| [Top level directory] [Classes] [Functions] [Constants] [Variables] |
XMB Open Source Forum Software - PHP Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * eXtreme Message Board 4 * XMB 1.9.11 5 * 6 * Developed And Maintained By The XMB Group 7 * Copyright (c) 2001-2010, The XMB Group 8 * http://www.xmbforum.com 9 * 10 * Sponsored By iEntry, Inc. 11 * http://www.ientry.com 12 * 13 * This program is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU General Public License 15 * as published by the Free Software Foundation; either version 2 16 * of the License, or (at your option) any later version. 17 * 18 * This program is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 * GNU General Public License for more details. 22 * 23 * You should have received a copy of the GNU General Public License 24 * along with this program. If not, see <http://www.gnu.org/licenses/>. 25 * 26 **/ 27 28 define('X_SCRIPT', 'search.php'); 29 30 require 'header.php'; 31 32 loadtemplates( 33 'misc_feature_notavailable', 34 'search', 35 'search_captcha', 36 'search_nextlink', 37 'search_results', 38 'search_results_none', 39 'search_results_row' 40 ); 41 42 smcwcache(); 43 eval('$css = "'.template('css').'";'); 44 nav($lang['textsearch']); 45 46 $misc = $multipage = $nextlink = ''; 47 48 if ($SETTINGS['searchstatus'] != 'on') { 49 header('HTTP/1.0 403 Forbidden'); 50 eval('echo "'.template('header').'";'); 51 eval('echo "'.template('misc_feature_notavailable').'";'); 52 end_time(); 53 eval('echo "'.template('footer').'";'); 54 exit(); 55 } 56 57 if (!isset($searchsubmit) && !isset($page)) { 58 // Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs. 59 $url_check = Array('%3c', '<', ':/'); 60 foreach($url_check as $name) { 61 if (strpos(strtolower($url), $name) !== FALSE) { 62 header('HTTP/1.0 403 Forbidden'); 63 exit('403 Forbidden - URL rejected by XMB'); 64 } 65 } 66 unset($url_check); 67 68 setCanonicalLink('search.php'); 69 70 $forumselect = forumList('f', TRUE, TRUE, getInt('fid')); 71 72 $captchasearchcheck = ''; 73 if (X_GUEST) { 74 if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on' && !DEBUG) { 75 require ROOT.'include/captcha.inc.php'; 76 $Captcha = new Captcha(250, 50); 77 if ($Captcha->bCompatible !== false) { 78 $imghash = $Captcha->GenerateCode(); 79 if ($SETTINGS['captcha_code_casesensitive'] == 'off') { 80 $lang['captchacaseon'] = ''; 81 } 82 eval('$captchasearchcheck = "'.template('search_captcha').'";'); 83 } 84 } 85 } 86 87 eval('$search = "'.template('search').'";'); 88 $misc = $search; 89 } else { 90 header('X-Robots-Tag: noindex'); 91 92 $srchtxt = postedVar('srchtxt', '', FALSE, FALSE, FALSE, 'g'); 93 $srchuname = postedVar('srchuname', '', TRUE, TRUE, FALSE, 'g'); 94 $rawsrchuname = postedVar('srchuname', '', FALSE, FALSE, FALSE, 'g'); 95 $filter_distinct = postedVar('filter_distinct', '', FALSE, FALSE, FALSE, 'g'); 96 $srchfid = postedArray('f', 'int', '', FALSE, FALSE, FALSE, 'g'); 97 $srchfield = postedVar('srchfield', '', FALSE, FALSE, FALSE, 'g'); 98 $page = getInt('page'); 99 $srchfrom = getInt('srchfrom'); 100 if (strlen($srchuname) < 3 && (empty($srchtxt) || strlen($srchtxt) < 3)) { 101 error($lang['nosearchq']); 102 } 103 if (!X_STAFF) { 104 // Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs. 105 if ($srchtxt != censor($srchtxt) Or strpos($srchtxt, '<') !== FALSE Or strpos($srchuname, '<') !== FALSE) { 106 error($lang['searchinvalid']); 107 } 108 $url_check = Array('%3c', '<', ':/'); 109 foreach($url_check as $name) { 110 if (strpos(strtolower($url), $name) !== FALSE) { 111 header('HTTP/1.0 403 Forbidden'); 112 exit('403 Forbidden - URL rejected by XMB'); 113 } 114 } 115 unset($url_check); 116 } 117 118 if (strlen($srchuname) < 3) { 119 $srchuname = ''; 120 } 121 122 if (X_GUEST) { 123 if ($SETTINGS['captcha_status'] == 'on' && $SETTINGS['captcha_search_status'] == 'on' && !DEBUG) { 124 if ($page > 1) { 125 error($lang['searchguesterror']); 126 } 127 require ROOT.'include/captcha.inc.php'; 128 $Captcha = new Captcha(250, 50); 129 if ($Captcha->bCompatible !== false) { 130 $imgcode = postedVar('imgcode', '', FALSE, FALSE, FALSE, 'g'); 131 $imghash = postedVar('imghash', '', TRUE, TRUE, FALSE, 'g'); 132 if ($Captcha->ValidateCode($imgcode, $imghash) !== TRUE) { 133 error($lang['captchaimageinvalid']); 134 } 135 } 136 unset($Captcha); 137 } 138 } 139 140 validatePpp(); 141 142 $searchresults = ''; 143 144 if ($page < 1) { 145 $page = 1; 146 } 147 $offset = ($page-1) * ($ppp); 148 $start = $offset; 149 $pagenum = $page+1; 150 151 $forums = permittedForums(forumCache(), 'thread', 'csv'); 152 $sql = "SELECT p.*, t.subject AS tsubject " 153 . "FROM ".X_PREFIX."posts AS p INNER JOIN ".X_PREFIX."threads AS t USING(tid) INNER JOIN ".X_PREFIX."forums AS f ON f.fid=t.fid " 154 . "WHERE f.fid IN($forums)"; 155 156 if ($srchfrom <= 0) { 157 $srchfrom = $onlinetime; 158 $srchfromold = 0; 159 } else { 160 $srchfromold = $srchfrom; 161 } 162 $srchfrom = $onlinetime - $srchfrom; 163 164 $ext = array(); 165 if (!empty($srchtxt)) { 166 $sqlsrch = array(); 167 $srchtxtsq = explode(' ', $srchtxt); 168 $sql .= ' AND ('; 169 foreach($srchtxtsq as $stxt) { 170 $dblikebody = $db->like_escape(addslashes(cdataOut($stxt))); //Messages are historically double-slashed. 171 $dblikesub = $db->like_escape(addslashes(attrOut($stxt))); 172 if ($srchfield == 'body') { 173 $sqlsrch[] = "p.message LIKE '%$dblikebody%' OR p.subject LIKE '%$dblikesub%'"; 174 $ext[] = 'srchfield=body'; 175 } else { 176 $sqlsrch[] = "p.subject LIKE '%$dblikesub%'"; 177 } 178 } 179 180 $sql .= implode(') AND (', $sqlsrch); 181 $sql .= ')'; 182 $ext[] = 'srchtxt='.rawurlencode($srchtxt); 183 } 184 185 if ($srchuname != '') { 186 $sql .= " AND p.author='$srchuname'"; 187 $ext[] = 'srchuname='.rawurlencode($rawsrchuname); 188 } 189 190 if (count($srchfid) > 0) { 191 if ($srchfid[0] != 'all') { 192 $srchfidcsv = implode(',', $srchfid); 193 $sql .= " AND f.fid IN ($srchfidcsv)"; 194 $ext[] = "f=$srchfidcsv"; 195 } 196 } 197 198 if ($srchfrom) { 199 $sql .= " AND p.dateline >= $srchfrom"; 200 $ext[] = "srchfrom=$srchfromold"; 201 } 202 203 $counter = 1; 204 $ppp++; // Peek at next page. 205 $sql .=" ORDER BY dateline DESC LIMIT $start, $ppp"; 206 207 if (strlen($forums) == 0) { 208 $results = 0; 209 } else { 210 $querysrch = $db->query($sql); 211 $results = $db->num_rows($querysrch); 212 } 213 214 $temparray = array(); 215 $searchresults = ''; 216 217 while($results != 0 And $counter < $ppp And $post = $db->fetch_array($querysrch)) { 218 $counter++; 219 if ($filter_distinct != 'yes' Or !array_key_exists($post['tid'], $temparray)) { 220 $temparray[$post['tid']] = true; 221 $message = stripslashes($post['message']); 222 223 if (empty($srchtxt)) { 224 $position = 0; 225 } else { 226 $position = stripos($message, cdataOut($srchtxtsq[0]), 0); 227 } 228 229 $show_num = 100; 230 $msg_leng = strlen($message); 231 232 if ($position <= $show_num) { 233 $min = 0; 234 $add_pre = ''; 235 } else { 236 $min = $position - $show_num; 237 $add_pre = '...'; 238 } 239 240 if (($msg_leng - $position) <= $show_num) { 241 $max = $msg_leng; 242 $add_post = ''; 243 } else { 244 $max = $position + $show_num; 245 $add_post = '...'; 246 } 247 248 if (trim($post['subject']) == '') { 249 $post['subject'] = $post['tsubject']; 250 } 251 252 $show = substr($message, $min, $max - $min); 253 $post['subject'] = stripslashes($post['subject']); 254 if (!empty($srchtxt)) { 255 foreach($srchtxtsq as $stxt) { 256 $show = str_ireplace(cdataOut($stxt), '<b><i>'.cdataOut($stxt).'</i></b>', $show); 257 $post['subject'] = str_ireplace(attrOut($stxt), '<i>'.attrOut($stxt).'</i>', $post['subject']); 258 } 259 } 260 261 $show = postify($show, 'no', 'yes', 'yes', 'no', 'no', 'no'); 262 $post['subject'] = rawHTMLsubject($post['subject']); 263 264 $date = gmdate($dateformat, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600)); 265 $time = gmdate($timecode, $post['dateline'] + ($timeoffset * 3600) + ($addtime * 3600)); 266 267 $poston = $date.' '.$lang['textat'].' '.$time; 268 $postby = $post['author']; 269 eval('$searchresults .= "'.template('search_results_row').'";'); 270 } 271 } 272 273 if ($results == 0) { 274 eval('$searchresults = "'.template('search_results_none').'";'); 275 } else if ($results == $ppp) { 276 // create a string containing the stuff to search for 277 $ext = implode('&', $ext); 278 eval('$nextlink = "'.template('search_nextlink').'";'); 279 } 280 281 eval('$search = "'.template('search_results').'";'); 282 $misc = $search; 283 } 284 285 eval('$header = "'.template('header').'";'); 286 end_time(); 287 eval('$footer = "'.template('footer').'";'); 288 echo $header, $misc, $footer; 289 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Jan 26 20:11:23 2010 | Home | Forum | Download | SVN | Bug Tracker | Documentation | Cross-referenced by PHPXref 0.7 |