Context Navigation

source: trunk/search.php @ 1004

Last change on this file since 1004 was 1004, checked in by nikrou, 18 years ago

Improve security of sessions:

use only cookies to store session id on client side
use default php session system with database handler to store sessions on server side

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 7.8 KB

Rev	Line
[2]	1	<?php
[354]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[675]	5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
[354]	6	// +-----------------------------------------------------------------------+
[593]	7	// \| branch : BSF (Best So Far)
[354]	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
	10	// \| last modifier : $Author: nikrou $
	11	// \| revision : $Revision: 1004 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[2]	27
[455]	28	//--------------------------------------------------------------------- include
[364]	29	define('PHPWG_ROOT_PATH','./');
	30	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
[2]	31	//-------------------------------------------------- access authorization check
	32	check_login_authorization();
[455]	33	//------------------------------------------------------------------ form check
	34	$errors = array();
	35	$search = array();
	36	if (isset($_POST['submit']))
[2]	37	{
[634]	38	if (isset($_POST['search_allwords'])
	39	and !preg_match('/^\s*$/', $_POST['search_allwords']))
[455]	40	{
[621]	41	$local_search = array();
[634]	42	$search_allwords = $_POST['search_allwords'];
	43	$drop_char_match = array(
	44	'-','^','$',';','#','&','(',')','<','>','`','\'','"','\|',',','@','_',
	45	'?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
	46	$drop_char_replace = array(
	47	' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','','',' ',' ',' ',' ','',' ',
	48	' ',' ',' ',' ',' ',' ',' ',' ','' ,' ',' ',' ',' ',' ');
	49	$search_allwords = str_replace($drop_char_match,
	50	$drop_char_replace,
	51	$search_allwords);
[621]	52
[634]	53	// Split words
	54	$words = preg_split('/\s+/', $search_allwords);
[621]	55	$words = array_unique($words);
[634]	56	$search['fields']['allwords'] = array();
	57	$search['fields']['allwords']['words'] = $words;
	58	$search['fields']['allwords']['mode'] = $_POST['mode'];
[455]	59	}
[621]	60
	61	if ($_POST['search_author'])
[455]	62	{
[621]	63	$search['fields']['author'] = array();
	64	$search['fields']['author']['words'] = array($_POST['search_author']);
[17]	65	}
[621]	66
	67	if (isset($_POST['cat']))
[2]	68	{
[621]	69	$search['fields']['cat'] = array();
	70	$search['fields']['cat']['words'] = $_POST['cat'];
[634]	71	if ($_POST['subcats-included'] == 1)
[455]	72	{
[621]	73	$search['fields']['cat']['mode'] = 'sub_inc';
[455]	74	}
[2]	75	}
[634]	76
	77	// dates
	78	$type_date = $_POST['date_type'];
[621]	79
	80	if (!empty($_POST['start_year']))
[634]	81	{
	82	$year = $_POST['start_year'];
	83	$month = $_POST['start_month'] != 0 ? $_POST['start_month'] : '01';
	84	$day = $_POST['start_day'] != 0 ? $_POST['start_day'] : '01';
	85	$date = $year.'-'.$month.'-'.$day;
	86
	87	$search['fields'][$type_date.'-after']['words'] = array($date);
	88	$search['fields'][$type_date.'-after']['mode'] = 'inc';
	89	}
[621]	90
[634]	91	if (!empty($_POST['end_year']))
[621]	92	{
[634]	93	$year = $_POST['end_year'];
	94	$month = $_POST['end_month'] != 0 ? $_POST['end_month'] : '12';
	95	$day = $_POST['end_day'] != 0 ? $_POST['end_day'] : '31';
	96	$date = $year.'-'.$month.'-'.$day;
	97
	98	$search['fields'][$type_date.'-before']['words'] = array($date);
	99	$search['fields'][$type_date.'-before']['mode'] = 'inc';
[621]	100	}
[634]	101
[455]	102	// search string (for URL) creation
	103	$search_string = '';
	104	$tokens = array();
[621]	105	if (!empty($search))
	106	{
[634]	107	foreach (array_keys($search['fields']) as $field)
[455]	108	{
[634]	109	$token = $field.':';
	110	$token.= implode(',', $search['fields'][$field]['words']);
	111	if (isset($search['fields'][$field]['mode']))
	112	{
	113	$token.= '~'.$search['fields'][$field]['mode'];
	114	}
	115	array_push($tokens, $token);
[455]	116	}
[867]	117	$search_string.= implode('--', $tokens);
[634]	118	if (count($tokens) > 1)
	119	{
	120	$search_string.= '\|AND';
	121	}
[455]	122	}
[621]	123	else
[455]	124	{
	125	array_push($errors, $lang['search_one_clause_at_least']);
	126	}
[2]	127	}
[455]	128	//----------------------------------------------------------------- redirection
	129	if (isset($_POST['submit']) and count($errors) == 0)
	130	{
	131	$url = 'category.php?cat=search&search='.$search_string;
	132	redirect($url);
	133	}
[2]	134	//----------------------------------------------------- template initialization
[621]	135
[634]	136	// start date
	137	get_day_list('start_day', @$_POST['start_day']);
	138	get_month_list('start_month', @$_POST['start_month']);
	139	// end date
	140	get_day_list('end_day', @$_POST['end_day']);
	141	get_month_list('end_month', @$_POST['end_month']);
[621]	142
[345]	143	//
	144	// Start output of page
	145	//
	146	$title= $lang['search_title'];
[850]	147	$page['body_id'] = 'theSearchPage';
[369]	148	include(PHPWG_ROOT_PATH.'include/page_header.php');
[345]	149
[355]	150	$template->set_filenames( array('search'=>'search.tpl') );
	151	$template->assign_vars(array(
[621]	152	'L_SEARCH_TITLE' => $lang['search_title'],
	153	'L_SEARCH_OPTIONS' => $lang['search_options'],
[607]	154	'L_RETURN' => $lang['home'],
[355]	155	'L_SUBMIT' => $lang['submit'],
[621]	156	'L_RESET' => $lang['reset'],
	157	'L_SEARCH_KEYWORDS'=>$lang['search_keywords'],
	158	'L_SEARCH_ANY_TERMS'=>$lang['search_mode_or'],
	159	'L_SEARCH_ALL_TERMS'=>$lang['search_mode_and'],
	160	'L_SEARCH_AUTHOR'=>$lang['search_author'],
	161	'L_SEARCH_AUTHOR_HINT'=>$lang['search_explain'],
	162	'L_SEARCH_CATEGORIES'=>$lang['search_categories'],
	163	'L_SEARCH_SUBFORUMS'=>$lang['search_subcats_included'],
	164	'L_YES' => $lang['yes'],
	165	'L_NO' => $lang['no'],
	166	'L_SEARCH_DATE' => $lang['search_date'],
	167	'L_TODAY' => $lang['today'],
	168	'L_SEARCH_DATE_FROM'=>$lang['search_date_from'],
[629]	169	'L_SEARCH_DATE_TO'=>$lang['search_date_to'],
[621]	170	'L_DAYS'=>$lang['days'],
	171	'L_MONTH'=>$lang['w_month'],
	172	'L_SEARCH_DATE_TYPE'=>$lang['search_date_type'],
	173	'L_SEARCH_CREATION'=>$lang['search_date_creation'],
	174	'L_SEARCH_AVAILABILITY'=>$lang['search_date_available'],
	175	'L_RESULT_SORT'=>$lang['search_sort'],
	176	'L_SORT_ASCENDING'=>$lang['search_ascending'],
	177	'L_SORT_DESCENDING'=>$lang['search_descending'],
[355]	178
[621]	179	'TODAY_DAY' => date('d', time()),
	180	'TODAY_MONTH' => date('m', time()),
	181	'TODAY_YEAR' => date('Y', time()),
[1004]	182	'S_SEARCH_ACTION' => 'search.php',
[862]	183	'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search',
[1004]	184	'U_HOME' => 'category.php'
[355]	185	)
	186	);
	187
[455]	188	//------------------------------------------------------------- categories form
[614]	189	$query = '
	190	SELECT name,id,date_last,nb_images,global_rank,uppercats
	191	FROM '.CATEGORIES_TABLE;
[634]	192	if ($user['forbidden_categories'] != '')
	193	{
	194	$query.= '
[614]	195	WHERE id NOT IN ('.$user['forbidden_categories'].')';
[634]	196	}
[614]	197	$query.= '
	198	;';
[621]	199
[455]	200	$selecteds = array();
[614]	201	display_select_cat_wrapper($query, $selecteds, 'category_option', false);
[455]	202
[2]	203	//-------------------------------------------------------------- errors display
[455]	204	if (sizeof($errors) != 0)
[2]	205	{
[355]	206	$template->assign_block_vars('errors',array());
[455]	207	foreach ($errors as $error)
[2]	208	{
[455]	209	$template->assign_block_vars('errors.error',array('ERROR'=>$error));
[2]	210	}
	211	}
	212	//------------------------------------------------------------ log informations
[345]	213	pwg_log( 'search', $title );
[688]	214	$template->parse('search');
[369]	215	include(PHPWG_ROOT_PATH.'include/page_tail.php');
[362]	216	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: