X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=modules.php;h=72cd6943e0f2197d24ebd203a41ac0a52eebf8f9;hp=5850e441720b2acc798e9fc2345df95222e01025;hb=c317b059bf0a1acb3171c4e3255afcce48795947;hpb=105acbe19037f756a0902e990836133bcd993d13 diff --git a/modules.php b/modules.php index 5850e44172..72cd6943e0 100644 --- a/modules.php +++ b/modules.php @@ -31,8 +31,8 @@ * MA 02110-1301 USA * ************************************************************************/ -// APD call (if you have this apache extension and want to debug this script for us) -//apd_set_pprof_trace(); +// XDEBUG call +//xdebug_start_trace(); // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) ) require_once ("inc/libs/security_functions.php"); @@ -44,18 +44,21 @@ $CSS = 0; $GLOBALS['what'] = ""; $GLOBALS['action'] = ""; $GLOBALS['userid'] = 0; +// Fix missing module to "index" +if (empty($_GET['module'])) $_GET['module'] = "index"; + +// Secure action/what if present if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']); if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']); -if (empty($_GET['module'])) $_GET['module'] = "index"; // Secure the module name (very important line!) -$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES); +$GLOBALS['module'] = secureString($_GET['module']); // Needed include files require ("inc/config.php"); // Check if logged in -if (IS_LOGGED_IN()) { +if (IS_MEMBER()) { // Is still logged in so we welcome him with his name $result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); @@ -64,10 +67,12 @@ if (IS_LOGGED_IN()) { list($s, $f) = SQL_FETCHROW($result); $username = $s." ".$f; - // Update only cookies and no login data! - UPDATE_LOGIN_DATA(false); + // Additionally admin? + if (IS_ADMIN()) { + // Add it + $username .= " ("._ADMIN_SHORT.")"; + } // END - if } else { - // Hmmm, logged in and no valid cookies??? $username = ""._UNKNOWN.""; } @@ -101,7 +106,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module'])); // Does the module exists on local file system? - if (((file_exists(__MODULE)) && (is_readable(__MODULE))) && (sizeof($FATAL) == 0)) { + if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) { // Module is valid, active and located on the local disc... $MOD_VALID = true; } elseif (!empty($URL)) { @@ -117,7 +122,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I break; case "locked": - if (!file_exists(PATH."inc/modules/".$GLOBALS['module'].".php")) + if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php")) { // Module does addionally not exists ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);