sql_query ($sql); $row = $db->sql_fetchrow ($result); if ($row) { mt_srand ((double)microtime ()*1000000); $maxran = 1000000; $checknum = mt_rand (0, $maxran); $checknum = md5 ($checknum); $agent = substr (trim ($_SERVER['HTTP_USER_AGENT']), 0, 80); $addr_ip = substr (trim ($_SERVER['REMOTE_ADDR']), 0, 15); $db->sql_query ("UPDATE ".SN_TABLE_ADMINS." SET checknum = '$checknum', last_login = '".time ()."', last_ip = '$addr_ip', agent = '$agent' WHERE admin_id='$row[admin_id]'"); session_register ("admin_id"); session_register ("admin_cn"); $_SESSION['admin_cn'] = base64_encode ("".$checknum."#:#".$agent."#:#".$addr_ip.""); $_SESSION['admin_id'] = $row['admin_id']; $_SESSION['admin_name'] = $row['login']; } header ('Location: admin.php'); exit; } if (isset ($_GET['logout'])) { session_unset (); header ('Location: admin.php'); exit; } if ((isset ($_SESSION['admin_id'])) AND (isset ($_SESSION['admin_cn']))) { $cn_num = base64_decode ($_SESSION['admin_cn']); $ch_num = explode ("#:#", $cn_num); $sql = "SELECT * FROM ".SN_TABLE_ADMINS." WHERE admin_id = '$_SESSION[admin_id]' AND checknum = '$ch_num[0]' AND agent = '$ch_num[1]' AND last_ip = '$ch_num[2]'"; $result = $db->sql_query ($sql); $row = $db->sql_fetchrow ($result); if ((!$row) OR ($ch_num[1] != substr (trim ($_SERVER['HTTP_USER_AGENT']), 0, 80))) { session_unset (); header ('Location: admin.php'); exit; } if (isset ($_GET['in']) || isset ($_POST['in']) ) { $in = trim ((isset ($_POST['in']) ) ? $_POST['in'] : $_GET['in']); } if (eregi ("[^a-zA-Z0-9_]",$in)) { header ('Location: admin.php'); exit; } if (isset ($_GET['go']) || isset ($_POST['go']) ) { $go = trim ((isset ($_POST['go']) ) ? $_POST['go'] : $_GET['go']); } if (eregi ("[^a-zA-Z0-9_]", $go)) { header ('Location: admin.php'); exit; } $access_module = explode ('|', $row['access']); if (isset ($go)) { if (($row['access'] == 'super') || ($row['access'] == 'full')) { $access = 1; } else { for ($i=0; $i <? echo _ADMINAUTH; ?>
:
: