$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
$GLOBALS['userid'] = 0;
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
// Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
// Needed include files
require ("inc/config.php");
list($s, $f) = SQL_FETCHROW($result);
$username = $s." ".$f;
- // Update only cookies and no login data!
- UPDATE_LOGIN_DATA(false);
+ // Additionally admin?
+ if (IS_ADMIN()) {
+ // Add it
+ $username .= " ("._ADMIN_SHORT.")";
+ } // END - if
} else {
-
- // Hmmm, logged in and no valid cookies???
+ // Hmmm, logged in and no valid userid?
$username = "<I>"._UNKNOWN."</I>";
+
+ // Destroy session
+ destroy_user_session();
+
+ // Kill userid
+ $GLOBALS['userid'] = 0;
}
// Free memory
SQL_FREERESULT($result);
} elseif (IS_ADMIN()) {
+ // Admin is there
$username = _ADMIN;
} else {
// He's a guest, hello there... ;-)
case "mem_only":
case "done":
// Construct module name
- define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
+ define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module'])));
// Does the module exists on local file system?
if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
projects / mailer.git / blobdiff