login.php

Try2php整站系统（Try2php CMS）Try2php整站系统（Try2php CMS）

<?
include("../dbcon.php");
$Suser=htmlspecialchars($_POST[user]);
$Spwd=htmlspecialchars($_POST[pwd]);
$PassTrue=md5(sha1($prefix));

session_start();
if ($_COOKIE['SweetPort']!="true")
{
	$tmp_user=stripos($Suser,"\'");
	$tmp_user="t".$tmp_user."p";
	$tmp_pwd=stripos($Spwd,"\'");
	$tmp_pwd="t".$tmp_pwd."p";
	if ($tmp_user!="tp" or $tmp_pwd!="tp")
	{
		setcookie("SweetPort", "true");
		echo "<script>window.location='admin.php'</script>";
	}
}
$Spwd=sha1(md5($_POST[pwd]));


if ($_COOKIE['Session_Pass']!=$PassTrue)
{
	mysql_query("SET NAMES 'UTF8'");
	$query = "select * from ".$prefix."admin where ad_user='".$Suser."' and ad_pwd='".$Spwd."'";
	$result = mysql_query($query);
	$rows = @mysql_num_rows($result);
	@mysql_data_seek($result,0);
    $adinfo = @mysql_fetch_array($result);
	
    if ($rows==0)
    {
		setcookie("Session_Pass", "false");
		if ($Suser!="" and $Spwd!="") echo "<script>window.location='login.php?id=1'</script>";
    }
    else
    {
        if ($_COOKIE['aduser']=="")
        {
			setcookie("aduser", $adinfo[ad_user]);
        }
		setcookie("Session_Pass", $PassTrue);
		setcookie("validate", $adinfo[ad_validate]);
		if ($Suser!="" and $Spwd!="") echo "<script>window.location='index.php'</script>";
    }
}

if ($_COOKIE['Session_Pass']=="false" and $_COOKIE['SweetPort']!="true" or $_COOKIE['Session_Pass']=="" and $_COOKIE['SweetPort']!="true")
{?>
<link href="../images/css/css.css" type=text/css rel=stylesheet>
<table border="0" width="100%" id="table1" height="540" cellspacing="0" cellpadding="0">
	<tr>
		<td valign="top">
		<table border="0" width="100%" id="table2" height="78" cellspacing="0" cellpadding="0">
			<tr>
				<td height="78" background="../images/top.gif" width="687">
				<p align="center">
				<img border="0" src="../images/banner.gif" width="480" height="70">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </td>
				<td height="78" background="../images/top.gif" width="10%">
				<img border="0" src="../images/try2.gif" width="200" height="70"></td>
				<td height="78" background="../images/top.gif" width="5%">　</td>
			</tr>
		</table>
		<form method="POST" action="login.php">
		<table border="0" width="100%" id="table5" cellspacing="0" cellpadding="0">
			<tr>
				<td>
				<?
				if ($_GET[id]=='1') echo "<div class='userlinksguest'><p><img src='../images/loginerror.gif'></p></div>";
				else echo "<p align=center><img src='../images/admtitle.gif'></p>";
				?>
				</td>
			</tr>
		</table>
		<table border="0" width="100%" id="table3" cellspacing="0" cellpadding="0" height="80">
			<tr>
				<td align="center">　<p><img src="../images/user.gif"><input type="text" name="user" size="20"></p><img src="../images/pwd.gif"><input type="password" name="pwd" size="20"><p>
    	<input type="submit" value="登  录"></td>
			</tr>
			</table>
		</form>
		<table border="0" width="100%" id="table4" cellspacing="0" cellpadding="0" height="199">
			<tr>
				<td>　</td>
			</tr>
		</table>
		</td>
	</tr>
</table>
<?
}
mysql_close($connect)
?>