<?php
/**
 * @file modules.php -- Provides functions to load modules
 * @Id $Id: modules.php,v 1.14 2004/07/29 14:35:37 jason Exp $
 *
 * Cynus - a web-based content manager
 * Copyright (C) 2003 Brett and Jason Profitt
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */
 
#Require our main functions we need to survive
require_once('load_cynus.php');
cynus_debug ("Loaded modules.php", 3);

#Set file to the default
$file=set_default("index.php", $_GET['file']);

/********************
ERROR CHECKING
********************/

#Error if the module was left blank
if($_GET['module']=='') {cynus_error('You must specify a module.');}

#check if the module is installed
$query="SELECT * from `$config[sql_prefix]modules` WHERE `location`='$_GET[module]' AND `type`='module'";
$mod_check=mysql_request($query);
if($mod_check['id'] =='') {
	cynus_debug ('Module\'s id field is null.  Assuming it doesn\'t exist.', 2);
	#cynus_error('The requested module exists but is not installed.');
	cynus_error('The requested module does not exist.');
}

#Check for access level
if($user_config['level'] < $mod_check['min_level']) {
	cynus_debug ('User doesn\'t have proper access level for module.', 2);
	cynus_error('You do not have the appropriate access level to use this module.');
}

#check permissions
if(!verify_permission($mod_check['name'])) {
	cynus_debug ('User doesn\'t have permission to access module.', 2);
	cynus_error('You do not have permission to use this module.');
}

#we're searching for a "../" in the file or the module
#to ensure somebody doesn't go snooping where they don't need to be
if(strstr($_GET['module'], '../')) {
	cynus_debug ("Module path travels backwards.  {$_GET['module']}", 2);
	cynus_error('Your module path cannot traverse backwards through the modules.');
}
if(strstr($file, '../')) {
	cynus_debug ("File's path travels backwards.  {$file}", 2);
	cynus_error('Your module filename cannot traverse backwards through the module directory.');
}

#check that the module and file exist
if(!is_dir("$config[cynus_base_dir]/modules/$_GET[module]")) {
	cynus_debug ("Module not found: {$_GET['module']}", 2);
	cynus_error("The specified module, <b>$_GET[module]</b>, could not be found.");
}
if(!is_file("$config[cynus_base_dir]/modules/$_GET[module]/$file")) {
	cynus_debug ("File not found.  $file (in {$_GET['module']})", 2);
	cynus_error("The specified file, <b>$file</b>, could not be found in the module $_GET[module].");
}

/**************************
DONE ERROR CHECKING
*************************/

#Ok, everything has checked out fine, so let's require the module.
require_once("modules/$_GET[module]/$file");

#Now display the $content that the module has returned
do_header();
print $content;
do_footer();

#and for good measures...
exit;
?>