Refbase
/
Refbase2X
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
1.9 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Refbase2X/sql_search.php

228 lines
9.1 KiB
Raw Permalink Normal View History

Refbase update_2021-01-28_15_58
4 years ago
Drush_Update_2021-01-28_17_01
4 years ago
Refbase update_2021-01-28_15_58
4 years ago
 
  1. <?php
  2.         // turn  on warnings and notice during  developement

  3.         include('initialize/PhpErrorSettings.inc.php'); 
  4. 	// Project:    Web Reference Database (refbase) <http://www.refbase.net>

  5. 	// Copyright:  Matthias Steffens <mailto:refbase@extracts.de> and the file's

  6. 	//             original author(s).

  7. 	//

  8. 	//             This code is distributed in the hope that it will be useful,

  9. 	//             but WITHOUT ANY WARRANTY. Please see the GNU General Public

  10. 	//             License for more details.

  11. 	//

  12. 	// File:       ./sql_search.php

  13. 	// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/sql_search.php $

  14. 	// Author(s):  Matthias Steffens <mailto:refbase@extracts.de>

  15. 	//

  16. 	// Created:    29-Jul-02, 16:39

  17. 	// Modified:   $Date: 2012-03-05 10:19:03 +0000 (Mon, 05 Mar 2012) $

  18. 	//             $Author: msteffens $

  19. 	//             $Revision: 1363 $

  20. 

  21. 	// Search form that offers to specify a custom sql query.

  22. 	// It offers some output options (like how many records to display per page)

  23. 	// and provides some examples and links for further information on sql queries.

  24. 

  25. 

  26. 	// Incorporate some include files:

  27. 	include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password

  28. 	include 'includes/header.inc.php'; // include header

  29. 	include 'includes/footer.inc.php'; // include footer

  30. 	include 'includes/include.inc.php'; // include common functions

  31. 	include 'initialize/ini.inc.php'; // include common variables

  32. 

  33. 	// --------------------------------------------------------------------

  34. 

  35. 	// START A SESSION:

  36. 	// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:

  37. 	start_session(true);
  38. 

  39. 	// --------------------------------------------------------------------

  40. 

  41. 	// Initialize preferred display language:

  42. 	// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)

  43. 	include 'includes/locales.inc.php'; // include the locales

  44. 

  45. 	// --------------------------------------------------------------------

  46. 

  47. 	// If there's no stored message available:

  48. 	if (!isset($_SESSION['HeaderString']))
  49. 		$HeaderString = $loc["SearchSQL"].":"; // Provide the default message

  50. 	else
  51. 	{
  52. 		$HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!)

  53. 

  54. 		// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':

  55. 		deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'

  56. 	}
  57. 

  58. 	// Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):

  59. 	// ('' will produce the default 'Web' output style)

  60. 	if (isset($_REQUEST['viewType']))
  61. 		$viewType = $_REQUEST['viewType'];
  62. 	else
  63. 		$viewType = "";
  64. 

  65. 	// Check if the script was called with parameters (like: 'sql_search.php?customQuery=1&sqlQuery=...&showQuery=...&showLinks=...')

  66. 	// If so, the parameter 'customQuery=1' will be set:

  67. 	if (isset($_REQUEST['customQuery']))
  68. 		$customQuery = $_REQUEST['customQuery']; // accept any previous SQL queries

  69. 	else
  70. 		$customQuery = "0";
  71. 

  72. 	if ($customQuery == "1") // the script was called with parameters

  73. 	{
  74. 		$sqlQuery = $_REQUEST['sqlQuery']; // accept any previous SQL queries

  75. 		$sqlQuery = stripSlashesIfMagicQuotes($sqlQuery); // function 'stripSlashesIfMagicQuotes()' is defined in 'include.inc.php'

  76. 

  77. 		$showQuery = $_REQUEST['showQuery']; // extract the $showQuery parameter

  78. 		if ("$showQuery" == "1")
  79. 			$checkQuery = " checked";
  80. 		else
  81. 			$checkQuery = "";
  82. 

  83. 		$showLinks = $_REQUEST['showLinks']; // extract the $showLinks parameter

  84. 		if ("$showLinks" == "1")
  85. 			$checkLinks = " checked";
  86. 		else
  87. 			$checkLinks = "";
  88. 

  89. 		$showRows = $_REQUEST['showRows']; // extract the $showRows parameter

  90. 

  91. 		$displayType = $_REQUEST['submit']; // extract the type of display requested by the user (either 'Display', 'Cite', 'List' or '')

  92. 		$citeStyle = $_REQUEST['citeStyle']; // get the cite style chosen by the user (only occurs in 'extract.php' form and in query result lists)

  93. 		$citeOrder = $_REQUEST['citeOrder']; // get the citation sort order chosen by the user (only occurs in 'extract.php' form and in query result lists)

  94. 	}
  95. 	else // if there was no previous SQL query provide the default one:

  96. 	{
  97. 		// default SQL query:

  98. 		// TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'

  99. 		$sqlQuery = buildSELECTclause("", "", "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'

  100. 

  101. 		if (isset($_SESSION['loginEmail']))
  102. 			$sqlQuery .= " FROM $tableRefs WHERE location RLIKE \"" . $loginEmail . "\" ORDER BY year DESC, author"; // '$loginEmail' is defined in function 'start_session()' (in 'include.inc.php')

  103. 		else
  104. 			$sqlQuery .= " FROM $tableRefs WHERE year &gt; 2001 ORDER BY year DESC, author";
  105. 

  106. 		$checkQuery = "";
  107. 		$checkLinks = " checked";
  108. 

  109. 		// Get the default number of records per page preferred by the current user:

  110. 		$showRows = $_SESSION['userRecordsPerPage'];
  111. 

  112. 		$displayType = ""; // ('' will produce the default view)

  113. 		$citeStyle = "";
  114. 		$citeOrder = "";
  115. 	}
  116. 

  117. 	// Show the login status:

  118. 	showLogin(); // (function 'showLogin()' is defined in 'include.inc.php')

  119. 

  120. 	// (2a) Display header:

  121. 	// call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):

  122. 	displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["SQLSearch"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
  123. 	showPageHeader($HeaderString);
  124. 

  125. 	// (2b) Start <form> and <table> holding the form elements:

  126. ?>

  127. 

  128. <form action="search.php" method="GET">
  129. <input type="hidden" name="formType" value="sqlSearch">
  130. <input type="hidden" name="submit" value="<?php echo $displayType; ?>">
  131. <input type="hidden" name="citeStyle" value="<?php echo rawurlencode($citeStyle); ?>">
  132. <input type="hidden" name="citeOrder" value="<?php echo $citeOrder; ?>">
  133. <table align="center" border="0" cellpadding="0" cellspacing="10" width="95%" summary="This table holds the search form">
  134. <tr>
  135. 	<td width="58" valign="top"><b><?php echo $loc["SQLQuery"]; ?>:</b></td>

  136. 	<td width="10">&nbsp;</td>
  137. 	<td colspan="2">
  138. 		<textarea name="sqlQuery" rows="6" cols="60"><?php echo $sqlQuery; ?></textarea>

  139. 	</td>
  140. </tr>
  141. <tr>
  142. 	<td valign="top"><b><?php echo $loc["DisplayOptions"]; ?>:</b></td>

  143. 	<td>&nbsp;</td>
  144. 	<td width="205" valign="top">
  145. 		<input type="checkbox" name="showLinks" value="1"<?php echo $checkLinks; ?>>&nbsp;&nbsp;&nbsp;<?php echo $loc["ShowLinks"]; ?>

  146. 

  147. 	</td>
  148. 	<td valign="top">
  149. 		<?php echo $loc["ShowRecordsPerPage_Prefix"]; ?>&nbsp;&nbsp;&nbsp;<input type="text" name="showRows" value="<?php echo $showRows; ?>" size="4" title="<?php echo $loc["DescriptionShowRecordsPerPage"]; ?>">&nbsp;&nbsp;&nbsp;<?php echo $loc["ShowRecordsPerPage_Suffix"]; ?>

  150. 

  151. 	</td>
  152. </tr>
  153. <tr>
  154. 	<td>&nbsp;</td>
  155. 	<td>&nbsp;</td>
  156. 	<td valign="top">
  157. 		<input type="checkbox" name="showQuery" value="1"<?php echo $checkQuery; ?>>&nbsp;&nbsp;&nbsp;<?php echo $loc["DisplaySQLquery"]; ?>

  158. 

  159. 	</td>
  160. 	<td valign="top">
  161. 		<?php echo $loc["ViewType"]; ?>:&nbsp;&nbsp;

  162. 		<select name="viewType">
  163. 			<option value="Web"><?php echo $loc["web"]; ?></option>

  164. 			<option value="Print"><?php echo $loc["print"]; ?></option>

  165. 			<option value="Mobile"><?php echo $loc["mobile"]; ?></option>

  166. 		</select>
  167. 	</td>
  168. </tr>
  169. <tr>
  170. 	<td>&nbsp;</td>
  171. 	<td>&nbsp;</td><?php
  172. 

  173. 	if (isset($_SESSION['user_permissions']) AND preg_match("/allow_sql_search/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_sql_search'...

  174. 	// adjust the title string for the search button

  175. 	{
  176. 		$sqlSearchButtonLock = "";
  177. 		$sqlSearchTitle = $loc["SearchVerbatim"];
  178. 	}
  179. 	else // Note, that disabling the submit button is just a cosmetic thing -- the user can still submit the form by pressing enter or by building the correct URL from scratch!

  180. 	{
  181. 		$sqlSearchButtonLock = " disabled";
  182. 		$sqlSearchTitle = $loc["NoPermission"] . $loc["NoPermission_ForSQL"];
  183. 	}
  184. ?>

  185. 

  186. 	<td colspan="2">
  187. 		<br>
  188. 		<input type="submit" value="<?php echo $loc["Search"]; ?>" title="<?php echo $sqlSearchTitle; ?>"<?php echo $sqlSearchButtonLock; ?>>

  189. 	</td>
  190. </tr>
  191. <tr>
  192. 	<td align="center" colspan="4">&nbsp;</td>
  193. </tr>
  194. <tr>
  195. 	<td valign="top"><b><?php echo $loc["Examples"]; ?>:</b></td>

  196. 	<td>&nbsp;</td>
  197. 	<td colspan="2">
  198. 		<code>SELECT author, title, year, publication FROM <?php echo $tableRefs; ?> WHERE publication = "Polar Biology" AND author RLIKE "Legendre|Ambrose" ORDER BY year DESC, author</code>

  199. 	</td>
  200. </tr>
  201. <tr>
  202. 	<td valign="top">&nbsp;</td>
  203. 	<td>&nbsp;</td>
  204. 	<td colspan="2">
  205. 		<code>SELECT serial, author, title, year, publication, volume FROM <?php echo $tableRefs; ?> ORDER BY serial DESC LIMIT 10</code>

  206. 	</td>
  207. </tr>
  208. <tr>
  209. 	<td valign="top"><b><?php echo $loc["Help"]; ?>:</b></td>

  210. 	<td>&nbsp;</td>
  211. 	<td colspan="2">
  212. 		<?php echo $loc["MySQL-Info"]; ?>

  213. 

  214. 	</td>
  215. </tr>
  216. </table>
  217. </form><?php
  218. 

  219. 	// --------------------------------------------------------------------

  220. 

  221. 	// DISPLAY THE HTML FOOTER:

  222. 	// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')

  223. 	showPageFooter($HeaderString);
  224. 

  225. 	displayHTMLfoot();
  226. 

  227. 	// --------------------------------------------------------------------

  228. ?>