function viewAuth($action = 'auth', $pass = '') { global $FavPasswd, $ViewPassword; switch ($action) { case 'auth': if (isset($_COOKIE['favsess'])) { @(list($hash, $exptime, $type) = @explode('.', $_COOKIE['favsess'])); if ($type == 2 && md5('favsess' . $FavPasswd . $exptime) == $hash && time() <= $exptime) { return true; } if ($type == 1 && md5('favsess' . $ViewPassword . $exptime) == $hash && time() <= $exptime) { return true; } viewAuth('logout'); } return false; case 'login': $exptime = time() + 3600; setcookie("favsess", md5('favsess' . $pass . $exptime) . '.' . $exptime . '.' . ($pass == $FavPasswd ? 2 : 1), time() + 3600); break; case 'logout': setcookie("favsess", '', time() - 3600); } }
} else { if (!isset($_POST['pwd'])) { echo $MyFav_PasswdPrompt . '<form action="' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'] . '" method="post"> <input type="password" name="pwd"> <input type="submit" name="Submit" value="登入"> ' . $MyFav_BackHTML . ' </form>'; } else { if (!logInOut(val($_POST, 'pwd'))) { echo $MyFav_AccessDeny . '<br><center>' . $MyFav_BackHTML . '</center>'; } } } } } if (isset($_SESSION['isLogined']) || viewAuth()) { switch ($iAction) { case "add": $_GET['url'] = urlencode($_GET['url']); // encodes url again $_GET['name'] = urlencode(jsUCEsc2utf8($_GET['name'])); // encodes name again header("Location: " . $BaseURL . "fav_add.php?" . toQueryString("catid", 'name', 'url') . $SidebarSuffix2); break; case "edit": header("Location: " . $BaseURL . "fav_edit.php?" . toQueryString('id') . $SidebarSuffix2); break; case "delete": header("Location: " . $BaseURL . "fav_del.php?" . toQueryString('id') . $SidebarSuffix2); break; case "order":