ecshop 2.7.3 添加ecgroupon插件后,从ecgroupon后台不能登录问题的解决

安装了ecshop v2.7.3 ,今天又安装了ecgroupon插件,安装说明中说可以用ecshop后台管理员帐号登录,但试了N次发现确实不能登录,网上查了后,说原因是:
ecshop的管理员登录验证,加了一层盐值加密。
而ecgroupon管理员登录,又忽略的盐值加密判断。
解决办法:
找到 /mygroupon/privilege.php 文件,找到:
    $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id".
            " FROM " . $ecs->table('admin_user') .
            " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'";
 
将上面的整条$sql(不包括下面的$row)替换为:
$sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_POST['username']."'";
    $ec_salt =$db->getOne($sql);
    if(!empty($ec_salt))
    {

$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'";
    }
    else
    {
         
         $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id".
" FROM " . $ecs->table('admin_user') .
" WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'";
}
再登录,OK!
posted @ 2013-06-19 17:11  chinaifne  阅读(248)  评论(0编辑  收藏  举报