From 0b45e9a2e499c4424ae4f5ccfce3e9c6b1f7212e Mon Sep 17 00:00:00 2001
From: lyf666 <lyf666@gmail.com>
Date: Tue, 10 Oct 2017 00:02:48 +0800
Subject: [PATCH] .

---
 src/main/java/route/CtrlUser.kt | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/main/java/route/CtrlUser.kt b/src/main/java/route/CtrlUser.kt
index 2c5e5d6..aac84f4 100644
--- a/src/main/java/route/CtrlUser.kt
+++ b/src/main/java/route/CtrlUser.kt
@@ -157,11 +157,15 @@ class CtrlUser : Controller() {
         if (user == null) {
             return JSONResponse(Const.codeResourceNotFound, Const.msgNotFound, null)
         } else {
-            val session = request.getSession(true)
-            val token = md5(name + ":" + passwd)
-            session.put("name", name)
-            session.put("token", token)
-            return responseSuccess(token)
+            if (user.passwd == passwd) {
+                val session = request.getSession(true)
+                val token = md5(name + ":" + passwd)
+                session.put("name", name)
+                session.put("token", token)
+                return responseSuccess(token)
+            } else {
+                return JSONResponse(403, "密码错误", null)
+            }
         }
     }