I just downloaded the source code and it's as you described. Looks wrong to me, too - $admin_name etc. are hard-coded in config.php, which is included just before this code. Not to mention that "administrator" isn't a valid md5 result :) - Steve