Refbase
/
Refbase2X
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
1.9 MiB
Tree: 3d11dd7f65
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d11dd7f65'
${ noResults }
Refbase2X/rss.php

147 lines
8.4 KiB
Raw Normal View History

Refbase update_2021-01-28_15_58
4 years ago
 
  1. <?php
  2. 	// Project:    Web Reference Database (refbase) <http://www.refbase.net>

  3. 	// Copyright:  Matthias Steffens <mailto:refbase@extracts.de> and the file's

  4. 	//             original author(s).

  5. 	//

  6. 	//             This code is distributed in the hope that it will be useful,

  7. 	//             but WITHOUT ANY WARRANTY. Please see the GNU General Public

  8. 	//             License for more details.

  9. 	//

  10. 	// File:       ./rss.php

  11. 	// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/rss.php $

  12. 	// Author(s):  Matthias Steffens <mailto:refbase@extracts.de>

  13. 	//

  14. 	// Created:    25-Sep-04, 12:10

  15. 	// Modified:   $Date: 2017-04-13 02:00:18 +0000 (Thu, 13 Apr 2017) $

  16. 	//             $Author: karnesky $

  17. 	//             $Revision: 1416 $

  18. 

  19. 	// This script will generate a dynamic RSS feed for the current query.

  20. 	// Usage: Perform your query until you've got the desired results. Then, copy the "RSS" link in the header

  21. 	// message of any search results page and use this URL as feed URL when subscribing within your Newsreader.

  22. 

  23. 	// TODO: - support 'startRecord' parameter

  24. 	//       - support 'citeOrder' parameter to allow for sort options other than the current default

  25. 	//         (which equals '$citeOrder="creation-date"' in 'show.php')

  26. 

  27. 	// NOTE: As an alternative to fixing/improving 'rss.php', it may be desirable to add "RSS XML" as a proper

  28. 	//       export format, and let 'show.php' generate the RSS output (this would effectively deprecate 'rss.php');

  29. 	//       However, the drawback would be longer/uglier RSS URLs...

  30. 

  31. 	// Incorporate some include files:

  32. 	include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password

  33. 	include 'includes/include.inc.php'; // include common functions

  34. 	include 'includes/cite.inc.php'; // include citation functions

  35. 	include 'initialize/ini.inc.php'; // include common variables

  36. 

  37. 	// --------------------------------------------------------------------

  38. 

  39. 	// START A SESSION:

  40. 	// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:

  41. 	start_session(true);
  42. 

  43. 	// --------------------------------------------------------------------

  44. 

  45. 	// Initialize preferred display language:

  46. 	// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)

  47. 	include 'includes/locales.inc.php'; // include the locales

  48. 

  49. 	// --------------------------------------------------------------------

  50. 

  51. 	// Extract any parameters passed to the script:

  52. 	if (isset($_REQUEST['where']))
  53. 		$queryWhereClause = $_REQUEST['where']; // get the WHERE clause that was passed within the link

  54. 	else
  55. 		$queryWhereClause = "";
  56. 

  57. 	if (isset($_REQUEST['showRows']) AND preg_match("/^[1-9]+[0-9]*$/", $_REQUEST['showRows'])) // contains the desired number of search results (OpenSearch equivalent: '{count}')

  58. 		$showRows = $_REQUEST['showRows'];
  59. 	else
  60. 		$showRows = $_SESSION['userRecordsPerPage']; // get the default number of records per page preferred by the current user

  61. 

  62. 	// NOTE: while we read out the 'startRecord' parameter, it isn't yet supported by 'rss.php'!

  63. 	if (isset($_REQUEST['startRecord'])) // contains the offset of the first search result, starting with one (OpenSearch equivalent: '{startIndex}')

  64. 		$rowOffset = ($_REQUEST['startRecord']) - 1; // first row number in a MySQL result set is 0 (not 1)

  65. 	else
  66. 		$rowOffset = ""; // if no value to the 'startRecord' parameter is given, we'll output records starting with the first record in the result set

  67. 

  68. 	if (isset($_REQUEST['recordSchema'])) // contains the desired response format; currently, 'rss.php' will only recognize 'rss' (outputs RSS 2.0), future versions may also allow for 'atom'

  69. 		$recordSchema = $_REQUEST['recordSchema'];
  70. 	else
  71. 		$recordSchema = "rss"; // if no particular response format was requested we'll output found results as RSS 2.0

  72. 

  73. 

  74. 	// Check the correct parameters have been passed:

  75. 	if (empty($queryWhereClause)) // if 'rss.php' was called without the 'where' parameter:

  76. 	{
  77. 		// return an appropriate error message:

  78. 		$HeaderString = returnMsg($loc["Warning_IncorrectOrMissingParams"] . " '" . scriptURL() . "'!", "warning", "strong", "HeaderString"); // functions 'returnMsg()' and 'scriptURL()' are defined in 'include.inc.php'

  79. 

  80. 		// Redirect the browser back to the calling page:

  81. 		header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'

  82. 		exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

  83. 	}
  84. 	else
  85. 	{
  86. 		$sanitizedWhereClause = extractWHEREclause(" WHERE " . $queryWhereClause); // attempt to sanitize custom WHERE clause from SQL injection attacks (function 'extractWHEREclause()' is defined in 'include.inc.php')

  87. 	}
  88. 

  89. 	// --------------------------------------------------------------------

  90. 

  91. 	// If we made it here, then the script was called with all required parameters (which, currently, is just the 'where' parameter :)

  92. 

  93. 	// CONSTRUCT SQL QUERY:

  94. 

  95. 	// Note: the 'verifySQLQuery()' function that gets called below will add the user specific fields to the 'SELECT' clause and the

  96. 	// 'LEFT JOIN...' part to the 'FROM' clause of the SQL query if a user is logged in. It will also add 'orig_record', 'serial', 'file', 'url', 'doi', 'isbn' & 'type' columns

  97. 	// as required. Therefore it's sufficient to provide just the plain SQL query here:

  98. 	$sqlQuery = buildSELECTclause("RSS", "1", "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'

  99. 

  100. 	$sqlQuery .= " FROM $tableRefs WHERE " . $sanitizedWhereClause; // add FROM clause and the specified WHERE clause

  101. 

  102. 	$sqlQuery .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC"; // sort records such that newly added/edited records get listed top of the list

  103. 

  104. 	// since a malicious user could change the 'where' parameter manually to gain access to user-specific data of other users, we'll run the SQL query thru the 'verifySQLQuery()' function:

  105. 	// (this function does also add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query)

  106. 	$query = verifySQLQuery($sqlQuery, "", "RSS", "1"); // function 'verifySQLQuery()' is defined in 'include.inc.php'

  107. 

  108. 	// the 'verifySQLQuery()' function will save an error message to the 'HeaderString' session variable if something went wrong (e.g., if a user who's NOT logged in tries to query user specific fields)

  109. 	if (isset($_SESSION['HeaderString'])) // if there's a 'HeaderString' session variable

  110. 	{
  111. 		header("Location: index.php"); // redirect to main page ('index.php') which will display the error message stored within the 'HeaderString' session variable

  112. 		exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

  113. 	}
  114. 

  115. 	// --------------------------------------------------------------------

  116. 

  117. 	// (1) OPEN CONNECTION, (2) SELECT DATABASE

  118. 	connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'

  119. 

  120. 	// --------------------------------------------------------------------

  121. 

  122. 	// (3) RUN the query on the database through the connection:

  123. 	$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'

  124. 

  125. 	// find out how many rows are available:

  126. 	$rowsFound = @ mysqli_num_rows($result);
  127. 

  128. 	// construct a meaningful channel description based on the specified 'WHERE' clause:

  129. 	$rssChannelDescription = "Displays all newly added records where " . explainSQLQuery($sanitizedWhereClause) . "."; // function 'explainSQLQuery()' is defined in 'include.inc.php'

  130. 

  131. 	// Generate RSS XML data from the result set (upto the limit given in '$showRows'):

  132. 	$rssFeed = generateRSS($result, $showRows, $rssChannelDescription); // function 'generateRSS()' is defined in 'include.inc.php'

  133. 	// --------------------------------------------------------------------

  134. 

  135. 	// (4) DISPLAY search results as RSS feed:

  136. 	// set mimetype to 'application/rss+xml' and character encoding to the one given in '$contentTypeCharset' (which is defined in 'ini.inc.php'):

  137. 	setHeaderContentType("application/rss+xml", $contentTypeCharset); // function 'setHeaderContentType()' is defined in 'include.inc.php'

  138. 

  139. 	echo $rssFeed;
  140. 

  141. 	// --------------------------------------------------------------------

  142. 

  143. 	// (5) CLOSE the database connection:

  144. 	disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'

  145. 

  146. 	// --------------------------------------------------------------------

  147. ?>