出现被篡改数据的网站首先检查后台文件夹   public\uploads\avatar  目录内是否有php文件或者html文件，如果有先删除

app\Http\Controllers\Api\AuthController.php文件

打开搜索  uploadimg  关键词，将下方替换即可

该方法是上传头像，建议直接禁止上传头像


    public function uploadimg(Request $request)
    {
     exit;
     $token = $request->header('authorization');
     $token = str_replace('Bearer ','',$token) ;
        $user = User::where('api_token',$token)->first();
        $data = $request->all();
        \Illuminate\Support\Facades\Log::info("上传回调结果");
        \Illuminate\Support\Facades\Log::info($_FILES);
        \Illuminate\Support\Facades\Log::info(json_encode($_FILES));    
        
        $filename=$_FILES['file']['name'];
        $type=$_FILES['file']['type'];
        // echo $type;
        $fileTypes = array('image/png','image/jpg','image/jpeg');
        if (!in_array($type,$fileTypes)){
            return $this->returnMsg(201,'','上传失败');
        }
        $tmp_name=$_FILES['file']['tmp_name'];
        $size=$_FILES['file']['size'];
        $error=$_FILES['file']['error'];
        $temp = explode('.',$filename);
        $name = $temp[0];
        $typePic = $temp[1];
        $filename = time().".".$typePic;
        $save = '/uploads/avatar/'.basename($filename);
        $stored_path = APPPATH.$save;
        $res = move_uploaded_file($tmp_name, $stored_path);
        $httpsStr = env('APP_URL');
        $stored_path = $httpsStr.$save;
        $user->avatar = $save;
        $rest = $user->save();
        //$rest = $this->uploadImgSql($types,$stored_path,$user_id,$rid);
        if ($rest){
           echo $stored_path;
        }else{
           echo ''; 
        }         
    }