4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
October 21, 2018, 01:02:30 AM

Login with username, password and session length
Search:     Advanced search
Check the new Tutorial subforum with helpfull guides and tutorials for modifications and tweaks.
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 / 1.7.1] Security fix in search.php and register.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: «« « 1 [2] 3 4 » »» Print
Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 147063 times)
brakstar
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0

The famous french webmaster ^^0^^


View Profile WWW
« Reply #15 on: December 30, 2005, 12:55:24 AM »

Hi all, What they can do without this fix ?  Question

I have a 1.1 beta 3 p version of smf ....
Logged

Brain-Master the Best webmaster !
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #16 on: December 30, 2005, 01:06:35 AM »

hmmm....huh?
what SMF has anything to do with 4images? this is 4images support forum not SMF Wink
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #17 on: January 01, 2006, 06:32:46 PM »

no, it calls "Regular expression" (aka REGEX) http://php.net/manual/function.preg-match.php
The pattern search only < and > in the name, nothing else.

Mhh. I can register a User with < and >  after the Update !!! Question



Edit:
My register.php:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      
if ($site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    elseif (
preg_match("#[<>]#"$user_name))
      {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_bad_characters'];
        
$error 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
Logged
fotograf74
Newbie
*
Offline Offline

Posts: 29

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #18 on: January 08, 2006, 02:27:49 PM »

Hmm,

I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.

What´s the problem. I use now the old code again.

Logged
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #19 on: January 08, 2006, 03:11:54 PM »

Servus Fotograf74.
Irgendwelche Modifikationen bereits eingebaut? Wenn nicht lade dir 4Images erneut runter und tausche die Dateien aus.

Have you some modification in your 4images? Download 4images again and insert the orginal files.

Logged
fotograf74
Newbie
*
Offline Offline

Posts: 29

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #20 on: January 08, 2006, 05:06:23 PM »

Habe natürlich einige Modifikationen eingebaut
Logged
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #21 on: January 08, 2006, 05:38:28 PM »

Habe natürlich einige Modifikationen eingebaut
Tja. Ohne Sicherungen siehst du jetzt "alt" aus  Confused
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #22 on: January 08, 2006, 08:25:57 PM »

Attach your search.php to the reply.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #23 on: January 08, 2006, 08:31:30 PM »

Hi V@ano!

Have u an idea for my "problem"???

Mhh. I can register a User with < and >  after the Update !!! Question



Edit:
My register.php:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      
if ($site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    elseif (
preg_match("#[<>]#"$user_name))
      {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_bad_characters'];
        
$error 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #24 on: January 08, 2006, 08:42:08 PM »

Hi V@ano!

Have u an idea for my "problem"???
Please atach your register.php, better yet, if you can show a URL to your site, then rename  register.php that is on your server to register.phps (do not upload new register.phps) and show url to it. (PM me if you dont want it to be public)
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #25 on: January 08, 2006, 09:01:00 PM »

http://people.freenet.de/stonyce/register.txt
The 4Images is only "local" ... anyhow often (-->  Question)
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 577

mmm PHP...


View Profile WWW
« Reply #26 on: January 08, 2006, 09:57:33 PM »

Ok, you've inserted the code in the wrong place. You must move the added code (blue) above the red baracket:
Quote  [Expand]
      if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
    }
    elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Ston4Img
Newbie
*
Offline Offline

Posts: 28

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #27 on: January 08, 2006, 10:13:45 PM »

Thank you!
Logged
hyde101
Sr. Member
****
Offline Offline

Posts: 410

Thank You
-Given: 0
-Receive: 0

34TR.COM (Running 4images)


View Profile WWW
« Reply #28 on: January 13, 2006, 03:35:47 PM »

Thanks, modified as above on 1.7
Tried to Search, works fine,
Tried to register (seems to work fine)

Thank You
Logged


Please Vote for my site: Here
fotograf74
Newbie
*
Offline Offline

Posts: 29

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #29 on: January 14, 2006, 07:13:05 PM »

Hmm,

I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.

What´s the problem. I use now the old code again.



Attach your search.php to the reply.

Here is my search.php:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: search.php                                           *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7.1                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
  
$show_result 1;
}
else {
  
$show_result 0;
}

if (isset(
$HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
  
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
  if (
$search_keywords != "") {
    
$show_result 1;
  }
}
else {
  
$search_keywords "";
}
$org_search_keywords $search_keywords;

if (isset(
$HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
  
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
  if (
$search_user != "") {
    
$show_result 1;
  }
}
else {
  
$search_user "";
}
$org_search_user $search_user;

if (isset(
$HTTP_POST_VARS['search_terms'])) {
  
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 0;
}
else {
  
$search_terms 0;
}

if (isset(
$HTTP_POST_VARS['search_fields'])) {
  
$search_fields trim($HTTP_POST_VARS['search_fields']);
}
else {
  
$search_fields "all";
}

$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;

if (isset(
$HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
  
$search_new_images 1;
  
$show_result 1;
}
else {
  
$search_new_images 0;
}

$main_template 'search';

define('GET_CACHES'1);
define('ROOT_PATH''./');
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/search_utils.php');

$search_id = array();

if (
$search_user != "" && $show_result == 1) {
  
$search_user str_replace('*''%'trim($search_user));
  
$sql "SELECT ".get_user_table_field("""user_id")."
          FROM "
.USERS_TABLE."
          WHERE "
.get_user_table_field("""user_name")." LIKE '$search_user'";
  
$result $site_db->query($sql);
  
$search_id['user_ids'] = "";
  if (
$result) {
    while (
$row $site_db->fetch_array($result)) {
      
$search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " "").$row[$user_table_fields['user_id']];
    }
    
$site_db->free_result($result);
  }
}

if (
$search_keywords != "" && $show_result == 1) {
  
$search_keywords strip_tags(trim($search_keywords));
  
$search_keywords convert_special($search_keywords);
  
$search_keywords strtolower($search_keywords);

  
$search_array = array(
    
"/\s+\+/",
    
"/\s+\-/",
    
"/[&|#][a-z0-9]*;/siU",
    
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
    
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
    
"#[-_'`´]+#s",
    
"#[\n\t\r^\$&\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=\#;!§\\\\]+#s"
  
);

  
$replace_array = array(
    
" and ",
    
" not ",
    
" ",
    
" ",
    
" ",
    
"",
    
" "
  
);
  
$search_keywords preg_replace($search_array$replace_array$search_keywords);
  
$split_words preg_split("/\s+/"$search_keywords);

  
$match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" "";
  
$stopword_list get_stopwords();
  
$search_word_cache = array();
  for (
$i 0$i sizeof($split_words); $i++) {
    if (
$split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") {
      
$search_word_cache[$i] = ($search_terms) ? "and" $split_words[$i];
    }
    elseif (
$split_words[$i] != "" && strlen($split_words[$i]) >= MIN_SEARCH_KEYWORD_LENGTH && strlen($split_words[$i]) <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($split_words[$i], $stopword_list)) {
      
$sql "SELECT m.image_id
              FROM "
.WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m
              WHERE w.word_text LIKE '"
.addslashes(str_replace("*""%"$split_words[$i]))."'
              AND m.word_id = w.word_id
              
$match_field_sql";
      
$result $site_db->query($sql);
      
$search_word_cache[$i] = array();
      while (
$row $site_db->fetch_array($result)) {
        
$search_word_cache[$i][$row['image_id']] = 1;
      }
      
$site_db->free_result();
    }
  }

  
$is_first_word 1;
  
$operator "or";
  
$image_id_list = array();
  for (
$i 0$i sizeof($search_word_cache); $i++) {
    if (
$search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") {
      if (!
$is_first_word) {
        
$operator $search_word_cache[$i];
      }
    }
    elseif (
is_array($search_word_cache[$i])) {
      if (
$search_terms) {
        
$operator "and";
      }
      foreach (
$search_word_cache[$i] as $key => $val) {
        if (
$is_first_word || $operator == "or" || $operator == "oder") {
          
$image_id_list[$key] = 1;
        }
        elseif (
$operator == "not") {
          unset(
$image_id_list[$key]);
        }
      }
      if ((
$operator == "and" || $operator == "und") && !$is_first_word) {
        foreach (
$image_id_list as $key => $val) {
          if (!isset(
$search_word_cache[$i][$key])) {
            unset(
$image_id_list[$key]);
          }
        }
      }
    }
    
$is_first_word 0;
  }

  
$search_id['image_ids'] = "";
  foreach (
$image_id_list as $key => $val) {
    
$search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " "").$key;
  }
  unset(
$image_id_list);
}

if (
$search_new_images && $show_result == 1) {
  
$search_id['search_new_images'] = 1;
}

if (
$search_cat && $show_result == 1) {
  
$search_id['search_cat'] = $search_cat;
}

if (!empty(
$search_id)) {
  
$site_sess->set_session_var("search_id"serialize($search_id));
  
$session_info['search_id'] = $search_id;
}

include(
ROOT_PATH.'includes/page_header.php');

$num_rows_all 0;
if (
$show_result == 1) {
  if (!isset(
$session_info['searchid']) || empty($session_info['searchid'])) {
    
$session_info['search_id'] = $site_sess->get_session_var("search_id");
  }

  if (!empty(
$session_info['search_id'])) {
    
$search_id unserialize($session_info['search_id']);
  }

  
$sql_where_query "";

  if (!empty(
$search_id['image_ids'])) {
    
$sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") ";
  }

  if (!empty(
$search_id['user_ids'])) {
    
$sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") ";
  }

  if (!empty(
$search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
    
$new_cutoff time() - 60 60 24 $config['new_cutoff'];
    
$sql_where_query .= "AND i.image_date >= $new_cutoff ";
  }

  if (!empty(
$search_id['search_cat']) && $search_id['search_cat'] != 0) {
    
$cat_id_sql 0;
    
$sub_cat_ids get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
    if (
check_permission("auth_viewcat"$search_id['search_cat'])) {
      
$cat_id_sql .= ", ".$search_id['search_cat'];
      if (!empty(
$sub_cat_ids[$search_id['search_cat']])) {
        foreach (
$sub_cat_ids[$search_id['search_cat']] as $val) {
          if (
check_permission("auth_viewcat"$val)) {
            
$cat_id_sql .= ", ".$val;
          }
        }
      }
    }
  }
  else {
    
$cat_id_sql get_auth_cat_sql("auth_viewcat");
  }

  if (!empty(
$sql_where_query)) {
    
$sql "SELECT COUNT(*) AS num_rows_all
            FROM "
.IMAGES_TABLE." i
            WHERE i.image_active = 1 
$sql_where_query
            AND i.cat_id IN (
$cat_id_sql)";
    
$row $site_db->query_firstrow($sql);
    
$num_rows_all $row['num_rows_all'];
  }
}

if (!
$num_rows_all && $show_result == 1)  {
  
$msg preg_replace("/".$site_template->start."search_keywords".$site_template->end."/"$search_keywords$lang['search_no_results']);
}

//-----------------------------------------------------
//--- Show Search Results -----------------------------
//-----------------------------------------------------
if ($num_rows_all && $show_result == 1)  {
  
$link_arg $site_sess->url(ROOT_PATH."search.php?show_result=1");

  include(
ROOT_PATH.'includes/paging.php');
  
$getpaging = new Paging($page$perpage$num_rows_all$link_arg);
  
$offset $getpaging->get_offset();
  
$site_template->register_vars(array(
    
"paging" => $getpaging->get_paging(),
    
"paging_stats" => $getpaging->get_paging_stats()
  ));

  
$imgtable_width ceil((intval($config['image_table_width'])) / $config['image_cells']);
  if ((
substr($config['image_table_width'], -1)) == "%") {
    
$imgtable_width .= "%";
  }

  
$additional_sql "";
  if (!empty(
$additional_image_fields)) {
    foreach (
$additional_image_fields as $key => $val) {
      
$additional_sql .= ", i.".$key;
    }
  }

  
$sql "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.""user_name")."
          FROM "
.IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c
          LEFT JOIN "
.USERS_TABLE." u ON (".get_user_table_field("u.""user_id")." = i.user_id)
          WHERE i.image_active = 1
          
$sql_where_query
          AND c.cat_id = i.cat_id AND i.cat_id IN (
$cat_id_sql)
          ORDER BY "
.$config['image_order']." ".$config['image_sort']."
          LIMIT 
$offset$perpage";
  
$result $site_db->query($sql);

  
$thumbnails "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n";

  
$count 0;
  
$bgcounter 0;
  while (
$image_row $site_db->fetch_array($result)) {
    if (
$count == 0) {
      
$row_bg_number = ($bgcounter++ % == 0) ? 2;
      
$thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n";
    }
    
$thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n";
    
show_image($image_row"search");
    
$thumbnails .= $site_template->parse_template("thumbnail_bit");
    
$thumbnails .= "\n</td>\n";
    
$count++;
    if (
$count == $config['image_cells']) {
      
$thumbnails .= "</tr>\n";
      
$count 0;
    }
  } 
// end while
  
if ($count 0)  {
    
$leftover = ($config['image_cells'] - $count);
    if (
$leftover >= 1) {
      for (
$i 0$i $leftover$i++) {
        
$thumbnails .= "<td width=\"".$imgtable_width."\">\n&nbsp;\n</td>\n";
      }
      
$thumbnails .= "</tr>\n";
    }
  }
  
$thumbnails .= "</table>\n";
  
$content $thumbnails;
  unset(
$thumbnails);
// end if
else {
  
$site_template->register_vars(array(
    
"search_keywords" => htmlspecialchars(stripslashes($org_search_keywords)),
    
"search_user" => htmlspecialchars(stripslashes($org_search_user)),
    
"lang_search_by_keyword" => $lang['search_by_keyword'],
    
"lang_search_by_username" => $lang['search_by_username'],
    
"lang_new_images_only" => $lang['new_images_only'],
    
"lang_search_terms" => $lang['search_terms'],
    
"lang_or" => $lang['or'],
    
"lang_and" => $lang['and'],
    
"lang_category" => $lang['category'],
    
"lang_search_fields" => $lang['search_fields'],
    
"lang_all_fields" => $lang['all_fields'],
    
"lang_name_only" => $lang['name_only'],
    
"lang_description_only" => $lang['description_only'],
    
"lang_keywords_only" => $lang['keywords_only'],
    
"category_dropdown" => get_category_dropdown($cat_id)
  ));

  if (!empty(
$additional_image_fields)) {
    
$additional_field_array = array();
    foreach (
$additional_image_fields as $key => $val) {
      if (isset(
$lang[$key.'_only'])) {
        
$additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only'];
      }
    }
    if (!empty(
$additional_field_array)) {
      
$site_template->register_vars($additional_field_array);
    }
  }
  
$content $site_template->parse_template("search_form");
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
// $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; // Original code
// MOD: Dynamic page title BLOCK BEGIN
if (!empty($search_id['search_new_images'])) {
  if( 
$search_id['search_new_images'] == )
    
$txt_clickstream $lang['new_images'];
  else
    
$txt_clickstream $lang['new_images_since'];
}
else {
  
$txt_clickstream $lang['search'];
}
$clickstream "<span class=\"clickstream\"><a title=\"".$lang['home']."\" href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].(($search_keywords) ? "<a href=\"".$site_sess->url(ROOT_PATH."search.php")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'].$search_keywords $txt_clickstream)."</span>";  // Show search keywords
$page_title $config['category_separator'].$txt_clickstream;
// MOD: Dynamic page title BLOCK END

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_search" => $lang['search']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
  
$header $site_template->parse_template("header");
  
$footer $site_template->parse_template("footer");
  
$site_template->register_vars(array(
    
"header" => $header,
    
"footer" => $footer
  
));
  unset(
$header);
  unset(
$footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>

Logged
Pages: «« « 1 [2] 3 4 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.062 seconds with 19 queries.
Post your comments here