| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 |
- <?php
- /*
- *
- * OGP - Open Game Panel
- * Copyright (C) 2008 - 2018 The OGP Development Team
- *
- * http://www.opengamepanel.org/
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- */
- require_once('includes/helpers.php');
- navigation();
- function navigation() {
- global $db;
- if ( isset($_REQUEST['m']) )
- {
- if ( preg_match('[/|\\|;|\.]',$_REQUEST['m']) !== 0 )
- {
- // Unallowed characters found.
- print_failure("Unallowed characters found from m.");
- return;
- }
- // If module is not installed we must not allow access.
- if ( $db->isModuleInstalled($_REQUEST['m']) === FALSE )
- {
- print_failure(get_lang('module_not_installed'));
- return;
- }
- // If module dir does not exist there has been some error...
- if ( !is_dir( MODULES.$_REQUEST['m'] ) )
- {
- print_failure("Invalid module ".$_REQUEST['m'].".");
- return;
- }
- // There is navigation.xml file lets parse the information.
- if ( is_file( MODULES.$_REQUEST['m'].'/navigation.xml') )
- {
- $xml_navig = simplexml_load_file( MODULES.$_REQUEST['m'].'/navigation.xml' );
- if ( $xml_navig === FALSE )
- {
- print_failure("Invalid XML navigation file.");
- return;
- }
- // If the subpage is not defined we use the default page.
- $wanted_page = isset($_REQUEST['p']) ? $_REQUEST['p'] : "default";
-
- foreach ( $xml_navig->page as $page )
- {
- if ( $page["key"] != $wanted_page )
- continue;
- $access_groups = explode(",",$page['access']);
- if ( basename($_SERVER['PHP_SELF']) != "index.php" )
- {
- if( array_search($_SESSION['users_group'], $access_groups) === FALSE )
- {
- print_failure(get_lang('no_rights') );
- return;
- }
- }
- else
- {
- if( array_search("guest", $access_groups) === FALSE )
- {
- print_failure(get_lang('no_rights') );
- return;
- }
- }
- $include_file = MODULES.$_REQUEST['m'].'/'.$page['file'];
- if ( !is_file( $include_file ) )
- {
- print_failure("File (".$include_file.") missing from module.");
- return;
- }
- include_once( $include_file );
- if ( !function_exists( 'exec_ogp_module' ) )
- {
- print_failure("Missing module execute function.");
- return;
- }
- exec_ogp_module();
- return;
- }
- print_failure("Invalid subpage given.");
- return;
- }
- // If no navigation file then we load file with same filename than the module.
- else if ( is_file( MODULES.$_REQUEST['m'].'/'.$_REQUEST['m'].'.php') )
- {
- include( MODULES.$_REQUEST['m'].'/'.$_REQUEST['m'].'.php');
- if ( !function_exists( 'exec_ogp_module' ) )
- {
- print_failure("Missing module execute function.");
- return;
- }
- exec_ogp_module();
- }
- // If files above are not found then we print an error.
- else
- {
- print_failure("Invalid module ".$_REQUEST['m'].".");
- return;
- }
- }
- }
- ?>
|
