Refbase
/
Refbase2X
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
1.9 MiB
Tree: fd76a59d98
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd76a59d98'
${ noResults }
Refbase2X/sql_search.php

226 lines
9.0 KiB
Raw Normal View History

Refbase update_2021-01-28_15_58
4 years ago
 
  1. <?php
  2. 	// Project:    Web Reference Database (refbase) <http://www.refbase.net>

  3. 	// Copyright:  Matthias Steffens <mailto:refbase@extracts.de> and the file's

  4. 	//             original author(s).

  5. 	//

  6. 	//             This code is distributed in the hope that it will be useful,

  7. 	//             but WITHOUT ANY WARRANTY. Please see the GNU General Public

  8. 	//             License for more details.

  9. 	//

  10. 	// File:       ./sql_search.php

  11. 	// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/sql_search.php $

  12. 	// Author(s):  Matthias Steffens <mailto:refbase@extracts.de>

  13. 	//

  14. 	// Created:    29-Jul-02, 16:39

  15. 	// Modified:   $Date: 2012-03-05 10:19:03 +0000 (Mon, 05 Mar 2012) $

  16. 	//             $Author: msteffens $

  17. 	//             $Revision: 1363 $

  18. 

  19. 	// Search form that offers to specify a custom sql query.

  20. 	// It offers some output options (like how many records to display per page)

  21. 	// and provides some examples and links for further information on sql queries.

  22. 

  23. 

  24. 	// Incorporate some include files:

  25. 	include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password

  26. 	include 'includes/header.inc.php'; // include header

  27. 	include 'includes/footer.inc.php'; // include footer

  28. 	include 'includes/include.inc.php'; // include common functions

  29. 	include 'initialize/ini.inc.php'; // include common variables

  30. 

  31. 	// --------------------------------------------------------------------

  32. 

  33. 	// START A SESSION:

  34. 	// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:

  35. 	start_session(true);
  36. 

  37. 	// --------------------------------------------------------------------

  38. 

  39. 	// Initialize preferred display language:

  40. 	// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)

  41. 	include 'includes/locales.inc.php'; // include the locales

  42. 

  43. 	// --------------------------------------------------------------------

  44. 

  45. 	// If there's no stored message available:

  46. 	if (!isset($_SESSION['HeaderString']))
  47. 		$HeaderString = $loc["SearchSQL"].":"; // Provide the default message

  48. 	else
  49. 	{
  50. 		$HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!)

  51. 

  52. 		// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':

  53. 		deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'

  54. 	}
  55. 

  56. 	// Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):

  57. 	// ('' will produce the default 'Web' output style)

  58. 	if (isset($_REQUEST['viewType']))
  59. 		$viewType = $_REQUEST['viewType'];
  60. 	else
  61. 		$viewType = "";
  62. 

  63. 	// Check if the script was called with parameters (like: 'sql_search.php?customQuery=1&sqlQuery=...&showQuery=...&showLinks=...')

  64. 	// If so, the parameter 'customQuery=1' will be set:

  65. 	if (isset($_REQUEST['customQuery']))
  66. 		$customQuery = $_REQUEST['customQuery']; // accept any previous SQL queries

  67. 	else
  68. 		$customQuery = "0";
  69. 

  70. 	if ($customQuery == "1") // the script was called with parameters

  71. 	{
  72. 		$sqlQuery = $_REQUEST['sqlQuery']; // accept any previous SQL queries

  73. 		$sqlQuery = stripSlashesIfMagicQuotes($sqlQuery); // function 'stripSlashesIfMagicQuotes()' is defined in 'include.inc.php'

  74. 

  75. 		$showQuery = $_REQUEST['showQuery']; // extract the $showQuery parameter

  76. 		if ("$showQuery" == "1")
  77. 			$checkQuery = " checked";
  78. 		else
  79. 			$checkQuery = "";
  80. 

  81. 		$showLinks = $_REQUEST['showLinks']; // extract the $showLinks parameter

  82. 		if ("$showLinks" == "1")
  83. 			$checkLinks = " checked";
  84. 		else
  85. 			$checkLinks = "";
  86. 

  87. 		$showRows = $_REQUEST['showRows']; // extract the $showRows parameter

  88. 

  89. 		$displayType = $_REQUEST['submit']; // extract the type of display requested by the user (either 'Display', 'Cite', 'List' or '')

  90. 		$citeStyle = $_REQUEST['citeStyle']; // get the cite style chosen by the user (only occurs in 'extract.php' form and in query result lists)

  91. 		$citeOrder = $_REQUEST['citeOrder']; // get the citation sort order chosen by the user (only occurs in 'extract.php' form and in query result lists)

  92. 	}
  93. 	else // if there was no previous SQL query provide the default one:

  94. 	{
  95. 		// default SQL query:

  96. 		// TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'

  97. 		$sqlQuery = buildSELECTclause("", "", "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'

  98. 

  99. 		if (isset($_SESSION['loginEmail']))
  100. 			$sqlQuery .= " FROM $tableRefs WHERE location RLIKE \"" . $loginEmail . "\" ORDER BY year DESC, author"; // '$loginEmail' is defined in function 'start_session()' (in 'include.inc.php')

  101. 		else
  102. 			$sqlQuery .= " FROM $tableRefs WHERE year &gt; 2001 ORDER BY year DESC, author";
  103. 

  104. 		$checkQuery = "";
  105. 		$checkLinks = " checked";
  106. 

  107. 		// Get the default number of records per page preferred by the current user:

  108. 		$showRows = $_SESSION['userRecordsPerPage'];
  109. 

  110. 		$displayType = ""; // ('' will produce the default view)

  111. 		$citeStyle = "";
  112. 		$citeOrder = "";
  113. 	}
  114. 

  115. 	// Show the login status:

  116. 	showLogin(); // (function 'showLogin()' is defined in 'include.inc.php')

  117. 

  118. 	// (2a) Display header:

  119. 	// call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):

  120. 	displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["SQLSearch"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
  121. 	showPageHeader($HeaderString);
  122. 

  123. 	// (2b) Start <form> and <table> holding the form elements:

  124. ?>

  125. 

  126. <form action="search.php" method="GET">
  127. <input type="hidden" name="formType" value="sqlSearch">
  128. <input type="hidden" name="submit" value="<?php echo $displayType; ?>">
  129. <input type="hidden" name="citeStyle" value="<?php echo rawurlencode($citeStyle); ?>">
  130. <input type="hidden" name="citeOrder" value="<?php echo $citeOrder; ?>">
  131. <table align="center" border="0" cellpadding="0" cellspacing="10" width="95%" summary="This table holds the search form">
  132. <tr>
  133. 	<td width="58" valign="top"><b><?php echo $loc["SQLQuery"]; ?>:</b></td>

  134. 	<td width="10">&nbsp;</td>
  135. 	<td colspan="2">
  136. 		<textarea name="sqlQuery" rows="6" cols="60"><?php echo $sqlQuery; ?></textarea>

  137. 	</td>
  138. </tr>
  139. <tr>
  140. 	<td valign="top"><b><?php echo $loc["DisplayOptions"]; ?>:</b></td>

  141. 	<td>&nbsp;</td>
  142. 	<td width="205" valign="top">
  143. 		<input type="checkbox" name="showLinks" value="1"<?php echo $checkLinks; ?>>&nbsp;&nbsp;&nbsp;<?php echo $loc["ShowLinks"]; ?>

  144. 

  145. 	</td>
  146. 	<td valign="top">
  147. 		<?php echo $loc["ShowRecordsPerPage_Prefix"]; ?>&nbsp;&nbsp;&nbsp;<input type="text" name="showRows" value="<?php echo $showRows; ?>" size="4" title="<?php echo $loc["DescriptionShowRecordsPerPage"]; ?>">&nbsp;&nbsp;&nbsp;<?php echo $loc["ShowRecordsPerPage_Suffix"]; ?>

  148. 

  149. 	</td>
  150. </tr>
  151. <tr>
  152. 	<td>&nbsp;</td>
  153. 	<td>&nbsp;</td>
  154. 	<td valign="top">
  155. 		<input type="checkbox" name="showQuery" value="1"<?php echo $checkQuery; ?>>&nbsp;&nbsp;&nbsp;<?php echo $loc["DisplaySQLquery"]; ?>

  156. 

  157. 	</td>
  158. 	<td valign="top">
  159. 		<?php echo $loc["ViewType"]; ?>:&nbsp;&nbsp;

  160. 		<select name="viewType">
  161. 			<option value="Web"><?php echo $loc["web"]; ?></option>

  162. 			<option value="Print"><?php echo $loc["print"]; ?></option>

  163. 			<option value="Mobile"><?php echo $loc["mobile"]; ?></option>

  164. 		</select>
  165. 	</td>
  166. </tr>
  167. <tr>
  168. 	<td>&nbsp;</td>
  169. 	<td>&nbsp;</td><?php
  170. 

  171. 	if (isset($_SESSION['user_permissions']) AND preg_match("/allow_sql_search/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_sql_search'...

  172. 	// adjust the title string for the search button

  173. 	{
  174. 		$sqlSearchButtonLock = "";
  175. 		$sqlSearchTitle = $loc["SearchVerbatim"];
  176. 	}
  177. 	else // Note, that disabling the submit button is just a cosmetic thing -- the user can still submit the form by pressing enter or by building the correct URL from scratch!

  178. 	{
  179. 		$sqlSearchButtonLock = " disabled";
  180. 		$sqlSearchTitle = $loc["NoPermission"] . $loc["NoPermission_ForSQL"];
  181. 	}
  182. ?>

  183. 

  184. 	<td colspan="2">
  185. 		<br>
  186. 		<input type="submit" value="<?php echo $loc["Search"]; ?>" title="<?php echo $sqlSearchTitle; ?>"<?php echo $sqlSearchButtonLock; ?>>

  187. 	</td>
  188. </tr>
  189. <tr>
  190. 	<td align="center" colspan="4">&nbsp;</td>
  191. </tr>
  192. <tr>
  193. 	<td valign="top"><b><?php echo $loc["Examples"]; ?>:</b></td>

  194. 	<td>&nbsp;</td>
  195. 	<td colspan="2">
  196. 		<code>SELECT author, title, year, publication FROM <?php echo $tableRefs; ?> WHERE publication = "Polar Biology" AND author RLIKE "Legendre|Ambrose" ORDER BY year DESC, author</code>

  197. 	</td>
  198. </tr>
  199. <tr>
  200. 	<td valign="top">&nbsp;</td>
  201. 	<td>&nbsp;</td>
  202. 	<td colspan="2">
  203. 		<code>SELECT serial, author, title, year, publication, volume FROM <?php echo $tableRefs; ?> ORDER BY serial DESC LIMIT 10</code>

  204. 	</td>
  205. </tr>
  206. <tr>
  207. 	<td valign="top"><b><?php echo $loc["Help"]; ?>:</b></td>

  208. 	<td>&nbsp;</td>
  209. 	<td colspan="2">
  210. 		<?php echo $loc["MySQL-Info"]; ?>

  211. 

  212. 	</td>
  213. </tr>
  214. </table>
  215. </form><?php
  216. 

  217. 	// --------------------------------------------------------------------

  218. 

  219. 	// DISPLAY THE HTML FOOTER:

  220. 	// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')

  221. 	showPageFooter($HeaderString);
  222. 

  223. 	displayHTMLfoot();
  224. 

  225. 	// --------------------------------------------------------------------

  226. ?>