2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 10/24/2003 *
\r
4 * =============== Last change: 06/30/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : frametester.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Test your website against frame killers *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Testet die Mitgliedsseite gegen Frame-Killer *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
43 if (!empty($_GET['order']))
\r
45 // Order number placed, is he also logged in?
\r
48 // Ok, test passed... :)
\r
49 $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
\r
50 array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
\r
52 // Finally is the entry valid?
\r
53 if (SQL_NUMROWS($result) == 1)
\r
55 // Load subject and URL (but forwhat do we need the subject line here???
\r
56 list($sub, $url) = SQL_FETCHROW($result);
\r
58 // This fixes a white page
\r
59 $_POST['url'] = $url;
\r
61 // Update his login data
\r
62 UPDATE_LOGIN_DATA();
\r
67 // Matching line not found!
\r
68 LOAD_URL(URL."/modules.php?module=index&what=login");
\r
72 SQL_FREERESULT($result);
\r
76 // He is no longer logged in
\r
77 LOAD_URL(URL."/modules.php?module=index&what=login");
\r
81 if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame'])))
\r
84 if (!empty($_POST['url'])) $url = $_POST['url'];
\r
85 if (!empty($_GET['url'])) $url = base64_decode(urldecode(COMPILE_CODE($_GET['url'])));
\r
86 switch ($_GET['frame'])
\r
93 define('__ORDER_VALUE', bigintval($_GET['order']));
\r
94 define('__URL_VALUE' , DEREFERER($url));
\r
95 LOAD_TEMPLATE("member_order_frametester");
\r
99 define('__URL_VALUE' , DEREFERER($url));
\r
100 LOAD_TEMPLATE("guest_frametester");
\r
106 OUTPUT_HTML ("<STRONG class=\"guest_done\">".GUEST_FRAMETESTER_TOP."</SPAN>");
\r
109 case "back": // Back buttom
\r
110 LOAD_TEMPLATE("member_order_back", false, $_GET['order']);
\r
113 case "send": // Send mail away
\r
114 LOAD_TEMPLATE("member_order_send", false, $_GET['order']);
\r
121 LOAD_URL(URL."/modules.php?module=login");
\r