Also hier mal die komplette index.php
und hier mal der Anfang der /lib/header.phpCode:<? if (isset ($_GET['content']) && !empty ($_GET['content'])) { if (strpos ($_GET['content'], '../') !== FALSE) die ('Zugriffsverletzung !'); if ($_GET['content']{0} != '/') $_GET['content'] = '/'.$_GET['content']; } require ( './lib/header.php' ); require ( './content'.$_GET['content'].'.php' ); require ( './lib/footer.php' ); ?>
Code:<? require ('lib/functions.lib.php'); db_connect(); require ('lib/session.lib.php'); require ('lib/layout.lib.php'); require ( 'lib/extras.lib.php' ); if (!isset($_GET['content']) || empty ($_GET['content'])) $_GET['content'] = '/intern/startseite'; if (!file_exists('content'.$_GET['content'].'.php')) $_GET['content'] = '/error/keine_seite'; if ($_SESSION['uid'] > 0) { $start_reload = db_query("SELECT * FROM ".$db_prefix."_reloads WHERE uid = '".$_SESSION['uid']."' and tan = 'startseitenaufruf' and bis >= '".time()."'"); if (!mysql_num_rows($start_reload)) { $startanzeige = ' <font color="#008000">Bereit</font>';} else {$startanzeige = ' <font color="#FF0000">Reload</font>';} } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> ....
Zitieren