$id = $_GET['id'];
$id = urldecode($id);
+ $mail = unserialize($_SESSION['mailInfo'][$id]);
+
+ if (! is_object($mail) || false == $util->authorized($mail->recipient)) {
+ header('Location: qtadmin.php');
+ exit;
+ }
+
$util->setHeading("Message ID : $id");
echo $util->getHeader();
echo $util->getHeading();
- $mail = unserialize($_SESSION['mailInfo'][$id]);
-
$row = $DB->getMail($id);
$string = $row->mail_text;
$sa_tests = null;
echo '</td></tr></table>';
echo $util->getFooter();
} else if ($loggedIn) {
- header('Location: index.php');
+ header('Location: qtadmin.php');
} else {
header('Location: auth.php');
}