Security line in all includes changed

[mailer.git] / inc / modules / member / what-nickname.php

diff --git a/inc/modules/member/what-nickname.php b/inc/modules/member/what-nickname.php
index 2d4643f8a71e371fd20eb1418ae0c1c55b8b25ad..2ddb9a9624e8b7b6987b5bde1b2bc82dc400a504 100644 (file)
--- a/inc/modules/member/what-nickname.php
+++ b/inc/modules/member/what-nickname.php
@@ -32,17 +32,12 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
-}
- elseif (!IS_LOGGED_IN())
-{
-       LOAD_URL(URL."/modules.php?module=index");
-}
- elseif ((!EXT_IS_ACTIVE("nickname")) && (!IS_ADMIN()))
-{
+} elseif (!IS_MEMBER()) {
+       LOAD_URL("modules.php?module=index");
+} elseif ((!EXT_IS_ACTIVE("nickname")) && (!IS_ADMIN())) {
        ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "nickname");
        return;
 }
@@ -74,7 +69,7 @@ if ($VALID)
        if (SQL_NUMROWS($result) == 0)
        {
                // Nickname not in use, so set it now
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%d LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET nickname='%s' WHERE userid=%s LIMIT 1",
                 array($_POST['nickname'], $GLOBALS['userid']), __FILE__, __LINE__);
                $content = NICKNAME_SAVED;
        }
@@ -98,7 +93,7 @@ if ($VALID)
        // Do we have already submit the form?
        if (!empty($_POST['nickname']))
        {
-               OUTPUT_HTML ("<STRONG class=\"member_failed\">".NICKNAME_IS_INVALID."</STRONG><P></P>");
+               OUTPUT_HTML("<STRONG class=\"member_failed\">".NICKNAME_IS_INVALID."</STRONG><P></P>");
        }
 
        // Load Template