由于公司运营管理岗位变动,删除账户会造成操作日志操作人为空的现象,为了保留管理账号完整,又不要他登陆管理,虽然可以更改后台管理的链接,但为了更安全,所以公司要求实现管理员状态设置,可以自由变更商城模板管理员的登录状态。一下是删除管理员账号操作日志造成的问题:

限制ecshop商城管理员登陆权限

下面是添加成功后的展示图:

限制ecshop商城管理员登陆权限

一、执行数据库语句,添加状态字段:其中ecs_为数据库前缀

ALTER TABLE `ecs_admin_user` ADD `status` SMALLINT( 3 ) UNSIGNED NOT NULL DEFAULT '1' COMMENT '账号状态';

二、编辑/admin/privilege.php验证登录信息代码段,添加账号状态验证,并在其后添加AJAX修改账号状态(查找----验证登陆信息----大约在179行位置,此方法上面添加以下代码)

/*------------------------------------------------------ */ //-- 验证登录信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'signin') { if (!empty($_SESSION['captcha_word']) && (intval($_CFG['captcha']) & CAPTCHA_ADMIN)) { include_once(ROOT_PATH . 'includes/cls_captcha.php'); /* 检查验证码是否正确 */ $validator = new captcha(); if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) { sys_msg($_LANG['captcha_error'], 1); } } //www.zuimoban.com $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; $sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_POST['username']."'"; $ec_salt =$db->getOne($sql); if(!empty($ec_salt)) { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt,status". " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'"; } else { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt,status". " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'"; } $row = $db->getRow($sql); if ($row) { // 检查是否为供货商的管理员 所属供货商是否有效 if (!empty($row['suppliers_id'])) { $supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $row['suppliers_id']); if (empty($supplier_is_check)) { sys_msg($_LANG['login_disable'], 1); } } // 检查账号状态 if ($row['status'] == 0) { sys_msg($_LANG['login_disable'], 1); exit(); } // 登录成功 set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']); $_SESSION['suppliers_id'] = $row['suppliers_id']; if(empty($row['ec_salt'])) { $ec_salt=rand(1,9999); $new_possword=md5(md5($_POST['password']).$ec_salt); $db->query("UPDATE " .$ecs->table('admin_user'). " SET ec_salt='" . $ec_salt . "', password='" .$new_possword . "'". " WHERE user_id='$_SESSION[admin_id]'"); } if($row['action_list'] == 'all' && empty($row['last_login'])) { $_SESSION['shop_guide'] = true; } // 更新最后登录时间和IP $db->query("UPDATE " .$ecs->table('admin_user'). " SET last_login='" . gmtime() . "', last_ip='" . real_ip() . "'". " WHERE user_id='$_SESSION[admin_id]'"); if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[admin_id]', $row['user_id'], $time); setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time); } // 清除购物车中过期的数据 clear_cart(); ecs_header("Location: ./index.php\n"); exit; } else { sys_msg($_LANG['login_faild'], 1); } } /*------------------------------------------------------ */ //-- AJAX修改账号状态 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'toggle_status') { $user_id = intval($_POST['id']); $status = intval($_POST['val']); if ($exc->edit("status = '$status'", $user_id )) { clear_cache_files(); make_json_result($status); } }