************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
switch ($_GET['do'])
{
case "add":
- $SQL[] = "INSERT INTO "._MYSQL_PREFIX."_payments (time, payment, mail_title, price) VALUES ('".$_POST['t_wait']."', '".$_POST['payment']."', '".$_POST['title']."', '".$_POST['price']."')";
+ $SQL[] = "INSERT INTO "._MYSQL_PREFIX."_payments (time, payment, mail_title, price) VALUES ('".$_POST['t_wait']."','".$_POST['payment']."','".$_POST['title']."','".$_POST['price']."')";
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_payments WHERE time='%s' LIMIT 1",
array($_POST['t_wait']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)