//2011-11-28 星期一
//程序员思想:
<?
session_start();
$admin = $_POST['admin'];
$pass = md5($_POST['pass']);
$codes = $_POST['codes'];
if($_GET['action'])...{
if($result=$db->Execute("select * from x_admin where a_admin='".$admin."'"))...{
if($rs=mysql_fetch_object($result))...{
if($rs->a_pws==$pass)...{
//略
else...{
echo "<script>alert('帐号错误!');location.href='Login.php';</script>";
}
}*/
$sql="select * from xx_admin where adminuser='$admin'";
$result=$db->Execute($sql);
//print_r ($result);
if($admin==$result->fields[adminuser])...{
if($pass==$result->fields[adminpass])...{
$_SESSION['kgj_admin']=$admin;
header("location:index.php");
}else...{
echo "<script>alert('密码错误')</script>";
}
}else...{
echo "<script>alert('帐号错误')</script>";
}
$_SESSION['kgj_admin']=$admin;
//header("location:index.php");
}
while(($authnum=rand()%10000)<1000);
?>
//我们的思想:
随便输入帐号密码登录,然后访问后台。