* MA 02110-1301 USA *
************************************************************************/
-// APD call (if you have this apache extension and want to debug this script for us)
-//apd_set_pprof_trace();
+// XDEBUG call
+//xdebug_start_trace();
// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
require_once ("inc/libs/security_functions.php");
$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
$GLOBALS['userid'] = 0;
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
// Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
// Needed include files
require ("inc/config.php");
// Check if logged in
-if (IS_LOGGED_IN())
-{
+if (IS_MEMBER()) {
// Is still logged in so we welcome him with his name
- $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Load surname and family's name and build the username
list($s, $f) = SQL_FETCHROW($result);
$username = $s." ".$f;
// Update only cookies and no login data!
UPDATE_LOGIN_DATA(false);
- }
- else
- {
+ // Additionally admin?
+ if (IS_ADMIN()) {
+ // Add it
+ $username .= " ("._ADMIN_SHORT.")";
+ } // END - if
+ } else {
// Hmmm, logged in and no valid cookies???
$username = "<I>"._UNKNOWN."</I>";
}
// Free memory
SQL_FREERESULT($result);
-}
- elseif (IS_ADMIN())
-{
+} elseif (IS_ADMIN()) {
$username = _ADMIN;
-}
- else
-{
+} else {
// He's a guest, hello there... ;-)
$username = _GUEST;
}
// Modules are by default not valid!
$MOD_VALID = false; $check = "failed";
-if ((!empty($CONFIG['maintenance'])) && ($CONFIG['maintenance'] == 'Y') && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin"))
-{
+if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) {
// Maintain mode is active and you are no admin
ADD_FATAL(LANG_DOWN_MAINTAINCE);
-}
- elseif (($link) && ($db) && (sizeof($FATAL) == 0))
-{
+} elseif (($link) && ($db) && (sizeof($FATAL) == 0)) {
// Did we found the module listed in allowed modules and are we successfully connected?
$check = CHECK_MODULE($GLOBALS['module']);
switch ($check)
case "mem_only":
case "done":
// Construct module name
- define('__MODULE', sprintf(PATH."inc/modules/%s.php", $GLOBALS['module']));
+ define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
// Does the module exists on local file system?
- if (((file_exists(__MODULE)) || (!empty($URL))) && (sizeof($FATAL) == 0))
- {
+ if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
// Module is valid, active and located on the local disc...
$MOD_VALID = true;
- }
- elseif (!empty($URL))
- {
+ } elseif (!empty($URL)) {
// An URL was specified so we load the de-referrer module
- include (PATH."inc/loader.php");
- }
- elseif (sizeof($FATAL) == 0)
- {
+ LOAD_URL(DEREFERER($URL));
+ } elseif (sizeof($FATAL) == 0) {
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
}
break;
break;
case "locked":
- if (!file_exists(PATH."inc/modules/".$GLOBALS['module'].".php"))
+ if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php"))
{
// Module does addionally not exists
ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
ADD_FATAL(MYSQL_ERRORS);
}
-if ($MOD_VALID)
-{
+if ($MOD_VALID) {
/////////////////////////////////////////////
// Main including line DO NOT REMOVE/EDIT! //
/////////////////////////////////////////////