source: trunk/search.php @ 1004

Last change on this file since 1004 was 1004, checked in by nikrou, 18 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1004 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28//--------------------------------------------------------------------- include
29define('PHPWG_ROOT_PATH','./');
30include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
31//-------------------------------------------------- access authorization check
32check_login_authorization();
33//------------------------------------------------------------------ form check
34$errors = array();
35$search = array();
36if (isset($_POST['submit']))
37{
38  if (isset($_POST['search_allwords'])
39      and !preg_match('/^\s*$/', $_POST['search_allwords']))
40  {
41    $local_search = array();
42    $search_allwords = $_POST['search_allwords'];
43    $drop_char_match = array(
44      '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
45      '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
46    $drop_char_replace = array(
47      ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','','',' ',' ',' ',' ','',' ',
48      ' ',' ',' ',' ',' ',' ',' ',' ','' ,' ',' ',' ',' ',' ');
49    $search_allwords = str_replace($drop_char_match,
50                                   $drop_char_replace,
51                                   $search_allwords);
52       
53    // Split words
54    $words = preg_split('/\s+/', $search_allwords);
55    $words = array_unique($words);
56    $search['fields']['allwords'] = array();
57    $search['fields']['allwords']['words'] = $words;
58    $search['fields']['allwords']['mode'] = $_POST['mode'];
59  }
60 
61  if ($_POST['search_author'])
62  {
63    $search['fields']['author'] = array();
64    $search['fields']['author']['words'] = array($_POST['search_author']);
65  }
66 
67  if (isset($_POST['cat']))
68  {
69    $search['fields']['cat'] = array();
70    $search['fields']['cat']['words'] = $_POST['cat'];
71    if ($_POST['subcats-included'] == 1)
72    {
73      $search['fields']['cat']['mode'] = 'sub_inc';
74    }
75  }
76
77  // dates
78  $type_date = $_POST['date_type'];
79 
80  if (!empty($_POST['start_year']))
81  {
82    $year = $_POST['start_year'];
83    $month = $_POST['start_month'] != 0 ? $_POST['start_month'] : '01';
84    $day = $_POST['start_day'] != 0 ? $_POST['start_day'] : '01';
85    $date = $year.'-'.$month.'-'.$day;
86   
87    $search['fields'][$type_date.'-after']['words'] = array($date);
88    $search['fields'][$type_date.'-after']['mode'] = 'inc';
89  }
90
91  if (!empty($_POST['end_year']))
92  {
93    $year = $_POST['end_year'];
94    $month = $_POST['end_month'] != 0 ? $_POST['end_month'] : '12';
95    $day = $_POST['end_day'] != 0 ? $_POST['end_day'] : '31';
96    $date = $year.'-'.$month.'-'.$day;
97   
98    $search['fields'][$type_date.'-before']['words'] = array($date);
99    $search['fields'][$type_date.'-before']['mode'] = 'inc';
100  }
101   
102  // search string (for URL) creation
103  $search_string = '';
104  $tokens = array();
105  if (!empty($search))
106  {
107    foreach (array_keys($search['fields']) as $field)
108    {
109      $token = $field.':';
110      $token.= implode(',', $search['fields'][$field]['words']);
111      if (isset($search['fields'][$field]['mode']))
112      {
113        $token.= '~'.$search['fields'][$field]['mode'];
114      }
115      array_push($tokens, $token);
116    }
117    $search_string.= implode('--', $tokens);
118    if (count($tokens) > 1)
119    {
120      $search_string.= '|AND';
121    }
122  }
123  else
124  {
125    array_push($errors, $lang['search_one_clause_at_least']);
126  }
127}
128//----------------------------------------------------------------- redirection
129if (isset($_POST['submit']) and count($errors) == 0)
130{
131  $url = 'category.php?cat=search&search='.$search_string;
132  redirect($url);
133}
134//----------------------------------------------------- template initialization
135
136// start date
137get_day_list('start_day', @$_POST['start_day']);
138get_month_list('start_month', @$_POST['start_month']);
139// end date
140get_day_list('end_day', @$_POST['end_day']);
141get_month_list('end_month', @$_POST['end_month']);
142
143//
144// Start output of page
145//
146$title= $lang['search_title'];
147$page['body_id'] = 'theSearchPage';
148include(PHPWG_ROOT_PATH.'include/page_header.php');
149
150$template->set_filenames( array('search'=>'search.tpl') );
151$template->assign_vars(array(
152  'L_SEARCH_TITLE' => $lang['search_title'],
153  'L_SEARCH_OPTIONS' => $lang['search_options'],
154  'L_RETURN' => $lang['home'],
155  'L_SUBMIT' => $lang['submit'],
156  'L_RESET' => $lang['reset'],
157  'L_SEARCH_KEYWORDS'=>$lang['search_keywords'],
158  'L_SEARCH_ANY_TERMS'=>$lang['search_mode_or'],
159  'L_SEARCH_ALL_TERMS'=>$lang['search_mode_and'],
160  'L_SEARCH_AUTHOR'=>$lang['search_author'],
161  'L_SEARCH_AUTHOR_HINT'=>$lang['search_explain'],
162  'L_SEARCH_CATEGORIES'=>$lang['search_categories'],
163  'L_SEARCH_SUBFORUMS'=>$lang['search_subcats_included'],
164  'L_YES' => $lang['yes'],
165  'L_NO' => $lang['no'],
166  'L_SEARCH_DATE' => $lang['search_date'],
167  'L_TODAY' => $lang['today'],
168  'L_SEARCH_DATE_FROM'=>$lang['search_date_from'],
169  'L_SEARCH_DATE_TO'=>$lang['search_date_to'],
170  'L_DAYS'=>$lang['days'],
171  'L_MONTH'=>$lang['w_month'],
172  'L_SEARCH_DATE_TYPE'=>$lang['search_date_type'],
173  'L_SEARCH_CREATION'=>$lang['search_date_creation'],
174  'L_SEARCH_AVAILABILITY'=>$lang['search_date_available'],
175  'L_RESULT_SORT'=>$lang['search_sort'],
176  'L_SORT_ASCENDING'=>$lang['search_ascending'],
177  'L_SORT_DESCENDING'=>$lang['search_descending'],
178 
179  'TODAY_DAY' => date('d', time()),
180  'TODAY_MONTH' => date('m', time()),
181  'TODAY_YEAR' => date('Y', time()),
182  'S_SEARCH_ACTION' => 'search.php',
183  'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=search',
184  'U_HOME' => 'category.php'
185  )
186);
187
188//------------------------------------------------------------- categories form
189$query = '
190SELECT name,id,date_last,nb_images,global_rank,uppercats
191  FROM '.CATEGORIES_TABLE;
192if ($user['forbidden_categories'] != '')
193{
194  $query.= '
195  WHERE id NOT IN ('.$user['forbidden_categories'].')';
196}
197$query.= '
198;';
199
200$selecteds = array();
201display_select_cat_wrapper($query, $selecteds, 'category_option', false);
202
203//-------------------------------------------------------------- errors display
204if (sizeof($errors) != 0)
205{
206  $template->assign_block_vars('errors',array());
207  foreach ($errors as $error)
208  {
209    $template->assign_block_vars('errors.error',array('ERROR'=>$error));
210  }
211}
212//------------------------------------------------------------ log informations
213pwg_log( 'search', $title );
214$template->parse('search');
215include(PHPWG_ROOT_PATH.'include/page_tail.php');
216?>
Note: See TracBrowser for help on using the repository browser.