MadCollector Code

<?php
/* This file is part of Madcollector.
 * Madcollector created by Thomas Andrieu,
 * Developped by Thomas Andrieu.
 * Madcollector is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation.

 * Madcollector is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */
session_start(); 

if(($_SESSION['id_user'] == "")||(!isset($_SESSION['id_user'])))
     header("Location:../index.php");
if($_SESSION['level']<3)
     header("Location:../index.php");
$idUser =  $_SESSION['id_user'];

define("DATA", "data/");
define("VIEWS", "views/");
define("LIBS", "../libs/");
define("DAO", "../dao/");
define("CLASSES", "../classes/");


require_once LIBS.'functions.php';
require_once DAO.'dao.php';
require_once DAO.'settings.dao.php';

require_once '../cfg/param.php';	// Config file

if(!isset($_GET['rub'])) $_GET['rub'] = "";
if(!isset($_GET['lang'])) $_GET['lang'] = "";
if(!isset($_GET['letter'])) $_GET['letter'] = "";
if(!isset($_GET['page'])) $_GET['page'] = "";
if(!isset($_GET['enreg'])) $_GET['enreg'] = "";
if(!isset($_GET['format'])) $_GET['format'] = "";

$mySettingsDAO = new SettingsDAO();

//Usual GET parameters
//--------------
$letter = substr($_GET['letter'],0,1);
$page = $_GET['page'];
$nbrEnregPage = $_GET['enreg'];

if(($letter == "")||(!isset($letter)))
$letter = ".";
if($letter == "%")
$letter = "[0-9]";

if(($page == "")||(!isset($page))||(!is_numeric($page)))
$page = "1";
if((!isset($_SESSION['NbrEnregPage']))||(!is_numeric($_SESSION['NbrEnregPage'])))
$_SESSION['NbrEnregPage'] = 50;
if(($nbrEnregPage == "")||(!isset($nbrEnregPage))||(!is_numeric($_SESSION['NbrEnregPage'])))
$nbrEnregPage = $_SESSION['NbrEnregPage'];
else $_SESSION['NbrEnregPage'] = $nbrEnregPage;


$dbconnector = null;
$dbconnector = maddb_connect($cfg_database_driver,$cfg_host,$cfg_database,$cfg_user,$cfg_password);

//Disabling magic_quotes
disable_magic_quotes();

$error_messages = array();

//Language in mc_settings
if ((!isset($_SESSION['lang']))||($_SESSION['lang']=="")) 
{
	$_SESSION['lang']=$table_settings["default_language"];
	//Without any default language, force to English
	if($_SESSION['lang']=="")
		$_SESSION['lang']="en";
}
// Language
if($_GET['lang']!=""){$_SESSION['lang']=$_GET['lang'];}
if(isset($_SESSION['lang'])) $lang=$_SESSION['lang'];
include '../locales/'.$lang.'/locale.'.$lang.".php"; // exemple "locales/fr/locale.fr with fr as $lang variable


$rub=$_GET['rub'];
// Array with authorized pages
$arrayAllowedIncludes=array();
if ($dh = opendir(DATA)) 
{
	while (($file = readdir($dh)) !== false)
		if (substr($file, strlen($file) - 8) == '.inc.php') 
			array_push($arrayAllowedIncludes, $file);
}
closedir($dh);

//Process the global settings POST data before reloading them
if (isset($rub) && ($rub=="settings")) {
	include DATA.$rub.".post.php";
}
//Getting main settings
$select_settings = $mySettingsDAO->get_site_settings();
for($i=0;$i<sizeOf($select_settings);$i++)
{ 
	$key = $select_settings[$i]["setting_name"];
	$table_settings[$key] = $select_settings[$i]["setting_value"];
}

if (isset($rub) && in_array($rub.".inc.php", $arrayAllowedIncludes)) {
	$pageInclude = DATA.$rub.".inc.php";
} else $pageInclude = DATA."default.inc.php";

include $pageInclude; 
?>