"; // Do we need to do this? I guess it enforces consistancy $php = strtolower($page); if (alive($php)) { // A little sanity checking $php = str_replace("..","",$php); $php = str_replace(":","",$php); if (substr($php,0,6) == "admin/") { $file = substr($php,6); $sql = "SELECT * FROM Permissions WHERE AccountID = '$userdata[ID]' && Page = '$file'"; if (mysql_num_rows(querydb($sql)) == 0) { notice("You do not have permission to view that page",$MSG_ERROR); $php = ""; } } $php .= ".php"; if (file_exists($php)) { include($php); $nopage = false; } else { $nopage = true; } } else { $nopage = true; } if ($nopage) { include("profile.php"); } echo ""; } else { include("loginform.php"); } // Dumps closing HTML, closes database include("end.php"); ?>