nav.admin.php at Potato News

<?PHP
if (isset($_COOKIE["user"])) {
$id = $_COOKIE["user"];
if (preg_match('/^[a-z0-9]+$/i', $id)) {
} else {
//INVALID USER NAME
exit("Critical error");
}
}
?><div class="transbox">
<?PHP
$server = getcwd();
$a2 = $_COOKIE["site"];
if (isset($_COOKIE["user"]) and $a2 == $server) {
$id = $_COOKIE["user"];
if (file_exists("data/users/$id.php")) {
include ("data/users/$id.php");

$dirid="admin";
$dh=opendir($dirid);
while ($dave=readdir($dh))
{
if (file_exists("admin/$dave")) {
if (file_exists("admin/$dave.php")) {
include ("admin/$dave.php");
}
}
}
closedir ($dh);

} else {
echo "<p class=\"nav\">You have been logged out!</p>";
setcookie("user", "", time()-3600);
setcookie("auth", "", time()-3600);
setcookie("site", "", time()-3600);
 }

 } else { 
 setcookie("user", "", time()-3600);
setcookie("auth", "", time()-3600);
setcookie("site", "", time()-3600);
 
 //NOT LOGGED IN
 ?>
 
 <h2>You must login</h2>
<p align='center'><a href='admin2.php?dand=login'/>Login</a>
<br><a href='admin2.php?dand=register'/>Register</a>
</p>


<?PHP } ?>
</div>