"; } else { // Start a : $BrowseLinks = "\n"; // Start a row: $BrowseLinks .= "\n"; } if (preg_match("/^Mobile$/i", $viewType)) $BrowseLinks .= "\n\t"; elseif (preg_match("/^Print$/i", $viewType) OR preg_match("/^cli/i", $client)) $BrowseLinks .= "\n\t"; elseif (($href == "users.php") OR !isset($displayResultsFooterDefault[$displayType]) OR (isset($displayResultsFooterDefault[$displayType]) AND ($displayResultsFooterDefault[$displayType] != "hidden"))) { $BrowseLinks .= "\n\t"; } else // don't show the select/deselect links when the results footer is hidden { $BrowseLinks .= "\n\t"; } if (preg_match("/^Mobile$/i", $viewType)) $BrowseLinks .= "\n\t"; if (preg_match("/^Mobile$/i", $viewType)) $BrowseLinks .= "\n\t" . "\n" . "\n

" . $loc["Home"] . "

" . "\n\t\t" . $loc["SelectAll"] . "   " . "\n\t\t" . $loc["DeselectAll"] . "" . "\n\t

"; // a) If there's a page range below the one currently shown, // create a "[xx-xx]" link (linking directly to the previous range of pages): if ($pageOffset > "0") { $previousRangeFirstPage = ($pageOffset - $maxPageNo + 1); // calculate the first page of the previous page range $previousRangeLastPage = ($previousRangeFirstPage + $maxPageNo - 1); // calculate the last page of the previous page range $BrowseLinks .= "\n\t\t[" . $previousRangeFirstPage . "–" . $previousRangeLastPage . "] "; } // b) Are there any previous pages? if ($rowOffset > 0) // Yes, so create a previous link $BrowseLinks .= "\n\t\t<<"; else // No, there is no previous page so don't print a link $BrowseLinks .= "\n\t\t<<"; // c) Output the page numbers as links: // Count through the number of pages in the results: for($x=($pageOffset * $showRows), $page=($pageOffset + 1); $x<$rowsFound && $page <= ($pageOffset + $maxPageNo); $x+=$showRows, $page++) // Is this the current page? if ($x < $rowOffset || $x > ($rowOffset + $showRows - 1)) // No, so print out a link $BrowseLinks .= " \n\t\t" . $page . ""; else // Yes, so don't print a link $BrowseLinks .= " \n\t\t$page"; // current page is set in BOLD $BrowseLinks .= " "; // d) Are there any Next pages? if ($rowsFound > $nextOffset) // Yes, so create a next link $BrowseLinks .= "\n\t\t>>"; else // No, there is no next page so don't print a link $BrowseLinks .= "\n\t\t>>"; // e) If there's a page range above the one currently shown, // create a "[xx-xx]" link (linking directly to the next range of pages): if ($pageOffset < ($lastPage - $maxPageNo)) { $nextRangeFirstPage = ($pageOffset + $maxPageNo + 1); // calculate the first page of the next page range $nextRangeLastPage = ($nextRangeFirstPage + $maxPageNo - 1); // calculate the last page of the next page range if ($nextRangeLastPage > $lastPage) $nextRangeLastPage = $lastPage; // adjust if this is the last range of pages and if it doesn't go up to the max allowed no of pages $BrowseLinks .= "\n\t\t [" . $nextRangeFirstPage . "–" . $nextRangeLastPage . "]"; } if (preg_match("/^Mobile$/i", $viewType)) $BrowseLinks .= "\n\t"; else $BrowseLinks .= "\n\t

"; // Add view links: $viewLinksArray = array(); if (($href == "search.php") AND !preg_match("/^Browse$/i", $displayType) AND !preg_match("/^Mobile$/i", $viewType)) { if (isset($_SESSION['user_permissions']) AND preg_match("/allow_list_view/", $_SESSION['user_permissions'])) { if (preg_match("/^(Cite|Display)$/i", $displayType)) // display a link to List view: { // Replace current SELECT clause with one that's appropriate for List view: if (isset($_SESSION['lastListViewQuery'])) $listViewSelectClause = "SELECT " . extractSELECTclause($_SESSION['lastListViewQuery']); // get SELECT clause from any previous List view query else $listViewSelectClause = buildSELECTclause("List", $showLinks, "", false, false); // produce the default columnar output style $listViewQuery = newSELECTclause($listViewSelectClause, $query); // replace SELECT clause in current query and URL encode query // f) create a 'List View' link that will show the currently displayed result set in List view: $viewLinksArray[] = " " . $loc["ListView"] . " "; } else $viewLinksArray[] = " " . $loc["ListView"] . " "; } if (isset($_SESSION['user_permissions']) AND preg_match("/allow_cite/", $_SESSION['user_permissions'])) { if (!preg_match("/^Cite$/i", $displayType)) // display a link to Citation view: { // Replace current SELECT clause with one that's appropriate for Citation view: $citeViewSelectClause = buildSELECTclause("Cite", $showLinks, "", false, false); // select all fields required to build proper record citations $citeViewQuery = newSELECTclause($citeViewSelectClause, $query); // replace SELECT clause in current query and URL encode query // g) create a 'Citations' link that will show the currently displayed result set in Citation view: $viewLinksArray[] = " " . $loc["Citations"] . " "; } else $viewLinksArray[] = " " . $loc["Citations"] . " "; } if (isset($_SESSION['user_permissions']) AND preg_match("/allow_details_view/", $_SESSION['user_permissions'])) { if (!preg_match("/^Display$/i", $displayType)) // display a link to Details view: { // Replace current SELECT clause with one that's appropriate for Details view: if (isset($_SESSION['lastDetailsViewQuery'])) $detailsViewSelectClause = "SELECT " . extractSELECTclause($_SESSION['lastDetailsViewQuery']); // get SELECT clause from previous Details view query (if any) else $detailsViewSelectClause = buildSELECTclause("Display", $showLinks, "", false, false); // select all fields required to display record details $detailsViewQuery = newSELECTclause($detailsViewSelectClause, $query); // replace SELECT clause in current query and URL encode query // h) create a 'Details' link that will show the currently displayed result set in Details view: $viewLinksArray[] = " " . $loc["Details"] . " "; } else $viewLinksArray[] = " " . $loc["Details"] . " "; } if (count($viewLinksArray) > 1) $BrowseLinks .= "\n\t\t " . "\n\t\t\t" . implode("\n\t\t\t | ", $viewLinksArray) . "\n\t\t "; } // Note: we omit 'Web/Print View' links for include mechanisms! if (!preg_match("/^inc/i", $client)) { $BrowseLinks .= "\n\t\t"; if (count($viewLinksArray) > 1) $BrowseLinks .= "   "; if (preg_match("/^(Print|Mobile)$/i", $viewType)) { // i) create a 'Web View' link that will show the currently displayed result set in web view: $BrowseLinks .= ""; } else { if (isset($_SESSION['user_permissions']) AND preg_match("/allow_print_view/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_print_view'... // j) create a 'Print View' link that will show the currently displayed result set in print view: $BrowseLinks .= ""; } } if (preg_match("/^Mobile$/i", $viewType)) { $BrowseLinks .= "\n\t" . "\n"; } else { $BrowseLinks .= "\n\t

"; } return $BrowseLinks; } // -------------------------------------------------------------------- // BUILD QUICK SEARCH ELEMENTS // (i.e., generate the "Quick Search" form) function buildQuickSearchElements($query, $queryURL, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $displayType) { global $tableRefs; // defined in 'db.inc.php' global $loc; // '$loc' is made globally available in 'core.php' global $client; if (!preg_match("/^SELECT/i", $queryURL) OR !preg_match("/%20FROM%20" . $tableRefs . "%20/i", $queryURL)) // only include SELECT queries that query table 'refs' $queryURL = ""; // this excludes e.g. queries that query table 'users' $encodedCiteStyle = rawurlencode($citeStyle); $encodedClient = rawurlencode($client); $accessKeyAttribute = addAccessKey("attribute", "qck_search"); $accessKeyTitle = addAccessKey("title", "qck_search"); // extract the first field from the 'WHERE' clause: if (preg_match("/ WHERE [ ()]*(\w+)/i", $query)) $firstField = preg_replace("/.+ WHERE [ ()]*(\w+).*/i", "\\1", $query); else $firstField = ""; // build HTML elements that allow for search suggestions for text entered by the user: if (isset($_SESSION['userAutoCompletions']) AND ($_SESSION['userAutoCompletions'] == "yes")) $suggestElements = buildSuggestElements("quickSearchName", "quickSearchSuggestions", "quickSearchSuggestProgress", "id-quickSearchSelector-", "\t\t\t\t\t\t"); else $suggestElements = ""; // add the "Quick Search" form: $quickSearchForm = <<

$loc[QuickSearch]:

$loc[Field]: EOF; // build correct option tags: $userMainFieldsArray = preg_split("/ *, */", $_SESSION['userMainFields']); // get the list of "main fields" preferred by the current user $dropDownFieldNameArray = array("main_fields" => $loc["DropDownFieldName_MainFields"]); foreach($userMainFieldsArray as $userMainField) { // generate the variable name of the correct '$loc' locale for this field: $dropDownFieldNameLocale = preg_replace_callback("/_(\w)/", function($matches){ foreach($matches as $match){ return ucfirst($match); } }, $userMainField); $dropDownFieldNameLocale = "DropDownFieldName_" . ucfirst($dropDownFieldNameLocale); // add this field's name and localized string to the array of fields that will be included in the "Quick Search" drop-down menu: $dropDownFieldNameArray[$userMainField] = $loc[$dropDownFieldNameLocale]; } $optionTags = buildSelectMenuOptions($dropDownFieldNameArray, "//", "\t\t\t\t\t\t\t", true); if (!empty($firstField) AND in_array($firstField, $userMainFieldsArray)) // if the first field from the 'WHERE' clause is one of the main fields $quickSearchForm .= preg_replace("/]* value=\"$firstField\")/", " tag else $quickSearchForm .= preg_replace("/]*)>" . $loc["DropDownFieldName_MainFields"] . "/", "" . $loc["DropDownFieldName_MainFields"], $optionTags); // select the 'main fields' menu entry ... $quickSearchForm .= << $loc[contains]: $suggestElements

EOF; return $quickSearchForm; } // -------------------------------------------------------------------- // BUILD REFINE SEARCH ELEMENTS // (i.e., provide options to refine the search results) function buildRefineSearchElements($href, $queryURL, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $dropDownFieldsArray, $dropDownFieldSelected, $displayType) { global $loc; // '$loc' is made globally available in 'core.php' global $client; $encodedCiteStyle = rawurlencode($citeStyle); $encodedClient = rawurlencode($client); $accessKeyAttribute = addAccessKey("attribute", "refine"); $accessKeyTitle = addAccessKey("title", "refine"); // build HTML elements that allow for search suggestions for text entered by the user: if (($href == "search.php") AND (isset($_SESSION['userAutoCompletions']) AND ($_SESSION['userAutoCompletions'] == "yes"))) $suggestElements = buildSuggestElements("refineSearchName", "refineSearchSuggestions", "refineSearchSuggestProgress", "id-refineSearchSelector-", "\t\t\t\t\t"); else $suggestElements = ""; $refineSearchForm = <<

$loc[SearchWithinResults]:

$loc[Field]: EOF; // build correct option tags from the column items provided: $optionTags = buildSelectMenuOptions($dropDownFieldsArray, "//", "\t\t\t\t\t\t", true); $optionTags = preg_replace("/]* value=\"$dropDownFieldSelected\")/", " $loc[contains]: $suggestElements

$loc[ExcludeMatches]

EOF; return $refineSearchForm; } // -------------------------------------------------------------------- // BUILD USER GROUP FORM ELEMENTS // (i.e., provide options to show the user's personal reference groups -OR- the admin's user groups) // Note: this function serves two purposes (which must not be confused!): // - if "$href = search.php", it will modify the values of the 'user_groups' field of the 'user_data' table (where a user can assign one or more groups to particular *references*) // - if "$href = users.php", this function will modify the values of the 'user_groups' field of the 'users' table (where the admin can assign one or more groups to particular *users*) function buildGroupSearchElements($href, $queryURL, $query, $showQuery, $showLinks, $showRows, $citeStyle, $citeOrder, $displayType) { global $loc; // '$loc' is made globally available in 'core.php' global $client; if (preg_match("/.+user_groups RLIKE \"[()|^.;* ]+[^;]+?[()|$.;* ]+\"/i", $query)) // if the query does contain a 'WHERE' clause that searches for a particular user group // TODO: improve the legibility & robustness of the below regex pattern (yes, it's ugly) $currentGroup = preg_replace("/.+user_groups RLIKE \"(?:\[:(?:space|punct):\]|[()|^.;* \]\[])+([^;]+?(?:\[\^\[:space:\]\[:punct:\]\]\*)?)(?:\[:(?:space|punct):\]|[()|$.;* \]\[])+\".*/i", "\\1", $query); // extract the particular group name else $currentGroup = ""; // show the 'Show My Groups' form: // - if the admin is logged in and calls 'users.php' (since only the admin will be allowed to call 'users.php', checking '$href' is sufficient here) -OR- // - if a user is logged in AND the 'user_permissions' session variable contains 'allow_user_groups' if (($href == "users.php") OR (isset($_SESSION['loginEmail']) AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_user_groups/", $_SESSION['user_permissions'])))) { if (($href == "search.php" AND isset($_SESSION['userGroups'])) OR ($href == "users.php" AND isset($_SESSION['adminUserGroups']))) // if the appropriate session variable is set { $groupSearchDisabled = ""; $groupSearchSelectorTitle = $loc["DescriptionSelectFieldGroupsForm"]; $groupSearchButtonTitle = $loc["DescriptionShowButtonGroupsForm"]; } else { $groupSearchDisabled = " disabled"; // disable the 'Show My Groups' form if the session variable holding the user's groups isnt't available $groupSearchSelectorTitle = "(" . $loc["DescriptionSelectFieldGroupsFormDisabled"] . ")"; $groupSearchButtonTitle = "(" . $loc["DescriptionShowButtonGroupsFormDisabled"] . ")"; } // adjust the form & dropdown labels according to the calling script (which is either 'search.php' or 'users.php') if ($href == "search.php") { $formLegend = $loc["ShowMyGroup"] . ":"; $dropdownLabel = $loc["My"] . ":"; } elseif ($href == "users.php") { $formLegend = $loc["ShowUserGroup"] . ":"; $dropdownLabel = $loc["Users"] . ":"; } else // currently, '$href' will be either 'search.php' or 'users.php', but anyhow { $formLegend = $loc["ShowGroup"] . ":"; $dropdownLabel = ""; } $encodedCiteStyle = rawurlencode($citeStyle); $encodedClient = rawurlencode($client); $groupSearchForm = <<

$formLegend

$dropdownLabel EOF; if (($href == "search.php" AND isset($_SESSION['userGroups'])) OR ($href == "users.php" AND isset($_SESSION['adminUserGroups']))) // if the appropriate session variable is set { // build properly formatted tag elements from the items listed in the appropriate session variable: if ($href == "search.php") $optionTags = buildSelectMenuOptions($_SESSION['userGroups'], "/ *; */", "\t\t\t\t\t\t", false); elseif ($href == "users.php") $optionTags = buildSelectMenuOptions($_SESSION['adminUserGroups'], "/ *; */", "\t\t\t\t\t\t", false); if (!empty($currentGroup)) // if the current SQL query contains a 'WHERE' clause that searches for a particular user group $optionTags = preg_replace("/(?=$currentGroup<\\/option>)/i", "", $optionTags); // we select that group by adding the 'selected' parameter to the appropriate tag $groupSearchForm .= $optionTags; } else $groupSearchForm .= "($loc[NoGroupsAvl])"; $groupSearchForm .= <<

EOF; } else $groupSearchForm = ""; return $groupSearchForm; } // -------------------------------------------------------------------- // BUILD DISPLAY OPTIONS FORM ELEMENTS // (i.e., provide options to show/hide columns or change the number of records displayed per page) function buildDisplayOptionsElements($href, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $citeStyle, $citeOrder, $dropDownFieldsArray, $dropDownFieldSelected, $fieldsToDisplay, $displayType, $headerMsg) { global $loc; // '$loc' is made globally available in 'core.php' global $client; if ($displayType == "Browse") { $submitValue = $loc["ButtonTitle_Browse"]; $submitTitle = $loc["DescriptionShowButtonDisplayOptionsFormBrowseView"]; $selectorDivID = "optShowHideField"; $selectorID = "displayOptionsSelector"; $selectorLabel = $loc["Field"] . ":"; $selectorTitle = $loc["DescriptionSelectFieldDisplayOptionsFormBrowseView"]; $showRowsLabel = $loc["ShowRecordsPerPage_SuffixBrowseView"]; $showRowsTitle = $loc["DescriptionShowRecordsPerPageBrowseView"]; } elseif ($displayType == "Cite") { $submitValue = $loc["ButtonTitle_Show"]; $submitTitle = $loc["DescriptionShowButtonDisplayOptionsFormCiteView"]; $selectorDivID = "optCiteStyle"; $selectorID = "citeStyle"; $selectorLabel = $loc["Style"] . ":"; $selectorTitle = $loc["DescriptionSelectStyleDisplayOptionsFormCiteView"]; $showRowsLabel = $loc["ShowRecordsPerPage_SuffixCiteView"]; $showRowsTitle = $loc["DescriptionShowRecordsPerPage"]; } elseif ($displayType == "Display") { $submitValue = $loc["ButtonTitle_Show"]; $submitTitle = $loc["DescriptionShowButtonDisplayOptionsFormDetailsView"]; $selectorDivID = "optShowHideField"; $selectorID = "displayOptionsSelector"; $selectorLabel = $loc["Field"] . ":"; $selectorTitle = $loc["DescriptionSelectFieldDisplayOptionsFormDetailsView"]; $showRowsLabel = $loc["ShowRecordsPerPage_Suffix"]; $showRowsTitle = $loc["DescriptionShowRecordsPerPage"]; } else { $submitValue = $loc["ButtonTitle_Show"]; $submitTitle = $loc["DescriptionShowButtonDisplayOptionsForm"]; $selectorDivID = "optShowHideField"; $selectorID = "displayOptionsSelector"; $selectorLabel = $loc["Field"] . ":"; $selectorTitle = $loc["DescriptionSelectFieldDisplayOptionsForm"]; $showRowsLabel = $loc["ShowRecordsPerPage_Suffix"]; $showRowsTitle = $loc["DescriptionShowRecordsPerPage"]; } if (($displayType != "Cite") AND ($fieldsToDisplay < 2)) { $hideButtonDisabled = " disabled"; // disable the 'Hide' button if there's currently only one field being displayed (except the links column) $hideButtonTitle = "(" . $loc["DescriptionHideButtonDisplayOptionsFormOnlyOneField"] . ")"; } else { $hideButtonDisabled = ""; if ($displayType == "Display") $hideButtonTitle = $loc["DescriptionHideButtonDisplayOptionsFormDetailsView"]; else $hideButtonTitle = $loc["DescriptionHideButtonDisplayOptionsForm"]; } if (($displayType == "Cite") AND (!isset($_SESSION['user_styles']))) $citeStyleDisabled = " disabled"; // for Citation view, disable the style popup if the session variable holding the user's styles isn't available else $citeStyleDisabled = ""; $encodedCiteStyle = rawurlencode($citeStyle); $encodedClient = rawurlencode($client); $encodedHeaderMsg = rawurlencode($headerMsg); $accessKeyAttribute = addAccessKey("attribute", "max_rows"); $accessKeyTitle = addAccessKey("title", "max_rows"); // NOTE: we embed the current value of '$rowOffset' as hidden tag within the 'displayOptions' form. By this, the current row offset can be re-applied after the user pressed the 'Show'/'Hide' button within the 'displayOptions' form. // To avoid that browse links don't behave as expected, the actual value of '$rowOffset' will be adjusted in function 'seekInMySQLResultsToOffset()' to an exact multiple of '$showRows'! $displayOptionsForm = <<

$loc[DisplayOptions]:

$selectorLabel EOF; // build correct option tags from the column items provided: $optionTags = buildSelectMenuOptions($dropDownFieldsArray, "//", "\t\t\t\t\t\t\t", true); $optionTags = preg_replace("/]* value=\"$dropDownFieldSelected\")/", " EOF; $displayOptionsForm .= << EOF; if (!preg_match("/^(Browse|Cite)$/i", $displayType)) $displayOptionsForm .= "\n\t\t\t\t\t\t"; $displayOptionsForm .= <<

EOF; if ($displayType == "Cite") { $displayOptionsForm .= << $loc[SortBy]: EOF; // build correct option tags for the "Sort by" ('citeOrder') dropdown menu (and select the currently chosen option): $citeOrderItemsArray = array("author" => $loc["DropDownFieldName_Author"], "year" => $loc["DropDownFieldName_Year"], "type" => $loc["DropDownFieldName_Type"], "type-year" => $loc["DropDownFieldName_TypeYear"], "creation-date" => $loc["DropDownFieldName_CreationDate"]); $citeOrderOptionTags = buildSelectMenuOptions($citeOrderItemsArray, "//", "\t\t\t\t\t\t\t", true); if (isset($citeOrderItemsArray[$citeOrder])) $citeOrderOptionTags = preg_replace("/]*)>(" . $citeOrderItemsArray[$citeOrder] . ")<\\/option>/", "\\2", $citeOrderOptionTags); // add 'selected' attribute to the currently chosen 'citeOrder' option else // add & select a "(custom order)" option (which indicates that the current sort order matches none of the above 'citeOrder' options): $citeOrderOptionTags = "\n\t\t\t\t\t\t\t(" . $loc["DropDownFieldName_Custom"] . ")" . $citeOrderOptionTags; $displayOptionsForm .= $citeOrderOptionTags; $displayOptionsForm .= << EOF; } $displayOptionsForm .= << $showRowsLabel

EOF; return $displayOptionsForm; } // -------------------------------------------------------------------- // BUILD SUGGEST ELEMENTS // (i.e., provide HTML elements that will generate auto-completions or search suggestions for text entered by the user in text entry fields) // requires the Prototype & script.aculo.us JavaScript frameworks: and // more info about 'Ajax.Autocompleter': // // NOTE: I don't know how to pass custom values (such as the CQL index) to the callback function. Therefore, I'm using a dirty hack here where I add // '$CQLIndex' (i.e. an "id-" prefix plus the ID of the HTML form element that contains the selected field) at the beginning of the query parameter // ('paramName'). This ID is required by the callback function to fetch the name of the currently selected refbase field. function buildSuggestElements($searchFieldID, $searchSuggestionsID, $suggestProgressID, $CQLIndex, $prefix = "\t\t", $tokens = "''", $frequency = 0.8, $minChars = 2, $callBack = "addCQLIndex", $suggestURL = "opensearch.php", $paramName = "query", $parameters = "operation=suggest&recordSchema=html") { global $contentTypeCharset; // defined in 'ini.inc.php' $suggestElements = <<... $prefix

$prefix EOF; return $suggestElements; } // -------------------------------------------------------------------- // Build the database query from user input provided by the "Search within Results" or "Display Options" forms // above the query results list (which, in turn, was returned by 'search.php' or 'users.php', respectively): // TODO: - build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()' function extractFormElementsRefineDisplay($queryTable, $displayType, $originalDisplayType, $query, $showLinks, $citeOrder, $userID) { global $tableRefs, $tableUserData, $tableUsers; // defined in 'db.inc.php' global $loc; // '$loc' is made globally available in 'core.php' $encodedDisplayType = encodeHTML($displayType); // note that we need to HTML encode '$displayType' for comparison with the HTML encoded locales // extract form variables: if ($encodedDisplayType == $loc["ButtonTitle_Search"]) // the user clicked the 'Search' button of the "Search within Results" form { $fieldSelector = $_REQUEST['refineSearchSelector']; // extract field name chosen by the user $refineSearchName = $_REQUEST['refineSearchName']; // extract search text entered by the user if (isset($_REQUEST['refineSearchExclude'])) // extract user option whether matched records should be included or excluded $refineSearchActionCheckbox = $_REQUEST['refineSearchExclude']; // the user marked the checkbox next to "Exclude matches" else $refineSearchActionCheckbox = "0"; // the user did NOT mark the checkbox next to "Exclude matches" } elseif (preg_match("/^(" . $loc["ButtonTitle_Show"] . "|" . $loc["ButtonTitle_Hide"] . "|" . $loc["ButtonTitle_Browse"] . ")$/", $encodedDisplayType)) // the user clicked either the 'Browse' or 'Show'/'Hide' buttons of the "Display Options" form // (hitting within the 'ShowRows' text entry field of the "Display Options" form will act as if the user clicked the 'Browse'/'Show' button) { if (isset($_REQUEST['displayOptionsSelector'])) $fieldSelector = $_REQUEST['displayOptionsSelector']; // extract field name chosen by the user else $fieldSelector = ""; } else $fieldSelector = ""; // this avoids 'Undefined variable...' messages when a user has changed the language setting on the options page, and then reloads an existing page (whose URL still has a 'submit' value in the previously used language) // extract the fields of the SELECT clause from the current SQL query: $previousSelectClause = extractSELECTclause($query); // ensure to add any required fields to the SELECT clause: if ($queryTable == $tableRefs) // 'search.php': $addRequiredFields = true; elseif ($queryTable == $tableUsers) // 'users.php': $addRequiredFields = false; // we'll add any required fields to the 'users.php' SELECT clause below // TODO: this wouldn't be necessary if function 'buildSELECTclause()' would handle the requirements of 'users.php' $additionalFields = ""; if ($encodedDisplayType == $loc["ButtonTitle_Search"]) { // rebuild the current SELECT clause: $newSelectClause = buildSELECTclause($originalDisplayType, $showLinks, $additionalFields, false, $addRequiredFields, $previousSelectClause); // replace current SELECT clause: $query = newSELECTclause($newSelectClause, $query, false); if ($refineSearchName != "") // if the user typed a search string into the text entry field... { // Depending on the chosen output action, construct an appropriate SQL query: if ($refineSearchActionCheckbox == "0") // if the user did NOT mark the checkbox next to "Exclude matches" { // for the fields 'marked=no', 'copy=false' and 'selected=no', force NULL values to be matched: if (($fieldSelector == "marked" AND $refineSearchName == "no") OR ($fieldSelector == "copy" AND $refineSearchName == "false") OR ($fieldSelector == "selected" AND $refineSearchName == "no")) $query = preg_replace("/ WHERE /i", " WHERE ($fieldSelector RLIKE " . quote_smart($refineSearchName) . " OR $fieldSelector IS NULL) AND ", $query); // ...add search field name & value to the SQL query else // add default 'WHERE' clause: $query = preg_replace("/ WHERE /i", " WHERE $fieldSelector RLIKE " . quote_smart($refineSearchName) . " AND ", $query); // ...add search field name & value to the SQL query } else // $refineSearchActionCheckbox == "1" // if the user marked the checkbox next to "Exclude matches" { $query = preg_replace("/ WHERE /i", " WHERE ($fieldSelector NOT RLIKE " . quote_smart($refineSearchName) . " OR $fieldSelector IS NULL) AND ", $query); // ...add search field name & value to the SQL query } $query = preg_replace('/ AND serial RLIKE "\.\+"/i', '', $query); // remove any 'AND serial RLIKE ".+"' which isn't required anymore } // else, if the user did NOT type a search string into the text entry field, we simply keep the old WHERE clause... } elseif (preg_match("/^(" . $loc["ButtonTitle_Show"] . "|" . $loc["ButtonTitle_Hide"] . ")$/", $encodedDisplayType)) // the user clicked the 'Show'/'Hide' buttons of the "Display Options" form { if (preg_match("/^Cite$/i", $originalDisplayType)) // in case of Citation view, we regenerate the SELECT clause from scratch: { // generate a SELECT clause that's appropriate for Citation view (or Details view): $newSelectClause = buildSELECTclause($originalDisplayType, $showLinks, $additionalFields, false, $addRequiredFields); // rebuild the current ORDER clause: if (preg_match("/^(author|year|type|type-year|creation-date)$/i", $citeOrder)) { if ($citeOrder == "year") // sort records first by year (descending): $newORDER = "ORDER BY year DESC, first_author, author_count, author, title"; elseif ($citeOrder == "type") // sort records first by record type and thesis type (descending): $newORDER = "ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title"; elseif ($citeOrder == "type-year") // sort records first by record type and thesis type (descending), then by year (descending): $newORDER = "ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title"; elseif ($citeOrder == "creation-date") // sort records such that newly added/edited records get listed top of the list: $newORDER = "ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC"; elseif ($citeOrder == "author") // supply the default ORDER BY pattern (which is suitable for citation in a journal etc.): $newORDER = "ORDER BY first_author, author_count, author, year, title"; // replace current ORDER clause: $query = newORDERclause($newORDER, $query, false); } // else if any other or no '$citeOrder' parameter is specified, we keep the current ORDER BY clause // NOTE: this behaviour is different from functions 'extractFormElementsQueryResults()' and 'extractFormElementsExtract()' // where we always use 'ORDER BY first_author, author_count, author, year, title' as default ORDER BY clause // (to ensure correct sorting for output to bibliographic reference lists) } elseif (preg_match("/^Display$/i", $originalDisplayType)) // Details view { // NOTE: the below code for displaying & hiding of fields in Details view must be adopted if either layout or field names are changed! $fieldsList = ""; if ($fieldSelector == "all fields") { // generate a SELECT clause that shows all fields in Details view: $newSelectClause = buildSELECTclause($originalDisplayType, $showLinks, $additionalFields, true, $addRequiredFields); } else // add (or remove) the chosen fields from the SELECT clause: { if ($encodedDisplayType == $loc["ButtonTitle_Show"]) // if the user clicked the 'Show' button, add the chosen fields to the SELECT clause: { $matchField = "pages"; if ($fieldSelector == "keywords, abstract") { $fieldsList = ", keywords, abstract"; } elseif ($fieldSelector == "additional fields") { $fieldsList = ", address, corporate_author, thesis, publisher, place, editor, language, summary_language, orig_title, series_editor, series_title, abbrev_series_title, series_volume, series_issue, edition, issn, isbn, medium, area, expedition, conference, notes, approved"; if (isset($_SESSION['loginEmail'])) $fieldsList .= ", location"; // we only add the 'location' field if the user is logged in if (preg_match("/\babstract\b/i", $previousSelectClause)) $matchField = "abstract"; } elseif ($fieldSelector == "my fields") { $fieldsList = ", marked, copy, selected, user_keys, user_notes, user_file, user_groups, cite_key"; if (preg_match("/\bserial\b/i", $previousSelectClause)) $matchField = "serial"; elseif (preg_match("/\babstract\b/i", $previousSelectClause)) $matchField = "abstract"; } if ((!empty($fieldsList)) AND (!preg_match("/\b" . $fieldsList . "\b/i", $previousSelectClause))) // if none of the chosen fields are currently displayed... $previousSelectClause = preg_replace("/(?<=\b" . $matchField . "\b)/i", $fieldsList, $previousSelectClause); // ...add the chosen fields to the current SELECT clause: } if ($encodedDisplayType == $loc["ButtonTitle_Hide"]) // if the user clicked the 'Hide' button, remove the chosen fields from the SELECT clause: { if ($fieldSelector == "keywords, abstract") $fieldsList = "\b(keywords|abstract)\b"; elseif ($fieldSelector == "additional fields") $fieldsList = "\b(corporate_author|thesis|address|publisher|place|editor|language|summary_language|orig_title|series_editor|series_title|abbrev_series_title|series_volume|series_issue|edition|issn|isbn|medium|area|expedition|conference|notes|approved|location)\b"; elseif ($fieldSelector == "my fields") $fieldsList = "\b(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key)\b"; if ((!empty($fieldsList)) AND (preg_match("/\b" . $fieldsList . "\b/i", $previousSelectClause))) // ...and any of the chosen fields *are* currently displayed... { // ...remove the chosen fields from the fields given in the current SELECT clause: $previousSelectClause = preg_replace("/ *, *" . $fieldsList . " */i", "", $previousSelectClause); // all columns except the first $previousSelectClause = preg_replace("/ *" . $fieldsList . " *, */i", "", $previousSelectClause); // all columns except the last } } // rebuild the current SELECT clause, but include (or exclude) the chosen fields: $newSelectClause = buildSELECTclause($originalDisplayType, $showLinks, $additionalFields, false, $addRequiredFields, $previousSelectClause); } } else // otherwise, i.e. for List view, add (or remove) the chosen field from the SELECT clause: { if ($encodedDisplayType == $loc["ButtonTitle_Show"]) // if the user clicked the 'Show' button... { if (!preg_match("/\b" . $fieldSelector . "\b/i", $previousSelectClause)) // ...and the chosen field is *not* already displayed... $additionalFields = $fieldSelector; // ...add the chosen field to the current SELECT clause } elseif ($encodedDisplayType == $loc["ButtonTitle_Hide"]) // if the user clicked the 'Hide' button... { if (preg_match("/\b" . $fieldSelector . "\b/i", $previousSelectClause)) // ...and the chosen field *is* currently displayed... { // ...remove the chosen field from the fields given in the current SELECT clause: $previousSelectClause = preg_replace("/ *, *\b" . $fieldSelector . "\b */i", "", $previousSelectClause); // all columns except the first $previousSelectClause = preg_replace("/ *\b" . $fieldSelector . "\b *, */i", "", $previousSelectClause); // all columns except the last } } // rebuild the current SELECT clause, but include (or exclude) the chosen field: $newSelectClause = buildSELECTclause("", $showLinks, $additionalFields, false, $addRequiredFields, $previousSelectClause); } // replace current SELECT clause: $query = newSELECTclause($newSelectClause, $query, false); } // TODO: don't manipulate the SQL query in '$query' directly, but instead use functions 'extractSELECTclause()' and 'buildSELECTclause()' (similar as above) elseif ($encodedDisplayType == $loc["ButtonTitle_Browse"]) // if the user clicked the 'Browse' button within the "Display Options" form... { $previousField = preg_replace("/^SELECT (\w+).+/i", "\\1", $query); // extract the field that was previously used in Browse view if (!preg_match("/^" . $fieldSelector . "$/i", $previousField)) // if the user did choose another field in Browse view... { // ...modify the SQL query to show a summary for the new field that was chosen by the user: // (NOTE: these replace patterns aren't 100% safe and may fail if the user has modified the query using 'sql_search.php'!) $query = preg_replace("/^SELECT $previousField/i", "SELECT $fieldSelector", $query); // use the field that was chosen by the user for Browse view $query = preg_replace("/GROUP BY $previousField/i", "GROUP BY $fieldSelector", $query); // group data by the field that was chosen by the user $query = preg_replace("/ORDER BY( records( DESC)?,)? $previousField/i", "ORDER BY\\1 $fieldSelector", $query); // order data by the field that was chosen by the user } } // re-establish the original display type: // (resetting '$displayType' to its original value is required for Browse view; for List view, it does also correct incorrect // display types such as 'Search' or 'Show'/'Hide' which stem from the submit buttons in the forms of the results header) $displayType = $originalDisplayType; // the following changes to the SQL query are performed for both forms ("Search within Results" and "Display Options"): if ($queryTable == $tableRefs) // 'search.php': { // if the chosen field is one of the user-specific fields from table 'user_data': 'marked', 'copy', 'selected', 'user_keys', 'user_notes', 'user_file', 'user_groups', 'cite_key' or 'related' if (preg_match("/^(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related|my fields)$/i", $fieldSelector)) // 'my fields' is used in Details view as an alias for all user-specific fields if (!preg_match("/LEFT JOIN $tableUserData/i", $query)) // ...and if the 'LEFT JOIN...' statement isn't already part of the 'FROM' clause... $query = preg_replace("/ FROM $tableRefs/i", " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = $userID", $query); // ...add the 'LEFT JOIN...' part to the 'FROM' clause } elseif ($queryTable == $tableUsers) // 'users.php': { // TODO: this wouldn't be necessary if function 'buildSELECTclause()' would handle the requirements of 'users.php' (see also above) $query = preg_replace("/ FROM $tableUsers/i", ", user_id FROM $tableUsers", $query); // add 'user_id' column (although it won't be visible the 'user_id' column gets included in every search query) // (which is required in order to obtain unique checkbox names as well as for use in the 'getUserID()' function) } return array($query, $displayType); } // -------------------------------------------------------------------- // SPLIT AND MERGE AGAIN // This function takes a string and splits it on '$splitDelim' into an array, // then re-joins the pieces inserting '$joinDelim' as separator). // Note: The split pattern must be specified as perl-style regular expression // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function splitAndMerge($splitDelim, $joinDelim, $sourceString) { // split the string on the specified delimiter (which is interpreted as perl-style regular expression!): $piecesArray = preg_split($splitDelim, $sourceString); // re-join the array with the specified separator: $newString = implode($joinDelim, $piecesArray); return $newString; } // -------------------------------------------------------------------- // EXTRACT PARTS FROM STRING // This function takes a '$sourceString', splits it on '$splitDelim' and returns // x parts from the beginning (if x > 0) or the end (if x < 0) of the string // (x must be given in '$returnParts'); parts will be returned as a merged string // using '$joinDelim' as delimiter. // Note: The split pattern must be specified as perl-style regular expression // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function extractPartsFromString($sourceString, $splitDelim, $joinDelim, $returnParts) { // split the string on the specified delimiter (which is interpreted as perl-style regular expression!): $piecesArray = preg_split($splitDelim, $sourceString); if ($returnParts > 0) $spliceFromElementNo = 0; // splice from beginning of array else // ($returnParts < 0) { $spliceFromElementNo = $returnParts; // splice from end of array $returnParts = abs($returnParts); } // extracts parts from array: $extractedPiecesArray = array_splice($piecesArray, $spliceFromElementNo, $returnParts); // 'array_splice()' returns array with extracted elements // re-join the array with the specified separator: $newString = implode($joinDelim, $extractedPiecesArray); return $newString; } // -------------------------------------------------------------------- // RE-ARRANGE AUTHOR FIELD CONTENTS // (this function separates contents of the author field into their functional parts, i.e.: // { // {author_name}, {author_initial(s)} // } // { // {author_name}, {author_initial(s)} // } // { // ... // } // then, these functional pieces will be joined again according to the separators specified) // Note: this function assumes that: // - within one author object, there's only *one* delimiter separating author name & initials! // Note: The split pattern must be specified as perl-style regular expression // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function reArrangeAuthorContents($authorContents, $familyNameFirst, $oldBetweenAuthorsDelim, $newBetweenAuthorsDelimStandard, $newBetweenAuthorsDelimLastAuthor, $oldAuthorsInitialsDelim, $newAuthorsInitialsDelimFirstAuthor, $newAuthorsInitialsDelimStandard, $betweenInitialsDelim, $initialsBeforeAuthorFirstAuthor, $initialsBeforeAuthorStandard, $shortenGivenNames, $numberOfAuthorsTriggeringEtAl, $includeNumberOfAuthors, $customStringAfterFirstAuthors, $encodeHTML) { global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers; // defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php' $authorsArray = preg_split($oldBetweenAuthorsDelim, $authorContents); // get a list of all authors for this record $authorCount = count($authorsArray); // check how many authors we have to deal with $newAuthorContents = ""; // this variable will hold the final author string $includeStringAfterFirstAuthor = false; if (empty($numberOfAuthorsTriggeringEtAl)) $numberOfAuthorsTriggeringEtAl = $authorCount; if (empty($includeNumberOfAuthors)) $includeNumberOfAuthors = $authorCount; for ($i=0; $i < $authorCount; $i++) { $singleAuthorArray = preg_split($oldAuthorsInitialsDelim, $authorsArray[$i]); // for each author, extract author name & initials to separate list items if (!$familyNameFirst) // if the family name comes *after* the given name (or initials) in the source string, put array elements in reverse order: $singleAuthorArray = array_reverse($singleAuthorArray); // (Note: this only works, if the array has only *two* elements, i.e., one containing the author's name and one holding the initials!) if (isset($singleAuthorArray[1])) { if ($shortenGivenNames) // if we're supposed to abbreviate given names { // within initials, reduce all full first names (-> defined by a starting uppercase character, followed by one ore more lowercase characters) // to initials, i.e., only retain their first character $singleAuthorArray[1] = preg_replace("/([$upper])[$lower]+/$patternModifiers", "\\1", $singleAuthorArray[1]); } // within initials, remove any dots: $singleAuthorArray[1] = preg_replace("/([$upper])\.+/$patternModifiers", "\\1", $singleAuthorArray[1]); // within initials, remove any spaces *between* initials: $singleAuthorArray[1] = preg_replace("/(?<=[-$upper]) +(?=[-$upper])/$patternModifiers", "", $singleAuthorArray[1]); // within initials, add a space after a hyphen, but only if ... if (preg_match("/ $/", $betweenInitialsDelim)) // ... the delimiter that separates initials ends with a space $singleAuthorArray[1] = preg_replace("/-(?=[$upper])/$patternModifiers", "- ", $singleAuthorArray[1]); // then, separate initials with the specified delimiter: $singleAuthorArray[1] = preg_replace("/([$upper])(?=[^$lower]+|$)/$patternModifiers", "\\1$betweenInitialsDelim", $singleAuthorArray[1]); } if ((($i == 0) AND $initialsBeforeAuthorFirstAuthor) OR (($i > 0) AND $initialsBeforeAuthorStandard)) // put array elements in reverse order: $singleAuthorArray = array_reverse($singleAuthorArray); // (Note: this only works, if the array has only *two* elements, i.e., one containing the author's name and one holding the initials!) // re-join author name & initials, using the specified delimiter, and copy the string to the end of an array: if ($i == 0) // -> first author $singleAuthorString = implode($newAuthorsInitialsDelimFirstAuthor, $singleAuthorArray); else // $i > 0 // -> all authors except the first one $singleAuthorString = implode($newAuthorsInitialsDelimStandard, $singleAuthorArray); // append this author to the final author string: if (($i == 0) OR ($i + 1) < $authorCount) // -> first author, or (for multiple authors) all authors except the last one { if ($i == 0) // -> first author $newAuthorContents .= $singleAuthorString; else // -> for multiple authors, all authors except the first or the last one $newAuthorContents .= $newBetweenAuthorsDelimStandard . $singleAuthorString; // we'll append the string in '$customStringAfterFirstAuthors' to the number of authors given in '$includeNumberOfAuthors' if the total number of authors is greater than the number given in '$numberOfAuthorsTriggeringEtAl': if ((($i + 1) == $includeNumberOfAuthors) AND ($authorCount > $numberOfAuthorsTriggeringEtAl)) { if (preg_match("/__NUMBER_OF_AUTHORS__/", $customStringAfterFirstAuthors)) $customStringAfterFirstAuthors = preg_replace("/__NUMBER_OF_AUTHORS__/", ($authorCount - $includeNumberOfAuthors), $customStringAfterFirstAuthors); // resolve placeholder $includeStringAfterFirstAuthor = true; break; } } elseif (($authorCount > 1) AND (($i + 1) == $authorCount)) // -> last author (if multiple authors) { $newAuthorContents .= $newBetweenAuthorsDelimLastAuthor . $singleAuthorString; } } // do some final clean up: if ($encodeHTML) $newAuthorContents = encodeHTML($newAuthorContents); // HTML encode higher ASCII characters within the newly arranged author contents if ($includeStringAfterFirstAuthor) $newAuthorContents .= $customStringAfterFirstAuthors; // the custom string won't get HTML encoded so that it's possible to include HTML tags (such as '') within the string $newAuthorContents = preg_replace("/ +/", " ", $newAuthorContents); // remove double spaces (which occur e.g., when both, $betweenInitialsDelim & $newAuthorsInitialsDelim..., end with a space) $newAuthorContents = preg_replace("/ +([,.;:?!()]|$)/", "\\1", $newAuthorContents); // remove excess spaces before [,.;:?!()] and from the end of the author string return $newAuthorContents; } // -------------------------------------------------------------------- // EXTRACT AUTHOR'S LAST NAME // This function takes the contents of the author field and will extract the // last name of a particular author (specified by position) (e.g., setting // '$authorPosition' to "1" will return the 1st author's last name). // Note: this function assumes that: // 1. within one author object, there's only *one* delimiter separating // author name & initials! // 2. author objects are stored in the db as // "", i.e., // initials follow *after* the author's name! // Required Parameters: // 1. pattern describing delimiter that separates different authors // 2. pattern describing delimiter that separates author name & initials // (within one author) // 3. position of the author whose last name shall be extracted (e.g., // "1" will return the 1st author's last name) // 4. contents of the author field // Note: The split patterns must be specified as perl-style regular expressions // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function extractAuthorsLastName($oldBetweenAuthorsDelim, $oldAuthorsInitialsDelim, $authorPosition, $authorContents) { $authorsArray = preg_split($oldBetweenAuthorsDelim, $authorContents); // get a list of all authors for this record $authorPosition = ($authorPosition-1); // php array elements start with "0", so we decrease the authors position by 1 $singleAuthor = $authorsArray[$authorPosition]; // for the author in question, extract the full author name (last name & initials) $singleAuthorArray = preg_split($oldAuthorsInitialsDelim, $singleAuthor); // then, extract author name & initials to separate list items $singleAuthorsLastName = $singleAuthorArray[0]; // extract this author's last name into a new variable return $singleAuthorsLastName; } // -------------------------------------------------------------------- // EXTRACT AUTHOR'S GIVEN NAME // This function takes the contents of the author field and will extract the // initials/given name of a particular author (specified by position) (e.g., // setting '$authorPosition' to "1" will return the 1st author's initials/given // name). // Required Parameters: // 1. pattern describing delimiter that separates different authors // 2. pattern describing delimiter that separates author name & // initials/given name (within one author) // 3. position of the author whose last name shall be extracted // (e.g., "1" will return the 1st author's initials/given name) // 4. contents of the author field // Note: The split patterns must be specified as perl-style regular expressions // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function extractAuthorsGivenName($oldBetweenAuthorsDelim, $oldAuthorsInitialsDelim, $authorPosition, $authorContents) { $authorsArray = preg_split($oldBetweenAuthorsDelim, $authorContents); // get a list of all authors for this record $authorPosition = ($authorPosition-1); // php array elements start with "0", so we decrease the authors position by 1 $singleAuthor = $authorsArray[$authorPosition]; // for the author in question, extract the full author name (last name & initials/given name) $singleAuthorArray = preg_split($oldAuthorsInitialsDelim, $singleAuthor); // then, extract author name & initials/given name to separate list items if (!empty($singleAuthorArray[1])) $singleAuthorsGivenName = $singleAuthorArray[1]; // extract this author's initials/given name into a new variable else $singleAuthorsGivenName = ''; return $singleAuthorsGivenName; } // -------------------------------------------------------------------- // PARSE PLACEHOLDER STRING // this function will parse a given placeholder string into its indiviual placeholders and replaces // them with content from the given record function parsePlaceholderString($formVars, $placeholderString, $fallbackPlaceholderString) { global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers; // defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php' if (empty($placeholderString)) $placeholderString = $fallbackPlaceholderString; // if, for some odd reason, an empty placeholder string was given, we'll use the placeholder(s) given in '$fallbackPlaceholderString' $placeholderPartsArray = preg_split("/[<>]/", $placeholderString); // split placeholder string into its individual components $convertedPlaceholderArray = array(); // initialize array variable which will hold the transformed placeholder parts foreach($placeholderPartsArray as $placeholderPart) { if (!empty($placeholderPart)) { if (preg_match("/:\w+/", $placeholderPart)) // if the part contains a colon (":") followed by one or more word characters the part is assumed to be a placeholder (this will e.g. exclude "http://" strings) { // extract any custom options given within a placeholder: if (preg_match("/:\w+\[[^][]+\]:/i", $placeholderPart)) // the placeholder contains custom options $options = preg_replace("/.*:\w+(\[[^][]+\]):.*/i", "\\1", $placeholderPart); else $options = ""; // extract any prefix given within a placeholder: if (preg_match("/^[^:]+:\w+(\[[^][]*\])?:/i", $placeholderPart)) // the placeholder contains a prefix $prefix = preg_replace("/^([^:]+):\w+(\[[^][]*\])?:.*/i", "\\1", $placeholderPart); else $prefix = ""; // extract any suffix given within a placeholder: if (preg_match("/:\w+(\[[^][]*\])?:[^:]+$/i", $placeholderPart)) // the placeholder contains a suffix $suffix = preg_replace("/.*:\w+(?:\[[^][]*\])?:([^:]+)$/i", "\\1", $placeholderPart); else $suffix = ""; // call dedicated functions for the different placeholders (if required): // '<:serial:>' placeholder: if (preg_match("/:serial:/i", $placeholderPart)) $convertedPlaceholderArray[] = $prefix . $formVars['serialNo'] . $suffix; // '<:firstAuthor:>' placeholder: elseif (preg_match("/:firstAuthor:/i", $placeholderPart)) { if (!empty($formVars['authorName'])) // if the 'author' field isn't empty { $firstAuthor = $prefix; // Call the 'extractAuthorsLastName()' function to extract the last name of a particular author (specified by position): // (see function header for description of required parameters) $firstAuthor .= extractAuthorsLastName("/ *; */", "/ *, */", 1, $formVars['authorName']); $firstAuthor .= $suffix; $convertedPlaceholderArray[] = $firstAuthor; } } // '<:secondAuthor:>' placeholder: elseif (preg_match("/:secondAuthor:/i", $placeholderPart)) { if (!empty($formVars['authorName']) AND preg_match("/;/", $formVars['authorName'])) // if the 'author' field does contain at least one ';' => at least two authors { $secondAuthor = $prefix; // Call the 'extractAuthorsLastName()' function to extract the last name of a particular author (specified by position): // (see function header for description of required parameters) $secondAuthor .= extractAuthorsLastName("/ *; */", "/ *, */", 2, $formVars['authorName']); $secondAuthor .= $suffix; $convertedPlaceholderArray[] = $secondAuthor; } } // '<:authors:>' placeholder: elseif (preg_match("/:authors(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['authorName'])) // if the 'author' field isn't empty { $authors = $prefix; $authors .= extractDetailsFromAuthors($formVars['authorName'], $options); $authors .= $suffix; $convertedPlaceholderArray[] = $authors; } } // '<:title:>' placeholder: elseif (preg_match("/:title(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['titleName'])) // if the 'title' field isn't empty { $title = $prefix; $title .= extractDetailsFromField("title", $formVars['titleName'], "/[^-$word]+/$patternModifiers", $options); $title .= $suffix; $convertedPlaceholderArray[] = $title; } } // '<:year:>' placeholder: elseif (preg_match("/:year(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['yearNo']) AND preg_match("/\d+/i", $formVars['yearNo'])) // if the 'year' field contains a number { $year = $prefix; $year .= extractDetailsFromYear($formVars['yearNo'], $options); $year .= $suffix; $convertedPlaceholderArray[] = $year; } } // '<:publication:>' placeholder: elseif (preg_match("/:publication(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['publicationName'])) // if the 'publication' field isn't empty { $publication = $prefix; $publication .= extractDetailsFromField("publication", $formVars['publicationName'], "/[^-$word]+/$patternModifiers", $options); $publication .= $suffix; $convertedPlaceholderArray[] = $publication; } } // '<:abbrevJournal:>' placeholder: elseif (preg_match("/:abbrevJournal(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['abbrevJournalName'])) // if the 'abbrev_journal' field isn't empty { $abbrevJournal = $prefix; $abbrevJournal .= extractDetailsFromField("abbrev_journal", $formVars['abbrevJournalName'], "/[^-$word]+/$patternModifiers", $options); $abbrevJournal .= $suffix; $convertedPlaceholderArray[] = $abbrevJournal; } } // '<:volume:>' placeholder: elseif (preg_match("/:volume:/i", $placeholderPart)) { if (!empty($formVars['volumeNo'])) // if the 'volume' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['volumeNo'] . $suffix; } // '<:issue:>' placeholder: elseif (preg_match("/:issue:/i", $placeholderPart)) { if (!empty($formVars['issueNo'])) // if the 'issue' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['issueNo'] . $suffix; } // '<:pages:>' placeholder: elseif (preg_match("/:pages:/i", $placeholderPart)) { if (!empty($formVars['pagesNo'])) // if the 'pages' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['pagesNo'] . $suffix; } // '<:startPage:>' placeholder: elseif (preg_match("/:startPage:/i", $placeholderPart)) { if (!empty($formVars['pagesNo']) AND preg_match("/\d+/i", $formVars['pagesNo'])) // if the 'pages' field contains a number { $startPage = $prefix; $startPage .= preg_replace("/^\D*?(\w*\d+\w*).*/i", "\\1", $formVars['pagesNo']); // extract starting page $startPage .= $suffix; $convertedPlaceholderArray[] = $startPage; } } // '<:endPage:>' placeholder: elseif (preg_match("/:endPage:/i", $placeholderPart)) { if (!empty($formVars['pagesNo']) AND preg_match("/\d+/i", $formVars['pagesNo'])) // if the 'pages' field contains a number { $pages = preg_replace("/^\D*?(\w*\d+\w*)( *[$dash]+ *\w*\d+\w*)?.*/i$patternModifiers", "\\1\\2", $formVars['pagesNo']); // extract page range (if there's any), otherwise just the first number $endPage = $prefix; $endPage .= extractDetailsFromField("pages", $pages, "/\D+/", "[-1]"); // we'll use this function instead of just grabbing a matched regex pattern since it'll also work when just a number but no range is given (e.g. when startPage = endPage) $endPage .= $suffix; $convertedPlaceholderArray[] = $endPage; } } // '<:keywords:>' placeholder: elseif (preg_match("/:keywords(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['keywordsName'])) // if the 'keywords' field isn't empty { $keywords = $prefix; $keywords .= extractDetailsFromField("keywords", $formVars['keywordsName'], "/ *[;,] */", $options); $keywords .= $suffix; $convertedPlaceholderArray[] = $keywords; } } // '<:issn:>' placeholder: elseif (preg_match("/:issn:/i", $placeholderPart)) { if (!empty($formVars['issnName'])) $convertedPlaceholderArray[] = $prefix . $formVars['issnName'] . $suffix; } // '<:isbn:>' placeholder: elseif (preg_match("/:isbn:/i", $placeholderPart)) { if (!empty($formVars['isbnName'])) $convertedPlaceholderArray[] = $prefix . $formVars['isbnName'] . $suffix; } // '<:issn_isbn:>' placeholder: elseif (preg_match("/:issn_isbn:/i", $placeholderPart)) { if (!empty($formVars['issnName'])) // if both, an ISSN and ISBN number are present, the ISSN number will be preferred $convertedPlaceholderArray[] = $prefix . $formVars['issnName'] . $suffix; elseif (!empty($formVars['isbnName'])) $convertedPlaceholderArray[] = $prefix . $formVars['isbnName'] . $suffix; } // '<:area:>' placeholder: elseif (preg_match("/:area(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['areaName'])) // if the 'area' field isn't empty { $area = $prefix; $area .= extractDetailsFromField("area", $formVars['areaName'], "/ *[;,] */", $options); $area .= $suffix; $convertedPlaceholderArray[] = $area; } } // '<:notes:>' placeholder: elseif (preg_match("/:notes(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['notesName'])) // if the 'notes' field isn't empty { $notes = $prefix; $notes .= extractDetailsFromField("notes", $formVars['notesName'], "/[^-$word]+/$patternModifiers", $options); $notes .= $suffix; $convertedPlaceholderArray[] = $notes; } } // '<:userKeys:>' placeholder: elseif (preg_match("/:userKeys(\[[^][]*\])?:/i", $placeholderPart)) { if (!empty($formVars['userKeysName'])) // if the 'user_keys' field isn't empty { $userKeys = $prefix; $userKeys .= extractDetailsFromField("user_keys", $formVars['userKeysName'], "/ *[;,] */", $options); $userKeys .= $suffix; $convertedPlaceholderArray[] = $userKeys; } } // '<:citeKey:>' placeholder: elseif (preg_match("/:citeKey:/i", $placeholderPart)) { if (!empty($formVars['citeKeyName'])) // if the 'cite_key' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['citeKeyName'] . $suffix; } // '<:doi:>' placeholder: elseif (preg_match("/:doi:/i", $placeholderPart)) { if (!empty($formVars['doiName'])) // if the 'doi' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['doiName'] . $suffix; } // '<:recordIdentifier:>' placeholder: elseif (preg_match("/:recordIdentifier:/i", $placeholderPart)) { if (!empty($formVars['citeKeyName'])) // if the 'cite_key' field isn't empty $convertedPlaceholderArray[] = $prefix . $formVars['citeKeyName'] . $suffix; // if available, we prefer the user-specific cite key as unique record identifier else $convertedPlaceholderArray[] = $prefix . $formVars['serialNo'] . $suffix; // otherwise we'll use the record's serial number } // '<:randomNumber:>' placeholder: elseif (preg_match("/:randomNumber(\[[^][]*\])?:/i", $placeholderPart)) { $randomString = $prefix; $randomString .= generateRandomNumber($options); $randomString .= $suffix; $convertedPlaceholderArray[] = $randomString; } // else: un-recognized placeholders will be ignored } else // the part is assumed to be a literal string { $convertedPlaceholderArray[] = $placeholderPart; // add part as is to array of transformed placeholder parts } } } $convertedPlaceholderString = implode("", $convertedPlaceholderArray); // merge transformed placeholder parts return $convertedPlaceholderString; } // -------------------------------------------------------------------- // EXTRACT AUTHOR NAMES AND GENERATE IDENTIFIER STRING // this function takes the contents of the author field and generates an author identifier string (see comments below for // some examples) which is used by the file name (and cite key) auto-generation feature when replacing the <:authors:> placeholder function extractDetailsFromAuthors($authorString, $options) { global $extractDetailsAuthorsDefault; // defined in 'ini.inc.php' $returnRawAuthorString = false; if (empty($options)) // if '$options' is empty $options = $extractDetailsAuthorsDefault; // load the default options if (preg_match("/^\[-?\d*\|[^][|]*\|[^][|]*\]$/i", $options)) // if the '$options' variable contains a recognized syntax (minimum spec must be: "[||]", i.e., second and third option delimiters are not optional but must be specified!) { // extract the individual options: if (preg_match("/^\[-?\d+\|/i", $options)) // if the first option contains a number { $useMaxNoOfAuthors = preg_replace("/\[(-?\d+)\|[^][|]*\|[^][|]*\]/i", "\\1", $options); // regex note: to include a literal closing bracket (']') in a negated character class ('[^...]') it must be positioned right after the caret character ('^') such as in: '[^]...]' if ($useMaxNoOfAuthors == 0) // the special number '0' indicates that all authors shall be retrieved $useMaxNoOfAuthors = 250; // by assigning a very high number to '$useMaxNoOfAuthors' we should be pretty safe to catch all authors from the author field (extremely high values may choke the regular expression engine, though) elseif ($useMaxNoOfAuthors < 0) // negative numbers have currently no meaning and will be treated as if the corresponding positive number was given $useMaxNoOfAuthors = abs($useMaxNoOfAuthors); } elseif (preg_match("/^\[\|/i", $options)) // if the first option was left empty we assume that the raw author string shall be returned without any modification $returnRawAuthorString = true; $authorConnectorString = preg_replace("/\[-?\d*\|([^][|]*)\|[^][|]*\]/i", "\\1", $options); $etalIdentifierString = preg_replace("/\[-?\d*\|[^][|]*\|([^][|]*)\]/i", "\\1", $options); } else // use yet another fallback if the given options contain a buggy syntax { $useMaxNoOfAuthors = 2; $authorConnectorString = "+"; $etalIdentifierString = "_etal"; } if ($returnRawAuthorString) $authorDetails = $authorString; // return the raw author string without any modification else { $authorDetails = ""; // initialize variable which will hold the author identifier string // Add first author (plus additional authors if available up to the number of authors specified in '$useMaxNoOfAuthors'); // but if more authors are present as in '$useMaxNoOfAuthors', add the contents of '$etalIdentifierString' after the first(!) author ignoring all other authors. // Example with '$extractDetailsAuthorsDefault = "[2|+|_etal]"': // $authorString = "Steffens, M" -> $authorDetails = "Steffens" // $authorString = "Steffens, M; Thomas, D" -> $authorDetails = "Steffens+Thomas" // $authorString = "Steffens, M; Thomas, D; Dieckmann, GS" -> $authorDetails = "Steffens_etal" // Example with '$extractDetailsAuthorsDefault = "[1|+|++]"': // $authorString = "Steffens, M" -> $authorDetails = "Steffens" // $authorString = "Steffens, M; Thomas, D" -> $authorDetails = "Steffens++" // $authorString = "Steffens, M; Thomas, D; Dieckmann, GS" -> $authorDetails = "Steffens++" for ($i=1; $i <= ($useMaxNoOfAuthors + 1); $i++) { if (preg_match("/^[^;]+(;[^;]+){" . ($i - 1) . "}/", $authorString)) // if the 'author' field does contain (at least) as many authors as specified in '$i' { if ($i>1) { if (preg_match("/^[^;]+(;[^;]+){" . $useMaxNoOfAuthors . "}/", $authorString)) // if the 'author' field does contain more authors as specified in '$useMaxNoOfAuthors' { $authorDetails .= $etalIdentifierString; break; } else $authorDetails .= $authorConnectorString; } // Call the 'extractAuthorsLastName()' function to extract the last name of a particular author (specified by position): // (see function header for description of required parameters) $authorDetails .= extractAuthorsLastName("/ *; */", "/ *, */", $i, $authorString); } else break; } } return $authorDetails; } // -------------------------------------------------------------------- // EXTRACT YEAR // this function takes the contents of the year field and returns the year in two-digit // or four-digit format (depending on the given '$option' which must be either "[2]" or "[4]") function extractDetailsFromYear($yearString, $options) { global $extractDetailsYearDefault; // defined in 'ini.inc.php' if (empty($options)) // if '$options' is empty $options = $extractDetailsYearDefault; // load the default option if (preg_match("/^\[[24]\]$/i", $options)) // if the '$options' variable contains a recognized syntax $yearDigitFormat = preg_replace("/^\[([24])\]$/i", "\\1", $options); // extract the individual option else // use yet another fallback if the given option contains a buggy syntax $yearDigitFormat = 4; if (preg_match("/^\D*\d{4}/i", $yearString)) { if ($yearDigitFormat == 2) $yearDetails = preg_replace("/^\D*\d{2}(\d{2}).*/i", "\\1", $yearString); else $yearDetails = preg_replace("/^\D*(\d{4}).*/i", "\\1", $yearString); } else $yearDetails = $yearString; // fallback return $yearDetails; } // -------------------------------------------------------------------- // EXTRACT DETAILS FROM FIELD // this function takes the contents of the title/publication/abbrev_journal/pages/keywords/area/notes/user_keys field // and returns x words/items from the beginning (or end) of the string (depending on the given '$option' which must be // of the form "[x]" where x is a number indicating how many words/items shall be returned; positive number: return x // words/items from beginning of string, negative number: return x words/items from end of string) function extractDetailsFromField($fieldName, $sourceString, $splitDelim, $options) { global $extractDetailsTitleDefault; // these variables are defined in 'ini.inc.php' global $extractDetailsPublicationDefault; global $extractDetailsAbbrevJournalDefault; global $extractDetailsKeywordsDefault; global $extractDetailsAreaDefault; global $extractDetailsNotesDefault; global $extractDetailsUserKeysDefault; $returnRawSourceString = false; if (empty($options)) // if '$options' is empty load the default option { if ($fieldName == "title") $options = $extractDetailsTitleDefault; elseif ($fieldName == "publication") $options = $extractDetailsPublicationDefault; elseif ($fieldName == "abbrev_journal") $options = $extractDetailsAbbrevJournalDefault; elseif ($fieldName == "pages") $options = "[1]"; elseif ($fieldName == "keywords") $options = $extractDetailsKeywordsDefault; elseif ($fieldName == "area") $options = $extractDetailsAreaDefault; elseif ($fieldName == "notes") $options = $extractDetailsNotesDefault; elseif ($fieldName == "user_keys") $options = $extractDetailsUserKeysDefault; } if (preg_match("/^\[(-?\d+(\|[^][|]*)?|-?\d*\|[^][|]*)\]$/i", $options)) // if the '$options' variable contains a recognized syntax { // extract the individual options: if (preg_match("/^\[-?\d+/i", $options)) // if the first option contains a number { $extractNumberOfWords = preg_replace("/^\[(-?\d+)(\|[^][|]*)?\]$/i", "\\1", $options); if ($extractNumberOfWords == 0) // the special number '0' indicates that all field items shall be retrieved $extractNumberOfWords = 999; // by assigning a very high number to '$extractNumberOfWords' we should be pretty safe to catch all words/items from the given field (extremely high values may choke the regular expression engine, though) } elseif (preg_match("/^\[\|/i", $options)) // if the first option was left empty we assume that the raw source string shall be returned without any modification $returnRawSourceString = true; if (preg_match("/^\[-?\d*\|[^][|]+\]$/i", $options)) // if the second option contains some content $joinDelim = preg_replace("/^\[-?\d*\|([^][|]+)\]$/i", "\\1", $options); else $joinDelim = ""; } else // use yet another fallback if the given option contains a buggy syntax { $extractNumberOfWords = 1; $joinDelim = ""; } if (!($returnRawSourceString) AND preg_match($splitDelim, $sourceString)) $sourceStringDetails = extractPartsFromString($sourceString, $splitDelim, $joinDelim, $extractNumberOfWords); else $sourceStringDetails = $sourceString; // fallback return $sourceStringDetails; } // -------------------------------------------------------------------- // GENERATE RANDOM NUMBER // this function generates a random number taken from the range which is defined in '$options' (format: "[min|max]", e.g. "[0|9999]"), // if '$options' is empty the maximum possible range will be used function generateRandomNumber($options) { global $extractDetailsRandomNumberDefault; // defined in 'ini.inc.php' if (empty($options)) // if '$options' is empty $options = $extractDetailsRandomNumberDefault; // load the default options if (preg_match("/^\[\d+\|\d+\]$/i", $options)) // if the '$options' variable contains a recognized syntax { // extract the individual options: $minRandomNumber = preg_replace("/\[(\d+)\|.+/i", "\\1", $options); // extract first option which defines the minimum random number $maxRandomNumber = preg_replace("/\[\d+\|(\d+)\]/i", "\\1", $options); // extract second option which defines the maximum random number // generate random number: $randomNumber = mt_rand($minRandomNumber, $maxRandomNumber); } else // no (or unrecognized) options { // generate random number: $randomNumber = mt_rand(); // if called without the optional min, max arguments 'mt_rand()' returns a pseudo-random value between 0 and RAND_MAX } return $randomNumber; } // -------------------------------------------------------------------- // GET UPLOAD INFO // Given the name of a file upload field, return a four (or five) element associative // array containing information about the file. The element names are: // name - original name of file on client // type - MIME type of file (e.g.: 'image/gif') // tmp_name - name of temporary file on server // error - holds an error number >0 if something went wrong, otherwise 0 // (the 'error' element was added with PHP 4.2.0. Error code explanation: ) // size - size of file in bytes // depending what happend on upload, they will contain the following values (PHP 4.1 and above): // no file upload upload exceeds 'upload_max_filesize' successful upload // -------------- ------------------------------------ ----------------- // name "" [name] [name] // type "" "" [type] // tmp_name "" OR "none" "" [tmp_name] // error 4 1 0 // size 0 0 [size] // The function prefers the $_FILES array if it is available, falling back // to $HTTP_POST_FILES and $HTTP_POST_VARS as necessary. function getUploadInfo($name) { global $HTTP_POST_FILES, $HTTP_POST_VARS; $uploadFileInfo = array(); // initialize array variable // Look for information in PHP 4.1 $_FILES array first. // Note: The entry in $_FILES might be present even if no file was uploaded (see above). // Check the 'tmp_name' and/or the 'error' member to make sure there is a file. if (isset($_FILES)) if (isset($_FILES[$name])) $uploadFileInfo = ($_FILES[$name]); // Look for information in PHP 4 $HTTP_POST_FILES array next. // (Again, check the 'tmp_name' and/or the 'error' member to make sure there is a file.) elseif (isset($HTTP_POST_FILES)) if (isset($HTTP_POST_FILES[$name])) $uploadFileInfo = ($HTTP_POST_FILES[$name]); // Look for PHP 3 style upload variables. // Check the _name member, because $HTTP_POST_VARS[$name] might not // actually be a file field. elseif (isset($HTTP_POST_VARS[$name]) && isset($HTTP_POST_VARS[$name . "_name"])) { // Map PHP 3 elements to PHP 4-style element names $uploadFileInfo["name"] = $HTTP_POST_VARS[$name . "_name"]; $uploadFileInfo["tmp_name"] = $HTTP_POST_VARS[$name]; $uploadFileInfo["size"] = $HTTP_POST_VARS[$name . "_size"]; $uploadFileInfo["type"] = $HTTP_POST_VARS[$name . "_type"]; } if (isset($uploadFileInfo["tmp_name"]) && ($uploadFileInfo["tmp_name"] == "none")) // on some systems (PHP versions) the 'tmp_name' element might contain 'none' if there was no file being uploaded $uploadFileInfo["tmp_name"] = ""; // in order to standardize array output we replace 'none' with an empty string return $uploadFileInfo; } // -------------------------------------------------------------------- // BUILD RELATED RECORDS LINK // (this function generates a proper SQL query string from the contents of the user-specific 'related' field (table 'user_data') and returns a HTML link; // clicking this link will show all records that match the serials or partial queries that were specified within the 'related' field) function buildRelatedRecordsLink($relatedFieldString, $userID) { global $tableRefs, $tableUserData; // defined in 'db.inc.php' // initialize some arrays: $serialsArray = array(); // we'll use this array to hold all record serial numbers that we encounter $queriesArray = array(); // this array will hold all sub-queries that were extracted from the 'related' field // split the source string on any semi-colon ";" (optionally surrounded by whitespace) which works as our main delimiter: $relatedFieldArray = preg_split("/ *; */", $relatedFieldString); foreach ($relatedFieldArray as $relatedFieldArrayElement) { $relatedFieldArrayElement = trim($relatedFieldArrayElement); // remove any preceding or trailing whitespace if (!empty($relatedFieldArrayElement)) { if (is_numeric($relatedFieldArrayElement)) // if the current array element is a number, we assume its a serial number $serialsArray[] = $relatedFieldArrayElement; // append the current array element to the end of the serials array else { // replace any colon ":" (optionally surrounded by whitespace) with " RLIKE " and enclose the search value with quotes: // (as an example, 'author:steffens, m' will be transformed to 'author RLIKE "steffens, m"') if (preg_match("/:/",$relatedFieldArrayElement)) $relatedFieldArrayElement = preg_replace("/ *: *(.+)/"," RLIKE \"\\1\"",$relatedFieldArrayElement); // else we assume '$relatedFieldArrayElement' to contain a valid 'WHERE' clause! $queriesArray[] = $relatedFieldArrayElement; // append the current array element to the end of the queries array } } } if (!empty($serialsArray)) // if the 'related' field did contain any record serials { $serialsString = implode("|", $serialsArray); $serialsString = "serial RLIKE " . quote_smart("^(" . $serialsString . ")$"); $queriesArray[] = $serialsString; // append the serial query to the end of the queries array } // re-join the queries array with an "OR" separator: $queriesString = implode(" OR ", $queriesArray); // build the full SQL query: // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()' $relatedQuery = buildSELECTclause("", "", "", false, false); // if any of the user-specific fields are present in the contents of the 'related' field, we'll add the 'LEFT JOIN...' part to the 'FROM' clause: if (preg_match("/marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related/",$queriesString)) $relatedQuery .= " FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = $userID"; else // we skip the 'LEFT JOIN...' part of the 'FROM' clause: $relatedQuery .= " FROM $tableRefs"; $relatedQuery .= " WHERE " . $queriesString . " ORDER BY author, year DESC, publication"; // add 'WHERE' & 'ORDER BY' clause // build the correct query URL: $relatedRecordsLink = "search.php?sqlQuery=" . rawurlencode($relatedQuery) . "&formType=sqlSearch&showLinks=1"; // we skip unnecessary parameters ('search.php' will use it's default values for them) return $relatedRecordsLink; } // -------------------------------------------------------------------- // LINKIFY FIELD ITEMS // (this function generates 'show.php' HTML links for the items of the given field) // NOTE: HTML links are only generated for fields that are supported by 'show.php', and // only for those where it makes sense (e.g. the 'abstract' field doesn't get linked). // The list of fields can be adopted in variable '$linkedFields' in 'ini.inc.php'. function linkifyFieldItems($field, $fieldData, $userID = "", $localSearchReplaceActionsArray = array(), $encodingExceptionsArray = array(), $itemDelim = "/\s*[;]+\s*/", $joinDelim = "; ", $showQuery = "", $showLinks = "", $showRows = "", $citeStyle = "", $citeOrder = "", $wrapResults = "", $displayType = "", $viewType = "") { global $databaseBaseURL; // these variables are defined in 'ini.inc.php' global $linkedFields; global $loc; // '$loc' is made globally available in 'core.php' global $client; // Fields that may contain multiple items (delimited by '$itemDelim'): static $multiItemFields = array("author", "keywords", "area", "notes", "location", "contribution_id", "user_keys", "user_notes", "user_groups"); // Fields that require the 'userID' parameter: // (note that, currently, 'show.php' only supports the fields 'marked', // 'selected', 'user_keys', 'user_notes', 'user_groups' and 'cite_key') static $userSpecificFields = array("marked", "copy", "selected", "user_keys", "user_notes", "user_file", "user_groups", "cite_key"); // Display results in Details view when querying for one of the given fields: // (see note below) static $showFieldsInDetailsView = array("title", "serial", "cite_key"); // Check whether we're dealing with an unsupported field or if data are missing: if (!in_array($field, $linkedFields) OR empty($fieldData) OR (in_array($field, $userSpecificFields) AND empty($userID))) { // Contents of unsupported fields won't get hotlinked but we'll have to HTML // encode special chars and apply any field-specific search & replace actions: if (!empty($fieldData)) return encodeField($field, $fieldData, $localSearchReplaceActionsArray, $encodingExceptionsArray); else return $fieldData; } else // supported field { $queryParametersArray = array(); // Add the 'userID' parameter for user-specific fields: if (in_array($field, $userSpecificFields) AND !empty($userID)) $queryParametersArray["userID"] = $userID; // Add query parameters if they're different from the defaults: if (!empty($client)) $queryParametersArray["client"] = $client; // NOTE: refbase usually tries to keep the user's current view. However, in // case of the search links, I think it usually makes sense to present // results in one of the two list-style views (i.e. List view or // Citation view) -- and not in Details view, for example. Thus, we // exclude Details view for regular fields. However, as an exception, // fields listed in '$showFieldsInDetailsView' will be always displayed // in Details view. This is done since the user most likely expects to // see record details when he clicks on a record identifier (such as the // 'serial' or 'cite_key' field) or the record's title. if (in_array($field, $showFieldsInDetailsView)) $queryParametersArray["submit"] = "Display"; elseif (!empty($displayType) AND ($displayType != $_SESSION['userDefaultView']) AND (preg_match("/^(List|Cite)$/i", $displayType))) $queryParametersArray["submit"] = $displayType; if (!empty($viewType) AND ($viewType != "Web")) $queryParametersArray["viewType"] = $viewType; if ($showQuery == "1") $queryParametersArray["showQuery"] = $showQuery; if ($showLinks == "0") $queryParametersArray["showLinks"] = $showLinks; if ($wrapResults == "0") $queryParametersArray["wrapResults"] = $wrapResults; // We use absolute links for CLI clients, for include mechanisms, or when // returning only a partial document structure: if (preg_match("/^(cli|inc)/i", $client) OR ($wrapResults == "0")) $baseURL = $databaseBaseURL; else $baseURL = ""; // Map MySQL field names to localized column names: $fieldNamesArray = mapFieldNames(); $linkifiedFieldItems = array(); // Check whether we need to split field values for this field: if (in_array($field, $multiItemFields)) $itemArray = preg_split($itemDelim, $fieldData); else $itemArray = array($fieldData); // Linkify each field item: foreach ($itemArray as $item) { $queryParametersArrayTemp = $queryParametersArray; // Escape any meta characters: $escapedItem = preg_quote($item, ""); // Adopt 'show.php' parameter name if it doesn't equal the field name: if ($field == "serial") $queryParametersArrayTemp["record"] = $escapedItem; elseif ($field == "marked") $queryParametersArrayTemp["ismarked"] = $escapedItem; else $queryParametersArrayTemp[$field] = $escapedItem; // Generate item link: $linkifiedFieldItems[] = "" . encodeField($field, $item, $localSearchReplaceActionsArray, $encodingExceptionsArray) // HTML encode special chars AND apply any field-specific search & replace actions . ""; } return "" . implode($joinDelim, $linkifiedFieldItems) . ""; } } // -------------------------------------------------------------------- // MODIFY USER GROUPS // add (remove) selected records to (from) the specified user group // Note: this function serves two purposes (which must not be confused!): // - if "$queryTable = user_data", it will modify the values of the 'user_groups' field of the 'user_data' table (where a user can assign one or more groups to particular *references*) // - if "$queryTable = users", this function will modify the values of the 'user_groups' field of the 'users' table (where the admin can assign one or more groups to particular *users*) function modifyUserGroups($queryTable, $displayType, $recordSerialsArray, $userID, $userGroup) { global $tableUserData, $tableUsers; // defined in 'db.inc.php' connectToMySQLDatabase(); $userGroupQuoted = preg_quote($userGroup, "/"); // escape meta characters (including '/' that is used as delimiter for the PCRE match & replace functions below and which gets passed as second argument) if ($queryTable == $tableUserData) // for the current user, get all entries within the 'user_data' table that refer to the selected records (listed in '$recordSerialsArray'): $query = "SELECT record_id, user_groups FROM $tableUserData WHERE record_id RLIKE " . quote_smart("^(" . implode("|", $recordSerialsArray) . ")$") . " AND user_id = " . quote_smart($userID); elseif ($queryTable == $tableUsers) // for the admin, get all entries within the 'users' table that refer to the selected records (listed in '$recordSerialsArray'): $query = "SELECT user_id as record_id, user_groups FROM $tableUsers WHERE user_id RLIKE " . quote_smart("^(" . implode("|", $recordSerialsArray) . ")$"); // (note that by using 'user_id as record_id' we can use the term 'record_id' as identifier of the primary key for both tables) $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $foundSerialsArray = array(); // initialize array variable (which will hold the serial numbers of all found records) $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found { $recordID = $row["record_id"]; // get the serial number of the current record $foundSerialsArray[] = $recordID; // add this record's serial to the array of found serial numbers $recordUserGroups = $row["user_groups"]; // extract the user groups that the current record belongs to // ADD the specified user group to the 'user_groups' field: if ($displayType == "Add" AND !preg_match("/(^|.*;) *$userGroupQuoted *(;.*|$)/", $recordUserGroups)) // if the specified group isn't listed already within the 'user_groups' field: { if (empty($recordUserGroups)) // and if the 'user_groups' field is completely empty $recordUserGroups = $userGroup; // add the specified user group to the 'user_groups' field else // if the 'user_groups' field does already contain some user content: $recordUserGroups .= "; " . $userGroup; // append the specified user group to the 'user_groups' field } // REMOVE the specified user group from the 'user_groups' field: elseif ($displayType == "Remove") // remove the specified group from the 'user_groups' field: { $recordUserGroups = preg_replace("/^ *$userGroupQuoted *(?=;|$)/", "", $recordUserGroups); // the specified group is listed at the very beginning of the 'user_groups' field $recordUserGroups = preg_replace("/ *; *$userGroupQuoted *(?=;|$)/", "", $recordUserGroups); // the specified group occurs after some other group name within the 'user_groups' field $recordUserGroups = preg_replace("/^ *; */i", "", $recordUserGroups); // remove any remaining group delimiters at the beginning of the 'user_groups' field } if ($queryTable == $tableUserData) // for the current record & user ID, update the matching entry within the 'user_data' table: $queryUserData = "UPDATE $tableUserData SET user_groups = " . quote_smart($recordUserGroups) . " WHERE record_id = " . quote_smart($recordID) . " AND user_id = " . quote_smart($userID); elseif ($queryTable == $tableUsers) // for the current user ID, update the matching entry within the 'users' table: $queryUserData = "UPDATE $tableUsers SET user_groups = " . quote_smart($recordUserGroups) . " WHERE user_id = " . quote_smart($recordID); $resultUserData = queryMySQLDatabase($queryUserData); // RUN the query on the database through the connection } } if (($queryTable == $tableUserData) AND ($displayType == "Add")) { // for all selected records that have no entries in the 'user_data' table (for this user), we'll need to add a new entry containing the specified group: $leftoverSerialsArray = array_diff($recordSerialsArray, $foundSerialsArray); // get all unique array elements of '$recordSerialsArray' which are not in '$foundSerialsArray' foreach ($leftoverSerialsArray as $leftoverRecordID) // for each record that we haven't processed yet (since it doesn't have an entry in the 'user_data' table for this user) { if ($leftoverRecordID > 0) // function 'extractFormElementsQueryResults()' in 'search.php' assigns '$recordSerialsArray[]="0"' if '$recordSerialsArray' is empty { $foundSerialsArray[] = $leftoverRecordID; // add this record's serial to the array of found serial numbers // for the current record & user ID, add a new entry (containing the specified group) to the 'user_data' table: $queryUserData = "INSERT INTO $tableUserData SET " . "user_groups = " . quote_smart($userGroup) . ", " . "record_id = " . quote_smart($leftoverRecordID) . ", " . "user_id = " . quote_smart($userID) . ", " . "data_id = NULL"; // inserting 'NULL' into an auto_increment PRIMARY KEY attribute allocates the next available key value $resultUserData = queryMySQLDatabase($queryUserData); // RUN the query on the database through the connection } } } // TODO! // save an informative message: // if (count($foundSerialsArray) == "1") // $recordHeader = $loc["record"]; // use singular form if only one record was updated // else // $recordHeader = $loc["records"]; // use plural form if multiple records were updated // $HeaderString = returnMsg("The groups of " . . " records were updated successfully!", "", "", "HeaderString"); getUserGroups($queryTable, $userID); // update the appropriate session variable } // -------------------------------------------------------------------- // Get all user groups specified by the current user (or admin) // and (if some groups were found) save them as semicolon-delimited string to a session variable: // Note: this function serves two purposes (which must not be confused!): // - if "$queryTable = user_data", it will fetch unique values from the 'user_groups' field of the 'user_data' table (where a user can assign one or more groups to particular *references*) // - if "$queryTable = users", this function will fetch unique values from the 'user_groups' field of the 'users' table (where the admin can assign one or more groups to particular *users*) function getUserGroups($queryTable, $userID) { global $tableUserData, $tableUsers; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // Note: 'user_groups RLIKE ".+"' will cause the database to only return user data entries where the 'user_groups' field // is neither NULL (=> 'user_groups IS NOT NULL') nor the empty string (=> 'user_groups NOT RLIKE "^$"') if ($queryTable == $tableUserData) // Find all unique 'user_groups' entries in the 'user_data' table belonging to the current user: $query = "SELECT DISTINCT user_groups FROM $tableUserData WHERE user_id = " . quote_smart($userID) . " AND user_groups RLIKE \".+\""; elseif ($queryTable == $tableUsers) // Find all unique 'user_groups' entries in the 'users' table: $query = "SELECT DISTINCT user_groups FROM $tableUsers WHERE user_groups RLIKE \".+\""; $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $userGroupsArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found { // remove any meaningless delimiter(s) from the beginning or end of a field string: $rowUserGroupsString = trimTextPattern($row["user_groups"], "( *; *)+", true, true); // split the contents of the 'user_groups' field on the specified delimiter (which is interpreted as perl-style regular expression!): $rowUserGroupsArray = preg_split("/ *; */", $rowUserGroupsString); $userGroupsArray = array_merge($userGroupsArray, $rowUserGroupsArray); // append this row's group names to the array of found user groups } // remove duplicate group names from array: $userGroupsArray = array_unique($userGroupsArray); // sort in ascending order: sort($userGroupsArray); // join array of unique user groups with '; ' as separator: $userGroupsString = implode('; ', $userGroupsArray); // Write the resulting string of user groups into a session variable: if ($queryTable == $tableUserData) saveSessionVariable("userGroups", $userGroupsString); elseif ($queryTable == $tableUsers) saveSessionVariable("adminUserGroups", $userGroupsString); } else // no user groups found { // delete any session variable (which is now outdated): if ($queryTable == $tableUserData) deleteSessionVariable("userGroups"); elseif ($queryTable == $tableUsers) deleteSessionVariable("adminUserGroups"); } } // -------------------------------------------------------------------- // Get all user queries specified by the current user // and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries': function getUserQueries($userID) { global $tableQueries; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // Find all unique query entries in the 'queries' table belonging to the current user: // (query names should be unique anyhow, so the DISTINCT parameter wouldn't be really necessary) $query = "SELECT DISTINCT(query_name),last_execution FROM $tableQueries WHERE user_id = " . quote_smart($userID) . " ORDER BY last_execution DESC"; // Note: we sort (in descending order) by the 'last_execution' field to get the last used query entries first; // by that, the last used query will be always at the top of the popup menu within the 'Recall My Query' form $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $userQueriesArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found $userQueriesArray[] = $row["query_name"]; // append this row's query name to the array of found user queries // join array of unique user queries with '; ' as separator: $userQueriesString = implode('; ', $userQueriesArray); // Write the resulting string of user queries into a session variable: saveSessionVariable("userQueries", $userQueriesString); } else // no user queries found deleteSessionVariable("userQueries"); // delete any 'userQueries' session variable (which is now outdated) } // -------------------------------------------------------------------- // Get all cite keys specified by the current user: function getUserCiteKeys($userID) { global $tableRefs, $tableUserData; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // Find all cite keys in table 'user_data' belonging to the current user: // (note that the SQL query is formulated such that only those records from table 'user_data' are returned // which have a matching entry in table 'refs'; i.e. stray items from table 'user_data' are omitted) $query = "SELECT cite_key FROM $tableRefs LEFT JOIN $tableUserData ON serial = record_id AND user_id = " . quote_smart($userID) . " WHERE cite_key RLIKE \".+\" ORDER BY cite_key"; $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $userCiteKeysArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found { // If this row's cite key already exists in the global array of found cite keys ('$citeKeysArray'), // we'll uniquify it, otherwise we'll take it as is $citeKey = ensureUniqueCiteKey($row["cite_key"]); // We also append the original cite key to '$userCiteKeysArray' which holds all uniquified cite keys // as array keys and the corresponding original cite key names (including duplicate items!) as array // values $userCiteKeysArray[$citeKey] = $row["cite_key"]; } } return $userCiteKeysArray; } // -------------------------------------------------------------------- // This function checks if the given cite key already exists in the global array of found cite keys ('$citeKeysArray'). // If the given cite key already exists, an incrementing number will be added to uniquify it (the number will be increased // until the cite key is truly unique); after ensuring that a given cite key is unique, it's added to '$citeKeysArray' and // returned: // Note: the global '$citeKeysArray' does NOT contain all cite keys defined in the entire refbase database; instead it holds: // - on import: for records that just have been imported, the list of cite keys for all imported records (generated // according to the current user's prefs) -PLUS- the list of all of the user's existing cite keys // - on export: for records that just have been exported, the list of cite keys (generated according to the current // user's prefs) for all exported records function ensureUniqueCiteKey($citeKey) { global $citeKeysArray; // '$citeKeysArray' is made globally available from within this function if (!isset($citeKeysArray)) $citeKeysArray = array(); // initialize array variable if (isset($citeKeysArray[$citeKey])) // if this cite key already exists { if (preg_match("/(?<=_)\d+$/", $citeKey)) // if this cite key already contains a suffix such as "_2" we assume it to be the old number of occurrence $citeKey = preg_replace("/(?<=_)(\d+)$/e", "'\\1' + 1", $citeKey); // increment the old number of occurrence (that already exists in this cite key) by 1 else $citeKey = $citeKey . "_2"; // append a number of occurrence to this cite key $citeKey = ensureUniqueCiteKey($citeKey); // recurse, to check again whether the generated cite key already exists } else { $citeKeysArray[$citeKey] = $citeKey; // append the cite key to the array of known cite keys } return $citeKey; } // -------------------------------------------------------------------- // Get all available formats/styles/types: function getAvailableFormatsStylesTypes($dataType, $formatType) // '$dataType' must be one of the following: 'format', 'style', 'type'; '$formatType' must be either '', 'export', 'import' or 'cite' { global $tableDepends, $tableFormats, $tableStyles, $tableTypes; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: if ($dataType == "format") $query = "SELECT format_name, format_id FROM $tableFormats LEFT JOIN $tableDepends ON $tableFormats.depends_id = $tableDepends.depends_id WHERE format_type = " . quote_smart($formatType) . " AND format_enabled = 'true' AND depends_enabled = 'true' ORDER BY order_by, format_name"; elseif ($dataType == "style") $query = "SELECT style_name, style_id FROM $tableStyles LEFT JOIN $tableDepends ON $tableStyles.depends_id = $tableDepends.depends_id WHERE style_enabled = 'true' AND depends_enabled = 'true' ORDER BY order_by, style_name"; elseif ($dataType == "type") $query = "SELECT type_name, type_id FROM $tableTypes WHERE type_enabled = 'true' ORDER BY order_by, type_name"; $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $availableFormatsStylesTypesArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... while ($row = @ mysqli_fetch_array($result)) // for all rows found $availableFormatsStylesTypesArray[$row[$dataType . "_id"]] = $row[$dataType . "_name"]; // append this row's format/style/type name to the array of found user formats/styles/types return $availableFormatsStylesTypesArray; } // -------------------------------------------------------------------- // Get all formats/styles/types that are available and were enabled by the admin for the current user: function getEnabledUserFormatsStylesTypes($userID, $dataType, $formatType, $returnIDsAsValues) // '$dataType' must be one of the following: 'format', 'style', 'type'; '$formatType' must be either '', 'export', 'import' or 'cite' { global $tableDepends, $tableFormats, $tableStyles, $tableTypes, $tableUserFormats, $tableUserStyles, $tableUserTypes; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: if ($dataType == "format") $query = "SELECT $tableFormats.format_name, $tableFormats.format_id FROM $tableFormats LEFT JOIN $tableUserFormats on $tableFormats.format_id = $tableUserFormats.format_id LEFT JOIN $tableDepends ON $tableFormats.depends_id = $tableDepends.depends_id WHERE format_type = " . quote_smart($formatType) . " AND format_enabled = 'true' AND depends_enabled = 'true' AND user_id = " . quote_smart($userID) . " ORDER BY $tableFormats.order_by, $tableFormats.format_name"; elseif ($dataType == "style") $query = "SELECT $tableStyles.style_name, $tableStyles.style_id FROM $tableStyles LEFT JOIN $tableUserStyles on $tableStyles.style_id = $tableUserStyles.style_id LEFT JOIN $tableDepends ON $tableStyles.depends_id = $tableDepends.depends_id WHERE style_enabled = 'true' AND depends_enabled = 'true' AND user_id = " . quote_smart($userID) . " ORDER BY $tableStyles.order_by, $tableStyles.style_name"; elseif ($dataType == "type") $query = "SELECT $tableTypes.type_name, $tableTypes.type_id FROM $tableTypes LEFT JOIN $tableUserTypes USING (type_id) WHERE type_enabled = 'true' AND user_id = " . quote_smart($userID) . " ORDER BY $tableTypes.order_by, $tableTypes.type_name"; $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $enabledFormatsStylesTypesArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... while ($row = @ mysqli_fetch_array($result)) // for all rows found { if ($returnIDsAsValues) // return format/style/type IDs as element values: $enabledFormatsStylesTypesArray[] = $row[$dataType . "_id"]; // append this row's format/style/type ID to the array of found user formats/styles/types else // return format/style/type names as element values and use the corresponding IDs as element keys: $enabledFormatsStylesTypesArray[$row[$dataType . "_id"]] = $row[$dataType . "_name"]; // append this row's format/style/type name to the array of found user formats/styles/types } return $enabledFormatsStylesTypesArray; } // -------------------------------------------------------------------- // Get all user formats/styles/types that are available and enabled for the current user (by admins choice) AND which this user has chosen to be visible: // and (if some formats/styles/types were found) save them each as semicolon-delimited string to the session variables 'user_export_formats', 'user_cite_formats', 'user_styles' or 'user_types', respectively: function getVisibleUserFormatsStylesTypes($userID, $dataType, $formatType) // '$dataType' must be one of the following: 'format', 'style', 'type'; '$formatType' must be either '', 'export', 'import' or 'cite' { global $loginEmail; global $adminLoginEmail; // ('$adminLoginEmail' is specified in 'ini.inc.php') global $tableDepends, $tableFormats, $tableStyles, $tableTypes, $tableUserFormats, $tableUserStyles, $tableUserTypes; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: if ($dataType == "format") { // Find all enabled+visible formats in table 'user_formats' belonging to the current user: // Note: following conditions must be matched to have a format "enabled+visible" for a particular user: // - 'formats' table: the 'format_enabled' field must contain 'true' for the given format // (the 'formats' table gives the admin control over which formats are available to the database users) // - 'depends' table: the 'depends_enabled' field must contain 'true' for the 'depends_id' that matches the 'depends_id' of the given format in table 'formats' // (the 'depends' table specifies whether there are any external tools required for a particular format and if these tools are available) // - 'user_formats' table: there must be an entry for the given user where the 'format_id' matches the 'format_id' of the given format in table 'formats' -AND- // the 'show_format' field must contain 'true' for the 'format_id' that matches the 'format_id' of the given format in table 'formats' // (the 'user_formats' table specifies all of the available formats for a particular user that have been selected by this user to be included in the format popups) $query = "SELECT format_name FROM $tableFormats LEFT JOIN $tableUserFormats on $tableFormats.format_id = $tableUserFormats.format_id LEFT JOIN $tableDepends ON $tableFormats.depends_id = $tableDepends.depends_id WHERE format_type = " . quote_smart($formatType) . " AND format_enabled = 'true' AND depends_enabled = 'true' AND user_id = " . quote_smart($userID) . " AND show_format = 'true' ORDER BY $tableFormats.order_by, $tableFormats.format_name"; } elseif ($dataType == "style") { // Find all enabled+visible styles in table 'user_styles' belonging to the current user: // (same conditions apply as for formats) $query = "SELECT style_name FROM $tableStyles LEFT JOIN $tableUserStyles on $tableStyles.style_id = $tableUserStyles.style_id LEFT JOIN $tableDepends ON $tableStyles.depends_id = $tableDepends.depends_id WHERE style_enabled = 'true' AND depends_enabled = 'true' AND user_id = " . quote_smart($userID) . " AND show_style = 'true' ORDER BY $tableStyles.order_by, $tableStyles.style_name"; } elseif ($dataType == "type") { // Find all enabled+visible types in table 'user_types' belonging to the current user: // (opposed to formats & styles, we're not checking for any dependencies here) $query = "SELECT type_name FROM $tableTypes LEFT JOIN $tableUserTypes USING (type_id) WHERE user_id = " . quote_smart($userID) . " AND show_type = 'true' ORDER BY $tableTypes.order_by, $tableTypes.type_name"; } $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $userFormatsStylesTypesArray = array(); // initialize array variable // generate the name of the session variable: if (!empty($formatType)) $sessionVariableName = "user_" . $formatType . "_" . $dataType . "s"; // yields 'user_export_formats' or 'user_cite_formats' else $sessionVariableName = "user_" . $dataType . "s"; // yields 'user_styles' or 'user_types' $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found $userFormatsStylesTypesArray[] = $row[$dataType . "_name"]; // append this row's format/style/type name to the array of found user formats/styles/types // we'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if (($loginEmail != $adminLoginEmail) OR (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) { // join array of unique user formats/styles/types with '; ' as separator: $userFormatsStylesTypesString = implode('; ', $userFormatsStylesTypesArray); // Write the resulting string of user formats/styles/types into a session variable: saveSessionVariable($sessionVariableName, $userFormatsStylesTypesString); } } else // no user formats/styles/types found // we'll only delete the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if (($loginEmail != $adminLoginEmail) OR (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) deleteSessionVariable($sessionVariableName); // delete any 'user_export_formats'/'user_cite_formats'/'user_styles'/'user_types' session variable (which is now outdated) return $userFormatsStylesTypesArray; } // -------------------------------------------------------------------- // Get all formats/styles/types that are available (or enabled for the current user) and return them as properly formatted tag elements. // Note that this function will return two pretty different things, depending on who's logged in: // - if the admin is logged in, it will return all *available* formats/styles/types as tags // (with those items being selected which were _enabled_ by the admin for the current user) // - if a normal user is logged in, this function will return all formats/styles/types as tags which were *enabled* by the admin for the current user // (with those items being selected which were chosen to be _visible_ by the current user) function returnFormatsStylesTypesAsOptionTags($userID, $dataType, $formatType) // '$dataType' must be one of the following: 'format', 'style', 'type'; '$formatType' must be either '', 'export', 'import' or 'cite' { global $loginEmail; global $adminLoginEmail; // ('$adminLoginEmail' is specified in 'ini.inc.php') if ($loginEmail == $adminLoginEmail) // if the admin is logged in $availableFormatsStylesTypesArray = getAvailableFormatsStylesTypes($dataType, $formatType); // get all available formats/styles/types $enabledFormatsStylesTypesArray = getEnabledUserFormatsStylesTypes($userID, $dataType, $formatType, false); // get all formats/styles/types that were enabled by the admin for the current user if ($loginEmail == $adminLoginEmail) // if the admin is logged in { $optionTags = buildSelectMenuOptions($availableFormatsStylesTypesArray, "/ *; */", "\t\t\t", true); // build properly formatted tag elements from the items listed in '$availableFormatsStylesTypesArray' $selectedFormatsStylesTypesArray = $enabledFormatsStylesTypesArray; // get all formats/styles/types that were enabled by the admin for the current user } else // if ($loginEmail != $adminLoginEmail) // if a normal user is logged in { $optionTags = buildSelectMenuOptions($enabledFormatsStylesTypesArray, "/ *; */", "\t\t\t", true); // build properly formatted tag elements from the items listed in '$enabledFormatsStylesTypesArray' $selectedFormatsStylesTypesArray = getVisibleUserFormatsStylesTypes($userID, $dataType, $formatType); // get all formats/styles/types that were chosen to be visible for the current user } foreach($selectedFormatsStylesTypesArray as $itemKey => $itemValue) // escape possible meta characters within names of formats/styles/types that shall be selected (otherwise the grep pattern below would fail) $selectedFormatsStylesTypesArray[$itemKey] = preg_quote($itemValue); $selectedFormatsStylesTypes = implode("|", $selectedFormatsStylesTypesArray); // merge array of formats/styles/types that shall be selected $optionTags = preg_replace("/]*)>($selectedFormatsStylesTypes)<\\/option>/", "\\2", $optionTags); // select all formats/styles/types that are listed within '$selectedFormatsStylesTypesArray' return $optionTags; } // -------------------------------------------------------------------- // Fetch the name of the citation style file that's associated with the style given in '$citeStyle' // Note: Refbase identifies popup items by their name (and not by ID numbers) which means that the style names within the 'styles' table must be unique! // That said, this function assumes unique style names, i.e., there's no error checking for duplicates! function getStyleFile($citeStyle) { global $tableStyles; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // get the 'style_spec' for the record entry in table 'styles' whose 'style_name' matches that in '$citeStyle': $query = "SELECT style_spec FROM $tableStyles WHERE style_name = " . quote_smart($citeStyle); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $row = mysqli_fetch_array($result); return($row["style_spec"]); } // -------------------------------------------------------------------- // Fetch the path/name of the format file that's associated with the format given in '$formatName' function getFormatFile($formatName, $formatType) // '$formatType' must be either 'export', 'import' or 'cite' { global $tableFormats; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // get the 'format_spec' for the record entry in table 'formats' whose 'format_name' matches that in '$formatName': $query = "SELECT format_spec FROM $tableFormats WHERE format_name = " . quote_smart($formatName) . " AND format_type = " . quote_smart($formatType); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $row = mysqli_fetch_array($result); return($row["format_spec"]); } // -------------------------------------------------------------------- // Fetch the path of the external utility that's required for a particular import/export format function getExternalUtilityPath($externalUtilityName) { global $tableDepends; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // get the path for the record entry in table 'depends' whose field 'depends_external' matches that in '$externalUtilityName': $query = "SELECT depends_path FROM $tableDepends WHERE depends_external = " . quote_smart($externalUtilityName); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $row = mysqli_fetch_array($result); return($row["depends_path"]); } // -------------------------------------------------------------------- // Get the user (or group) permissions for the current user // and (optionally) save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions': function getPermissions($user_OR_groupID, $permissionType, $savePermissionsToSessionVariable) // '$permissionType' must be either 'user' or 'group'; '$savePermissionsToSessionVariable' must be either 'true' or 'false' { global $tableUserPermissions; // defined in 'db.inc.php' // NOTE: the group permissions feature (table 'group_permissions') has not been implemented yet, i.e., currently, only '$permissionType=user' is recognized! // global $tableGroupPermissions; // if ($permissionType == "group") // $tablePermissions = $tableGroupPermissions; // else $tablePermissions = $tableUserPermissions; connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: // Fetch all permission settings from the 'user_permissions' (or 'group_permissions') table for the current user: $query = "SELECT allow_add, allow_edit, allow_delete, allow_download, allow_upload, allow_list_view, allow_details_view, allow_print_view, allow_browse_view, allow_sql_search, allow_user_groups, allow_user_queries, allow_rss_feeds, allow_import, allow_export, allow_cite, allow_batch_import, allow_batch_export, allow_modify_options FROM " . $tablePermissions . " WHERE " . $permissionType . "_id = " . quote_smart($user_OR_groupID); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection if (mysqli_num_rows($result) == 1) // interpret query result: Do we have exactly one row? { $userPermissionsArray = array(); // initialize array variables $userPermissionsFieldNameArray = array(); $row = mysqli_fetch_array($result); // fetch the one row into the array '$row' $fieldsFound = mysqli_num_fields($result); // count the number of fields for ($i=0; $i<$fieldsFound; $i++) { // Fetch the current attribute name: $fieldName = getMySQLFieldInfo($result, $i, "name"); $userPermissionsArray[$fieldName] = $row[$i]; // ... append this field's permission value using the field's permission name as key if ($row[$i] == "yes") // if the current permission is set to 'yes'... $userPermissionsFieldNameArray[] = $fieldName; // ... append this field's permission name (as value) to the array of allowed user actions } // join array of allowed user actions with '; ' as separator: $allowedUserActionsString = implode('; ', $userPermissionsFieldNameArray); if ($savePermissionsToSessionVariable) // Write the resulting string of allowed user actions into a session variable: saveSessionVariable("user_permissions", $allowedUserActionsString); return $userPermissionsArray; } else { if ($savePermissionsToSessionVariable) // since no (or more than one) user/group was found with the given ID, we fall back to the default permissions which apply when no user is logged in, i.e., // we assume 'user_id' or 'group_id' is zero! (the 'start_session()' function will take care of setting up permissions when no user is logged in) deleteSessionVariable("user_permissions"); // therefore, we delete any existing 'user_permissions' session variable (which is now outdated) return array(); } } // -------------------------------------------------------------------- // Returns language information: // if empty($userID): get all languages that were setup and enabled by the admin // if !empty($userID): get the preferred language for the user with the specified userID function getLanguages($userID) { global $tableLanguages, $tableUsers; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: if (empty($userID)) // Find all unique language entries in the 'languages' table that are enabled: // (language names should be unique anyhow, so the DISTINCT parameter wouldn't be really necessary) $query = "SELECT DISTINCT language_name FROM $tableLanguages WHERE language_enabled = 'true' ORDER BY $tableLanguages.language_name"; else // Get the preferred language for the user with the user ID given in '$userID': $query = "SELECT language AS language_name FROM $tableUsers WHERE user_id = " . quote_smart($userID); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $languagesArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found $languagesArray[] = $row["language_name"]; // append this row's language name to the array of found languages } return $languagesArray; } // -------------------------------------------------------------------- // Return the current user's preferred interface language: function getUserLanguage() { global $loginUserID; // saved as session variable on login global $defaultLanguage; // defined in 'ini.inc.php' if (isset($_SESSION['loginEmail'])) // if a user is logged in { // get the preferred language for the current user: $userLanguagesArray = getLanguages($loginUserID); $userLanguage = $userLanguagesArray[0]; } else // NO user logged in $userLanguage = $defaultLanguage; // use the default language return $userLanguage; } // -------------------------------------------------------------------- // Get all user options for the current user: function getUserOptions($userID) { global $tableUserOptions; // defined in 'db.inc.php' connectToMySQLDatabase(); if (empty($userID)) $userID = 0; // CONSTRUCT SQL QUERY: // Fetch all options from table 'user_options' for the user with the user ID given in '$userID': $query = "SELECT * FROM $tableUserOptions WHERE user_id = " . quote_smart($userID); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $userOptionsArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound == 1) // Interpret query result: Do we have exactly one row? $userOptionsArray = @ mysqli_fetch_array($result); // fetch the one row into the array '$userOptionsArray' return $userOptionsArray; } // -------------------------------------------------------------------- // Get the list of "main fields" preferred by the current user: // and save the list of fields as comma-delimited string to the session variable 'userMainFields' // TODO: Make *one* generic function that can replace functions 'getMainFields()', // 'getDefaultNumberOfRecords()' and 'getPrefAutoCompletions()' function getMainFields($userID) { global $loginEmail; global $adminLoginEmail; // these variables are defined in 'ini.inc.php' global $defaultMainFields; $userOptionsArray = array(); // initialize array variable // Get all user options for the current user: // note that if the user isn't logged in (userID=0), the list of "main fields" is taken from variable // '$defaultMainFields' in 'ini.inc.php' and not from option 'main_fields' in table 'user_options if ($userID != 0) $userOptionsArray = getUserOptions($userID); // Extract the list of "main fields": if (!empty($userOptionsArray) AND !empty($userOptionsArray['main_fields'])) $userMainFieldsString = $userOptionsArray['main_fields']; // honour the logged in user's preferred list of "main fields" (if not empty or NULL) else $userMainFieldsString = $defaultMainFields; // by default, we take the list of "main fields" from the global variable '$defaultMainFields' // We'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if (($loginEmail != $adminLoginEmail) OR (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) // Write the list of fields into a session variable: saveSessionVariable("userMainFields", $userMainFieldsString); $userMainFieldsArray = preg_split("/ *, */", $userMainFieldsString); // split the string of fields into its individual fields return $userMainFieldsArray; } // -------------------------------------------------------------------- // Returns the current date (e.g. '2003-12-31'), time (e.g. '23:59:49') and user name & email address (e.g. 'Matthias Steffens (refbase@extracts.de)'): // this information is used when adding/updating/deleting records in the database function getCurrentDateTimeUser() { global $loginEmail; global $loginFirstName; global $loginLastName; $currentDate = date('Y-m-d'); // get the current date in a format recognized by MySQL (which is 'YYYY-MM-DD', e.g. '2003-12-31') $currentTime = date('H:i:s'); // get the current time in a format recognized by MySQL (which is 'HH:MM:SS', e.g. '23:59:49') $currentUser = $loginFirstName . " " . $loginLastName . " (" . $loginEmail . ")"; // we use session variables to construct the user name, e.g. 'Matthias Steffens (refbase@extracts.de)' return array($currentDate, $currentTime, $currentUser); } // -------------------------------------------------------------------- // Build a correct call number prefix for the currently logged-in user (e.g. 'IPÖ @ msteffens'): function getCallNumberPrefix() { global $loginEmail; global $abbrevInstitution; // we use session variables to construct a correct call number prefix: $loginEmailArray = preg_split("/@/", $loginEmail); // split the login email address at '@' $loginEmailUserName = $loginEmailArray[0]; // extract the user name (which is the first element of the array '$loginEmailArray') $callNumberPrefix = $abbrevInstitution . " @ " . $loginEmailUserName; return $callNumberPrefix; } // -------------------------------------------------------------------- // Get the default view for the current user: function getDefaultView($userID) { global $defaultView; // defined in 'ini.inc.php' $userOptionsArray = array(); // initialize array variables $viewsArray = array("List" => "allow_list_view", "Cite" => "allow_cite", "Display" => "allow_details_view", "Browse" => "allow_browse_view"); $userDefaultView = $defaultView; // by default, we take the default view from the global variable '$defaultView' // Note that if the user isn't logged in (userID=0), the default view is taken from variable '$defaultView' // in 'ini.inc.php' and is not overridden by any of the '*_view' permissions ('allow_list_view', 'allow_details_view', // 'allow_browse_view', 'allow_cite') in table 'user_permissions' // Adopt the user's default view if he/she is NOT allowed to use the global default (given in '$defaultView'): if (isset($viewsArray[$defaultView]) AND isset($_SESSION['user_permissions']) AND !preg_match("/" . $viewsArray[$defaultView] . "/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable does NOT contain the '*_view' permission that corresponds to '$defaultView' { foreach ($viewsArray as $viewType => $viewPermission) // use the next allowed view as default view { if (preg_match("/" . $viewPermission . "/", $_SESSION['user_permissions'])) { $userDefaultView = $viewType; break; } } } // Write the name of the default view into a session variable: saveSessionVariable("userDefaultView", $userDefaultView); return $userDefaultView; } // -------------------------------------------------------------------- // Returns the total number of records in the database: function getTotalNumberOfRecords() { global $tableRefs; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: $query = "SELECT COUNT(serial) FROM $tableRefs"; // query the total number of records $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $row = mysqli_fetch_row($result); // fetch the current row into the array $row (it'll be always *one* row, but anyhow) $numberOfRecords = $row[0]; // extract the contents of the first (and only) row return $numberOfRecords; } // -------------------------------------------------------------------- // Get the default number of records per page preferred by the current user: // TODO: Make *one* generic function that can replace functions 'getMainFields()', // 'getDefaultNumberOfRecords()' and 'getPrefAutoCompletions()' function getDefaultNumberOfRecords($userID) { global $loginEmail; global $adminLoginEmail; // these variables are defined in 'ini.inc.php' global $defaultNumberOfRecords; $userOptionsArray = array(); // initialize array variable // Get all user options for the current user: // note that if the user isn't logged in (userID=0), we don't load the default number of records from option // 'records_per_page' in table 'user_options' (where 'user_id = 0'). Instead, we'll return as many records as // defined in variable '$defaultNumberOfRecords' in 'ini.inc.php'. if ($userID != 0) $userOptionsArray = getUserOptions($userID); // Extract the number of records that's to be returned by default: if (!empty($userOptionsArray) AND !empty($userOptionsArray['records_per_page'])) $showRows = $userOptionsArray['records_per_page']; // honour the logged in user's preferred number of records (if not empty or NULL) else $showRows = $defaultNumberOfRecords; // by default, we take the number of records from the global variable '$defaultNumberOfRecords' // We'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if (($loginEmail != $adminLoginEmail) OR (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) // Write results into a session variable: saveSessionVariable("userRecordsPerPage", $showRows); return $showRows; } // -------------------------------------------------------------------- // Get the user's preference for displaying auto-completions: // TODO: Make *one* generic function that can replace functions 'getMainFields()', // 'getDefaultNumberOfRecords()' and 'getPrefAutoCompletions()' function getPrefAutoCompletions($userID) { global $loginEmail; global $adminLoginEmail; // these variables are defined in 'ini.inc.php' global $autoCompleteUserInput; $userOptionsArray = array(); // initialize array variable // Get all user options for the current user: // note that if the user isn't logged in (userID=0), we don't load the pref setting from option // 'show_auto_completions' in table 'user_options' (where 'user_id = 0'). Instead, we'll take // the setting from variable '$autoCompleteUserInput' in 'ini.inc.php'. if ($userID != 0) $userOptionsArray = getUserOptions($userID); // Extract the setting which defines whether auto-completions shall be displayed for text entered by the user: if (!empty($userOptionsArray) AND !empty($userOptionsArray['show_auto_completions'])) $showAutoCompletions = $userOptionsArray['show_auto_completions']; // honour the logged in user's preference for displaying auto-completions (if not empty or NULL) else $showAutoCompletions = $autoCompleteUserInput; // by default, we take the pref setting from the global variable '$autoCompleteUserInput' // We'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if (($loginEmail != $adminLoginEmail) OR (($loginEmail == $adminLoginEmail) && ($userID == getUserID($loginEmail)))) // Write results into a session variable: saveSessionVariable("userAutoCompletions", $showAutoCompletions); return $showAutoCompletions; } // -------------------------------------------------------------------- // Returns the date/time information (in format 'YYYY-MM-DD hh-mm-ss') when the database was last modified: function getLastModifiedDateTime() { global $tableRefs; // defined in 'db.inc.php' connectToMySQLDatabase(); // CONSTRUCT SQL QUERY: $query = "SELECT modified_date, modified_time FROM $tableRefs ORDER BY modified_date DESC, modified_time DESC, created_date DESC, created_time DESC LIMIT 1"; // get date/time info for the record that was added/edited most recently $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $row = mysqli_fetch_row($result); // fetch the current row into the array $row (it'll be always *one* row, but anyhow) $lastModifiedDateTime = $row[0] . " " . $row[1]; return $lastModifiedDateTime; } // -------------------------------------------------------------------- // Update the specified user permissions for the selected user(s): function updateUserPermissions($userIDArray, $userPermissionsArray) // '$userPermissionsArray' must contain one or more key/value elements of the form array('allow_add' => 'yes', 'allow_delete' => 'no') where key is a particular 'allow_*' field name from table 'user_permissions' and value is either 'yes' or 'no' { global $tableUserPermissions; // defined in 'db.inc.php' connectToMySQLDatabase(); $permissionQueryArray = array(); // CONSTRUCT SQL QUERY: // prepare the 'SET' part of the SQL query string: foreach($userPermissionsArray as $permissionKey => $permissionValue) $permissionQueryArray[] = $permissionKey . " = " . quote_smart($permissionValue); if (!empty($userIDArray) AND !empty($permissionQueryArray)) { // Update all specified permission settings in the 'user_permissions' table for the selected user(s): $query = "UPDATE $tableUserPermissions SET " . implode(", ", $permissionQueryArray) . " WHERE user_id RLIKE " . quote_smart("^(" . implode("|", $userIDArray) . ")$"); $result = queryMySQLDatabase($query); // RUN the query on the database through the connection return true; } else return false; } // -------------------------------------------------------------------- // Generate or extract the cite key for the given record: function generateCiteKey($formVars) { global $defaultCiteKeyFormat; // defined in 'ini.inc.php' global $handleNonASCIICharsInCiteKeysDefault; global $userOptionsArray; // '$userOptionsArray' is made globally available in file 'import_modify.php' as well as by functions 'generateExport()' and 'generateCitations()' in 'search.php' // by default, we use any record-specific cite key that was entered manually by the user: if (isset($formVars['citeKeyName'])) $citeKey = $formVars['citeKeyName']; else $citeKey = ""; // check if the user's options for auto-generation of cite keys command us to replace the manually entered cite key: if (!empty($userOptionsArray)) { if ($userOptionsArray['export_cite_keys'] == "yes") // if this user wants to include cite keys on import/export { if ($userOptionsArray['autogenerate_cite_keys'] == "yes") // if cite keys shall be auto-generated on import/export { if (empty($citeKey) OR ($userOptionsArray['prefer_autogenerated_cite_keys'] == "yes")) // if there's no manually entered cite key -OR- if the auto-generated cite key shall overwrite contents from the 'cite_key' field on import/export { if ($userOptionsArray['use_custom_cite_key_format'] == "yes") // if the user wants to use a custom cite key format $citeKeyFormat = $userOptionsArray['cite_key_format']; else // use the default cite key format that was specified by the admin in 'ini.inc.php' $citeKeyFormat = $defaultCiteKeyFormat; // auto-generate a cite key according to the given naming scheme: $citeKey = parsePlaceholderString($formVars, $citeKeyFormat, "<:authors:><:year:>"); } } } else $citeKey = ""; // by omitting a cite key Bibutils will take care of generation of cite keys for its export formats (BibTeX, Endnote, RIS) } // check how to handle non-ASCII characters: if (!empty($userOptionsArray) AND !empty($userOptionsArray['nonascii_chars_in_cite_keys'])) // use the user's own setting $handleNonASCIIChars = $userOptionsArray['nonascii_chars_in_cite_keys']; else $handleNonASCIIChars = $handleNonASCIICharsInCiteKeysDefault; // use the default setting that was specified by the admin in 'ini.inc.php' // in addition to the handling of non-ASCII chars (given in '$handleNonASCIIChars') we'll // strip additional characters from the generated cite keys: for cite keys, we only allow // letters, digits, and the following characters: !$&*+-./:;<>?[]^_`| // see e.g. the discussion of cite keys at: if (!empty($citeKey)) $citeKey = handleNonASCIIAndUnwantedCharacters($citeKey, "[:alnum:]" . preg_quote("!$&*+-./:;<>?[]^_`|", "/"), $handleNonASCIIChars); // ensure that each cite key is unique: if (!empty($citeKey) AND !empty($userOptionsArray) AND ($userOptionsArray['export_cite_keys'] == "yes") AND ($userOptionsArray['uniquify_duplicate_cite_keys'] == "yes")) // if the generated cite key already exists in the global array of found cite keys // ('$citeKeysArray'), we'll uniquify it, otherwise we'll keep it as is: $citeKey = ensureUniqueCiteKey($citeKey); return $citeKey; } // -------------------------------------------------------------------- // Handle non-ASCII and unwanted characters: // this function controls the handling of any non-ASCII chars and // unwanted characters in file/directory names and cite keys function handleNonASCIIAndUnwantedCharacters($fileDirCitekeyName, $allowedFileDirCitekeyNameCharacters, $handleNonASCIIChars) { // we treat non-ASCII characters in file/directory names and cite keys depending on the setting of variable '$handleNonASCIIChars': if ($handleNonASCIIChars == "strip") $fileDirCitekeyName = convertToCharacterEncoding("ASCII", "IGNORE", $fileDirCitekeyName); // remove any non-ASCII characters elseif ($handleNonASCIIChars != "keep") // i.e., if '$handleNonASCIIChars = "keep"' we don't attempt to strip/transliterate any non-ASCII chars in the generated file/directory name or cite key; // otherwise if '$handleNonASCIIChars = "transliterate"' (or when '$handleNonASCIIChars' contains an unrecognized/empty string) // we'll transliterate most of the non-ASCII characters and strip all other non-ASCII chars that can't be converted into ASCII equivalents: $fileDirCitekeyName = convertToCharacterEncoding("ASCII", "TRANSLIT", $fileDirCitekeyName); // in addition, we remove all characters from the generated file/directory name or cite key which are not listed in variable '$allowedFileDirCitekeyNameCharacters': if (!empty($allowedFileDirCitekeyNameCharacters)) $fileDirCitekeyName = preg_replace("/[^" . $allowedFileDirCitekeyNameCharacters . "]+/", "", $fileDirCitekeyName); return $fileDirCitekeyName; } // -------------------------------------------------------------------- // this is a stupid hack that maps the names of the '$row' array keys to those used // by the '$formVars' array (which is required by function 'generateCiteKey()') // (eventually, the '$formVars' array should use the MySQL field names as names for its array keys) function buildFormVarsArray($row) { $formVars = array(); // initialize array variable if(isset($row['author'])) $formVars['authorName'] = $row['author']; if(isset($row['title'])) $formVars['titleName'] = $row['title']; if(isset($row['type'])) $formVars['typeName'] = $row['type']; if(isset($row['year'])) $formVars['yearNo'] = $row['year']; if(isset($row['publication'])) $formVars['publicationName'] = $row['publication']; if(isset($row['abbrev_journal'])) $formVars['abbrevJournalName'] = $row['abbrev_journal']; if(isset($row['volume'])) $formVars['volumeNo'] = $row['volume']; if(isset($row['issue'])) $formVars['issueNo'] = $row['issue']; if(isset($row['pages'])) $formVars['pagesNo'] = $row['pages']; if(isset($row['corporate_author'])) $formVars['corporateAuthorName'] = $row['corporate_author']; if(isset($row['thesis'])) $formVars['thesisName'] = $row['thesis']; if(isset($row['address'])) $formVars['addressName'] = $row['address']; if(isset($row['keywords'])) $formVars['keywordsName'] = $row['keywords']; if(isset($row['abstract'])) $formVars['abstractName'] = $row['abstract']; if(isset($row['publisher'])) $formVars['publisherName'] = $row['publisher']; if(isset($row['place'])) $formVars['placeName'] = $row['place']; if(isset($row['editor'])) $formVars['editorName'] = $row['editor']; if(isset($row['language'])) $formVars['languageName'] = $row['language']; if(isset($row['summary_language'])) $formVars['summaryLanguageName'] = $row['summary_language']; if(isset($row['orig_title'])) $formVars['origTitleName'] = $row['orig_title']; if(isset($row['series_editor'])) $formVars['seriesEditorName'] = $row['series_editor']; if(isset($row['series_title'])) $formVars['seriesTitleName'] = $row['series_title']; if(isset($row['abbrev_series_title'])) $formVars['abbrevSeriesTitleName'] = $row['abbrev_series_title']; if(isset($row['series_volume'])) $formVars['seriesVolumeNo'] = $row['series_volume']; if(isset($row['series_issue'])) $formVars['seriesIssueNo'] = $row['series_issue']; if(isset($row['edition'])) $formVars['editionNo'] = $row['edition']; if(isset($row['issn'])) $formVars['issnName'] = $row['issn']; if(isset($row['isbn'])) $formVars['isbnName'] = $row['isbn']; if(isset($row['medium'])) $formVars['mediumName'] = $row['medium']; if(isset($row['area'])) $formVars['areaName'] = $row['area']; if(isset($row['expedition'])) $formVars['expeditionName'] = $row['expedition']; if(isset($row['conference'])) $formVars['conferenceName'] = $row['conference']; if(isset($row['notes'])) $formVars['notesName'] = $row['notes']; if(isset($row['approved'])) $formVars['approvedRadio'] = $row['approved']; if(isset($row['location'])) $formVars['locationName'] = $row['location']; if(isset($row['call_number'])) $formVars['callNumberName'] = $row['call_number']; if(isset($row['serial'])) $formVars['serialNo'] = $row['serial']; if(isset($row['online_publication'])) $formVars['onlinePublicationCheckBox'] = $row['online_publication']; if(isset($row['online_citation'])) $formVars['onlineCitationName'] = $row['online_citation']; if(isset($row['marked'])) $formVars['markedRadio'] = $row['marked']; if(isset($row['copy'])) $formVars['copyName'] = $row['copy']; if(isset($row['selected'])) $formVars['selectedRadio'] = $row['selected']; if(isset($row['user_keys'])) $formVars['userKeysName'] = $row['user_keys']; if(isset($row['user_notes'])) $formVars['userNotesName'] = $row['user_notes']; if(isset($row['user_file'])) $formVars['userFileName'] = $row['user_file']; if(isset($row['user_groups'])) $formVars['userGroupsName'] = $row['user_groups']; if(isset($row['cite_key'])) $formVars['citeKeyName'] = $row['cite_key']; if(isset($row['related'])) $formVars['relatedName'] = $row['related']; if(isset($row['orig_record'])) $formVars['origRecord'] = $row['orig_record']; if(isset($row['file'])) $formVars['fileName'] = $row['file']; if(isset($row['url'])) $formVars['urlName'] = $row['url']; if(isset($row['doi'])) $formVars['doiName'] = $row['doi']; return $formVars; } // -------------------------------------------------------------------- // Build properly formatted tag elements from items listed within an array or string (and which -- in the case of strings -- are delimited by '$splitDelim'). // The string given in '$prefix' will be used to prefix each of the tags (e.g., use '\t\t' to indent each of the tags by 2 tabs) function buildSelectMenuOptions($sourceData, $splitDelim, $prefix, $useArrayKeysAsValues) { if (is_string($sourceData)) // split the string on the specified delimiter (which is interpreted as regular expression!): $sourceData = preg_split($splitDelim, $sourceData); if ($useArrayKeysAsValues) { $optionTags = ""; // initialize variable // copy each item as option tag element to the end of the '$optionTags' variable: foreach ($sourceData as $itemID => $item) { if (!empty($item)) $optionTags .= "\n$prefix$item"; else // empty items will also get an empty value: $optionTags .= "\n$prefix"; } } else $optionTags = "\n$prefix" . implode("\n$prefix", $sourceData) . ""; return $optionTags; } // -------------------------------------------------------------------- // Produce a list with unique items from the specified field // Parameters: // 1: Database connection // 2. Table that contains values // 3. The field name of the table's primary key // 4. Table name of the user data table // 5. The field name within the user data table that corresponds to the field in 3. // 6. The field name of the user ID field within the user data table // 7. The user ID of the currently logged in user (which must be provided as a session variable) // 8. Attribute that contains values // 9. element name // 10. An additional non-database value (display string) // 11. String that gets submitted instead of the display string given in 10. // 12. Optional // 13. Restrict query to field... (keep empty if no restriction wanted) // 14. ...where field contents are... // 15. Split field contents into substrings? (yes = true, no = false) // 16. POSIX-PATTERN to split field contents into substrings (in order to obtain actual values) // 17. The type of the output format that shall be returned ("ARRAY", "HTML SELECT", "HTML UL" or "JSON") // 18. The POSIX-PATTERN that matches those substrings from the field's contents that shall be included as search suggestions // 19. Boolean that specifies whether search suggestions shall be wrapped into an enclosing HTML (or JSON) structure (yes if 'true') function selectDistinct($connection, // 1. $refsTableName, // 2. $refsTablePrimaryKey, // 3. $userDataTableName, // 4. $userDataTablePrimaryKey, // 5. $userDataTableUserID, // 6. $userDataTableUserIDvalue, // 7. $columnName, // 8. $pulldownName, // 9. $additionalOptionDisplay, // 10. $additionalOption, // 11. $defaultValue, // 12. $RestrictToField, // 13. $RestrictToFieldContents, // 14. $SplitValues, // 15. $SplitPattern, // 16. $outputFormat = "HTML SELECT", // 17. $searchSuggestionsPattern = "", // 18. $wrapSearchSuggestions = true) // 19. { $defaultWithinResultSet = FALSE; // Query to find distinct values of '$columnName' in '$refsTableName': if (isset($_SESSION['loginEmail'])) // if a user is logged in { if ($RestrictToField == "") $distinctQuery = "SELECT DISTINCT $columnName FROM $refsTableName LEFT JOIN $userDataTableName ON $refsTablePrimaryKey = $userDataTablePrimaryKey AND $userDataTableUserID = $userDataTableUserIDvalue ORDER BY $columnName"; else $distinctQuery = "SELECT DISTINCT $columnName FROM $refsTableName LEFT JOIN $userDataTableName ON $refsTablePrimaryKey = $userDataTablePrimaryKey AND $userDataTableUserID = $userDataTableUserIDvalue WHERE $RestrictToField RLIKE $RestrictToFieldContents ORDER BY $columnName"; } else // if NO user is logged in { if ($RestrictToField == "") $distinctQuery = "SELECT DISTINCT $columnName FROM $refsTableName ORDER BY $columnName"; else $distinctQuery = "SELECT DISTINCT $columnName FROM $refsTableName WHERE $RestrictToField RLIKE $RestrictToFieldContents ORDER BY $columnName"; } // Run the distinctQuery on the database through the connection: $resultId = queryMySQLDatabase($distinctQuery); // Retrieve all distinct values: $i = 0; $resultBuffer = array(); while ($row = @ mysqli_fetch_array($resultId)) { if ($SplitValues) // if desired, split field contents into substrings { // split field data on the pattern specified in '$SplitPattern': $splittedFieldData = preg_split("#" . $SplitPattern . "#", $row[$columnName]); // ... copy all array elements to end of '$resultBuffer': foreach($splittedFieldData as $element) { $element = trim($element); // NOTE: in case of OpenSearch search suggestions, we only include those substrings // that match the regular expression given in '$searchSuggestionsPattern' if (empty($searchSuggestionsPattern) OR (!empty($searchSuggestionsPattern) AND !empty($element) AND preg_match("/" . $searchSuggestionsPattern . "/i", $element))) $resultBuffer[$i++] = $element; } } else // copy field data (as is) to end of '$resultBuffer': { $element = trim($row[$columnName]); if (empty($searchSuggestionsPattern) OR (!empty($searchSuggestionsPattern) AND !empty($element))) $resultBuffer[$i++] = $element; } } if ($SplitValues) // (otherwise, data are already DISTINCT and ORDERed BY!) { if (!empty($resultBuffer)) { // remove duplicate values from array: $resultBuffer = array_unique($resultBuffer); // sort in ascending order: sort($resultBuffer); } } if ($outputFormat == "ARRAY") // return data as a PHP array: { return $resultBuffer; } else // return data as HTML or JSON: { $outputData = ""; if ($outputFormat == "HTML SELECT") // output data in an HTML select widget: { // Start the HTML select widget: if ($wrapSearchSuggestions) $outputData = "\n\t\t"; $optionTags = ""; // initialize variable // Add any additional option element: if (!empty($additionalOptionDisplay) AND !empty($additionalOption)) $optionTags .= "\n\t\t\t$additionalOptionDisplay"; // Build correct option tags from the provided database values: $optionTags .= buildSelectMenuOptions($resultBuffer, "//", "\t\t\t", false); $outputData .= preg_replace("/]*)>($defaultValue)<\\/option>/", "\\2", $optionTags); // add 'selected' attribute if ($wrapSearchSuggestions) $outputData .= "\n\t\t"; } elseif (($outputFormat == "HTML UL") AND !empty($resultBuffer)) // output data in an unordered HTML list: { $outputData = "

" . implode("

", $resultBuffer) . "

"; if ($wrapSearchSuggestions) $outputData = "

" . $outputData . "

"; } elseif (($outputFormat == "JSON") AND !empty($resultBuffer)) // output data in JSON format: { $outputData = '"' . implode('", "', $resultBuffer) . '"'; // for PHP 5 >= 5.2.0 and UTF-8 data, function 'json_encode()' could be used instead if ($wrapSearchSuggestions) $outputData = "[" . $outputData . "]"; } return $outputData; } } // -------------------------------------------------------------------- // Returns values from the given field & table: function getFieldContents($tableName, $columnName, $userID = "", $queryWhereClause = "", $orderBy = "", $getDistinctValues = true) { global $tableRefs, $tableUserData; // defined in 'db.inc.php' connectToMySQLDatabase(); if ($getDistinctValues) $distinct = "DISTINCT "; else $distinct = ""; // CONSTRUCT SQL QUERY: $query = "SELECT " . $distinct . $columnName . " FROM " . $tableName; if (($tableName == $tableRefs) AND isset($_SESSION['loginEmail']) AND !empty($userID)) // when querying table 'refs', and if a user is logged in... $query .= " LEFT JOIN " . $tableUserData . " ON serial = record_id AND user_id = " . quote_smart($userID); if (!empty($queryWhereClause)) $query .= " WHERE " . $queryWhereClause; if (!empty($orderBy)) $query .= " ORDER BY " . $orderBy; $result = queryMySQLDatabase($query); // RUN the query on the database through the connection $fieldContentsArray = array(); // initialize array variable $rowsFound = @ mysqli_num_rows($result); if ($rowsFound > 0) // If there were rows found ... { while ($row = @ mysqli_fetch_array($result)) // for all rows found $fieldContentsArray[] = $row[$columnName]; // append this row's field value to the array of extracted field values } return $fieldContentsArray; } // -------------------------------------------------------------------- // Remove a text pattern from the beginning and/or end of a string: // This function is used to remove leading and/or trailing delimiters from a string. // Notes: - '$removePattern' must be specified as perl-style regular expression! // - set both variables '$trimLeft' & '$trimRight' to 'true' if you want your text pattern to get removed from BOTH sides of the source string; // if you only want to trim the LEFT side of your source string: set '$trimLeft = true' & '$trimRight = false'; // if you only want to trim the RIGHT side of your source string: set '$trimLeft = false' & '$trimRight = true'; // Example: if '$removePattern' = ' *; *' and both, '$trimLeft' and '$trimRight', are set to 'true', // the string '; red; green; yellow; ' would be transformed to 'red; green; yellow'. function trimTextPattern($sourceString, $removePattern, $trimLeft, $trimRight) { if ($trimLeft) $sourceString = preg_replace("/^" . $removePattern . "/", "", $sourceString); // remove text pattern from beginning of source string if ($trimRight) $sourceString = preg_replace("/" . $removePattern . "$/", "", $sourceString); // remove text pattern from end of source string return $sourceString; // return the trimmed source string } // -------------------------------------------------------------------- // Quote variable to make safe (and escape special characters in a string for use in a SQL statement): function quote_smart($value) { // Remove slashes from value if 'magic_quotes_gpc = On': $value = stripSlashesIfMagicQuotes($value); // Remove any leading or trailing whitespace: $value = trim($value); // Quote & escape special chars if not a number or a numeric string: if (!is_numeric($value)) { $value = "\"" . escapeSQL($value) . "\""; } // Quote numbers with leading zeros (which would otherwise get stripped): elseif (preg_match("/^0+\d+$/", $value)) { $value = "\"" . $value . "\""; } return $value; } // -------------------------------------------------------------------- // Get the path to the currently executing script, relative to the document root: function scriptURL() { if (isset($_SERVER['SCRIPT_NAME'])) { $pathToScript = $_SERVER['SCRIPT_NAME']; } else { $pathToScript = $_SERVER['PHP_SELF']; // Sanitize PHP_SELF: if (preg_match('#\.php.+#', $pathToScript)) { // Remove anything after the PHP file extension: $pathToScript = preg_replace('#(?<=\.php).+#', '', $pathToScript); } } // NOTE: When a 'show.php' URL is called from within another script via function 'fetchDataFromURL()' // (as is the case for 'index.php'), '$_SERVER['SCRIPT_NAME']' and '$_SERVER['PHP_SELF']' do seem // to return double slashes for path separators (e.g. "/refs//search.php"). I don't know why this // happens. The line below fixes this: $pathToScript = preg_replace('#//+#', '/', $pathToScript); return $pathToScript; } // -------------------------------------------------------------------- // Verify the given path: // // NOTES: - Currently, this function just ensures that the given '$path' (i.e. a // file directory path or URL) ends with a slash. However, it would be // nice if this function would also check whether the given path or URL // exists, and issue a warning if not. // - '$type' must be either "path" or "URL" // // TODO: - Should we attempt to auto-guess the '$type' form the given '$path'? // - Make sure that the correct path separator gets used on Windows function checkPath($path, $type = "path", $addTrailingSlash = true) { // if (preg_match("/Windows/i", getenv("OS")) // should we query 'HTTP_USER_AGENT' instead? // $pathSeparator = '\\'; // is this actually necessary? (I vaguely remember that PHP also uses '/' on Windows) // else $pathSeparator = '/'; if ($addTrailingSlash) $path = preg_replace('#(? ... ... Mock++1997Bacteria // // 'Mock++1997Bacteria' gets preg_quote()d in 'show.php' to 'Mock\+\+1997Bacteria'. This // is necessary to escape any potential grep metacharacters inside the user's cite keys. // // So, for an input of '^(Mock\+\+1997Bacteria)$', following scenario will occur with 'magic_quotes_gpc = On': // // Case 1 ('convertSlashes()' uses 'stripslashes()'): // 'show.php' -> 'quote_smart()' -> 'stripSlashesIfMagicQuotes()' -> 'convertSlashes()': ^(Mock++1997Bacteria)$ -> this step incorrectly strips the slashes! // 'show.php' -> 'quote_smart()' -> 'escapeSQL()': ^(Mock++1997Bacteria)$ // 'show.php' -> 'quote_smart()': "^(Mock++1997Bacteria)$" // 'search.php' receives: \"^(Mock++1997Bacteria)$\" // 'search.php' -> 'verifySQLQuery()' -> 'stripSlashesIfMagicQuotes()' -> 'convertSlashes()': "^(Mock++1997Bacteria)$" // // Case 2 ('convertSlashes()' uses 'str_replace'): // 'show.php' -> 'quote_smart()' -> 'stripSlashesIfMagicQuotes()' -> 'convertSlashes()': ^(Mock\+\+1997Bacteria)$ // 'show.php' -> 'quote_smart()' -> 'escapeSQL()': ^(Mock\\+\\+1997Bacteria)$ // 'show.php' -> 'quote_smart()': "^(Mock\\+\\+1997Bacteria)$" // 'search.php' receives: \"^(Mock\\\\+\\\\+1997Bacteria)$\" // 'search.php' -> 'verifySQLQuery()' -> 'stripSlashesIfMagicQuotes()' -> 'convertSlashes()': "^(Mock\\+\\+1997Bacteria)$" // // This means that 'stripslashes()' fails while the code below seems to work: $sourceString = str_replace('\"', '"', $sourceString); // replace any \" with " $sourceString = str_replace("\\'", "'", $sourceString); // replace any \' with ' $sourceString = str_replace("\\\\", "\\", $sourceString); // $sourceString = preg_replace('/(\\\\)+/i', '\\\\', $sourceString); // instead of the previous line, this would kinda work if SQL strings aren't quote_smart()ed return $sourceString; } // -------------------------------------------------------------------- // Perform search & replace actions on the given text input: // ('$includesSearchPatternDelimiters' must be a boolean value that specifies whether the leading and trailing slashes // are included within the search pattern ['true'] or not ['false']) function searchReplaceText($searchReplaceActionsArray, $sourceString, $includesSearchPatternDelimiters) { // this allows to use '$loc' within the replacement pattern // e.g. like this: array("/(.+)/e" => "\$loc['\\1']") global $loc; // '$loc' is made globally available in 'core.php' // apply the search & replace actions defined in '$searchReplaceActionsArray' to the text passed in '$sourceString': foreach ($searchReplaceActionsArray as $searchString => $replaceString) { if (!$includesSearchPatternDelimiters) $searchString = "/" . $searchString . "/"; // add search pattern delimiters if (preg_match($searchString, $sourceString)) $sourceString = preg_replace($searchString, $replaceString, $sourceString); } return $sourceString; } // -------------------------------------------------------------------- // Perform case transformations on the given text input: // ('$transformation' must be either 'lower', 'upper', 'title' or 'heading') // // NOTE: For UTF-8, the PHP functions 'strtolower()' and 'strtoupper()' will only work correctly // if the server has locales installed which support UTF-8! More info is available at: // // // // TODO: Implement function 'changeCase()' so that it always works for UTF-8 // See e.g. functions 'utf8_strtolower()' and 'utf8_strtoupper()' at // function changeCase($transformation, $sourceString) { if (preg_match("/lower/i", $transformation)) // change source text to lower case $sourceString = strtolower($sourceString); elseif (preg_match("/upper/i", $transformation)) // change source text to upper case $sourceString = strtoupper($sourceString); elseif (preg_match("/title/i", $transformation)) // change source text to title case $sourceString = preg_replace("/\b(\w)(\w+)/e", "strtoupper('\\1').strtolower('\\2')", $sourceString); // the 'e' modifier allows to execute PHP code within the replacement pattern elseif (preg_match("/heading/i", $transformation)) // change source text to heading case (opposed to 'title', we only touch words with more than 3 chars, and we only change the case of the first letter but not any subsequent ones) $sourceString = preg_replace("/\b(\w)(\w{3,})/e", "strtoupper('\\1').'\\2'", $sourceString); // the 'e' modifier allows to execute PHP code within the replacement pattern return $sourceString; } // -------------------------------------------------------------------- // Sets the system's locale information: // On *NIX systems, use "locale -a" on the command line to display all locales // supported on your system. See for more information. function setSystemLocale($charSet = "", $systemLocales = "NONE") { global $contentTypeCharset; // these variables are defined in 'ini.inc.php' global $convertExportDataToUTF8; if (empty($charSet)) $charSet = $contentTypeCharset; if ($systemLocales == "NONE") { if ($charSet == "UTF-8") $systemLocales = array('en_US.UTF-8', 'en_GB.UTF-8', 'en_CA.UTF-8', 'en_AU.UTF-8', 'en_NZ.UTF-8', 'de_DE.UTF-8', 'fr_FR.UTF-8', 'es_ES.UTF-8'); else // we assume "ISO-8859-1" by default $systemLocales = array('en_US.ISO8859-1', 'en_GB.ISO8859-1', 'en_CA.ISO8859-1', 'en_AU.ISO8859-1', 'en_NZ.ISO8859-1', 'de_DE.ISO8859-1', 'fr_FR.ISO8859-1', 'es_ES.ISO8859-1'); } setlocale(LC_COLLATE, $systemLocales); // set locale for string comparison (including pattern matching) setlocale(LC_CTYPE, $systemLocales); // set locale for character classification and conversion, for example 'strtoupper()' // get the current settings without affecting them: $systemLocaleCollate = setlocale(LC_COLLATE, "0"); $systemLocaleCType = setlocale(LC_CTYPE, "0"); return array($systemLocaleCollate, $systemLocaleCType); } // -------------------------------------------------------------------- // Sets the mimetype & character encoding in the header: function setHeaderContentType($contentType, $contentTypeCharset) { header('Content-type: ' . $contentType . '; charset=' . $contentTypeCharset); } // -------------------------------------------------------------------- // Set HTTP status response // From user 'Ciantic' found at (24-Dec-2005 03:07) // This contains all HTTP status responses defined in RFC2616 section 6.1.1 // See function setHTTPStatus($statusCode) { // HTTP Protocol defined status codes: static $http = array(100 => "HTTP/1.1 100 Continue", 101 => "HTTP/1.1 101 Switching Protocols", 200 => "HTTP/1.1 200 OK", 201 => "HTTP/1.1 201 Created", 202 => "HTTP/1.1 202 Accepted", 203 => "HTTP/1.1 203 Non-Authoritative Information", 204 => "HTTP/1.1 204 No Content", 205 => "HTTP/1.1 205 Reset Content", 206 => "HTTP/1.1 206 Partial Content", 300 => "HTTP/1.1 300 Multiple Choices", 301 => "HTTP/1.1 301 Moved Permanently", 302 => "HTTP/1.1 302 Found", 303 => "HTTP/1.1 303 See Other", 304 => "HTTP/1.1 304 Not Modified", 305 => "HTTP/1.1 305 Use Proxy", 307 => "HTTP/1.1 307 Temporary Redirect", 400 => "HTTP/1.1 400 Bad Request", 401 => "HTTP/1.1 401 Unauthorized", 402 => "HTTP/1.1 402 Payment Required", 403 => "HTTP/1.1 403 Forbidden", 404 => "HTTP/1.1 404 Not Found", 405 => "HTTP/1.1 405 Method Not Allowed", 406 => "HTTP/1.1 406 Not Acceptable", 407 => "HTTP/1.1 407 Proxy Authentication Required", 408 => "HTTP/1.1 408 Request Time-out", 409 => "HTTP/1.1 409 Conflict", 410 => "HTTP/1.1 410 Gone", 411 => "HTTP/1.1 411 Length Required", 412 => "HTTP/1.1 412 Precondition Failed", 413 => "HTTP/1.1 413 Request Entity Too Large", 414 => "HTTP/1.1 414 Request-URI Too Large", 415 => "HTTP/1.1 415 Unsupported Media Type", 416 => "HTTP/1.1 416 Requested range not satisfiable", 417 => "HTTP/1.1 417 Expectation Failed", 500 => "HTTP/1.1 500 Internal Server Error", 501 => "HTTP/1.1 501 Not Implemented", 502 => "HTTP/1.1 502 Bad Gateway", 503 => "HTTP/1.1 503 Service Unavailable", 504 => "HTTP/1.1 504 Gateway Time-out"); header($http[$statusCode]); } // -------------------------------------------------------------------- // This function takes the URL given in '$sourceURL' and retrieves the returned data: function fetchDataFromURL($sourceURL) { global $errors; $handle = fopen($sourceURL, "r"); // fetch data from URL in read mode $sourceData = ""; if ($handle) { while (!feof($handle)) { $sourceData .= fread($handle, 4096); // read data in chunks } fclose($handle); } else { $errorMessage = "Error occurred: Failed to open " . $sourceURL; // network error if (!isset($errors["sourceText"])) $errors["sourceText"] = $errorMessage; else $errors["sourceText"] = $errors["sourceText"] . "
" . $errorMessage; } return $sourceData; } // -------------------------------------------------------------------- // Send '$dataString' as POST request (using the 'application/x-www-form-urlencoded' // content type) to the given '$host'/'$path': function sendPostRequest($host, $path, $referer, $dataString) { $port = 80; // server port to be used with the connection $timeout = 600; // connection time out in seconds $result = ""; // build header: $header = "POST " . $path . " HTTP/1.0\r\n" // "HTTP/1.1" would return data with "Transfer-Encoding: chunked" . "Host: " . $host . "\r\n" . "Referer: " . $referer . "\r\n" . "Content-Type: application/x-www-form-urlencoded\r\n" . "Content-Length: ". strlen($dataString) ."\r\n" . "\r\n"; // open connection: // see $fp = fsockopen($host, $port, $errorNo, $errorMsg, $timeout); if (!$fp) { $result = "Error $errorNo : $errorMsg"; } else { // POST data: fputs($fp, $header . $dataString); // read result: while (!feof($fp)) $result .= fgets($fp, 1024); // close connection: fclose($fp); } return $result; } // -------------------------------------------------------------------- // Detect character encoding: // NOTE: - Currently, this function only distinguishes between ISO-8859-1 and UTF-8! function detectCharacterEncoding($sourceString, $detectOrder = "") { // Method A: // Function 'mb_detect_encoding()' requires PHP with multi-byte support (i.e., PHP must // be compiled with the '--enable-mbstring' configure option). // (see: ) // $charSet = ""; // if (empty($detectOrder)) // Set the default character encoding detection order: // (see: ) // $detectOrder = implode(", ", mb_detect_order()); // on an English system this may be e.g. "ASCII, UTF-8" which wouldn't be useful in our case // $detectOrder = "UTF-8, ISO-8859-1"; // in case of refbase, we currently hardcode the detection order // Detect the character encoding of the given '$sourceString' with the given '$detectOrder': // $charSet = mb_detect_encoding($sourceString . "a", $detectOrder); // an ASCII char is appended to avoid a bug, see comment by at // Method B: // Based on function 'detectUTF8()' by user // at // (see also: ) // Check if a string contains UTF-8 characters: // NOTE: This regex pattern only looks for non-ASCII multibyte sequences in // the UTF-8 range and stops once it finds at least one multibytes string. if (preg_match('%(?: [\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte | \xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte | \xED[\x80-\x9F][\x80-\xBF] # excluding surrogates | \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 )+%xs', $sourceString)) $charSet = "UTF-8"; // found at least one multibyte UTF-8 character else $charSet = "ISO-8859-1"; return $charSet; } // -------------------------------------------------------------------- // Convert to character encoding: // This function converts text that's represented in '$sourceCharset' into the character encoding // given in '$targetCharset'. If '$sourceCharset' isn't given, we default to the refbase database // encoding (which is indicated in '$contentTypeCharset'). '$transliteration' must be either // "TRANSLIT" or "IGNORE" causing characters which are unrecognized by the target charset to get // either transliterated or ignored, respectively. function convertToCharacterEncoding($targetCharset, $transliteration, $sourceString, $sourceCharset = "") { global $contentTypeCharset; // defined in 'ini.inc.php' global $transtab_latin1_ascii; // defined in 'transtab_latin1_ascii.inc.php' global $transtab_unicode_ascii; // defined in 'transtab_unicode_ascii.inc.php' global $transtab_unicode_latin1; // defined in 'transtab_unicode_latin1.inc.php' global $transtab_unicode_refbase; // defined in 'transtab_unicode_refbase.inc.php' if (empty($sourceCharset)) $sourceCharset = $contentTypeCharset; // In case of ISO-8859-1/UTF-8 to ASCII conversion we attempt to transliterate non-ASCII chars, // comparable to the fallback notations that people use commonly in email and on typewriters to // represent unavailable characters: if (($targetCharset == "ASCII") AND ($transliteration == "TRANSLIT")) { if ($sourceCharset == "UTF-8") $convertedString = searchReplaceText($transtab_unicode_ascii, $sourceString, false); else // we assume "ISO-8859-1" by default $convertedString = searchReplaceText($transtab_latin1_ascii, $sourceString, false); // Strip any additional non-ASCII characters which we weren't able to transliterate: $convertedString = iconv($sourceCharset, "ASCII//IGNORE", $convertedString); // Notes from regarding "TRANSLIT" and "IGNORE": // - If you append the string //TRANSLIT to out_charset transliteration is activated. // This means that when a character can't be represented in the target charset, it can // be approximated through one or several similarly looking characters. If you append // the string //IGNORE, characters that cannot be represented in the target charset // are silently discarded. Otherwise, str is cut from the first illegal character. } // Similar to the ISO-8859-1/UTF-8 to ASCII conversion we attempt to transliterate non-latin1 chars when // converting from UTF-8 to ISO-8859-1. // NOTE: we don't use 'iconv("UTF-8", "ISO-8859-1//TRANSLIT", $sourceString)' here, since this seems to // abort the conversion with an error ("Detected an illegal character in input string") if e.g. a // greek delta character is encountered. elseif (($targetCharset == "ISO-8859-1") AND ($transliteration == "TRANSLIT") AND ($sourceCharset == "UTF-8")) { // Convert Unicode entities to refbase markup (if possible): $convertedString = searchReplaceText($transtab_unicode_refbase, $sourceString, true); // Attempt to transliterate any remaining non-latin1 characters: $convertedString = searchReplaceText($transtab_unicode_latin1, $convertedString, false); // Strip any additional non-latin1 characters which we weren't able to transliterate: $convertedString = iconv($sourceCharset, "ISO-8859-1//IGNORE", $convertedString); } else $convertedString = iconv($sourceCharset, "$targetCharset//$transliteration", $sourceString); return $convertedString; } // -------------------------------------------------------------------- // Encode HTML entities: // (this custom function is provided so that it'll be easier to change the way how entities are HTML encoded later on) function encodeHTML($sourceString) { global $contentTypeCharset; // defined in 'ini.inc.php' // Note: Using PHP 5.0.4, I couldn't get 'htmlentities()' to work properly with UTF-8. Apparently, versions before // PHP 4.3.11 and PHP 5.0.4 had a partially incorrect utf8 to htmlentities mapping (see ), // however, PHP 5.0.4 still seems buggy to me. Therefore, in case of UTF-8, we'll use 'mb_convert_encoding()' instead. // IMPORTANT: this requires multi-byte support enabled on your PHP server! // (i.e., PHP must be compiled with the '--enable-mbstring' configure option) if ($contentTypeCharset == "UTF-8") { // encode HTML special chars $sourceString = encodeHTMLspecialchars($sourceString); // converts from 'UTF-8' to 'HTML-ENTITIES' (see: ) $encodedString = mb_convert_encoding($sourceString, 'HTML-ENTITIES', "$contentTypeCharset"); } else $encodedString = htmlentities($sourceString, ENT_COMPAT, "$contentTypeCharset"); // Notes from : // // - The optional second parameter lets you define what will be done with 'single' and "double" quotes. // It takes on one of three constants with the default being ENT_COMPAT: // ENT_COMPAT: Will convert double-quotes and leave single-quotes alone. // ENT_QUOTES: Will convert both double and single quotes. // ENT_NOQUOTES: Will leave both double and single quotes unconverted. // // - The optional third argument defines the character set used in conversion. Support for this argument // was added in PHP 4.1.0. Presently, the ISO-8859-1 character set is used as the default. return $encodedString; } // -------------------------------------------------------------------- // Encode HTML special chars: // As opposed to the 'encodeHTML()' function this function will only convert the characters supported by the // 'htmlspecialchars()' function: // - '&' (ampersand) becomes '&' // - '"' (double quote) becomes '"' when ENT_NOQUOTES is not set // - ''' (single quote) becomes ''' only when ENT_QUOTES is set // - '<' (less than) becomes '<' // - '>' (greater than) becomes '>' // Note that these (and only these!) entities are also supported by XML (which is why we use this function within the XML // generating functions 'generateRSS()', 'modsRecord()' & 'atomEntry()' and leave all other higher ASCII chars unencoded) function encodeHTMLspecialchars($sourceString) { global $contentTypeCharset; // defined in 'ini.inc.php' $encodedString = htmlspecialchars($sourceString, ENT_COMPAT, "$contentTypeCharset"); // Notes from : // // - The optional second parameter lets you define what will be done with 'single' and "double" quotes. // It takes on one of three constants with the default being ENT_COMPAT: // ENT_COMPAT: Will convert double-quotes and leave single-quotes alone. // ENT_QUOTES: Will convert both double and single quotes. // ENT_NOQUOTES: Will leave both double and single quotes unconverted. // // - The optional third argument defines the character set used in conversion. Support for this argument // was added in PHP 4.1.0. Presently, the ISO-8859-1 character set is used as the default. return $encodedString; } // -------------------------------------------------------------------- // Decode HTML entities: // This function converts HTML entities in '$sourceString' to the character encoding given in '$targetCharset'. // It is intended to work similar to function 'html_entity_decode()' but should also support conversion of numeric // entities as well as UTF-8 on PHP 4. In case of refbase, '$targetCharset' should be either "UTF-8" or "ISO-8859-1". function decodeHTML($targetCharset, $sourceString) { global $contentTypeCharset; // defined in 'ini.inc.php' static $transtab_HTML; // Method A: // Function 'html_entity_decode()' is available since PHP 4.3.0, but UTF-8 support was only added with PHP 5? // (see ) // NOTE: This function doesn't convert numeric entities, so, if used, it should be combined with the code block // underneath "Replace numeric entities" below. // $convertedString = html_entity_decode($sourceString, ENT_QUOTES, "$targetCharset"); // W.r.t. the second parameter, see notes underneath the call to 'htmlentities()' in function 'encodeHTML()' // Method B: // Function 'mb_convert_encoding()' requires PHP with multi-byte support (i.e., PHP must be compiled with the // '--enable-mbstring' configure option). Converts from 'HTML-ENTITIES' to '$targetCharset'. // (see: ) // NOTE: Compared to methods A + C, this seems to yield different results! ?:-/ // $convertedString = mb_convert_encoding($sourceString, "$targetCharset", 'HTML-ENTITIES'); // Method C: // Assembled from user contributions at // - Replace numeric entities: $convertedString = preg_replace('/�*([0-9a-f]+);/ei', "charNumToCharString('$targetCharset', hexdec('\\1'))", $sourceString); // hex notation $convertedString = preg_replace('/�*([0-9]+);/e', "charNumToCharString('$targetCharset', '\\1')", $convertedString); // decimal notation // - Replace literal entities: if (!isset($transtab_HTML)) { // Get the translation table that's used by function 'htmlspecialchars()': $transtab_HTML = get_html_translation_table(HTML_ENTITIES, ENT_QUOTES); $transtab_HTML = array_flip($transtab_HTML); // Change the translation table from latin1 to UTF-8 (if necessary): if ($targetCharset == "UTF-8") foreach ($transtab_HTML as $key => $value) $transtab_HTML[$key] = utf8_encode($value); // encode ISO-8859-1 char as UTF-8 } $convertedString = strtr($convertedString, $transtab_HTML); return $convertedString; } // -------------------------------------------------------------------- // Decode HTML special chars: // As opposed to the 'decodeHTML()' function this function will only decode the characters supported by the // 'htmlspecialchars()' function: // - '&' (ampersand) becomes '&' // - '"' (double quote) becomes '"' when ENT_NOQUOTES is not set // - ''' (single quote) becomes ''' only when ENT_QUOTES is set // - '<' (less than) becomes '<' // - '>' (greater than) becomes '>' function decodeHTMLspecialchars($sourceString) { static $transtab_HTMLspecialchars; // Method A: // Function 'htmlspecialchars_decode()' seems to be available since PHP 5.1.0. // (see ) // $decodedString = htmlspecialchars_decode($sourceString, ENT_QUOTES); // W.r.t. the second parameter, see notes underneath the call to 'htmlspecialchars()' in function 'encodeHTMLspecialchars()' // Method B: // Assembled from user contributions at if (!isset($transtab_HTMLspecialchars)) { // Get the translation table that's used by function 'htmlspecialchars()': $transtab_HTMLspecialchars = get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES); $transtab_HTMLspecialchars = array_flip($transtab_HTMLspecialchars); if (!isset($transtab_HTMLspecialchars['''])) // we need to add ''' since the above call to 'get_html_translation_table()' returns just ''' $transtab_HTMLspecialchars['''] = "'"; } $decodedString = strtr($sourceString, $transtab_HTMLspecialchars); return $decodedString; } // -------------------------------------------------------------------- // Returns the character string that corresponds to the given character code value: // (modified after user contributions by , // and at ) // NOTE: - In case of refbase, '$targetCharset' should be either "UTF-8" or "ISO-8859-1" // - For a latin1-based database, we'll convert any Unicode-only entities into the // corresponding refbase markup (if possible), and any remaining UTF-8 characters // will be converted to their ASCII equivalents. function charNumToCharString($targetCharset, $num) { global $transtab_unicode_ascii; // defined in 'transtab_unicode_ascii.inc.php' global $transtab_unicode_refbase; // defined in 'transtab_unicode_refbase.inc.php' // Generates a UTF-8 string that corresponds to the given Unicode value: if ($num < 0) $utfChar = ''; elseif ($num < 128) $utfChar = chr($num); elseif ($num < 2048) $utfChar = chr(($num >> 6) + 192) . chr(($num & 63) + 128); elseif ($num < 65536) $utfChar = chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); elseif ($num < 2097152) $utfChar = chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); if (!empty($utfChar) AND $targetCharset == "ISO-8859-1") { // Convert Unicode entities to refbase markup (if possible): $utfChar = searchReplaceText($transtab_unicode_refbase, $utfChar, true); // Convert any remaining UTF-8 characters to their ASCII equivalents: // TODO: Should we use iconv (function 'convertToCharacterEncoding()') instead? $utfChar = searchReplaceText($transtab_unicode_ascii, $utfChar, false); } return $utfChar; } // -------------------------------------------------------------------- // Encode special chars, perform charset conversions (if necessary) // and apply any field-specific search & replace actions: // ('$targetFormat' must be either "HTML" or "XML") function encodeField($fieldName, $fieldValue, $localSearchReplaceActionsArray = array(), $encodingExceptionsArray = array(), $encode = true, $targetFormat = "HTML") { global $contentTypeCharset; // these variables are defined in 'ini.inc.php' global $convertExportDataToUTF8; global $searchReplaceActionsArray; if (($encode) AND (!in_array($fieldName, $encodingExceptionsArray))) { if ($targetFormat == "HTML") { // Encode non-ASCII chars as HTML entities: $fieldValue = encodeHTML($fieldValue); } elseif ($targetFormat == "XML") { // Only convert those special chars to entities which are supported by XML: $fieldValue = encodeHTMLspecialchars($fieldValue); // Convert field data to UTF-8: if (($convertExportDataToUTF8 == "yes") AND ($contentTypeCharset != "UTF-8")) $fieldValue = convertToCharacterEncoding("UTF-8", "IGNORE", $fieldValue); } } // Apply *locally* defined search & replace 'actions' to all fields that are listed // in the 'fields' element of the arrays contained in '$localSearchReplaceActionsArray': foreach ($localSearchReplaceActionsArray as $fieldActionsArray) if (in_array($fieldName, $fieldActionsArray['fields'])) $fieldValue = searchReplaceText($fieldActionsArray['actions'], $fieldValue, true); if ($targetFormat == "HTML") { // Apply *globally* defined search & replace 'actions' to all fields that are listed // in the 'fields' element of the arrays contained in '$searchReplaceActionsArray': foreach ($searchReplaceActionsArray as $fieldActionsArray) if (in_array($fieldName, $fieldActionsArray['fields'])) $fieldValue = searchReplaceText($fieldActionsArray['actions'], $fieldValue, true); } return $fieldValue; } // -------------------------------------------------------------------- // Strip HTML and PHP tags from input string: // See function stripTags($sourceString, $allowedTags = "") { $cleanedString = strip_tags($sourceString, $allowedTags); return $cleanedString; } // -------------------------------------------------------------------- // Verify the SQL query specified by the user and modify it if security concerns are encountered: // (this function does add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query) function verifySQLQuery($sqlQuery, $referer, $displayType, $showLinks) { global $loginEmail; global $loginUserID; global $fileVisibility; // these variables are specified in 'ini.inc.php' global $librarySearchPattern; global $showAdditionalFieldsDetailsViewDefault; global $showUserSpecificFieldsDetailsViewDefault; global $tableRefs, $tableUserData; // defined in 'db.inc.php' global $loc; // '$loc' is made globally available in 'core.php' // note that, if several errors occur, only the last error message will be displayed // disallow display/querying of the 'file' field if NONE of the following conditions are met: // - the variable '$fileVisibility' (defined in 'ini.inc.php') is set to 'everyone' // - the variable '$fileVisibility' is set to 'login' AND the user is logged in // - the variable '$fileVisibility' is set to 'user-specific' AND the 'user_permissions' session variable contains 'allow_download' if (!($fileVisibility == "everyone" OR ($fileVisibility == "login" AND isset($_SESSION['loginEmail'])) OR ($fileVisibility == "user-specific" AND (isset($_SESSION['user_permissions']) AND preg_match("/allow_download/", $_SESSION['user_permissions']))))) { // remove 'file' field from SQL query: $sqlQuery = stripFieldFromSQLQuery($sqlQuery, "file", true); } // disallow display/querying of the 'location' field if the user is NOT logged in: // (this is mostly done to shield user email addresses from exposure to search engines and/or email harvesting robots) if (!isset($_SESSION['loginEmail'])) { // remove 'location' field from SQL query: $sqlQuery = stripFieldFromSQLQuery($sqlQuery, "location", true); } // supply generic 'WHERE' clause if it didn't exist in the SELECT query: if (preg_match("/^SELECT/i", $sqlQuery) AND !preg_match("/ FROM " . $tableRefs . ".* WHERE /i", $sqlQuery)) $sqlQuery = preg_replace("/(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i", " WHERE serial RLIKE \".+\"", $sqlQuery, 1); // supply generic 'ORDER BY' clause if it didn't exist in the SELECT query: // TODO: - add a suitable 'ORDER BY' clause for Browse view and if '$citeOrder != "author"' if (preg_match("/^SELECT/i", $sqlQuery) AND !preg_match("/ FROM " . $tableRefs . ".* ORDER BY /i", $sqlQuery) AND ($displayType != "Browse")) $sqlQuery = preg_replace("/(?= LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i", " ORDER BY author, year DESC, publication", $sqlQuery, 1); // handle the display & querying of user-specific fields: if (!isset($_SESSION['loginEmail'])) // if NO user is logged in... { // ... and any user-specific fields are part of the SELECT or ORDER BY statement... if ((empty($referer) OR preg_match("#.+search\.php#i",$referer)) AND (preg_match("/(SELECT |ORDER BY |, *)(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)/i",$sqlQuery))) // if the calling script ends with 'search.php' (i.e., is NOT 'show.php' or 'sru.php', see note below!) AND any user-specific fields are part of the SELECT or ORDER BY clause { // if the 'SELECT' clause contains any user-specific fields: if (preg_match("/SELECT(.(?!FROM))+?(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)/i",$sqlQuery)) { // return an appropriate error message: // note: we don't write out any error message if the user-specific fields do only occur within the 'ORDER' clause (but not within the 'SELECT' clause) $HeaderString = returnMsg($loc["Warning_DisplayUserSpecificFieldsOmitted"] . "!", "warning", "strong", "HeaderString"); } $sqlQuery = preg_replace("/(SELECT|ORDER BY) (marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)( DESC)?/i", "\\1 ", $sqlQuery); // ...delete any user-specific fields from beginning of 'SELECT' or 'ORDER BY' clause $sqlQuery = preg_replace("/, *(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)( DESC)?/i", "", $sqlQuery); // ...delete any remaining user-specific fields from 'SELECT' or 'ORDER BY' clause $sqlQuery = preg_replace("/(SELECT|ORDER BY) *, */i", "\\1 ", $sqlQuery); // ...remove any field delimiters that directly follow the 'SELECT' or 'ORDER BY' terms $sqlQuery = preg_replace("/SELECT *(?=FROM)/i", buildSELECTclause("", "", "", false, false) . " ", $sqlQuery); // ...supply generic 'SELECT' clause if it did ONLY contain user-specific fields $sqlQuery = preg_replace("/ORDER BY *(?=LIMIT|GROUP BY|HAVING|PROCEDURE|FOR UPDATE|LOCK IN|$)/i", "ORDER BY author, year DESC, publication", $sqlQuery); // ...supply generic 'ORDER BY' clause if it did ONLY contain user-specific fields } // ... and the 'LEFT JOIN...' statement is part of the 'FROM' clause... if ((preg_match("#.+search\.php#i",$referer)) AND (preg_match("/LEFT JOIN $tableUserData/i",$sqlQuery))) // if the calling script ends with 'search.php' (i.e., is NOT 'show.php' or 'sru.php', see note below!) AND the 'LEFT JOIN...' statement is part of the 'FROM' clause... $sqlQuery = preg_replace("/FROM $tableRefs LEFT JOIN.+WHERE/i","FROM $tableRefs WHERE",$sqlQuery); // ...delete 'LEFT JOIN...' part from 'FROM' clause // ... and any user-specific fields are part of the WHERE clause... if ((preg_match("#.+search\.php#i",$referer) OR preg_match("/^RSS$/i",$displayType)) AND (preg_match("/WHERE.+(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related)/i",$sqlQuery))) // if a user who's NOT logged in tries to query user-specific fields (by use of 'sql_search.php')... // Note that the script 'show.php' may query the user-specific field 'selected' (e.g., by URLs of the form: 'show.php?author=...&userID=...&only=selected') // but since (in that case) the '$referer' variable is either empty or does not end with 'search.php' this if clause will not apply (which is ok since we want to allow 'show.php' to query the 'selected' field). // The same applies in the case of 'sru.php' which may query the user-specific field 'cite_key' (e.g., by URLs like: 'sru.php?version=1.1&query=bib.citekey=...&x-info-2-auth1.0-authenticationToken=email=...') // Note that this also implies that a user who's not logged in might perform a query such as: 'http://localhost/refs/show.php?cite_key=...&userID=...' { // Note: in the patterns below we'll attempt to account for parentheses but this won't catch all cases! $sqlQuery = preg_replace("/WHERE( *\( *?)* *(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related).+?(?= (AND|OR)\b| ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i","WHERE\\1",$sqlQuery); // ...delete any user-specific fields from 'WHERE' clause $sqlQuery = preg_replace("/( *\( *?)*( *(AND|OR)\b)? *(marked|copy|selected|user_keys|user_notes|user_file|user_groups|cite_key|related).+?(?=( *\) *?)* +((AND|OR)\b|ORDER BY|LIMIT|GROUP BY|HAVING|PROCEDURE|FOR UPDATE|LOCK IN|$))/i","\\1",$sqlQuery); // ...delete any user-specific fields from 'WHERE' clause $sqlQuery = preg_replace("/WHERE( *\( *?)* *(AND|OR)\b/i","WHERE\\1",$sqlQuery); // ...delete any superfluous 'AND' or 'OR' that wasn't removed properly by the two regex patterns above $sqlQuery = preg_replace("/WHERE( *\( *?)*(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i","WHERE serial RLIKE \".+\"",$sqlQuery); // ...supply generic 'WHERE' clause if it did ONLY contain user-specific fields // return an appropriate error message: $HeaderString = returnMsg($loc["Warning_QueryUserSpecificFieldsOmitted"] . "!", "warning", "strong", "HeaderString"); } } else // if a user is logged in... { if (preg_match("/LEFT JOIN $tableUserData/i",$sqlQuery)) // if the 'LEFT JOIN...' statement is part of the 'FROM' clause... { // ...and any user-specific fields other(!) than the 'selected' or 'cite_key' field are part of the 'SELECT' or 'WHERE' clause... // Note that we exclude the 'selected' field here (although it is user-specific). By that we allow the 'selected' field to be queried by every user who's logged in. // This is done to support the 'show.php' script which may query the user-specific field 'selected' (e.g., by URLs of the form: 'show.php?author=...&userID=...&only=selected') // Similarly, we exclude 'cite_key' here to allow every user to query other user's 'cite_key' fields using 'sru.php' (e.g., by URLs like: 'sru.php?version=1.1&query=bib.citekey=...&x-info-2-auth1.0-authenticationToken=email=...') if (preg_match("/, (marked|copy|user_keys|user_notes|user_file|user_groups|related)/i",$sqlQuery) OR preg_match("/WHERE.+(marked|copy|user_keys|user_notes|user_file|user_groups|related)/i",$sqlQuery)) { $sqlQuery = preg_replace("/user_id *= *[0-9]+/i","user_id = $loginUserID",$sqlQuery); // ...replace any other user ID with the ID of the currently logged in user if (!empty($librarySearchPattern) AND !(preg_match("/^location$/i",$librarySearchPattern[0]) AND preg_match("/location RLIKE " . quote_smart($librarySearchPattern[1]) . "/i",$sqlQuery))) // don't replace the 'location' part of the WHERE clause if it stems from variable '$librarySearchPattern' in 'ini.inc.php' (NOTE: this is quite hacky! :-/) $sqlQuery = preg_replace("/location RLIKE .+?(?= (AND|OR)\b| ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|$)/i","location RLIKE " . quote_smart($loginEmail),$sqlQuery); // ...replace any other user email address with the login email address of the currently logged in user } } // if we're going to display record details for a logged in user, we have to ensure the display of the 'location' field as well as the user-specific fields (which may have been deleted from a query due to a previous logout action); // in 'Display Details' view, the 'call_number' and 'serial' fields are the last generic fields before any user-specific fields: if (((preg_match("/^Display$/i",$displayType) AND ($showUserSpecificFieldsDetailsViewDefault == "yes")) OR (preg_match("/^Export$/i",$displayType))) AND (preg_match("/, call_number, serial FROM $tableRefs/i",$sqlQuery))) // if the user-specific fields are missing from the SELECT statement... $sqlQuery = preg_replace("/, call_number, serial FROM $tableRefs/i",", call_number, serial, marked, copy, selected, user_keys, user_notes, user_file, user_groups, cite_key, related FROM $tableRefs",$sqlQuery); // ...add all user-specific fields to the 'SELECT' clause // in 'Display Details' view, the 'location' field should occur within the SELECT statement before the 'call_number' and 'serial' fields: // if (((preg_match("/^Display$/i",$displayType) AND ($showAdditionalFieldsDetailsViewDefault == "yes")) OR (preg_match("/^Export$/i",$displayType))) AND (preg_match("/(? // ) function generateISO8601TimeStamp($date = "", $time = "") { $timeStamp = generateUNIXTimeStamp($date, $time); $iso8601date = date('Y-m-d\TH:i:s', $timeStamp); // PHP 4+5 // for PHP4 support, we manually insert a colon in the TZ designation: $timezone = date("O", $timeStamp); // get timezone $iso8601date .= substr($timezone, 0, -2) . ":" . substr($timezone, -2, 2); // append timezone // $iso8601date = date('c', $timeStamp); // PHP 5 return $iso8601date; } // -------------------------------------------------------------------- // generate a RFC-2822 formatted date/time stamp (string): // (RFC-2822 date/time example: "Fri, 11 Jan 2008 18:30:21 +0100") function generateRFC2822TimeStamp($date = "", $time = "") { $timeStamp = generateUNIXTimeStamp($date, $time); $rfc2822date = date('r', $timeStamp); return $rfc2822date; } // -------------------------------------------------------------------- // generate an email address from MySQL 'created_by' fields that conforms // to the RFC-2822 specifications (): function generateRFC2822EmailAddress($createdBy) { // Note that the following patterns don't attempt to do fancy parsing of email addresses but simply assume the string format // of the 'created_by' field (table 'refs'). If you change the string format, you must modify these patterns as well! $authorName = preg_replace("/(.+?)\([^)]+\)/", "\\1", $createdBy); $authorEmail = preg_replace("/.+?\(([^)]+)\)/", "\\1", $createdBy); $rfc2822address = encodeHTMLspecialchars($authorName . "<" . $authorEmail . ">"); return $rfc2822address; } // -------------------------------------------------------------------- // Takes a SQL query and tries to describe it in natural language: // (Note that, currently, this function doesn't attempt to cover all kinds of SQL queries [which would be a task by its own!] // but rather sticks to what is needed in the context of refbase: I.e., right now, only the 'WHERE' clause will be translated) function explainSQLQuery($sourceSQLQuery) { // fix escape sequences within the SQL query: $translatedSQL = stripSlashesIfMagicQuotes($sourceSQLQuery); // $translatedSQL = str_replace('\"','"',$sourceSQLQuery); // replace any \" with " // $translatedSQL = preg_replace('/(\\\\)+/','\\\\',$translatedSQL); // define an array of search & replace actions: // (Note that the order of array elements IS important since it defines when a search/replace action gets executed) $sqlSearchReplacePatterns = array(" != " => " is not equal to ", " = " => " is equal to ", " > " => " is greater than ", " >= " => " is equal to or greater than ", " < " => " is less than ", " <= " => " is equal to or less than ", "NOT RLIKE \"\\^([^\"]+?)\\$\"" => "is not equal to '\\1'", "NOT RLIKE \"\\^" => "does not start with '", "NOT RLIKE \"([^\"]+?)\\$\"" => "does not end with '\\1'", "NOT RLIKE" => "does not contain", "RLIKE \"\\^([^\"]+?)\\$\"" => "is equal to '\\1'", "RLIKE \"\\^" => "starts with '", "RLIKE \"([^\"]+?)\\$\"" => "ends with '\\1'", "RLIKE" => "contains", "AND" => "and"); // Perform search & replace actions on the SQL query: $translatedSQL = searchReplaceText($sqlSearchReplacePatterns, $translatedSQL, false); $translatedSQL = str_replace('"',"'",$translatedSQL); // replace any remaining " with ' return $translatedSQL; } // -------------------------------------------------------------------- // Extract the 'SELECT' clause from an SQL query: function extractSELECTclause($query) { $querySELECTclause = preg_replace("/^.*?SELECT (.+?) FROM .*?$/i", "\\1", $query); return $querySELECTclause; } // -------------------------------------------------------------------- // Extract the 'WHERE' clause from an SQL query: function extractWHEREclause($query) { // Note: we include the SQL commands SELECT/INSERT/UPDATE/DELETE/CREATE/ALTER/DROP/FILE in an attempt to sanitize a given WHERE clause from SQL injection attacks $queryWHEREclause = preg_replace("/^.*? WHERE (.+?)(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\b|$).*?$/i", "\\1", $query); return $queryWHEREclause; } // -------------------------------------------------------------------- // Extract the 'ORDER BY' clause from an SQL query: function extractORDERBYclause($query) { // Note: we include the SQL commands SELECT/INSERT/UPDATE/DELETE/CREATE/ALTER/DROP/FILE in an attempt to sanitize a given ORDER BY clause from SQL injection attacks $queryORDERBYclause = preg_replace("/^.*? ORDER BY (.+?)(?= LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\b|$).*?$/i", "\\1", $query); return $queryORDERBYclause; } // -------------------------------------------------------------------- // This function walks a '$searchArray' and appends its items to the WHERE clause: // (the array hierarchy will be maintained, i.e. if the '_query' item is itself // an array of query items these sub-items will get properly nested in parentheses) // Example '$searchArray': // Array // ( // [0] => Array // ( // [_boolean] => // [_query] => location RLIKE "user@refbase.net" // ) // [1] => Array // ( // [_boolean] => AND // [_query] => Array // ( // [0] => Array // ( // [_boolean] => OR // [_query] => author RLIKE "steffens" // ) // [1] => Array // ( // [_boolean] => OR // [_query] => title RLIKE "refbase" // ) // [2] => Array // ( // [_boolean] => OR // [_query] => keywords RLIKE "refbase" // ) // ) // ) // ) function appendToWhereClause($searchArray) { global $query; foreach ($searchArray as $searchArrayItem) { if (!preg_match("/\($/", $query)) // add whitespace & any given boolean search operator if this item isn't the first one within a sub-array of query items { $query .= " "; if (!empty($searchArrayItem["_boolean"])) $query .= $searchArrayItem["_boolean"] . " "; } if (is_array($searchArrayItem["_query"])) // recursively parse any sub-arrays of query items and nest them in parentheses { $query .= "("; // NOTE: the parentheses must be on their own code lines to allow for correct recursion $query .= appendToWhereClause($searchArrayItem["_query"]); $query .= ")"; } else { $query .= $searchArrayItem["_query"]; } } } // ------------------------------------------------------------------------------------------------------------------- // Generate an URL pointing to a RSS feed or any of the supported export/citation formats for the given query: // '$urlType' must be one of these: - RSS XML // - export formats: ADS, BibTeX, Endnote, ISI, RIS, Atom XML, MODS XML, OAI_DC XML, ODF XML, SRW_DC XML, SRW_MODS XML, Word XML // - citation formats: RTF, PDF, LaTeX, Markdown, ASCII, LaTeX .bbl // - default format: html (session variable 'userDefaultView' specifies the default display type) function generateURL($baseURL, $urlType, $queryParametersArray, $encodeAmpersands = false, $showRows = 0, $rowOffset = 0, $citeStyle = "", $citeOrder = "") { global $defaultCiteStyle; // defined in 'ini.inc.php' // NOTE: This code block is a hack that fixes an inconsistency in the refbase API, where "RSS XML" is generated by 'rss.php' // while all other formats are available via 'show.php'. Eventually, "RSS XML" should be also made available as proper // export format so that it can be generated via 'show.php' URLs. if (($baseURL == "show.php") AND ($urlType == "RSS XML")) $baseURL = "rss.php"; if (empty($urlType)) $urlType = "html"; // NOTE: The record offset ('$rowOffset') as well as the number of records to be returned ('$showRows') will only work for "html" // output, any of the citation formats or the export formats "Atom XML", "SRW_DC XML" and "SRW_MODS XML" - the other export formats will // currently always export the entire result set. Also, 'rss.php' supports '$showRows', but not '$rowOffset', '$citeStyle' or '$citeOrder'. if (!empty($rowOffset)) { if (preg_match("#^((opensearch|sru|show|rss)\.php)$#i", $baseURL)) $queryParametersArray["startRecord"] = ($rowOffset + 1); else $queryParametersArray["rowOffset"] = $rowOffset; } if (!empty($showRows) AND ($showRows != $_SESSION['userRecordsPerPage'])) { if (preg_match("#^((opensearch|sru)\.php)$#i", $baseURL)) $queryParametersArray["maximumRecords"] = $showRows; else $queryParametersArray["showRows"] = $showRows; } // Add parameters required by 'search.php' or the 'show.php' API: if (preg_match("#^((search|show)\.php)$#i", $baseURL)) { // - all formats: if (!empty($citeOrder) AND ($citeOrder != "author")) // 'citeOrder=author' is the default sort order $queryParametersArray["citeOrder"] = $citeOrder; // - all formats that (may) contain formatted citations: if (preg_match("/^(html|Atom XML|OAI_DC XML|SRW_DC XML|RTF|PDF|LaTeX|Markdown|ASCII|LaTeX \.bbl)$/i", $urlType)) { if (!empty($citeStyle) AND ($citeStyle != $defaultCiteStyle)) $queryParametersArray["citeStyle"] = $citeStyle; } // - export formats: if (preg_match("/^(ADS|BibTeX|Endnote|RIS|ISI|Atom XML|MODS XML|OAI_DC XML|ODF XML|SRW_DC XML|SRW_MODS XML|Word XML)$/i", $urlType)) { if (!isset($queryParametersArray["exportType"])) { if (preg_match("/XML/i", $urlType)) $queryParametersArray["exportType"] = "xml"; else $queryParametersArray["exportType"] = "file"; } $queryParametersArray["submit"] = "Export"; $queryParametersArray["exportFormat"] = $urlType; } // - citation formats: elseif (preg_match("/^(RTF|PDF|LaTeX|Markdown|ASCII|LaTeX \.bbl)$/i", $urlType)) { $queryParametersArray["submit"] = "Cite"; $queryParametersArray["citeType"] = $urlType; } } // Add parameters required by 'opensearch.php': elseif ($baseURL == "opensearch.php") { $queryParametersArray["recordSchema"] = $urlType; } // Build query URL: $queryURL = ""; if ($encodeAmpersands) $ampersandChar = "&"; // we need to encode the ampersand character (that delimits 'param=value' pairs) if the generated URL is to be included in HTML or XML output else $ampersandChar = "&"; foreach ($queryParametersArray as $varname => $value) $queryURL .= $ampersandChar . $varname . "=" . rawurlencode($value); $queryURL = trimTextPattern($queryURL, $ampersandChar, true, false); // remove again ampersand character from beginning of query URL return $baseURL . "?" . $queryURL; } // -------------------------------------------------------------------- // Generate RSS XML data from a particular result set (upto the limit given in '$showRows'): // // TODO: include OpenSearch elements in RSS output // (see examples at ) function generateRSS($result, $showRows, $rssChannelDescription) { global $officialDatabaseName; // these variables are defined in 'ini.inc.php' global $databaseBaseURL; global $feedbackEmail; global $defaultCiteStyle; global $contentTypeCharset; global $logoImageURL; global $transtab_refbase_html; // defined in 'transtab_refbase_html.inc.php' // Note that we only convert those entities that are supported by XML (by use of the 'encodeHTMLspecialchars()' function). // All other higher ASCII chars are left unencoded and valid feed output is only possible if the '$contentTypeCharset' variable is set correctly in 'ini.inc.php'. // (The only exception is the item description which will contain HTML tags & entities that were defined by '$transtab_refbase_html' or by the 'reArrangeAuthorContents()' function) // Define inline text markup to be used by the 'citeRecord()' function: $markupPatternsArray = array("bold-prefix" => "", "bold-suffix" => "", "italic-prefix" => "", "italic-suffix" => "", "underline-prefix" => "", "underline-suffix" => "", "endash" => "–", "emdash" => "—", "ampersand" => "&", // ampersands in author contents get encoded in function 'reArrangeAuthorContents()' (since the last param in the 'citeRecord()' function call below is set to 'true') "double-quote" => """, "single-quote" => "'", "less-than" => "<", "greater-than" => ">", "newline" => "\n
\n" ); $currentDateTimeStamp = generateRFC2822TimeStamp(); // get the current date & time (in UNIX/RFC-2822 time stamp format => "date('r')" or "date('D, j M Y H:i:s O')") // write RSS header: $rssData = "" . "\n"; // write channel info: $rssData .= "\n\t" . "\n\t\t" . "\n\t\t" . $databaseBaseURL . "" . "\n\t\t" . encodeHTMLspecialchars($rssChannelDescription) . "" . "\n\t\ten" . "\n\t\t" . $currentDateTimeStamp . "" . "\n\t\t" . $currentDateTimeStamp . "" . "\n\t\t" . $feedbackEmail . ""; // write image data: $rssData .= "\n\n\t\t" . "\n\t\t\t" . $databaseBaseURL . $logoImageURL . "" . "\n\t\t\t" . "\n\t\t\t" . $databaseBaseURL . "" . "\n\t\t"; // fetch results: upto the limit specified in '$showRows', fetch a row into the '$row' array and write out a RSS item: for ($rowCounter=0; (($rowCounter < $showRows) && ($row = @ mysqli_fetch_array($result))); $rowCounter++) { $origTitle = $row['title']; // save the original title contents before applying any search & replace actions // Perform search & replace actions on the text of the 'title' field: // (the array '$transtab_refbase_html' in 'transtab_refbase_html.inc.php' defines which search & replace actions will be employed) $row['title'] = searchReplaceText($transtab_refbase_html, $row['title'], true); // this will provide for correct rendering of italic, super/sub-script and greek letters in item descriptions (which are enclosed by '' to ensure well-formed XML); // item titles are still served in raw format, though, since the use of HTML in item titles breaks many news readers $citeStyleFile = getStyleFile($defaultCiteStyle); // fetch the name of the citation style file that's associated with the style given in '$defaultCiteStyle' (which, in turn, is defined in 'ini.inc.php') // include the found citation style file *once*: include_once "cite/" . $citeStyleFile; // instead of 'include_once' we could also use: 'if ($rowCounter == 0) { include "cite/" . $citeStyleFile; }' // Generate a proper citation for this record, ordering attributes according to the chosen output style & record type: $record = citeRecord($row, $defaultCiteStyle, "", $markupPatternsArray, true); // function 'citeRecord()' is defined in the citation style file given in '$citeStyleFile' (which, in turn, must reside in the 'styles' directory of the refbase root directory) // To avoid advertising email adresses in public RSS output, we remove the email address from contents of the 'modified_by' field which // get displayed in item descriptions. However, note that email adresses are NOT stripped from contents of the 'created_by' field // since a valid RSS feed must include an email address in the '' element. // The following pattern does not attempt to do fancy parsing of email addresses but simply assumes the string format // of the 'modified_by' field (table 'refs'). If you change the string format, you must modify this pattern as well! $editorName = preg_replace("/(.+?) \([^)]+\)/", "\\1", $row['modified_by']); // append a RSS item for the current record: $rssData .= "\n\n\t\t" . "\n\t\t\t" // we avoid embedding HTML in the item title and use the raw title instead . "\n\t\t\t" . $databaseBaseURL . "show.php?record=" . $row['serial'] . "" . "\n\t\t\t
Edited by " . encodeHTMLspecialchars($editorName) . " on " . generateRFC2822TimeStamp($row['modified_date'], $row['modified_time']) . ".]]>" . "\n\t\t\t" . $databaseBaseURL . "show.php?record=" . $row['serial'] . "" . "\n\t\t\t" . generateRFC2822TimeStamp($row['created_date'], $row['created_time']) . "" . "\n\t\t\t" . generateRFC2822EmailAddress($row['created_by']) . "" . "\n\t\t"; } // finish RSS data: $rssData .= "\n\n\t" . "\n\n"; return $rssData; } // -------------------------------------------------------------------- // Create new table with parsed table data // This function will create a new table with separate rows for all sub-items // (which are delimited by '$delim') from the given '$field' (from table 'refs' // or 'user_data'). This is done to support the Browse view feature for fields // that contain a string of multiple values separated by a delimiter. // (for each of the multi-item fields this function is executed only once by // 'update.php', thereafter 'modify.php' will keep these 'ref_...' tables in // sync with the main tables) // Note: The split pattern must be specified as perl-style regular expression // (including the leading & trailing slashes) and may include mode // modifiers (such as '/.../i' to perform a case insensitive match) function createNewTableWithParsedTableData($fieldName, $delim) { global $loginUserID; // saved as session variable on login global $tableRefs, $tableUserData; // defined in 'db.inc.php' if (preg_match("/^(user_keys|user_notes|user_file|user_groups)$/", $fieldName)) // for all user-specific fields that can contain multiple items (we ignore the 'related' field here since it won't get used for Browse view) { $query = "SELECT $fieldName, record_id, user_id FROM $tableUserData"; // WHERE user_id = " . $loginUserID $userIDTableSpec = "ref_user_id MEDIUMINT UNSIGNED NOT NULL, "; } else { $query = "SELECT $fieldName, serial FROM $tableRefs"; $userIDTableSpec = ""; } $result = queryMySQLDatabase($query); $fieldValuesArray = array(); // initialize array variable which will hold the splitted sub-items // split field values on the given delimiter: for ($i=0; $row = @ mysqli_fetch_array($result); $i++) { $fieldSubValuesArray = preg_split($delim, $row[$fieldName]); // split field contents on '$delim' (which is interpreted as perl-style regular expression!) foreach ($fieldSubValuesArray as $fieldSubValue) { // // NOTE: we include empty values so that any Browse view query will also display the number of records where the given field is empty // if (!empty($fieldSubValue)) // { $fieldSubValue = trim($fieldSubValue); if ($fieldName == "author") $fieldSubValue = trimTextPattern($fieldSubValue, " *\(eds?\)", false, true); // remove any existing editor info from the 'author' string, i.e., kill any trailing " (ed)" or " (eds)" // copy the individual item (as string, ready for database insertion) to the array: if (preg_match("/^(user_keys|user_notes|user_file|user_groups)$/", $fieldName)) $fieldValuesArray[] = "(NULL, \"". addslashes($fieldSubValue) . "\", $row[record_id], $row[user_id])"; else $fieldValuesArray[] = "(NULL, \"". addslashes($fieldSubValue) . "\", $row[serial])"; // } } } // build correct 'ref_...' table and field names: list($tableName, $fieldName) = buildRefTableAndFieldNames($fieldName); // NOTE: the below query will only work if the current MySQL user is allowed to CREATE tables ('Create_priv = Y') // therefore, the CREATE statements should be moved to 'update.sql'! $queryArray[] = "CREATE TABLE " . $tableName . " (" . $fieldName . "_id MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, " . $fieldName . " VARCHAR(255), " . "ref_id MEDIUMINT UNSIGNED NOT NULL, " . $userIDTableSpec . "INDEX (" . $fieldName . "_id, " . $fieldName . ", ref_id))"; // TODO: Sanitize with quote_smart foreach ($fieldValuesArray as $fieldValue) $queryArray[] = "INSERT INTO " . $tableName . " VALUES " . $fieldValue; // inserting all values at once may cause 'URL too long' server errors: // $fieldValuesString = implode(", ", $fieldValuesArray); // merge array // $queryArray[] = "INSERT INTO " . $tableName . " VALUES " . $fieldValuesString; // RUN the queries on the database through the connection: foreach($queryArray as $query) $result = queryMySQLDatabase($query); return $tableName; } // -------------------------------------------------------------------- // Build correct 'ref_...' table and field names: function buildRefTableAndFieldNames($fieldName) { if ($fieldName == "address") { $tableName = "ref_addresses"; $fieldName = "ref_address"; } elseif (!preg_match("/s$/i", $fieldName)) // field name does NOT end with an 's' (such as in 'author') { $tableName = "ref_" . $fieldName . "s"; // e.g. 'ref_authors' $fieldName = "ref_" . $fieldName; // e.g. 'ref_author' } else // field name ends with an 's' (such as in 'keywords') { $tableName = "ref_" . $fieldName; // e.g. 'ref_keywords' $fieldName = "ref_" . preg_replace("/^(\w+)s$/i", "\\1", $fieldName); // strip 's' from end of field name -> produces e.g. 'ref_keyword' } return array($tableName, $fieldName); } // -------------------------------------------------------------------- ?>