<?php
/************************************************************************
- * MXChange v0.2.1 Start: 10/29/2003 *
- * =============== Last change: 04/17/2004 *
+ * Mailer v0.2.1-FINAL Start: 10/29/2003 *
+ * =================== Last change: 04/17/2004 *
* *
* -------------------------------------------------------------------- *
* File : loader.php *
* $Date:: $ *
* $Tag:: 0.2.1-FINAL $ *
* $Author:: $ *
- * Needs to be in all Files and every File needs "svn propset *
- * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder *
- * For more information visit: http://www.mxchange.org *
+ * Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009 - 2012 by Mailer Developer Team *
+ * For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
// Some security stuff...
if (!defined('__SECURITY')) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
- require($INC);
-}
+ exit();
+} // END - if
-if (REQUEST_ISSET_GET(('url'))) {
+// Is an URL specified?
+if ((isGetRequestElementSet('url')) && (isGetRequestElementSet('hash')) && (isGetRequestElementSet('salt'))) {
// Decode URL
- $url = decodeString(str_replace(" ", "+", compileUriCode(urldecode(REQUEST_GET('url')))));
+ $decodedUrl = decodeString(str_replace(' ', '+', compileUriCode(urldecode(getRequestElement('url')))));
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . getRequestElement('hash'));
+
+ // Generate hash for comparing it
+ $hash = encodeHashForCookie(generateHash($decodedUrl . getSiteKey() . getDateKey(), getRequestElement('salt')));
- // Validate the URL
- if (VALIDATE_URL($url)) {
- // Prepare data for the template
- define('__URL', $url);
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'decodedUrl=' . $decodedUrl . ',hash=' . $hash);
+ // Validate the URL and hash
+ if ($hash != getRequestElement('hash')) {
+ // Hash doesn't match
+ displayMessage('{--LOADER_SECURITY_HASH_MISMATCH--}');
+
+ // Log this event
+ logDebugMessage(__FILE__, __LINE__, 'Hash ' . getRequestElement('hash') . ' does not match URL ' . $decodedUrl);
+ } elseif (isUrlValid($decodedUrl)) {
// Generate a JavaScript that redirects us
- LOAD_TEMPLATE("loader");
+ loadTemplate('loader', FALSE, $decodedUrl);
} else {
// URL invalid
- LOAD_URL("index.php");
+ redirectToUrl('modules.php?module=index');
}
} else {
+ // Is the hash not provided?
+ if (!isGetRequestElementSet('hash')) {
+ // Very old (external!) call
+ logDebugMessage(__FUNCTION__, __LINE__, 'Possible old call on loader.php detected. Redirecting to index.php anyway ...');
+ } // END - if
+
// Invalid or no URL entered!
- LOAD_URL("index.php");
+ redirectToUrl('modules.php?module=index');
}
-//
+// [EOF]
?>