//2011-11-28 星期一
//程序员思想:
<?  
session_start();   
$admin = $_POST['admin'];  
$pass = md5($_POST['pass']);  
$codes = $_POST['codes'];  
if($_GET['action'])...{  
if($result=$db->Execute("select * from x_admin where a_admin='".$admin."'"))...{   
if($rs=mysql_fetch_object($result))...{  
if($rs->a_pws==$pass)...{  
//略
 else...{  
 echo "<script>alert('帐号错误!');location.href='Login.php';</script>";  
 }  
 }*/  
 $sql="select * from xx_admin where adminuser='$admin'";  
 $result=$db->Execute($sql);  
 //print_r ($result);  
 if($admin==$result->fields[adminuser])...{  
 if($pass==$result->fields[adminpass])...{  
 $_SESSION['kgj_admin']=$admin;  
 header("location:index.php");  
 }else...{  
 echo "<script>alert('密码错误')</script>";  
 }  
 }else...{  
 echo "<script>alert('帐号错误')</script>";  
 }  
 $_SESSION['kgj_admin']=$admin;
 //header("location:index.php");  
 }  
 while(($authnum=rand()%10000)<1000);  
 ?>
 
//我们的思想:
随便输入帐号密码登录,然后访问后台。