************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
+} elseif (!IS_MEMBER()) {
LOAD_URL("modules.php[13~?module=index");
}
if (isset($_POST['ok']))
{
$cnt = 0;
- foreach ($_POST['cat'] as $cat=>$joined)
+ foreach ($_POST['cat'] as $cat => $joined)
{
if ($joined == "N") $cnt++;
}
}
if (isset($_POST['ok']))
{
- foreach ($_POST['cat'] as $cat=>$joined)
+ foreach ($_POST['cat'] as $cat => $joined)
{
switch ($joined)
{
case 'Y':
$sql = "";
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array($UID, bigintval($cat)), __FILE__, __LINE__);
if (SQL_NUMROWS($result_user) == 0)
break;
case 'N':
- $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1";
+ $sql = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1";
break;
}
if (!empty($sql))
$JOINED_N = ' checked'; $JOINED_Y = "";
// Check category selection
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array($UID, bigintval($id)), __FILE__, __LINE__);
// When we found an entry don't read it, just change the JOINED_x variables