Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include_once ('../config.php');
- include_once ('security.php');
- if (isset ($_GET ['logout'])) {
- if ($_SESSION ['qB'] ['admin']) {
- unset ($_SESSION ['qB']);
- header ('Location: ../index.php');
- }
- else {
- die ('Fail.');
- }
- }
- if (isset ($_REQUEST ['login'])) {
- if ($_SESSION ['qB'] ['admin']) {
- die ('WTF?');
- }
- $username = clearRequest ('login');
- $password = clearRequest ('password');
- $query = "SELECT `password` FROM `admin` WHERE `username` = '{$username}'";
- if (!@mysql_query ($query, $db)) {
- die (mysql_error ());
- }
- else {
- $fetch = @mysql_fetch_array (mysql_query ($query, $db), MYSQL_ASSOC);
- if ($fetch ['password'] == sha1 (md5 ($password))) {
- $_SESSION ['qB'] ['admin_name'] = $username;
- $_SESSION ['qB'] ['admin'] = true;
- header ('Location: ../index.php');
- }
- else {
- print "<script>alert ('Wrong password.');\nwindow.location.href = '../index.php';</script>";
- }
- }
- }
- else if (isset ($_REQUEST ['change'])) {
- if ($_SESSION ['qB'] ['admin']) {
- if (!empty ($_REQUEST ['change'])) {
- $pass = sha1 (md5 (clearRequest ('change')));
- $query = "UPDATE `admin` SET `password` = '{$pass}'";
- if (!@mysql_query ($query, $db)) {
- die (mysql_error ());
- }
- else {
- print "<script>alert ('Changed.');\nwindow.location.href = '../index.php';</script>";
- }
- }
- else {
- die ('No.');
- }
- }
- else {
- die ('Fail.');
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement