From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/content.php |   22 +++++++++++++---------
 1 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/interface/web/content.php b/interface/web/content.php
index 9e6382d..52ea216 100644
--- a/interface/web/content.php
+++ b/interface/web/content.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -31,15 +31,20 @@
 require_once('../lib/config.inc.php');
 require_once('../lib/app.inc.php');
 
+/*
 $module = $_REQUEST["s_mod"];
 $page = $_REQUEST["s_pg"];
+*/
 
-if(!preg_match("/^[a-z]{0,20}$/i", $module)) die('module name contains unallowed chars.');
-if(!preg_match("/^[a-z]{0,20}$/i", $page)) die('page name contains unallowed chars.');
+$module = 'login';
+$page = 'index';
 
-if(is_file("$module/$page.php")) {
+if(!preg_match("/^[a-z]{2,20}$/i", $module)) die('module name contains unallowed chars.');
+if(!preg_match("/^[a-z]{2,20}$/i", $page)) die('page name contains unallowed chars.');
+
+if(is_file(ISPC_WEB_PATH."/$module/$page.php")) {
 	
-	include_once("$module/$page.php");
+	include_once(ISPC_WEB_PATH."/$module/$page.php");
 
 	$classname = $module.'_'.$page;
 	$page = new $classname();
@@ -54,8 +59,8 @@
 		if(!preg_match("/^[a-z]{2,20}$/i", $module)) die('target module name contains unallowed chars.');
 		if(!preg_match("/^[a-z]{2,20}$/i", $page)) die('target page name contains unallowed chars.');
 		
-		if(is_file("$module/$page.php")) {
-			include_once("$module/$page.php");
+		if(is_file(ISPC_WEB_PATH."/$module/$page.php")) {
+			include_once(ISPC_WEB_PATH."/$module/$page.php");
 			
 			$classname = $module.'_'.$page;
 			$page = new $classname();
@@ -70,8 +75,7 @@
 	
 } elseif (is_array($_SESSION["s"]['user']) or is_array($_SESSION["s"]["module"])) {
 	// If the user is logged in, we try to load the default page of the module
-	die('hhhhh');
-	
+	die('- error -');
 } else {
 	die('Page does not exist.');
 }

--
Gitblit v1.9.1