Security line in all includes changed

[mailer.git] / inc / modules / admin / what-user_contct.php

diff --git a/inc/modules/admin/what-user_contct.php b/inc/modules/admin/what-user_contct.php
index be76d576ed91f4716981b40ceb2aa26ef0cf8d4f..190d17c8d6356c749df74d06d26a008689f4719c 100644 (file)
--- a/inc/modules/admin/what-user_contct.php
+++ b/inc/modules/admin/what-user_contct.php
@@ -12,7 +12,7 @@
  * -------------------------------------------------------------------- *
  *                                                                      *
  * -------------------------------------------------------------------- *
- * Copyright (c) 2003, 2004, 2005, 2006, 2007 by Roland Haeder          *
+ * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  * For more information visit: http://www.mxchange.org                  *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
@@ -32,7 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!is_admin())) {
+if ((!defined('__SECURITY')) || (!is_admin())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -43,7 +43,7 @@ ADD_DESCR("admin", basename(__FILE__));
 // Is a user id given?
 if ((isset($_GET['u_id'])) && (bigintval($_GET['u_id']) > 0)) {
        // Load user data and display it
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
 
        // Is a user account found?