Panel i sesje - skrypt do weryfikacji Opcje

[nobody]

No wiec dopiero niedawno zainteresowalem sie sesjami i wykorzystalem je do pisania skryptu logowania do panelu administracyjnego. Jesli ktos moglby zweryfikowac kod big THX. Sorry, ze tak porozrzucane, ale zrobilem to dla przejrzystosci. Plik dbconfig.php zawiera host, login i haslo do bazy danych, index.php jest to zwykly formularz z polem login i haslo>prowadzi do login.php:
[php:1:58ebacaec3]<?php
include("./dbconfig.php");
include("./functions.php");
if($login==""||$haslo==""||strlen($login)>10||strlen($haslo)>10){
blad();
}
$cid=@mysql_connect($dbhost, $dbuser, $dbpass) or cannot();
$login=chop($login);
mysql_select_db("log");
$pobierz=@mysql_query("SELECT pass FROM users WHERE user='$login'");
$p_bazy=@mysql_result($pobierz,0) or blad();
$haslo=md5($haslo);
if($haslo==$p_bazy){
session_start();
$_SESSION['user_name']=$login;
$_SESSION['user_pass']=$haslo;
header("Location: panel.php");
}
else{
blad();
}
mysql_close($cid);
?>[/php:1:58ebacaec3]
Plik functions.php:
[php:1:58ebacaec3]<?php
session_start();
function blad(){
echo("<CENTER><FONT COLOR=#BF3421><B>Niepoprawny login lub hasło!</B></FONT></CENTER>");
include("index.php");
exit;
}
function cannot(){
die("<CENTER><FONT COLOR=#BF3421><B>Nie można nawi&plusmn;zać poł&plusmn;czenia z baz&plusmn; danych!</B></FONT></CENTER>");
}
function check(){
global $_SESSION, $dbhost, $dbuser, $dbpass;
$cid=@mysql_connect($dbhost, $dbuser, $dbpass) or cannot();
mysql_select_db("log");
$pobierz=@mysql_query("SELECT pass FROM users WHERE user='".$_SESSION['user_name']."'");
$p_bazy=@mysql_result($pobierz,0) or blad();
mysql_close($cid);
if($p_bazy!==$_SESSION['user_pass']){
return false;
}else{
return true;
}
}
function udate(){
global $_SESSION, $dbhost, $dbuser, $dbpass, $REMOTE_ADDR;
$cid=@mysql_connect($dbhost, $dbuser, $dbpass) or cannot();
mysql_select_db("log");
$pobierz=@mysql_query("UPDATE users SET last_ip='$REMOTE_ADDR', last_date='".date("Y-m-d")."' WHERE user='".$_SESSION['user_name']."'");
}
function show_data(){
global $_SESSION, $dbhost, $dbuser, $dbpass;
$cid=@mysql_connect($dbhost, $dbuser, $dbpass) or cannot();
mysql_select_db("log");
$pobierz=@mysql_query("SELECT * FROM users WHERE user='".$_SESSION['user_name']."'");
$dane=mysql_fetch_assoc($pobierz);
return "Ostatnie logowanie z IP: ".$dane['last_ip']." Data: ".$dane['last_date'].". <B>[<A HREF="functions.php?action=logout">Wyloguj ".$_SESSION['user_name']."]</A></B>";
}
switch($action){
case logout:
if(empty($_SESSION['user_name'])||empty($_SESSION['user_pass'])){
header("Location: index.php");
}
else{
session_unset($_SESSION['user_name']);
session_unset($_SESSION['user_pass']);
session_destroy();
header("Location: index.php");
}
}
?>[/php:1:58ebacaec3]
i panel.php:

Kod

<?

session_start();

include("./dbconfig.php");

include("./functions.php");



if(empty($_SESSION['user_name'])||empty($_SESSION['user_name'])||!check()){

header("Location: index.php");

}

else{



?>

<HTML>

<HEAD>

<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">

<LINK REL="stylesheet" TYPE="text/css" HREF="lstyl.css">

<TITLE>Panel administracyjny</TITLE>

</HEAD>

<BODY MARGINWIDTH="0" MARGINHEIGHT="0" TOPMARGIN="4" LEFTMARGIN="0">

<TABLE WIDTH="100%" CELLSPACING="0" CELLPADDING="0">

<TR>

<TD BACKGROUND="img/panel.gif" HEIGHT="24" CLASS="panel">

<?

print("Witaj <B>".$_SESSION['user_name']."</B>! ".show_data()." [<a href="functions.php?action=logout">Wyloguj</a>]");

udate();

}

?>

</TD>

</TR>

</TABLE>

</BODY>

</HTML>

Struktura tabeli:
[sql:1:58ebacaec3]CREATE TABLE users (user char(10) NOT NULL unique, pass char(70), last_ip char(19), last_date DATE);[/sql:1:58ebacaec3]