function chkLogin2()
{
global $db;
$m_id = getCookie('adminid');
ckSql($m_id);
$m_name = getCookie('adminname');
ckSql($m_name);
$m_check = getCookie('admincheck');
ckSql($m_check);
$index = 'index.php';
if (strpos($_SERVER['PHP_SELF'], 'editor') > -1) {
$index = "../" . $index;
}
if (!isN($m_name) && !isNum($m_id)) {
$row = $db->getRow('SELECT * FROM {pre}manager WHERE m_name=\'' . mysql_real_escape_string($m_name) . '\' AND m_id= \'' . $m_id . '\' AND m_status=1');
if ($row) {
$loginValidate = md5($row['m_random'] . $row['m_name'] . $row['m_id']);
if ($m_check != $loginValidate) {
sCookie('admincheck', '');
redirect($index . '?m=admin-login', 'top.');
}
} else {
sCookie('admincheck', '');
redirect($index . '?m=admin-login', 'top.');
}
} else {
redirect($index . '?m=admin-login', 'top.');
}
}
<?php
if (!defined('MAC_ADMIN')) {
exit('Access Denied');
}
if ($method == 'check') {
$m_name = be('post', 'm_name');
ckSql($m_name);
$m_password = be('post', 'm_password');
ckSql($m_password);
$m_password = md5($m_password);
$m_check = be('post', 'm_check');
ckSql($m_check);
if (isN($m_name) || isN($m_password) || isN($m_check)) {
alertUrl('请输入您的用户名、密码和安全码!!!', '?m=admin-login');
}
$row = $db->getRow('SELECT * FROM {pre}manager WHERE m_name=\'' . mysql_real_escape_string($m_name) . '\' AND m_password = \'' . $m_password . '\' AND m_status=1');
if ($row && $m_check == $MAC['app']['safecode']) {
$_SESSION['adminauth'] = TRUE;
$_SESSION['adminid'] = $row['m_id'];
$_SESSION['adminname'] = $row['m_name'];
session_regenerate_id();
$randnum = md5(rand(1, 99999999));
sCookie('adminid', $row['m_id']);
sCookie('adminname', $row['m_name']);
sCookie('adminlevels', $row['m_levels']);
sCookie('admincheck', md5($randnum . $row['m_name'] . $row['m_id']));
$db->Update('{pre}manager', array('m_logintime', 'm_loginip', 'm_random'), array(time(), ip2long(getIP()), $randnum), ' m_id=' . $row['m_id']);
redirect('?m=admin-index');
} else {
alertUrl('您输入的用户名和密码不正确或者您不是系统管理员!', '?m=admin-login');
