| 1 | <?php | <> | 1 | <?php // $Id: modules.php,v 1.2 2005/03/26 23:39:26 tora60 Exp $ |
| 2 | 2 | /************************************ | ||
| 3 | /************************************************************************/ | 3 | pragmaMx Content Management System | |
| 4 | /* PHP-NUKE: Advanced Content Management System */ | 4 | Copyright (c) 2005 pragmaMx Dev Team - http://pragmaMx.org | |
| 5 | /* ============================================ */ | 5 | *********************************** | |
| 6 | /* */ | |||
| 7 | /* Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com) */ | |||
| 8 | /* http://phpnuke.org */ | |||
| 9 | /* */ | |||
| 10 | /* This program is free software. You can redistribute it and/or modify */ | 6 | This program is free software; you can redistribute it and/or modify | |
| 11 | /* it under the terms of the GNU General Public License as published by */ | 7 | it under the terms of the GNU General Public License as published by | |
| 12 | /* the Free Software Foundation; either version 2 of the License. */ | 8 | the Free Software Foundation; either version 2 of the License, or | |
| 13 | /************************************************************************/ | 9 | (at your option) any later version. | |
| 10 | *********************************** | |||
| 11 | $Source: /cvsroot/pragmamx/stable/modules.php,v $ | |||
| 12 | $Revision: 1.2 $ | |||
| 13 | $Author: tora60 $ | |||
| 14 | $Date: 2005/03/26 23:39:26 $ | |||
| 15 | ************************************/ | |||
| 14 | = | 16 | ||
| -+ | 17 | define("mxModFileLoaded","1"); | ||
| 18 | if(!defined("MX_TIME")) { | |||
| 19 | $vstarttime = explode(" ",microtime()); | |||
| 20 | define("MX_TIME",(float)$vstarttime[1] + (float)$vstarttime[0]); | |||
| 21 | unset($vstarttime); | |||
| 22 | } | |||
| 23 | // nur zum initialisieren der Variablen, wird durch das Modul überschrieben | |||
| 24 | $GLOBALS['index'] = 0; | |||
| = | 25 | |||
| 15 | require_once("mainfile.php"); | 26 | require_once("mainfile.php"); | |
| 16 | 27 | |||
| 17 | if (isset($name)) { | <> | 28 | if (!isset($_REQUEST['name'])) { |
| 29 | mxErrorScreen("Sorry, you can't access this file directly, parameter 'name' is required...", _ACCESSDENIED); | |||
| 18 | 30 | } | ||
| 19 | $result = sql_query("select active, view from ".$prefix."_modules where title='$name'", $dbi); | 31 | ||
| 20 | list($mod_active, $view) = sql_fetch_row($result, $dbi); | 32 | $name = $_REQUEST['name']; | |
| 21 | if (($mod_active == 1) OR ($mod_active == 0 AND is_admin($admin) OR ($name == "Content"))) { | 33 | $op = (isset($_REQUEST['op'])) ? $_REQUEST['op'] : "modload"; | |
| 22 | if (!isset($mop)) { $mop="modload"; } | 34 | $mop = (isset($_REQUEST['mop'])) ? $_REQUEST['mop'] : "modload"; | |
| 23 | if (!isset($file)) { $file="index"; } | 35 | $mod_file = (isset($_REQUEST['mod_file'])) ? trim($_REQUEST['mod_file']) : "index"; | |
| 24 | if (ereg("\.\.",$name) || ereg("\.\.",$file)) { | 36 | $file = (isset($_REQUEST['file'])) ? trim($_REQUEST['file']) : "index"; | |
| 25 | echo "You are so cool..."; | 37 | $func = (isset($_REQUEST['func'])) ? $_REQUEST['func'] : ""; | |
| 26 | } else { | 38 | ||
| 27 | if ($view == 0) { | 39 | // pruefen von ungueltigen request-Variablen | |
| 28 | $modpath="modules/$name/$file.php"; | 40 | if ($file!='index' || $mod_file!='index' || $mop!='modload') { | |
| 29 | if (file_exists($modpath)) { | 41 | preg_match("#(:)|(\.\.)|(\/)|(\\\)#",$file.$mod_file.$mop, $a); | |
| 30 | include($modpath); | 42 | if (count($a)) { | |
| 43 | mxYoubad("Bad Request"); | |||
| 31 | } else { | 44 | die(); | |
| 32 | die ("Sorry, such file doesn't exist..."); | |||
| 33 | } | = | 45 | } |
| 34 | } | <> | 46 | } |
| 35 | if ($view == 1 AND is_user($user) || is_admin($admin)) { | |||
| 36 | $modpath="modules/$name/$file.php"; | |||
| 37 | if (file_exists($modpath)) { | |||
| 38 | include($modpath); | |||
| 39 | } else { | 47 | ||
| 40 | die ("Sorry, such file doesn't exist..."); | 48 | /// Ausgabe der Informationen des vkp-Developer-Team | |
| 41 | } | 49 | /// Das Entfernen der Zeilen verhindert nicht die Ausgabe, | |
| 42 | } elseif ($view == 1 AND !is_user($user) || !is_admin($admin)) { | 50 | /// zerstört aber das Layout der Seite | |
| 43 | $pagetitle = "- "._ACCESSDENIED.""; | 51 | if ($name == 'mxcredit') { | |
| 44 | include("header.php"); | 52 | include("header.php"); | |
| 45 | title("$sitename: "._ACCESSDENIED.""); | |||
| 46 | OpenTable(); | 53 | OpenTable(); | |
| 47 | echo "<center><b>"._RESTRICTEDAREA."</b><br><br>" | 54 | echo "<div align='left' style='height: 530px; overflow: auto; width: 100%;'>"; | |
| 48 | .""._MODULEUSERS."" | 55 | echo mxInfo(); | |
| 49 | .""._GOBACK.""; | 56 | echo "</div>"; | |
| 50 | CloseTable(); | 57 | CloseTable(); | |
| 51 | include("footer.php"); | 58 | include("footer.php"); | |
| 52 | die(); | 59 | die(); | |
| 53 | } | 60 | } | |
| 54 | if ($view == 2 AND is_admin($admin)) { | 61 | ||
| 55 | $modpath="modules/$name/$file.php"; | 62 | $isseradmin = mxIsAdmin(); // ist Admin ? | |
| 56 | if (file_exists($modpath)) { | 63 | $isseruser = mxIsUser(); // ist User ? | |
| 57 | include($modpath); | 64 | ||
| 65 | //// phpBB2 port to VKP | |||
| 66 | $GLOBALS["nukeuser"] = ($isseruser) ? base64_decode(mxSessionGetVar("user")) : ""; | |||
| 67 | //// end phpBB2 port to VKP | |||
| 58 | } else { | 68 | ||
| 59 | die ("Sorry, such file doesn't exist..."); | 69 | $qry = "select mid, title, active, view from ".$prefix."_modules where title='".mxAddSlashesForSQL($name)."'"; | |
| 70 | $result = sql_query($qry); | |||
| 71 | if (!is_resource($result)) { | |||
| 72 | $msg = ($isseradmin) ? "Unable to select from Database (table: ".$prefix."_modules)!" : "<b>"._MODULENOTACTIVE."</b><br>"; | |||
| 73 | mxErrorScreen($msg); | |||
| 60 | } | 74 | } | |
| 61 | } elseif ($view == 2 AND !is_admin($admin)) { | 75 | ||
| 62 | $pagetitle = "- "._ACCESSDENIED.""; | 76 | list($mod_id, $mod_title, $mod_active, $mod_view) = sql_fetch_row($result); | |
| 63 | include("header.php"); | 77 | $modfile = "modules/".$mod_title."/".$file.".php"; // $mod_title verwenden wegen Gross/Kleinschreibung | |
| 64 | title("$sitename: "._ACCESSDENIED.""); | 78 | $file = (@file_exists($modfile)) ? $file : "index"; | |
| 79 | $modfile = "modules/".$mod_title."/".$file.".php"; | |||
| 65 | OpenTable(); | 80 | ||
| 66 | echo "<center><b>"._RESTRICTEDAREA."</b><br><br>" | 81 | if ((($mod_active != 1) && (!$isseradmin) && ($mod_title != "Content")) || empty($mod_id)) { | |
| 67 | .""._MODULESADMINS."" | 82 | mxErrorScreen("<b>"._MODULENOTACTIVE."</b><br>", _MODULENOTACTIVE); | |
| 68 | .""._GOBACK.""; | 83 | } | |
| 84 | else if (!@file_exists($modfile)) { | |||
| 85 | $msg = ($isseradmin) ? "Sorry, the file '$modfile' doesn't exist!" : "Sorry, such file doesn't exist..."; | |||
| 86 | mxErrorScreen($msg); | |||
| 69 | CloseTable(); | 87 | } | |
| 70 | include("footer.php"); | 88 | else if ($mod_view == 2 && !$isseradmin) { | |
| 89 | mxErrorScreen("<b>"._RESTRICTEDAREA."</b><br><br>"._MODULESADMINS."", _ACCESSDENIED); | |||
| 71 | die(); | 90 | } | |
| 91 | else if ($mod_view == 1 && !$isseradmin && !$isseruser) { | |||
| 92 | mxErrorScreen("<b>"._RESTRICTEDAREA."</b><br><br>"._MODULEUSERS."", _ACCESSDENIED); | |||
| 72 | } | 93 | } | |
| 94 | else if ($mod_view == 1 && !$isseradmin && !mxModuleAllowed($mod_title)) { | |||
| 95 | mxErrorScreen("<b>"._GROUPRESTRICTEDAREA."</b><br>", _ACCESSDENIED); | |||
| 73 | } | = | 96 | } |
| 74 | } else { | <> | 97 | else { |
| 75 | include("header.php"); | 98 | unset($isseradmin); | |
| 76 | OpenTable(); | 99 | unset($isseruser); | |
| 77 | echo "<center>"._MODULENOTACTIVE."<br><br>" | 100 | unset($result); | |
| 78 | .""._GOBACK."</center>"; | |||
| 79 | CloseTable(); | 101 | unset($mod_view); | |
| 80 | include("footer.php"); | 102 | unset($mod_active); | |
| 81 | } | 103 | unset($mod_title); | |
| 82 | } else { | 104 | unset($mod_id); | |
| 83 | die ("Sorry, you can't access this file directly..."); | 105 | include_once($modfile); | |
| 84 | } | 106 | } | |
| 85 | = | 107 | ||
| 86 | ?> | 108 | ?> |