PageRenderTime 70ms CodeModel.GetById 27ms RepoModel.GetById 1ms app.codeStats 0ms

/files/search_plus.php

https://github.com/kaz6120/P_BLOG
PHP | 332 lines | 285 code | 17 blank | 30 comment | 62 complexity | 2cd4f034a9189dae141df1e9254346a2 MD5 | raw file
  1. <?php
  2. /**
  3. * Search Plus+ (Advance search) Routine for Binary File
  4. *
  5. * $Id: files/search_plus.php, 2005/02/02 11:03:51 Exp $
  6. */
  7. $cd = '..';
  8. require_once $cd . '/include/config.inc.php';
  9. require_once $cd . '/include/http_headers.inc.php';
  10. require_once $cd . '/include/fnc_flip_plus.inc.php';
  11. require_once $cd . '/include/fnc_search.inc.php';
  12. require_once $cd . '/include/fnc_error_msgs.inc.php';
  13. require_once './include/fnc_files.inc.php';
  14. require_once './include/bin_search_plus.inc.php';
  15. session_control();
  16. against_xss();
  17. //=====================================================
  18. // PREPARE SEARCH QUERY
  19. //=====================================================
  20. if (isset($_GET['f'], $_GET['k'], $_GET['ao'], $_GET['p'], $_GET['ds'], $_GET['d'], $_GET['d1'], $_GET['d2'], $_GET['c'], $_GET['pn'])) {
  21. // To check if keyword value is not too short
  22. if (($_GET['k'] != '') && (strlen($_GET['k']) <= 2 )) {
  23. $contents = keyword_error($mode = 'file', $error_type = '2');
  24. xhtml_output('file');
  25. exit;
  26. }
  27. $field = $_GET['f'];
  28. if ($cfg['enable_unicode'] == 'on') {
  29. $keyword = mb_convert_encoding(trim($_GET['k']), $cfg['mysql_lang'], "auto");
  30. } else {
  31. $keyword = trim($_GET['k']);
  32. }
  33. $ao = $_GET['ao']; // and or
  34. $page = $_GET['p']; // page
  35. $date = $_GET['d']; // date
  36. $ds = $_GET['ds']; // date select
  37. $d1 = $_GET['d1']; // date 1
  38. $d2 = $_GET['d2']; // date 2
  39. $case = $_GET['c']; // case-insensitive (c = 0) or sensitive ( c = 1)
  40. // Case sensitive flag
  41. // If case-sensitive, search target field as BINARY.
  42. if ($case == 1) {
  43. $binary_flag = 'BINARY ';
  44. } else {
  45. $binary_flag = '';
  46. }
  47. if ($field != '') {
  48. $sql = 'SELECT'.
  49. " `id`, `bin_title`, `bintype`, `binname`, `binsize`, `bindate`, ".
  50. "DATE_FORMAT(`bin_mod`,'%Y-%m-%d %T') as `bin_mod`, `bin_category`, `bincomment`, `bin_count`, `draft`".
  51. ' FROM '.$info_table.' WHERE (`draft` = 0) AND (';
  52. if (($field != '0') && ($keyword != '')) { // keyword search
  53. // Keywords
  54. if (!strrchr($keyword, " ")) {
  55. $keys = explode(",", $keyword);
  56. $and_or = $ao;
  57. } else {
  58. $keys = explode(" ", $keyword);
  59. $and_or = $ao;
  60. }
  61. $sql .= $binary_flag;
  62. switch ($field) {
  63. case '2':
  64. $sql .= "`binname`";
  65. break;
  66. case '3':
  67. $sql .= "`bintype`";
  68. break;
  69. case '4':
  70. $sql .= "`bincomment`";
  71. break;
  72. default:
  73. $sql .= "`bin_title` LIKE '%".$keys[0]."%' OR ".$binary_flag."`bincomment`";
  74. break;
  75. }
  76. $sql .= " LIKE '%".$keys[0]."%')";
  77. for ($i = 1; $i < sizeof($keys); $i++) {
  78. $sql .= $and_or. ' (' . $binary_flag;
  79. switch ($field) {
  80. case '2':
  81. $sql .= "`binname`";
  82. break;
  83. case '3':
  84. $sql .= "`bintype`";
  85. break;
  86. case '4':
  87. $sql .= "`bincomment`";
  88. break;
  89. default:
  90. $sql .= "`bin_title` LIKE '%".$keys[$i]."%' OR ".$binary_flag."`bincomment`";
  91. }
  92. $sql .= " LIKE '%".$keys[$i]."%')";
  93. }
  94. // Date
  95. switch ($ds) {
  96. case '0':
  97. break;
  98. case '1':
  99. $sql .= " AND (`bindate` LIKE '".$date."%')";
  100. break;
  101. case '2':
  102. $sql .= " AND (`bindate` BETWEEN '".$d1."' AND '".$d2."')";
  103. break;
  104. default:
  105. $sql .= " AND (`bindate` LIKE '".$date."%')";
  106. }
  107. // Category
  108. if ((isset($_GET['cat'])) && ($_GET['cat'] != '')) {
  109. $cat = array($_GET['cat']);
  110. if (is_array($cat[0])) {
  111. $sql .= ' AND (';
  112. $sql .= "`bin_category` LIKE '%".$cat[0][0]."%'";
  113. for ($j = 1; $j < sizeof($cat[0]); $j++) {
  114. $sql .= " OR `bin_category` LIKE '%".$cat[0][$j]."%'";
  115. }
  116. $sql .= ')';
  117. }
  118. }
  119. } elseif (($field == '0') && ($keyword == '')) { // monthly search
  120. $sql .= "`bindate` LIKE '".$date."%')";
  121. }
  122. $sql .= " ORDER BY `bindate` DESC LIMIT {$page}, {$cfg['pagemax']} ";
  123. } else {
  124. // Error
  125. $contents = no_keywords_error($mode = 'file');
  126. xhtml_output('file');
  127. exit;
  128. }
  129. //=========================
  130. // SUBMIT SEARCH QUERY
  131. //=========================
  132. if ($res = mysql_query($sql)) {
  133. //query results --- count all hit data
  134. // Keywords
  135. if (!strrchr($keyword, " ")) {
  136. $keys = explode(",", $keyword);
  137. $and_or = $ao;
  138. } else {
  139. $keys = explode(" ", $keyword);
  140. $and_or = $ao;
  141. }
  142. $count_sql = "SELECT `id`, DATE_FORMAT(`bindate`, '%Y-%m-%d') FROM `{$info_table}` WHERE (`draft` = '0') AND (" . $binary_flag;
  143. switch ($field) {
  144. case '2':
  145. $count_sql .= "`binname`";
  146. break;
  147. case '3':
  148. $count_sql .= "`bintype`";
  149. break;
  150. case '4':
  151. $count_sql .= "`bincomment`";
  152. break;
  153. default:
  154. $count_sql .= "`bin_title` LIKE '%".$keys[0]."%' OR ".$binary_flag."`bincomment`";
  155. break;
  156. }
  157. $count_sql .= " LIKE '%".$keys[0]."%')";
  158. for ($i = 1; $i < sizeof($keys); $i++) {
  159. $count_sql .= $and_or . ' (' . $binary_flag;
  160. switch ($field) {
  161. case '2':
  162. $count_sql .= "`binname`";
  163. break;
  164. case '3':
  165. $count_sql .= "`bintype`";
  166. break;
  167. case '4':
  168. $count_sql .= "`bincomment`";
  169. break;
  170. default:
  171. $count_sql .= "`binname` LIKE '%".$keys[$i]."%' OR ".$binary_flag."`bincomment`";
  172. break;
  173. }
  174. $count_sql .= " LIKE '%".$keys[$i]."%')";
  175. }
  176. // Date
  177. switch ($ds) {
  178. case '0':
  179. break;
  180. case '1':
  181. $count_sql .= " AND (`bindate` LIKE '".$date."%')";
  182. break;
  183. case '2':
  184. $count_sql .= " AND (`bindate` BETWEEN '".$d1."' AND '".$d2."')";
  185. break;
  186. default:
  187. $count_sql .= " AND (`bindate` LIKE '".$date."%')";
  188. break;
  189. }
  190. // Category
  191. if ((isset($_GET['cat'])) && ($_GET['cat'] != '')) {
  192. $cat = array($_GET['cat']);
  193. if (is_array($cat[0])) {
  194. $count_sql .= ' AND (';
  195. $count_sql .= "`bin_category` LIKE '%".$cat[0][0]."%'";
  196. for ($j = 1; $j < sizeof($cat[0]); $j++) {
  197. $count_sql .= " OR `bin_category` LIKE '%".$cat[0][$j]."%'";
  198. }
  199. $count_sql .= ')';
  200. }
  201. }
  202. $hit_res = mysql_query($count_sql);
  203. $hit_row = mysql_num_rows($hit_res);
  204. // Show the hit data info.
  205. $rows = mysql_num_rows($res);
  206. $keyword = utf8_convert($keyword);
  207. if ($keyword == '') {
  208. if ($date != '') {
  209. $archive_title = $date;
  210. } else {
  211. $archive_title = $lang['all_data'];
  212. }
  213. $result_msg = $lang['show_log'];
  214. } elseif ($keyword != '') {
  215. $archive_title = $lang['keyword'].' : '.htmlspecialchars(stripslashes($keyword));
  216. switch ($field) {
  217. case '2':
  218. $hit_field = $lang['binname_hit'];
  219. break;
  220. case '3':
  221. $hit_field = $lang['bintype_hit'];
  222. break;
  223. case '4':
  224. $hit_field = $lang['comment_hit'];
  225. break;
  226. default:
  227. $hit_field = $lang['title_comment_hit'];
  228. break;
  229. }
  230. $result_msg = $lang['hit_msg'];
  231. switch ($ds) {
  232. case '0':
  233. $hit_by_month = '';
  234. break;
  235. case '1':
  236. $hit_by_month = ' '.$lang['by_month'].'鐚š<span class="search-res">'.$date."</span>\n";
  237. break;
  238. case '2':
  239. $hit_by_month = "</p>\n<p>".$lang['by_month'].'鐚š<span class="search-res">'.$d1.'</span> - <span class="search-res">'.$d2."</span>\n";
  240. break;
  241. default:
  242. $hit_by_month = '';
  243. break;
  244. }
  245. }
  246. // Presentation of the result
  247. $disp_page = $page + 1;
  248. $disp_rows = $page + $rows;
  249. $hit_result =<<<EOD
  250. <div class="setcion">
  251. <h2 id="archive-title">{$archive_title}</h2>
  252. <p class="search-res">{$hit_field}
  253. <span class="search-res">{$hit_row}</span>{$result_msg}
  254. <span class="search-res">{$disp_page} - {$disp_rows}</span> / <span class="search-res">{$hit_row}</span>{$hit_by_month}
  255. </p>
  256. </div><!-- End .section -->
  257. EOD;
  258. //=========================
  259. // SHOW THE RESULTS!
  260. //=========================
  261. if ($hit_row) {
  262. $flip_link = display_page_flip_plus();
  263. //------------- WITH-DATE-TITLE MODE --------------
  264. if ($cfg['show_date_title'] == 'yes') {
  265. $row = mysql_fetch_array($res);
  266. format_date($row_name = 'bindate');
  267. $title_date = $formatted_date;
  268. $section_content = '<h2 class="date-title">'.$title_date."</h2>\n";
  269. do {
  270. format_date($row_name = 'bindate');
  271. $tmp_date = $formatted_date;
  272. if ($title_date != $tmp_date) {
  273. $new_title_date = $tmp_date;
  274. $section_content .= '</div><!-- End .section -->'."\n\n".
  275. '<div class="section">'."\n".
  276. '<h2 class="date-title">'.$new_title_date."</h2>\n";
  277. }
  278. $row = highlight_keywords('file');
  279. $row = convert_to_utf8($row);
  280. $section_content .= display_binary_box($row, $data_table);
  281. } while ($row = mysql_fetch_array($res));
  282. //------------- WITHOUT-DATE-TITLE MODE --------------
  283. } else {
  284. $section_content = '';
  285. while ($row = mysql_fetch_array($res)) {
  286. $row = highlight_keywords('file');
  287. $row = convert_to_utf8($row);
  288. $section_content .= display_binary_box($row, $data_table);
  289. }
  290. }
  291. } else {
  292. $flip_link = '';
  293. $section_content = '<h3>'.$lang['no_matches']."</h3>\n";
  294. $section_content .= display_search_plus();
  295. }
  296. } else {
  297. $hit_result = '';
  298. $flip_link = '';
  299. $section_content = no_keywords_error($mode = 'file');
  300. }
  301. } else {
  302. // Show the default interface
  303. $hit_result = '';
  304. $flip_link = '';
  305. $section_content = '<h2 id="archive-title">FILE SEARCH PLUS+</h2>'."\n";
  306. $section_content .= display_search_plus();
  307. }
  308. $contents =<<<EOD
  309. {$hit_result}
  310. <div class="section">
  311. {$flip_link}{$section_content}{$flip_link}
  312. </div>
  313. EOD;
  314. xhtml_output('file');
  315. ?>