Привет всем.Так как я не нашёл ответа на свой прошлый вопрос,про поиск,то я нашел одну галерею изображений типо скрипт,и вытащил оттуда сам скрипт поиска. Вот он HTML: <table border="0" cellspacing="0" cellpadding="1"> <tr> <td> <input type="text" name="search_keywords" size="15" class="searchinput" /> </td> <td> <input type="submit" value="Suchen" class="button" name="submit" /> </td> </tr> <tr valign="top"> <td colspan="2"><a href="./search.php" class="smalltext">Erweiterte Suche</a></td> </tr> </table> Вот 2 файл /search.php PHP: <?php /************************************************************************** * * * 4images - A Web Based Image Gallery Management System * * ---------------------------------------------------------------- * * * * File: search.php * * Copyright: (C) 2002-2011 Jan Sorgalla * * Email: [email=jan@4homepages.de]jan@4homepages.de[/email] * * Web: [url=http://www.4homepages.de]http://www.4homepages.de[/url] * * Scriptversion: 1.7.10 * * * * Never released without support from: Nicky ([url=http://www.nicky.net]http://www.nicky.net[/url]) * * * ************************************************************************** * * * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * * bedingungen (Lizenz.txt) fьr weitere Informationen. * * --------------------------------------------------------------- * * This script is NOT freeware! Please read the Copyright Notice * * (Licence.txt) for further information. * * * *************************************************************************/ $main_template = 'search'; define('GET_CACHES', 1); define('ROOT_PATH', './'); define('MAIN_SCRIPT', __FILE__); include(ROOT_PATH.'global.php'); require(ROOT_PATH.'includes/sessions.php'); $user_access = get_permission(); include(ROOT_PATH.'includes/search_utils.php'); $org_search_keywords = $search_keywords; $org_search_user = $search_user; if (isset($HTTP_GET_VARS['search_terms']) || isset($HTTP_POST_VARS['search_terms'])) { $search_terms = isset($HTTP_POST_VARS['search_terms']) ? $HTTP_POST_VARS['search_terms'] : $HTTP_GET_VARS['search_terms']; $search_terms = $search_terms == "all" ? 1 : 0; } else { $search_terms = 0; } if (isset($HTTP_GET_VARS['search_fields']) || isset($HTTP_POST_VARS['search_fields'])) { $search_fields = isset($HTTP_POST_VARS['search_fields']) ? trim($HTTP_POST_VARS['search_fields']) : trim($HTTP_GET_VARS['search_fields']); } else { $search_fields = "all"; } $search_cat = $cat_id; $search_id = array(); if ($search_user != "" && $show_result == 1) { $search_user = str_replace('*', '%', trim($search_user)); $sql = "SELECT ".get_user_table_field("", "user_id")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_name")." LIKE '$search_user'"; $result = $site_db->query($sql); $search_id['user_ids'] = ""; if ($result) { while ($row = $site_db->fetch_array($result)) { $search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " : "").$row[$user_table_fields['user_id']]; } $site_db->free_result($result); } } if ($search_keywords != "" && $show_result == 1) { $split_words = prepare_searchwords_for_search($search_keywords); $match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" : ""; $search_word_cache = array(); for ($i = 0; $i < sizeof($split_words); $i++) { if ($split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") { $search_word_cache[$i] = ($search_terms) ? "and" : $split_words[$i]; } else { $curr_words = $split_words[$i]; if (!is_array($curr_words)) { $curr_words = array($curr_words); } $where = array(); foreach ($curr_words as $curr_word) { $where[] = "w.word_text LIKE '".addslashes(str_replace("*", "%", $curr_word))."'"; } $sql = "SELECT m.image_id FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m) WHERE (" . implode(' OR ', $where) . ") AND m.word_id = w.word_id $match_field_sql"; $result = $site_db->query($sql); $search_word_cache[$i] = array(); while ($row = $site_db->fetch_array($result)) { $search_word_cache[$i][$row['image_id']] = 1; } $site_db->free_result(); } } $is_first_word = 1; $operator = "or"; $image_id_list = array(); for ($i = 0; $i < sizeof($search_word_cache); $i++) { if ($search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") { if (!$is_first_word) { $operator = $search_word_cache[$i]; } } elseif (is_array($search_word_cache[$i])) { if ($search_terms) { $operator = "and"; } foreach ($search_word_cache[$i] as $key => $val) { if ($is_first_word || $operator == "or" || $operator == "oder") { $image_id_list[$key] = 1; } elseif ($operator == "not") { unset($image_id_list[$key]); } } if (($operator == "and" || $operator == "und") && !$is_first_word) { foreach ($image_id_list as $key => $val) { if (!isset($search_word_cache[$i][$key])) { unset($image_id_list[$key]); } } } } $is_first_word = 0; } $search_id['image_ids'] = ""; foreach ($image_id_list as $key => $val) { $search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " : "").$key; } unset($image_id_list); } if ($search_new_images && $show_result == 1) { $search_id['search_new_images'] = 1; } if ($search_cat && $show_result == 1) { $search_id['search_cat'] = $search_cat; } if (!empty($search_id)) { $site_sess->set_session_var("search_id", serialize($search_id)); } include(ROOT_PATH.'includes/page_header.php'); $num_rows_all = 0; if ($show_result == 1) { if (empty($search_id)) { if (!empty($session_info['search_id'])) { $search_id = unserialize($session_info['search_id']); } else { $search_id = unserialize($site_sess->get_session_var("search_id")); } } $sql_where_query = ""; if (!empty($search_id['image_ids'])) { $sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") "; } if (!empty($search_id['user_ids'])) { $sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") "; } if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) { $new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff']; $sql_where_query .= "AND i.image_date >= $new_cutoff "; } if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) { $cat_id_sql = 0; if (check_permission("auth_viewcat", $search_id['search_cat'])) { $sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache); $cat_id_sql .= ", ".$search_id['search_cat']; if (!empty($sub_cat_ids[$search_id['search_cat']])) { foreach ($sub_cat_ids[$search_id['search_cat']] as $val) { if (check_permission("auth_viewcat", $val)) { $cat_id_sql .= ", ".$val; } } } } $cat_id_sql = $cat_id_sql !== 0 ? "AND i.cat_id IN ($cat_id_sql)" : ""; } else { $cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN"); $cat_id_sql = $cat_id_sql !== 0 ? "AND i.cat_id NOT IN (".$cat_id_sql.")" : ""; } if (!empty($sql_where_query)) { $sql = "SELECT COUNT(*) AS num_rows_all FROM ".IMAGES_TABLE." i WHERE i.image_active = 1 $sql_where_query $cat_id_sql"; $row = $site_db->query_firstrow($sql); $num_rows_all = $row['num_rows_all']; } } if (!$num_rows_all && $show_result == 1) { $msg = preg_replace("/".$site_template->start."search_keywords".$site_template->end."/", $search_keywords, $lang['search_no_results']); } //----------------------------------------------------- //--- Show Search Results ----------------------------- //----------------------------------------------------- if ($num_rows_all && $show_result == 1) { $link_arg = $site_sess->url(ROOT_PATH."search.php?show_result=1"); include(ROOT_PATH.'includes/paging.php'); $getpaging = new Paging($page, $perpage, $num_rows_all, $link_arg); $offset = $getpaging->get_offset(); $site_template->register_vars(array( "paging" => $getpaging->get_paging(), "paging_stats" => $getpaging->get_paging_stats() )); $imgtable_width = ceil((intval($config['image_table_width'])) / $config['image_cells']); if ((substr($config['image_table_width'], -1)) == "%") { $imgtable_width .= "%"; } $additional_sql = ""; if (!empty($additional_image_fields)) { foreach ($additional_image_fields as $key => $val) { $additional_sql .= ", i.".$key; } } $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")." FROM (".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c) LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id) WHERE i.image_active = 1 $sql_where_query AND c.cat_id = i.cat_id $cat_id_sql ORDER BY ".$config['image_order']." ".$config['image_sort'].", image_id ".$config['image_sort']." LIMIT $offset, $perpage"; $result = $site_db->query($sql); $thumbnails = "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n"; $count = 0; $bgcounter = 0; while ($image_row = $site_db->fetch_array($result)) { if ($count == 0) { $row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2; $thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n"; } $thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n"; show_image($image_row, "search"); $thumbnails .= $site_template->parse_template("thumbnail_bit"); $thumbnails .= "\n</td>\n"; $count++; if ($count == $config['image_cells']) { $thumbnails .= "</tr>\n"; $count = 0; } } // end while if ($count > 0) { $leftover = ($config['image_cells'] - $count); if ($leftover >= 1) { for ($i = 0; $i < $leftover; $i++) { $thumbnails .= "<td width=\"".$imgtable_width."\">\n \n</td>\n"; } $thumbnails .= "</tr>\n"; } } $thumbnails .= "</table>\n"; $content = $thumbnails; unset($thumbnails); } // end if else { $site_template->register_vars(array( "search_keywords" => format_text(stripslashes($org_search_keywords), 2), "search_user" => format_text(stripslashes($org_search_user), 2), "lang_search_by_keyword" => $lang['search_by_keyword'], "lang_search_by_username" => $lang['search_by_username'], "lang_new_images_only" => $lang['new_images_only'], "lang_search_terms" => $lang['search_terms'], "lang_or" => $lang['or'], "lang_and" => $lang['and'], "lang_category" => $lang['category'], "lang_search_fields" => $lang['search_fields'], "lang_all_fields" => $lang['all_fields'], "lang_name_only" => $lang['name_only'], "lang_description_only" => $lang['description_only'], "lang_keywords_only" => $lang['keywords_only'], "category_dropdown" => get_category_dropdown($cat_id) )); if (!empty($additional_image_fields)) { $additional_field_array = array(); foreach ($additional_image_fields as $key => $val) { if (isset($lang[$key.'_only'])) { $additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only']; } } if (!empty($additional_field_array)) { $site_template->register_vars($additional_field_array); } } $content = $site_template->parse_template("search_form"); } //----------------------------------------------------- //--- Clickstream ------------------------------------- //----------------------------------------------------- $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; //----------------------------------------------------- //--- Print Out --------------------------------------- //----------------------------------------------------- $site_template->register_vars(array( "content" => $content, "msg" => $msg, "clickstream" => $clickstream, "lang_search" => $lang['search'] )); $site_template->print_template($site_template->parse_template($main_template)); include(ROOT_PATH.'includes/page_footer.php'); ?> Вот 3 файл search_utils.php PHP: <?php /************************************************************************** * * * 4images - A Web Based Image Gallery Management System * * ---------------------------------------------------------------- * * * * File: search_utils.php * * Copyright: (C) 2002-2011 Jan Sorgalla * * Email: [email=jan@4homepages.de]jan@4homepages.de[/email] * * Web: [url=http://www.4homepages.de]http://www.4homepages.de[/url] * * Scriptversion: 1.7.10 * * * * Never released without support from: Nicky ([url=http://www.nicky.net]http://www.nicky.net[/url]) * * * ************************************************************************** * * * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * * bedingungen (Lizenz.txt) fьr weitere Informationen. * * --------------------------------------------------------------- * * This script is NOT freeware! Please read the Copyright Notice * * (Licence.txt) for further information. * * * *************************************************************************/ if (!defined('ROOT_PATH')) { die("Security violation"); } if (!$search_match_fields) { $search_match_fields = array( "image_name" => "name_match", "image_description" => "desc_match", "image_keywords" => "keys_match", ); } if (!$search_index_types) { /* * Types are: * * fulltext: Content will be split up by whitespaces. Words will be normalized and cleaned up. * keywords: Content will be split up by comma. Words will NOT be normalized and cleaned up. * phrase: Content will NOT be split up. Words will NOT be normalized and cleaned up. * * Note that max. length of the words is 50 chars. This means that MAX_SEARCH_KEYWORD_LENGTH cannot exceed 50 chars (default is 25). */ $search_index_types = array( "image_name" => "fulltext", "image_description" => "fulltext", "image_keywords" => "keywords", ); } function convert_special($text) { return strtr( $text, array( "Д" => "AE", "Ц" => "OE", "Ь" => "UE", "д" => "ae", "ц" => "oe", "ь" => "ue", "Я" => "ss" ) ); } function clean_search_word($val) { $val = strip_tags(trim(stripslashes($val))); $val = convert_special($val); $val = strtolower($val); $val = preg_replace('/[\n\t\r]+/', ' ', $val); return $val; } function normalize_search_word($val) { $search_array = array( "/&(?!(#[0-9]+|[a-z]+);)/si", "#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si", "#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si", "#[-_'`ґ\^\$\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=!§\\\\]+#s" ); $replace_array = array( " ", " ", " ", "" ); $val = preg_replace($search_array, $replace_array, $val); return $val; } function prepare_searchwords_for_search($val) { $val = clean_search_word($val); $val = preg_replace('/\s+/', ' ', $val); $stopword_list = get_stopwords(); $tokens = array(); $modifier = null; for ($nextToken = strtok($val, ' '); $nextToken !== false; $nextToken = strtok(' ')) { if ($nextToken[0] == '"') { $nextToken = $nextToken[strlen($nextToken)-1] == '"' ? substr($nextToken, 1, -1) : substr($nextToken, 1) . ' ' . strtok('"'); } elseif ($nextToken[0] == '+') { $modifier = 'and'; $nextToken = substr($nextToken, 1); } elseif ($nextToken[0] == '-') { $modifier = 'not'; $nextToken = substr($nextToken, 1); } elseif ($nextToken == 'or' || $nextToken == 'oder') { $modifier = null; continue; } elseif ($nextToken == 'and' || $nextToken == 'und') { $modifier = 'and'; continue; } elseif ($nextToken == 'not') { $modifier = 'not'; continue; } $nextToken = trim($nextToken); if ($nextToken != '') { $len = strlen(preg_replace("/&(#[0-9]+|[a-z]+);/siU", "_", $nextToken)); if ($len >= MIN_SEARCH_KEYWORD_LENGTH && $len <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($nextToken, $stopword_list)) { if ($modifier) { $tokens[] = $modifier; } $normalized = normalize_search_word($nextToken); if (trim($normalized) != '' && $normalized != $nextToken) { $nextToken = array($nextToken, $normalized); } $tokens[] = $nextToken; } } $modifier = null; } return $tokens; } function prepare_searchwords($val, $for_search = false) { // Backwards compatibility if ($for_search) { return prepare_searchwords_for_search($val); } if (!is_array($val)) { $val = clean_search_word($val); $val = normalize_search_word($val); $val = str_replace("*", "", $val); if (empty($val)) { return array(); } $split_words = preg_split("/\s+/", $val); } else { $split_words = $val; $split_words = array_map('clean_search_word', $split_words); $split_words = array_unique(array_filter($split_words)); } $stopword_list = get_stopwords(); $clean_words = array(); foreach ($split_words as $word) { $word = trim($word); if ($word == "") { continue; } if ($word == "and" || $word == "und" || $word == "or" || $word == "oder" || $word == "not") { continue; } $len = strlen(preg_replace("/&(#[0-9]+|[a-z]+);/siU", "_", $word)); if ($len >= MIN_SEARCH_KEYWORD_LENGTH && $len <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($word, $stopword_list)) { $clean_words[] = $word; } } return $clean_words; } function add_searchwords($image_id = 0, $raw_words = array()) { global $site_db, $search_match_fields, $search_index_types; if (!$image_id || empty($raw_words)) { return false; } $match_table_fields = $site_db->get_table_fields(WORDMATCH_TABLE); $clean_words = array(); $allwords_sql = ""; foreach ($raw_words as $key => $val) { if (isset($search_index_types[$key])) { $type = $search_index_types[$key]; } else { $type = 'fulltext'; } switch ($type) { case 'phrase': if (is_array($val)) { $val = implode(' ', $val); } $split_words = prepare_searchwords(array($val)); break; case 'keywords': if (!is_array($val)) { $val = explode(',', $val); } $split_words = prepare_searchwords($val); break; case 'fulltext': default: if (is_array($val)) { $val = implode(' ', $val); } $split_words = prepare_searchwords($val); break; } if (empty($split_words)) { continue; } $word_cache = array(); foreach ($split_words as $word) { $word_cache[$word] = 1; $allwords_sql .= ($allwords_sql != "") ? ", '".$word."'" : "'".$word."'"; } if (!empty($word_cache)) { $clean_words[$key] = $word_cache; } } $word_exists = array(); if ($allwords_sql != "") { $sql = "SELECT word_text, word_id FROM ".WORDLIST_TABLE." WHERE word_text IN ($allwords_sql)"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $word_exists[$row['word_text']] = $row['word_id']; } $site_db->free_result(); } $word_done = array(); $new_words = array(); $word_insert_sql = ""; foreach ($clean_words as $key => $val) { foreach ($val as $key2 => $val2) { if (!isset($word_done[$key2])) { $word_done[$key2] = 1; if (isset($word_exists[$key2])) { $word_insert_sql .= (($word_insert_sql != "" ) ? ", " : "")."(".$image_id.", ".$word_exists[$key2]; foreach ($search_match_fields as $key3 => $val3) { if (isset($match_table_fields[$val3])) { $match = (isset($clean_words[$key3][$key2])) ? 1 : 0; $word_insert_sql .= ", ".$match; } } $word_insert_sql .= ")"; } else { $new_words[$key2] = array(); foreach ($search_match_fields as $key3 => $val3) { $match = (isset($clean_words[$key3][$key2])) ? 1 : 0; $new_words[$key2][$val3] = $match; } } } } } if ($word_insert_sql != "") { $match_image_fields_sql = ""; foreach ($search_match_fields as $field) { $match_image_fields_sql .= ", ".$field; } $sql = "REPLACE INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_image_fields_sql.") VALUES $word_insert_sql"; $site_db->query($sql); } if (!empty($new_words)) { $value_sql = ""; foreach ($new_words as $key => $val) { $value_sql .= (($value_sql != "") ? ", " : "")."('".addslashes($key)."', NULL)"; } if ($value_sql != "") { $sql = "INSERT IGNORE INTO ".WORDLIST_TABLE." (word_text, word_id) VALUES $value_sql"; $site_db->query($sql); } foreach ($new_words as $key => $val) { $match_insert_key_sql = ""; $match_insert_val_sql = ""; foreach ($search_match_fields as $field) { if (isset($match_table_fields[$field])) { $match_insert_key_sql .= ", ".$field; $match_insert_val_sql .= ", ".$val[$field]; } } $sql = "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.") SELECT DISTINCT $image_id, word_id".$match_insert_val_sql." FROM ".WORDLIST_TABLE." WHERE word_text = '$key'"; $site_db->query($sql); } } return true; } function remove_searchwords($image_ids_sql = "") { global $site_db; if (empty($image_ids_sql)) { return false; } foreach (explode(',', $image_ids_sql) as $image_id) { $image_id = intval($image_id); $sql = "SELECT word_id FROM ".WORDMATCH_TABLE." WHERE image_id = $image_id"; $result = $site_db->query($sql); $all_word_id_sql = ""; while ($row = $site_db->fetch_array($result)) { $all_word_id_sql .= (($all_word_id_sql != "") ? ", " : "").$row['word_id']; } if ($all_word_id_sql != "") { $sql = "SELECT word_id, COUNT(word_id) as word_id_count FROM ".WORDMATCH_TABLE." WHERE word_id IN ($all_word_id_sql) GROUP BY word_id"; $result = $site_db->query($sql); $word_id_delete_sql = ""; while ($row = $site_db->fetch_array($result)) { if ($row['word_id_count'] == 1) { $word_id_delete_sql .= (($word_id_delete_sql != "") ? ", " : "").$row['word_id']; } } if ($word_id_delete_sql != "") { $sql = "DELETE FROM ".WORDLIST_TABLE." WHERE word_id IN ($word_id_delete_sql)"; $site_db->query($sql); } $sql = "DELETE FROM ".WORDMATCH_TABLE." WHERE image_id = $image_id"; $site_db->query($sql); } } return true; } function get_stopwords() { global $config, $stopwords; if (empty($stopwords)) { $stopword_list = @file(ROOT_PATH."lang/".$config['language_dir']."/search_stopterms.txt"); $stopwords = array(); if (!empty($stopword_list)) { foreach ($stopword_list as $word) { $stopwords[] = trim($word); } } } return $stopwords; } ?> Вот 4 файл global.php PHP: <?php /************************************************************************** * * * 4images - A Web Based Image Gallery Management System * * ---------------------------------------------------------------- * * * * File: global.php * * Copyright: (C) 2002-2011 Jan Sorgalla * * Email: [email=jan@4homepages.de]jan@4homepages.de[/email] * * Web: [url=http://www.4homepages.de]http://www.4homepages.de[/url] * * Scriptversion: 1.7.10 * * * * Never released without support from: Nicky ([url=http://www.nicky.net]http://www.nicky.net[/url]) * * * ************************************************************************** * * * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * * bedingungen (Lizenz.txt) fьr weitere Informationen. * * --------------------------------------------------------------- * * This script is NOT freeware! Please read the Copyright Notice * * (Licence.txt) for further information. * * * *************************************************************************/ if (!defined('ROOT_PATH')) { die("Security violation"); } $start_time = microtime(); error_reporting(E_ERROR | E_WARNING | E_PARSE); if (function_exists("set_magic_quotes_runtime")) { @set_magic_quotes_runtime(0); } if (!function_exists("date_default_timezone_set")) { function date_default_timezone_set($timezone) { return true; } } function addslashes_array($array) { foreach ($array as $key => $val) { $array[$key] = (is_array($val)) ? addslashes_array($val) : addslashes($val); } return $array; } if (!isset($HTTP_GET_VARS)) { $HTTP_GET_VARS = &$_GET; $HTTP_POST_VARS = &$_POST; $HTTP_COOKIE_VARS = &$_COOKIE; $HTTP_POST_FILES = &$_FILES; $HTTP_SERVER_VARS = &$_SERVER; $HTTP_ENV_VARS = &$_ENV; } if (isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS'])) { // Try to exploit PHP bug die("Security violation"); } if (get_magic_quotes_gpc() == 0) { $HTTP_GET_VARS = addslashes_array($HTTP_GET_VARS); $HTTP_POST_VARS = addslashes_array($HTTP_POST_VARS); $HTTP_COOKIE_VARS = addslashes_array($HTTP_COOKIE_VARS); } $search_match_fields = null; $search_index_types = null; $cat_cache = array(); $cat_parent_cache = array(); $new_image_cache = array(); $session_info = array(); $user_info = array(); $user_access = array(); $config = array(); $lang = array(); $mime_type_match = array(); $additional_image_fields = array(); $additional_user_fields = array(); $additional_urls = array(); $global_info = array(); $auth_cat_sql = array(); unset($self_url); unset($url); unset($script_url); $db_servertype = "mysql"; $db_host = "localhost"; $db_name = ""; $db_user = ""; $db_password = ""; $table_prefix = "4images_"; // Initialize cache configuration $cache_enable = 0; $cache_lifetime = 3600; // 1 hour $cache_path = ROOT_PATH.'cache'; $cache_page_index = 1; $cache_page_categories = 1; $cache_page_top = 1; $cache_page_rss = 1; // Initialize CAPTCHA configuration $captcha_enable = 1; $captcha_enable_comments = 1; $captcha_enable_upload = 1; $captcha_enable_registration = 1; $captcha_enable_postcards = 1; $captcha_ttf = 1; $captcha_path = ROOT_PATH.'captcha'; $captcha_chars = "abcdefghijklmnopqrstuvwxyz123456789"; $captcha_length = 6; $captcha_wordfile = 0; $captcha_width = 200; $captcha_height = 70; $captcha_text_color = '#000000'; $captcha_text_size = 20; $captcha_text_transparency = 50; $captcha_filter_text = 1; $captcha_filter_bg = 1; // Initialize CSRF protection configuration $csrf_protection_enable = 1; $csrf_protection_frontend = 1; $csrf_protection_backend = 1; $csrf_protection_expires = 7200; $csrf_protection_name = '__csrf'; $csrf_protection_xhtml = 1; @include(ROOT_PATH.'config.php'); if (!$cache_enable) { $cache_page_index = 0; $cache_page_categories = 0; $cache_page_top = 0; $cache_page_rss = 0; } if (!$captcha_enable) { $captcha_enable_comments = 0; $captcha_enable_upload = 0; $captcha_enable_registration = 0; $captcha_enable_postcards = 0; } // Include default languages @include_once(ROOT_PATH.'lang/english/main.php'); include_once(ROOT_PATH.'includes/constants.php'); include_once(ROOT_PATH.'includes/functions.php'); function clean_string($string) { $canCheckUTF8Error = defined('PREG_BAD_UTF8_ERROR') && function_exists('preg_last_error'); // Remove any attribute starting with "on" or xmlns $tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string); if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) { $tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iU',"$1>",$string); } $string = $tmp; // Remove javascript: and vbscript: protocol $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string); if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) { $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2nojavascript...',$string); } $string = $tmp; $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string); if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) { $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2novbscript...',$string); } $string = $tmp; // <span style="width: expression(alert('Ping!'));"></span> // only works in ie... $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',"$1>",$string); $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',"$1>",$string); $tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string); if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) { $tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU',"$1>",$string); } $string = $tmp; // Remove namespaced elements (we do not need them...) $string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string); // Remove all control (i.e. with ASCII value lower than 0x20 (space), // except of 0x0A (line feed) and 0x09 (tabulator) $search = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; $replace = //str_repeat("\r", strlen($search2)); "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D"; $string = str_replace("\r\n", "\n", $string); $string = str_replace("\r", "\n", $string); $string = strtr($string, $search, $replace); $string = str_replace("\r", '', $string); // \r === \x0D // Remove really unwanted tags do { $oldstring = $string; $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string); } while ($oldstring != $string); return $string; } function clean_array($array) { foreach ($array as $key => $val) { $key = clean_string($key); if (is_array($val)) { $val = clean_array($val); } else { $val = clean_string($val); } $array[$key] = $val; } return $array; } if (!defined('IN_CP')) { $HTTP_GET_VARS = clean_array($HTTP_GET_VARS); $HTTP_POST_VARS = clean_array($HTTP_POST_VARS); $HTTP_COOKIE_VARS = clean_array($HTTP_COOKIE_VARS); $HTTP_POST_FILES = clean_array($HTTP_POST_FILES); } //----------------------------------------------------- //--- Useful Stuff ------------------------------------ //----------------------------------------------------- if (isset($HTTP_GET_VARS['action']) || isset($HTTP_POST_VARS['action'])) { $action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim((string)$HTTP_POST_VARS['action'])) : stripslashes(trim((string)$HTTP_GET_VARS['action'])); $action = preg_replace("/[^a-z0-9_-]+/i", "", $action); } else { $action = ""; } if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) { $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : stripslashes(trim((string)$HTTP_GET_VARS['mode'])); $mode = preg_replace("/[^a-z0-9_-]+/i", "", $mode); } else { $mode = ""; } if (isset($HTTP_GET_VARS[URL_CAT_ID]) || isset($HTTP_POST_VARS[URL_CAT_ID])) { $cat_id = (isset($HTTP_POST_VARS[URL_CAT_ID])) ? intval($HTTP_POST_VARS[URL_CAT_ID]) : intval($HTTP_GET_VARS[URL_CAT_ID]); } else { $cat_id = 0; } if (isset($HTTP_GET_VARS[URL_IMAGE_ID]) || isset($HTTP_POST_VARS[URL_IMAGE_ID])) { $image_id = (isset($HTTP_POST_VARS[URL_IMAGE_ID])) ? intval($HTTP_POST_VARS[URL_IMAGE_ID]) : intval($HTTP_GET_VARS[URL_IMAGE_ID]); } else { $image_id = 0; } if (isset($HTTP_GET_VARS[URL_ID]) || isset($HTTP_POST_VARS[URL_ID])) { $id = (isset($HTTP_POST_VARS[URL_ID])) ? intval($HTTP_POST_VARS[URL_ID]) : intval($HTTP_GET_VARS[URL_ID]); } else { $id = 0; } if (isset($HTTP_GET_VARS[URL_PAGE]) || isset($HTTP_POST_VARS[URL_PAGE])) { $page = (isset($HTTP_POST_VARS[URL_PAGE])) ? intval($HTTP_POST_VARS[URL_PAGE]) : intval($HTTP_GET_VARS[URL_PAGE]); if (!$page) { $page = 1; } } else { $page = 1; } if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) { $show_result = 1; } else { $show_result = 0; } if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) { $search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim((string)$HTTP_POST_VARS['search_keywords']) : trim((string)$HTTP_GET_VARS['search_keywords']); if ($search_keywords != "") { $show_result = 1; } } else { $search_keywords = ""; } if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) { $search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim((string)$HTTP_POST_VARS['search_user']) : trim((string)$HTTP_GET_VARS['search_user']); if ($search_user != "") { $show_result = 1; } } else { $search_user = ""; } if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) { $search_new_images = 1; $show_result = 1; } else { $search_new_images = 0; } if (empty($PHP_SELF)) { if (!empty($HTTP_SERVER_VARS['PHP_SELF'])) { $PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"]; } elseif (!empty($HTTP_ENV_VARS['PHP_SELF'])) { $PHP_SELF = $HTTP_ENV_VARS["PHP_SELF"]; } elseif (!empty($HTTP_SERVER_VARS['PATH_INFO'])) { $PHP_SELF = $HTTP_SERVER_VARS['PATH_INFO']; } else { $PHP_SELF = getenv("SCRIPT_NAME"); } } $self_url = basename($PHP_SELF); if (empty($self_url) || !preg_match("/\.php$/", $self_url)) { $self_url = "index.php"; } //if (getenv("QUERY_STRING")) { // $self_url .= "?".getenv("QUERY_STRING"); // $self_url = preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), $self_url); //} //else { if (preg_match("/details.php/", $self_url) && !preg_match("/[?|&]".URL_IMAGE_ID."=[^?|&]*/", $self_url) && $image_id) { $self_url .= "?".URL_IMAGE_ID."=".$image_id; } elseif (preg_match("/categories.php/", $self_url) && !preg_match("/[?|&]".URL_CAT_ID."=[^?|&]*/", $self_url)) { $self_url .= "?".URL_CAT_ID."=".$cat_id; } if (isset($show_result) && $show_result) { $self_url .= preg_match("/\?/", $self_url) ? "&" : "?"; $self_url .= "show_result=1"; } if ($page && $page != 1) { $self_url .= preg_match("/\?/", $self_url) ? "&" : "?"; $self_url .= URL_PAGE."=".$page; } //} if (isset($HTTP_GET_VARS['url']) || isset($HTTP_POST_VARS['url'])) { $url = (isset($HTTP_GET_VARS['url'])) ? trim($HTTP_GET_VARS['url']) : trim($HTTP_POST_VARS['url']); } else { $url = ""; } if (empty($url)) { $url = get_basename(getenv("HTTP_REFERER")); } else { if ($url == getenv("HTTP_REFERER")) { $url = "index.php"; } } $url = preg_replace(array("/[?|&]action=[^?|&]*/", "/[?|&]mode=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", ""), $url); if ($url == $self_url || $url == "" || !preg_match("/\.php/", $url)) { $url = "index.php"; } if (defined("SCRIPT_URL") && SCRIPT_URL != "") { $script_url = SCRIPT_URL; } else { $port = (!preg_match("/^(80|443)$/", getenv("SERVER_PORT"), $port_match)) ? ":".getenv("SERVER_PORT") : ""; $script_url = (isset($port_match[1]) && $port_match[1] == 443) ? "https://" : "http://"; $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME"); if ($port) $script_url = str_replace(":".$port, "", $script_url); $script_url .= $port; $dirname = str_replace("\\", "/", dirname($PHP_SELF)); $script_url .= ($dirname != "/") ? $dirname : ""; } // Check if we should redirect to the installation routine if (!defined("4IMAGES_ACTIVE")) { redirect("install.php"); } //----------------------------------------------------- //--- Start DB ---------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/db_'.strtolower($db_servertype).'.php'); $site_db = new Db($db_host, $db_user, $db_password, $db_name); //----------------------------------------------------- //--- Generate Setting -------------------------------- //----------------------------------------------------- $sql = "SELECT setting_name, setting_value FROM ".SETTINGS_TABLE; $result = $site_db->query($sql); if (!$result) { echo $lang['no_settings']; exit; } while ($row = $site_db->fetch_array($result)) { $config[$row['setting_name']] = $row['setting_value']; } $site_db->free_result(); $config['allowed_mediatypes'] = str_replace(" ", "", $config['allowed_mediatypes']); $config['allowed_mediatypes_array'] = explode(",", $config['allowed_mediatypes']); $config['allowed_mediatypes_match'] = str_replace(",", "|", $config['allowed_mediatypes']); $msg = ""; $clickstream = ""; define('MEDIA_PATH', ROOT_PATH.MEDIA_DIR); define('THUMB_PATH', ROOT_PATH.THUMB_DIR); define('MEDIA_TEMP_PATH', ROOT_PATH.MEDIA_TEMP_DIR); define('THUMB_TEMP_PATH', ROOT_PATH.THUMB_TEMP_DIR); define('TEMPLATE_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']); define('ICON_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']."/icons"); //----------------------------------------------------- //--- Templates --------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/template.php'); $site_template = new Template(TEMPLATE_PATH); $config['language_dir_default'] = $config['language_dir']; $l = null; if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) { $requested_l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']); if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) { $l = $requested_l; $config['language_dir'] = $l; } } include_once(ROOT_PATH.'lang/'.$config['language_dir'].'/main.php'); include_once(ROOT_PATH."includes/db_field_definitions.php"); include_once(ROOT_PATH.'includes/auth.php'); //----------------------------------------------------- //--- Security ---------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/security_utils.php'); //----------------------------------------------------- //--- Cache ------------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/cache_utils.php'); //----------------------------------------------------- //--- CAPTCHA ----------------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/captcha_utils.php'); //----------------------------------------------------- //--- CSRF protection --------------------------------- //----------------------------------------------------- include_once(ROOT_PATH.'includes/csrf_utils.php'); //----------------------------------------------------- //--- GZip Compression -------------------------------- //----------------------------------------------------- $do_gzip_compress = 0; if ($config['gz_compress'] == 1 && !isset($nozip)) { if (get_php_version() >= 40004) { if (extension_loaded("zlib")) { ob_start("ob_gzhandler"); } } elseif (get_php_version() > 40000) { if (preg_match("/gzip/i", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"]) || preg_match("/x-gzip/i", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"])) { if (extension_loaded("zlib")) { $do_gzip_compress = 1; ob_start(); ob_implicit_flush(0); } } } } if (defined("GET_CACHES")) { $config['cat_order'] = empty($config['cat_order']) ? 'cat_order, cat_name' : $config['cat_order']; $config['cat_sort'] = empty($config['cat_sort']) ? 'ASC' : $config['cat_sort']; $sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment FROM ".CATEGORIES_TABLE." ORDER BY ".$config['cat_order']." " .$config['cat_sort']; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']] = $row; $cat_parent_cache[$row['cat_parent_id']][] = $row['cat_id']; } $site_db->free_result(); // -------------------------------------- $new_cutoff = time() - (60 * 60 * 24 * $config['new_cutoff']); $sql = "SELECT cat_id, COUNT(image_id) AS new_images FROM ".IMAGES_TABLE." WHERE image_active = 1 AND image_date >= $new_cutoff GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $new_image_cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?> Вот 5 файл sessions.php PHP: <?php /************************************************************************** * * * 4images - A Web Based Image Gallery Management System * * ---------------------------------------------------------------- * * * * File: sessions.php * * Copyright: (C) 2002-2011 Jan Sorgalla * * Email: [email=jan@4homepages.de]jan@4homepages.de[/email] * * Web: [url=http://www.4homepages.de]http://www.4homepages.de[/url] * * Scriptversion: 1.7.10 * * * * Never released without support from: Nicky ([url=http://www.nicky.net]http://www.nicky.net[/url]) * * * ************************************************************************** * * * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * * bedingungen (Lizenz.txt) fьr weitere Informationen. * * --------------------------------------------------------------- * * This script is NOT freeware! Please read the Copyright Notice * * (Licence.txt) for further information. * * * *************************************************************************/ if (!defined('ROOT_PATH')) { die("Security violation"); } //----------------------------------------------------- //--- Start Configuration ----------------------------- //----------------------------------------------------- define('SESSION_NAME', 'sessionid'); $user_table_fields = array( "user_id" => "user_id", "user_level" => "user_level", "user_name" => "user_name", "user_password" => "user_password", "user_email" => "user_email", "user_showemail" => "user_showemail", "user_allowemails" => "user_allowemails", "user_invisible" => "user_invisible", "user_joindate" => "user_joindate", "user_activationkey" => "user_activationkey", "user_lastaction" => "user_lastaction", "user_location" => "user_location", "user_lastvisit" => "user_lastvisit", "user_comments" => "user_comments", "user_homepage" => "user_homepage", "user_icq" => "user_icq" ); //----------------------------------------------------- //--- End Configuration ------------------------------- //----------------------------------------------------- function get_user_table_field($add, $user_field) { global $user_table_fields; return (!empty($user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : ""; } class Session { var $session_id; var $session_key; var $user_ip; var $user_location; var $current_time; var $session_timeout; var $mode = "get"; var $session_info = array(); var $user_info = array(); function Session() { global $config; $this->session_timeout = $config['session_timeout'] * 60; $this->user_ip = $this->get_user_ip(); $this->user_location = $this->get_user_location(); $this->current_time = time(); if (defined('SESSION_KEY') && SESSION_KEY != '') { $this->session_key = SESSION_KEY; } else { $this->session_key = md5('4images' . realpath(ROOT_PATH)); } // Stop adding SID to URLs @ini_set('session.use_trans_sid', 0); //@ini_set('session.cookie_lifetime', $this->session_timeout); session_name(urlencode(SESSION_NAME)); @session_start(); $this->demand_session(); } function set_cookie_data($name, $value, $permanent = 1) { $cookie_expire = ($permanent) ? $this->current_time + 60 * 60 * 24 * 365 : 0; $cookie_name = COOKIE_NAME.$name; setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); $HTTP_COOKIE_VARS[$cookie_name] = $value; } function read_cookie_data($name) { global $HTTP_COOKIE_VARS; $cookie_name = COOKIE_NAME.$name; return (isset($HTTP_COOKIE_VARS[$cookie_name])) ? $HTTP_COOKIE_VARS[$cookie_name] : false; } function get_session_id() { if (SID == '') { $this->mode = "cookie"; } if (preg_match('/[^a-z0-9]+/i', session_id())) { @session_regenerate_id(); } $this->session_id = session_id(); } function demand_session() { $this->get_session_id(); if (!$this->load_session_info()) { $this->delete_old_sessions(); $user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST; $this->start_session($user_id); } else { $this->user_info = $this->load_user_info($this->session_info['session_user_id']); $update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction']; if ($update_cutoff > 60) { $this->update_session(); $this->delete_old_sessions(); } } } function start_session($user_id = GUEST, $login_process = 0) { global $site_db; $this->user_info = $this->load_user_info($user_id); if ($this->user_info['user_id'] != GUEST && !$login_process) { if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) { $this->set_cookie_data("userpass", $this->user_info['user_password']); } else { $this->set_cookie_data("userpass", "", 0); $this->user_info = $this->load_user_info(GUEST); } } //if (!$login_process) { $sql = "REPLACE INTO ".SESSIONS_TABLE." (session_id, session_user_id, session_lastaction, session_location, session_ip) VALUES ('".addslashes($this->session_id)."', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')"; $site_db->query($sql); //} $this->session_info['session_user_id'] = $this->user_info['user_id']; $this->session_info['session_lastaction'] = $this->current_time; $this->session_info['session_location'] = $this->user_location; $this->session_info['session_ip'] = $this->user_ip; if ($this->user_info['user_id'] != GUEST) { $this->user_info['user_lastvisit'] = (!empty($this->user_info['user_lastaction'])) ? $this->user_info['user_lastaction'] : $this->current_time; $sql = "UPDATE ".USERS_TABLE." SET ".get_user_table_field("", "user_lastaction")." = $this->current_time, ".get_user_table_field("", "user_location")." = '$this->user_location', ".get_user_table_field("", "user_lastvisit")." = ".$this->user_info['user_lastvisit']." WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id']; $site_db->query($sql); } $this->set_cookie_data("lastvisit", $this->user_info['user_lastvisit']); $this->set_cookie_data("userid", $this->user_info['user_id']); return true; } function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) { global $site_db, $user_table_fields; if (empty($user_name) || empty($user_password)) { return false; } $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING; $row = $site_db->query_firstrow($sql); $user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST; if ($user_id != GUEST) { if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) { $sql = "UPDATE ".SESSIONS_TABLE." SET session_user_id = $user_id WHERE session_id = '".addslashes($this->session_id)."'"; $site_db->query($sql); if ($set_auto_login) { $this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : ""); } $this->start_session($user_id, 1); return true; } } return false; } function logout($user_id) { global $site_db; $sql = "DELETE FROM ".SESSIONS_TABLE." WHERE session_id = '".addslashes($this->session_id)."' OR session_user_id = $user_id"; $site_db->query($sql); $this->set_cookie_data("userpass", "", 0); $this->set_cookie_data("userid", GUEST); $this->session_info = array(); return true; } function delete_old_sessions() { global $site_db; $expiry_time = $this->current_time - $this->session_timeout; $sql = "DELETE FROM ".SESSIONS_TABLE." WHERE session_lastaction < $expiry_time"; $site_db->query($sql); return true; } function update_session() { global $site_db; $sql = "REPLACE INTO ".SESSIONS_TABLE." (session_id, session_user_id, session_lastaction, session_location, session_ip) VALUES ('".addslashes($this->session_id)."', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')"; $site_db->query($sql); $this->session_info['session_lastaction'] = $this->current_time; $this->session_info['session_location'] = $this->user_location; $this->session_info['session_ip'] = $this->user_ip; if ($this->user_info['user_id'] != GUEST) { $sql = "UPDATE ".USERS_TABLE." SET ".get_user_table_field("", "user_lastaction")." = $this->current_time, ".get_user_table_field("", "user_location")." = '$this->user_location' WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id']; $site_db->query($sql); } return; } function return_session_info() { return $this->session_info; } function return_user_info() { return $this->user_info; } function freeze() { return; } function load_session_info() { $register_globals = strtolower(@ini_get('register_globals')); if ($register_globals && $register_globals != "off" && $register_globals != "false") { session_register($this->session_key); if (!isset($GLOBALS[$this->session_key])) { $GLOBALS[$this->session_key] = array(); } $this->session_info = &$GLOBALS[$this->session_key]; } else { if (isset($_SESSION)) { if (!isset($_SESSION[$this->session_key])) { $_SESSION[$this->session_key] = a
Вот 5 файл полностью PHP: <?php /************************************************************************** * * * 4images - A Web Based Image Gallery Management System * * ---------------------------------------------------------------- * * * * File: sessions.php * * Copyright: (C) 2002-2011 Jan Sorgalla * * Email: [email=jan@4homepages.de]jan@4homepages.de[/email] * * Web: [url=http://www.4homepages.de]http://www.4homepages.de[/url] * * Scriptversion: 1.7.10 * * * * Never released without support from: Nicky ([url=http://www.nicky.net]http://www.nicky.net[/url]) * * * ************************************************************************** * * * Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- * * bedingungen (Lizenz.txt) fьr weitere Informationen. * * --------------------------------------------------------------- * * This script is NOT freeware! Please read the Copyright Notice * * (Licence.txt) for further information. * * * *************************************************************************/ if (!defined('ROOT_PATH')) { die("Security violation"); } //----------------------------------------------------- //--- Start Configuration ----------------------------- //----------------------------------------------------- define('SESSION_NAME', 'sessionid'); $user_table_fields = array( "user_id" => "user_id", "user_level" => "user_level", "user_name" => "user_name", "user_password" => "user_password", "user_email" => "user_email", "user_showemail" => "user_showemail", "user_allowemails" => "user_allowemails", "user_invisible" => "user_invisible", "user_joindate" => "user_joindate", "user_activationkey" => "user_activationkey", "user_lastaction" => "user_lastaction", "user_location" => "user_location", "user_lastvisit" => "user_lastvisit", "user_comments" => "user_comments", "user_homepage" => "user_homepage", "user_icq" => "user_icq" ); //----------------------------------------------------- //--- End Configuration ------------------------------- //----------------------------------------------------- function get_user_table_field($add, $user_field) { global $user_table_fields; return (!empty($user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : ""; } class Session { var $session_id; var $session_key; var $user_ip; var $user_location; var $current_time; var $session_timeout; var $mode = "get"; var $session_info = array(); var $user_info = array(); function Session() { global $config; $this->session_timeout = $config['session_timeout'] * 60; $this->user_ip = $this->get_user_ip(); $this->user_location = $this->get_user_location(); $this->current_time = time(); if (defined('SESSION_KEY') && SESSION_KEY != '') { $this->session_key = SESSION_KEY; } else { $this->session_key = md5('4images' . realpath(ROOT_PATH)); } // Stop adding SID to URLs @ini_set('session.use_trans_sid', 0); //@ini_set('session.cookie_lifetime', $this->session_timeout); session_name(urlencode(SESSION_NAME)); @session_start(); $this->demand_session(); } function set_cookie_data($name, $value, $permanent = 1) { $cookie_expire = ($permanent) ? $this->current_time + 60 * 60 * 24 * 365 : 0; $cookie_name = COOKIE_NAME.$name; setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); $HTTP_COOKIE_VARS[$cookie_name] = $value; } function read_cookie_data($name) { global $HTTP_COOKIE_VARS; $cookie_name = COOKIE_NAME.$name; return (isset($HTTP_COOKIE_VARS[$cookie_name])) ? $HTTP_COOKIE_VARS[$cookie_name] : false; } function get_session_id() { if (SID == '') { $this->mode = "cookie"; } if (preg_match('/[^a-z0-9]+/i', session_id())) { @session_regenerate_id(); } $this->session_id = session_id(); } function demand_session() { $this->get_session_id(); if (!$this->load_session_info()) { $this->delete_old_sessions(); $user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST; $this->start_session($user_id); } else { $this->user_info = $this->load_user_info($this->session_info['session_user_id']); $update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction']; if ($update_cutoff > 60) { $this->update_session(); $this->delete_old_sessions(); } } } function start_session($user_id = GUEST, $login_process = 0) { global $site_db; $this->user_info = $this->load_user_info($user_id); if ($this->user_info['user_id'] != GUEST && !$login_process) { if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) { $this->set_cookie_data("userpass", $this->user_info['user_password']); } else { $this->set_cookie_data("userpass", "", 0); $this->user_info = $this->load_user_info(GUEST); } } //if (!$login_process) { $sql = "REPLACE INTO ".SESSIONS_TABLE." (session_id, session_user_id, session_lastaction, session_location, session_ip) VALUES ('".addslashes($this->session_id)."', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')"; $site_db->query($sql); //} $this->session_info['session_user_id'] = $this->user_info['user_id']; $this->session_info['session_lastaction'] = $this->current_time; $this->session_info['session_location'] = $this->user_location; $this->session_info['session_ip'] = $this->user_ip; if ($this->user_info['user_id'] != GUEST) { $this->user_info['user_lastvisit'] = (!empty($this->user_info['user_lastaction'])) ? $this->user_info['user_lastaction'] : $this->current_time; $sql = "UPDATE ".USERS_TABLE." SET ".get_user_table_field("", "user_lastaction")." = $this->current_time, ".get_user_table_field("", "user_location")." = '$this->user_location', ".get_user_table_field("", "user_lastvisit")." = ".$this->user_info['user_lastvisit']." WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id']; $site_db->query($sql); } $this->set_cookie_data("lastvisit", $this->user_info['user_lastvisit']); $this->set_cookie_data("userid", $this->user_info['user_id']); return true; } function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) { global $site_db, $user_table_fields; if (empty($user_name) || empty($user_password)) { return false; } $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")." FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING; $row = $site_db->query_firstrow($sql); $user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST; if ($user_id != GUEST) { if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) { $sql = "UPDATE ".SESSIONS_TABLE." SET session_user_id = $user_id WHERE session_id = '".addslashes($this->session_id)."'"; $site_db->query($sql); if ($set_auto_login) { $this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : ""); } $this->start_session($user_id, 1); return true; } } return false; } function logout($user_id) { global $site_db; $sql = "DELETE FROM ".SESSIONS_TABLE." WHERE session_id = '".addslashes($this->session_id)."' OR session_user_id = $user_id"; $site_db->query($sql); $this->set_cookie_data("userpass", "", 0); $this->set_cookie_data("userid", GUEST); $this->session_info = array(); return true; } function delete_old_sessions() { global $site_db; $expiry_time = $this->current_time - $this->session_timeout; $sql = "DELETE FROM ".SESSIONS_TABLE." WHERE session_lastaction < $expiry_time"; $site_db->query($sql); return true; } function update_session() { global $site_db; $sql = "REPLACE INTO ".SESSIONS_TABLE." (session_id, session_user_id, session_lastaction, session_location, session_ip) VALUES ('".addslashes($this->session_id)."', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')"; $site_db->query($sql); $this->session_info['session_lastaction'] = $this->current_time; $this->session_info['session_location'] = $this->user_location; $this->session_info['session_ip'] = $this->user_ip; if ($this->user_info['user_id'] != GUEST) { $sql = "UPDATE ".USERS_TABLE." SET ".get_user_table_field("", "user_lastaction")." = $this->current_time, ".get_user_table_field("", "user_location")." = '$this->user_location' WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id']; $site_db->query($sql); } return; } function return_session_info() { return $this->session_info; } function return_user_info() { return $this->user_info; } function freeze() { return; } function load_session_info() { $register_globals = strtolower(@ini_get('register_globals')); if ($register_globals && $register_globals != "off" && $register_globals != "false") { session_register($this->session_key); if (!isset($GLOBALS[$this->session_key])) { $GLOBALS[$this->session_key] = array(); } $this->session_info = &$GLOBALS[$this->session_key]; } else { if (isset($_SESSION)) { if (!isset($_SESSION[$this->session_key])) { $_SESSION[$this->session_key] = array(); } $this->session_info = &$_SESSION[$this->session_key]; } else { if (!isset($GLOBALS['HTTP_SESSION_VARS'][$this->session_key])) { $GLOBALS['HTTP_SESSION_VARS'][$this->session_key] = array(); } $this->session_info = &$GLOBALS['HTTP_SESSION_VARS'][$this->session_key]; } } if (!isset($this->session_info['session_ip'])) { $this->session_info = array(); return false; } if ($this->mode == "get" && $this->session_info['session_ip'] != $this->user_ip) { if (function_exists('session_regenerate_id')) { @session_regenerate_id(); } $this->get_session_id(); $this->session_info = array(); return false; } return $this->session_info; } function load_user_info($user_id = GUEST) { global $site_db, $user_table_fields, $additional_user_fields; if ($user_id != GUEST) { $sql = "SELECT u.*, l.* FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l WHERE ".get_user_table_field("u.", "user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.", "user_id"); $user_info = $site_db->query_firstrow($sql); if (!$user_info) { $sql = "SELECT * FROM ".USERS_TABLE." WHERE ".get_user_table_field("", "user_id")." = $user_id"; $user_info = $site_db->query_firstrow($sql); if ($user_info) { $lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id"); $sql = "INSERT INTO ".LIGHTBOXES_TABLE." (lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids) VALUES ('$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')"; $site_db->query($sql); $user_info['lightbox_lastaction'] = $this->current_time; $user_info['lightbox_image_ids'] = ""; } } } if (empty($user_info[$user_table_fields['user_id']])) { $user_info = array(); $user_info['user_id'] = GUEST; $user_info['user_level'] = GUEST; $user_info['user_lastaction'] = $this->current_time; $user_info['user_lastvisit'] = ($this->read_cookie_data("lastvisit")) ? $this->read_cookie_data("lastvisit") : $this->current_time; } foreach ($user_table_fields as $key => $val) { if (isset($user_info[$val])) { $user_info[$key] = $user_info[$val]; } elseif (!isset($user_info[$key])) { $user_info[$key] = ""; } } foreach ($additional_user_fields as $key => $val) { if (!isset($user_info[$key])) { $user_info[$key] = ""; } } return $user_info; } function set_session_var($var_name, $value) { $this->session_info[$var_name] = $value; return true; } function get_session_var($var_name) { if (isset($this->session_info[$var_name])) { return $this->session_info[$var_name]; } return ''; } function drop_session_var($var_name) { unset($this->session_info[$var_name]); } function get_user_ip() { global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; $ip = (!empty($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv("REMOTE_ADDR")); $ip = preg_replace("/[^\.0-9]+/", "", $ip); return substr($ip, 0, 50); } function get_user_location() { global $self_url; return (defined("IN_CP")) ? "Control Panel" : preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), addslashes($self_url)); } function url($url, $amp = "&") { global $l; $dummy_array = explode("#", $url); $url = $dummy_array[0]; if ($this->mode == "get" && strpos($url, $this->session_id) === false) { $url .= strpos($url, '?') !== false ? $amp : "?"; $url .= SESSION_NAME."=".$this->session_id; } if (!empty($l)) { $url .= strpos($url, '?') !== false ? $amp : "?"; $url .= "l=".$l; } $url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : ""; return $url; } } //end of class //----------------------------------------------------- //--- Start Session ----------------------------------- //----------------------------------------------------- define('COOKIE_NAME', '4images_'); define('COOKIE_PATH', ''); define('COOKIE_DOMAIN', ''); define('COOKIE_SECURE', '0'); $site_sess = new Session(); // Get Userinfo $session_info = $site_sess->return_session_info(); $user_info = $site_sess->return_user_info(); //----------------------------------------------------- //--- Get User Caches --------------------------------- //----------------------------------------------------- $num_total_online = 0; $num_visible_online = 0; $num_invisible_online = 0; $num_registered_online = 0; $num_guests_online = 0; $user_online_list = ""; $prev_user_ids = array(); $prev_session_ips = array(); if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) { $time_out = time() - 300; $sql = "SELECT s.session_user_id, s.session_lastaction, s.session_ip".get_user_table_field(", u.", "user_id").get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_invisible")." FROM ".SESSIONS_TABLE." s LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = s.session_user_id) WHERE s.session_lastaction >= $time_out ORDER BY ".get_user_table_field("u.", "user_id")." ASC, s.session_ip ASC"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { if ($row['session_user_id'] != GUEST && (isset($row[$user_table_fields['user_id']]) && $row[$user_table_fields['user_id']] != GUEST)) { if (!isset($prev_user_ids[$row['session_user_id']])) { $is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 1) ? 1 : 0; $invisibleuser = ($is_invisible) ? "*" : ""; $username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>", $row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']]; if (!$is_invisible || $user_info['user_level'] == ADMIN) { $user_online_list .= ($user_online_list != "") ? ", " : ""; $user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$row['session_user_id']; $user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".str_replace(array("{", "}"), array("{", "}"), $username)."</a>".$invisibleuser; } (!$is_invisible) ? $num_visible_online++ : $num_invisible_online++; $num_registered_online++; } $prev_user_ids[$row['session_user_id']] = 1; } else { if (!isset($prev_session_ips[$row['session_ip']])) { $num_guests_online++; } } $prev_session_ips[$row['session_ip']] = 1; } $num_total_online = $num_registered_online + $num_guests_online; //$num_invisible_online = $num_registered_online - $num_visible_online; $site_template->register_vars(array( "num_total_online" => $num_total_online, "num_invisible_online" => $num_invisible_online, "num_registered_online" => $num_registered_online, "num_guests_online" => $num_guests_online, "user_online_list" => $user_online_list, "lang_user_online" => str_replace('{num_total_online}', $num_total_online, $lang['user_online']), "lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']), )); $whos_online = $site_template->parse_template("whos_online"); $site_template->register_vars("whos_online", $whos_online); unset($whos_online); unset($prev_user_ids); unset($prev_session_ips); } ?> Кто может на основе всего этого написать мне поиск по картинкам,и чтобы он искал только по папке:"NEWPICTURE"
чувак, мы тебе премию дадим за самый длинный код) А по теме - если очень надо - предложи бабла, может кто заинтересуется)