Surfbar now has start/stop button

[mailer.git] / modules.php

diff --git a/modules.php b/modules.php
index f4e8cbacfbbea1e21ca627b0a314841b812060c5..9c13ae64377b7b7fd5e08586e399543d35f93a10 100644 (file)
--- a/modules.php
+++ b/modules.php
@@ -31,8 +31,8 @@
  * MA  02110-1301  USA                                                  *
  ************************************************************************/
 
-// APD call (if you have this apache extension and want to debug this script for us)
-//apd_set_pprof_trace();
+// XDEBUG call
+//xdebug_start_trace();
 
 // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
 require_once ("inc/libs/security_functions.php");
@@ -44,18 +44,21 @@ $CSS = 0;
 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
 $GLOBALS['userid'] = 0;
 
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
 if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
 if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
 
 // Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
 
 // Needed include files
 require ("inc/config.php");
 
 // Check if logged in
-if (IS_LOGGED_IN()) {
+if (IS_MEMBER()) {
        // Is still logged in so we welcome him with his name
        $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);