<?phpinclude_once ('../config.php');include_once ('security.php');if (is

1. <?php
2. include_once ('../config.php');
3. include_once ('security.php');
4.  
5. if (isset ($_GET ['logout'])) {
6.     if ($_SESSION ['qB'] ['admin']) {
7.         unset ($_SESSION ['qB']);
8.         header ('Location: ../index.php');
9.     }
10.     else {
11.         die ('Fail.');
12.     }
13. }
14.  
15. if (isset ($_REQUEST ['login'])) {
16.     if ($_SESSION ['qB'] ['admin']) {
17.         die ('WTF?');
18.     }
19.    
20.     $username = clearRequest ('login');
21.     $password = clearRequest ('password');
22.     $query = "SELECT `password` FROM `admin` WHERE `username` = '{$username}'";
23.     if (!@mysql_query ($query, $db)) {
24.         die (mysql_error ());
25.     }
26.     else {
27.         $fetch = @mysql_fetch_array (mysql_query ($query, $db), MYSQL_ASSOC);
28.         if ($fetch ['password'] == sha1 (md5 ($password))) {
29.             $_SESSION ['qB'] ['admin_name'] = $username;
30.             $_SESSION ['qB'] ['admin']      = true;
31.             header ('Location: ../index.php');
32.         }
33.         else {
34.             print "<script>alert ('Wrong password.');\nwindow.location.href = '../index.php';</script>";
35.         }
36.     }
37. }
38.  
39. else if (isset ($_REQUEST ['change'])) {
40.     if ($_SESSION ['qB'] ['admin']) {
41.         if (!empty ($_REQUEST ['change'])) {
42.             $pass = sha1 (md5 (clearRequest ('change')));
43.             $query = "UPDATE `admin` SET `password` = '{$pass}'";
44.             if (!@mysql_query ($query, $db)) {
45.                 die (mysql_error ());
46.             }
47.             else {
48.                 print "<script>alert ('Changed.');\nwindow.location.href = '../index.php';</script>";
49.             }
50.         }
51.         else {
52.             die ('No.');
53.         }
54.     }
55.     else {
56.         die ('Fail.');
57.     }
58. }
59. ?>