************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
if (!empty($_GET['order'])) {
// Order number placed, is he also logged in?
- if(IS_LOGGED_IN()) {
+ if(IS_MEMBER()) {
// Ok, test passed... :)
$result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// This fixes a white page
$_POST['url'] = $url;
- // Update his login data
- UPDATE_LOGIN_DATA();
+ // Mode is member
$MODE = "member";
} else {
// Matching line not found!
$url = URL;
// Decode URL if set in GET parameters
- if (!empty($_GET['url'])) $url = COMPILE_CODE(gzuncompress(base64_decode(urldecode($_GET['url']))));
+ if (!empty($_GET['url'])) $url = gzuncompress(base64_decode(str_replace(" ", "+", COMPILE_CODE(urldecode($_GET['url'])))));
// Use URL from POST data if set
if (!empty($_POST['url'])) $url = $_POST['url'];