// security_localphp prevents any nasties, and then we check the the page exists.
$page_valid = 0;
if (!security_localphp($page)) {
log_write("error", "index", "Sorry, the requested page could not be found - please check your URL.");
} else {
if (!@file_exists($page)) {
log_write("error", "index", "Sorry, the requested page could not be found - please check your URL.");
} else {
/*
Load the page
*/
log_debug("index", "Loading page {$page}");
// include PHP code
include $page;
// create new page object
$page_obj = new page_output();
// page is valid
$page_valid = 1;
}
}
/*
Check if a custom theme has been selected and set the path variable accordingly.
*/
if (isset($_SESSION["user"]["theme"])) {
$folder = sql_get_singlevalue("SELECT theme_name AS value FROM themes WHERE id = '" . $_SESSION["user"]["theme"] . "'");
} else {
$folder = sql_get_singlevalue("SELECT t.theme_name AS value FROM themes t, config c WHERE c.name = 'THEME_DEFAULT' AND c.value = t.id");
}
// create path
$theme_path = "themes/" . $folder . "/";
?>
}
}
// get the mode to display
$mode = @security_script_input("/^[a-z]*\$/", $_GET["mode"]);
if (!$mode) {
die("No mode supplied!");
}
/*
Load the page
*/
if ($page_valid == 1) {
log_debug("index", "Loading page {$page}");
// include PHP code
include $page;
// create new page object
$page_obj = new page_output();
// check permissions
if ($page_obj->check_permissions()) {
/*
Check data
*/
$page_valid = $page_obj->check_requirements();
/*
Run page logic, provided that the data was valid
*/
if ($page_valid) {
$page_obj->execute();
}
} else {
// user has no valid permissions
$page_valid = 0;
