ecshop 2.7.3 添加ecgroupon插件后,从ecgroupon后台不能登录问题的解决
安装了ecshop v2.7.3 ,今天又安装了ecgroupon插件,安装说明中说可以用ecshop后台管理员帐号登录,但试了N次发现确实不能登录,网上查了后,说原因是:
ecshop的管理员登录验证,加了一层盐值加密。
而ecgroupon管理员登录,又忽略的盐值加密判断。
而ecgroupon管理员登录,又忽略的盐值加密判断。
解决办法:
找到 /mygroupon/privilege.php 文件,找到:
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'";
将上面的整条$sql(不包括下面的$row)替换为:
$sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_POST['username']."'";
$ec_salt =$db->getOne($sql);
if(!empty($ec_salt))
{
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'";
}
else
{
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'";
}
$ec_salt =$db->getOne($sql);
if(!empty($ec_salt))
{
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'";
}
else
{
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'";
}
再登录,OK!
