check

application/Admin/common.php

@@ -52,3 +52,21 @@ function verifyToken($token){
     }
 }
 
+/**
+ * @param $username
+ * @return bool   账户正则匹配
+ */
+function checkAccount($username){
+    $match ='/^(1749)([\d]{6})$/';
+    return preg_match($match,$username)?true:false;
+}
+
+/**
+ * @param $pawd
+ * @return bool   账户正则匹配
+ */
+function checkPasswd($pawd){
+    $match ='/^([a-zA-z]{2})([\d]{4})$/';
+    return preg_match($match,$pawd)?true:false;
+}
+

application/Admin/controller/Account.php

@@ -63,6 +63,9 @@ class Account extends Base
         if($username==""){
            return error_show(1004,"参数username 不能为空");
         }
+        if(!checkAccount($username)){
+            return error_show(1004,"账户格式不正确");
+        }
         $isT= Db::name("account")->where(["is_del"=>0,"username"=>$username])->find();
         if($isT){
             return error_show(1004,"账户名已存在");
@@ -71,6 +74,9 @@ class Account extends Base
         if($pasword==""){
             return error_show(1004,"参数password 不能为空");
         }
+        if(!checkPasswd($pasword)){
+            return error_show(1004,"密码格式不正确");
+        }
         $starttime = isset($this->post['starttime'])&&$this->post['starttime']!=="" ? $this->post['starttime'] :"";
         if($starttime==""){
             return error_show(1004,"参数starttime 不能为空");