X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=modules.php;h=3787101d996b47b7f8642cc51900be9dfb0efe20;hp=f8fbe88fb7616f5c9e4bc5ae0d07c857426929ee;hb=497d9d8fcda61391c149af3747118bb2772c7c26;hpb=307a4e11763f0914e73dc756b219356e1c29ab25 diff --git a/modules.php b/modules.php index f8fbe88fb7..3787101d99 100644 --- a/modules.php +++ b/modules.php @@ -31,8 +31,8 @@ * MA 02110-1301 USA * ************************************************************************/ -// APD call (if you have this apache extension and want to debug this script for us) -//apd_set_pprof_trace(); +// XDEBUG call +//xdebug_start_trace(); // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) ) require_once ("inc/libs/security_functions.php"); @@ -44,47 +44,51 @@ $CSS = 0; $GLOBALS['what'] = ""; $GLOBALS['action'] = ""; $GLOBALS['userid'] = 0; +// Fix missing module to "index" +if (empty($_GET['module'])) $_GET['module'] = "index"; + +// Secure action/what if present if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']); if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']); -if (empty($_GET['module'])) $_GET['module'] = "index"; // Secure the module name (very important line!) -$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES); +$GLOBALS['module'] = secureString($_GET['module']); // Needed include files require ("inc/config.php"); // Check if logged in -if (IS_LOGGED_IN()) -{ +if (IS_MEMBER()) { // Is still logged in so we welcome him with his name - $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load surname and family's name and build the username list($s, $f) = SQL_FETCHROW($result); $username = $s." ".$f; - // Update only cookies and no login data! - UPDATE_LOGIN_DATA(false); - } - else - { - - // Hmmm, logged in and no valid cookies??? + // Additionally admin? + if (IS_ADMIN()) { + // Add it + $username .= " ("._ADMIN_SHORT.")"; + } // END - if + } else { + // Hmmm, logged in and no valid userid? $username = ""._UNKNOWN.""; + + // Destroy session + destroy_user_session(); + + // Kill userid + $GLOBALS['userid'] = 0; } // Free memory SQL_FREERESULT($result); -} - elseif (IS_ADMIN()) -{ +} elseif (IS_ADMIN()) { + // Admin is there $username = _ADMIN; -} - else -{ +} else { // He's a guest, hello there... ;-) $username = _GUEST; } @@ -94,13 +98,10 @@ include (PATH."inc/header.php"); // Modules are by default not valid! $MOD_VALID = false; $check = "failed"; -if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) -{ +if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) { // Maintain mode is active and you are no admin ADD_FATAL(LANG_DOWN_MAINTAINCE); -} - elseif (($link) && ($db) && (sizeof($FATAL) == 0)) -{ +} elseif (($link) && ($db) && (sizeof($FATAL) == 0)) { // Did we found the module listed in allowed modules and are we successfully connected? $check = CHECK_MODULE($GLOBALS['module']); switch ($check) @@ -109,21 +110,16 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I case "mem_only": case "done": // Construct module name - define('__MODULE', sprintf(PATH."inc/modules/%s.php", $GLOBALS['module'])); + define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module']))); // Does the module exists on local file system? - if (((file_exists(__MODULE)) || (!empty($URL))) && (sizeof($FATAL) == 0)) - { + if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) { // Module is valid, active and located on the local disc... $MOD_VALID = true; - } - elseif (!empty($URL)) - { + } elseif (!empty($URL)) { // An URL was specified so we load the de-referrer module - include (PATH."inc/loader.php"); - } - elseif (sizeof($FATAL) == 0) - { + LOAD_URL(DEREFERER($URL)); + } elseif (sizeof($FATAL) == 0) { ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2); } break; @@ -133,7 +129,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I break; case "locked": - if (!file_exists(PATH."inc/modules/".$GLOBALS['module'].".php")) + if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php")) { // Module does addionally not exists ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2); @@ -152,8 +148,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I ADD_FATAL(MYSQL_ERRORS); } -if ($MOD_VALID) -{ +if ($MOD_VALID) { ///////////////////////////////////////////// // Main including line DO NOT REMOVE/EDIT! // /////////////////////////////////////////////