X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=modules.php;h=325eb83108671abe9bc5440e084ddb794ad2307b;hp=b24aee4126bd22d93a8bf6adcd0869d94d01f4b1;hb=aa27f7442553d0a8341e5611d70b8e4521bbce03;hpb=c86e03ea5f3e9b631485d69a5528474a9f0c8fc1 diff --git a/modules.php b/modules.php index b24aee4126..325eb83108 100644 --- a/modules.php +++ b/modules.php @@ -35,7 +35,7 @@ //xdebug_start_trace(); // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) ) -require_once ("inc/libs/security_functions.php"); +require_once("inc/libs/security_functions.php"); // Init "action" and "what" global $what, $action, $startTime; @@ -55,7 +55,7 @@ if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']); $GLOBALS['module'] = secureString($_GET['module']); // Needed include files -require ("inc/config.php"); +require("inc/config.php"); // Check if logged in if (IS_MEMBER()) { @@ -67,22 +67,26 @@ if (IS_MEMBER()) { list($s, $f) = SQL_FETCHROW($result); $username = $s." ".$f; - // Update only cookies and no login data! - UPDATE_LOGIN_DATA(false); - // Additionally admin? if (IS_ADMIN()) { // Add it $username .= " ("._ADMIN_SHORT.")"; } // END - if } else { - // Hmmm, logged in and no valid cookies??? + // Hmmm, logged in and no valid userid? $username = ""._UNKNOWN.""; + + // Destroy session + destroy_user_session(); + + // Kill userid + $GLOBALS['userid'] = 0; } // Free memory SQL_FREERESULT($result); } elseif (IS_ADMIN()) { + // Admin is there $username = _ADMIN; } else { // He's a guest, hello there... ;-) @@ -106,7 +110,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I case "mem_only": case "done": // Construct module name - define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module'])); + define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module']))); // Does the module exists on local file system? if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) { @@ -125,33 +129,33 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I break; case "locked": - if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php")) - { + if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php")) { // Module does addionally not exists ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2); - } + } // END - if + + // Add fatal message ADD_FATAL(LANG_MOD_LOCKED_1.$GLOBALS['module'].LANG_MOD_LOCKED_2); break; default: + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s return from module check. Module=%s", $check, $GLOBALS['module'])); ADD_FATAL(LANG_MOD_UNKNOWN_1.$check.LANG_MOD_UNKNOWN_2); break; } -} - elseif (sizeof($FATAL) == 0) -{ +} elseif (sizeof($FATAL) == 0) { // MySQL problems! ADD_FATAL(MYSQL_ERRORS); } -if ($MOD_VALID) { +if (($MOD_VALID) && (defined('__MODULE'))) { ///////////////////////////////////////////// // Main including line DO NOT REMOVE/EDIT! // ///////////////////////////////////////////// // // Everything is okay so we can load the module include (__MODULE); -} +} // END - if // Next-to-end add the footer include (PATH."inc/footer.php");