Author Topic: [1.7 / 1.7.1] Security fix in search.php and register.php  (Read 159654 times)

0 Members and 1 Guest are viewing this topic.

Offline brakstar

  • Pre-Newbie
  • Posts: 4
  • The famous french webmaster ^^0^^
    • View Profile
    • Référencement - Webmaster - Création de site
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #15 on: December 30, 2005, 12:55:24 AM »
Hi all, What they can do without this fix ?  :?:

I have a 1.1 beta 3 p version of smf ....
Brain-Master the Best webmaster !

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #16 on: December 30, 2005, 01:06:35 AM »
hmmm....huh?
what SMF has anything to do with 4images? this is 4images support forum not SMF ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #17 on: January 01, 2006, 06:32:46 PM »
no, it calls "Regular expression" (aka REGEX) http://php.net/manual/function.preg-match.php
The pattern search only < and > in the name, nothing else.

Mhh. I can register a User with < and >  after the Update !!! :?:



Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      
if ($site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    elseif (
preg_match("#[<>]#"$user_name))
      {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_bad_characters'];
        
$error 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

Offline fotograf74

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #18 on: January 08, 2006, 02:27:49 PM »
Hmm,

I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.

What´s the problem. I use now the old code again.


Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #19 on: January 08, 2006, 03:11:54 PM »
Servus Fotograf74.
Irgendwelche Modifikationen bereits eingebaut? Wenn nicht lade dir 4Images erneut runter und tausche die Dateien aus.

Have you some modification in your 4images? Download 4images again and insert the orginal files.


Offline fotograf74

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #20 on: January 08, 2006, 05:06:23 PM »
Habe natürlich einige Modifikationen eingebaut

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #21 on: January 08, 2006, 05:38:28 PM »
Habe natürlich einige Modifikationen eingebaut
Tja. Ohne Sicherungen siehst du jetzt "alt" aus  :?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #22 on: January 08, 2006, 08:25:57 PM »
Attach your search.php to the reply.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #23 on: January 08, 2006, 08:31:30 PM »
Hi V@ano!

Have u an idea for my "problem"???

Mhh. I can register a User with < and >  after the Update !!! :?:



Edit:
My register.php:
/** START **********************************************
ADD ab elseif
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/

      
if ($site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    elseif (
preg_match("#[<>]#"$user_name))
      {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_bad_characters'];
        
$error 1;
      }

/** ENDE **********************************************
ADD
Sercurity Update 27.12.2005
http://www.4homepages.de/forum/index.php?topic=10921.0
*******************************************************/


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #24 on: January 08, 2006, 08:42:08 PM »
Hi V@ano!

Have u an idea for my "problem"???
Please atach your register.php, better yet, if you can show a URL to your site, then rename  register.php that is on your server to register.phps (do not upload new register.phps) and show url to it. (PM me if you dont want it to be public)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #25 on: January 08, 2006, 09:01:00 PM »
http://people.freenet.de/stonyce/register.txt
The 4Images is only "local" ... anyhow often (-->  :?:)

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #26 on: January 08, 2006, 09:57:33 PM »
Ok, you've inserted the code in the wrong place. You must move the added code (blue) above the red baracket:
Quote
      if ($site_db->not_empty($sql)) {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }
    }
    elseif (preg_match("#[<>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_bad_characters'];
        $error = 1;
      }
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Ston4Img

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #27 on: January 08, 2006, 10:13:45 PM »
Thank you!

Offline hyde101

  • Sr. Member
  • ****
  • Posts: 410
  • 34TR.COM (Running 4images)
    • View Profile
    • Nostalgia Istanbul
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #28 on: January 13, 2006, 03:35:47 PM »
Thanks, modified as above on 1.7
Tried to Search, works fine,
Tried to register (seems to work fine)

Thank You

Please Vote for my site: Here

Offline fotograf74

  • Newbie
  • *
  • Posts: 29
    • View Profile
Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« Reply #29 on: January 14, 2006, 07:13:05 PM »
Hmm,

I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.

What´s the problem. I use now the old code again.



Attach your search.php to the reply.

Here is my search.php:
Code: [Select]
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: search.php                                           *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7.1                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
  
$show_result 1;
}
else {
  
$show_result 0;
}

if (isset(
$HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
  
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
  if (
$search_keywords != "") {
    
$show_result 1;
  }
}
else {
  
$search_keywords "";
}
$org_search_keywords $search_keywords;

if (isset(
$HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
  
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
  if (
$search_user != "") {
    
$show_result 1;
  }
}
else {
  
$search_user "";
}
$org_search_user $search_user;

if (isset(
$HTTP_POST_VARS['search_terms'])) {
  
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 0;
}
else {
  
$search_terms 0;
}

if (isset(
$HTTP_POST_VARS['search_fields'])) {
  
$search_fields trim($HTTP_POST_VARS['search_fields']);
}
else {
  
$search_fields "all";
}

$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;

if (isset(
$HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
  
$search_new_images 1;
  
$show_result 1;
}
else {
  
$search_new_images 0;
}

$main_template 'search';

define('GET_CACHES'1);
define('ROOT_PATH''./');
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/search_utils.php');

$search_id = array();

if (
$search_user != "" && $show_result == 1) {
  
$search_user str_replace('*''%'trim($search_user));
  
$sql "SELECT ".get_user_table_field("""user_id")."
          FROM "
.USERS_TABLE."
          WHERE "
.get_user_table_field("""user_name")." LIKE '$search_user'";
  
$result $site_db->query($sql);
  
$search_id['user_ids'] = "";
  if (
$result) {
    while (
$row $site_db->fetch_array($result)) {
      
$search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " "").$row[$user_table_fields['user_id']];
    }
    
$site_db->free_result($result);
  }
}

if (
$search_keywords != "" && $show_result == 1) {
  
$search_keywords strip_tags(trim($search_keywords));
  
$search_keywords convert_special($search_keywords);
  
$search_keywords strtolower($search_keywords);

  
$search_array = array(
    
"/\s+\+/",
    
"/\s+\-/",
    
"/[&|#][a-z0-9]*;/siU",
    
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
    
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
    
"#[-_'`´]+#s",
    
"#[\n\t\r^\$&\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=\#;!§\\\\]+#s"
  
);

  
$replace_array = array(
    
" and ",
    
" not ",
    
" ",
    
" ",
    
" ",
    
"",
    
" "
  
);
  
$search_keywords preg_replace($search_array$replace_array$search_keywords);
  
$split_words preg_split("/\s+/"$search_keywords);

  
$match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" "";
  
$stopword_list get_stopwords();
  
$search_word_cache = array();
  for (
$i 0$i sizeof($split_words); $i++) {
    if (
$split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") {
      
$search_word_cache[$i] = ($search_terms) ? "and" $split_words[$i];
    }
    elseif (
$split_words[$i] != "" && strlen($split_words[$i]) >= MIN_SEARCH_KEYWORD_LENGTH && strlen($split_words[$i]) <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($split_words[$i], $stopword_list)) {
      
$sql "SELECT m.image_id
              FROM "
.WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m
              WHERE w.word_text LIKE '"
.addslashes(str_replace("*""%"$split_words[$i]))."'
              AND m.word_id = w.word_id
              
$match_field_sql";
      
$result $site_db->query($sql);
      
$search_word_cache[$i] = array();
      while (
$row $site_db->fetch_array($result)) {
        
$search_word_cache[$i][$row['image_id']] = 1;
      }
      
$site_db->free_result();
    }
  }

  
$is_first_word 1;
  
$operator "or";
  
$image_id_list = array();
  for (
$i 0$i sizeof($search_word_cache); $i++) {
    if (
$search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") {
      if (!
$is_first_word) {
        
$operator $search_word_cache[$i];
      }
    }
    elseif (
is_array($search_word_cache[$i])) {
      if (
$search_terms) {
        
$operator "and";
      }
      foreach (
$search_word_cache[$i] as $key => $val) {
        if (
$is_first_word || $operator == "or" || $operator == "oder") {
          
$image_id_list[$key] = 1;
        }
        elseif (
$operator == "not") {
          unset(
$image_id_list[$key]);
        }
      }
      if ((
$operator == "and" || $operator == "und") && !$is_first_word) {
        foreach (
$image_id_list as $key => $val) {
          if (!isset(
$search_word_cache[$i][$key])) {
            unset(
$image_id_list[$key]);
          }
        }
      }
    }
    
$is_first_word 0;
  }

  
$search_id['image_ids'] = "";
  foreach (
$image_id_list as $key => $val) {
    
$search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " "").$key;
  }
  unset(
$image_id_list);
}

if (
$search_new_images && $show_result == 1) {
  
$search_id['search_new_images'] = 1;
}

if (
$search_cat && $show_result == 1) {
  
$search_id['search_cat'] = $search_cat;
}

if (!empty(
$search_id)) {
  
$site_sess->set_session_var("search_id"serialize($search_id));
  
$session_info['search_id'] = $search_id;
}

include(
ROOT_PATH.'includes/page_header.php');

$num_rows_all 0;
if (
$show_result == 1) {
  if (!isset(
$session_info['searchid']) || empty($session_info['searchid'])) {
    
$session_info['search_id'] = $site_sess->get_session_var("search_id");
  }

  if (!empty(
$session_info['search_id'])) {
    
$search_id unserialize($session_info['search_id']);
  }

  
$sql_where_query "";

  if (!empty(
$search_id['image_ids'])) {
    
$sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") ";
  }

  if (!empty(
$search_id['user_ids'])) {
    
$sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") ";
  }

  if (!empty(
$search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
    
$new_cutoff time() - 60 60 24 $config['new_cutoff'];
    
$sql_where_query .= "AND i.image_date >= $new_cutoff ";
  }

  if (!empty(
$search_id['search_cat']) && $search_id['search_cat'] != 0) {
    
$cat_id_sql 0;
    
$sub_cat_ids get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
    if (
check_permission("auth_viewcat"$search_id['search_cat'])) {
      
$cat_id_sql .= ", ".$search_id['search_cat'];
      if (!empty(
$sub_cat_ids[$search_id['search_cat']])) {
        foreach (
$sub_cat_ids[$search_id['search_cat']] as $val) {
          if (
check_permission("auth_viewcat"$val)) {
            
$cat_id_sql .= ", ".$val;
          }
        }
      }
    }
  }
  else {
    
$cat_id_sql get_auth_cat_sql("auth_viewcat");
  }

  if (!empty(
$sql_where_query)) {
    
$sql "SELECT COUNT(*) AS num_rows_all
            FROM "
.IMAGES_TABLE." i
            WHERE i.image_active = 1 
$sql_where_query
            AND i.cat_id IN (
$cat_id_sql)";
    
$row $site_db->query_firstrow($sql);
    
$num_rows_all $row['num_rows_all'];
  }
}

if (!
$num_rows_all && $show_result == 1)  {
  
$msg preg_replace("/".$site_template->start."search_keywords".$site_template->end."/"$search_keywords$lang['search_no_results']);
}

//-----------------------------------------------------
//--- Show Search Results -----------------------------
//-----------------------------------------------------
if ($num_rows_all && $show_result == 1)  {
  
$link_arg $site_sess->url(ROOT_PATH."search.php?show_result=1");

  include(
ROOT_PATH.'includes/paging.php');
  
$getpaging = new Paging($page$perpage$num_rows_all$link_arg);
  
$offset $getpaging->get_offset();
  
$site_template->register_vars(array(
    
"paging" => $getpaging->get_paging(),
    
"paging_stats" => $getpaging->get_paging_stats()
  ));

  
$imgtable_width ceil((intval($config['image_table_width'])) / $config['image_cells']);
  if ((
substr($config['image_table_width'], -1)) == "%") {
    
$imgtable_width .= "%";
  }

  
$additional_sql "";
  if (!empty(
$additional_image_fields)) {
    foreach (
$additional_image_fields as $key => $val) {
      
$additional_sql .= ", i.".$key;
    }
  }

  
$sql "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.""user_name")."
          FROM "
.IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c
          LEFT JOIN "
.USERS_TABLE." u ON (".get_user_table_field("u.""user_id")." = i.user_id)
          WHERE i.image_active = 1
          
$sql_where_query
          AND c.cat_id = i.cat_id AND i.cat_id IN (
$cat_id_sql)
          ORDER BY "
.$config['image_order']." ".$config['image_sort']."
          LIMIT 
$offset$perpage";
  
$result $site_db->query($sql);

  
$thumbnails "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n";

  
$count 0;
  
$bgcounter 0;
  while (
$image_row $site_db->fetch_array($result)) {
    if (
$count == 0) {
      
$row_bg_number = ($bgcounter++ % == 0) ? 2;
      
$thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n";
    }
    
$thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n";
    
show_image($image_row"search");
    
$thumbnails .= $site_template->parse_template("thumbnail_bit");
    
$thumbnails .= "\n</td>\n";
    
$count++;
    if (
$count == $config['image_cells']) {
      
$thumbnails .= "</tr>\n";
      
$count 0;
    }
  } 
// end while
  
if ($count 0)  {
    
$leftover = ($config['image_cells'] - $count);
    if (
$leftover >= 1) {
      for (
$i 0$i $leftover$i++) {
        
$thumbnails .= "<td width=\"".$imgtable_width."\">\n&nbsp;\n</td>\n";
      }
      
$thumbnails .= "</tr>\n";
    }
  }
  
$thumbnails .= "</table>\n";
  
$content $thumbnails;
  unset(
$thumbnails);
// end if
else {
  
$site_template->register_vars(array(
    
"search_keywords" => htmlspecialchars(stripslashes($org_search_keywords)),
    
"search_user" => htmlspecialchars(stripslashes($org_search_user)),
    
"lang_search_by_keyword" => $lang['search_by_keyword'],
    
"lang_search_by_username" => $lang['search_by_username'],
    
"lang_new_images_only" => $lang['new_images_only'],
    
"lang_search_terms" => $lang['search_terms'],
    
"lang_or" => $lang['or'],
    
"lang_and" => $lang['and'],
    
"lang_category" => $lang['category'],
    
"lang_search_fields" => $lang['search_fields'],
    
"lang_all_fields" => $lang['all_fields'],
    
"lang_name_only" => $lang['name_only'],
    
"lang_description_only" => $lang['description_only'],
    
"lang_keywords_only" => $lang['keywords_only'],
    
"category_dropdown" => get_category_dropdown($cat_id)
  ));

  if (!empty(
$additional_image_fields)) {
    
$additional_field_array = array();
    foreach (
$additional_image_fields as $key => $val) {
      if (isset(
$lang[$key.'_only'])) {
        
$additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only'];
      }
    }
    if (!empty(
$additional_field_array)) {
      
$site_template->register_vars($additional_field_array);
    }
  }
  
$content $site_template->parse_template("search_form");
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
// $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; // Original code
// MOD: Dynamic page title BLOCK BEGIN
if (!empty($search_id['search_new_images'])) {
  if( 
$search_id['search_new_images'] == )
    
$txt_clickstream $lang['new_images'];
  else
    
$txt_clickstream $lang['new_images_since'];
}
else {
  
$txt_clickstream $lang['search'];
}
$clickstream "<span class=\"clickstream\"><a title=\"".$lang['home']."\" href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].(($search_keywords) ? "<a href=\"".$site_sess->url(ROOT_PATH."search.php")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'].$search_keywords $txt_clickstream)."</span>";  // Show search keywords
$page_title $config['category_separator'].$txt_clickstream;
// MOD: Dynamic page title BLOCK END

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_search" => $lang['search']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
  
$header $site_template->parse_template("header");
  
$footer $site_template->parse_template("footer");
  
$site_template->register_vars(array(
    
"header" => $header,
    
"footer" => $footer
  
));
  unset(
$header);
  unset(
$footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>


 

Post your comments here