* MA 02110-1301 USA *
************************************************************************/
-// APD call (if you have this apache extension and want to debug this script for us)
-//apd_set_pprof_trace();
+// XDEBUG call
+//xdebug_start_trace();
// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
require_once ("inc/libs/security_functions.php");
$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
$GLOBALS['userid'] = 0;
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
// Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
// Needed include files
require ("inc/config.php");
// Check if logged in
-if (IS_LOGGED_IN()) {
+if (IS_MEMBER()) {
// Is still logged in so we welcome him with his name
$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
// Update only cookies and no login data!
UPDATE_LOGIN_DATA(false);
- } else {
+ // Additionally admin?
+ if (IS_ADMIN()) {
+ // Add it
+ $username .= " ("._ADMIN_SHORT.")";
+ } // END - if
+ } else {
// Hmmm, logged in and no valid cookies???
$username = "<I>"._UNKNOWN."</I>";
}