PHP-Code:
<?php
if (strpos ($_GET['content'], '/logout/') !== false) {
session_start();
unset($_SESSION['admin']);
header("Location: ".$_SERVER['PHP_SELF']);
}
if (isset ($_GET['content']) && !empty ($_GET['content'])) {
if (strpos ($_GET['content'], '../') !== false) die ('Zugriffsverletzung !');
if ($_GET['content'] {0} != '/') $_GET['content'] = '/' . $_GET['content'];
}
if (!isset($_GET['content']) || empty ($_GET['content'])) $_GET['content'] = '/startseite';
if (!file_exists('content' . $_GET['content'] . '.php')) $_GET['content'] = '/error/keine_seite';
require ('../lib/config.inc.php');
require ('../lib/functions.lib.php');
db_connect ();
session_start();
require ('lib/layout.lib.php');
require ( '../lib/extras.lib.php' );
$shows = 0;
if (!isset($_GET['content'])) $_GET['content'] = '/startseite';
if (!file_exists('content'.$_GET['content'].'.php')) $_GET['content'] = '/error/keine_seite';
if($_POST['check'] == "Login") {
require_once ('../lib/config.inc.php');
require_once ('../lib/functions.lib.php');
db_connect();
$page = mysql_fetch_array(db_query("SELECT admin_name, admin_pass FROM ".$db_prefix."_seitenkonfig LIMIT 1"));
if($_POST['loginname'] == $page['admin_name'] AND $_POST['passwort'] == $page['admin_pass']) {
$_SESSION['admin'] = 1;
header("Location: ".$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
}
}
?>
<!DOCTYPE html>
<html lang='de'>
<head>
<title>..:: Adminforce ::..</title>
<meta charset="UTF-8">
<meta name="generator" content="vms-script">
<meta name="Author" content="Designerscripte.net">
<meta name="Publisher" content="Designerscripte.net">
<meta name="Keywords" content="vms,paid4,loginscript">
<meta name="Description" content="Verdien was Du willst">
<meta name="Robots" content="INDEX,FOLLOW">
<link rel="stylesheet" href="../css/main.css" type="text/css">
</head>
<body>
<noscript><div style="font: 10pt Arial; color: #ff0000; text-align: center;">Um <b>alle Funktionen des Adminforce</b> nutzen zu können, bitte <b>JavaScript aktivieren</b>!</div></noscript>
<div id="wrapper">
<header id="header_1">
<div id="topbar">
<div id="topbar_left">
<ul>
<li><a href="?content=/startseite">Startseite</a></li>
<?php if($_SESSION['admin'] == 1){?>
<li><a href="?content=/bilanzsystem">Bilanz</a></li>
<li><a href="?content=/usersystem/liste">Userliste</a></li>
<?php } ?>
</ul>
</div>
<div id="topbar_right">
<ul>
<li><a href="<?php echo $domain; ?>">Userseite</a></li>
<?php if($_SESSION['admin'] != 1){?>
<li>
<form method="post">
<input type="Text" class ="topbar_input" name="loginname" value="<?php echo $_POST['nickname'];?>" placeholder="Username">
<input type="Password" class ="topbar_input" name="passwort" value="" placeholder="Passwort">
<button type="submit" name="check" value="Login">Login</button>
</form>
</li>
<?php }else{ ?>
<li><a href="?content=/logout/">Logout</a></li>
<?php } ?>
</ul>
</div>
</div>
</header>
<br style="clear:both; font-size:0px;">
<div id="content">
<div id="left">
<?php if($_SESSION['admin'] == 1) require_once('lib/menue_links.php');?>
</div>
<div id="middle">
<?php if($_SESSION['admin'] == 1) require_once('content'.$_GET['content'].'.php'); ?>
</div>
</div>
</div>
</body>
</html>
<?php db_close (); ?>
Zitieren