1

//只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

2

$this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

3

$this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

4

$pwd = substr(md5($this->userPwd), 5, 20);

5

6

$dsql->SetQuery("SELECT admin.*,atype.purviews FROM `dede_admin` admin LEFT JOIN `dede_admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

7

$dsql->Execute();

8

$row = $dsql->GetObject();

其中SetQuery就是设定将要执行的sql语句, 下一行Execute()来执行这个设定好语句，我们从语句里面改。改成如下：

1

//只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

2

$this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

3

$this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

4

$pwd = substr(md5($this->userPwd), 5, 20);

5

6

$dsql->SetQuery("SELECT admi.*,atype.purviews FROM `dede_admin` admi LEFT JOIN `dede_admintype` atype ON atype.rank=admi.usertype WHERE admi.userid LIKE '".$this->userName."' LIMIT 0,1");

7

$dsql->Execute();

8

$row = $dsql->GetObject();

1

//只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

2

$this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

3

$this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

4

$pwd = substr(md5($this->userPwd), 5, 20);

5

6

$dsql->SetQuery("SELECT admi.*,atype.purviews FROM `dede_admin` admi LEFT JOIN `dede_admintype` atype ON atype.rank=admi.usertype WHERE admi.userid LIKE '".$this->userName."' LIMIT 0,1");

7

$dsql->Execute();

8

$row = $dsql->GetObject();

这样一来，表的别名从admin删去一个n被改成admi, 就可以正常登录后台了。