blessing-skin-server/app/Http/Middleware/CheckPlayerOwner.php

<?php

namespace App\Http\Middleware;

use Closure;
use App\Models\Player;

class CheckPlayerOwner
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($pid = $request->input('pid')) {
            $player = Player::find($pid);

            if ($player->uid != auth()->id()) {
                return json(trans('admin.players.no-permission'), 1);
            }
        }

        return $next($request);
    }
}
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use App\Models\Player;`

			`class CheckPlayerOwner`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`if ($pid = $request->input('pid')) {`
			`$player = Player::find($pid);`

Use Laravel's auth system and use another captcha generator 2018-07-20 14:42:43 +08:00			`if ($player->uid != auth()->id()) {`
Nomalize JSON response structure 2019-04-23 19:14:41 +08:00			`return json(trans('admin.players.no-permission'), 1);`
Do some checks before updating player profile 2017-11-15 14:00:11 +08:00			`}`
			`}`

			`return $next($request);`
			`}`
			`}`