<%@language="VBScript"%>
<% Response.Buffer = True %>
<% Response.Expires = -1 %>
<!--#include file="inc/conn.asp" -->
<% 
'odhlášení
if request("odhlasit") = "1" then
	If request.cookies("admin_" & session("server")) <> "" then
		Response.Cookies ("admin_" & session("server")).Expires = now()-5
	end if
	session("admin_bikestore_server") = ""
	session("admin_bikestore_id2") = ""
	session("admin_bikestore") = ""
	session("admin_bikestore_hlavni") = ""
	session("admin_bikestore_omezeni1") = ""
	session("admin_bikestore_omezeni2") = ""
	session("admin_bikestore_omezeni3") = ""
	Response.clear
	response.redirect "index.asp"
end if



'přihlášení - kontrola přístupu
Set rs = CreateObject("ADODB.RecordSet")
if request.servervariables("SERVER_NAME") = "localhost" then
	strSQL = "SELECT * FROM admin WHERE jmeno LIKE '" & sqlinjection(request("jmeno")) & "' AND heslo LIKE '" & sqlinjection(request("heslo")) & "'"
else
	strSQL = "SELECT * FROM admin WHERE REPLACE(jmeno,' ','') LIKE '" & sqlinjection2(request("jmeno")) & "' AND REPLACE(heslo,' ','') LIKE '" & sqlinjection2(request("heslo")) & "'"
end if
rs.Open strSQL, conn, 2, 3
If rs.EOF then
	Response.Clear
	Response.Redirect "index.asp"
else
	'kontrola IP adresy
	if rs("ip_adresa") <> "" and isnull(rs("ip_adresa")) = false then
		if request.servervariables("REMOTE_ADDR") <> rs("ip_adresa") then
			Response.Clear
			Response.Redirect "index.asp"
		end if
	end if
	
	Session("admin_bikestore_ip") = rs("ip_adresa")
	Session("admin_bikestore_server") = request.servervariables("SERVER_NAME")
	Session("admin_bikestore_id2") = rs("id_admin")
	Session("admin_bikestore") = replace(request("jmeno"),"'","")
	If rs("admin") = true then Session("admin_bikestore_hlavni") = "1" End if
	If rs("omezeni1") = true then Session("admin_bikestore_omezeni1") = "1" End if
	If rs("omezeni2") = true then Session("admin_bikestore_omezeni2") = "1" End if
	If rs("omezeni3") = true then Session("admin_bikestore_omezeni3") = "1" End if
	if request("nastalo") = "1" then
		'Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_ip") = rs("ip_adresa")
		Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_id2") = rs("id_admin")
		Response.Cookies ("admin_" & session("server"))("admin_" & session("server")) = replace(request("jmeno"),"'","")
		If rs("admin") = true then Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_hlavni") = "1" End if
		If rs("omezeni1") = true then Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_omezeni1") = "1" End if
		If rs("omezeni2") = true then Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_omezeni2") = "1" End if
		If rs("omezeni3") = true then Response.Cookies ("admin_" & session("server"))("admin_" & session("server") & "_omezeni3") = "1" End if
		Response.Cookies ("admin_" & session("server")).Expires = date + 365
	end if
	
	rs("zmena") = false
	rs.update
End if
rs.Close
conn.Close

Response.Clear
Response.Redirect "index2.asp"
 %>