From e5f1a3709ad0c24e716dda0f6088580513872ee4 Mon Sep 17 00:00:00 2001
From: xiaoz <xiaoz93@outlook.com>
Date: Mon, 28 Nov 2022 20:43:55 +0800
Subject: [PATCH] fix bug

---
 class/Api.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/class/Api.php b/class/Api.php
index 02dfb4a..db15feb 100755
--- a/class/Api.php
+++ b/class/Api.php
@@ -176,7 +176,9 @@ class Api {
         $token_yes = md5(USER.$SecretKey);
         //获取header中的X-token
         $xtoken = $_SERVER['HTTP_X_TOKEN'];
-        if( $xtoken === $token_yes ) {
+
+        //如果通过header传递token，且验证通过
+        if( !empty($xtoken) && ($xtoken === $token_yes) ) {
             return TRUE;
         }
         //如果token为空，则验证cookie
@@ -824,9 +826,9 @@ class Api {
             $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name  FROM on_links WHERE fid = $fid ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
         }
         //通过header获取token成功
-        else if( $this->auth("") ) {
-            $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name  FROM on_links WHERE fid = $fid ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
-        }
+        // else if( $this->auth("") ) {
+        //     $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name  FROM on_links WHERE fid = $fid ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
+        // }
         
         //如果token验证通过
         elseif( (!empty($token)) && ($this->auth($token)) ) {