key'] = $db->getone($csql);
+        return succjson($ret);
+    }
+    public static function json_editserv() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p u'))
+        //    return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $serviceimg = $post->get('serviceimg');
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['serviceimg'] = $serviceimg;
+            $csql = new \ciy\sql('hf_providerbase');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    public static function json_editrecv() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p u'))
+        //    return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $recvtype = $post->getint('recvtype');
+        $recvaccount = $post->get('recvaccount');
+        $recvname = $post->get('recvname');
+        if ($recvtype == 0)
+            return errjson('请选择账号类型');
+        if (empty($recvaccount))
+            return errjson('请输入收款账号');
+        if (empty($recvname))
+            return errjson('请输入收款人姓名');
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['recvtype'] = $recvtype;
+            $updata['recvaccount'] = $recvaccount;
+            $updata['recvname'] = $recvname;
+            $csql = new \ciy\sql('hf_providerbase');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    static function hex2dec($hex) {
+        $dec = 0;
+        $len = strlen($hex);
+        for ($i = 1; $i <= $len; $i++) {
+            $dec = bcadd($dec, bcmul(strval(hexdec($hex[$i - 1])), bcpow('16', strval($len - $i))));
+        }
+        return $dec;
+    }
+    static function array2string($array) {
+        $string = [];
+        if ($array && is_array($array)) {
+            foreach ($array as $key => $value) {
+                $string[] = $key . '=' . $value;
+            }
+        }
+        return implode(',', $string);
+    }
+    public static function json_editapp() {
+        global $db;
+        $rsuser = verifyfast();
+        //if (nopower($db, $rsuser['id'], 'p u'))
+        //    return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $ali_appid = $post->get('ali_appid');
+        $pubkey = $post->get('pubkey'); //appCertPublicKey_2021005173683965.crt
+        $rootkey = $post->get('rootkey'); //alipayRootCert.crt
+        $apppub = $post->get('apppub'); //alipayCertPublicKey_RSA2.crt
+        $apppri = $post->get('apppri'); //应用私钥RSA2048-敏感数据,请妥善保管
+        if (empty($ali_appid))
+            return errjson('请输入APPID');
+        if (empty($pubkey))
+            return errjson('请输入公钥');
+        if (empty($rootkey))
+            return errjson('请输入root证书');
+        if (empty($apppub))
+            return errjson('请输入APP公钥');
+        if (empty($apppri))
+            return errjson('请输入APP私钥');
+        $ssl = openssl_x509_parse($pubkey);
+        if ($ssl === false)
+            return errjson('公钥格式错误');
+        $ali_app_cert_sn = '';
+        if (is_array($ssl['issuer']))
+            $ali_app_cert_sn = md5(self::array2string(array_reverse($ssl['issuer'])) . $ssl['serialNumber']);
+        if (empty($ali_app_cert_sn))
+            return errjson('app证书格式错误');
+
+        $array = explode("-----END CERTIFICATE-----", $rootkey);
+        $ali_root_cert_sn = null;
+        for ($i = 0; $i < count($array) - 1; $i++) {
+            $ssl[$i] = openssl_x509_parse($array[$i] . "-----END CERTIFICATE-----");
+            if (strpos($ssl[$i]['serialNumber'], '0x') === 0) {
+                $ssl[$i]['serialNumber'] = self::hex2dec($ssl[$i]['serialNumberHex']);
+            }
+            if ($ssl[$i]['signatureTypeLN'] == "sha1WithRSAEncryption" || $ssl[$i]['signatureTypeLN'] == "sha256WithRSAEncryption") {
+                if ($ali_root_cert_sn == null) {
+                    $ali_root_cert_sn = md5(self::array2string(array_reverse($ssl[$i]['issuer'])) . $ssl[$i]['serialNumber']);
+                } else {
+                    $ali_root_cert_sn = $ali_root_cert_sn . "_" . md5(self::array2string(array_reverse($ssl[$i]['issuer'])) . $ssl[$i]['serialNumber']);
+                }
+            }
+        }
+        if (empty($ali_root_cert_sn))
+            return errjson('root证书格式错误');
+        if (strpos($apppri, '-----BEGIN RSA PRIVATE KEY-----') === false) {
+            $apppri = "-----BEGIN RSA PRIVATE KEY-----\n" . chunk_split($apppri, 64, "\n") . "-----END RSA PRIVATE KEY-----";
+        }
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['ali_appid'] = $ali_appid;
+            $updata['ali_app_cert_sn'] = $ali_app_cert_sn;
+            $updata['ali_root_cert_sn'] = $ali_root_cert_sn;
+            $updata['ali_publickey'] = $apppub;
+            $updata['ali_privatekey'] = $apppri;
+            $csql = new \ciy\sql('hf_providerkey');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    public static function json_testapp() {
+        global $db;
+        $rsuser = verifyfast();
+        $csql = new \ciy\sql('hf_providerkey');
+        $csql->where('id', $rsuser['s_a']);
+        $keyrow = $db->getone($csql);
+        $model = array();
+        $model['personal_product_code'] = 'FUND_SAFT_SIGN_WITHHOLDING_P';
+        $model['product_code'] = 'FUND_SAFT_SIGN_WITHHOLDING';
+        $model['external_agreement_no'] = 'AX' . rand(10000, 99999); //bizno
+        $model['sign_scene'] = 'INDUSTRY|SATF_ACC';
+        $model['third_party_type'] = 'PARTNER';
+        $accessParams = array();
+        $accessParams['channel'] = 'QRCODE'; // 1. ALIPAYAPP (钱包h5页面签约) 2. QRCODE(扫码签约) 3. QRCODEORSMS(扫码签约或者短信签约)
+        $model['access_params'] = $accessParams;
+        return succjson();
+    }
+    public static function json_prov_stop() {
+        global $db;
+        $rsuser = verifyfast();
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['providerstatus'] = 20;
+            $csql = new \ciy\sql('hf_providerbase');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+    public static function json_prov_start() {
+        global $db;
+        $rsuser = verifyfast();
+        $csql = new \ciy\sql('hf_providerbase');
+        $csql->where('id', $rsuser['s_a']);
+        $providerrow = $db->getone($csql);
+        if ($providerrow['recvtype'] == 0 || empty($providerrow['recvaccount']) || empty($providerrow['recvname']))
+            return errjson('请配置收款账号');
+        if ($providerrow['depositmoney'] < 1)
+            return errjson('您的保证金不足');
+        $csql = new \ciy\sql('hf_providerkey');
+        $csql->where('id', $rsuser['s_a']);
+        $keyrow = $db->getone($csql);
+        if (!is_array($keyrow)) {
+            $updata = array();
+            $updata['ali_appid'] = '';
+            $updata['ali_app_cert_sn'] = '';
+            $updata['ali_root_cert_sn'] = '';
+            $updata['ali_publickey'] = '';
+            $updata['ali_privatekey'] = '';
+            $csql = new \ciy\sql('hf_providerkey');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->insert($csql, $updata) === false)
+                return errjson('添加key失败:' . $db->error);
+            $keyrow = array();
+        }
+        if (empty($keyrow['ali_appid']))
+            return errjson('请配置APPID');
+        if (empty($keyrow['ali_app_cert_sn']))
+            return errjson('请配置APP证书SN');
+        if (empty($keyrow['ali_root_cert_sn']))
+            return errjson('请配置根证书SN');
+        if (empty($keyrow['ali_publickey']))
+            return errjson('请配置APP公钥');
+        if (empty($keyrow['ali_privatekey']))
+            return errjson('请配置APP私钥');
+        try {
+            $db->begin();
+            $updata = array();
+            $updata['providerstatus'] = 10;
+            $csql = new \ciy\sql('hf_providerbase');
+            $csql->where('id', $rsuser['s_a']);
+            if ($db->update($csql, $updata) === false)
+                throw new \Exception('更新失败:' . $db->error);
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        return succjson();
+    }
+}
diff --git a/web/admin/demo/tool_alipaycb.html b/web/admin/demo/tool_alipaycb.html
deleted file mode 100644
index 6d3ca27..0000000
--- a/web/admin/demo/tool_alipaycb.html
+++ /dev/null
@@ -1,113 +0,0 @@
-
-
-
-
-    
-    
-    
-    
-    
-
-
-
-
-    
      
-        
      
-            
-            
      
-        
      
-        
      
-            
      
-                
-            
      
-            
      
-                
-            
      
-        
      
-    
      
-    
      
-
-    
-    
-    
-    
-
-    
-
-
-
\ No newline at end of file
diff --git a/web/admin/demo/ultable.html b/web/admin/demo/ultable.html
new file mode 100644
index 0000000..0961d75
--- /dev/null
+++ b/web/admin/demo/ultable.html
@@ -0,0 +1,105 @@
+
+
+
+
+    
+    
+    
+    
+    
+
+
+
+    
      
+        
      
+            
      
+                
      
+                
      
+                    
+                    添加
+                
      
+            
      
+        
      
+        
      
+            
      Loading...
      
+            
        
+            
        
+                
        
+                    全选
+                    反选
+                    |
+                    批量删除
+                
        
+                
        
+            
        
+        
        
+    
        
+
+    
+    
+    
+    
+
+
+
\ No newline at end of file
diff --git a/web/admin/demo/ultable.php b/web/admin/demo/ultable.php
new file mode 100644
index 0000000..c19de66
--- /dev/null
+++ b/web/admin/demo/ultable.php
@@ -0,0 +1,84 @@
+get('query');
+        $csql = new \ciy\sql('zc_role');
+        $csql->where('name like', objstr($query, 'name'));
+        $csql->where('memo like', objstr($query, 'memo'));
+        $order = objstr($query, 'order', 'id desc');
+        $csql->order($order);
+        $query['order'] = $order;
+        return [$query, $csql];
+    }
+    public static function json_init() {
+        global $db;
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        list($where, $csql) = self::setwhere($db, $post);
+        $pageno = $post->getint('pageno', 1);
+        $pagecount = $post->getint('pagecount', 10);
+        $csql->limit($pageno, $pagecount);
+        $mainrowcount = $post->getint('count');
+        $rows = $db->get($csql, $mainrowcount);
+        $ret = array('where' => $where, 'pageno' => $pageno, 'pagecount' => $pagecount, 'count' => $mainrowcount, 'list' => $rows);
+        if ($post->getbool('field')) {
+            $field = array();
+            $fshow = $db->getfield($field, 'zc_role');
+            foreach ($field as $fr => $v) {
+                if ($post->is('_' . $fr))
+                    $field[$fr]['c'] = ',' . $field[$fr]['c'];
+            }
+            $fshow = fieldadd($fshow, $field, 0, '_btn', '操作');
+            $field['memo']['thwidth'] = '25em';
+            $ret['field'] = $field;
+            $ret['fshow'] = $fshow;
+        }
+
+        if ($post->getbool('once')) {
+            $ret['once'] = array();
+            $input = array();
+            $input[] = array(
+                'type' => 'input', 'form' => 'name', 'name' => '角色名称', 'prop' => ' style="width:8em;"'
+            );
+            $input[] = array(
+                'type' => 'input', 'form' => 'memo', 'name' => '角色说明', 'prop' => ' style="width:8em;"'
+            );
+            $ret['once']['input'] = $input;
+        }
+        return succjson($ret);
+    }
+    public static function json_del() {
+        global $db;
+        $rsuser = verifyfast();
+        if (nopower($db, $rsuser['id'], 'p502d'))
+            return errjson('您未被授权操作');
+        $post = new \ciy\post();
+        $ids = $post->get('ids');
+        if (empty($ids))
+            return errjson('请选择至少一条');
+        $csql = new \ciy\sql('zc_role');
+        $csql->where('id in', $ids);
+        $rows = $db->get($csql);
+        $vids = array();
+        try {
+            $db->begin();
+            foreach ($rows as $row) {
+                $delid = $row['id'];
+                delcheck($db, $delid, 'zc_admin', 'roleid', '用户');
+                delme($db, $delid, 'zc_role');
+                savelogdb($db, $rsuser['id'], 'zc_role', $row, null);
+                $vids[] = $delid;
+            }
+            $db->commit();
+        } catch (\Exception $ex) {
+            $db->rollback();
+            savelogfile('err_db', $ex->getMessage());
+            return errjson($ex->getMessage());
+        }
+        $ret['ids'] = $vids;
+        return succjson($ret);
+    }
+}
diff --git a/web/admin/index.go b/web/admin/index.go
index f515ca8..04e998d 100644
--- a/web/admin/index.go
+++ b/web/admin/index.go
@@ -11,7 +11,7 @@ func Index_init(w http.ResponseWriter, r *http.Request) bool {
 	//menu,url: 普通链接~原型图 4378,key  普通链接~原型图 共存
 	//menu,pow: d=删除|e=修改   p[id]e  默认p[id]v 显示权限   角色权限menu url<>'' 可选择授权
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -51,12 +51,12 @@ func Index_init(w http.ResponseWriter, r *http.Request) bool {
 		"name": "控制台",
 	}
 	ret["title"] = "Ciyon SaaS总控台"
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Index_favadd(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -79,11 +79,11 @@ func Index_favadd(w http.ResponseWriter, r *http.Request) bool {
 			return c.ErrJSON(w, "添加fav失败", err)
 		}
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 func Index_favdel(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -94,12 +94,12 @@ func Index_favdel(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "删除fav失败", err)
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 
 func Index_setssh(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -111,7 +111,7 @@ func Index_setssh(w http.ResponseWriter, r *http.Request) bool {
 		//开启后,需定时关闭防火墙
 		fmt.Println("开启SSH远程访问")
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 
 // if strings.HasPrefix(r.Header.Get("Content-Type"), "multipart/form-data") {
diff --git a/web/admin/index.html b/web/admin/index.html
index 04b0fd4..97d4ffb 100644
--- a/web/admin/index.html
+++ b/web/admin/index.html
@@ -661,22 +661,15 @@
             var tabsuldom = $5('#id_headertabs_ul');
             $5(document).on('click', '[data-href]', function (e) {
                 var adom = $5(e.currentTarget);
-                var hrefstr = adom.attr('data-href');
-                hrefstr = hrefstr.replace('{domain}', location.origin);
-                if (!hrefstr)
-                    return;
+                var href = adom.attr('data-href');
                 var txt = adom.attr('data-title') || adom.text();
-                var hrefs = hrefstr.split('~');
-                var href = hrefs[0];
                 if (href == '') {
-                    if (hrefs.length > 1) {
-                        if (hrefs[1][0] == ':')
-                            ciyfn.alert(hrefs[1].substring(1).replace(/\|/g, '
        '));
-                        else
-                            thos.page_ifropen(getdemourl(hrefs[1]), txt);
-                    }
-                } else if (href.substring(0, 4) == 'http') {
-                    window.open(href);
+                } else if (href.substring(0, 4) == '!MSG') {
+                    ciyfn.alert(href.substring(4).replace(/\|/g, '
        '));
+                } else if (href.substring(0, 4) == '!WIN') {
+                    window.open(href.substring(4));
+                } else if (href.substring(0, 4) == '!PRD') {
+                    thos.page_ifropen(getdemourl(href.substring(4)), txt);
                 } else if (href.substring(0, 4) == '!DAO') {
                     ciyfn.callfunc("godao", { url: href.substring(4) }, function (json) {
                         thos.page_ifropen(json.url, txt);
@@ -684,8 +677,6 @@
                             thos.page_shrink();
                     });
                 } else {
-                    if (href.substring(0, 5) == '$http')
-                        href = href.substring(1);
                     thos.page_ifropen(href, txt);
                     if (window.innerWidth < 992)
                         thos.page_shrink();
@@ -743,25 +734,18 @@
             var bodydom = $5('#id_body');
             navdom.on("contextmenu", "li", function (ev) {
                 var curra = $5(ev.currentTarget);
-                var hrefstr = curra.attr('data-href');
+                var href = curra.attr('data-href');
                 var menuid = curra.attr('data-id') || curra.attr('fav');
-                if (hrefstr == undefined)
+                if (href == undefined)
                     return false;
                 var pops = [];
-                var hrefs = hrefstr.split('~');
                 var txt = curra.attr('data-title') || curra.text();
                 txt = ciyfn.lang(txt);
-                if (hrefs[0]) {
+                if (href) {
                     if (curra.hasattr('fav'))
-                        pops.push({ act: 'delfav', id: menuid, title: ciyfn.lang('移除该菜单'), name: txt, url: hrefs[0] });
+                        pops.push({ act: 'delfav', id: menuid, title: ciyfn.lang('移除该菜单'), name: txt, url: href });
                     else
-                        pops.push({ act: 'addfav', id: menuid, title: ciyfn.lang('加到常用菜单'), name: txt, url: hrefs[0] });
-                }
-                if (hrefs[1]) {
-                    if (hrefs[1][0] == ':')
-                        pops.push({ act: 'msg', title: ciyfn.lang('原型描述'), url: hrefs[1].substring(1) });
-                    else
-                        pops.push({ act: 'ifropen', title: ciyfn.lang('打开原型图'), name: txt + '-' + ciyfn.lang('原型图'), url: getdemourl(hrefs[1]) });
+                        pops.push({ act: 'addfav', id: menuid, title: ciyfn.lang('加到常用菜单'), name: txt, url: href });
                 }
                 var popdom = ciyfn.popmenu(ev, pops);
                 popdom.on("click", "li", function (ev) {
diff --git a/web/admin/login.go b/web/admin/login.go
index 8d9cdec..baef971 100644
--- a/web/admin/login.go
+++ b/web/admin/login.go
@@ -39,14 +39,14 @@ func Login_login(w http.ResponseWriter, r *http.Request) bool {
 	if math.Abs(c.Tofloat(authtime/1000-c.Tostamp())) > 300 {
 		return c.ErrJSON(w, "您的本地时间与服务器时间相差超过5分钟,请调整本机时间.
        服务器时间: "+c.Todate(-1, "Y-m-d H:i:s")+"
        您本机时间: "+c.Todate(authtime/1000, "Y-m-d H:i:s"))
 	}
-	if post.Get("pass") != c.MD5(c.Tostr(userrow["password"])+fmt.Sprintf("%d", authtime)) {
+	if post.Get("pass") != c.Sha256(c.Tostr(userrow["password"])+fmt.Sprintf("%d", authtime)) {
 		updata := map[string]any{}
 		updata["trytime"] = []string{"trytime+1"}
 		updata["logintimes"] = c.Tostamp()
 		csql = c.NewCiySQL("zc_admin")
 		csql.Where("id", userrow["id"])
 		c.CiyDB.Update(csql, updata)
-		SaveLog(c.CiyDB, "LOGINERR", "用户["+user+"]登录密码错误 "+Gdefpass+" ["+c.MD5(Gdefpass+Gtokensalt)+"]")
+		SaveLog(c.CiyDB, "LOGINERR", "用户["+user+"]登录密码错误 "+Gdefpass+" ["+c.Sha256(Gdefpass+Gtokensalt)+"]")
 		return c.ErrJSON(w, "用户["+user+"]登录密码错误")
 	}
 	syncdict, err := getsync(userrow)
@@ -57,7 +57,7 @@ func Login_login(w http.ResponseWriter, r *http.Request) bool {
 	userid := c.Toint(userrow["id"])
 	c.CiyDB.Execute("delete from zc_online where exptimes\n"
 	html += "\n"
 	html += "共" + c.Tostr(cnt) + "条数据\n"
-	return c.SuccJSON(w, map[string]any{
+	return c.SuccJSON(w, r, map[string]any{
 		"html":  html,
 		"count": cnt,
 	})
 }
 func Admin_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -630,5 +630,5 @@ func Admin_importxls_data(w http.ResponseWriter, r *http.Request) bool {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
 	c.CiyDB.Execute("update zc_online set usrchg=2")
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/rigger/autotask.go b/web/admin/rigger/autotask.go
index 179258d..e293c03 100644
--- a/web/admin/rigger/autotask.go
+++ b/web/admin/rigger/autotask.go
@@ -23,7 +23,7 @@ func autotask_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Autotask_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -74,11 +74,11 @@ func Autotask_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Autotask_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -148,11 +148,11 @@ func Autotask_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Autotask_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -184,12 +184,12 @@ func Autotask_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Autotask_status(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -222,5 +222,5 @@ func Autotask_status(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/autotskrun.go b/web/admin/rigger/autotskrun.go
index c14d4d5..6d64626 100644
--- a/web/admin/rigger/autotskrun.go
+++ b/web/admin/rigger/autotskrun.go
@@ -23,7 +23,7 @@ func autotskrun_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Autotskrun_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -79,11 +79,11 @@ func Autotskrun_init(w http.ResponseWriter, r *http.Request) bool {
 		once["zc_autotask"], _, _ = c.CiyDB.Get(csql)
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Autotskrun_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -116,12 +116,12 @@ func Autotskrun_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Autotskrun_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -199,11 +199,11 @@ func Autotskrun_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["url"] = filename
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Autotskrun_viewlog(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -218,5 +218,5 @@ func Autotskrun_viewlog(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["logs"] = rows
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/cata.go b/web/admin/rigger/cata.go
index 95daf8e..c1f4b76 100644
--- a/web/admin/rigger/cata.go
+++ b/web/admin/rigger/cata.go
@@ -11,7 +11,7 @@ import (
 
 func Cata_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -107,11 +107,11 @@ func Cata_init(w http.ResponseWriter, r *http.Request) bool {
 		once["code"] = code
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Cata_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -179,11 +179,11 @@ func Cata_update(w http.ResponseWriter, r *http.Request) bool {
 	c.CiyDB.Execute("update zc_online set usrchg=2")
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Cata_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -240,5 +240,5 @@ func Cata_del(w http.ResponseWriter, r *http.Request) bool {
 	c.CiyDB.Execute("update zc_online set usrchg=2")
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/cataindex.go b/web/admin/rigger/cataindex.go
index 0ccb46f..5953ff3 100644
--- a/web/admin/rigger/cataindex.go
+++ b/web/admin/rigger/cataindex.go
@@ -11,7 +11,7 @@ import (
 
 func Cataindex_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -62,11 +62,11 @@ func Cataindex_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Cataindex_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -131,11 +131,11 @@ func Cataindex_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Cataindex_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -173,5 +173,5 @@ func Cataindex_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/chgpass.go b/web/admin/rigger/chgpass.go
index 8ab4934..5b8401f 100644
--- a/web/admin/rigger/chgpass.go
+++ b/web/admin/rigger/chgpass.go
@@ -10,7 +10,7 @@ import (
 
 func Chgpass_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -22,12 +22,6 @@ func Chgpass_update(w http.ResponseWriter, r *http.Request) bool {
 	if newpass == "" {
 		return c.ErrJSON(w, "请输入新密码")
 	}
-	if newpass == admin.Gdefpass {
-		return c.ErrJSON(w, "新密码不要与默认密码相同")
-	}
-	if len(newpass) < 6 {
-		return c.ErrJSON(w, "密码应至少6位")
-	}
 
 	csql := c.NewCiySQL("zc_admin")
 	csql.Where("id", userid)
@@ -35,24 +29,24 @@ func Chgpass_update(w http.ResponseWriter, r *http.Request) bool {
 	if userrow == nil {
 		return c.ErrJSON(w, "遇到读取错误", err)
 	}
-	if c.Tostr(userrow["password"]) != c.MD5(oldpass+admin.Gtokensalt) {
+	if c.Tostr(userrow["password"]) != oldpass {
 		return c.ErrJSON(w, "原密码错误")
 	}
 
 	err = c.CiyDB.Tran(func() error {
 		updata := map[string]any{}
-		updata["password"] = c.MD5(newpass + admin.Gtokensalt)
+		updata["password"] = newpass
 		csql = c.NewCiySQL("zc_admin")
 		csql.Where("id", userid)
 		_, err = c.CiyDB.Update(csql, updata)
 		if err != nil {
 			return fmt.Errorf("更新失败:%v", err)
 		}
-		admin.SaveLog(c.CiyDB, "PASSWORD", "修改密码:"+c.Tostr(updata["password"]))
+		admin.SaveLog(c.CiyDB, "PASSWORD", "已修改密码")
 		return nil
 	})
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/rigger/chgpass.php b/web/admin/rigger/chgpass.php
index 6b1f472..74f4258 100644
--- a/web/admin/rigger/chgpass.php
+++ b/web/admin/rigger/chgpass.php
@@ -29,7 +29,7 @@ class chgpass {
             $csql->where('id', $rsuser['id']);
             if ($db->update($csql, $updata) === false)
                 throw new \Exception('更新失败:' . $db->error);
-            savelog($db, $rsuser['id'], 'PASSWORD', '修改密码');
+            savelog($db, $rsuser['id'], 'PASSWORD', '已修改密码');
             $db->commit();
         } catch (\Exception $ex) {
             $db->rollback();
diff --git a/web/admin/rigger/config.go b/web/admin/rigger/config.go
index 3f4bc4d..d965883 100644
--- a/web/admin/rigger/config.go
+++ b/web/admin/rigger/config.go
@@ -21,7 +21,7 @@ func config_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Config_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -72,11 +72,11 @@ func Config_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Config_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -130,11 +130,11 @@ func Config_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Config_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -166,5 +166,5 @@ func Config_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/debug_user.go b/web/admin/rigger/debug_user.go
index c1d8b23..4e75114 100644
--- a/web/admin/rigger/debug_user.go
+++ b/web/admin/rigger/debug_user.go
@@ -21,7 +21,7 @@ func debug_user_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Debug_user_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -84,11 +84,11 @@ func Debug_user_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Debug_user_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -158,12 +158,12 @@ func Debug_user_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Debug_user_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -195,12 +195,12 @@ func Debug_user_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Debug_user_getlocal(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -221,5 +221,5 @@ func Debug_user_getlocal(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["list"] = rows
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/depart.go b/web/admin/rigger/depart.go
index 582f0e6..d09b9bf 100644
--- a/web/admin/rigger/depart.go
+++ b/web/admin/rigger/depart.go
@@ -11,7 +11,7 @@ import (
 
 func Depart_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -42,11 +42,11 @@ func Depart_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Depart_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -85,11 +85,11 @@ func Depart_update(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 func Depart_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -123,11 +123,11 @@ func Depart_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Depart_modifyupid(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -158,11 +158,11 @@ func Depart_modifyupid(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 func Depart_multiadd(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -199,5 +199,5 @@ func Depart_multiadd(w http.ResponseWriter, r *http.Request) bool {
 	if cnt == 0 {
 		return c.ErrJSON(w, "没有任何新增")
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/rigger/funcslow.go b/web/admin/rigger/funcslow.go
index 8ba9a46..5537605 100644
--- a/web/admin/rigger/funcslow.go
+++ b/web/admin/rigger/funcslow.go
@@ -22,7 +22,7 @@ func funcslow_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Funcslow_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -77,11 +77,11 @@ func Funcslow_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Funcslow_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -113,12 +113,12 @@ func Funcslow_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Funcslow_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -186,5 +186,5 @@ func Funcslow_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["url"] = filename
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/logdb.go b/web/admin/rigger/logdb.go
index 037f1b3..8e80895 100644
--- a/web/admin/rigger/logdb.go
+++ b/web/admin/rigger/logdb.go
@@ -30,7 +30,7 @@ func logdb_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Logdb_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -92,11 +92,11 @@ func Logdb_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Logdb_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -127,12 +127,12 @@ func Logdb_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Logdb_multiread(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -167,5 +167,5 @@ func Logdb_multiread(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/logfile.go b/web/admin/rigger/logfile.go
index 557188b..e90f2ca 100644
--- a/web/admin/rigger/logfile.go
+++ b/web/admin/rigger/logfile.go
@@ -13,7 +13,7 @@ import (
 
 func Logfile_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -23,7 +23,7 @@ func Logfile_init(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["logfiles"] = logfiles
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Logfile_viewlog(w http.ResponseWriter, r *http.Request) bool {
@@ -32,7 +32,7 @@ func Logfile_viewlog(w http.ResponseWriter, r *http.Request) bool {
 		return false
 	}
 	post := c.NewCiyPost(w, r)
-	_, err := admin.Verifyuser(c.CiyDB, post)
+	_, err := admin.Verifyuser(r, c.CiyDB, post)
 	if err != nil {
 		c.SSESend_event(w, "请重新登录")
 		return false
diff --git a/web/admin/rigger/menu.go b/web/admin/rigger/menu.go
index 2df55a9..38aada8 100644
--- a/web/admin/rigger/menu.go
+++ b/web/admin/rigger/menu.go
@@ -11,7 +11,7 @@ import (
 
 func Menu_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	rsuser, _ := admin.Verifyfast(c.CiyDB, post)
+	rsuser, _ := admin.Verifyfast(r, c.CiyDB, post)
 	if rsuser == nil {
 		return false
 	}
@@ -64,11 +64,11 @@ func Menu_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Menu_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -132,11 +132,11 @@ func Menu_update(w http.ResponseWriter, r *http.Request) bool {
 	ret["url"] = url
 	ret["demo"] = demo
 	ret["pow"] = pow
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Menu_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -171,11 +171,11 @@ func Menu_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Menu_modifyupid(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -217,11 +217,11 @@ func Menu_modifyupid(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 func Menu_multiadd(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -279,12 +279,12 @@ func Menu_multiadd(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "更新upid失败:"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
 
 func Menu_seticon(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -304,7 +304,7 @@ func Menu_seticon(w http.ResponseWriter, r *http.Request) bool {
 		return c.ErrJSON(w, "数据不存在", err)
 	}
 	if datarow == nil && svg == "" {
-		return c.SuccJSON(w)
+		return c.SuccJSON(w, r)
 	}
 	err = c.CiyDB.Tran(func() error {
 		msg := ""
@@ -337,5 +337,5 @@ func Menu_seticon(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/rigger/mock.go b/web/admin/rigger/mock.go
index a7b4225..67bc3d7 100644
--- a/web/admin/rigger/mock.go
+++ b/web/admin/rigger/mock.go
@@ -22,7 +22,7 @@ func mock_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Mock_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -82,11 +82,11 @@ func Mock_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Mock_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -159,11 +159,11 @@ func Mock_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Mock_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -194,5 +194,5 @@ func Mock_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/online.go b/web/admin/rigger/online.go
index 9169dce..dbf0478 100644
--- a/web/admin/rigger/online.go
+++ b/web/admin/rigger/online.go
@@ -20,7 +20,7 @@ func online_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Online_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -68,11 +68,11 @@ func Online_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Online_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -104,12 +104,12 @@ func Online_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Online_logout(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -132,5 +132,5 @@ func Online_logout(w http.ResponseWriter, r *http.Request) bool {
 	updata["sid"] = ""
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/power.go b/web/admin/rigger/power.go
index 34be917..0cde2be 100644
--- a/web/admin/rigger/power.go
+++ b/web/admin/rigger/power.go
@@ -19,7 +19,7 @@ func power_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Power_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -86,11 +86,11 @@ func Power_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Power_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -160,11 +160,11 @@ func Power_update(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["data"] = updata
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Power_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -196,5 +196,5 @@ func Power_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/role.go b/web/admin/rigger/role.go
index 7af92a4..e5d1fd0 100644
--- a/web/admin/rigger/role.go
+++ b/web/admin/rigger/role.go
@@ -19,7 +19,7 @@ func role_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Role_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -62,11 +62,11 @@ func Role_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Role_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -99,5 +99,5 @@ func Role_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/role_u.go b/web/admin/rigger/role_u.go
index ca69df8..4c8edb1 100644
--- a/web/admin/rigger/role_u.go
+++ b/web/admin/rigger/role_u.go
@@ -11,7 +11,7 @@ import (
 
 func Role_u_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -36,11 +36,11 @@ func Role_u_init(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "读取power失败:"+err.Error())
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Role_u_update(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -116,5 +116,5 @@ func Role_u_update(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, "事务"+err.Error())
 	}
-	return c.SuccJSON(w)
+	return c.SuccJSON(w, r)
 }
diff --git a/web/admin/rigger/statsdb.go b/web/admin/rigger/statsdb.go
index 0d8aea3..a4972e2 100644
--- a/web/admin/rigger/statsdb.go
+++ b/web/admin/rigger/statsdb.go
@@ -10,7 +10,7 @@ import (
 
 func Statsdb_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -293,5 +293,5 @@ func Statsdb_init(w http.ResponseWriter, r *http.Request) bool {
 		ret["tps"] = tps
 	}
 	ret["stats"] = stats
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/statsfunc.go b/web/admin/rigger/statsfunc.go
index 0611367..ad78561 100644
--- a/web/admin/rigger/statsfunc.go
+++ b/web/admin/rigger/statsfunc.go
@@ -23,7 +23,7 @@ func statsfunc_setwhere(post *c.CiyPost) (map[string]any, *c.CiySQL) {
 }
 func Statsfunc_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -81,11 +81,11 @@ func Statsfunc_init(w http.ResponseWriter, r *http.Request) bool {
 		once["input"] = input
 		ret["once"] = once
 	}
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 func Statsfunc_del(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -117,12 +117,12 @@ func Statsfunc_del(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["ids"] = vids
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func Statsfunc_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -211,5 +211,5 @@ func Statsfunc_exportxls(w http.ResponseWriter, r *http.Request) bool {
 	}
 	ret := map[string]any{}
 	ret["url"] = filename
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/rigger/statssrv.go b/web/admin/rigger/statssrv.go
index 989192f..0a4371a 100644
--- a/web/admin/rigger/statssrv.go
+++ b/web/admin/rigger/statssrv.go
@@ -10,7 +10,7 @@ import (
 
 func Statssrv_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -34,5 +34,5 @@ func Statssrv_init(w http.ResponseWriter, r *http.Request) bool {
 
 	ret := map[string]any{}
 	ret["stats"] = stats
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/upload.go b/web/admin/upload.go
index 1c13a31..d390faa 100644
--- a/web/admin/upload.go
+++ b/web/admin/upload.go
@@ -17,7 +17,7 @@ func Upload_upload(w http.ResponseWriter, r *http.Request) bool {
 	extselect := "exts"
 
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -43,12 +43,12 @@ func Upload_upload(w http.ResponseWriter, r *http.Request) bool {
 	if err != nil {
 		return c.ErrJSON(w, err.Error())
 	}
-	return c.SuccJSON(w, json)
+	return c.SuccJSON(w, r, json)
 }
 
 func Upload_s3(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -96,7 +96,7 @@ func Upload_s3(w http.ResponseWriter, r *http.Request) bool {
 	headers["x-amz-content-sha256"] = vsha256
 	headers["x-amz-date"] = zdate
 	ret["headers"] = headers
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
 
 func sign(key []byte, msg string) []byte {
diff --git a/web/admin/welcome.go b/web/admin/welcome.go
index 1684fc9..f869ee9 100644
--- a/web/admin/welcome.go
+++ b/web/admin/welcome.go
@@ -7,7 +7,7 @@ import (
 
 func Welcome_init(w http.ResponseWriter, r *http.Request) bool {
 	post := c.NewCiyPost(w, r)
-	_, userid := Verifyfast(c.CiyDB, post)
+	_, userid := Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		return false
 	}
@@ -24,5 +24,5 @@ func Welcome_init(w http.ResponseWriter, r *http.Request) bool {
 	// 	})
 	// }
 	ret["works"] = works
-	return c.SuccJSON(w, ret)
+	return c.SuccJSON(w, r, ret)
 }
diff --git a/web/admin/wsdemo/index.go b/web/admin/wsdemo/index.go
index 3c27677..3526818 100644
--- a/web/admin/wsdemo/index.go
+++ b/web/admin/wsdemo/index.go
@@ -14,7 +14,7 @@ func Wsdemo(w http.ResponseWriter, r *http.Request) bool {
 		return false
 	}
 	post := c.NewCiyPost(w, r)
-	_, userid := admin.Verifyfast(c.CiyDB, post)
+	_, userid := admin.Verifyfast(r, c.CiyDB, post)
 	if userid == 0 {
 		ws.SendFail(0, "请重新登录")
 		ws.Close()
diff --git a/web/admin/wsdemo/index.html b/web/admin/wsdemo/index.html
index 024e123..8ff5023 100644
--- a/web/admin/wsdemo/index.html
+++ b/web/admin/wsdemo/index.html
@@ -58,10 +58,10 @@
             var wsurl = $5('[name=ws]').val();
             if(wsurl.indexOf("ws") !== 0){
                 console.log(location);
-                wsurl = "ws://" + location.host + wsurl;
+                wsurl = "wss://" + location.host + wsurl;
             }
             var url = wsurl;
-            url += '&_' + ciy_vars.tokenfield + '=' + ciyfn.getstorage('_' + ciy_vars.tokenfield);
+            url += '&_ciyauth=' + ciyfn.getstorage('_' + ciy_vars.tokenfield);
             ws = new ciyclass.websocket(url);
             ws.onopen = function (event) {
                 $5('#id_log').append('
        connected:'+wsurl+'
        ');
diff --git a/web/jscss/ciy.js b/web/jscss/ciy.js
index aa854a4..535aabf 100644
--- a/web/jscss/ciy.js
+++ b/web/jscss/ciy.js
@@ -1042,7 +1042,7 @@ ciyfn.callfunc = function (funcname, post, successfunc, opn) { //opn  showload,m
     if (typeof (window['ciy_vars']) === 'undefined')
         window.ciy_vars = {};
     if (ciy_vars.tokenfield)
-        opn.header[ciy_vars.tokenfield] = ciyfn.getstorage('_' + ciy_vars.tokenfield);
+        opn.header['ciyauth'] = ciyfn.getstorage('_' + ciy_vars.tokenfield);
     if (document.location.search)
         funcname += '&' + document.location.search.substring(1);
     if (opn.showload === undefined)
@@ -1086,16 +1086,15 @@ ciyfn.callfunc = function (funcname, post, successfunc, opn) { //opn  showload,m
             if (opn._load)
                 opn._load.close('succ');
             if (ciy_vars.tokenfield) {
-                var re = xhr.getResponseHeader(ciy_vars.tokenfield + 're');
+                var re = xhr.getResponseHeader('_re');
                 if (re && funcname.indexOf('restorage') == -1
                     && document.location.pathname.indexOf('/rigger/cata.html') == -1
                     && document.location.pathname.indexOf('/rigger/admin.html') == -1
                 ) {
                     ciyfn.sendsignal(window.top, 'restorage', { show: false });
                 }
-                var newauth = xhr.getResponseHeader(ciy_vars.tokenfield);
-                if (newauth)
-                    ciyfn.setstorage('_' + ciy_vars.tokenfield, newauth);
+                if (json['_ciyauth'])
+                    ciyfn.setstorage('_' + ciy_vars.tokenfield, json['_ciyauth']);
             }
             if (typeof (successfunc) == 'function')
                 successfunc(json, xhr);
diff --git a/web/jscss/ciy_websocket.js b/web/jscss/ciy_websocket.js
new file mode 100644
index 0000000..4e538e2
--- /dev/null
+++ b/web/jscss/ciy_websocket.js
@@ -0,0 +1,152 @@
+/*
+ * Author: 众产®  https://ciy.cn/code
+ * Version: 0.1.1
+ */
+'use strict';
+ciyclass.websocket = function (addr, header) {
+    var thos = this;
+    this.buffer = new Array(); //发送数据缓冲区
+    this.reOpenData = [2, 5, 3, 5, 5, 3, 5, 8, 10, 20, 30, 30]; //断线重连,每次间隔时间/秒
+    this.reOpen = 0; //断线重连次数
+    this.wsidx = 0;
+    this.keepAliveTimer = setInterval(function () {
+        try {
+            if (thos.wsock && thos.wsock.readyState !== 1) {
+                thos.reOpenSec--;
+                if (thos.reOpenSec <= 0) {
+                    thos.reOpen++;
+                    thos.reOpenSec = 10;
+                    thos.open();
+                }
+                return;
+            }
+            if (thos.buffer.length > 0) {
+                var data = thos.buffer.pop();
+                thos.send(data);
+            } else {
+                if (new Date().getTime() - thos.last_health_time >= 15000 && thos.wsock.readyState === 1) {
+                    console.log('ping');
+                    thos.wsock.send('h');//.ping();
+                    thos.last_health_time = new Date().getTime();
+                }
+            }
+        } catch (err) {
+            console.log(err);
+        }
+    }, 1000);
+    this.setOpenSec = function () {
+        (thos.reOpen < thos.reOpenData.length) ? thos.reOpenSec = thos.reOpenData[thos.reOpen] : thos.reOpenSec = 90; //断线重试太多后的间隔时间
+    }
+    this.open = function () {
+        try {
+            if (thos.wsock && thos.wsock.trueClose)
+                return;
+            thos.setOpenSec();
+            if (thos.wsock) {
+                if (thos.wsock.readyState == 1)
+                    return;
+                thos.wsock.close();
+            }
+            thos.wsock = new WebSocket(addr);
+            thos.wsock.onopen = function (event) {
+                try {
+                    //获取header,刷新reauth
+                    thos.reOpen = 0;
+                    thos.last_health_time = new Date().getTime();
+                    if (typeof (thos.onopen) == "function")
+                        thos.onopen(event);
+                } catch (err) {
+                    console.log('ws.onopen', err);
+                }
+            };
+            thos.wsock.onmessage = function (e) {
+                try {
+                    thos.last_health_time = new Date().getTime();
+                    if (typeof (thos.onmessage) == "function")
+                        thos.onmessage(e);
+                } catch (err) {
+                    console.log('ws.onmessage', err);
+                }
+            };
+            thos.wsock.onclose = function (e) {
+                try {
+                    if (this.trueClose) {
+                        clearInterval(thos.keepAliveTimer);
+                        return;
+                    }
+                    thos.setOpenSec();
+                    if (typeof (thos.onclose) == "function")
+                        thos.onclose(e);
+                } catch (err) {
+                    console.log('ws.onclose', err);
+                }
+            };
+            thos.wsock.onerror = function (e) {
+                try {
+                    thos.setOpenSec();
+                    if (typeof (thos.onerror) == "function")
+                        thos.onerror(e);
+                } catch (err) {
+                    console.log('ws.onerror', err);
+                }
+            };
+        } catch (err) {
+            console.log('ws.open', err);
+        }
+    }
+    this.send = function (msg) {
+        console.log('op send', msg);
+        try {
+            if (this.wsock === undefined || this.wsock.trueClose)
+                return false;
+            if (this.wsock.readyState !== 1 || this.wsock.bufferedAmount > 0)
+                this.buffer.push(msg);
+            else {
+                this.wsock.send(msg);
+                this.last_health_time = new Date().getTime();
+            }
+            return true;
+        } catch (err) {
+            console.log('ws.send', err);
+        }
+    }
+    this.sendjson = function (json) {
+        console.log('op sendjson', json);
+        json._wsidx = this.wsidx++;
+        try {
+            if (this.wsock === undefined || this.wsock.trueClose)
+                return false;
+            if (this.wsock.readyState !== 1 || this.wsock.bufferedAmount > 0)
+                this.buffer.push(JSON.stringify(json));
+            else {
+                this.wsock.send(JSON.stringify(json));
+                this.last_health_time = new Date().getTime();
+            }
+            return true;
+        } catch (err) {
+            console.log('ws.sendjson', err);
+        }
+    }
+    this.close = function (send) {
+        this.wsock.trueClose = true;
+        this.wsock.close();
+    }
+    this.open();
+}
+ciyfn.bin2hex = function (str) {
+    var ret = '';
+    for (var i = 0, l = str.length; i < l; i++) {
+        var c = str.charCodeAt(i).toString(16);
+        if (c.length == 1)
+            c = '0' + c;
+        ret += c;
+    }
+    return ret;
+}
+ciyfn.hex2bin = function (str) {
+    var ret = '';
+    for (var i = 0; i < str.length - 1; i += 2) {
+        ret += String.fromCharCode(parseInt(str.substr(i, 2), 16));
+    }
+    return ret;
+}
\ No newline at end of file
diff --git a/web/jscss/ciycmp.js b/web/jscss/ciycmp.js
index 6a3ccae..aca85d4 100644
--- a/web/jscss/ciycmp.js
+++ b/web/jscss/ciycmp.js
@@ -113,7 +113,7 @@ ciyfn.file_uploads = function (maxcount, files, opn, fn) {
 							postdata.append('file', gfile, gfile.name);
 							var xhr = new XMLHttpRequest();
 							xhr.open("POST", opn.action + ".upload&pathfile=" + pathfile, true);
-							xhr.setRequestHeader(ciy_vars.tokenfield, ciyfn.getstorage('_' + ciy_vars.tokenfield));
+							xhr.setRequestHeader('ciyauth', ciyfn.getstorage('_' + ciy_vars.tokenfield));
 							xhr.setRequestHeader("X-Custom-Header", "CustomValue");
 							xhr.onload = function () {
 								var data = xhr.responseText;
diff --git a/web/ud/demo/211215_6165.png b/web/ud/demo/211215_6165.png
new file mode 100644
index 0000000000000000000000000000000000000000..95637be86ad12437c77ffbe13af062be8ad6e1d3
GIT binary patch
literal 11143
zcmeHt^;=Zm7cSi`4Ba9KLrOPDD2SB8NDiIS(%mqG3JgdJ2&mN1-6bF?-R;mN(r^#@
z@%{z(m-{?lei+WP&w0+?Yn`>%df#`iD2?aJgm^S~C@3g|PoF4gp`f6Ff$IhwEZ|oO
z)+GV_Lv__smPaWWq}xP6VM2MTAos%4Xm=jlGgcQJ`yk*!)cr_^W|XD?$5-p(QCk@N
zNK^d#7N6NZJvp=K&}ZR1>sYPVHdT5r^EmW;Dmmm?LI|S1?~DChpgnycQrA0>l-_yk
z*Sx=ZdKhtM={(Tt=CKcq2@XvcuFgZRpqM*Z$UUs5s-Ax1x
zw6?Z8{&y*hx(+;>Sjqx=`}dwKDi+8e{m)~-)EvC6tvS9FWr6<&_z(xQcdxixmaG@>
z?0R7&=BNJ#0)xU9|6QW>;qxIlj1|F5e;*D6mVbry&s+_oz#zqQPE*u}|JetaD)K*5
z0WbgWtNxA5{{`^>_UiwmwA9K8{ACdQOJN$a7C}AIh))Fttjx@)adB~8B?W}E!b?+S
zW}d&Ntwx%BJkrJA;4LgHaJ(uv&)o0A|ChDC8OeTWb-6loCZHE5U+s>496>}6wXjIq
zub*uRkO?QC4$fCgGd*1Ca&mI|R%>Nz%L(T-jtj#NL6|=!5qCQ?&de0E9%gdepCB3%
zv=2la;J9th(Bh+6WuM@ewhr>_qjD_r_S62Cx1+xV3Iwt7@DMe5pR{xFiYVU_UoH(V
z%V>^wU^6ge4p*74y}+j6d=Z$H#h9LvLHK;O!iqSD<+h{2Z!x^d@9BL>grZ9H1DvSV
za(_RZ%&+={yp;}du;h{)->_6fS=qqLH?UR#i&5y=h4*rItbSx{Y)HI1cW8Kc+u#C4
zwL5W#W{JbMgn!2KaejOTCCyV+_d(H5!>Fwl?QIW_P+l6_3?ONAM_<@kU=Xr<(O*ro
zySux*`HJw?s4jNT@pouxX{o&?DL43Zwd263g`xHh7Xg=UKpZOim4KdJQPHTg$c4D1
z6lcFrmY6GPQsG#5RaHi>y5-f`A=SpDDi&P3U~u`TF;TWhX$gmRz95fbJ=)LFml`=3
z`g+ggk1+l#p17!aXfO^tEiK6sL#c>x^~tc}Vr#;uZHM;?mUq^07_(-?ng_2hadFP=
zCEDBN`CU3?MaALmye&6TcDlUZT3uF^I5sd#+H0K?2)m0u<>xPD^|KEnKX@amtGn0x
zbv3Kg+3oFjTzxZf6iPj;qrwTdds_u~`Kb0=PK7gHYZ1G9W?2lu{#Wug
z@Hr?UorU)wJXq;GTpao2Y?#QU3+jo>2u;v_=;<>le=u``lz~>Z(GDFjMmU>YzkT~Q
z@@c})9F?SKDk)nM7S>$;Omvr5OfAjRsvPX)^@b_JR(nemOM)2_*yUtG8$`c{m>
z3Q(Kr9EO?3DKbjln~-%bnVz%5dxuQ?bPO-KmfOSnYrVLzh9r;E&xJa<{#D$-_d$xf
zyvrsc&es=;7?{PfOIMraVTu?aQkC@d^n>fu#np|0G*Mq9JGF)aKFl9VYN&FLeW>f0
zJ1vC(yz-&9_i1Eo9WJGn^0N$K%0iuplq&`Qxdt^X(1`c(^C47GrzO5jpFQfvnH#nu
zT%&l)0X-%Tj&DV;o;+Y2y!T&J#YY8>1}ToUU0r_wTk-QkztTmx
z+_bCh%+(FB1Sv`m&4|-y`GJD>Pj}k3ULI@aMO)g#>XcRRNN9(6m|d?u>Hk9|I2`vN
zEUc`gq@<|4yrp2F+_czSI}_3%Hs~Jtr@TCql}}>ShO+0cO-7_d#l)!Hs{>(=pk@gz
zU&iapxK-icWlH6L2N}HeZDS3nNpf5L2PVn6u86;
zOaAgK4ENdlH|OFzOw7ze$lTqX+&FL}$k?EEcE_TP!i(>K{4ZNZuEBzcbjVsH+IbAy
zII*CNq4Fueoy@hKXpE)1Jmf%A{Z>%O@7gUYDq)weu^m@g=_dK4Ty6#3E`fq)!n3S8
zx+85~f)%_&6b!;LLn200Vs)RYJnwFr678H<=R23~I>%sF#!hs14{plX+}!G#4%)xN
zpC3QtagahVGK=R(ce3sil8vG
zh#c0M=nCWJR`JaMV*sBos1XQoqqfGS*3u$}1w0m12~dz75Ljttc*YSy!PGbLsqSU1dAY=X>VV*|i|QDD5bR0k`>q
z&ToBylgMi%#*1F{%>R4>St4lz~9=
zR3LusCq?M1yDtg*lQF+hc%10YQq0S#f`;HNH@yXE8cj-4g4V;bQCm$etYa}Q2CXF@
z8Jz}~R4C8JPzJAQ6LznCjgB8zNHCv?u876#?qC{Bg?VAm1Gzn)1KWA1!)f~mwpu@R
zo#Gm^FP#g)yE^XIvATjoe8-<}LK{Bl9tr%(*c@O~Hgp&ciQnaKMJSZX$a|9wHbmB^
z3MHjr?XEAu^Vb4sFcF@TOB$s4CpIPcLp1JK!z^WbEVyLwq1&BL@Nj@yu{T#2LPRgV
zw7P_8J$+OcbE0qs>;)KEY9U3Y$_9Ym*U4_Qt2`jgvV=zcB_%nRCJC+7{5>EXLA&fYoVGq4ihj*{-qR>}Kb
z`PH3gmpZ=oJ(E+Xc6X^b&n|0qIVy!AM{=?Cs%$MPRgwO|v2=wjXmGn%v~{RCo(ri<
zYM(WK(E6P2wIx2(Uf$Z$p*rErveAL|T1rL@*_EO!8ind^fQUv;Tua;+x)USqn#b*4
z_l~lCvgr~-A+rpF{P6|!>C>lefvD&QN|U+=6KS_0kj{aC
zZePf(Xj{OH(|vY!(|LB<<&6za-DD}x1DyPG-p&c`Z4wPbM1+Aib=TjeH!^K=FR}YrWAayJxdoLxO*S9jjW)RCkymo@yDC-{^idR?1>d5&*
z39@^P(DAJkC-6(6YGK?n=k@60fF|Gb#;Aj#_WBM&0J@1lkYZ7TfWw@qk>~Uaq_zlq`t_|2{9%oiA!d1fJ2M;eT15n_QCD<&qs1
zl!tN~x}1Aw3gn6GhgO%HE3d}u-}+~^v+SN1n*}5k6tQiOyH}H{>6f>+VMa~f*#ocv
z1d~&^eJ_d0#?G|r0qrPp66ed-FFz%)h*a`?Kv
zJlyI->B{rUFaKUx%O3RK>1s1|H}^)?^L%hlS0mH3zxD?@Vbr4i6^3btF$g?zYCHJn#w(4u_xQ^}8mN-Qi
z$fWb&=IB&`tEbL2dHA~cl;8W8=vcA#J%CcYHxyEiyCFQ~G=kK-eW4@ZimR|1GL^k$
zpf;38J=UcGs;2X!0(E-%ZJnWBP^x}SJKuILll_@5ZT0KK;f6qGR0@HE;p=%#2=4~#cS7RIeo=x@JxJ4J3nIFq)4Ee?STHdG9=Enow
z@7;P)E^o5mC4gxmmBhoeiFPjbQSO}OjtLxe!`vLnn$MdyM;ub$K=dY>Bk7e5V%7a7
z!r;&B+EdIrT213EkX!!3@;10n~A-$bPN*=I0>++)9K|H!<$q%}jqrBf6b5rLhPlf!4b_C(NriiBRm
zUEw7$aqf>KZLRmtB1fFIlm1geZ1oY+NEsSccu8PELBUAs;7pW-r=CArOddKcKM9?0
z=WFi_O->pa{g;epFlAgn8RVCqUTfGY-f29lbOwM`11|srNl8^I5jdQrbS1YQ3?rKF
zJWrdJrx44oo?hch4|`sG%9DOO&v);^p!{Ok4X@Q)8NH~ZeQlk`0b8vk8sMf=wa0Fll{2q<~
zVZuA|(k>WKeBl;M*OEg^n{Z;}{Z8>zrt5jMj?OUgqYVtoV>H+TRCnI{;S4{UlKu;G
zu0F-H-=r0hm8uuC`c_?2qnGs#IgLC6S?4!(#Z0?i_9nfoRO$u5$NLx<_!8n-3#1y)
zNI1OIW3O|(P?z6jjAL4!rQYC<``;z#b
z+cAptYn}_hoLKdqZeU@2X5+8G7Iyn?#SHDOn{1YpHxymP?Qt!5lh3h!;WR?s?s5&G*FBjFU&U$2&&su0Psv^2{elU!Iy|xRASgN*s3)p#9=Ed{29`whed8TUCV;C7kyy*
zy7*jZ$;3|8K^`9+A6?ZXV8&Paj!dcILJS+Ph|ytrf&-25`Ip!Tcs2%tRIY1Ag=mig
zRSARg+_-7Dz18%AFiJHd#j)oPxg>`NjxSmb@*~Joo4-FS_hQRc?CMj&0+H$n+}Pye
zf>W7T^$Z0gz6`g6K-CEHiGqQjcfvHHGH_gX(Ql~L)MngwPCb-F85_G+G%48b!ziMn
zD(O*-y}bgoET}5>0m1;kDI>n%Kq?BpWg_PQqhe5}F4(bLODXIf27?Xjl<#-L$6fj+JNi;^WQ
z9|?)6ndx>NcTyWY{gSW+c`3&Ic24mu)xV^WLjyprst^d3UX4TS(|Zv)av=qpr(cv%
zV)i|KFMip?Q1N4+WB&@P@t{AOu;EY&BIn2vBZkGqC|v&D9r>LEN6zH2N*0bQz0y66
z(T`dxza2J7ba9eBcPT+sRlO_b&Ph_Ntd0bMfE>E!b(cedDyIm{*$-IeggiAyn0le8
zB)hj|MEW?nd$n7u_5qo?IID}$Y8pgyxgI@b|R3e{-0rF0KNm2LDQ!^ta?{IcQ>JR+hKWon4UJ0>w%2Sfv9UjxD5NsM0l
z%&yGG$LPr>$CM3ggCkGklYAK0Po6~3YyC(+_NE@X+g5;S9J~M~BQ5MCVvwY&7VgDK
zk$Aa>nfQZQj}6457uFVX(F>>2jxab}s3(V>I5B1ex>IL&cWS-hWXt~2QlNlEAC;8x
zj_Q43waT*RUGKXp4%ZUK*Q-%!r5B?|%&wSqwqB2Yen$X)qW=Bl(Hr&~#3|*K-xiI&
z-VwOxudXNi2Gs%$Ms>+mFC;HNVRGCp;P_iiURK!@sFL+9fi3j*7
z((XskzoQlW%%%VE=KLq#&hD;eQ@v$K`}U+`pOl|l1dc+M<6OA3AGUdAB?bn@QpA3X
zViIQ(SWEZK)>s<=&NW8c_++EtxqwQL9o;|+=lKxw^=08VM7ht9I`YRPaa)@mpoApH
z2<*&M!3-aRzK|}2{!xOXLjuWy6l-*c*Lo8WZ~Da>$2Pp~ikxFT42K?QgIL4
zcmU&&@HvW=7&L`R`TT}%CBCEDIt?OVm)VtIx?ORct>z9V+T?y5gCn{veNINnW7Pkd
zYXps@-Vj*Dg8(%QxYE#=d>W;`UXir6*67<5b7J;_@}o?v!Sps5Z*ydcp;6Z_8#B%9
z;4}iR*_I0sI#!(AZ1pY)6%~%hX+(&_o3QD!OKizk1NYcer~0Sm-Q7*2D+nFth<<+5
zhmBJ?D*TDIulRtx&^fjSq|vt7e)`wOUUEE<59&o0{0n57&sJ1F-S5e@fMJy<0pyF_
zPAWuV`L=DgkTX49Wx3_n!L+q?#QM6Oi|Uaj!Hu{V`Cd|n1z)Ypx{PSz*HD$Duja;-
zo2P-l?!(5%V`;M?2tKL`OU#cizG#t1$OTkvtBSFHYs>ybz?CK(5N6WBo~@RaOhQQu
zMB8OsPXVg!nBZKB<~@j{M*9K-o63}(B_2NlQdHu}`j@)W0HP3x@MU@Wu34D*&g}`w
z!mbFpv-9aX^p$g{Z@oeZR)h1ZyZ!uc!c6~qhHyeZ##maR)|d}LXM$_^fd2QqM3aT+
zcGGNa|Mg5G{j!HC!e!mI4n^NR!rF#f#=o)4R*iseq0Y4cP}!b5^$Psdi34cWP=J^4
z+x`-aq<#*g
zvJCFy>xIX8Diq+HhkAAZtT3@M22BVPf$9qCM4qatwdW|x;o#{-fBeWq4e>tRiXO?u
z>g9X0GxgN%!kBSq?p%mQ!~x96iViD?*da5;ht(Z5#{CV<`a8wMG@qT7`-G>GkPUPg
z8ynlP!nVx^UE-^)t9!MUxv`)?a1|RF**cv4czMM>9y93XPRwOt$ypL{LlX`-OscEt
zE-_sEXxQLxX*`7gpGNr=?=vL?CGtx*y|`QJ&Glu)8wuAf6koq4r>!xuF}vYDq?cU?
zW#7rOPU!sR4L+ZLyWoqWGekokAE%j)5)QhfI<-R-1`yS(Q%{6iHJl9
zn6zW;EL;-``!&;?Y@N%0e>+otVn@Kh;_p|JUS__B0(CB3s@h&Q>PqA0&X;Dn`BO*n
z$RDDvqro7ZyW_gXU5+i+a8`3oJCmsR_@1}SkDb=OF$2PT1bF99jKvL6%JKWqL6W>H-NRt2J(D6NZ=wDi@+bn5teK0mVCFcBqNH{gv
z%dirkO|K}%k|L7wPN4c$73dOlCv9~0QQ(*HS?3#=DS}&gC%AikBY}_lou;h)wU*YP
z-RI7(E;EN#foJJ!#vEo4|J!R1``LO_GbLhpMV7*oI``dh19qjx2xPYjwD&~B&WQzG
z)o6|ia+K5M3b?5XBM~2LO4n1Cd&%!Vr}0oo1d0pi(YHcqS4<`R{I)DbZ3amd4xlJ0
zDG}@Q_VzXf7{X_bHUaXW^9B?Ye4)EufFF6sda=nonF=SiNl-JhSeYBqxVJ;XW=5@o
z)O}PCmkEM-X+kp(<+UUOSN{zi+}HiR9fS-=p0h{0e2(tQYhT;$s~1zI@|CSWXXwwB
zYI?OX!Fj&(Xk-3+O4_-{O41#J2eW)MfRe6?^uf!zu=h{jH}DcO2r$UpxXJF3ev)ul
zY>rLnIb9b=L}p~vILzxIwNty8mb43Q3{Z1~+4cT0*4D!5+QID4CntbYOK>LT8$
z^_z$&4pHuoRir|0d$K=Oh7MpYk(^uylknTA9&tpdrA_g0l|U_ZXhIG>WYGNedXR9S
zY`_j7x@z_f^k^BN5JzY#n4nl4@wXsCrtR9KE9-@3`Z%v+T|l$930oLt!2%88r)b6i
zDlG5XccFYjmSKW=!Z3e6eg>URdN4iYXuRtaV|n?m(J0ot7zgTWs42K8vZm4(I#Mb9
z;aodmAGO(1Iyw1I>?z5%wdQ;fW7X3Wc9^r)*m+)BlTcxw>AA9u6Pyl;yGOZyX(M4|
zJugq>Vu)}ev>eJLW@j&uzh;UKfbzF<-5!No3db)P|JvIXdZgnPP-jUEJH$a#ohV`H
ze}mi0=T`L2G99)cN;cqQ!Pp08gv2x^R9p0Xyo@xI54*5JWqgi`w`L^U+nU4Gj3mRu
z#l2Id_)I+mo@EM>4Gun!jER9uFzFUSj7r?>?3ZhiNNcyfIov|sK>%8Edo4^Ix~@S$
zq>;~xKc)G|uUbW`(Gt^%240+OTZt_@6M(T+Wh#R(*XK#Rv7LAsnQv{tMUwU=Wy2r!
zWy5p1_q?@zEWF~f>u!FTRpbj<(cESeq90u^VVz2(2GC?}*e}b~%z)C;GEVa2wj-40
zbw3mYwVhvoSvt83)bErU!iaP!9}pnlb`|T3tdsrDkf=(Q;D?oD@S7EwwV#=YmALsJ
zhnc@;os#Mlr}GvN-vY?Xw{G31j->>05wMkrOC@xK4wU3+U#WY#(b*z86L~0H${~*!
zTUv8AvFg6QRtw@GsC0}dY*3se`DkauuVg#TlYNDW{;GMWUR5B1&XCI5m{i~0&T_|`
zvJbr2{@$?0U{B^Wee3?I$MT0i`-v6UPjybq!3NDYg{95!3+v(-gs2=GQXlpgsAnb9
zVi?t)@%mpatA@0We%56Dp2GjQWPpW;Kf!t<=FlZbh#%>Gk~-uh(?-Lp9GA!qF5}m9
za(fa~TwG;wKXy*Bh?EuN?o<3&Bm@q>!hi!B#Om7NV)R72^M_k*qkZ1rgCd;-AEU*1
zt}Lfp-+##|w|mNevE5z&ieW)r`+1Ych>zpxZoVbeD}Mr5TbkwMd(&T&#{$R5ch_eJ
z-FNFJz(~Xe=O~&VEVYR`uV5&}(uD@0U*sqes@Jg;P0=~c{x+l%wFcLF1l$9tPKuz(
zM>*)`VvEdPsIgMv&opLkZnfr54i7Y6yr@iPm@n9m@b=mH#LCZ%B`1gPbaQpCeDn%9
z>0BON=fWW}veJRpxvb*>MLzi3la9T&uO6{~Q$$90tJEmv_tJ!-{wS=KE^p1DH#03~
zYlEsK?9{snRIxl#nW79mI>`PpS`M3osihL8joS;`TA;4z+8E~?seDt_04WM`N
z#dkuTJ;B+Jc;nR%;cv`g(Kwtep6QZaH22v3LRZ*;l}xaI5g4Gc{(_pyMgDk>`aYtKfgyn3M^-Sc_GIeTIyAgX)i@Qa}C+8p2e7yEs29IxfzlTHAZgxrL|Qx^F4+h
zdcJB_eL|UXRPRX_qT=tr;Khx}ae%z@{|be+76a3vzbGC3uJid31=y$@3pnij22TbK
z0o%H|6jkP$d?=sCJq6fXp8)bVplDlFZ+jH58E^G2;pnv__0~8Xqy2`>V
z5ILpAQIO=&GJSbZPi7mFy&z({Cla-%tjzh$;WR!)%IabB%>`{_lJB@gxs6n>gJ!k;
zZ;ZZ4LG$aw2la3=F`+s#_cix6A#HT+HzARaYBJ45(0h<8PUp1xxr^TKm)RDY`ge=a
zqbtre%H3?foXV9c+(`ytfM<<_!Nc$=p;u=QJy&Bz_&oLuUX&V1*-_-Nn+&ABJmTF}
zNs=;WdZ?#Nv!}Ee)N<=acXdsCb{UYkyAdHI`L#V@hTML!ntPR^3z9)2WNSK8X@i_7
z*6+5A=A^dH=cKjyz$Y%PK8K^GV)5%mR?h742**>qVR8Ugtqwwp8bK4<|-|txn>`&NR*>Pc$F4oe=c}p+!HCOB{
z9>vBH_qz8v{my1d;QUNeSr&w-n0GvgyP3UcHbj6*IqTepK8}?yj579)%=LW13Kf3JQN=x
z=(?gUlt(;&GYJZB*x5ddbSTYeyt2sr!P8S$Kh!aiVG;@rJAJWVW5NH`xx-w#D-
z=H6^?2tTusaecDyP)EgKZwq?cm}ay+$me_Ew0YCGBVT+rL;wShu*ubd_Pnm`swY@*
zaQ-Xo#ME>Z1Co>XVi;7o!WWl^DLk$dT{A8eEDR?NG|&2ltDj_M#f$}fL>HcXxlszN`8WkIPs3GK~OrZEb`~goPFepzp
zWgq|t9d_>C`2H`chzEKWSKa{S(G#=G^DY~5XfOeDV7A-eJf?ztuUY*AnK(3jF{prd
zsREXAMRw)hi3&kzz#I=rERPuhWvZFJ^iOwU&?b)0C-*w%*oUKmpJSZptBa`sp4~m5_xFw{{dh5**O3J

literal 0
HcmV?d00001

diff --git a/zciyon/c.go b/zciyon/c.go
index cb7beed..974d19a 100644
--- a/zciyon/c.go
+++ b/zciyon/c.go
@@ -87,6 +87,7 @@ import (
 	"crypto/hmac"
 	"crypto/md5"
 	"crypto/sha256"
+	"crypto/sha512"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@@ -879,7 +880,14 @@ func MD5Byte(src ...[]byte) []byte {
 	}
 	return h.Sum(nil)
 }
-
+func Sha256(src string) string {
+	hash := sha256.Sum256([]byte(src))
+	return hex.EncodeToString(hash[:])
+}
+func Sha512(src string) string {
+	hash := sha512.Sum512([]byte(src))
+	return hex.EncodeToString(hash[:])
+}
 func Uniqid(length int) string {
 	numbers := make([]byte, length)
 	for i := range numbers {
diff --git a/zciyon/web.go b/zciyon/web.go
index 7974229..c1c3463 100644
--- a/zciyon/web.go
+++ b/zciyon/web.go
@@ -18,6 +18,7 @@ Nginx配置示例:
 package zciyon
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"net/http"
@@ -37,6 +38,14 @@ type CiyWebServer struct {
 	exts     map[string]int                                 //静态服务器允许的扩展名,不设置全部允许
 }
 
+type contextKey string
+
+var GhttpKey contextKey = contextKey("ciy")
+
+type RequestContext struct {
+	CiyAuth string
+}
+
 //在根上建立HandleFunc
 //
 
@@ -44,11 +53,18 @@ func NewCiyWebServer() (*CiyWebServer, error) {
 	web := &CiyWebServer{}
 	web.exts = map[string]int{}
 	web.pathfn = map[string]map[string]func(http.ResponseWriter, *http.Request) bool{}
-	http.HandleFunc("/z/", web.runMainPath)
+	http.HandleFunc("/z/", web.WithRequestContext(web.runMainPath))
 	http.HandleFunc("/ws/", web.runWebsocket)
 	return web, nil
 }
-
+func (web *CiyWebServer) WithRequestContext(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := context.WithValue(r.Context(), GhttpKey, &RequestContext{
+			CiyAuth: "",
+		})
+		next(w, r.WithContext(ctx))
+	}
+}
 func (thos *CiyWebServer) registerPath(path, fnname string, fn func(http.ResponseWriter, *http.Request) bool) {
 	_, ok := thos.pathfn[path]
 	if ok {
@@ -364,7 +380,7 @@ func ErrJSON(w http.ResponseWriter, errmsg string, argext ...any) bool {
 	w.Write(JSON_Byte(jsn))
 	return false
 }
-func SuccJSON(w http.ResponseWriter, obj ...map[string]any) bool {
+func SuccJSON(w http.ResponseWriter, r *http.Request, obj ...map[string]any) bool {
 	jsn := map[string]any{
 		"code": 1,
 	}
@@ -375,6 +391,10 @@ func SuccJSON(w http.ResponseWriter, obj ...map[string]any) bool {
 			}
 		}
 	}
+	reqCtx := r.Context().Value(GhttpKey).(*RequestContext)
+	if reqCtx != nil && reqCtx.CiyAuth != "" {
+		jsn["_ciyauth"] = reqCtx.CiyAuth
+	}
 	w.Write(JSON_Byte(jsn))
 	return true
 }
diff --git a/zciyphp/comm.php b/zciyphp/comm.php
index b55773c..e98e9c8 100644
--- a/zciyphp/comm.php
+++ b/zciyphp/comm.php
@@ -218,13 +218,6 @@ function timems() {
     $comps = explode(' ', $microtime);
     return toint(sprintf('%d%03d', $comps[1], $comps[0] * 1000));
 }
-function ishttps() {
-    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
-        return true;
-    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
-        return true;
-    return false;
-}
 function ismobile($mob) {
     return preg_match('/^1\d{10}$/', $mob);
 }