Refbase
/
Refbase2X
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
1.9 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Refbase2X/rss.php

149 lines
8.6 KiB
Raw Permalink Normal View History

Refbase update_2021-01-28_15_58
4 years ago
Drush_Update_2021-01-28_17_01
4 years ago
Refbase update_2021-01-28_15_58
4 years ago
 
  1. <?php
  2.         // turn  on warnings and notice during  developement

  3.         include('initialize/PhpErrorSettings.inc.php'); 
  4. 	// Project:    Web Reference Database (refbase) <http://www.refbase.net>

  5. 	// Copyright:  Matthias Steffens <mailto:refbase@extracts.de> and the file's

  6. 	//             original author(s).

  7. 	//

  8. 	//             This code is distributed in the hope that it will be useful,

  9. 	//             but WITHOUT ANY WARRANTY. Please see the GNU General Public

  10. 	//             License for more details.

  11. 	//

  12. 	// File:       ./rss.php

  13. 	// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/rss.php $

  14. 	// Author(s):  Matthias Steffens <mailto:refbase@extracts.de>

  15. 	//

  16. 	// Created:    25-Sep-04, 12:10

  17. 	// Modified:   $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $

  18. 	//             $Author: karnesky $

  19. 	//             $Revision: 1416 $

  20. 

  21. 	// This script will generate a dynamic RSS feed for the current query.

  22. 	// Usage: Perform your query until you've got the desired results. Then, copy the "RSS" link in the header

  23. 	// message of any search results page and use this URL as feed URL when subscribing within your Newsreader.

  24. 

  25. 	// TODO: - support 'startRecord' parameter

  26. 	//       - support 'citeOrder' parameter to allow for sort options other than the current default

  27. 	//         (which equals '$citeOrder="creation-date"' in 'show.php')

  28. 

  29. 	// NOTE: As an alternative to fixing/improving 'rss.php', it may be desirable to add "RSS XML" as a proper

  30. 	//       export format, and let 'show.php' generate the RSS output (this would effectively deprecate 'rss.php');

  31. 	//       However, the drawback would be longer/uglier RSS URLs...

  32. 

  33. 	// Incorporate some include files:

  34. 	include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password

  35. 	include 'includes/include.inc.php'; // include common functions

  36. 	include 'includes/cite.inc.php'; // include citation functions

  37. 	include 'initialize/ini.inc.php'; // include common variables

  38. 

  39. 	// --------------------------------------------------------------------

  40. 

  41. 	// START A SESSION:

  42. 	// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:

  43. 	start_session(true);
  44. 

  45. 	// --------------------------------------------------------------------

  46. 

  47. 	// Initialize preferred display language:

  48. 	// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)

  49. 	include 'includes/locales.inc.php'; // include the locales

  50. 

  51. 	// --------------------------------------------------------------------

  52. 

  53. 	// Extract any parameters passed to the script:

  54. 	if (isset($_REQUEST['where']))
  55. 		$queryWhereClause = $_REQUEST['where']; // get the WHERE clause that was passed within the link

  56. 	else
  57. 		$queryWhereClause = "";
  58. 

  59. 	if (isset($_REQUEST['showRows']) AND preg_match("/^[1-9]+[0-9]*$/", $_REQUEST['showRows'])) // contains the desired number of search results (OpenSearch equivalent: '{count}')

  60. 		$showRows = $_REQUEST['showRows'];
  61. 	else
  62. 		$showRows = $_SESSION['userRecordsPerPage']; // get the default number of records per page preferred by the current user

  63. 

  64. 	// NOTE: while we read out the 'startRecord' parameter, it isn't yet supported by 'rss.php'!

  65. 	if (isset($_REQUEST['startRecord'])) // contains the offset of the first search result, starting with one (OpenSearch equivalent: '{startIndex}')

  66. 		$rowOffset = ($_REQUEST['startRecord']) - 1; // first row number in a MySQL result set is 0 (not 1)

  67. 	else
  68. 		$rowOffset = ""; // if no value to the 'startRecord' parameter is given, we'll output records starting with the first record in the result set

  69. 

  70. 	if (isset($_REQUEST['recordSchema'])) // contains the desired response format; currently, 'rss.php' will only recognize 'rss' (outputs RSS 2.0), future versions may also allow for 'atom'

  71. 		$recordSchema = $_REQUEST['recordSchema'];
  72. 	else
  73. 		$recordSchema = "rss"; // if no particular response format was requested we'll output found results as RSS 2.0

  74. 

  75. 

  76. 	// Check the correct parameters have been passed:

  77. 	if (empty($queryWhereClause)) // if 'rss.php' was called without the 'where' parameter:

  78. 	{
  79. 		// return an appropriate error message:

  80. 		$HeaderString = returnMsg($loc["Warning_IncorrectOrMissingParams"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString"); // functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php'

  81. 

  82. 		// Redirect the browser back to the calling page:

  83. 		header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'

  84. 		exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

  85. 	}
  86. 	else
  87. 	{
  88. 		$sanitizedWhereClause = extractWHEREclause(" WHERE " . $queryWhereClause); // attempt to sanitize custom WHERE clause from SQL injection attacks (function 'extractWHEREclause()' is defined in 'include.inc.php')

  89. 	}
  90. 

  91. 	// --------------------------------------------------------------------

  92. 

  93. 	// If we made it here, then the script was called with all required parameters (which, currently, is just the 'where' parameter :)

  94. 

  95. 	// CONSTRUCT SQL QUERY:

  96. 

  97. 	// Note: the 'verifySQLQuery()' function that gets called below will add the user specific fields to the 'SELECT' clause and the

  98. 	// 'LEFT JOIN...' part to the 'FROM' clause of the SQL query if a user is logged in. It will also add 'orig_record', 'serial', 'file', 'url', 'doi', 'isbn' & 'type' columns

  99. 	// as required. Therefore it's sufficient to provide just the plain SQL query here:

  100. 	$sqlQuery = buildSELECTclause("RSS", "1", "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'

  101. 

  102. 	$sqlQuery .= " FROM $tableRefs WHERE " . $sanitizedWhereClause; // add FROM clause and the specified WHERE clause

  103. 

  104. 	$sqlQuery .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC"; // sort records such that newly added/edited records get listed top of the list

  105. 

  106. 	// since a malicious user could change the 'where' parameter manually to gain access to user-specific data of other users, we'll run the SQL query thru the 'verifySQLQuery()' function:

  107. 	// (this function does also add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query)

  108. 	$query = verifySQLQuery($sqlQuery, "", "RSS", "1"); // function 'verifySQLQuery()' is defined in 'include.inc.php'

  109. 

  110. 	// the 'verifySQLQuery()' function will save an error message to the 'HeaderString' session variable if something went wrong (e.g., if a user who's NOT logged in tries to query user specific fields)

  111. 	if (isset($_SESSION['HeaderString'])) // if there's a 'HeaderString' session variable

  112. 	{
  113. 		header("Location: index.php"); // redirect to main page ('index.php') which will display the error message stored within the 'HeaderString' session variable

  114. 		exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

  115. 	}
  116. 

  117. 	// --------------------------------------------------------------------

  118. 

  119. 	// (1) OPEN CONNECTION, (2) SELECT DATABASE

  120. 	connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'

  121. 

  122. 	// --------------------------------------------------------------------

  123. 

  124. 	// (3) RUN the query on the database through the connection:

  125. 	$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'

  126. 

  127. 	// find out how many rows are available:

  128. 	$rowsFound = @ mysqli_num_rows($result);
  129. 

  130. 	// construct a meaningful channel description based on the specified 'WHERE' clause:

  131. 	$rssChannelDescription = "Displays all newly added records where " . explainSQLQuery($sanitizedWhereClause) . "."; // function 'explainSQLQuery()' is defined in 'include.inc.php'

  132. 

  133. 	// Generate RSS XML data from the result set (upto the limit given in '$showRows'):

  134. 	$rssFeed = generateRSS($result, $showRows, $rssChannelDescription); // function 'generateRSS()' is defined in 'include.inc.php'

  135. 	// --------------------------------------------------------------------

  136. 

  137. 	// (4) DISPLAY search results as RSS feed:

  138. 	// set mimetype to 'application/rss+xml' and character encoding to the one given in '$contentTypeCharset' (which is defined in 'ini.inc.php'):

  139. 	setHeaderContentType("application/rss+xml", $contentTypeCharset); // function 'setHeaderContentType()' is defined in 'include.inc.php'

  140. 

  141. 	echo $rssFeed;
  142. 

  143. 	// --------------------------------------------------------------------

  144. 

  145. 	// (5) CLOSE the database connection:

  146. 	disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'

  147. 

  148. 	// --------------------------------------------------------------------

  149. ?>