X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=modules.php;h=f8c1a88e383c282ba09f5e0b85ddaccd413db36b;hp=8368d269c1bfd7b44c8ba4f57d4c649a744287b9;hb=a17a898cb487fbc80e580d0b7e51f92327f2ea21;hpb=ae80e170b5d25a4782af90a7c3d81fbb176fa293

diff --git a/modules.php b/modules.php
index 8368d269c1..f8c1a88e38 100644
--- a/modules.php
+++ b/modules.php
@@ -31,11 +31,11 @@
  * MA  02110-1301  USA                                                  *
  ************************************************************************/
 
-// APD call (if you have this apache extension and want to debug this script for us)
-//apd_set_pprof_trace();
+// XDEBUG call
+//xdebug_start_trace();
 
 // Load security stuff here (Oh, I hope this is not unsecure? Am I paranoia??? ;-) )
-require_once ("inc/libs/security_functions.php");
+require_once("inc/libs/security_functions.php");
 
 // Init "action" and "what"
 global $what, $action, $startTime;
@@ -44,37 +44,49 @@ $CSS = 0;
 $GLOBALS['what'] = ""; $GLOBALS['action'] = "";
 $GLOBALS['userid'] = 0;
 
+// Fix missing module to "index"
+if (empty($_GET['module'])) $_GET['module'] = "index";
+
+// Secure action/what if present
 if (!empty($_GET['action'])) $GLOBALS['action'] = secureString($_GET['action']);
 if (!empty($_GET['what'])) $GLOBALS['what'] = secureString($_GET['what']);
-if (empty($_GET['module'])) $_GET['module'] = "index";
 
 // Secure the module name (very important line!)
-$GLOBALS['module'] = htmlentities(strip_tags($_GET['module']), ENT_QUOTES);
+$GLOBALS['module'] = secureString($_GET['module']);
 
 // Needed include files
-require ("inc/config.php");
+require("inc/config.php");
 
 // Check if logged in
 if (IS_MEMBER()) {
 	// Is still logged in so we welcome him with his name
-	$result = SQL_QUERY_ESC("SELECT surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+	$result = SQL_QUERY_ESC("SELECT surname, family FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
 	 array($GLOBALS['userid']), __FILE__, __LINE__);
 	if (SQL_NUMROWS($result) == 1) {
 		// Load surname and family's name and build the username
 		list($s, $f) = SQL_FETCHROW($result);
 		$username = $s." ".$f;
 
-		// Update only cookies and no login data!
-		UPDATE_LOGIN_DATA(false);
+		// Additionally admin?
+		if (IS_ADMIN()) {
+			// Add it
+			$username .= " ("._ADMIN_SHORT.")";
+		} // END - if
 	} else {
-
-		// Hmmm, logged in and no valid cookies???
+		// Hmmm, logged in and no valid userid?
 		$username = "<I>"._UNKNOWN."</I>";
+
+		// Destroy session
+		destroy_user_session();
+
+		// Kill userid
+		$GLOBALS['userid'] = 0;
 	}
 
 	// Free memory
 	SQL_FREERESULT($result);
 } elseif (IS_ADMIN()) {
+	// Admin is there
 	$username = _ADMIN;
 } else {
 	// He's a guest, hello there... ;-)
@@ -86,7 +98,7 @@ include (PATH."inc/header.php");
 
 // Modules are by default not valid!
 $MOD_VALID = false; $check = "failed";
-if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) {
+if ((getConfig('maintenance') == "Y") && (!IS_ADMIN()) && ($GLOBALS['module'] != "admin")) {
 	// Maintain mode is active and you are no admin
 	ADD_FATAL(LANG_DOWN_MAINTAINCE);
 } elseif (($link) && ($db) && (sizeof($FATAL) == 0)) {
@@ -98,7 +110,7 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I
 	case "mem_only":
 	case "done":
 		// Construct module name
-		define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, $GLOBALS['module']));
+		define('__MODULE', sprintf("%sinc/modules/%s.php", PATH, SQL_ESCAPE($GLOBALS['module'])));
 
 		// Does the module exists on local file system?
 		if ((FILE_READABLE(__MODULE)) && (sizeof($FATAL) == 0)) {
@@ -117,33 +129,33 @@ if ((!empty($_CONFIG['maintenance'])) && ($_CONFIG['maintenance'] == "Y") && (!I
 		break;
 
 	case "locked":
-		if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php"))
-		{
+		if (!FILE_READABLE(PATH."inc/modules/".$GLOBALS['module'].".php")) {
 			// Module does addionally not exists
 			ADD_FATAL(LANG_MOD_REG_404_1.$GLOBALS['module'].LANG_MOD_REG_404_2);
-		}
+		} // END - if
+
+		// Add fatal message
 		ADD_FATAL(LANG_MOD_LOCKED_1.$GLOBALS['module'].LANG_MOD_LOCKED_2);
 		break;
 
 	default:
+		DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown status %s return from module check. Module=%s", $check, $GLOBALS['module']));
 		ADD_FATAL(LANG_MOD_UNKNOWN_1.$check.LANG_MOD_UNKNOWN_2);
 		break;
 	}
-}
- elseif (sizeof($FATAL) == 0)
-{
+} elseif (sizeof($FATAL) == 0) {
 	// MySQL problems!
 	ADD_FATAL(MYSQL_ERRORS);
 }
 
-if ($MOD_VALID) {
+if (($MOD_VALID) && (defined('__MODULE'))) {
 	/////////////////////////////////////////////
 	// Main including line DO NOT REMOVE/EDIT! //
 	/////////////////////////////////////////////
 	//
 	// Everything is okay so we can load the module
 	include (__MODULE);
-}
+} // END - if
 
 // Next-to-end add the footer
 include (PATH."inc/footer.php");