X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fsession.php;h=2c7ab4488d4d59ca92eef7bf279a9ccf2469027b;hb=1de0532b20b63c9e0eeb9a2f51ca794abf6b36ad;hp=f3b02711625248d411212863a9e373eda9a167b8;hpb=0da26ebf67e1a6c8e5ab5f23639c6abd99d84b2d;p=mailer.git

diff --git a/inc/session.php b/inc/session.php
index f3b0271162..2c7ab4488d 100644
--- a/inc/session.php
+++ b/inc/session.php
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
@@ -47,11 +47,15 @@ if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return;
 
 // Start the session
 @session_start();
+global $PHPSESSID;
 $PHPSESSID = @session_id();
 
 // Store language code in cookie
 set_session("mx_lang", $mx_lang);
 
+// Load extensions here
+require_once(PATH."inc/load_extensions.php");
+
 // Check if refid is set
 if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) {
 	// The variable user comes from the click-counter script click.php and we only accept this here
@@ -68,7 +72,7 @@ if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.
 } elseif (isSessionVariableSet('refid')) {
 	// Set session refid als global
 	$GLOBALS['refid'] = bigintval(get_session('refid'));
-} elseif (GET_EXT_VERSION("sql_patches") != '') {
+} elseif (GET_EXT_VERSION("sql_patches") != "") {
 	// Set default refid as refid in URL
 	$GLOBALS['refid'] = bigintval($_CONFIG['def_refid']);
 } else {
@@ -82,6 +86,18 @@ if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_sessi
 	set_session("refid", $GLOBALS['refid']);
 }
 
+// Transfer userid from session and validate it
+if (isset($_SESSION['userid'])) {
+	// Get it secured from session
+	$GLOBALS['userid'] = bigintval($_SESSION['userid']);
+
+	// Is it valid?
+	if (!IS_MEMBER()) {
+		// Then destroy the user id
+		destroy_user_session();
+	} // END - if
+}
+
 // Test session if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) {
 	if (count($_SESSION) > 0) {