I would watch out for such insecure code:
PHP Code:
if ($_POST['newtemplate']) {
$_SESSION["template"]=$_POST['newtemplate'];
} else if ($_GET['newtemplate']) {
$_SESSION["template"]=$_GET['newtemplate'];
}
I would do that like this:
PHP Code:
if ($_POST['newtemplate']) {
$_SESSION["template"]=$_POST['newtemplate'];
} else if ($_GET['newtemplate']) {
$_SESSION["template"]=$_GET['newtemplate'];
}
if(!is_dir("templates/".$_SESSION["template"])) $_SESSION["template"]=$cfgrow['template'];