Direct registration added, typo fixed, admin session on missing/failed login fixed...

[mailer.git] / modules.php

diff --git a/modules.php b/modules.php
index 72cd6943e0f2197d24ebd203a41ac0a52eebf8f9..3787101d996b47b7f8642cc51900be9dfb0efe20 100644 (file)
--- a/modules.php
+++ b/modules.php
@@ -73,13 +73,20 @@ if (IS_MEMBER()) {
                        $username .= " ("._ADMIN_SHORT.")";
                } // END - if
        } else {
-               // Hmmm, logged in and no valid cookies???
+               // Hmmm, logged in and no valid userid?
                $username = "<I>"._UNKNOWN."</I>";
+
+               // Destroy session
+               destroy_user_session();
+
+               // Kill userid
+               $GLOBALS['userid'] = 0;
        }
 
        // Free memory
        SQL_FREERESULT($result);
 } elseif (IS_ADMIN()) {
+       // Admin is there
        $username = _ADMIN;
 } else {
        // He's a guest, hello there... ;-)
@@ -103,7 +110,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I
        case "mem_only":
        case "done":
                // Construct module name
-               define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
+               define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module'])));
 
                // Does the module exists on local file system?
                if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {