| 35 |
35 |
$items_listed = array();
|
| 36 |
36 |
|
| 37 |
37 |
// Get search string
|
| 38 |
|
if(isset($_POST['string'])) {
|
| 39 |
|
$string = addslashes(addslashes(str_replace(',', '', $_POST['string'])));
|
| 40 |
|
$search_string = htmlspecialchars($this->stripslashes(str_replace(',', '', $_POST['string'])),ENT_QUOTES);
|
|
38 |
if(isset($_REQUEST['string'])) {
|
|
39 |
if ($_REQUEST['match']!='exact') {
|
|
40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
|
41 |
}
|
|
42 |
// reverse potential magic_quotes action
|
|
43 |
$original_string=$this->stripslashes($string);
|
|
44 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
|
|
45 |
$string = addslashes($this->escape_backslashes($original_string));
|
|
46 |
// then escape for mySQL query
|
|
47 |
$search_string = htmlspecialchars($original_string,ENT_QUOTES);
|
| 41 |
48 |
} else {
|
| 42 |
49 |
$string = '';
|
| 43 |
50 |
$search_string = '';
|
| ... | ... | |
| 46 |
53 |
// Work-out what to do (match all words, any words, or do exact match), and do relevant with query settings
|
| 47 |
54 |
$all_checked = '';
|
| 48 |
55 |
$any_checked = '';
|
| 49 |
|
$exact_checked = '';
|
| 50 |
|
if(!isset($_POST['match'])) {
|
| 51 |
|
$match = 'all';
|
| 52 |
|
$operator = 'LIKE';
|
| 53 |
|
$wildcard = '%';
|
| 54 |
|
$all_checked = ' checked';
|
| 55 |
|
} elseif($_POST['match'] == 'all') {
|
| 56 |
|
$match = 'all';
|
| 57 |
|
$operator = 'LIKE';
|
| 58 |
|
$wildcard = '%';
|
| 59 |
|
$all_checked = ' checked';
|
| 60 |
|
} elseif($_POST['match'] == 'any') {
|
| 61 |
|
$match = 'any';
|
| 62 |
|
$operator = 'LIKE';
|
| 63 |
|
$wildcard = '%';
|
| 64 |
|
$any_checked = ' checked';
|
|
56 |
$exact_checked = '';
|
|
57 |
if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
|
| 65 |
58 |
// Split string into array with explode() function
|
| 66 |
59 |
$exploded_string = explode(' ', $string);
|
| 67 |
60 |
// Make sure there is no blank values in the array
|
| ... | ... | |
| 71 |
64 |
$string[] = $each_exploded_string;
|
| 72 |
65 |
}
|
| 73 |
66 |
}
|
| 74 |
|
} elseif($_POST['match'] == 'exact') {
|
| 75 |
|
$match = 'exact';
|
| 76 |
|
$operator = '=';
|
| 77 |
|
$wildcard = '';
|
|
67 |
if ($_REQUEST['match'] == 'any') {
|
|
68 |
$any_checked = ' checked';
|
|
69 |
$logical_operator = ' OR';
|
|
70 |
} else {
|
|
71 |
$all_checked = ' checked';
|
|
72 |
$logical_operator = ' AND';
|
|
73 |
}
|
|
74 |
} else {
|
| 78 |
75 |
$exact_checked = ' checked';
|
| 79 |
|
} else {
|
| 80 |
|
$match = 'all';
|
| 81 |
|
$operator = 'LIKE';
|
| 82 |
|
$wildcard = '%';
|
| 83 |
|
$all_checked = ' checked';
|
| 84 |
|
}
|
| 85 |
|
|
|
76 |
$exact_string=$string;
|
|
77 |
$string=array();
|
|
78 |
$string[]=$exact_string;
|
|
79 |
}
|
| 86 |
80 |
// Get list of usernames and display names
|
| 87 |
81 |
$query_users = $database->query("SELECT user_id,username,display_name FROM ".TABLE_PREFIX."users");
|
| 88 |
82 |
$users = array('0' => array('display_name' => $TEXT['UNKNOWN'], 'username' => strtolower($TEXT['UNKNOWN'])));
|
| ... | ... | |
| 139 |
133 |
// Show search results_header
|
| 140 |
134 |
echo $search_results_header;
|
| 141 |
135 |
// Search page details only, such as description, keywords, etc.
|
| 142 |
|
if($match == 'all' OR $match == 'exact') {
|
| 143 |
|
$query_pages = $database->query("SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages".
|
| 144 |
|
" WHERE visibility != 'none' AND visibility != 'deleted' AND page_title $operator '$wildcard$string$wildcard' AND searching = '1' ".
|
| 145 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$string$wildcard' AND searching = '1'".
|
| 146 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$string$wildcard' AND searching = '1'".
|
| 147 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$string$wildcard' AND searching = '1'");
|
| 148 |
|
} elseif($match == 'any') {
|
| 149 |
136 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages WHERE ";
|
| 150 |
137 |
$count = 0;
|
| 151 |
138 |
foreach($string AS $each_string) {
|
| 152 |
|
if($count != 0) { $query_pages .= ' OR'; }
|
| 153 |
|
$query_pages .= " visibility != 'none' AND page_title $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
| 154 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
| 155 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
| 156 |
|
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$each_string$wildcard' AND searching = '1'";
|
|
139 |
if($count != 0) { $query_pages .= $logical_operator; }
|
|
140 |
$query_pages .= " visibility != 'none' AND page_title LIKE '%$each_string%' AND searching = '1'".
|
|
141 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title LIKE '%$each_string%' AND searching = '1'".
|
|
142 |
" OR visibility != 'none' AND visibility != 'deleted' AND description LIKE '%$each_string%' AND searching = '1'".
|
|
143 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords LIKE '%$each_string%' AND searching = '1'";
|
| 157 |
144 |
$count = $count+1;
|
| 158 |
145 |
}
|
| 159 |
146 |
$query_pages = $database->query($query_pages);
|
| 160 |
|
}
|
| 161 |
147 |
// Loop through pages
|
| 162 |
148 |
if($query_pages->numRows() > 0) {
|
| 163 |
149 |
while($page = $query_pages->fetchRow()) {
|
| ... | ... | |
| 212 |
198 |
// Fetch query start
|
| 213 |
199 |
$fetch_query_body = $get_query_body->fetchRow();
|
| 214 |
200 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 215 |
|
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,$operator,$wildcard), $this->stripslashes($fetch_query_body['value']));
|
| 216 |
|
// If we need to match any of the words, loop through the body for each one then combine with start and end, otherwise just combine without looping
|
| 217 |
|
if($match == 'any') {
|
| 218 |
|
// Loop through query body for each string, then combine with start and end
|
| 219 |
|
$prepared_query = $query_start;
|
| 220 |
|
$count = 0;
|
| 221 |
|
foreach($string AS $each_string) {
|
| 222 |
|
if($count != 0) { $prepared_query .= 'OR'; }
|
| 223 |
|
$prepared_query .= str_replace('[STRING]', $each_string, $query_body);
|
| 224 |
|
$count = $count+1;
|
| 225 |
|
}
|
| 226 |
|
$prepared_query .= $query_end;
|
| 227 |
|
} else {
|
| 228 |
|
// Replace {STRING} with $string, then combine with start and end
|
| 229 |
|
$prepared_query = $query_start.str_replace('[STRING]', $string, $query_body).$query_end;
|
| 230 |
|
}
|
|
201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->stripslashes($fetch_query_body['value']));
|
|
202 |
// Loop through query body for each string, then combine with start and end
|
|
203 |
$prepared_query = $query_start;
|
|
204 |
$count = 0;
|
|
205 |
foreach($string AS $each_string) {
|
|
206 |
if($count != 0) { $prepared_query .= $logical_operator; }
|
|
207 |
$prepared_query .= str_replace('[STRING]', $each_string, $query_body);
|
|
208 |
$count = $count+1;
|
|
209 |
}
|
|
210 |
$prepared_query .= $query_end;
|
| 231 |
211 |
// Execute query
|
| 232 |
212 |
$query = $database->query($prepared_query);
|
| 233 |
213 |
// Loop though queried items
|
Reworked search.php, fixed typo in media/browse.html.