避免前端伪造

polaris1119 · polaris1119 · commit 52e3db9b34c6 · 2016-05-31T08:28:46.000+08:00
diff --git a/websites/code2/studygolang/src/logic/user.go b/websites/code2/studygolang/src/logic/user.go
@@ -82,6 +82,8 @@ func (self UserLogic) CreateUser(ctx context.Context, form url.Values) (errMsg s
 	// 随机给一个默认头像
 	user.Avatar = DefaultAvatars[rand.Intn(len(DefaultAvatars))]
 	user.Open = 1
+	// 避免前端伪造，传递 status=1
+	user.Status = model.UserStatusNoAudit
 	_, err = session.Insert(user)
 	if err != nil {
 		session.Rollback()
diff --git a/websites/code2/studygolang/template/common/layout.html b/websites/code2/studygolang/template/common/layout.html
@@ -99,6 +99,16 @@
 	</header>
 	<div class="wrapper" id="wrapper">
 		<div class="container" role="main">
+		{{if .me}}
+			{{if eq .me.Status 0}}
+			<div class="row">
+				<div class="alert alert-warning text-center" role="alert" style="margin-bottom: 0px;">
+					<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+					您的账号未激活，不允许发布内容。<a href="/account/edit" class="alert-link">现在就去激活</a>
+				</div>
+			</div>
+			{{end}}
+		{{end}}
 			{{template "content" .}}
 		</div>
 	</div>
