Also hier mal die komplette index.php
Code:
<?
if (isset ($_GET['content']) && !empty ($_GET['content'])) {
if (strpos ($_GET['content'], '../') !== FALSE) die ('Zugriffsverletzung !');
if ($_GET['content']{0} != '/') $_GET['content'] = '/'.$_GET['content'];
}
require ( './lib/header.php' );
require ( './content'.$_GET['content'].'.php' );
require ( './lib/footer.php' );
?>
und hier mal der Anfang der /lib/header.php
Code:
<?
require ('lib/functions.lib.php');
db_connect();
require ('lib/session.lib.php');
require ('lib/layout.lib.php');
require ( 'lib/extras.lib.php' );
if (!isset($_GET['content']) || empty ($_GET['content'])) $_GET['content'] = '/intern/startseite';
if (!file_exists('content'.$_GET['content'].'.php')) $_GET['content'] = '/error/keine_seite';
if ($_SESSION['uid'] > 0) {
$start_reload = db_query("SELECT * FROM ".$db_prefix."_reloads WHERE uid =
'".$_SESSION['uid']."' and tan = 'startseitenaufruf' and bis >=
'".time()."'");
if (!mysql_num_rows($start_reload)) { $startanzeige = ' <font
color="#008000">Bereit</font>';} else {$startanzeige = ' <font
color="#FF0000">Reload</font>';}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
....