$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
// Check validity of a given module name (no file extension)
function CHECK_MODULE($mod) {
// We need them now here...
// Check validity of a given module name (no file extension)
function CHECK_MODULE($mod) {
// We need them now here...
-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {
if (ereg(".php", $search)) {
$search = substr($search, 0, strpos($search, ".php"));
}
if (ereg(".php", $search)) {
$search = substr($search, 0, strpos($search, ".php"));
}
$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
array($ACC_LVL, $type, $search), __FILE__, __LINE__);
$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
array($ACC_LVL, $type, $search), __FILE__, __LINE__);
if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
// Load SQL data and add the menu to the output stream...
$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
array($MODE), __FILE__, __LINE__);
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
// Load SQL data and add the menu to the output stream...
$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
array($MODE), __FILE__, __LINE__);
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
// There are menus available, so we simply display them... :)
OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
// There are menus available, so we simply display them... :)
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
// Load menu header template
$BLOCK_MODE = false; $act = $main_action;
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
// Load menu header template
$BLOCK_MODE = false; $act = $main_action;
$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
array($MODE, $main_action), __FILE__, __LINE__);
$ctl = SQL_NUMROWS($result_sub);
$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
array($MODE, $main_action), __FILE__, __LINE__);
$ctl = SQL_NUMROWS($result_sub);
// If admin login is not given take current from cookies...
if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
// If admin login is not given take current from cookies...
if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
- $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
+ // Get admin login and password from session/cookies
+ $admin = SQL_ESCAPE(get_session('admin_login'));
+ $passCookie = SQL_ESCAPE(get_session('admin_md5'));
if (SQL_NUMROWS($result) == 1) {
// Admin login was found so let's load password from DB
list($passDB) = SQL_FETCHROW($result);
if (SQL_NUMROWS($result) == 1) {
// Admin login was found so let's load password from DB
list($passDB) = SQL_FETCHROW($result);
- //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
- $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+ //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+ $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));