* -------------------------------------------------------------------- *
* Kurzbeschreibung : Testet die Mitgliedsseite gegen Frame-Killer *
* -------------------------------------------------------------------- *
- * *
+ * $Revision:: $ *
+ * $Date:: $ *
+ * $Tag:: 0.2.1-FINAL $ *
+ * $Author:: $ *
+ * Needs to be in all Files and every File needs "svn propset *
+ * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2008 by Roland Haeder *
* For more information visit: http://www.mxchange.org *
************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+if (!defined('__SECURITY')) {
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
require($INC);
}
-$MODE = "guest";
+$mode = 'guest';
-if (!empty($_GET['order'])) {
+if (REQUEST_ISSET_GET(('order'))) {
// Order number placed, is he also logged in?
- if(IS_LOGGED_IN()) {
+ if (IS_MEMBER()) {
// Ok, test passed... :)
- $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
- array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT subject, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
+ array(bigintval(REQUEST_GET('order')), getUserId()), __FILE__, __LINE__);
// Finally is the entry valid?
if (SQL_NUMROWS($result) == 1) {
list($sub, $url) = SQL_FETCHROW($result);
// This fixes a white page
- $_POST['url'] = $url;
+ REQUEST_SET_POST('url', $url);
- // Update his login data
- UPDATE_LOGIN_DATA();
- $MODE = "member";
+ // Mode is member
+ $mode = 'member';
} else {
// Matching line not found!
- LOAD_URL("modules.php?module=index&what=login");
+ LOAD_URL('modules.php?module=index&what=login');
}
// Free memory
SQL_FREERESULT($result);
} else {
// He is no longer logged in
- LOAD_URL("modules.php?module=index&what=login");
+ LOAD_URL('modules.php?module=index&what=login');
}
}
-if ((!empty($_POST['url'])) || (!empty($_GET['url'])) || (!empty($_GET['frame']))) {
- $url = URL;
- if (!empty($_POST['url'])) $url = $_POST['url'];
+if ((REQUEST_ISSET_POST(('url'))) || (REQUEST_ISSET_GET(('url'))) || (REQUEST_ISSET_GET(('frame')))) {
+ // Default URL is ours
+ $url = constant('URL');
+
+ // Decode URL if set in GET parameters
+ if (REQUEST_ISSET_GET(('url'))) $url = decodeString(str_replace(' ', '+', compileUriCode(urldecode(REQUEST_GET('url')))));
- // Decode URL if set
- if (!empty($_GET['url'])) $url = COMPILE_CODE(gzuncompress(base64_decode(urldecode($_GET['url']))));
+ // Use URL from POST data if set
+ if (REQUEST_ISSET_POST(('url'))) $url = REQUEST_POST('url');
// Add missing element
- $frame = "";
- if (!empty($_GET['frame'])) $frame = SQL_ESCAPE($_GET['frame']);
+ $frame = '';
+ if (REQUEST_ISSET_GET(('frame'))) $frame = REQUEST_GET(('frame'));
switch ($frame)
{
- case "":
- switch ($MODE)
+ case '':
+ switch ($mode)
{
- case "member":
+ case 'member':
// Build frameset
- define('__ORDER_VALUE', bigintval($_GET['order']));
+ define('__ORDER_VALUE', bigintval(REQUEST_GET('order')));
define('__URL_VALUE' , DEREFERER($url));
- LOAD_TEMPLATE("member_order_frametester");
+ LOAD_TEMPLATE('member_order_frametester');
break;
- case "guest":
+ case 'guest':
define('__URL_VALUE' , DEREFERER($url));
- LOAD_TEMPLATE("guest_frametester");
+ LOAD_TEMPLATE('guest_frametester');
break;
}
break;
- case "test_top":
- OUTPUT_HTML("<STRONG class=\"guest_done\">".GUEST_FRAMETESTER_TOP."</SPAN>");
+ case 'test_top':
+ LOAD_TEMPLATE('admin_settings_saved', false, '<div class="guest_done">{--GUEST_FRAMETESTER_TOP--}</span>');
break;
- case "back": // Back buttom
- LOAD_TEMPLATE("member_order_back", false, $_GET['order']);
+ case 'back': // Back buttom
+ LOAD_TEMPLATE('member_order_back', false, REQUEST_GET('order'));
break;
- case "send": // Send mail away
- LOAD_TEMPLATE("member_order_send", false, $_GET['order']);
+ case 'send': // Send mail away
+ LOAD_TEMPLATE('member_order_send', false, REQUEST_GET('order'));
break;
}
} else {
// Go away...
- LOAD_URL("modules.php?module=login");
+ LOAD_URL('modules.php?module=login');
}
//
?>