feat: 保持默认Admin/lzgzsystem常驻且禁止修改密码

app/blueprints/admin.py

@@ -38,12 +38,9 @@ def dashboard():
             flash("登录失败")
             return render_template("admin/login.html")
         login_user(user)
-        if user.role == "admin" and getattr(user, "must_change_password", False):
-            return redirect(url_for("admin.change_password"))
     if not current_user.is_authenticated or role() not in {"admin","sub_admin","checker"}:
         return render_template("admin/login.html")
-    if role()=="admin" and getattr(current_user, "must_change_password", False):
-        return redirect(url_for("admin.change_password"))
+    # 默认管理员不强制改密
     pending_users = User.query.filter_by(status=UserStatus.pending).count()
     pending_posts = Post.query.filter_by(status=ReviewStatus.pending).count()
     pending_subs = ActivitySubmission.query.filter_by(status=ReviewStatus.pending).count()
@@ -54,6 +51,9 @@ def dashboard():
 def change_password():
     if role() != "admin":
         return redirect(url_for("admin.dashboard"))
+    if getattr(current_user, "username", "") == "Admin":
+        flash("默认管理员密码固定")
+        return redirect(url_for("admin.dashboard"))
     if request.method == "POST":
         p1 = request.form.get("password")
         p2 = request.form.get("confirm")