X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=modules.php;h=15e4cf4d18b78c19acc7beca439f594660485124;hp=ed8a25842f2b2385f4a7ad9ec5fafd81778606f9;hb=7989ec603971c0dc8dc35d8be4e72f8098b83baa;hpb=b80ee4c24c8786ed4098d9e3526fe78da0e73c0b
diff --git a/modules.php b/modules.php
index ed8a25842f..15e4cf4d18 100644
--- a/modules.php
+++ b/modules.php
@@ -35,7 +35,7 @@
//xdebug_start_trace();
// Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once ("inc/libs/security_functions.php");
+require("inc/libs/security_functions.php");
// Init "action" and "what"
global $what, $action, $startTime;
@@ -44,52 +44,67 @@ $CSS = 0;
$GLOBALS['what'] = ""; $GLOBALS['action'] = "";
$GLOBALS['userid'] = 0;
-if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
-if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
+// Fix missing module to "index"
if (empty($_GET['module'])) $_GET['module'] = "index";
+// Secure action/what if present
+if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
+if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
+
// Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
// Needed include files
-require ("inc/config.php");
+require("inc/config.php");
// Check if logged in
if (IS_MEMBER()) {
// Is still logged in so we welcome him with his name
- $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Load surname and family's name and build the username
list($s, $f) = SQL_FETCHROW($result);
$username = $s." ".$f;
- // Update only cookies and no login data!
- UPDATE_LOGIN_DATA(false);
+ // Additionally admin?
+ if (IS_ADMIN()) {
+ // Add it
+ $username .= " ({!_ADMIN_SHORT!})";
+ } // END - if
} else {
+ // Hmmm, logged in and no valid userid?
+ $username = "{!_UNKNOWN!}";
- // Hmmm, logged in and no valid cookies???
- $username = ""._UNKNOWN."";
+ // Destroy session
+ destroy_user_session();
+
+ // Kill userid
+ $GLOBALS['userid'] = 0;
}
// Free memory
SQL_FREERESULT($result);
} elseif (IS_ADMIN()) {
- $username = _ADMIN;
+ // Admin is there
+ $username = getMessage('_ADMIN');
} else {
// He's a guest, hello there... ;-)
- $username = _GUEST;
+ $username = getMessage('_GUEST');
}
// The header file
-include (PATH."inc/header.php");
+LOAD_INC_ONCE("inc/header.php");
// Modules are by default not valid!
$MOD_VALID = false; $check = "failed";
-if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) {
+if ((getConfig('maintenance') == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) {
// Maintain mode is active and you are no admin
- ADD_FATAL(LANG_DOWN_MAINTAINCE);
-} elseif (($link) && ($db) && (sizeof($FATAL) == 0)) {
+ addFatalMessage(getMessage('LANG_DOWN_MAINTAINCE'));
+} elseif (($link) && ($db) && (getTotalFatalErrors() == 0)) {
+ // Construct module name
+ define('__MODULE', sprintf("inc/modules/%s.php", SQL_ESCAPE($GLOBALS['module'])));
+
// Did we found the module listed in allowed modules and are we successfully connected?
$check = CHECK_MODULE($GLOBALS['module']);
switch ($check)
@@ -97,56 +112,53 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I
case "admin_only":
case "mem_only":
case "done":
- // Construct module name
- define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
-
// Does the module exists on local file system?
- if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
+ if ((FILE_READABLE(constant('__MODULE'))) && (getTotalFatalErrors() == 0)) {
// Module is valid, active and located on the local disc...
$MOD_VALID = true;
} elseif (!empty($URL)) {
// An URL was specified so we load the de-referrer module
LOAD_URL(DEREFERER($URL));
- } elseif (sizeof($FATAL) == 0) {
- ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
+ } elseif (getTotalFatalErrors() == 0) {
+ addFatalMessage(sprintf(getMessage('LANG_MOD_REG_404'), $GLOBALS['module']));
}
break;
case "404":
- ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
+ addFatalMessage(sprintf(getMessage('LANG_MOD_REG_404'), $GLOBALS['module']));
break;
case "locked":
- if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php"))
- {
+ if (!FILE_READABLE(constant('__MODULE'))) {
// Module does addionally not exists
- ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
- }
- ADD_FATAL(LANG_MOD_LOCKED_1.$GLOBALS['module'].LANG_MOD_LOCKED_2);
+ addFatalMessage(sprintf(getMessage('LANG_MOD_REG_404'), $GLOBALS['module']));
+ } // END - if
+
+ // Add fatal message
+ addFatalMessage(sprintf(getMessage('LANG_MOD_REG_LOCKED'), $GLOBALS['module']));
break;
default:
- ADD_FATAL(LANG_MOD_UNKNOWN_1.$check.LANG_MOD_UNKNOWN_2);
+ DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s return from module check. Module=%s", $check, $GLOBALS['module']));
+ addFatalMessage(sprintf(getMessage('LANG_MOD_REG_UNKNOWN'), $check));
break;
}
-}
- elseif (sizeof($FATAL) == 0)
-{
+} elseif (getTotalFatalErrors() == 0) {
// MySQL problems!
- ADD_FATAL(MYSQL_ERRORS);
+ addFatalMessage(getMessage('MYSQL_ERRORS'));
}
-if ($MOD_VALID) {
+if (($MOD_VALID) && (defined('__MODULE'))) {
/////////////////////////////////////////////
// Main including line DO NOT REMOVE/EDIT! //
/////////////////////////////////////////////
//
// Everything is okay so we can load the module
- include (__MODULE);
-}
+ LOAD_INC_ONCE(constant('__MODULE'));
+} // END - if
// Next-to-end add the footer
-include (PATH."inc/footer.php");
+LOAD_INC_ONCE("inc/footer.php");
//
?>