************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
$MODE = "guest";
-if (!empty($_GET['order']))
-{
+if (!empty($_GET['order'])) {
// Order number placed, is he also logged in?
- if(IS_LOGGED_IN())
- {
+ if(IS_MEMBER()) {
// Ok, test passed... :)
- $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Load subject and URL (but forwhat do we need the subject line here???
list($sub, $url) = SQL_FETCHROW($result);
// This fixes a white page
$_POST['url'] = $url;
- // Update his login data
- UPDATE_LOGIN_DATA();
+ // Mode is member
$MODE = "member";
- }
- else
- {
+ } else {
// Matching line not found!
- LOAD_URL(URL."/modules.php?module=index&what=login");
+ LOAD_URL("modules.php?module=index&what=login");
}
// Free memory
SQL_FREERESULT($result);
- }
- else
- {
+ } else {
// He is no longer logged in
- LOAD_URL(URL."/modules.php?module=index&what=login");
+ LOAD_URL("modules.php?module=index&what=login");
}
}
-if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame'])))
-{
+if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
+ // Default URL is ours
$url = URL;
+
+ // Decode URL if set in GET parameters
+ if (!empty($_GET['url'])) $url = gzuncompress(base64_decode(str_replace(" ", "+", COMPILE_CODE(urldecode($_GET['url'])))));
+
+ // Use URL from POST data if set
if (!empty($_POST['url'])) $url = $_POST['url'];
- if (!empty($_GET['url'])) $url = base64_decode(urldecode(COMPILE_CODE($_GET['url'])));
- switch ($_GET['frame'])
+
+ // Add missing element
+ $frame = "";
+ if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']);
+ switch ($frame)
{
case "":
switch ($MODE)
LOAD_TEMPLATE("member_order_send", false, $_GET['order']);
break;
}
-}
- else
-{
+} else {
// Go away...
- LOAD_URL(URL."/modules.php?module=login");
+ LOAD_URL("modules.php?module=login");
}
//
?>