}
// global SQL instance to be used by modules
$_sql = new sqlClass();
$_sql->connect($sqlInfo);
// we need to be connected to a database
if (TRUE != $_sql->connected) {
die;
}
// initialize a session for modules
$_session = new sessionsClass();
session_start();
// initialize a user instance for modules
$_user = new userClass();
// populate session if necessary
if (!isset($_SESSION['user']['id'])) {
$_SESSION['user'] = $_user->get();
}
// assign anonymous privileges
if (defined('ALLOW_ANONYMOUS') && @ALLOW_ANONYMOUS == 1) {
$USER_LEVELS_ARRAY[0]['name'] = "anonymous";
$USER_LEVELS_ARRAY[0]['privileges'] = defined('ANON_PRIVS') ? @ANON_PRIVS : 0;
}
/* this is basically where stuff starts happening. any content to be rendered by the site will be loaded from
modules, which are all accessed through the engine. we want to make sure to prevent any kind of directory
traversal attacks, buffer overflows, or what have you by limiting the characters allowed for module names. if the
site is accessed without referencing a module, or a module name is determined to be illegal or nonexistent, the
default module page will be loaded, as determined by $module */
$module = 'main';
if (isset($_GET['module']) && strlen(@$_GET['module']) <= 15) {
$module = preg_match('/[^a-zA-Z0-9]/', @$_GET['module']) ? 'main' : @$_GET['module'];
}
