diff --git a/lib/auth.php b/lib/auth.php
new file mode 100644
index 0000000..e1e3e4b
--- /dev/null
+++ b/lib/auth.php
@@ -0,0 +1,154 @@
+<?php
+
+class auth {
+
+	var $username = '';
+	var $password = '';
+
+	function auth () {
+		if (!session_id ()){
+			session_start();
+		}
+
+		if ($this->check_auth ()) {
+			$_SESSION['logged_in'] = true;
+		}
+		else {
+			$_SESSION['logged_in'] = false;
+		}
+	}
+
+	function check_auth () {
+		if (session_id ()
+			&& isset ($_SESSION['challengekey'])
+			&& strlen ($_SESSION['challengekey']) === 32
+			&& isset ($_SESSION['username'])
+			&& $_SESSION['username'] != ''
+			&& isset ($_SESSION['logged_in'])
+			&& $_SESSION['logged_in']) {
+			return true;
+		}
+		else if ($this->check_cookie ()) {
+			return true;
+		}
+		return false;
+	}
+
+	function assign_data () {
+		if (   isset($_POST['username'])
+			&& isset($_POST['password'])
+			&& $_POST['username'] != ''
+			&& $_POST['password'] != '') {
+				$this->username = $_POST['username'];
+				$this->password = $_POST['password'];
+				return true;
+		}
+		return false;
+	}
+
+	function login () {
+		$_SESSION['logged_in'] = false;
+		if ($this->assign_data ()) {
+			global $mysql;
+			$query = sprintf("SELECT COUNT(*) FROM user WHERE md5(username)=md5('%s') AND password=md5('%s')",
+				$mysql->escape ($this->username),
+				$mysql->escape ($this->password));
+			if ($mysql->query ($query) && mysql_result ($mysql->result, 0) === "1") {
+				if (isset ($_POST['remember'])) {
+					global $cookie;
+					$cookie['data'] = serialize (array ($this->username, md5 ($cookie['seed'] . md5 ($this->password))));
+					@setcookie ($cookie['name'],
+								$cookie['data'],
+								$cookie['expire'],
+								$cookie['path'],
+								$cookie['domain']);
+				}
+				$this->set_login_data ($this->username);
+			}
+			else {
+				$this->logout ();
+			}
+		}
+		unset ($_POST['password']);
+		unset ($this->password);
+	}
+
+	function logout () {
+		global $cookie;
+		unset ($_SESSION['challengekey']);
+		unset ($_SESSION['username']);
+		@setcookie ($cookie['name'], "", time() - 1, $cookie['path'], $cookie['domain']);
+		$_SESSION['logged_in'] = false;
+	}
+
+	function set_login_data ($username) {
+		$_SESSION['challengekey'] = md5 ($username . microtime ());
+		$_SESSION['username'] = $username;
+		$_SESSION['logged_in'] = true;
+	}
+
+	function check_cookie () {
+		global $cookie, $mysql;
+		if (   isset ($cookie['name'])
+			&& $cookie['name'] != ''
+			&& isset ($_COOKIE[$cookie['name']])) {
+			list ($cookie['username'], $cookie['password_hash']) = @unserialize ($_COOKIE[$cookie['name']]);
+			$query = sprintf("SELECT COUNT(*) FROM user WHERE username='%s' AND MD5(CONCAT('%s', password))='%s'",
+				$mysql->escape ($cookie['username']),
+				$mysql->escape ($cookie['seed']),
+				$mysql->escape ($cookie['password_hash']));
+			if ($mysql->query ($query) && mysql_result ($mysql->result, 0) === "1") {
+				$this->set_login_data ($cookie['username']);
+				return true;
+			}
+			else {
+				$this->logout ();
+				return false;
+			}
+		}
+		return false;
+	}
+
+	function display_login_form () {
+		?>
+
+			<form name="loginform" method="POST" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
+			<center>
+				<table border="0"  style="text-align:left;">
+					<tr>
+						<td>Username:</td>
+						<td><input name="username" type="text" value="" tabindex="1"></td>
+					</tr>
+					<tr>
+						<td>Password:</td>
+						<td><input name="password" type="password" value="" tabindex="2"></td>
+					</tr>
+					<tr>
+						<td>Remember login:</td>
+						<td><input type="checkbox" name="remember" tabindex="3"></td>
+					</tr>
+					<tr>
+						<td></td>
+						<td><input type="submit" value="Login" tabindex="4"></td>
+					</tr>
+				</table>
+
+				<?php
+				if (strtolower (basename ($_SERVER['SCRIPT_NAME'])) == "index.php") {
+					echo '<br><div><a href="./shared.php">Users Sharing Bookmarks</a></div>';
+				}
+				?>
+
+			</center>
+			</form>
+
+
+		<script type="text/javascript">
+		document.loginform.username.focus();
+		</script>
+
+		<?php
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/lib/lib.js b/lib/lib.js
new file mode 100644
index 0000000..ca95bf1
--- /dev/null
+++ b/lib/lib.js
@@ -0,0 +1,112 @@
+function reloadclose(){
+  window.opener.location.reload();
+  self.close();
+}
+
+function bookmarknew(folderid) {
+    bookmark_new = window.open("./bookmark_new.php?folderid=" + folderid, "bookmarknew","toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
+}
+
+function bookmarkedit(bmlist) {
+  if (bmlist==""){
+    alert("No Bookmarks selected.");
+  }
+  else {
+    bookmark_edit = window.open("./bookmark_edit.php?bmlist=" + bmlist, "bookmarkedit","toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
+  }
+}
+
+function bookmarkmove(bmlist) {
+  if (bmlist==""){
+    alert("No Bookmarks selected.");
+  }
+  else {
+    bookmark_move = window.open("./bookmark_move.php", bmlist, "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
+  }
+}
+
+function bookmarkdelete(bmlist) {
+  if (bmlist==""){
+    alert("No Bookmarks selected.");
+  }
+  else {
+    bookmark_delete = window.open("./bookmark_delete.php?bmlist=" + bmlist, "bookmarkdelete", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
+  }
+}
+
+function foldernew(folderid) {
+  folder_new = window.open("./folder_new.php?folderid=" + folderid, "foldernew", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
+}
+
+function folderedit(folderid) {
+  if (folderid=="" || folderid=='0'){
+    alert("No Folder selected.");
+  }
+  else {
+    folder_edit = window.open("./folder_edit.php?folderid=" + folderid, "folderedit", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=220");
+  }
+}
+
+function foldermove(folderid) {
+  if (folderid=="" || folderid=='0'){
+    alert("No Folder selected.");
+  }
+  else {
+    folder_move = window.open("./folder_move.php", folderid, "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
+  }
+}
+
+function folderdelete(folderid) {
+  if (folderid=="" || folderid=="0"){
+    alert("No Folder selected.");
+  }
+  else {
+    folder_delete= window.open("./folder_delete.php?folderid=" + folderid, "folderdelete", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
+  }
+}
+
+function selectfolder(url) {
+  select_folder = window.open("./select_folder.php" + url, "selectfolder", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=450");
+}
+
+function chpw() {
+  chpw_window = window.open("./change_password.php", "chpw", "toolbar=no,location=no,status=no,scrollbars=yes,resizable=yes,width=500,height=200");
+}
+
+function checkselected(){
+var i;
+var parameter='';
+  for ( i = 0; i < window.document.forms['bookmarks'].elements.length; i++) {
+    if (window.document.forms['bookmarks'].elements[i].checked == true) {
+      parameter = parameter + window.document.forms['bookmarks'].elements[i].name + "_";
+    }
+  }
+  result=parameter.replace(/_$/,"");
+  return result
+}
+
+/* This function is from the following location:
+   http://www.squarefree.com/bookmarklets/
+*/
+
+function selection(boxes){
+	var x,k,f,j;
+	x=document.forms;
+
+	for (k = 0; k < x.length; ++k){
+		f = x[k];
+		for (j = 0; j < f.length; ++j){
+			if (f[j].type.toLowerCase() == "checkbox"){
+				if (boxes == "all"){
+					f[j].checked = true ;
+				}
+				else if (boxes == "none"){
+					f[j].checked = false ;
+				}
+				else if (boxes == "toggle") {
+					f[j].checked = !f[j].checked ;
+				}
+			}
+		}
+	}
+}
diff --git a/lib/lib.php b/lib/lib.php
new file mode 100644
index 0000000..f6d81b2
--- /dev/null
+++ b/lib/lib.php
@@ -0,0 +1,443 @@
+<?php
+
+###
+### prints a message and exits the application properly
+###
+function message ($message) {
+	if (isset ($message)) {
+		echo "<p>" . $message . "</p>";
+	}
+	require_once (ABSOLUTE_PATH . "footer.php");
+}
+
+/*
+ * Checks whether the user is logged in.
+ * Displays a link to login if not and exit application.
+ */
+function logged_in_only () {
+	if (! isset ($_SESSION['logged_in']) || ! $_SESSION['logged_in']) {
+		global $auth;
+		$auth->display_login_form ();
+		require_once (ABSOLUTE_PATH . "footer.php");
+	}
+}
+
+function input_validation ($data, $charset = 'UTF-8') {
+	if (is_array ($data)) {
+		foreach ($data as $key => $value) {
+			$data[$key] = input_validation ($value);
+		}
+	}
+	else {
+		$data = htmlentities (trim ($data), ENT_QUOTES, $charset);
+	}
+	return $data;
+}
+
+/*
+ * Verify some GET variables
+ */
+###
+### Setting the expand variable. If empty in _GET we use the one from _SESSION if available.
+### Call this function only once, otherwise some strange things will happen.
+###
+function set_get_expand () {
+	if (!isset ($_GET['expand'])) {
+		if (isset ($_SESSION['expand']) && is_array ($_SESSION['expand'])) {
+			$return = set_num_array ($_SESSION['expand']);
+		}
+		else {
+			$return = array();
+		}
+	}
+	else if ($_GET['expand'] == '') {
+		$return = array();
+	}
+	else {
+		$return = explode (",", $_GET['expand']);
+		$return = set_num_array ($return);
+	}
+	$return = input_validation ($return);
+	$_SESSION['expand'] = $return;
+	return ($return);
+}
+
+function set_get_folderid () {
+	if (!isset ($_GET['folderid']) || $_GET['folderid'] == '' || !is_numeric ($_GET['folderid'])) {
+		if (isset ($_SESSION['folderid'])) {
+			$return = $_SESSION['folderid'];
+		}
+		else {
+			$return = 0;
+		}
+	}
+	else {
+		$return = $_GET['folderid'];
+	}
+	$return = input_validation ($return);
+	$_SESSION['folderid'] = $return;
+	return ($return);
+}
+
+
+
+
+################## GET title and url are handled a bit special
+
+function set_get_title () {
+	if (!isset ($_GET['title']) || $_GET['title'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_GET['title'];
+	}
+	return input_validation ($return);
+}
+
+function set_get_url () {
+	if (!isset ($_GET['url']) || $_GET['url'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_GET['url'];
+	}
+	return input_validation ($return);
+}
+
+function set_session_title () {
+	if (!isset ($_SESSION['title']) || $_SESSION['title'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_SESSION['title'];
+	}
+	return $return;
+}
+
+function set_session_url () {
+	if (!isset ($_SESSION['url']) || $_SESSION['url'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_SESSION['url'];
+	}
+	return $return;
+}
+
+function set_title () {
+	$get_title = set_get_title ();
+	$session_title = set_session_title ();
+
+	if ($get_title == '' && $session_title == '') {
+		$return = '';
+	}
+	else if ($get_title != '') {
+		$_SESSION['title'] = $get_title;
+		$return = $get_title;
+	}
+	else if ($session_title != '') {
+		$_SESSION['title'] = $session_title;
+		$return = $session_title;
+	}
+	return $return;	
+}
+
+function set_url () {
+	$get_url = set_get_url ();
+	$session_url = set_session_url ();
+
+	if ($get_url == '' && $session_url == '') {
+		$return = '';
+	}
+	else if ($get_url != '') {
+		$_SESSION['url'] = $get_url;
+		$return = $get_url;
+	}
+	else if ($session_url != '') {
+		$_SESSION['url'] = $session_url;
+		$return = $session_url;
+	}
+	return $return;	
+}
+
+#############################################
+
+function set_get_noconfirm () {
+	if (!isset ($_GET['noconfirm']) || $_GET['noconfirm'] == '') {
+		$return = false;
+	}
+	else {
+		$return = true;
+	}
+	return $return;
+}
+
+/*
+ * Verify some POST variables
+ */
+
+function set_post_childof () {
+	if (!isset ($_POST['childof']) || $_POST['childof'] == '' || !is_numeric($_POST['childof'])) {
+		$return = 0;
+	}
+	else {
+		$return = $_POST['childof'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_title () {
+	if (!isset ($_POST['title']) || $_POST['title'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_POST['title'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_url () {
+	if (!isset ($_POST['url']) || $_POST['url'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_POST['url'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_description () {
+	if (!isset ($_POST['description']) || $_POST['description'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_POST['description'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_foldername () {
+	if (!isset ($_POST['foldername']) || $_POST['foldername'] == '') {
+		$return = '';
+	}
+	else {
+		$return = $_POST['foldername'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_sourcefolder () {
+	if (!isset ($_POST['sourcefolder']) || $_POST['sourcefolder'] == '' || !is_numeric ($_POST['sourcefolder'])) {
+		$return = '';
+	}
+	else {
+		$return = $_POST['sourcefolder'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_parentfolder () {
+	if (!isset ($_POST['parentfolder']) || $_POST['parentfolder'] == '' || !is_numeric ($_POST['parentfolder'])) {
+		$return = 0;
+	}
+	else {
+		$return = $_POST['parentfolder'];
+	}
+	return input_validation ($return);
+}
+
+function set_post_browser () {
+	if (!isset ($_POST['browser'])) {
+		$return = '';
+	}
+	else if ($_POST['browser'] == 'opera') {
+		$return = 'opera';
+	}
+	else if ($_POST['browser'] == 'netscape') {
+		$return = 'netscape';
+	}
+	else if ($_POST['browser'] == 'IE') {
+		$return = 'IE';
+	}
+	else {
+		$return = '';
+	}
+	return input_validation ($return);
+}
+
+
+
+#########################################################
+
+###
+### 
+###
+
+function return_charsets () {
+	$charsets = array (
+		'ISO-8859-1',
+		'ISO-8859-15',
+		'UTF-8',
+		'cp866',
+		'cp1251',
+		'cp1252',
+		'KOI8-R',
+		'BIG5',
+		'GB2312',
+		'BIG5-HKSCS',
+		'Shift_JIS',
+		'EUC-JP',
+	);
+	return $charsets;
+}
+
+function set_post_charset () {
+	$charsets = return_charsets ();
+
+	if (!isset ($_POST['charset']) || $_POST['charset'] == '') {
+		$return = 'UTF-8';
+	}
+	else if (in_array ($_POST['charset'], $charsets)) {
+		$return = $_POST['charset'];
+	}
+	else {
+		$return = 'UTF-8';
+	}
+	return $return;
+}
+
+function check_username ($username) {
+	$return = false;
+	if (isset ($username) || $username == '') {
+		global $mysql;
+		$query = sprintf ("SELECT COUNT(*) FROM user WHERE md5(username)=md5('%s')",
+			$mysql->escape ($username));
+		if ($mysql->query ($query)) {
+			if (mysql_result ($mysql->result, 0) == 1) {
+				$return = true;
+			}
+		}
+	}
+	return input_validation ($return);
+}
+
+function admin_only () {
+    $return = false;
+    global $mysql, $username;
+    $query = sprintf ("SELECT COUNT(*) FROM user WHERE admin='1'
+                       AND username='%s'",
+                       $mysql->escape ($username));
+    if ($mysql->query ($query)) {
+        if (mysql_result ($mysql->result, 0) == "1") {
+            $return = true;
+        }
+    }
+    return input_validation ($return);
+}
+
+function set_get_string_var ($varname, $default = '') {
+	if (! isset ($_GET[$varname]) || $_GET[$varname] == '') {
+		$return = $default;
+	}
+	else {
+		$return = $_GET[$varname];
+	}
+	return input_validation ($return);
+}
+
+function set_post_string_var ($varname, $default = '') {
+	if (! isset ($_POST[$varname]) || $_POST[$varname] == '') {
+		$return = $default;
+	}
+	else {
+		$return = $_POST[$varname];
+	}
+	return input_validation ($return);
+}
+
+function set_post_num_var ($varname, $default = 0) {
+	if (! isset ($_POST[$varname]) || $_POST[$varname] == '' || !is_numeric ($_POST[$varname])) {
+		$return = $default;
+	}
+	else {
+		$return = intval ($_POST[$varname]);
+	}
+	return input_validation ($return);
+}
+
+function set_post_bool_var ($varname, $default = true) {
+	if (! isset ($_POST[$varname])) {
+		$return = $default;
+	}
+	else if (! $_POST[$varname] ) {
+		$return = false;
+	}
+	else if ($_POST[$varname] ) {
+		$return = true;
+	}
+	else {
+		$return = $default;
+	}
+	return $return;
+}
+
+function set_get_num_list ($varname) {
+	if (!isset ($_GET[$varname]) || $_GET[$varname] == '') {
+		$return = array ();
+	}
+	else {
+		$return = set_num_array (explode ("_", $_GET[$varname]));
+	}
+	return input_validation ($return);
+}
+
+function set_post_num_list ($varname) {
+	if (!isset ($_POST[$varname]) || $_POST[$varname] == '') {
+		$return = array ();
+	}
+	else {
+		$return = set_num_array (explode ("_", $_POST[$varname]));
+	}
+	return input_validation ($return);
+}
+
+/*
+ * This function checks the values of each entry in an array.
+ * It returns an array with unique and only numeric entries.
+ */
+function set_num_array ($array){
+	foreach ($array as $key => $value) {
+		if ($value == '' || !is_numeric ($value)) {
+			unset ($array[$key]);
+		}
+	}
+	return array_unique ($array);
+}
+
+function print_footer () {
+	echo '<a href="http://www.frech.ch/online-bookmarks/" target="_blank">Online-Bookmarks</a>' . "\n";
+	@readfile (ABSOLUTE_PATH . "VERSION");
+	echo ' by Stefan Frech';
+}
+
+function object_count () {
+	global $mysql, $username;
+	$return = '';
+	$query = sprintf ("SELECT (SELECT COUNT(*) FROM bookmark WHERE user='%s') AS bookmarks,
+	                          (SELECT COUNT(*) FROM folder   WHERE user='%s') AS folders",
+	                 $mysql->escape ($username),
+	                 $mysql->escape ($username));
+	
+	if ($mysql->query ($query)) {
+		if (mysql_num_rows ($mysql->result) == "1") {
+			$row = mysql_fetch_object ($mysql->result);
+			$return = "You have $row->bookmarks Bookmarks and $row->folders Folders";
+		}
+	}
+	else {
+		$return = $mysql->error;
+	}
+	echo $return;
+}
+
+?>
\ No newline at end of file
diff --git a/lib/login.php b/lib/login.php
new file mode 100644
index 0000000..576fe74
--- /dev/null
+++ b/lib/login.php
@@ -0,0 +1,99 @@
+<?php
+if (basename ($_SERVER['SCRIPT_NAME']) == basename (__FILE__)) {
+	die ("no direct access allowed");
+}
+
+$display_login_form = false;
+
+if (isset ($_SESSION)) {
+	if (isset ($_POST['username']) && $_POST['username'] != '' && ! $_SESSION['logged_in']) {
+		$auth->login ();
+	}
+	if (isset ($_GET['login']) && $_GET['login'] && ! $_SESSION['logged_in']) {
+		$display_login_form = true;
+	}
+	if (isset ($_GET['logout']) && $_GET['logout'] && $_SESSION['logged_in']) {
+		$auth->logout ();
+	}
+	if (isset ($_SESSION['username']) && ! check_username ($_SESSION['username'])) {  # XXX hoffe das ist ok so.
+		$auth->logout ();
+	}
+
+	if (isset ($_SESSION['logged_in']) && $_SESSION['logged_in']) {
+		if (isset ($_SESSION['username']) && $_SESSION['username'] != '') {
+			$username = $_SESSION['username'];
+			$query = sprintf ("SELECT * FROM user WHERE username='%s'",
+				$mysql->escape ($username));
+
+			# now get the settings.
+			if ($mysql->query ($query)) {
+				$settings = mysql_fetch_assoc ($mysql->result);
+			}
+			else {
+				message ($mysql->error);
+			}
+		
+			unset ($settings['password']);
+		}
+		else {
+			# instead of user preferences, set default settings.
+			$settings = default_settings ();
+			$username = '';
+			$auth->logout ();
+		}
+	}
+	else {
+		$settings = default_settings ();
+		$username = '';
+		$auth->logout ();
+	}
+}
+else {
+	$settings = default_settings ();
+	$username = '';
+	$auth->logout ();
+}
+
+function default_settings () {
+	$settings = array (
+		'root_folder_name' => '',
+		'column_width_folder' => 400,
+		'column_width_bookmark' => 0,
+		'table_height' => 400,
+		'confirm_delete' => true,
+		'open_new_window' => true,
+		'show_bookmark_description' => true,
+		'show_bookmark_icon' => true,
+		'show_column_date' => true,
+		'date_format' => '0',
+		'show_column_edit' => false,
+		'show_column_move' => false,
+		'show_column_delete' => false,
+		'fast_folder_minus' => true,
+		'fast_folder_plus' => true,
+		'fast_symbol' => true,
+		'simple_tree_mode' => false,
+		);
+	return $settings;
+}
+
+# adjust some settings
+if ($settings['column_width_bookmark'] == 0 || ! is_numeric ($settings['column_width_bookmark'])) {
+	$column_width_bookmark = "100%";
+}
+else {
+	$column_width_bookmark = $settings['column_width_bookmark'] . "px";
+}
+
+$column_width_folder = $settings['column_width_folder'] . "px";
+$table_height = $settings['table_height'] . "px";
+
+if ( ! is_numeric ($settings['date_format'])) {
+	$settings['date_format'] = 0;
+}
+
+# set some often used vars
+$folderid = set_get_folderid ();
+$expand   = set_get_expand ();
+
+?>
\ No newline at end of file
diff --git a/lib/mysql.php b/lib/mysql.php
new file mode 100644
index 0000000..0f2bced
--- /dev/null
+++ b/lib/mysql.php
@@ -0,0 +1,35 @@
+<?php
+
+class mysql {
+
+	var $error = "";
+	var $result = false;
+
+	function mysql () {
+		global $dsn;
+		if ( ! @mysql_connect ($dsn['hostspec'], $dsn['username'], $dsn['password'])) {
+			$this->error = mysql_error ();
+		}
+		if ( ! @mysql_select_db ($dsn['database'])) {
+			$this->error = mysql_error ();
+		}
+	}
+
+	function query ($query) {
+		if ($this->result = mysql_query ($query)) {
+			return true;
+		}
+		else{
+			$this->error = mysql_error ();
+			return false;
+		}
+	}
+
+	function escape ($string) {
+		return mysql_real_escape_string ($string);
+	}
+
+
+}
+
+?>
\ No newline at end of file
diff --git a/lib/pngfix.js b/lib/pngfix.js
new file mode 100644
index 0000000..9b9d5ca
--- /dev/null
+++ b/lib/pngfix.js
@@ -0,0 +1,39 @@
+/*
+ 
+Correctly handle PNG transparency in Win IE 5.5 & 6.
+http://homepage.ntlworld.com/bobosola. Updated 18-Jan-2006.
+
+Use in <HEAD> with DEFER keyword wrapped in conditional comments:
+<!--[if lt IE 7]>
+<script defer type="text/javascript" src="pngfix.js"></script>
+<![endif]-->
+
+*/
+
+var arVersion = navigator.appVersion.split("MSIE")
+var version = parseFloat(arVersion[1])
+
+if ((version >= 5.5) && (document.body.filters)) 
+{
+   for(var i=0; i<document.images.length; i++)
+   {
+      var img = document.images[i]
+      var imgName = img.src.toUpperCase()
+      if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
+      {
+         var imgID = (img.id) ? "id='" + img.id + "' " : ""
+         var imgClass = (img.className) ? "class='" + img.className + "' " : ""
+         var imgTitle = (img.title) ? "title='" + img.title + "' " : "title='" + img.alt + "' "
+         var imgStyle = "display:inline-block;" + img.style.cssText 
+         if (img.align == "left") imgStyle = "float:left;" + imgStyle
+         if (img.align == "right") imgStyle = "float:right;" + imgStyle
+         if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle
+         var strNewHTML = "<span " + imgID + imgClass + imgTitle
+         + " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"
+         + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"
+         + "(src=\'" + img.src + "\', sizingMethod='scale');\"></span>" 
+         img.outerHTML = strNewHTML
+         i = i-1
+      }
+   }
+}
\ No newline at end of file
diff --git a/lib/webstart.php b/lib/webstart.php
new file mode 100644
index 0000000..0aeba8f
--- /dev/null
+++ b/lib/webstart.php
@@ -0,0 +1,55 @@
+<?php
+
+if ( ini_get( 'register_globals' ) ) {
+        if ( isset( $_REQUEST['GLOBALS'] ) ) {
+                die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+        }
+        $verboten = array(
+                'GLOBALS',
+                '_SERVER',
+                'HTTP_SERVER_VARS',
+                '_GET',
+                'HTTP_GET_VARS',
+                '_POST',
+                'HTTP_POST_VARS',
+                '_COOKIE',
+                'HTTP_COOKIE_VARS',
+                '_FILES',
+                'HTTP_POST_FILES',
+                '_ENV',
+                'HTTP_ENV_VARS',
+                '_REQUEST',
+                '_SESSION',
+                'HTTP_SESSION_VARS'
+        );
+        foreach ( $_REQUEST as $name => $value ) {
+                if( in_array( $name, $verboten ) ) {
+                        header( "HTTP/1.x 500 Internal Server Error" );
+                        echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
+                        die( -1 );
+                }
+                unset( $GLOBALS[$name] );
+        }
+}
+
+function &fix_magic_quotes( &$arr ) {
+	if ( get_magic_quotes_gpc() ) {
+		foreach( $arr as $key => $val ) {
+			if( is_array( $val ) ) {
+				fix_magic_quotes( $arr[$key] );
+			} else {
+				$arr[$key] = stripslashes( $val );
+			}
+		}
+	}
+	return $arr;
+}
+
+fix_magic_quotes( $_COOKIE );
+fix_magic_quotes( $_ENV );
+fix_magic_quotes( $_GET );
+fix_magic_quotes( $_POST );
+fix_magic_quotes( $_REQUEST );
+
+
+?>
\ No newline at end of file