<?php
	require(dirname(__FILE__).'/auth.inc.php');
	require(dirname(__FILE__).'/admin_output.inc.php');
	require(dirname(__FILE__).'/process.php');
	// Include the functions to generate the page templates
	require(dirname(__FILE__).'/templates.php');

	// Is SendStudio already setup?
	if((int)$IsSetup == 0)
	{
		require(dirname(__FILE__).'/../functions/install.php');
		FinishOutput();
		die();
	}

	// Could we connect to the database?
	if(@mysql_error() != '')
	{
		$OUTPUT = MakeErrorBox("Couldn't Connect to Database", "An error occurred while trying to connect to your MySQL database: " . mysql_error());
		require(dirname(__FILE__).'/admin.inc.php');
		die();
	}

	$CURRENTADMIN = array();
	$SSID = (isset($_GET['SSID'])) ? $_GET['SSID'] : '';

	//auth stuff!
	if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'LOGINNOW') {
		$username = stripslashes($_POST['username']);
		$password = stripslashes($_POST['password']);
		$password = md5($password);
		$lad = mysql_query("SELECT * FROM " . $TABLEPREFIX . "admins WHERE Username='".addslashes($username)."' AND Password='".addslashes($password)."' AND Status='1'");

		if(mysql_num_rows($lad) > 0) {
			$chars = array();
			foreach(range('a', 'z') as $letter) {
				$chars[] = $letter;
			}

			foreach(range(0, 9) as $number) {
				$chars[] = $number;
			}

			while(mysql_num_rows(mysql_query("SELECT * FROM " . $TABLEPREFIX . "admins WHERE LoginString ='".addslashes($SSID)."'"))>0 OR !$SSID) {
				$SSID="xx";
				for($i=0; $i < 20; $i++)
				{
					shuffle($chars);
					$SSID .= $chars[ rand(0, sizeof($chars) - 1)] ;
				}
			}

			mysql_query("UPDATE " . $TABLEPREFIX . "admins SET LoginString='".addslashes($SSID)."', LoginTime='".addslashes($SYSTEMTIME)."' WHERE Username='".addslashes($username)."'");

			LicenseCheck();
			
		}
		else
		{
			$BadLogin = 1;
			require(dirname(__FILE__).'/login.inc.php');
			exit;
		}
	}

	if($SSID && mysql_num_rows($admin=mysql_query("SELECT * FROM " . $TABLEPREFIX . "admins WHERE LoginString='".addslashes($SSID)."' && LoginTime>'".($SYSTEMTIME-$LOGINDURATION)."'"))==1)
	{
		$CURRENTADMIN = mysql_fetch_assoc($admin);
	}
	else
	{
		require(dirname(__FILE__).'/login.inc.php');
		exit;
	}

	// if we're allowed in, update our last access time.
	mysql_query("UPDATE " . $TABLEPREFIX . "admins SET LoginString='".addslashes($SSID)."', LoginTime='".addslashes($SYSTEMTIME)."' WHERE Username='".addslashes($CURRENTADMIN['Username'])."'");

	//check that all members have a confirm code - just a small amount per refresh.
	$mems=mysql_query("SELECT * FROM " . $TABLEPREFIX . "members WHERE ConfirmCode='' OR ConfirmCode IS NULL LIMIT 100");

	while($m=mysql_fetch_assoc($mems))
	{
		$ConfirmCode = md5(uniqid(rand()));
		mysql_query("UPDATE " . $TABLEPREFIX . "members SET ConfirmCode='".addslashes($ConfirmCode)."' WHERE MemberID='".$m['MemberID']."'");
	}

?>