secure scripts which should not be called directly (install/update stuff); avoid url-manipulation

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

install/updates/froxlor/upgrade_syscp.inc.php

@@ -15,6 +15,15 @@
  *
  */
 
+if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../../../index.php');
+	exit;
+}
+
 $updateto = '0.9-r0';
 $frontend = 'froxlor';