禁止ecshop网站修改管理员邮箱

ecshop找回密码正确的做法是：修改邮箱后，发送一封验证邮件，在邮箱中点击后跳转到网站，验证密保问题再重设密码。这是ECSHOP的一个BUG，简单起见，我们可以禁止修改管理员邮箱。

点击修改密码的时候，邮箱为只读状态，增加管理员的时候为可编辑状态。

添加管理员：

一、/admin/privilege.php中将以下代码

//更新管理员信息if($pwd_modified){$sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name', ". "email = '$admin_email', ". "ec_salt = '$ec_salt' ". $action_list. $role_id.//www.zuimoban.com $password. $nav_list. "WHERE user_id = '$admin_id'";}else{$sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name', ". "email = '$admin_email' ". $action_list. $role_id. $nav_list. "WHERE user_id = '$admin_id'";}

修改为

//更新管理员信息if($pwd_modified){$sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name', ". "ec_salt = '$ec_salt' ". $action_list. $role_id. $password. $nav_list. "WHERE user_id = '$admin_id'";}else{$sql = "UPDATE " .$ecs->table('admin_user'). " SET ". "user_name = '$admin_name' ". $action_list. $role_id. $nav_list. "WHERE user_id = '$admin_id'";}

二、/admin/templates/privilege_info.htm中email文本框添加只读属性，将以下代码

<input type="text" name="email" value="{$user.email|escape}" size="34" />{$lang.require_field}　

修改为

<input type="text" name="email" value="{$user.email|escape}" size="34" readonly="readonly" />{$lang.cannot_mofify}

三、/languages/zh_cn/admin/privilege.php中添加

$_LANG['unchangeable'] = '<span class="cannot_mofify">不可修改</span>';

四、/admin/styles/main.css中添加

span.cannot_mofify { margin-left: 1em; font: 12px verdana; color: #FF0000;}