} // global SQL instance to be used by modules $_sql = new sqlClass(); $_sql->connect($sqlInfo); // we need to be connected to a database if (TRUE != $_sql->connected) { die; } // initialize a session for modules $_session = new sessionsClass(); session_start(); // initialize a user instance for modules $_user = new userClass(); // populate session if necessary if (!isset($_SESSION['user']['id'])) { $_SESSION['user'] = $_user->get(); } // assign anonymous privileges if (defined('ALLOW_ANONYMOUS') && @ALLOW_ANONYMOUS == 1) { $USER_LEVELS_ARRAY[0]['name'] = "anonymous"; $USER_LEVELS_ARRAY[0]['privileges'] = defined('ANON_PRIVS') ? @ANON_PRIVS : 0; } /* this is basically where stuff starts happening. any content to be rendered by the site will be loaded from modules, which are all accessed through the engine. we want to make sure to prevent any kind of directory traversal attacks, buffer overflows, or what have you by limiting the characters allowed for module names. if the site is accessed without referencing a module, or a module name is determined to be illegal or nonexistent, the default module page will be loaded, as determined by $module */ $module = 'main'; if (isset($_GET['module']) && strlen(@$_GET['module']) <= 15) { $module = preg_match('/[^a-zA-Z0-9]/', @$_GET['module']) ? 'main' : @$_GET['module']; }