************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_MEMBER()) {
LOAD_URL("modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("html_mail")) && (!IS_ADMIN()))
-{
+} elseif (!EXT_IS_ACTIVE("html_mail")) {
ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "html_mail");
return;
}
if (isset($_POST['ok']))
{
// Save settings
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET html='%s' WHERE userid=%s LIMIT 1",
array($_POST['html'], $GLOBALS['userid']), __FILE__, __LINE__);
LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_SETTINGS_SAVED);
}
else
{
// Load template for changing settings
- $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT html FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($mode) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
- if ($mode == 'Y')
+ if ($mode == "Y")
{
define('HTML_Y', " checked");
define('HTML_N', "");
projects / mailer.git / blobdiff