39 $session->start(); |
39 $session->start(); |
40 |
40 |
41 if($session->user_logged_in) |
41 if($session->user_logged_in) |
42 { |
42 { |
43 $result = $pun_db->query( |
43 $result = $pun_db->query( |
44 'SELECT eu.*, u.*, eu.real_name AS realname, eu.user_level AS g_id, g.*, o.logged, o.idle |
44 'SELECT eu.*, u.*, eu.real_name AS realname, g.*, eu.user_level AS g_id, o.logged, o.idle |
45 FROM '.$pun_db->prefix.'users AS u |
45 FROM '.$pun_db->prefix.'users AS u |
46 LEFT JOIN '.table_prefix.'users AS eu |
46 LEFT JOIN '.table_prefix.'users AS eu |
47 ON eu.user_id=u.id |
47 ON eu.user_id=u.id |
48 INNER JOIN '.$pun_db->prefix.'groups AS g |
48 INNER JOIN '.$pun_db->prefix.'groups AS g |
49 ON u.group_id=g.g_id |
49 ON u.group_id=g.g_id |
236 // Generate the "navigator" that appears at the top of every page |
236 // Generate the "navigator" that appears at the top of every page |
237 // |
237 // |
238 function generate_navlinks() |
238 function generate_navlinks() |
239 { |
239 { |
240 global $pun_config, $lang_common, $pun_user; |
240 global $pun_config, $lang_common, $pun_user; |
|
241 global $db, $session, $paths, $template, $plugins; // Common objects |
241 |
242 |
242 // Index and Userlist should always be displayed |
243 // Index and Userlist should always be displayed |
243 $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>'; |
244 $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>'; |
244 $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>'; |
245 $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>'; |
245 |
246 |
246 if ($pun_config['o_rules'] == '1') |
247 if ($pun_config['o_rules'] == '1') |
247 $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>'; |
248 $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>'; |
248 |
249 |
249 if ($pun_user['is_guest']) |
250 if ( !$session->user_logged_in ) |
250 { |
251 { |
251 if ($pun_user['g_search'] == '1') |
252 if ($pun_user['g_search'] == '1') |
252 $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
253 $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
253 |
254 |
254 $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>'; |
255 $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>'; |
256 |
257 |
257 $info = $lang_common['Not logged in']; |
258 $info = $lang_common['Not logged in']; |
258 } |
259 } |
259 else |
260 else |
260 { |
261 { |
261 if ($pun_user['g_id'] < PUN_MOD) |
262 if ($pun_user['g_id'] < USER_LEVEL_ADMIN) |
262 { |
263 { |
263 if ($pun_user['g_search'] == '1') |
264 if ($pun_user['g_search'] == '1') |
264 $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
265 $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
265 |
266 |
266 $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
267 $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
640 // Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script |
641 // Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script |
641 // |
642 // |
642 function confirm_referrer($script) |
643 function confirm_referrer($script) |
643 { |
644 { |
644 global $pun_config, $lang_common; |
645 global $pun_config, $lang_common; |
645 |
646 |
646 if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '')))) |
647 $script = preg_replace('/\.php$/i', '', $script); |
|
648 |
|
649 if ( isset($_SERVER['HTTP_REFERER']) ) |
|
650 $referrer = strtolower($_SERVER['HTTP_REFERER']); |
|
651 |
|
652 $regex = '#^' . preg_quote(strtolower(str_replace('www.', '', $pun_config['o_base_url'])).'/'.$script, '#') . '#i'; |
|
653 $ref_check = str_replace('www.', '', (isset($referrer) ? $referrer : '')); |
|
654 |
|
655 if ( !preg_match($regex, $ref_check) ) |
647 message($lang_common['Bad referrer']); |
656 message($lang_common['Bad referrer']); |
648 } |
657 } |
649 |
658 |
650 |
659 |
651 // |
660 // |
818 { |
827 { |
819 global $pun_db, $pun_config, $lang_common, $pun_user; |
828 global $pun_db, $pun_config, $lang_common, $pun_user; |
820 |
829 |
821 if ($destination_url == '') |
830 if ($destination_url == '') |
822 $destination_url = 'index.php'; |
831 $destination_url = 'index.php'; |
|
832 |
|
833 if ( preg_match('/^admin_([a-z0-9_]+?)\.php$/i', $destination_url, $match) ) |
|
834 { |
|
835 $module = capitalize_first_letter($match[1]); |
|
836 $destination_url = makeUrlNS('Special', 'Forum/Admin_' . $module); |
|
837 } |
823 |
838 |
824 // If the delay is 0 seconds, we might as well skip the redirect all together |
839 // If the delay is 0 seconds, we might as well skip the redirect all together |
825 if ($pun_config['o_redirect_delay'] == '0') |
840 if ($pun_config['o_redirect_delay'] == '0') |
826 header('Location: '.str_replace('&', '&', $destination_url)); |
841 header('Location: '.str_replace('&', '&', $destination_url)); |
827 |
842 |