function bh_listmodulesdirectory($filepath)
{
global $bhcurrent, $bhsession;
# Get lists of modules it's allowed
$modrows = select_bhdb("modulesdirectory", array("status" => "1"), "");
$userobj = new bhuser($bhsession['username']);
# Go through and select those the user is allowed to access
foreach ($modrows as $modrow) {
if (bh_checkmodulepermission($modrow['module'], $userobj->type) == 1) {
if (bh_checkmodulefilepath($modrow['module'], $filepath, $bhsession['username']) == 1) {
# Special provision for the deletefolder module
if (!($modrow['module'] == "deletefolder" && ($filepath == "/" || $filepath == "" || $filepath == $userobj->homedir))) {
$allowedmods[$modrow['module']] = $modrow;
}
}
}
}
return $allowedmods;
}
$page = $_GET['page'];
if (empty($page)) {
$page = $_POST['page'];
}
if (empty($page)) {
$page = "main";
}
if (!file_exists("modules/" . $page . ".inc.php")) {
bh_log($bhlang['error:page_not_exist'], "BH_NOPAGE");
$page = "error";
}
### OK, now do security checks.
# Usertype check
if (bh_checkmodulepermission($page, $bhcurrent['userobj']->type) == 0) {
bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED");
bh_log($bhlang['error:access_denied'], "BH_ERROR");
$page = "error";
}
# fileperm check (if needed)
if (!empty($_GET['filepath'])) {
if (bh_checkmodulefilepath($page, $_GET['filepath'], $bhcurrent['userobj']->username) == 0) {
bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED");
bh_log($bhlang['error:access_denied'], "BH_ERROR");
$page = "error";
}
}
# Pass control to the requested page
require "modules/" . $page . ".inc.php";
# The End.
?>
