ecshop的管理员邮箱的仅有作用是用来找回暗码,默许只能运用用户名(不区别大小写)和暗码登录,在验证用户名和暗码之前,对提交的表单域进行判别,若是输入的是邮箱,则查询邮箱对应的用户名并进行变换,然后登录体系。
完成办法:
修改/admin/privilege.php,查找:
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
下面添加“邮箱->用户名”转换代码,结果如下:
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
/* 邮箱登录 */
if(is_email($_POST['username']))
{
$sql = "sel ect user_name" . " FROM " . $ecs->table('admin_user') . " WHERE email = '" . $_POST['username'] . "'";
$_POST['username'] = $db->getOne($sql);
}
$sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_POST['username']."'";
$ec_salt =$db->getOne($sql);