************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
// Start the session
@session_start();
+global $PHPSESSID;
$PHPSESSID = @session_id();
// Store language code in cookie
set_session("mx_lang", $mx_lang);
+// Load extensions here
+require_once(PATH."inc/load_extensions.php");
+
// Check if refid is set
if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) {
// The variable user comes from the click-counter script click.php and we only accept this here
$GLOBALS['refid'] = bigintval($_GET['user']);
-}
-
-if (!empty($_POST['refid'])) {
+} elseif (!empty($_POST['refid'])) {
// Get referral id from variable refid (so I hope this makes my script more compatible to other scripts)
$GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid']));
} elseif (!empty($_GET['refid'])) {
} elseif (!empty($_GET['ref'])) {
// Set refid=ref (the referral link uses such variable)
$GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
-} elseif (!empty($_SESSION['refid'])) {
+} elseif (isSessionVariableSet('refid')) {
// Set session refid als global
- $GLOBALS['refid'] = bigintval($_SESSION['refid']);
+ $GLOBALS['refid'] = bigintval(get_session('refid'));
} elseif (GET_EXT_VERSION("sql_patches") != "") {
// Set default refid as refid in URL
$GLOBALS['refid'] = bigintval($_CONFIG['def_refid']);
}
// Set cookie when default refid > 0
-if (empty($_SESSION['refid']) || (!empty($GLOBALS['refid'])) || (($_SESSION['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {
+if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && ($_CONFIG['def_refid'] > 0))) {
// Set cookie
set_session("refid", $GLOBALS['refid']);
}
+// Transfer userid from session and validate it
+if (isset($_SESSION['userid'])) {
+ // Get it secured from session
+ $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+
+ // Is it valid?
+ if (!IS_MEMBER()) {
+ // Then destroy the user id
+ destroy_user_session();
+ } // END - if
+}
+
// Test session if index.php or modules.php is loaded
-if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing)) {
+if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) {
if (count($_SESSION) > 0) {
// Session variables accepted!
define('__COOKIES', true);