From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/capp.php |   53 +++++++++++++++++++++--------------------------------
 1 files changed, 21 insertions(+), 32 deletions(-)

diff --git a/interface/web/capp.php b/interface/web/capp.php
index 68dbda0..4512391 100644
--- a/interface/web/capp.php
+++ b/interface/web/capp.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -31,47 +31,36 @@
 require_once('../lib/config.inc.php');
 require_once('../lib/app.inc.php');
 
-// importiere Modul
+//* Import module variable
 $mod = $_REQUEST["mod"];
+//* If we click on a search result, load that one instead of the module's start page
+$redirect = (isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : '');
 
-// Checke ob User eingeloggt
-if(!is_array($_SESSION["s"]["user"])) header("Location: index.php?phpsessid=".$_SESSION["s"]["id"]);
+//* Check if user is logged in
+if($_SESSION["s"]["user"]['active'] != 1) {
+	die("URL_REDIRECT: /index.php");
+	//die();
+}
 
-// checke ob User Modul verwenden darf
+if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
+
+//* Check if user may use the module.
 $user_modules = explode(",",$_SESSION["s"]["user"]["modules"]);
 
 if(!in_array($mod,$user_modules)) $app->error($app->lng(301));
 
-// lade Moduldaten in Session
+//* Load module configuration into the session.
 if(is_file($mod."/lib/module.conf.php")) {
 	include_once($mod."/lib/module.conf.php");
 	$_SESSION["s"]["module"] = $module;
+	session_write_close();
+	if($redirect == ''){
+		echo "HEADER_REDIRECT:".$_SESSION["s"]["module"]["startpage"];
+	} else {
+		//* If we click on a search result, load that one instead of the module's start page
+		echo "HEADER_REDIRECT:".$redirect;
+	}
 } else {
 	$app->error($app->lng(302));
 }
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>42go</title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<script language= "JavaScript">
-  <!--Break out of frames
-  function breakout() {
-    if (top.frames.length > 0)
-	{
-    	top.location='index.php?phpsessid=<? echo $_SESSION["s"]["id"]?>';
-	}
-	else
-	{
-		window.location='index.php?phpsessid=<? echo $_SESSION["s"]["id"]?>';
-	}
-  }
-  //-->
-</script>
-</head>
-
-<body onLoad="breakout()">
-</body>
-</html>
+?>
\ No newline at end of file

--
Gitblit v1.9.1