************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
+// Base directory (should be moved to database)
$usage = "usage/";
-if (!empty($_GET['image']))
-{
- if ($_GET['type'] == "usage")
- {
- $file = PATH.$usage."usage.png";
- }
- else
- {
+
+if (!empty($_GET['image'])) {
+ if ($_GET['type'] == "usage") {
+ $file = sprintf("%s%susage.png", PATH, $usage);
+ } else {
if (strpos($_GET['image'], "\\") > 0) $_GET['image'] = substr($_GET['image'], 0, strpos($_GET['image'], "\\"));
- $file = PATH.$usage.$_GET['type']."_usage_".$_GET['image'].".png";
+ $file = sprintf("%s%s%s_usage_%s.png", PATH, $usage, SQL_ESCAPE($_GET['type']), SQL_ESCAPE($_GET['image']));
}
- if (file_exists($file))
- {
+
+ if (FILE_READABLE($file)) {
$image = imagecreatefrompng($file);
header("Content-type: image/png");
imagepng($image);
imagedestroy($image);
}
exit();
-}
- elseif (empty($_GET['usage']))
-{
- $file = PATH.$usage."index.html";
-}
- else
-{
+} elseif (empty($_GET['usage'])) {
+ $file = sprintf("%s%sindex.html", PATH, $usage);
+} else {
$file = sprintf("%s%susage_%s.html",
PATH,
$usage,
SQL_ESCAPE($_GET['usage'])
);
}
-if ($file !="")
-{
- if (file_exists($file) && is_readable($file))
- {
+
+if (!empty($file)) {
+ if (FILE_READABLE($file)) {
$tmpl_file = implode("", file($file));
$tmpl_file = addslashes($tmpl_file);
$tmpl_file = "\$content=\"".$tmpl_file."\";";
}
}
}
-CLOSE_TABLE();
+
//
?>