More updates, append sid to admin browsing

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3101 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/admin/pagestart.php

@@ -20,13 +20,13 @@
  *
  ***************************************************************************/
 
-if ( !defined('IN_PHPBB') )
+if (!defined('IN_PHPBB'))
 {
 	die("Hacking attempt");
 }
 
 define('IN_ADMIN', true);
-
+// Include files
 include($phpbb_root_path . 'common.'.$phpEx);
 
 //
@@ -37,18 +37,30 @@ init_userprefs($userdata);
 //
 // End session management
 //
-if( !$userdata['session_logged_in'] )
+
+if (!$userdata['session_logged_in'])
 {
 	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
 	header($header_location . '../' . append_sid("login.$phpEx?redirect=admin/"));
 	exit;
 }
-else if( $userdata['user_level'] != ADMIN )
+else if ($userdata['user_level'] != ADMIN)
 {
 	message_die(GENERAL_MESSAGE, $lang['Not_admin']);
 }
 
-if ( empty($no_page_header) )
+if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
+{
+	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $HTTP_SERVER_VARS['REQUEST_URI']);
+	$url = preg_replace('/\?$/', '', $url);
+	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
+
+	$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';
+	header($header_location . $url);
+	exit;
+}
+
+if (empty($no_page_header))
 {
 	// Not including the pageheader can be neccesarry if META tags are
 	// needed in the calling script.