Results for securite : 17

4 - astuce sécurité PHP - Le Hollandais Volant
# en début de script
if (basename($_SERVER['SCRIPT_NAME']) === 'index.php' and strpos(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), 'index.php') === FALSE ) {
	$var_request_URI = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH).'index.php';
} else {
	$var_request_URI = $_SERVER['REQUEST_URI'];
}
if (parse_url($var_request_URI, PHP_URL_PATH) !== $_SERVER['SCRIPT_NAME']) {
	header('Location: '.$_SERVER['SCRIPT_NAME']);
}


			
5 - ssave-sload: secured data saving
# Secured save/load variable data (inspired by Oros)
function ssave($file=null,$content=''){
	if (!$file){return false;}
	file_put_contents($file.'.php', '<?php /* '.base64_encode(gzdeflate(serialize($content))).' */ ?>');
}
function sload($file=null){
	if (!$file || !is_file($file)){return false;}
	return unserialize(gzinflate(base64_decode(substr(file_get_contents($file),9,-strlen(6)))));
}
			
6 - FORMULAIRE DE MODIFICATION DES DROITS CHMOD DES FICHIERS ET DOSSIERS
<?php
/*
FORMULAIRE DE MODIFICATION DES DROITS CHMOD DES FICHIERS ET DOSSIERS
Enregistrez ce fichier dans votre répertoire hébergement web, ouvrez-le 
avec votre navigateur et suivez les instructions.
Un rapport d'erreur est fourni.
*/

// initialisation des variables
$dosPerm = "0";
$ficPerm = "0";
$retval = "0"; // nombre d'erreurs CHMOD

 // Chemin du dossier a traiter
    $chem = preg_replace("/[^_A-Za-z0-9-\.%\/]/i",'', $_POST["chemin"]);    // chemin de fichier absolu (avec nettoyage contre piratage)
    $chem = preg_replace("/\.\.\//",'', $chem);    // on interdit la commande ../
    define('ABSPATH', dirname(__FILE__));
    $chem = ABSPATH.$chem;    // chemin de fichier absolu de votre compte du genre /home/loginftp/www/ ou /home/loginftp/public_html/ etc.

//Droits des dossiers
    $d1 = preg_replace("/[^057]/",'', $_POST["dir1"]);
    $d2 = preg_replace("/[^057]/",'', $_POST["dir2"]);
    $d3 = preg_replace("/[^057]/",'', $_POST["dir3"]);
    $dosPerm = "0".$d1.$d2.$d3;
    $dosPerm = octdec($dosPerm);
//droits des fichiers
    $f1 = preg_replace("/[^046]/i",'', $_POST["fic1"]);
    $f2 = preg_replace("/[^046]/i",'', $_POST["fic2"]);
    $f3 = preg_replace("/[^046]/i",'', $_POST["fic3"]);
    $ficPerm = "0".$f1.$f2.$f3;
    $ficPerm = octdec($ficPerm);

// Formulaire html pour changer les droits
    print "<html><meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />";
    print "<body><h3>Changer les droits d'acc&egrave;s CHMOD aux dossiers et fichiers <br />dans votre h&eacute;bergement.</h3>";
    print "<table><tr><td>";
    print "<form method=\"post\">";
    print "<tr><td>Droits des dossiers: </td>";
    print "<td><select name=\"dir1\"><option value=\"0\">0</option><option value=\"5\">5</option><option value=\"7\" selected>7</option></select><select name=\"dir2\"><option value=\"0\">0</option><option value=\"5\" selected>5</option><option value=\"7\">7</option></select><select name=\"dir3\"><option value=\"0\">0</option><option value=\"5\" selected>5</option><option value=\"7\">7</option></select></td></tr>";
    print "<tr><td>Droits des fichiers: </td>";
    print "<td><select name=\"fic1\"><option value=\"0\">0</option><option value=\"4\">4</option><option value=\"6\" selected>6</option></select><select name=\"fic2\"><option value=\"0\">0</option><option value=\"4\" selected>4</option><option value=\"6\">6</option></select><select name=\"fic3\"><option value=\"0\">0</option><option value=\"4\" selected>4</option><option value=\"6\">6</option></select></td></tr>";
    print "<tr><td>R&eacute;pertoire &agrave; contr&ocirc;ler: </td>";
    print "<td>".ABSPATH." <input type=\"text\" name=\"chemin\" maxlength=\"80\" size=\"30\" value=\"/\" ></td></tr>";
    print "<tr><td> </td><td><input type=\"submit\" value=\" Changer les CHMOD des Dossiers et Fichiers \">";
    print "</form>";
    print "</td></tr></table>";

if ( ($dosPerm||$ficPerm) > 0 ){

    function rChmod($chem,$dosPerm,$ficPerm) {
        echo "<p><b>Journal:</b></p>\r\n";

        $d = new RecursiveDirectoryIterator($chem); 
        $d ->setFlags(RecursiveDirectoryIterator::SKIP_DOTS); 
        foreach (new RecursiveIteratorIterator($d, 1) as $path) {
            $chmodret = false;
            $chmodresultat = "";
            if ( $path->isDir() ) {
            $chmodret = chmod( $path, $dosPerm ); }
            else {
            if ( is_file( $path )  ) {
            $chmodret = chmod( $path, $ficPerm ); }
            }
            if ($chmodret) {$chmodresultat = "OK"; }
            else {
                $chmodresultat = "ERREUR";
                ++$retval;
                }
            echo $chmodresultat . " " . $path . "<br />\r\n";
        }
    return $retval;
}
    $nbfailed = rChmod($chem,$dosPerm,$ficPerm);
    echo "<p><b>";
    if ($nbfailed > 0) {
        echo $nbfailed . " erreur(s) CHMOD. Voyez le journal ci-dessus.";
        }
    else echo "Pas d'erreur apparente. Vérifiez par vous-même.</b></p>\r\n";
}
?>
			
8 - strip_almost_all_tags
function strip_almost_all_tags($chaine){
	// ajouter le strip attributes
	// à la barbare
	$secure='#on(click|dblclick|blur|change|dragdrop|focus|keydown|keyup|keypress|mouseover|mouseout|load|unload|keydown)=#i';
	$keep=array('<img ','<a ', '<em', '<br>','<br/>','</a', '</em', '<br />','<p ', '</p','<div ', '</div','<span ', '</span', '<li', '</li', '<ul', '</ul');
	$temp_repl=array('[img ','[a ','[em','[br]','[br/]','[/a','[/em','[br /]','[p ','[/p','[div ','[/div','[span ','[/span','[li','[/li','[ul','[/ul');
	$chaine=str_ireplace($keep,$temp_repl,$chaine);
	$chaine=strip_tags($chaine);
	$chaine=preg_replace($secure, 'on$1&#61;', $chaine);
	return str_ireplace($temp_repl,$keep,$chaine);
}
			
9 - Strip_cars
function strip_tags(input, allowed) {
				//http://phpjs.org/functions/strip_tags/
				allowed = (((allowed || '') + '')
				.toLowerCase()
				.match(/<[a-z][a-z0-9]*>/g) || [])
				.join(''); // making sure the allowed arg is a string containing only tags in lowercase (<a><b><c>)
				var tags = /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi,
				commentsAndPhpTags = /<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi;
				return input.replace(commentsAndPhpTags, '')
				.replace(tags, function($0, $1) {
				  return allowed.indexOf('<' + $1.toLowerCase() + '>') > -1 ? $0 : '';
				});
			}
			
10 - clean - nettoyer une variable
function clean($value) {

       // If magic quotes not turned on add slashes.
       if(!get_magic_quotes_gpc())

       // Adds the slashes.
       { $value = addslashes($value); }

       // Strip any tags from the value.
       $value = strip_tags($value);

       // Return the value out of the function.
       return $value;

}
			
11 - secure - sécuriser une chaine ou un tableau contre le XSS
function secure($var,$level=0){
    // $level=0 > returns text only (no html or script), 1 > text + html (no script), 2 > all content secured with entities
    if (is_array($var)){foreach ($var as $index=>$v){$var[$index]=secure($v,$level);}}
    else if (is_string($var)){
        if ($level==0){$var=strip_tags($var);}
        else if ($level==1){$var=preg_replace('#on[a-z]+ ?= ?["\'].*?["\'](?=[ />])|</?script>|javascript:#i','',$var);}
        else {$var=htmlspecialchars($var);}
    }
    return $var;
}
			
12 - Googol
<?php
	if (isset($_GET['lang'])){$langue=$_GET['lang'];}else{$langue=lang();}
	clear_cache();// vire les thumbs de plus de trois minutes (THUMB_EXPIRE_DELAY)
	define('REGEX_WEB','#(?<=<h3 class="r"><a href="/url?q=)([^&]+).*?>(.*?)</a>.*?(?<=<span class="st">)(.*?)(?=</span>)#');
	define('REGEX_PAGES','#&start=([0-9]+)|&amp;start=([0-9]+)#');
	define('REGEX_IMG','#(?<=imgurl=)(.*?)&amp;imgrefurl=(.*?)&amp;.*?h=([0-9]+)&amp;w=([0-9]+)&amp;sz=([0-9]+)|(?<=imgurl=)(.*?)&imgrefurl=(.*?)&.*?h=([0-9]+)&w=([0-9]+)&sz=([0-9]+)#');
	define('REGEX_THMBS','#<img.*?height="([0-9]+)".*?width="([0-9]+)".*?src="([^"]+)"#');
	define('TPL','<div class="result"><a href="#link"><h3 class="title">#title</h3>#link</a><p class="description">#description</p></div>');
	define('TPLIMG','<div class="image" ><p><a href="#link" title="#link">#thumbs</a></p><p class="description">#W x #H (#SZ ko)<a class="source" href="#site" title="#site"> &#9658;</a></p></div>');
	define('LOGO1','<em class="g">G</em><em class="o1">o</em>');
	define('LOGO2','<em class="o2">o</em><em class="g">g</em><em class="o1">o</em><em class="l">l</em>');
	define('URL','https://www.google.fr/search?q=');
	define('URLIMG','&tbm=isch&biw=1920&bih=1075&sei=v5ecUb6OG-2l0wW554GYBQ');
	define('VERSION','v1.1');
	define('LANGUAGE',$langue);
	define('RACINE','http://'.$_SERVER['SERVER_NAME']);
	define('USE_WEB_OF_TRUST',true);
	define('USE_GOOGLE_THUMBS',false);
	// true = googol utilise les miniatures de google (c'est l'ip du visiteur que google verra mais c'est rapide et sans charge pour le servuer hébergeant googol)
	// false = c'est le serveur googol qui télécharge les miniatures (ip user cachée à google, il ne verra que l'ip du serveur, mais c'est sensiblement plus lent)
	
	if (!USE_GOOGLE_THUMBS){ // on va télécharger temporairement les miniatures pour cacher l'ip du visiteur à google
		session_start();
		if (!isset($_SESSION['ID'])){$_SESSION['ID']=uniqid();}
		define('UNIQUE_THUMBS_PATH','thumbs/'.$_SESSION['ID']);
		if (!is_dir('thumbs')){mkdir('thumbs');}// crée le dossier thumbs si nécessaire
	}
	$lang['fr']=array(
		'previous'=>htmlspecialchars('Page précédente'),
		'next'=>'Page suivante',
		'The thumbnails are temporarly stored in this server to hide your ip from Google...'=>htmlspecialchars('les miniatures sont temporairement récupérées sur ce serveur, google n'a pas votre IP...'),
		'Search anonymously on Google (direct links, fake referer)'=>htmlspecialchars('Rechercher anonymement sur Google (liens directs et referrer caché)'),
		'Free and open source (please keep a link to warriordudimanche.net for the author ^^)'=>htmlspecialchars('Libre et open source, merci de laisser un lien vers warriordudimanche.net pour citer l'auteur ;)'),
		'Googol - google without lies'=>'Googol - google sans mensonge',
		'on GitHub'=>'sur GitHub',
		'no results'=>htmlspecialchars('pas de résultat'),
		'by'=>'par',
		'search '=>'recherche ',
		'Search'=>'Rechercher',
		'Otherwise, use a real Search engine !'=>'Sinon, utilisez un vrai moteur de recherche !',
		);



	function aff($a,$stop=true){echo 'Arret a la ligne '.__LINE__.' du fichier '.__FILE__.'<pre>';var_dump($a);echo '</pre>';if ($stop){exit();}}
	function msg($m){global $lang;if(isset($lang[LANGUAGE][$m])){return $lang[LANGUAGE][$m];}else{return $m;}}
	function lang($default='fr'){if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){$l=explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);return substr($l[0],0,2);}else{return $default;}}
	function Random_referer(){
		$rr=array(
			'http://oudanstoncul.com.free.fr/‎',
			'http://googlearretedenousfliquer.fr/‎',
			'http://stopspyingme.fr/‎',
			'http://spyyourassfuckinggoogle.fr/‎',
			'http://dontfuckinglookatme.fr/‎',
			'http://matemonculgoogle.fr/‎',
			'http://auxarmescitoyens.fr/‎',
			'http://jetlametsavecdugravier.con/‎',
			'http://lesdeuxpiedsdanstagueule.fr/‎',
			'http://moncoudedanstabouche.con/‎',
			'http://monpieddanston.uk/‎',
			'http://bienfaitpourvosgueul.es/‎',
			'http://pandanstesdents.fr/‎',
			'http://tupuessouslesbras.fr/‎',
		);
		shuffle($rr);
		return $rr[0];
	}
	function file_curl_contents($url){
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,  FALSE);     
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);     
		curl_setopt($ch, CURLOPT_URL, $url);     
		if (!ini_get("safe_mode") && !ini_get('open_basedir') ) {curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);}    
		curl_setopt($ch, CURLOPT_MAXREDIRS, 10); 
		curl_setopt($ch, CURLOPT_REFERER, random_referer());// notez le referer "custom"
		$data = curl_exec($ch);     
		curl_close($ch);     
		return $data; 
	}  
	function add_search_engine(){
		if(!is_file('googol.xml')){
			file_put_contents('googol.xml', '<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"
              xmlns:moz="http://www.mozilla.org/2006/browser/search/">
			  <ShortName>Googole</ShortName>
			  <Description>'.msg('Googol - google without lies').'</Description>
			  <InputEncoding>UTF-8</InputEncoding>
			  <Image width="32" height="32">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABCFJREFUeNrEV21MW2UUfm7v7QcwWqj9YBQyEAdqwBGGY3xkQRlLRjLnsmnUOOOSJYsmxvhDo/7VRH+YaPxhYqLRiAkuccbh5jbFRZgR3IbpwphG0wxaSgOUXgot7W177/V9L/DDrLv3bcK2kzy97e15zz3vOc85573c4bfOY112ruNuyATBKP0iQNVufETwKu6ufElwTFBVtf0ePJzKiwQniQNoLmRVYyUHT5kNT3f7YLbatHtkE4gvr+LsWATT82kEoszm2gVFVZk0K+0qnulwoM7nAG82gxfM2n2OM5HfAjzeYhw76EIuk8HV6zP4engBYoozMmuhKTB8eJ0LeHlvGc74VzHwexyz8f//73NweNBnRU9rJWq3VaBzVwNqKkrwdv9NpHP6Thg6QHfe12TDO6dFiKv5dWaWVIIUhiYDeK4rhid7m+D2utDkm8blKUXXvommQA9HO4rw1Wgai0l9vQ2cGotBSiaQTafwz5xsqC+oOg4+QEIfJrtbTLCTtLyIQyqxjIGLIaZ1gqLcPgVVTko2CxQlxexAx3YbRv4M46cJtjW6HOA4DntaqiApPC5eEzEj6uezs94Kj8OCjy8sMTusG4EbYYlEQMChfU040C1BzmZJzed3wmTiwfE8hq8GYeVFpLKsDuiQIBgDBkcCOLyvEcX2MvC8QMNyW31VUdDbaSNlCbzRH2JMgaJfhv3DIubFcRx5rAZljhItLXkjQJyzFhVrTcphL4aRXaYUbMg5f5Jg0lDv2T0ezdFvfw1CYXaAsRWziN2SwXdDf+FHf2JzSJhPdtaYsbvBjrb6LWuVQsgXislaCn6biOLMeLwge0yzYENe6fPi8UercWUygte+CCK6osBVasKJ/T50tdaiurIcgYifVE+W2aaJMpcFT7U7sL/7ISQlBR9+P4OFeE67T6/vfjONqdA8vF433jvRgupyDqx2TQr5MIKzBDja97A2/3+4NIVEWr5FZ+DnAGQ5h1KnG4c6PGCxS2Gi5WKEtu0lsG0p1UK2nJDy6oz9TQaQlNac7GmrAYtdCiYOVDhthGQ8NnTzrUlKZLqRCNA+QQl5H+FodEVlaUSKoVIimdUeSjshdUZvjSzLWIonCTdkRhISw0b4N5wgRy0JJjIXdjVuzatTZFnrhlkphV/+mAaLXQqmKrgeTCOysKql4f7areh5xH6LTm9zuTaQZkNhnBqZZa4C3U74wfNubKtyacSyWbNYic5rUXj9hRZymhnHkH9t7O7d4cDxJ+oRCUfw5qfXMLcsM/cBrvnIZy+R6yesCw7udqK1wY0ddXbkshJlJObEDM5dmcPg5aVCu/f7AgqcBadHFzVslhTUiu+AZOh54OY9dOAGLcPzBJ+zls0m4izBSXLG0lJwnL4oEnTRxneHdx1bfzUfpD/+E2AAqmeV253DYKAAAAAASUVORK5CYII=</Image>
			  <Url type="text/html" method="get" template="'.RACINE.'">
			  <Param name="q" value="{searchTerms}"/>
			  </Url>
			  <moz:SearchForm>'.RACINE.'</moz:SearchForm> 
			</OpenSearchDescription>');
		}
	}
	function parse_query($query,$start=0,$img=false){
		if (!$img){ // web
			$page=file_curl_contents(URL.str_replace(' ','+',urlencode($query)).'&start='.$start);
			if (!$page){return false;}
			preg_match_all(REGEX_WEB, $page, $r);
			preg_match_all(REGEX_PAGES,$page,$p);
			$p=count($p[2]);
			$retour=array(
				'links'=>$r[1],
				'titles'=>$r[2],
				'descriptions'=>$r[3],
				'nb_pages'=>$p,
				'current_page'=>$start,
				'query'=>$query
				);
			return $retour;
		}else{ //images
			$page=file_curl_contents(URL.str_replace(' ','+',urlencode($query)).URLIMG.'&start='.$start);			
			if (!$page){return false;}
			preg_match_all(REGEX_IMG,$page,$r);
			preg_match_all(REGEX_PAGES,$page,$p);
			preg_match_all(REGEX_THMBS,$page,$t);
			$p=count($p[2]);
			$retour=array(
				'site'=>$r[2],
				'links'=>$r[1],
				'h'=>$r[3],
				'w'=>$r[4],
				'sz'=>$r[5],
				'thumbs'=>$t[3],
				'thumbs_w'=>$t[2],
				'thumbs_h'=>$t[1],
				'nb_pages'=>$p,
				'current_page'=>$start,
				'query'=>$query
				);			
			return $retour;		
		}
	}

	function render_query($array){
		global $start,$langue;
		if (!is_array($array)||count($array)==0){return false;}
		if (!isset($array['sz'][0])){
			foreach ($array['links'] as $nb => $link){
				$r=str_replace('#link',$link,TPL);
				$r=str_replace('#title',$array['titles'][$nb],$r);
				$d=str_replace('<br>','',$array['descriptions'][$nb]);
				$d=str_replace('<br/>','',$d);
				$r=str_replace('#description',$d,$r);
				echo $r;
			}
			$img='';
		}else{
			foreach ($array['links'] as $nb => $link){
				$r=str_replace('#link',$link,TPLIMG);
				$r=str_replace('#SZ',$array['sz'][$nb],$r);
				$r=str_replace('#H',$array['h'][$nb],$r);
				$r=str_replace('#W',$array['w'][$nb],$r);
				$r=str_replace('#site',$array['site'][$nb],$r);
				if (!USE_GOOGLE_THUMBS){
					$repl='<img src="'.grab_google_thumb($array['thumbs'][$nb]).'" width="'.$array['thumbs_w'][$nb].'" height="'.$array['thumbs_h'][$nb].'"/>';
				}else if (USE_GOOGLE_THUMBS){
					$repl='<img src="'.$array['thumbs'][$nb].'" width="'.$array['thumbs_w'][$nb].'" height="'.$array['thumbs_h'][$nb].'"/>';
				}				
				$r=str_replace('#thumbs',$repl,$r);
				$r=str_replace('#thumbs_h',$array['thumbs_h'][$nb],$r);
				$r=str_replace('#thumbs_w',$array['thumbs_w'][$nb],$r);
				echo $r;
			}	
			$img='&img';

		}

		if($array['nb_pages'] != 0){
			echo '<hr/><p class="footerlogo">'.LOGO1.str_repeat('<em class="o2">o</em>', $array['nb_pages']-1).LOGO2.'</p><div class="pagination">';
		}
		else{
			echo '<div class="noresult"> '.msg('no results').' </div>';
		}

		if ($start>0){echo '<a class="previous" title="'.msg('previous').'" href="?q='.urlencode($array['query']).$img.'&start='.($start-10).'&lang='.$langue.'">&#9668;</a>';}
		for ($i=0;$i<$array['nb_pages']-1;$i++){
			if ($i*10==$array['current_page']){echo '<em>'.($i+1).'</em>';}
			else{echo '<a href="?q='.urlencode($array['query']).$img.'&start='.$i.'0&lang='.$langue.'">'.($i+1).'</a>';}
		}
		if ($start<($array['nb_pages']-2)*10){echo '<a class="next" title="'.msg('next').'" href="?q='.urlencode($array['query']).$img.'&start='.($start+10).'&lang='.$langue.'">&#9658;</a>';}
		
		echo  '</div>';
	}
	function grab_google_thumb($link){
		if ($thumb=file_curl_contents($link)){
			$local='thumbs/'.str_replace(array('?','/',':'),'',$link).'.jpg';
			if (!is_file($local)){file_put_contents($local,$thumb);}
			return $local;
		}else{
			return $link;
		}
	}
	function clear_cache($delay=180){$fs=glob('thumbs/*'); if(!empty($fs)){foreach ($fs as $file){if (@date('U')-@date(filemtime($file))>$delay){unlink ($file);}}}}
	function is_active($first,$second){if ($first==$second){echo 'active';}else{echo '';}}


	// Gestion GET
	if (isset($_GET['img'])){$img=true;}else{$img=false;}
	if (isset($_GET['start'])){$start=$_GET['start'];}else{$start='';}
	if (isset($_GET['q'])){$q=$_GET['q'];$title='Googol '.msg('search ').htmlspecialchars($q);}else{$q='';$title=msg('Googol - google without lies');}
?>

<!DOCTYPE html>
<html dir="ltr" lang="fr">
<head>
	<title><?php echo htmlspecialchars($title); ?> </title>
	<style>
		*{-webkit-box-sizing: border-box;-moz-box-sizing: border-box;box-sizing: border-box;}
		body{padding:0;margin:0;font-family:arial, sans-serif;}
		aside{padding:0 25px 100px;}
		a {text-decoration: none; }
		hr{border:none;border-top:1px solid #aaa;}
		form{margin-bottom:20px;padding:0;line-height:20px;}
		header{text-align:center;width:auto;background-color:#ddd;padding-bottom:20px;padding-top:0;border-bottom:1px solid #ddd;}
		header,footer{
			background-image: -moz-linear-gradient(top, #eeeeee, #cccccc);
			background-image: -ms-linear-gradient(top, #eeeeee, #cccccc);
			background-image: -o-linear-gradient(top, #eeeeee, #cccccc);
			background-image: -webkit-gradient(linear, center top, center bottom, from(#eeeeee), to(#cccccc));
			background-image: -webkit-linear-gradient(top, #eeeeee, #cccccc);
			background-image: linear-gradient(top, #eeeeee, #cccccc);
		}
		header em{font-family:Georgia, Times, serif;font-size:80px;font-style: normal;text-shadow:0 1px 2px #555;-webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none;}
		em.g{color:blue;}em.o1{color:red;}em.o2{color:orange;}em.l{color:green;}
		header .mini{font-size:14px;padding:0 0 0 220px;margin:0;margin-top:-15px;text-shadow:0 1px 1px white;}
		header .msg{font-size:16px;color:#444;font-style:italic;text-shadow:0 1px 1px #FFF;}
		header .langue{margin:0;padding:0;padding-right:20px;text-align:right;font-weight: bold}
		header .langue a:hover{color:black;}
		header .langue a{color:#444;}
		nav{padding-left:35px;background-color:white;border-bottom:1px solid #ccc;}
		nav li{border-bottom:4px solid transparent;background-color:white; display:inline-block;list-style:none;width:100px;height:30px;font-size:18px;text-align: center;padding-top:4px;}
		nav li.active,header .langue a.active{color:red;font-weight: bold;border-bottom:4px solid red;}
		nav li a{color:#666;}
		nav li a:hover{color:#111;}
		input[type=text]{font-size:16px;height:30px;width:30%;min-width:200px;border-radius: 3px; padding:3px;border:1px solid #ccc;box-shadow: inset 0 1px 2px #ddd}
		input[type=text]:hover{border-color:#aaa;}
		input[type=submit]{height:30px;width:40px;font-size:14px;background-color:#4a8cf7;border:1px solid #397be6;border-radius: 3px;color:#eee; box-shadow:  0 1px 2px #397be6}
		input[type=submit]:hover{background-color:#397be6;border-color:#286ad5 }
		input[type=submit]:active{background-color:#397be6;border-color:transparent;border-top:2px solid transparent;box-shadow:  0 0px 1px #397be6;}
		.result{padding:0 10px ;margin:0;border-radius:3px;word-wrap:break-word;overflow-wrap: break-word;-webkit-hyphens:auto;-moz-hyphens:auto;-ms-hyphens:auto;}
		.result:hover,.image:hover{background-color:#EEE;}
		.result a {color:#0B0;}
		.result h3 {text-decoration: underline; color:#00B!important;}
		.result .title{margin-bottom:0;}
		.result .description{margin-top:3px;}
		.image{display:inline-block;padding:5px; margin:5px;text-align: center;border-radius:3px;}
		.image p{margin:0;padding: 0;}
		.image .description{font-size: 12px;}
		.image img{border:1px solid transparent;border-radius: 4px; box-shadow: 0 1px 2px #555}
		.image img:hover{border:1px solid #333;}
		.pagination{font-size:18px!important;text-align:center;width:auto;padding-top:5px;}
		.pagination a{text-decoration: none;padding:5px;border-radius: 4px;display:inline-block;}
		.pagination a:hover{background-color:#DDD;}
		.pagination em{padding:5px;background-color:#CCC;border-radius: 4px;display:inline-block;}
		.pagination .next,.pagination .previous{display:inline-block;width: 50px;}
		.footerlogo{text-align:center;padding:0;margin:0;font-size:22px;font-weight:bold;user-select: none;-webkit-user-select: none;}
		.footerlogo em{font-style: normal;display:inline-block;}
		footer{position:fixed;bottom:0;left:0;right:0;height:auto;min-height:40px;border-top:solid 1px #ddd;margin-top:30px;background-color:#EEE;text-align: right;color:#555;line-height: 30px;padding-right:10px;padding-bottom:5px;}
		footer a{color:#444;font-weight: bold;}
		footer img{vertical-align: middle}
		.noresult{text-align:center;margin-top:5px;}
	</style>
	<?php if (is_file('favicon.png')){echo '<link rel="shortcut icon" href="favicon.png" /> ';}?>
	<link rel="search" type="application/opensearchdescription+xml" title="<?php echo msg('Googol - google without lies'); ?>" href="<?php echo RACINE;?>/googol.xml">
	<!--[if IE]><script> document.createElement("article");document.createElement("aside");document.createElement("section");document.createElement("footer");</script> <![endif]-->
</head>
<body>
<header>
	<p class="langue"><a class="<?php is_active(LANGUAGE,'fr'); ?>" href="?lang=fr">FR</a> <a class="<?php is_active(LANGUAGE,'en'); ?>" href="?lang=en">EN</a></p>
	<?php echo LOGO1.LOGO2; ?>
	<p class="mini"><?php echo htmlspecialchars(VERSION); ?></p><p class="msg"><?php echo msg('Search anonymously on Google (direct links, fake referer)'); if ($img){echo '<br/>'.msg('The thumbnails are temporarly stored in this server to hide your ip from Google...');}  ?> </p>
	<form action="" method="get" >
		<input type="hidden" name="lang" value="<?php echo LANGUAGE;?>"/>
	<input type="text" name="q" placeholder="<?php echo msg('Search'); ?>" value="<?php echo htmlspecialchars($q); ?>"/><input type="submit" value="OK"/>
	<?php if ($img){echo '<input type="hidden" name="img"/>';}?>
	</form>

</header>
<nav>
<?php 
	if (!$img){echo '<li class="active">Web</li><li><a href="?q='.htmlspecialchars($q).'&img">Images</a></li>';}
	else{echo '<li><a href="?q='.htmlspecialchars($q).'">Web</a></li><li class="active">Images</li>';}
?>
</nav>
<aside>
	<?php if ($q!=''){render_query(parse_query($q,$start,$img));} ?>
</aside>
<footer><a href="<?php echo RACINE;?>">Googol</a> <?php echo msg('by');?> <a href="http://warriordudimanche.net">Bronco - warriordudimanche.net</a> <a href="#" title="<?php echo msg('Free and open source (please keep a link to warriordudimanche.net for the author ^^)');?>"><em>Licence</em></a>  <a href="https://github.com/broncowdd/googol" title="<?php echo msg('on GitHub');?>"><img width="32" src="github.png" alt="logoGH"/></a> <a href="http://flattr.com/thing/1319925/broncowddSnippetVamp-on-GitHub" target="_blank"><img src="http://images.warriordudimanche.net/flattr.png" alt="Flattr this" title="Flattr this" border="0" /></a><a href="http://duckduckgo.com" title="<?php echo msg('Otherwise, use a real Search engine !');?>"><img src="ddg.png" alt="ddg icon"/></a></footer>
<?php if(USE_WEB_OF_TRUST){echo '<script type="text/javascript" src="http://api.mywot.com/widgets/ratings.js"></script>';}?> 
</body>
</html>
<?php add_search_engine(); ?>

			
14 - auto_error_handler
<?php
# Error handler by bronco@warriordudimanche.net #################
function showline($line,$file){
	$f=file($file);$r='';
	for ($l=$line-2;$l<$line+2;$l++){
		if (isset($f[$l])){
			if ($l==$line-1){
				$r.='<em style="color:white;text-shadow:0 0 2px black"><strong>'.$l.' >> </strong> '.$f[$l].'</em>';
			}else{
				$r.='<strong>'.$l.' >> </strong> '.$f[$l];
			}
		}
	}
	return $r;
}
function error_handler($number, $message, $file, $line, $vars){
	echo "
		<div style='word-wrap: break-word;Box-sizing: Border-box ;border-radius:5px;padding:15px;margin-bottom:20px;box-shadow:0 2px 1px maroon;font-family:courier;position:absolute;top:0;left:0;background-color:rgba(255,100,100,0.2);width:100%;height:auto;position:relative;min-width:320px;'>
			<h1 style='color:red;border-radius:5px;background-color:pink;padding:5px;box-shadow:0 2px 1px maroon'>Erreur $number</h1>
			<p style=''> <em>$message </em> a la ligne <strong style='font-size:24px'>$line</strong> dans le fichier <strong style='font-size:24px'>file: $file.</strong></p>
			
			<pre style='font-weight:bold;padding:20px;margin-left:10px;color:orange;text-shadow:0 1px 1px maroon;box-shadow:inset 0 2px 1px maroon;border-radius:5px;background-color:red;'><code>".showline($line,$file)."</pre></code>
			<h1 style='color:red;border-radius:5px;background-color:pink;padding:5px;box-shadow:0 2px 1px maroon'>Variables</h1>
			<pre style='overflow:scroll;height:200px;'>";
			var_dump($vars) ;
			echo "</pre>
			<a style='display:block;text-align:right;font-size:14px;color:maroon;text-decoration:none;font-weight:bold;font-styl:italic;' href='http://warriordudimanche.net/'>Error handler par warriordudimanche.net</a>
		</div>";

	if ( ($number !== E_NOTICE) && ($number < 2048) ) {die("Erreur fatale.");}
}

set_error_handler('error_handler');
#################################################################
?>
			
16 - Sécuriser des chaines
function cleanInput($input) {
 
 $search = array(
  '@<script[^>]*?>.*?</script>@si',  // Strip out javascript
  '@<[/!]*?[^<>]*?>@si',      // Strip out HTML tags
  '@<style[^>]*?>.*?</style>@siU',  // Strip style tags properly
  '@<![sS]*?--[ tnr]*>@'     // Strip multi-line comments
 );
 
  $output = preg_replace($search, '', $input);
  return $output;
 }

function sanitize($input) {
  if (is_array($input)) {
    foreach($input as $var=>$val) {
      $output[$var] = sanitize($val);
    }
  }
  else {
    if (get_magic_quotes_gpc()) {
      $input = stripslashes($input);
    }
    $input = cleanInput($input);
    $output = mysql_real_escape_string($input);
  }
  return $output;
}

// Usage:
$bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!";
 $good_string = sanitize($bad_string);
 // $good_string returns "Hi! It's a good day!"

 // Also use for getting POST/GET variables
 $_POST = sanitize($_POST);
 $_GET = sanitize($_GET);
			
17 - Sécuriser GET et POST
$_ = array();
foreach($_POST as $key=>$val){
$_[$key]=mysql_escape_string(htmlentities($val));
}
foreach($_GET as $key=>$val){
$_[$key]=mysql_escape_string(htmlentities($val));
}

utilisation:
echo $_['MaVariablePostOuGet'];